Main Area and Open Discussion > Living Room

Privacy (collected references)

<< < (8/10) > >>

IainB:
Mythological basis of the Pandora's box idiom:
According to Hesiod, when Prometheus stole fire from heaven, Zeus, the king of the gods, took vengeance by presenting Pandora to Prometheus' brother Epimetheus. Pandora opened a jar left in his care containing sickness, death and many other unspecified evils which were then released into the world.[4] Though she hastened to close the container, only one thing was left behind – usually translated as Hope, though it could also have the pessimistic meaning of "deceptive expectation".[5]

From this story has grown the idiom "to open (a) Pandora's box", meaning to do or start something that will cause many unforeseen problems.[6] Its modern, more colloquial equivalent is "to open a can of worms".[7]
Source: https://en.wikipedia.org/wiki/Pandora%27s_box

--- End quote ---
The thing about "Pandora's Box" was that the contents (the troubles), when once released into the world as a result of Pandora's curiosity, were enduring and timeless and apparently could never be put back into the box, thus adversely affecting all humankind over time, from that point onwards.

IainB:
A salutary tale with a recommended privacy sanitisation list, from Samizdata.net:
(Copied below.)
The Shadow Education Secretary wants to make teachers more vulnerable
tags: Civil liberty & Regulation, Education & Academia, Internet, Privacy & Panopticon, UK affairs
Natalie Solent (Essex) - September 23rd, 2018

The Shadow Education Secretary, Angela Rayner MP (Lab), has called for a ban on anonymous online accounts.

The education spokesperson also called for social media companies to ban anonymous accounts, complaining at a fringe event organised by the Guardian in Liverpool that most of the people that abused her online did so without using their real names.

Rayner said that social media firms should take greater responsibility for their users and complained in particular that Facebook seemed to have indicated that politicians should accept a higher level of abuse.

When asked what she thought about social media, Rayner said: “One of the first things they should do is stop anonymous accounts. Most people who send me abuse me do so from anonymous accounts and wouldn’t dream of doing it in their own name.”

Rayner conceded that using real names would not stop abuse but “it would certainly help a little bit. I think they should do more, they do have a responsibility for online”.
___________________________________
--- End quote ---

As I mentioned earlier, Angela Rayner is the Shadow Education Secretary. That ought to mean that she is aware that teachers, like MPs, are often subject to harassment. The Times Educational Supplement had an article on that very subject just a few days ago: “Why your social account is not as private as you think”. It began:

The teacher’s Facebook account was set to private. She was certain of that. Yet, in the past week, she had received four friend requests from former pupils. She could not work out how they had found her.

So, as I am a researcher at the Greater Manchester Police – and her friend – she asked me to take a look. Within 10 minutes, I had not just found her, but I also had her full name, her partner’s name, the school she worked at, the name of one of her children and multiple images of the street she lives on.
___________________________________
--- End quote ---

The writer, Chris Glover, proceeded to give ten tips that teachers should employ to protect themselves:

* 1. Keep accounts separate.
* 2. Vary usernames.
* 3. Check posts about you.
* 4. Beware of public posts.
* 5. Review privacy settings.\
* 6. Don’t follow your school account.
* 7. Avoid using your real name.
* 8. Change the friends-list setting.
* 9. Switch off location.
* 10. Delete dormant accounts.
Following the above advice should help ensure that teachers can enjoy participating in life online while minimising the very real risk of being tracked down by former or current pupils bearing a grudge, or simply by people whom it is best to keep at arms length for professional or safeguarding reasons.

Until a Labour government gets in and makes Nos. (2) and (7) illegal outright, and demands that all of your personal details are held in one place by a social media company so as to be conveniently available for hackers and identity thieves.

