Categories
Crypto Privacy Security

HTTPS for all: Let’s Encrypt reaches one billion certificates issued

Let’s Encrypt, the Internet Security Research Group‘s free certificate signing authority, issued its first certificate a little over four years ago. Today, it issued its billionth.

The ISRG’s goal for Let’s Encrypt is to bring the Web up to a 100% encryption rate. When Let’s Encrypt launched in 2015, the idea was pretty outré—at that time, a bit more than a third of all Web traffic was encrypted, with the rest being plain text HTTP. There were significant barriers to HTTPS adoption—for one thing, it cost money. But more importantly, it cost a significant amount of time and human effort, both of which are in limited supply.

Let’s Encrypt solved the money barrier by offering its services free of charge. More importantly, by establishing a stable protocol to access them, it enabled the Electronic Frontier Foundation to build and provide Certbot, an open source, free-to-use tool that automates the process of obtaining certificates, installing them, configuring webservers to use them, and automatically renewing them.

Full Article: https://arstechnica.com/gadgets/2020/02/lets-encrypt-issued-its-billionth-certificate-today/

Categories
Privacy Security

Facebook sues SDK maker for secretly harvesting user data

Data analytics firm OneAudience allegedly paid app developers to include its SDK in their code so it could harvest data from Facebook users.

Facebook filed today a federal lawsuit in a California court against OneAudience, a New Jersey-based data analytics firm.

The social networking giant claims that OneAudience paid app developers to install its Software Development Kit (SDK) in their apps, and later used the control it had over the SDK’s code to harvest data on Facebook users.

According to court documents obtained by ZDNet, the SDK was embedded in shopping, gaming, and utility-type apps, some of which were made available through the official Google Play Store.

“After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts,” the complaint reads.

Full article here: https://www.zdnet.com/article/facebook-sues-sdk-maker-for-secretly-harvesting-user-data/

Categories
Messenging Privacy Security

Reddit CEO: TikTok is ‘fundamentally parasitic’

TikTok is one of the hottest social media platforms but the CEO of Reddit had some harsh words for the popular app, calling it “fundamentally parasitic” at an event Wednesday.

The comments from Reddit CEO and co-founder Steve Huffman were some of the more controversial offered up during a panel discussion with former public policy exec Elliot Schrage and former Facebook VP of Product Sam Lessin. During a brief conversation about the feature innovations of TikTok, Huffman pushed back hard on the notion that Silicon Valley startups had something to learn from the app.

“Maybe I’m going to regret this, but I can’t even get to that level of thinking with them,” Huffman said. “Because I look at that app as so fundamentally parasitic, that it’s always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone.”

Full article here: https://techcrunch.com/2020/02/26/reddit-ceo-tiktok-is-fundamentally-parasitic/

Categories
Privacy Security

Clearview AI Reports Breach of Customer List

Facial recognition company Clearview AI notified customers that an intruder had gained “unauthorized access” to its entire list of customers, The Daily Beast reports.

Clearview gained widespread attention in recent weeks after a wave of media coverage, starting with The New York Times in January. The company stands out from others due to its use of a database of over 3 billion photos the firm constructed by scraping images from Facebook, Twitter, Instagram, and other social networks and websites.

Clearview sells its product to law enforcement clients particularly in the U.S. The company’s app allows a customer to point their phone’s camera at a subject, or upload a photo into the system. Then, the system provides links to other photos and related social media profiles of the suspected person online.

Full article here: https://www.vice.com/en_us/article/bvgyqa/clearview-ai-customer-list-data-breach-hacked

Categories
Open Source Privacy Security

Firefox to enable DNS-over-HTTPS by default to US users

icon design for cyber security

Mozilla  will bring its new DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks, the browser maker has confirmed.

It follows a year-long effort to test the new security feature, which aims to make browsing the web more secure and private.

Whenever you visit a website — even if it’s HTTPS enabled — the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can’t be intercepted or hijacked in order to send a user to a malicious site.

