Google Allowing Users to Control Public Information

google-about-me-tool

There is a lot of talk regarding privacy and more people are concerned about their searchable online data. Aware of this change in the behavior of its users, Google has recently released a new tool to help control online privacy, called “About me”.

Users can adjust their personal and work contact information, education and employment history as well as the places they have lived. It is also possible to control who sees gender, birthday, occupation, personal websites and social network URLs.

Google explains that all the content on the About Me page is “information that people explicitly provided to Google.” Also noting that “people have control over what information is here and on the About Me page, they can control what others see about them across Google Services.”

Will the “Right to Be Forgotten” End in the EU?

right-forgotten-erase-past-600

Google is refusing to follow a French Ruling that is asking to delete records globally, each time an individual requests the right to be forgotten. The company is clarifying its stand saying that the European ruling of Right to Be Forgotten should not be applied globally. By not following the ruling, Google might be inviting trouble and is likely to be fined for its stand.

CINIL, the data protection authority in France, made the order on the basis of the European court ruling that Google will have to delete irrelevant and outdated information when it receives a request from the individual or organization. Since the ruling, Google has received millions of requests and even cleared many of them. But it is refusing to accept the order that asks it to remove the name from the global list, arguing that the search is already being routed locally.

Google has further pointed out that one country should not have the authority to decide and control what content users in another country can find and access. The company notes that such a measure isn’t necessary, because as much as 97% of Internet users in France access a European version of Google’s search engine.

Google argues in a new post on its official blog for Europe: If the CNIL were to get its way, “the Internet would only be as free as the world’s least free place.”

Stalking the Google Way

image

The recent data breach at Ashley Madison (a company whose boss was dumb enough to claim that he had the most secure site on earth) means the site may end up with private information about millions of people having affairs being released online. What is perhaps much more threatening to anyone trying to stay under the radar is the spy in your pocket. Google just announced the latest version of its timeline feature in Google Maps, and it’s kind of horrifying.

For as long as you have had location services turned on (the default is off, but many people turn it on to take advantage of other cool features), Google has been tracking your every movement. For example, last Christmas, we visited Las Vegas. On my timeline for Christmas day, it shows that we stayed at Caesars and visited an exhibit at the Luxor. It’s not perfect; it shows us at the Hilton (the Purple Rain tribute show), but has the time wrong. Nonetheless, it’s pretty amazing. The fact that I didn’t ask to be tracked and didn’t know it was happening is apparently neither here nor there.

In theory, all this rather creepy. Tracking is double opt in, but I bet most people have no idea what Google has been tracking for the past five plus years. Do you know where you were in April 2009? Google does. In some cases, it even shows me moving around inside my house. Again, weirdly creepy.

Obviously (as always), all this data collection comes down to commerce. If Google knows where we are, it can better target ads of all kinds at us. Since most of us don’t make much effort to control what we share (most don’t actually care), maybe it’s just another aspect of our “nothing to hide, nothing to fear” culture. However, since Google has no problems sharing with the government pretty much anything they ask for, you have to wonder what Google and our overlords are making of the places you go and the people you see.

In the Name of “Digital Sovereignty”

Vladimir-Putin_2183550b

Russia’s cyber world has grown in recent years, and now has more than 80 million users, or about 60% of the population. But in the name of digital sovereignty, Russian authorities are stepping up efforts to corral it, part of a worldwide race between running online technology and the desires of law enforcement to keep tabs on all that activity. The battle lines are forming around the challenge of encryption, which companies are increasingly upgrading in the post-Edward Snowden era to satisfy the privacy concerns of customers.

Russian authorities are fighting back with a law that comes into effect in September, requiring all global Internet platforms, such as Twitter, Google, Facebook, and Apple to store data of Russian users on Russian servers. Furthermore, it directly warned that due to the encryption employed, Russian servers may be forced to take down entire platforms in order to block one piece of objectionable content.

The idea is that data stored on Russian servers will be protected from the prying eyes of the US National Security Agency. Experts say it may also rope off Russian cyberspace and make it easier for Russian authorities to control what their own citizens are posting and reading on the Internet. The main way Russian authorities have been doing that so far is through a complex register of banned websites that Russia-based ISP’s are required to block.

The list currently contains over 10,000 websites, mostly for content even an ardent civil libertarian might have trouble defending, such as child pornography, pro-terrorist agitation, and sites that glamorize suicide. Last week, the Russian communication supervising entity Roskomnadzor sent out warning letters to Google, Twitter, and Facebook, reminding them that they are required by Russian law to hand over data about any Russian blogger who has more than 3,000 readers daily. Any user of the services who posts items calling for “unsanctioned protests and unrest” must be blocked, and due to the companies’ use of https encryption, that could force Russian ISPs to block the entire site.

