According to the FTC, Zoom lied to users about end-to-end encryption for years. This is one of the obvious perils of nonfree (proprietary) software: you can’t verify that the software isn’t abusing you, you just have to take their word.
Ars Technica has reported that Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption.
“Since at least 2016, Zoom misled users by touting that it offered ‘end-to-end, 256-bit encryption’ to secure users’ communications, when in fact it provided a lower level of security,” the FTC said in the announcement of its complaint against Zoom and the tentative settlement.
Despite promising end-to-end encryption, the FTC said that “Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised.”
The Register has reported that Google on Thursday was sued for allegedly stealing Android users’ cellular data allowances through unapproved, undisclosed transmissions to the web giant’s servers.
The complaint contends that Google is using Android users’ limited cellular data allowances without permission to transmit information about those individuals that’s unrelated to their use of Google services.
Google, among other Big Tech, are heavy privacy violators. “Google designed and implemented its Android operating system and apps to extract and transmit large volumes of information between Plaintiffs’ cellular devices and Google using Plaintiffs’ cellular data allowances,” the complaint claims.
Often when companies and some authorities talk about privacy, they start bringing “data protection” in discussion which means nothing than violating people’s privacy in a nicer way.
Data protection means the company or authority can actually collect data and use them but it can’t share or sell it to others, well at least publicly. This is exactly the way Apple advertises about its privacy policies.
Even many privacy activists are promoting Apple because of its privacy policies while Apple is in fact one of the biggest violators of people’s privacy. For example, it wasn’t a long ago that we found out Apple was (or maybe still is) letting contractors (actual humans, not even bots) to listen to people’s conversations with Siri.
Privacy comes when there’s no identifiable personal data involved. A company promising that it won’t jeopardize our privacy is not enough for people. We need mechanisms and products that will protect our privacy and it comes only when they don’t collect our data.
Well of course some products only work with our data. For example, a mobile phone map application for routing only works when we give it our location. Well, as far as I know, data can be purged or even be collected in a way that no personally identifiable data would be stored or transmitted.
We have a lot of services like EteSync that provide what they intend to provide and they actually work with very personal data. EteSync for example is a service that syncs your contacts and calendar but encrypts all data in a way that nobody except you yourself can see them.
This is what we want as a privacy service/product. If a corporation like Google follow policies like ‘data protection’, they would still violate our privacy while deceiving us about how they value our rights.
We need privacy, not data protection. Nobody should have access to our data to whether they want to protect it or not.
Beebom has reported that new app published by Google lets banks lock your Android device if you don’t make payments! Such a ridicule.
Spotted by the folks at XDA Developers, the Device Lock Controller app from Google lets financers of smartphones remotely lock an Android device. It uses the DeviceAdminService API in the Android system and enables banks and financiers to lock significant functionalities of your Android device if you fail to make your monthly payment.
With the device locked, users will be able to access very limited functions in their smartphones. These include emergency calls, incoming and select outgoing calls, settings, and backup and restore service.
Now, surprisingly, the “Device Lock Controller” app does not appear when you search for it on the Google Play Store and nor does it appear in the list of apps made by Google. So, XDA executives reached out to Google for clarification about this.
So, according to Google, the app was developed by them in partnership with a Kenyan carrier, Safaricom. A spokesperson from Google told XDA that the app was developed to help Safaricom with their new “Lipa Mdogo Mdogo” (Pay Bit by Bit) financing plan which lets customers get an Android Go device with monthly financing.
However, if the customer could not pay an installment after four days of its due date, Safaricom locks the device with this Google app. That’s one way of using brute force to make users pay their EMIs on time.
AFP has reported Singapore will become the world’s first country to use facial verification in its national ID scheme, but privacy advocates are alarmed by what they say is an intrusive system vulnerable to abuse.
From next year, millions of people living in the city-state will be able to access government agencies, banking services and other amenities with a quick face scan.
This biometric check will do away with the need to remember a password or security dongle when performing many everyday tasks, its creators say.
It is part of the financial hub’s drive to harness technology, from ramping up the use of electronic payments to research on driver-less transport.
“We want to be innovative in applying technology for the benefit of our citizens and businesses,” Kwok Quek Sin, who works on digital identification at Singapore’s technology agency GovTech, told AFP.
Forbes has reported that for every person who enters America, a profile is drawn up and a determination made on their risk to United States’ national security. It’s the same for any cargo or packages. And it’s all done using a tool known as the Automated Targeting System (ATS). This decades-old technology helps border staff decide whether or not you or a shipment needs to be pulled aside for further inspection before being allowed into the country.
Run by Customs and Border Protection, it’s been controversial since the mid-2000s, when the U.S. Department of Homeland Security (DHS) pivoted its use from just targeting cargo to tracking people. Though it’s primarily engineered by lesser-known tech contractors, one of the technologies the ATS uses is Google Maps.
Through a review of government contract records and a FOIA request response, Forbes has learned that the CBP has spent at least $2 million in the last three years on the Google mapping software to support ATS, which critics say is a secretive, “terrifying,” huge surveillance system, one that draws in personal and location data from a vast number of government and commercial databases to make its risk assessments.
Whilst ATS can help investigators target individuals or packages that have been making suspicious trips to places of interest, such as Syria or Afghanistan, its use on any visitor to America makes it particularly troubling for privacy advocates. And CBP’s use of Google technology could be problematic for a tech giant whose own employees have voiced anger about its work with Trump’s immigration agencies.
“ATS is sort of this terrifying master database of vast quantities of personally identifiable information that’s being funneled in from dozens of different law enforcement and other databases,” said John Davidson, lead counsel at the Electronic Privacy Information Center (EPIC), who said the use of Google tech in ATS was potentially “alarming.”
The Verge has reported that the House Judiciary Committee has released its conclusions on whether Amazon, Facebook, Apple, and Google are violating antitrust law. Its 449-page report criticizes these companies for buying competitors, preferencing their own services, and holding outsized power over smaller businesses that use their platforms. “Our investigation revealed an alarming pattern of business practices that degrade competition and stifle innovation,” said committee member Val Demings (D-FL). “Competition must reward the best idea, not the biggest corporate account. We will take steps necessary to hold rulebreakers accountable.”
The majority’s report lays out a number of concrete policy recommendations, which, taken together, would drastically change how the tech industry operates. It urges Congress to consider passing commercial nondiscrimination rules that would make large companies offer equal terms to companies selling products and services on their platforms. It recommends barring certain dominant platforms from competing in “adjacent lines of business” where they’d have a huge advantage.
“To put it simply, companies that once were scrappy, underdog startups that challenged the status quo have become the kinds of monopolies we last saw in the era of oil barons and railroad tycoons,” the report says. “By controlling access to markets, these giants can pick winners and losers throughout our economy. They not only wield tremendous power, but they also abuse it by charging exorbitant fees, imposing oppressive contract terms, and extracting valuable data from the people and businesses that rely on them.”
Most broadly, it suggests that Congress define a new standard for antitrust violations, declaring that the laws should be “designed to protect not just consumers, but also workers, entrepreneurs, independent businesses, open markets, a fair economy, and democratic ideals.”