Full Article at https://techcrunch.com/2020/02/25/firefox-dns-https-default-united-states/

Categories
Privacy Security

How schools are using kids’ phones to track and surveil them

Teachers often lament that phones can be a distraction in classrooms. Some governments have even banned phones outright in schools. But a few school administrations see phones in schools as a benefit because they can help keep track of students more efficiently.

At least 10 schools across the US have installed radio frequency scanners, which pick up on the Wi-Fi and Bluetooth signals from students’ phones and track them with accuracy down to about one meter (just over three feet), said Nadir Ali, CEO of indoor data tracking company Inpixon. 

Full article here: https://www.cnet.com/news/how-schools-are-using-kids-phones-to-track-and-surveil-them/

Categories
Messenging Privacy Security

Google search is showing invitations to private WhatsApp groups

Your private WhatsApp group might not be as private as you’d like. DW journalist Jordan Wildon has noticed that Google is indexing at least some WhatsApp group invitations in its search, making it possible to slip into groups that owners might not want to be public. While many of these are fairly innocuous, some include sensitive data. Motherboarddiscovered one group apparently aimed at UN-accredited non-governmental organizations where it was possible to see the list of all 48 participants, including their phone numbers.

Full article here: https://www.yahoo.com/now/2020-02-21-google-indexes-whatsapp-group-invitations.html

Categories
Cloud Compliance Privacy

UK Google users could lose EU GDPR data protections

Google is to move the data and user accounts of its British users from the EU to the US, placing them outside the strong privacy protections offered by European regulators.

The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions not covered by Europe’s world-leading General Data Protection Regulation (GDPR) and therefore with less protection and within easier reach of British law enforcement.

Full article here: https://www.theguardian.com/technology/2020/feb/20/uk-google-users-to-lose-eu-gdpr-data-protections-brexit

Categories
Messenging Privacy Security

Elon Musk trashes WhatsApp as coming with ‘a free phone hack’

Elon Musk has some thoughts about WhatsApp

Specifically, the Tesla CEO thinks the Facebook-owned messaging app is a hackable piece of garbage. He made that much clear in a Thursday morning tweet that both highlighted a new emoji and pointed out that the WhatsApp-specific version comes with a not-so-special bonus. 

“New emoji,” wrote Musk. “Last one comes with free phone hack.”

Full article at https://mashable.com/article/elon-musk-whatsapp-emoji-hack/?europe=true

Categories
Compliance Open Source Privacy

CERN: We’re ditching Facebook Workplace. Here’s why

European scientific research giant CERN, the European Organization for Nuclear Research, has killed its use of Facebook’s Workplace collaboration platform because it is dissatisfied with the company’s approach to fees and data control.

CERN announced the move this week, which ends a nearly four-year trial with Facebook Workplace and means CERN will remove its presence from the platform on January 31, 2020. 

Full article at https://www.zdnet.com/article/cern-were-ditching-facebook-workplace-its-not-just-about-new-fees/

Categories
Privacy Security

WhatsApp disclosed 12 security flaws last year, after Jeff Bezos’ phone was reportedly hacked

  • WhatsApp disclosed 12 security vulnerabilities last year, according to the US National Vulnerabilities Database, including seven that were classed as “critical.”
  • According to the database, seen by the Financial Times, the number of reported vulnerabilities was significantly higher than in previous years, when only one or two security reports were made.
  • Reports of flaws within the Facebook-owned messaging app have sparked questions about the security of the app amid reports that Amazon CEO Jeff Bezos’ phone was hacked by the Saudi Crown Prince.

Full article here: https://www.businessinsider.nl/jeff-bezos-hack-whatsapp-disclosed-security-flaws-last-year-ft-2020-1?international=true&r=US

Categories
Privacy Security

Leaked Documents Expose the Secretive Market for Your Web Browsing Data

An Avast antivirus subsidiary sells ‘Every search. Every click. Every buy. On every site.’ Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

An antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world’s biggest companies, a joint investigation by Motherboard and PCMag has found. Our report relies on leaked user data, contracts, and other company documents that show the sale of this data is both highly sensitive and is in many cases supposed to remain confidential between the company selling the data and the clients purchasing it.

Full article here: https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation