Tag Archives: Privacy

Google Admits To Have Collected Full Usernames and Passwords with Street View Cars

Being one of the largest tech companies is a hard job and you inherently gather some animosity from around the world. Make one mistake and you will have a thousand fingers pointing at you. Google knows this fact the best.

Up until now,  Google has admitted only to have collected chunks of data, which might contain passwords or usernames but has termed this as an unintentional process. However, the French National Commission on Computing and Liberty (CNIL)  has insisted that Google has done more than that.

Today, Google has admitted for the first time that its Street View cars actually collected usernames and passwords. This will fuel the investigations in France and Germany that might have gone stagnant over time. This disclosure was made after Canada’s blamed Google of stealing full usernames and password data. This was followed by an investigation by thirty state attorneys who are investigating the matter further. In short, Google is fighting a one-man battle against the world.

Google Vice President of Engineering and Research Alan Eustace expressed his concern in a blog post saying,

It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.

I find Google Street View to be an awesome feature and have used it on more than once instance to check out cool avenues and streets.  The complete data is estimated at over 600 GB and Google is assuring users that it will delete the private data soon but that can be possible only after the all the investigations are complete.

(Source)

Farmville privacy leak leads to Zynga fighting a lawsuit

Well, everyone demands a catchy headline so don’t complain!

Lots of people play Farmville, constantly bombarding their friends and enemies with a trail of Farmville and Mafia Wars updates such as I just found a pink cow that can ride tricycles!and My pal here is gonna kill your pal there”, problem?. Apparently, they all value their privacy a lot. Turns out that the top ten Facebook apps, six of them from Zynga, transmit referral URLs to third parties. These referral URLs are tiny parts of the URLs that tell the landing page where the link was clicked. Rapleaf (ironically, since it is also involved as one of the third parties) has a pretty good and detailed blog post about this here.

tom-jefferson-farmville

So, some Facebook user caught wind of this and slapped a class action lawsuit on Zynga:-

This appears to be another example of an online company failing the American public with empty promises to respect individual privacy rights. Companies large and small need to learn to follow through on their privacy promises or risk having consumers decide that it is simply not worth it to use their services,” added Kassra Nassiri of Nassiri & Jung LLP, co-lead attorney for the lawsuit.

So, who did not see this one coming?

(Hilariously apt image credit: Joystiq)

Facebook Beefs Up Security: Adds Remote Logout and One-time Password

Facebook has almost made a habit of getting into controversies surrounding its privacy and security policies. The stinging criticism from a wide section of the press, following the launch of Open Graph at f8, has clearly had an effect on Facebook. The beleaguered social networking giant has been busy cleaning up its act over the past few months.

Now, Facebook has added a couple of more features to enhance security. The first of them is Remote Logout, which Facebook has been testing for some time. As suggested by its name, this feature allows you to remotely log out of Facebook in other systems that you might have used in the past. It can be a lifesaver in case you forget to log out while surfing on a public terminal, and has long been a feature of Gmail. You can access this from Account –>Account Settings–>Settings–>Account Security.

Facebook-Remote-Logout

The other new feature is One-time Password. If you have registered your mobile phone with Facebook, you can text otpto 32665 (FBOOK) to receive a temporary password that can be used to log into Facebook. This password can only be used once and stays valid for twenty minutes. This feature is once again intended for use on unsecured public terminals, which might house keyloggers and malwares.

Both of these features are welcome additions. Unfortunately, like many other Facebook initiatives, their availability isn’t immediately noticeable to users. For example, in Facebook, the remote logout option is buried deep within the settings panel, whereas Gmail presents it in the footer of every page.

Don’t forget to do your bit. Spread the word by sharing this article with your friends.

More Privacy Problems For Facebook Crop Up

Two things that go hand in hand in the social media is and Privacy. The social networking giant has had a lot of privacy problems, and they continue to have the same problems almost everyday.

Facebook Privacy Dogs

A new report by WSJ says that several Facebook applications transmit personal IDs outside Facebook, thus giving access to your name and in some cases your friends names to advertising and internet tracking companies.

However, Facebook has undermined the usefulness of the Facebook UIDs in a new blog post:

Press reports have exaggerated the implications of sharing a UID. Knowledge of a UID does not enable anyone to access private user information without explicit user consent. Nevertheless, we are committed to ensuring that even the inadvertent passing of UIDs is prevented and all applications are in compliance with our policy.

However, another report on a WSJ blog says that a lawsuit has been filed in a California court for breaching a contract with users when it sent data to advertisers which could be used to identify users without their knowledge.