In barely three months, the new law requiring all companies that operate in Russian cyberspace to store the data of all Russian users on local servers will come into effect. Experts say the law is a sweeping declaration of “digital sovereignty,” but it’s also impossible to guess how it may be enforced. And while Russia may be using its own unique mixture of threats and ill-focused laws to try to address the encryption challenge, it is a global issue.

The NSA is Hacking Your Games

nsa

That sounds crazy right? Even given how unscrupulous the NSA has been revealed of late, surely they aren’t using app stores to track us? Wrong. That’s exactly what they are doing.

In the latest of docs leaked by Edward Snowden, it is revealed that the NSA and the spy organizations of the UK, New Zealand, Canada and Australia (yes folks, the good guys) were working together to exploit the kinds of weaknesses in mobile apps which criminal hackers usually use to steal identities for their own espionage purposes. The technical details are super boring, so I won’t waste your time with them. But essentially, they were combing through popular apps to find their own exploits, then planning to use those exploits to collect data and track individuals. Mobile devices are ideally equipped to let spies track us; all they have to do is match the SIM to the individual and it’s game on.

The project was called ‘Irritant Horn’ (who comes up with these names?) and it’s not 100% clear to what extent it was fully deployed. Of course, if it was done well enough, we wouldn’t be able to tell. The agencies were particularly interested in African countries and Asia. Almost hilariously, the most popular mobile browser in China was characterized as leaking like a sieve. Leaving users open to a wide range of tracking and interception, they were even able to send fake messages from one identified user to another once those users had been infected by the spyware the actual spies were using.

Naturally, the responsible agencies are claiming ‘appropriate oversight’ and self-defense. Google, Apple and Samsung have no comment and I’m sure that this story will be buried as quickly as possible. But next time you are noodling on Candy Crush, just remember that Big Brother is watching you.

Google As Your Bank

how-to-lose-money-on-google

I refuse to get sucked back into the vortex of what the hell Google will or will not be doing with Google Glass at some point in the foreseeable future…instead let’s look at something that may actually matter to most of us.

Unless you are living under a rock the chances are that you are using online banking for almost everything. I haven’t written a check in years but each month my bank dutifully mails out checks to everyone I need to pay. according to documents obtained by those enterprising folk at re/code Google is planning to launch a service called (or code named) Pony Express which will allow us to receive online bills and pay them straight out of Gmail. Receiving e-bills by email is not news but being able to have them automatically organized withing email then pay them from right inside Gmail is really interesting.

The end user will be able to organize and pay most bills simply and directly without having to jump off to a bank site or the site of the bill issuer. I’d certainly use the service.

That sounds all well and good…but let’s put our tinfoil hats on and talk about security and other concerns. We hear almost daily of data breeches and other hacks…the personal and financial data collected in this process would paint an enormous target on the Gmail….come on in guys all our financial data is over here! Gmail has s really good record in terms of data security …but it’s a concern.

Now let’s think about what all this extra data could mean for Google. It will know when you move house, when you are having a baby…when you have had a baby. It will know when you are struggling with bills and only paying minimums on credit cards. It will know where you live and what your mortgage is.It also knows all of your searching behavior and the content of all of your email. In theory this additional data will put Google in a much stronger place to target you with super effective messages.

Having gone that far what’s to stop Google from actually becoming a bank. The answer is almost nothing.  I’d be shocked to discover that Google hasn’t already started this process. Look at PayPal…it started as a way to pay online and now offers a range of financial services. The Google credit and debit cards can only be months away. What’s in your wallet?

The NSA May Have Been Hiding in Your Computer for 14 Years

FILE PHOTO  NSA Compiles Massive Database Of Private Phone Calls

Security researchers at Kaspersky Lab have unearthed a suite of surveillance platforms that can hide within the firmware of hard drives from more than a dozen manufacturers. The attackers, which Kaspersky is calling the Equation Group due to their complex skill set, are the most advanced that the researchers have encountered to date.

The programs, some of which date back to 2001, appear to have been developed in succession with each new program being more sophisticated than the last. Personal computers in more than 30 different countries have been discovered to carry the infection.

One of the worms uncovered has direct connections with Stuxnet and may have even been used as a test to help figure out the best route for the malware to reach systems involved in Iran’s nuclear program. Researchers didn’t name who they believe might be behind the attacks although there’s a good bit of circumstantial evidence that points to the NSA.

One component of the suite, GrayFish, is able to re-flash the firmware on hard drives. Because it resides in the firmware, reformatting the drive doesn’t get rid of the infection. Key to being able to rewrite the firmware is having access to source code. If the NSA is indeed behind the attacks, getting source code wouldn’t present too much of an issue.

