Security

Apple explains how your data is used for tracking everyday

And how an iPhone actively protects you

Published

on

Apple has always maintained that it values privacy the most and intends to protect its users from possible threats. This philosophy has also created an urban legend that macOS doesn’t get affected by viruses. However, it’s a testament to Apple’s long history of strict security and anti-tracking policies.

The Cupertino-based giant has released a report titled “A Day in the Life of Your Data.”  The easy-to-understand guide explains how apps collect data in the background while we’re just going about our routine. Apple highlights a few day-to-day instances when background data is actively being collected and then processed to deliver optimized ads for you.

A Day in the Life of Your Data

John and his 7-year-old daughter, Emma, are planning to go to the park. John searches up the weather, reads the news, and checks the map for traffic updates. During the ride, four apps track his location passively (this could be Google Maps, Uber, Grab, or even Fitbit) and sending the metadata to the ad targeting company. Within minutes, Emma, who’s playing a game on the iPad, comes across a scooter ad. Emma’s response is closely monitored, and based on it, the ad company can collect metrics like CTR (click-through rate) and cost per engagement.

Information tracked across various apps can be shared among data brokers, making it easier for advertisers to target you. When the duo clicks a selfie in the park, image editing apps can access the image’s metadata and understand what’s in the picture. When the picture is posted online, John’s data like geolocation, email, and phone number are now available to advertisers (via Facebook, Instagram, Twitter).

Even an Ice Cream stop becomes heaven for apps since they can now monitor transactions and credit card-related usage (banking and financial services apps). How much John has spent is critical to understanding his lifestyle, in turn, bombarding him with more relevant and price-conscious ads. Advertisers also know that Emma loves sugary treats, and more ads shall be delivered to leverage that.


While this may sound like a dystopian story right now, it’s how the digital advertising industry works. Facebook is among the first ones to tap its true potential, and so are all other companies that offer free services — Google, Yahoo, Bing, and many more.

Google’s Android operating system is open-source and far convenient for developers to tinker around with. There have been numerous cases of rogue apps that secretly collect sensitive information and misuse and it. In fact, a recent report showed that Android phones collect and send 20x more data than Apple’s iOS.

Apple says that trackers are embedded in apps you use every day, and the average app has 6 trackers. And, developers use trackers so that third parties can also access it and act like a broker between multiple channels. Acxiom is one such broker, and it has data on 700 million users worldwide. The exchange of information can go to advertising networks, advertising publishers, attribution and measurement providers, data brokers, other private companies, and even governmental organizations.

At the end of the day, John and Emma ended up updating their profiles on a plethora of companies’ databases without ever interacting with them. It’s safe to assume that we all have a profile with these companies and have already been exposed. However, we can choose to be more careful with our data and ensure that only the companies we trust have access to it.

Apple says it has taken multiple steps like data minimization, on-device processing, user transparency and control, and hardware-software integrity. The four steps ensure minimal data is offloaded from the phone and sent to third-party servers. The company has also highlighted a few ways John and Emma would’ve been safe with Apple’s safeguards:

  • If the user chooses Safari to get the weather via Safari, Intelligent Tracking Prevention will prevent tracking.
  • For news, Apple News ensures his interests are not sent to third parties.
  • Apple Maps is linked to a random identifier, so it’s regularly reset and does not divulge the users’ details.
  • Using an iPhone would automatically alert you about apps that are collecting location details in the background.
  • And lastly, using an Apple Card to pay won’t spill your transaction details to other banking or financial apps.

Most importantly, the App Tracking Transparency feature will require apps to get the user’s permission before tracking their data across apps or websites owned by other companies. Ad networks that use SKAdNetwork API will collect ad analytics without the users’ personal metadata.

Google has also added similar tools in Android to let you control the flow of data. But it’s not as sophisticated as iOS, and apps often have a free run in the background.

News

Google will alert you if your info pops up in a search

Feature launching next year

Published

on

Have you ever tried Googling yourself? A lot of times, the results can be surprising. While most results are of your own social media, some can take unexpected turns (such as learning that your name is used in a brand of wine, but that’s a personal matter). Naturally, the weirdest ones are those in places where your information shouldn’t be in. Starting next year, Google will alert users whenever their information pops up in search results.

In an upcoming opt-in feature, Google will start analyzing search results to see which ones contain a user’s private information including addresses and phone numbers. After a notification, users can ask Google to take these results down from the engine. While the sites themselves will still exist, they won’t show up on a Google search anymore.

Take note that the feature is opt-in. Users will need to enable the feature for Google to send out alerts. However, if you already need to take down some results, the option has always existed, albeit manually. For example, if you find an unsavory site advertising your private information, you can readily ask Google to take it down without the upcoming feature.

It’s highly likely that most users won’t find a lot of use for the feature. However, if you find yourself with a modicum of fame, the feature can easily handle those that might use your information for ill purposes.

SEE ALSO: Google is potentially banning Tinder from Play Store

Continue Reading

News

DuckDuckGo has a new way to protect your emails

Enjoy more private emails

Published

on

The days of zillionaire Nigerian princes are long gone. Instead of blatant scams, malicious (or even non-malicious) emailers have grown savvier, sneakily peppering emails with unseen trackers. If you’re keen to prevent emails from scraping information from you, DuckDuckGo has a new tool to keep your private communiques safe.

