Security

Apple explains how your data is used for tracking everyday

And how an iPhone actively protects you

Published

on

Apple has always maintained that it values privacy the most and intends to protect its users from possible threats. This philosophy has also created an urban legend that macOS doesn’t get affected by viruses. However, it’s a testament to Apple’s long history of strict security and anti-tracking policies.

The Cupertino-based giant has released a report titled “A Day in the Life of Your Data.”  The easy-to-understand guide explains how apps collect data in the background while we’re just going about our routine. Apple highlights a few day-to-day instances when background data is actively being collected and then processed to deliver optimized ads for you.

A Day in the Life of Your Data

John and his 7-year-old daughter, Emma, are planning to go to the park. John searches up the weather, reads the news, and checks the map for traffic updates. During the ride, four apps track his location passively (this could be Google Maps, Uber, Grab, or even Fitbit) and sending the metadata to the ad targeting company. Within minutes, Emma, who’s playing a game on the iPad, comes across a scooter ad. Emma’s response is closely monitored, and based on it, the ad company can collect metrics like CTR (click-through rate) and cost per engagement.

Information tracked across various apps can be shared among data brokers, making it easier for advertisers to target you. When the duo clicks a selfie in the park, image editing apps can access the image’s metadata and understand what’s in the picture. When the picture is posted online, John’s data like geolocation, email, and phone number are now available to advertisers (via Facebook, Instagram, Twitter).

Even an Ice Cream stop becomes heaven for apps since they can now monitor transactions and credit card-related usage (banking and financial services apps). How much John has spent is critical to understanding his lifestyle, in turn, bombarding him with more relevant and price-conscious ads. Advertisers also know that Emma loves sugary treats, and more ads shall be delivered to leverage that.


While this may sound like a dystopian story right now, it’s how the digital advertising industry works. Facebook is among the first ones to tap its true potential, and so are all other companies that offer free services — Google, Yahoo, Bing, and many more.

Google’s Android operating system is open-source and far convenient for developers to tinker around with. There have been numerous cases of rogue apps that secretly collect sensitive information and misuse and it. In fact, a recent report showed that Android phones collect and send 20x more data than Apple’s iOS.

Apple says that trackers are embedded in apps you use every day, and the average app has 6 trackers. And, developers use trackers so that third parties can also access it and act like a broker between multiple channels. Acxiom is one such broker, and it has data on 700 million users worldwide. The exchange of information can go to advertising networks, advertising publishers, attribution and measurement providers, data brokers, other private companies, and even governmental organizations.

At the end of the day, John and Emma ended up updating their profiles on a plethora of companies’ databases without ever interacting with them. It’s safe to assume that we all have a profile with these companies and have already been exposed. However, we can choose to be more careful with our data and ensure that only the companies we trust have access to it.

Apple says it has taken multiple steps like data minimization, on-device processing, user transparency and control, and hardware-software integrity. The four steps ensure minimal data is offloaded from the phone and sent to third-party servers. The company has also highlighted a few ways John and Emma would’ve been safe with Apple’s safeguards:

  • If the user chooses Safari to get the weather via Safari, Intelligent Tracking Prevention will prevent tracking.
  • For news, Apple News ensures his interests are not sent to third parties.
  • Apple Maps is linked to a random identifier, so it’s regularly reset and does not divulge the users’ details.
  • Using an iPhone would automatically alert you about apps that are collecting location details in the background.
  • And lastly, using an Apple Card to pay won’t spill your transaction details to other banking or financial apps.

Most importantly, the App Tracking Transparency feature will require apps to get the user’s permission before tracking their data across apps or websites owned by other companies. Ad networks that use SKAdNetwork API will collect ad analytics without the users’ personal metadata.

Google has also added similar tools in Android to let you control the flow of data. But it’s not as sophisticated as iOS, and apps often have a free run in the background.

Security

Microsoft is going password-less

Going for more secure options

Published

on

Passwords are passé. Digital security has moved past simple passwords and into biometrics. Most smartphones now have fingerprint scanners or facial recognition software. Several online service also have two-factor authorization, requiring timed authenticators or SMS codes besides passwords. Microsoft wants to put the final nail on the password’s coffin by going password-less. According to the company, users can stop using their passwords to access their accounts.

