Main Area and Open Discussion > Living Room

Privacy (collected references)

<< < (3/10) > >>

IainB:
@YannickDa: Yes, I suspect you're probably pretty much spot-on in what you write above. It would seem prudent for any individual to regard all/any protestations by whomever that "Oh no! Don't worry! Your 'right to privacy' and the security and confidentiality of all your personal data is our primary objective!", as being likely to be just so much cynical hokum - especially if/when voiced by, for example (say):

* (a) Representatives of government and government-affiliated organisations.
* (b) Representatives of NGOs (Non-Governmental Organisations).
* (c) Representatives of corporate organisations.
* (d) IT startup founders/entrepreneurs.(Have I missed any out?)

Some people (not me, you understand) might put it in the New Zealand vernacular thus: "They couldn't give a rat's #rse about your stinking rights to privacy.", but I couldn't possibly comment.

IainB:
There's a very good summary post of the Facebook fiasco in the bleepingcomputer.com website, by Catalin Cimpanu:
(Copied below sans embedded images; my emphasis.)
Facebook Acknowledges It Shared User Data With 61 Companies
tags: Technology
Catalin Cimpanu - 2018-07-02

Image: Facebook app login

In a 747-page document provided to the US House of Representatives' Energy and Commerce Committee on Friday, Facebook admitted that it granted special access to users' data to 61 tech companies.

According to the document, these 61 companies received a "one-time" extension so they could update their apps in order to comply with a Terms of Service change the company applied in May 2015.

61 companies received API exemptions in 2015
The six-month extension was applied from May 2015, onward, when Facebook restricted its API so apps could not access too much data on its users, and especially the data of users' friends.

The API change came in a period when apps like the one developed by Cambridge Analytica were using the Facebook API to mass-harvest the data of Facebook users.

In May 2015, Facebook realized that apps were abusing this loophole in its permission system to trick one user into granting permission to the personal data of hundreds of his friends, and restricted the Facebook API to prevent indirect data harvesting.

But these 61 tech companies, because they ran popular apps, received an exemption to this API change, during which, theoretically, they could have abused the Facebook API to collect data on Facebook users and their friends. Data that could have been collected included name, gender, birthdate, location, photos, and page likes.

Facebook did not say if any of these companies abused this extension period to harvest data on users and their friends. The list of 61 companies who received an API extension includes:
Spoiler1. ABCSocial, ABC Television Network
2. Actiance
3. Adium
4. Anschutz Entertainment Group
5. AOL
6. Arktan / Janrain
7. Audi
8. biNu
9. Cerulean Studios
10. Coffee Meets Bagel
11. DataSift
12. Dingtone
13. Double Down Interactive
14. Endomondo
15. Flowics, Zauber Labs
16. Garena
17. Global Relay Communications
18. Hearsay Systems
19. Hinge
20. HiQ International AB
21. Hootsuite
22. Krush Technologies
23. LiveFyre / Adobe Systems
24. Mail.ru
25. MiggoChat
26. Monterosa Productions Limited
27. never.no AS
28. NIKE
29. Nimbuzz
30. NISSAN MOTOR CO / Airbiquity Inc.
31. Oracle
32. Panasonic
33. Playtika
34. Postano, TigerLogic Corporation
35. Raidcall
36. RealNetworks, Inc.
37. RegED / Stoneriver RegED
38. Reliance/Saavn
39. Rovi
40. Salesforce/Radian6
41. SeaChange International
42. Serotek Corp. 
43. Shape Services
44. Smarsh
45. Snap
46. Social SafeGuard
47. Socialeyes LLC
48. SocialNewsdesk
49. Socialware / Proofpoint
50. SoundayMusic 
51. Spotify
52. Spredfast
53. Sprinklr / Sprinklr Japan
54. Storyful Limited / News Corp
55. Tagboard
56. Telescope
57. Tradable Bits, TradableBits Media Inc.
58. UPS
59. Vidpresso
60. Vizrt Group AS
61. Wayin

Of the list above, Serotek received an eight-month extension.

Facebook points the finger at five other companies
Facebook also said it identified five other companies that tested beta versions of their apps that had the "theoretical" capability of harvesting a users' friends data. The list includes.
  1. Activision / Bizarre Creations
  2. Fun2Shoot 
  3. Golden Union Co.
  4. IQ Zone / PicDial
  5. PeekSocial

"We are not aware that any of this handful of companies used this access, and we have now revoked any technical capability they may have had to access any friends' data", Facebook said.

Facebook slowly closing all loopholes
In addition, Facebook also announced it was discontinuing 38 partnerships with companies that it authorized to build versions of Facebook or Facebook features for custom devices and products, and which may have also gained extensive access to user data.

Last week, a security researcher discovered another quiz app, similar to the one developed by Cambridge Analytica, which also gained access and later exposed the details of over 120 million Facebook users.

The app was named Nametests.com, associated with the eponymous website. Current evidence doesn't suggest the data collected by this second quiz app might have been used for political ads and influence campaigns such as the one collected by Cambridge Analytica.
_________________
CATALIN CIMPANU 
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at [email protected]. For other contact methods, please visit Catalin's author page.