In addition to physically intercepting shipments (in this case, hard drives) and loading them with malware before repackaging and sending to targets, the NSA could have simply asked manufacturers for their source code (directly or indirectly) or posed as software developers.

Today in Creepy Privacy Policies… Samsung Smart TV’s Eavesdropping

samsung-smart-tv-ears-800x420

You might be wanting to go to another room if you don’t want Samsung’s Smart TV’s to record your personal conversations. They don’t just respond to your commands – they will also tell a third party what you’re saying while you sit in from of them.

Some sharp-eyed people have spotted this curious addition to the Privacy Policy: “To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you.”

So far, so mostly-reasonable: if a TV had enough CPU grunt to do voice recognition it could push the price into nasty territory. A cloud-assist feature could be messy, but not terrifying, not least because bigger samples will probably make for bigger improvements in voice recognition. Next comes the admission that “In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features.”

That’s far less comfortable, as it suggests Samsung can identify individuals. If it’s matching MAC addresses, that’s not terrifying. If it depends on logins … yikes! Samsung can identify you and the stuff you say to your TV!

It gets worse in this final sentence:

“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.” And let’s not even begin to ponder how the sets’ cameras and fitness services might use that data, or the conclusions they would draw, if a program moves to amorous activity on the sofa.

Worse still, this all happens even if you don’t turn voice recognition on, as Samsung says: “If you do not enable Voice Recognition, you will not be able to use interactive voice recognition features, although you may be able to control your TV using certain predefined voice commands. While Samsung will not collect your spoken word, Samsung may still collect associated texts and other usage data so that we can evaluate the performance of the feature and improve it.”

Samsung’s responded to widespread discussion of its privacy policy be insisting the data it collects is encrypted and cannot be accessed or used by unauthorized parties. But of course Anthem Healthcare, Target, Sony (Pictures entertainment and the PlayStation arm) and a myriad others have all made similar pledges about the effectiveness of their security.

Tech Winners and Losers of 2014

2014_year_in_review

Life’s never dull in the technology space, with company takeovers, new product launches, senior management changes and security breaches occurring on – what feels like – a near daily basis. The past 12 months has seen plenty of these scenarios play out in the IT industry, with devastating consequences for some and positive outcomes for others. With this in mind, these are the tech industry’s winners and losers in 2014.

LOSERS

Wearable technology 2014 look set to be the year where vendors stopped talking up wearable technology products, and actually started releasing some, but it didn’t quite pan out that way.

While Apple and Google both unveiled their first ventures into this area (in the form of the Apple Watch and Google Glass respectively), both products are earmarked for unspecified general release dates in 2015, but precise details are scarce right now. High cost and ugly designs have repeatedly been cited this year as reasons why the wearable tech trend hasn’t quite set the world alight, but there’s always 2015, right?

Sony Pictures The hacking community had a bumper year in 2014 by managing to take down high-profile targets including online auction site eBay and US retailer Target, to name but a few.

However, the largest, most wide-ranging and – potentially – the most damaging was the one involving Sony Pictures in November. Members of the self-styled Guardians of Peace hacking collective breached the firm’s computer network, stole company documents and emails by the hundreds and then proceeded to dump them on torrent sites.

North Korea has been cited as the source of the attack, after the hackers made repeated references to Sony Pictures’ forthcoming comedy film The Interview, the story of which centers on a fictional assassination plot involving North Korean leader Kim-Jong Un. The hack took an even more sinister turn earlier this month, with the perpetrators threatening “9/11-style” attacks on cinemas that showed the film, prompting Sony to pull its release altogether.

HP While its five-year turnaround plan continues apace, the tech giant has faced some tough decisions this year to safeguard the company’s future, resulting in widespread job cuts. In October, HP announced plans to hive-off its PC and printing business from its wider enterprise hardware and services arm at a cost of another 5,000 jobs. The move came as a surprise to many, given the backlash it suffered several years ago when former CEO Leo Apotheker proposed a similar move.

Uber While the number of people downloading the Uber taxi finder app has sky-rocketed this year, the company, its senior management and its operating methods have all come under fire. Thousands of black cab drivers took part in an hour-long protest against Uber’s method of working out the cost of fares that saw central London brought to a standstill in June.

The company has also garnered complaints about the way it treats journalists, after one of its executives suggested hiring a team of researchers to “dig up dirt” about those who write bad stories about the firm. And, if all that wasn’t bad enough, Uber faced a monumental backlash in December after its surge pricing system, whereby the cost of fares grows in line with demand, kicked in during the Sydney hostage crisis. This meant people using its service to escape the scene were charged around four times the normal fare.

Samsung After wowing smartphone buyers with its flagship Samsung Galaxy S3 and S4 handsets in 2012 and 2013, respectively, the South Korean tech giant was widely expected to replicate the sales figures notched up by these devices with the S5. Despite a striking re-design, the introduction of biometric security, a heartrate monitor, and a wealth of other bells and whistles that garnered favorable reviews, sales of the S5 fell short of analyst expectations.