Starting today, users can transition to other methods for their Microsoft accounts. Microsoft lists down several options for password replacements: Microsoft Authenticator, Windows Hello, physical security keys, or SMS codes.

Since the new methods rely on personal traits like fingerprints, voice, or facial recognition, digital security relies on a practically imitable level of security, one that only the user can provide, instead of something replicable like a password.

Microsoft is slowly rolling the feature out to personal users. The company had already started doing so with Enterprise users. Eventually, they hope to have password-less options for most of their modern digital services including Outlook and even the Xbox Series X/S.

If you still prefer the comforting familiarity of password-based systems, Microsoft offers a way out. The new settings will add in a new option under Microsoft Account Additional security options wherein users can turn the option off.

SEE ALSO: Microsoft launches Windows 365, a PC in a cloud

Continue Reading

News

New hack exploits sketchy Microsoft Office documents

Confirmed by Microsoft

Published

on

A lot of PC users work around a simple rule of thumb for security: Don’t open files from sources you don’t trust. For most, avoiding sketchy executable (or .exe) files can prevent a host of attacks already. However, malicious parties can already hide their software inside the most innocuous of files including photos. Now, users have to avoid sketchy Microsoft Office files too. A new attack is exploiting a Microsoft Office vulnerability to install malware through Office documents.

As confirmed by Microsoft, malicious parties can attach ActiveX controls to innocuous Microsoft Office files. Then, the file uses the victim’s Internet Explorer to opens the attacker’s bad webpage. The page can then automatically download malware onto the user’s computer.

Currently, the attack affects Windows Server 2008 users and those running Windows 8.1 through 10. Users can easily avoid the attack by opening the suspected file through Protected View. The security-centric mode prevents downloaded files from accessing the internet or any other connectivity features.

Alternatively, users can also disable ActiveX, rendering the exploit’s main tool useless. Bleeping Computer, which also reported on the exploit, shared the workaround here.

Though Microsoft has acknowledged the exploit, the developer has not officially patched out the vulnerability yet.

That said, amid all the workaround solutions, nothing beats the tried-and-tested words of wisdom: Don’t accept, download, or open sketchy files from unknown sources.

SEE ALSO: Microsoft is bringing back Clippy from the dead

Continue Reading

Apps

Cybersecurity updates for Google Chrome

Safety, speed, and security

Published

on

By

So much of our digital space’s safety relies on securing our privacy from privy eyes. This is why Google released updates for Chrome to easily navigate and control your privacy settings.

Per-site permissions

It can be disconcerting when certain websites require access to one’s microphone, location, and camera. But, with the updated site safety controls, it’s now easier to now keep track of which site has permission to specific information.

How-to

  1. Tap the lock icon on the left side to open the updated panel. There, you’ll find what permissions are granted for a particular site.
  2. From there, you will be able to easily toggle between sharing and not sharing access to important information for apps and sites.

In an upcoming release, an option will be added to delete a site from browsing history in Chrome.

Cybersafety and cybersecurity updates

Google is expanding its Site Isolation. If you haven’t kept up, this is Google’s security feature that protects people from malicious websites. It works by processing each site separately, so they can’t access data they’re not supposed to. Well with this update, Site Isolation will be covering a broader range of sites, as well as extensions.

With speed and security in mind, Google’s update has one more thing for us: phishing detection. With phishing continuing to be a leading threat on the web, Chrome has been improved with even better image processing in Chrome. Phishing detection is now 50 times faster.

Both site isolation and phishing detection updates have not only optimized safety but also, Chrome’s speed and battery use – keeping you safe and swift.

On the topic of speed,

Chrome Actions have made tasks easy and fast. From, typing “delete history” to “edit passwords,” Chrome Actions performs tasks at your beck and call. Since its introduction in November 2020, people have been using Chrome Actions millions of times. And now, there are even more tasks you can have Chrome do.

Try these out:

For example, typing in “safety check” allows security checks of passwords and scan for malicious extensions. And, typing “manage security settings” or “manage sync” enables quick access to relevant controls.

These new updates are coming to Chrome on Android, Windows, Mac, Linux, and Chrome OS in the upcoming weeks.

Continue Reading

Trending