Earlier this month, the Facebook app for also had a privacy problem where your friends contact numbers were leaked due to a bug in the software. So, how safe is your Facebook data? Well, Facebook data is only as safe as your privacy settings are and those are a bit complicated for a layman to take advantage of. However, there are tools like Reclaim Privacy which allows you to assess your privacy settings and make changes if required.

Facebook is facing The Privacy Heat Again, This Time for Its iPhone App

Facebook just does not stop upsetting people with privacy issues. An abrupt change in TOS is something people have just come to expect from Facebook by now. However, what has happened this time, goes a step further. Facebook is making phone numbers of personal contacts public on the Facebook iPhone app. This is caused by a technical glitch in the Facebook’s Contact Sync. Whether this is a problem or is a feature is in doubt. However, one thing is for sure. People would not want this to happen.

facebook-iphone-app

The mechanism of this problematic situation is even more amusing. According to Charles Arthur at  the Guardian,

Facebook’s Contact Sync feature links your friends’ Facebook profile pictures to the contact telephone number in your iPhone address book. The app then pushes these private phone numbers onto Facebook’s servers, and publishes them to Facebook’s Phonebook app. The Facebook app also appears to share numbers for contacts that you don’t have, but your Facebook friends do.

Apparently, the bug, which also poses as a feature for advertisers and others, was first sighted earlier this year and has been ignored by Facebook all this long. The Facebook Phonebook is one of my favorite features in the Facebook app. However, I use an Android and am free from this trouble. Nevertheless, I wonder what unexplored features the Android Facebook app has that can create an equal magnitude of dismay.

(Source)
(Image source)

Facebook Alternative for Kids – Try Togetherville

togetherville-logo Most of you know that kids under 13 are not supposed to use Facebook. However, you also probably know that there are lots of kids cheating on that limit. Some of them are doing so with their parents’ knowledge. I don’t think it’s a good idea. I could argue that it’s not safe for adults on Facebook, because of all of the privacy problems that they’ve had in the past.

Now there is a new service called Togetherville. They promise to make it safe for kids to share online. Here’s a short video about the service.

Click here if you can’t see the video.

So why is it safer? I’m not sure that it’s completely safe, but the first layer of defense is that the kids can’t sign up themselves. In order to create an account, an adult must sign in using a Facebook account, then set up the accounts for the kids they are responsible for. There’s nothing to prevent kids already in Facebook from creating adult accounts at Togetherville, but this first requirement will help prevent it.

Togetherville also tightly controls the video and game content on their service so that the kiddies won’t see frightening and weird stuff. If they make sharing and gaming attractive enough to the kids, this new service may be a big help for parents.

This new service may not be perfect, but it’s a lot better than letting your 11 year old use Facebook.


Facebook Unveils Simplified Permissions for Apps

has been trying to pacify users over privacy issues that have cropped out on the most popular social networking site in the world.

Late last month, Facebook had unveiled simplified privacy controls for users, and today they have rolled out new simplified permissions for third-party applications that need to access your data on Facebook.

facebook_simplified_app_permission

As you can see from the above image, third-party apps will now clearly mention what type of information they will access and ask you to grant permission to them. According to Facebook, the application will only be able to access the public parts of your profile by default. To access the private sections of your profile, the application has to explicitly ask for your permission.

This makes it really transparent and easy to understand as to what information is being shared with third-party apps. If you do not want information to be shared with apps or with search engines, you can change your privacy settings here. More info on this at the official Facebook blog.

Is it the Information Highway to Hell?

agent-ico As many of you know, the Internet is sometimes called the Information Superhighway. What most of you have not heard, is that the destination of this superhighway may not be what you had hoped. Where is it leading us?

What do you consider as threats to our privacy today?

• Cookie tracking
• Shopping data
• Search data
• Personal info from registrations
• Business info from credit agencies
• Medical data
• Government data
• Comments, Forums, Social sites
• GPS location tracking
• Cameras in Streets and Stoplights
• Cameras in Stores
• Cameras in Public Areas
• Nanny Cameras
• Home Security Cameras
• Satellite tracking cameras
• and more …

redlight-camera satellite

Doesn’t it make sense that someday, these will all be linked into the net and someone or something will be tracking your every movement? Who’s going to be watching? Governments are the obvious answer. For an example of this idea, watch “Enemy of the State“.

Another group to consider is the hacker community. They’ve discovered the profit in stealing your personal data.

If the governments and the hackers aren’t enough for you, let’s add more for you to worry about.

Your personal information is already a valuable commodity to businesses wanting to sell you products. What’s going to happen as those companies get access to ever more increasing amounts of data about you, where you are and what you are doing? Stephen Saunders at InformationWeek thinks the Internet will become:

… a sophisticated targeting system for companies to sell “stuff” to consumers, for governments to keep track of citizens, and for law enforcement to track illicit activity. In commercial terms, it will be an Internet where the user becomes the used.

I think Stephen may not be paranoid enough. After all, many are predicting the introduction of true machine intelligence by 2025. What could super-intelligent computers could do with all that information about us? I’m not afraid that Skynet will nuke us, but how long can we retain any illusion of freedom when our machines know everything about us and they’re smarter than we are? Watch the movie Eagle Eyefor a hint.

Bill Joy, co-founder of Sun Microsystems, expressed the same concerns ten years ago, in his post “Why the Future Doesn’t Need Us“. I remember his question:

Can we doubt that knowledge has become a weapon we wield against ourselves?

Now you might understand why I’m a little paranoid about the future. I think we’ll have a choice to become “one with the machine”, like the Borg, or become useless slaves to our technology. The governments, corporations and hackers will be the least of our worries. Welcome to the machine.


Why Do Most Android Apps Have Intrusive Data Access Requirements?

It has been just around a month since I bought an HTC Legend as my first Android phone and I must say that I was pretty satisfied with it. Though a few days ago, it went into occasional lags and often,  there was a freeze times of around two seconds in bringing up the menu. I had installed so many apps (63 of them) that I preferred doing a factory reset over a app quality check.

After that was done and when I started installing back apps, I was taken aback by how much of data demands Android apps have. Being a newbie, I did not give much notice to this fact earlier. What was even more surprising,was that these apps were available for download right from the Market!

Let us take a small example. I search the Android market for an app on “Guitar Chords” and this is a list I come up with.

android-market-search

Now, we can see the app named g-tar [free guitar, hooray]. This is a guitar chord app and it requires access to my phone calls to read the phone state. I probed further into what kind of an access that was? As a result,  I saw that it just makes sure I am not on a call when it plays a tune.

guitar-android-app

Not much to worry about. Is it? My point here is that the behavior of these apps can put our personal data at risk. The open nature of the Android Market can be abused to turn Android Phones into remotely controlled bots.

Here is a quick check list to keep us safe from such situations.

  • Check for comments on the app before installing it. If comments say something is wrong with the app, something definitely is. Also, if the first few comments are all positive, look up more comments to double check. Try and identify good commentators.
  • Check the system requirements and usage guide. How well the usage guide is written goes a long way into telling how responsible the developer is for his creation.
  • Check if the name of that app turns up on “Best Android App” and “Top Android App” lists. If yes, skip the next few steps and use it. If not, do not panic. Go through the next steps.
  • Check for any known issues in the description. Check for conflicts with the system or with other apps. (This can be another annoyance.)
  • Check the data access it requires. It there is anything out of the way, use your Google Fu to do a background check.

That is the best we can do to keep our Android phones clean until Google comes up with some method of keeping the Android market clean.

Facebook’s New Simplified Privacy Settings in a Nutshell

Over the past few weeks Facebook has been under fire from all corners for its sloppy privacy policies. Of course, this isn’t something new to Facebook. In the past Facebook has been slammed by privacy advocates for various missteps like the Beacon. The latest outburst was prompted by the introduction of Facebook Open Graph.

During a press event held at its headquarters, Facebook CEO Mark Zuckerberg unveiled the new simplified privacy controls for Facebook. One of the troubles with Facebook has been that its granular privacy controls are too complicated for most users. Facebook is hoping that the new privacy controls will alleviate this issue.

Facebook-Privacy-Simplified-Controls

The announced privacy settings overhaul is quite significant. To begin with, you will now have access to a single control to change settings for all content and its visibility on the site. According to Zuckerberg, there will be less publicly available information and more privacy control for connections. You can once again keep your friend list as well as subscriptions private.

Facebook-Privacy-Basic-Directory

Moreover, Facebook will now differentiate between “basic directory information” and other information included in your profile. The basic directory information will be public by default, so that other people can find you.

Facebook-Privacy-Platform-Instant-Personalization

Facebook is also making it easy to opt out of instant personalization. It will offer a single checkbox to prevent external sites from harvesting your private information. You can even opt out of the entire Facebook platform (applications and extensions).

While these new privacy controls will perhaps help in quelling the growing sentiment of discontent towards Facebook, the main cause for controversy still remains unaddressed. Instant Personalization is still enabled by default. In fact, almost all Facebook privacy controversies have been triggered due to its insistence on making new features opt-out rather than opt-in by default.

Unfortunately, this won’t be changing anytime soon. Zuckerberg indicated that he believes that Facebook’s privacy model is complete and ruled out any further substantial changes in the near future. The simplified privacy controls will be rolled out at facebook.com/privacy over the new few days.

Screenshots via TechCrunch and video via Robert Scoble