Security

Apple explains how your data is used for tracking everyday

And how an iPhone actively protects you

Published

on

Apple has always maintained that it values privacy the most and intends to protect its users from possible threats. This philosophy has also created an urban legend that macOS doesn’t get affected by viruses. However, it’s a testament to Apple’s long history of strict security and anti-tracking policies.

The Cupertino-based giant has released a report titled “A Day in the Life of Your Data.”  The easy-to-understand guide explains how apps collect data in the background while we’re just going about our routine. Apple highlights a few day-to-day instances when background data is actively being collected and then processed to deliver optimized ads for you.

A Day in the Life of Your Data

John and his 7-year-old daughter, Emma, are planning to go to the park. John searches up the weather, reads the news, and checks the map for traffic updates. During the ride, four apps track his location passively (this could be Google Maps, Uber, Grab, or even Fitbit) and sending the metadata to the ad targeting company. Within minutes, Emma, who’s playing a game on the iPad, comes across a scooter ad. Emma’s response is closely monitored, and based on it, the ad company can collect metrics like CTR (click-through rate) and cost per engagement.

Information tracked across various apps can be shared among data brokers, making it easier for advertisers to target you. When the duo clicks a selfie in the park, image editing apps can access the image’s metadata and understand what’s in the picture. When the picture is posted online, John’s data like geolocation, email, and phone number are now available to advertisers (via Facebook, Instagram, Twitter).

Even an Ice Cream stop becomes heaven for apps since they can now monitor transactions and credit card-related usage (banking and financial services apps). How much John has spent is critical to understanding his lifestyle, in turn, bombarding him with more relevant and price-conscious ads. Advertisers also know that Emma loves sugary treats, and more ads shall be delivered to leverage that.


While this may sound like a dystopian story right now, it’s how the digital advertising industry works. Facebook is among the first ones to tap its true potential, and so are all other companies that offer free services — Google, Yahoo, Bing, and many more.

Google’s Android operating system is open-source and far convenient for developers to tinker around with. There have been numerous cases of rogue apps that secretly collect sensitive information and misuse and it. In fact, a recent report showed that Android phones collect and send 20x more data than Apple’s iOS.

Apple says that trackers are embedded in apps you use every day, and the average app has 6 trackers. And, developers use trackers so that third parties can also access it and act like a broker between multiple channels. Acxiom is one such broker, and it has data on 700 million users worldwide. The exchange of information can go to advertising networks, advertising publishers, attribution and measurement providers, data brokers, other private companies, and even governmental organizations.

At the end of the day, John and Emma ended up updating their profiles on a plethora of companies’ databases without ever interacting with them. It’s safe to assume that we all have a profile with these companies and have already been exposed. However, we can choose to be more careful with our data and ensure that only the companies we trust have access to it.

Apple says it has taken multiple steps like data minimization, on-device processing, user transparency and control, and hardware-software integrity. The four steps ensure minimal data is offloaded from the phone and sent to third-party servers. The company has also highlighted a few ways John and Emma would’ve been safe with Apple’s safeguards:

  • If the user chooses Safari to get the weather via Safari, Intelligent Tracking Prevention will prevent tracking.
  • For news, Apple News ensures his interests are not sent to third parties.
  • Apple Maps is linked to a random identifier, so it’s regularly reset and does not divulge the users’ details.
  • Using an iPhone would automatically alert you about apps that are collecting location details in the background.
  • And lastly, using an Apple Card to pay won’t spill your transaction details to other banking or financial apps.

Most importantly, the App Tracking Transparency feature will require apps to get the user’s permission before tracking their data across apps or websites owned by other companies. Ad networks that use SKAdNetwork API will collect ad analytics without the users’ personal metadata.

Google has also added similar tools in Android to let you control the flow of data. But it’s not as sophisticated as iOS, and apps often have a free run in the background.

News

Chrome is getting Enhanced Safe Browsing features to protect you online

Includes file download warnings and more

Published

on

Google has announced it’s working on bringing “Enhanced Safe Browsing” features to Chrome. The browser will be able to protect you from downloading malicious files or extensions, extending a helping hand to your systems’ in-built security protocols.

Starting with Chrome 91, it’ll offer additional protection when users install a new extension from the Chrome Web Store. A prompt will inform users if an extension they are about to install is not a part of the list of extensions trusted by Enhanced Safe Browsing.

If a download is deemed risky but not certainly unsafe, Enhanced Safe Browsing users will issue a warning. It’ll also give you an option to send the file to Google for further analysis and detection.

Google shared some more tips:

1. Turn on Enhanced Safe Browsing protection in Chrome. Enhanced Safe Browsing users are successfully phished 35% less than other users. We recently announced additional protections for Enhanced Safe Browsing users, like warnings before you install untrustworthy Chrome extensions and more thorough scanning to protect you from potential Malware.
2. Enroll in two-step verification (2SV). This is another way for your account to confirm it is really you logging in. Using your mobile device to sign in gives you a safer and more secure authentication experience than passwords alone.
3. Enroll in Google’s Advanced Protection Program (APP). APP safeguards users with high visibility and sensitive information, who are at risk of targeted online attacks. New protections are automatically added to defend against today’s wide range of threats.
4. Take the Google Security Checkup. This gives you personalized and actionable security recommendations that help you strengthen the security of your Google Account, and it only takes two minutes to complete.

Safer, more secure

It involves users sharing real-time data to Google Safe Browsing so that Chrome can provide proactive security. The browser currently cross-checks the address you’re visiting against its database of known threats. But the database is updated every 30 minutes, and many scammers have managed to bypass the firewall. You’ll still be able to ignore the warning and open the file, but it’ll be at your own risk.

Additional measures are active if you’re signed in to Chrome with Gmail, Drive, and other Google services working with Chrome to provide a “holistic view of threats” on the web and attacks against your Google Account. The existing ‘Safe Browsing’ tool can warn you if passwords are exposed in a data breach. Firefox, too offers a similar service called Firefox Monitor.

Windows and macOS have come a long way in the last decade, and with work increasingly depending on the cloud, remote access via the browser is consistently rising against native apps. Securing Chrome also helps tackle security issues on Chrome OS itself.

Continue Reading

Security

Google explains how your data is collected and protected

Find out what data is collected, how it is used, and how we can stay in control

Published

on

Having a connected life makes it permeable for tech giants such as Google, Apple, Facebook, and Microsoft to know more about us. The issue of privacy has become one of the major concerns today.

Just like gold, data has been officially the essential currency that companies mine. At the cost of our personal information, technology progresses. But then, we’re left to fend for ourselves. So how do we know our data are safe and protected?

Google’s Product Manager for Privacy and Data Protection, Greg Fair, stated that in 2020, the searches for ‘online privacy’ grew by more than 50 percent. At the same time, 81 percent of consumers are now concerned about their data.

This is why Google launched a privacy comic book as part of its commitment to educate the public about how the company protects people’s data. But more than that, I recently learned Google’s responsible data practices and their advanced security technology through a roundtable with fellow journalists from the Asia-Pacific region.

So, let’s talk about Google’s transparency on what data is collected, how it is used, and how we can stay in control.

Location information

Ever wonder how you can navigate your short-distance travels easily by knowing which roads to skip due to traffic congestion? That’s all because Google Maps collect anonymous data to generate information that helps other users understand what’s going on around them.

This set of anonymized user data are personalized and helps improve products. For instance, some places get relevant information whenever a user provides personalized details about a certain restaurant.

While it’s great to be able to contribute to any improvement of a product, Google reminds people that they’re still in control. You can still turn off your location history, or have it automatically deleted after three or 18 months.

Google Assistant

Google Assistant, while looking like someone who spies on you, actually doesn’t save data even in standby mode. It only turns on when you command it with “Hey Google” or “OK Google”.

You can even ask it with “What data does Google collect?” or ask it to do something to protect your privacy such as “Delete what I just said” or “That wasn’t for you” — which results in having your most recent activity deleted. For further protection, you can view or delete data collected through My Activity.

How about ads?

Meanwhile, Google Search shows personalized ads that are only related to your Search query. Google doesn’t use private data such as email content, photos, document, or even sensitive information.

More importantly, ads are marked with labels like “ad” or “sponsored”, and only show up when there are useful ads related to the query.

A lot of us ask about seeing ads from our previous searches or topics we had in our conversations with friends — online and offline. So, is Google spying? Not really. According to Google, they’re not the only platform that utilizes data. Ads shown to you could’ve been the doing of other platforms that collects data. Plus, your cookies are partly to blame.

So, is our data safe and secure?

It’s safe to say that Google has an advanced security technology that protects users’ data, which automatically blocks a wide range of security threats such as government-backed attacks that could possibly be an attempt to obtain personal information.

Still, users have to take their part regarding responsible data practice. We can’t rely on the companies to do all the protection, we have to be cautious and secure our data as well, especially stuff that’s in our control.

Download the comic book here.

Continue Reading

News

US fuel pipeline shuts down due to a ransomware attack

But hackers didn’t mean to “create problems”

Published

on

ransomware

A major pipeline system that transports fuel across the US East Coast was a victim of a ransomware attack, and all operations were halted. The cyberattack hit Colonial Pipeline, which carries gasoline, diesel, and jet fuel from Texas to New York, accounting for 45 percent of all fuel consumption on the east coast.

The attack is said to be planned by DarkSide, an organized group of hackers set up along the “ransomware as a service” business model. Under the heading, “About the latest news,” DarkSide claimed it’s not political and only wants to make money without causing problems for society.

President Joe Biden was briefed Saturday morning, and the federal government is working with the company to assess the implications of the attack, restore operations and avoid disruptions to the supply.

Cyberattacks on the US have been consistently rising, including last year’s attack at the software company SolarWinds that hit several U.S. government agencies, including the Pentagon.

DarkSide began attacking medium and large-sized companies, mostly in Western Europe, Canada, and the United States last year, reportedly asking for anywhere from a few hundred thousand dollars to a few million dollars, to be paid in Bitcoin.

In the case of Colonial Pipeline, the criminals have stolen almost 100GB of data hostage, threatening to leak it onto the internet. They operate a website where all stolen files are dumped publicly if the ransom isn’t delivered. DarkSide also maintains that it will donate a portion of its profits to charities.

Law enforcement officials say some of these criminals have worked with Russia’s security services, although no evidence has been presented so far.

Continue Reading

Trending