--- End quote ---

The context here (for the benefit of non-British readers) is that the UK currently has a Conservative-led government, so the Labour party is the party "in opposition", as it were, and has "shadow ministers" for each of the main ministerial departments, of which Education is one.
There are 2 rather depressing things about this:

* 1. Rayner - who is in the important role of Shadow Education Secretary  - would need to know about current issues in Education and would be expected to have her fingers on the Education pulse, as it were, yet she was apparently recommending a ban on anonymous online accounts, and she would have presumably been stating that as a Labour policy approach.


* 2. However, despite being Shadow Education Secretary, Rayner seemed to have been unaware of the article in The Times Educational Supplement on this rather important matter, published a few days prior. This looks to be a classic clueless and foot-in-mouth response by the Shadow Education Secretary and it could have adverse consequences - e.g., tend to make floating voters (and possibly others) think twice before voting Labour in the next general election.
Though it is rather telling - and Labour voters could be forgiven for weeping or doing a face-palm over this, just as the other voters could be forgiven for having a LOL moment - if we look on the bright side, then the article  in The Times Educational Supplement gave us 10 very good points for improving privacy. These are points that we could extract and all follow to our advantage - i.e., not just teachers - and if Rayner had not made the gaff that she did, then we might never have heard of the 10 points and they would have remained buried in the article in The Times Educational Supplement.

IainB:
Another potentially helpful privacy sanitisation list from abine.com (too long to post here, so just the link): 8 Steps to Secure Your Facebook Privacy Settings

IainB:
Having worked in Defence and marketing and having managed the design, development and delivery of smart nationwide credit-card driven EFT-POS systems which collect, curate, manipulate and use user data for marketing advantage, I have learned some very good reasons why the individual needs to understand:

* (a) the value and fragility of personal data-privacy and
* (b) its relevance to freedom/liberty.
I generally try to think for myself and prefer to take a healthily skeptical and politically agnostic outlook on life. I am personally fed up to the back teeth with the incessant incitement to outrage and the bombardment of absurd political bias and being told how to behave or encouraged to moronically right-think all the time, as pushed by a majority media cohort apparently funded by vested interests (i.e., propaganda, AKA "fake news") seemingly hell-bent on manipulating us (e.g., including the Facebook - Cambridge Analytica fiasco and SnowdenGate.).

Though it inevitably seems/tends to push its own peculiar political bias a lot of the time (like many websites), the website innov8tiv.com occasionally publishes what seem to be relatively well-balanced posts on topics that could be of interest. I therefore keep it in my BazQux feed-reader and periodically check it out.
IMHO, the item copied below from innov8tiv.com is potentially informative and thus worth a read:
(Copied below sans embedded hyperlinks/images, with my emphasis.)
People browsing using Chrome were quietly logged into their Google accounts without their consents | So much for users’ Privacy
 Felix Omondi  September 24, 2018  Apps and Software

A professor at Johns Hopkins and a cryptography expert, Matthew Green, called out Google for making changes to Chrome, making the browser log in users into their Google account without the consent or even notifying them. A move security experts say puts the users’ privacy into jeopardy.

Historically, Chrome users have had the option of using the browser without logging in to their Google accounts. Although logging in does come with some obvious benefits such as having your bookmarks, passwords, and browsing history synced in the cloud and available across any device you are browsing on using the Chrome browser.

However, for security-conscious users who do not have Google – the most prominent advertising entity in the world – have their browsing data for purposes of sending them targeted Ads. Now that Google has made changes to the new Chrome to make the browser log users secretly into their Google Accounts means Google will get the data of users who would otherwise not have logged into their accounts.

Google has come out addressing these concerns raised by security experts stressing that users must have consented to the sync feature thus allowing the browser to transfer their data. Buried in the sync feature, is the revelation that for the sync feature as it works out will automatically also log you into your Google account.

So when a user logs in to their Gmail account on the browser, Chrome also automatically logs into their Google account. All that happens without the consent of the user or the user getting notifications.

“Now that I’m forced to log into Chrome,” wrote Green, “I’m faced with a brand new (sync consent) menu I’ve never seen before.”