Copied from: Facebook Acknowledges It Shared User Data With 61 Companies - <https://www.bleepingcomputer.com/news/technology/facebook-acknowledges-it-shared-user-data-with-61-companies/>

--- End quote ---

IainB:
The AddictiveTips website is usually worth keeping an eye on because they often have some very useful tips in all sorts of categories of interest. One of these categories is Privacy+VPNs (Virtual Private Network providers), which they frequently plug - probably because they get a financial benefit, such as, (say) advertising revenue, or commission on sales, or something. However, where they do talk about VPN services, AddictiveTips usually seem to be pretty thorough and relatively objective.

A recent example is the post: Best VPNs for GDPR: Unblock Online Services in Europe, which covers various useful points, some of which I summarise below and with my own comments/perspective added (but please do read the whole thing at the link):

* Purpose of the GDPR law: Intended to protect the privacy rights of internet users within the EU, but because so many internet companies have an international footprint, most have chosen to update their privacy policies for all users. worldwide (i.e., including non-Europeans).


* Why GDPR was important: This legislation was a major step forward in cementing into law the rights to privacy of internet users  - e.g., recent scandals such as the misuse of Facebook data by Cambridge Analytica for commercial/political ends highlighted the need to maintain the personal rights to one's digital privacy. Users can now take better control of "their" data which is logged/held by Internet-based "social networking service", Google, Yahoo!, and various other organisations relying on revenue derived from collecting/amassing their user data via distributed online services, or other reasons.


* What a VPN can do for digital privacy: One of the best tools that users can deploy to improve their privacy online is arguably by using a VPN. The post provides a good overview of what a VPN is, its potential benefits and how it could be used in conjunction with the GDPR legislation to protect your privacy. There are recommendations for the "best" VPNs for GDPR.
EDIT 2018-07-09:
NB: TRUST is a key issue here. There is a caveat that many organisations in the business of providing $PAID-for VPN services seem to  tend to conceal - not all the VPN providers are actually operating a trustworthy service, from the user's perspective, such that your logged VPN activity data could be made available to government or other authorities, through legal or other compulsion (even corruption/informal agreement).


* Government privacy breaches and propaganda: Various national governments sometimes commit some of the worst abuses of Internet freedoms, passing laws that authorise "legal" breaching of user privacy and enforce censorship (blocking) and permitting only politically what is deemed as being acceptable propaganda or "news" consumption. Internet users in the EU and beyond have experienced website blocks. This typically happens when the EU or another government decides to prevent or limit access to certain websites, usually "for consumer protection reasons". For example, not only to protect consumers from being defrauded or to inhibit the purchase of dangerous products online, but also to punish access to or block access to sites for "copyright infringement", or that encourage "incorrect thinking/information", or have "inappropriate content", or speech that is not permitted, or otherwise generally politically controversial/"unacceptable" content.


* Regulation without oversight: EU legislation about website blocking conceals the reality that that sites can already be (and are) blocked with no oversight, which rings alarm bells for anyone who values internet freedoms. In the recent past, for example, the Spanish government has used such blocking methods to prevent people from accessing websites discussing issues around the Catalan independence movement.


* Government-sanctioned blocking: If a government decides to block a website/page, then all of the ISPs within that entire nation's telecomms infrastructure are obliged to implement the block and prevent their customers from accessing that site. Thus, when a user types in the URL of a blocked site, the request is sent from the user's device to their ISP where -  if that URL is on a blocked list - then the ISP redirects the user to a blocked notice or simply denies the connection, and this action is logged against the user ID/IP address. The user is not anonymous, and all their internet traffic can be (and is) read and logged by the ISP.


* Purpose of a VPN: A VPN can enable the user to bypass (work around) blocks and government censorship by connecting usually anonymously to a server elsewhere in the "free" world. For example, if you are in the EU and the website that you want to access is blocked, then you can connect to a VPN server in (say) Japan, or the US, or Canada. All of your data will have been encrypted and passed through your local ISP (i.e., your ISP can’t see the URL or other request data that you’re accessing and so won't know to block your connection). It is then routed via that VPN server, allowing the user to browse the internet as if their ISP was physically in the country where the VPN server is located – in this case, Japan, or the US, or Canada – and so the EU user is able to use a VPN access sites that have been blocked by the EU.

wraith808:
What a VPN can do for digital privacy: One of the best tools that users can deploy to improve their privacy online is arguably by using a VPN. The post provides a good overview of what a VPN is, its benefits and how it can be used in conjunction with the GDPR legislation to protect your privacy. There are recommendations for the "best" VPNs for GDPR.

-IainB (July 08, 2018, 02:02 AM)
--- End quote ---


Always remember, a VPN is only as good as your VPN provider.  If they roll over and play dead, or are a "false flag" provider, you might as well not be using VPN at all.

Deozaan:
I'm surprised they didn't mention ProtonVPN.

Navigation

[0] Message Index

[#] Next page

[*] Previous page