Now rolling out in open beta, DuckDuckGo’s Email Protection scrubs trackers from emails and forwards the clean version to a private address set up through the tool. Besides cleaning emails, the tool is also capable of telling users which trackers were detected. According to the company, about 85 percent of trackers were discovered in previous beta tests.

Through clean emails, the tool’s Link Tracking Protection removes trackers from links attached to an email. Additionally, Smarter Encryption replaces the same attached links to HTTPS, adding another layer of security.

Users can easily set up an unlimited number of @duck.com email addresses. They can then reply to any email using any of the created addresses, rather than their personal accounts. Besides unlimited access, users can also easily delete their addresses.

To make use of the new tool, DuckDuckGo users need to install the Privacy Essential extensions on desktop. It is also available through the service’s mobile browser on Android and iOS.

SEE ALSO: Why should you use a VPN?

Continue Reading

Security

Twitter whistleblower reveals security issues on site

Allegedly lying about numbers and international influence

Published

on

Twitter

Compared to rivaling social media networks, Twitter has — or had — successfully navigated away from controversy, leaving everyone else in a mire of privacy issues. However, the platform might have finally run out of luck. This week, an ex-executive has turned into a whistleblower to reveal a litany of issues surrounding the platform.

The story so far

Back in 2020, Twitter suffered one of its biggest attacks in its storied history. The list of victims included major names in American politics, industry, and entertainment like Barack Obama, Joe Biden, Apple, and Kanye West. All of the hacks invited users to deposit money into a Bitcoin wallet for the promise of doubled returns. Though innocuous, the attack represented a critical failure in Twitter’s infrastructure.

To address what happened, Jack Dorsey’s Twitter hired Peiter “Mudge” Zatko, a white-hat hacker, as its new head of security. While he quickly ascended through the company’s ranks, Zatko didn’t stay long in the position. He was fired back in January this year. Of note, Dorsey already left Twitter at this point, leaving the company to now-CEO Parag Agrawal.

Fast forward to a few months later, billionaire Elon Musk made a bold claim that he was going to purchase and privatize Twitter. The deal, sparkling with promise, is currently stuck in limbo, owing to both parties’ issues with the other. Musk, for one, claimed that the company lied about how many bots were on the platform, among other security-focused issues. Now, his concerns do have some precedence: Musk was one of the big names affected during the 2020 hack.

Connecting the dots

What does a Bitcoin scam, a fired executive, and Elon Musk have in common? It sounds like the start of a bad joke, but they’re all connected.

For one, the eventual whistleblower is Zatko. According to the extensive report, obtained by CNN and The Washington Post, the ex-chief discovered a list of security issues during his tenure. However, Agrawal reportedly forced Zatko to stay silent and not provide a full account to the company’s board of directors. Zatko believes that his firing stems from this issue.

Months after his firing, Zatko decided to act as a whistleblower, fulfilling the responsibility initially entrusted to him by Jack Dorsey.

A litany of issues

Most of Zatko’s issues revolve around how lax the company is with security and information. According to the whistleblower, all of the company’s engineers have access to the website’s source code. Further, anyone can easily make changes to the code without logging in what changed. Even worse, an astounding 4 out of 10 devices with this access have poor security standards. If an engineer (or someone close to them) wanted to, they can easily change the website to favor more of their views over others.

Additionally, Twitter allegedly fails to delete a user’s data if they chose to shut their Twitter account down. By regulation, the platform is required to delete all data and not keep a cache for themselves.

Thirdly, Zatko says that the platform does not accurately measure exactly how many bots are on the site. Twitter claims that less than 5 percent of users are verifiably bots. Though Zatko doesn’t estimate how many there actually are, one can easily argue that there are more. In fact, Musk himself argues that there are more. The lack of transparency as to the exact number is actually one reason why the sale hasn’t pushed through yet.

Finally, and arguably most critically, Zatko says that the platform is easily swayable by foreign actors. It’s no secret that some countries are forcing platforms to open up local offices in their home turf. The United States, for example, is pushing TikTok to open an American office to prevent data transfer from the country to China.

While national security presents a good side to opening a local office, others can also use the tactic to further national goals. For example, the report alleges that Agrawal asked Zatko to hire a Russian agent to comply with censorship demands during the early stages of the conflict with Ukraine. Another instance alleges that Twitter hired an agent from the Indian government who had access to a vast amount of user data.

What happens now

Currently, the Securities and Exchange Commission, which received Zatko’s complaint, is investigating the extent of the whistleblower’s claims. If found guilty, Twitter is liable for billions of dollars’ worth in fines.

Twitter is denying the allegations, claiming that the platform maintains the best modicum of security for its users. “While we haven’t had access to the specific allegations being referenced, what we’ve seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context,” a spokesperson said to CNN.

On the other hand, the whistleblower has likely piqued Elon Musk’s claim to Twitter. With security concerns part of his original argument, the billionaire might be interested to see what the SEC finds.

Continue Reading

Trending