Copied from: People browsing using Chrome were quietly logged into their Google accounts without their consents | So much for users’ Privacy | Innov8tiv - <http://innov8tiv.com/people-browsing-using-chrome-were-quietly-logged-into-their-google-accounts-without-their-consents-so-much-for-users-privacy/>

--- End quote ---
Interestingly enough, this would seem to be exactly the sort of thing that HAT (Hub of All Things) - referred to above per Armando (2016-07-29, 14:49:38) - is apparently designed to protect us from, whilst at the same time increasing our privacy and freedom of choice:

What is the Hub of all Things?


The Hub of All Things


Happy days.

IainB:
MEGA - MEGAsync - General Data Protection Regulation Disclosure:
(Copied below sans embedded hyperlinks/images.)
SpoilerGeneral Data Protection Regulation Disclosure

Introduction
In 2013 MEGA pioneered user-controlled end-to-end encryption through a web browser. It provides the same zero-knowledge security for its cloud storage and chat, whether through a web browser, mobile app, sync app or command line tool. MEGA, The Privacy Company, provides Privacy by Design.

As all files uploaded to MEGA are fully encrypted, their contents can’t be read or accessed in any manner by MEGA. Files can only be decrypted by the original uploader through a logged-in account, or by other parties who have been provided with file/folder keys generated by the account user.

Personal data is information relating to an identifiable natural person who can be directly or indirectly identified in particular by reference to an identifier.

MEGA stores the following categories of Personal Data
Contact Details

* Email addresses
* User’s name (if provided)
Transaction Details

* IP address and Source Port for account creation and file uploads
* Country location (inferred by matching IP to MaxMind IP database)
* File size and date uploaded
* Date that file/folder links are created
* MEGA contacts
* Chat destination contact(s) and time sent
* Call destination contact(s), call start time and call duration
* Subscriptions and payment attempts
* Information provided to a payment processor when processing a subscription payment, such as Tax ID number, but not the credit/debit card number.
MEGA does not receive or store special categories of personal data or data relating to criminal convictions and offences, as any files that are uploaded to MEGA are fully encrypted at the user’s device so the encrypted data is not able to be decrypted by MEGA.

MEGA doesn’t share the data with any other party other than with competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences and as specified in the Privacy Policy clause 11.

Purpose
The purpose of storing the data is to manage account login and activity and to respond to information demands from authorities.

Processing
MEGA stores personal data but does not carry out any other processing activities on such data. This storage of personal data is necessary in order to provide the secure login to MEGA’s systems and to satisfy compliance obligations.

Lawful Basis of Processing: Contract
The processing of data is necessary for performance of the contract that MEGA has with each user, which they accepted through the Terms of Service when creating their account.

The Terms of Service clause 2 requires the user to agree to the Terms or otherwise to not use the service. Acknowledging and accepting the Terms of Service is a mandatory step in the signup process in all clients - web and mobile.

Clauses 50-51 of the Terms of Service incorporate the Privacy Policy by reference. The Privacy Policy specifies the personal information that is stored.

Retention of Personal Data
Personal data is retained indefinitely while the user’s account is open. After account closure, MEGA will retain all account information as long as there is any law enforcement request pending but otherwise for 12 months after account closure as users sometimes request that an account be re-activated. After 12 months, identifying information such as email and IP addresses will be anonymised (except that email address records will be retained for reference by the user’s contacts or where the user has participated in chats with other MEGA users) but other related database records may be retained.

After user deletion of a file all deleted files will be made inaccessible, marked for deletion and deleted fully when the next appropriate file deletion purging process is run.

After account closure all stored files will be marked for deletion and deleted fully when the next appropriate file deletion purging process is run.

Data Subject’s Rights
Each user has the rights specified in this disclosure notice.

Withdrawal of Consent
Users can only withdraw consent to MEGA collecting the specified personal information if they close their account.