Just to round off a bad year for the firm, December saw analyst house Gartner unveil its latest smartphone market tracker, which also revealed Samsung had lost 8 per cent of its global market share because of a fall in demand for its products in China.

iCloud Cloud security worriers were gifted a fairly credible reason about the integrity of off-premise storage this year, after hackers managed to side-step Apple’s iCloud log-in procedures and leak naked pictures of a host of female celebrities online. The fallout from it prompted Apple to issue assurances in September 2014 that it was tightening up security around its flagship cloud storage service.

WINNERS

Blackberry After what can only be described as a disastrous 2013 for BlackBerry, the past 12 months have been considerably better for the Canadian smartphone maker. While the previous year saw the firm hit with multi-million inventory charges, senior management changes, and an abortive attempt to acquire the firm by its largest shareholder, 2014 has seen it embark on a concerted push to reconnect with enterprise users to very positive effect.

This has resulted in the release of the eye-catching BlackBerry Passport, which has chalked up better-than expected sales, and lofty predictions about a return-to-growth for the firm in the not too distant future.

Mojang Even if hadn’t been acquired by Microsoft, it’s highly likely games developer Mojang would have made it on to our 2014 winners list, based on the continued popularity of its flagship offering Minecraft. The game is said to have 100 million registered users, and saw its user base widen considerably this year with its release on the PlayStation 4 and Xbox One consoles.

Microsoft coughed up $2.5 billion for Mojang earlier this year to safeguard the game’s availability on Windows PCs and phones in the future, and – we assume – ensure Mojang’s senior management enjoys a very nice Christmas.

WhatsApp It’s fair to say WhatsApp’s 450 million-plus users were a little skeptical about how honorable Facebook’s intentions were when news first broke that it was planning to buy the IM service in February. With fears abounding that Facebook might opt to shut the service down and incorporate it into its own Messenger service, or even start charging users to send missives to each other, the WhatsApp user base wasn’t happy.

In response, Facebook CEO Mark Zuckerberg promised users the service will operate as it always has done and continue to do so as a standalone entity. And since the $22 billion deal was finally waved through by regulators in October 2014, he’s shown no signs of backtracking on this.

Hackers 2014 has certainly been a busy one for the hacking community, with a series of high-profile attacks on the likes of Sony Pictures, iCloud and eBay causing massive disruption to their operations and – not to mention – reputations.

While vendors and industry types often predict cyber-attacks will grow in complexity and sophistication as time goes on, these three provide solid evidence that this is a trend that’s already occurring.

 

Is North Korea Really Behind the Sony Hacks?

4961956583_2b937946dc

There’s plenty of rumors and speculation, but one thing is certain: something has gone awfully wrong with the computer systems at Sony Pictures Entertainment – the television and movie subsidiary of the huge Sony Corporation.

The company has shut down its servers, after a ghoulish skull appeared on computer screens alongside a claim that internal data had been stolen and would be released if undisclosed “demands” were not met.

In parallel, Twitter accounts used by Sony to promote movies were hacked to display messages attacking Sony Entertainment’s CEO from a group calling itself GOP (the Guardians of Peace) who claimed responsibility for the hack.

11 terabytes of information had been stolen by hackers from Sony Pictures, and even tweeted a photograph of a sign placed in the lift of Sony Pictures’ London office asking staff not to use their computers or log into the Wi-Fi. If hackers have indeed hijacked Sony Pictures’ network, and stolen a large amount of data, it all sounds very dramatic, but the most the company has said publicly is that it is investigating an “IT matter.” The absence of hard facts about the hack has inevitably led to reporters filling in the vacuum with some guesswork and, in some cases, speculation that may be have shaky foundations.

For instance, one report claimed that Sony Pictures was exploring the possibility that North Korean hackers could be behind the attack – because of anger over an upcoming comedy film featuring Seth Rogan and James Franco working with the CIA to assassinate North Korean leader Kim Jong-Un.

It does appear that North Korea is genuinely unhappy about the movie, but does it really seem likely that that would motivate what appears to be a widespread attack against the Sony Pictures computer network?

That hasn’t stopped other media outlets from repeating the original claim of a North Korean link without much in the way of questioning, churning out the same “news” without considering just how tricky it might be to attribute the attack to any particular country – especially when the victim itself appears to still be mid-recovery and mopping up the mess.

Does North Korea use the internet to spy on other countries? Is it possible that hackers sympathetic to North Korea (or simply people who aren’t fans of Seth Rogan) might want to disrupt Sony Pictures’ activities? Hopefully until we know the answer, Sony will do its duty to inform the public of what information has been compromised.