Statutory and Contractual Obligations
Personal Information collected by MEGA is not collected because of any contractual or statutory obligation to third parties.

Automated Decision Making and Profiling
MEGA does not undertake any automated decision making or profiling.

The Right of Access
Individuals have the right to obtain:

* confirmation that their data is being processed;
* access to their personal data;
* Any requests should be submitted to [email protected]. The information will be provided promptly, and at least within one month, without charge unless the request is manifestly unfounded or excessive.
Rectification
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If MEGA has disclosed the personal data in question to any third party (such as a compliance authority), it will inform them of the rectification where possible and will also inform the individuals about the third parties to whom the data has been disclosed where appropriate. The only third parties that might have had disclosure are compliance authorities.

Erasure
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:

* The personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
* The individual withdraws consent.
* The individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
* The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
* The personal data has to be erased in order to comply with a legal obligation.
* The personal data is processed in relation to the offer of information society services to a child.Any requests for erasure will be considered in detail and would probably result in closure of the user’s account.

After account closure, MEGA will retain all account information as long as there is any law enforcement request pending but otherwise for 12 months after account closure as users sometimes request that an account be re-activated. After 12 months, identifying information such as email and IP address will be anonymised (except that email address records will be retained for reference by the user’s contacts or where the user has participated in chats with other MEGA users) but other related records may be retained.

After user deletion of a file all deleted files will be made inaccessible, marked for deletion and deleted fully when the next appropriate file deletion purging process is run.

After account closure all stored files will be marked for deletion and deleted fully when the next appropriate file deletion purging process is run.

In some cases a person may receive an email from MEGA asking the person to confirm their new account email address, but in fact they haven’t tried to open an account - someone else has started the process and used their email address either maliciously or by mistake. In these cases, MEGA has an ephemeral/incomplete account that might be used to upload files. On request, and after proving ownership of the email address, MEGA will arrange for the account to be deleted.

MEGA can refuse a request for erasure:

* to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
* for public health purposes in the public interest;
* for the exercise or defence of legal claims.The Right to Restrict Processing
Individuals have a right to ‘block’ or suppress processing of personal data. When processing is restricted, MEGA is permitted to store the personal data, but not further process it. As MEGA only stores, and doesn’t further process the stored personal data, no action will be taken in response to a request to restrict processing.

Data Portability
The right to data portability only applies:

* to personal data an individual has provided to a controller;
* where the processing is based on the individual’s consent or for the performance of a contract; and
* when processing is carried out by automated means.On request by email to [email protected], MEGA will provide a user’s personal data in a structured, commonly used and machine readable form such as JSON files.

Note that all files in a user’s account can be downloaded and decrypted through any of the usual clients.

Lead Data Protection Supervisory Authority
The Lead Data Protection Supervisory Authority is the Luxembourg National Commission for Data Protection. This is the appropriate authority for accepting GDPR complaints about MEGA.

NATIONAL COMMISSION FOR DATA PROTECTION
1, avenue du Rock'n'Roll
L-4361 Esch-sur-Alzette
https://cnpd.public.lu

Controller
MEGA Limited
Level 21, Huawei Centre
120 Albert St
Auckland
New Zealand
Company number 4136598

Controller’s Representative
Mega Europe sarl
4 Rue Graham Bell
L-3235 Bettembourg
Luxembourg
Company number B182395
[email protected]

The Privacy Company. User-encrypted cloud services
 
MEGA
About us Plans & Pricing Resellers Service Policy Press & Media Credits Contact Us
Apps
iOS Android Windows Mobile Browser Extensions MEGAsync MEGAcmd MEGAbird
Support
Help centre Blog
Tools
SDK Source Code
Legal
Terms of Service Privacy policy Copyright Takedown Guidance General Data Protection Regulation Disclosure
© MEGA 2018 All rights reserved

Navigation

[0] Message Index

[#] Next page

[*] Previous page