All posts tagged “Privacy”

Samsung’s SmartTV privacy policy sounds like an Orwellian nightmare

It’s been nearly 70 years since George Orwell’s dystopian novel 1984 was published, but some of its premonitions are starting to sound straight out of 2015. Take this passage in Samsung’s privacy policy for its data-collecting SmartTV services:

Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.

In other words, don’t say anything around your TV that you wouldn’t want recorded and sent off to a…

Continue reading…

The Verge – All Posts

FTC finalizes privacy settlement with Snapchat over ‘deceived’ users

Few expected any obstacles, but the Federal Trade Commission has approved a final order settling its charges against Snapchat that will see the popular ephemeral messaging startup held to stricter privacy policies over the next 20 years. The original complaint, revealed in May, accused Snapchat of deceiving its millions of users “with promises about the disappearing nature of messages sent through the service.”

The FTC was displeased after it was discovered that sent snaps and content included in them could be recovered in certain circumstances or with third-party tools. That ran counter to Snapchat’s underlying, fleeting concept: most consumers think everything they send off to friends will vanish once the preset counter runs down. The…

Continue reading…

The Verge – All Posts

Privacy

This privacy policy discloses the privacy practices for UX Booth (http://uxbooth.com). This privacy policy applies solely to information collected by this web site. It will notify you of the following:

What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared.
What choices are available to you regarding the use of your data.
The security procedures in place to protect the misuse of your information.
How you can correct any inaccuracies in the information.
Information Collection, Use, and Sharing
We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

• See what data we have about you, if any.

• Change/correct any data we have about you.

• Have us delete any data we have about you.

• Express any concern you have about our use of your data.

Security
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

Updates

Our Privacy Policy may change from time to time and all updates will be posted on this page.


The UX Booth

Apple’s privacy statement is a direct shot at Google and I love it

Privacy statements are usually pretty dry, boring stuff. There’s a lot of vague assurances and a lot of talk about valuing your privacy, which gets boring fast. It’s rare that I’m able to read one all the way through on the first try, and I do this for a living.

Apple’s new privacy statement is different. It comes direct from Tim Cook, and it’s got some spark to it, some personality. Even better, it takes specific shots at specific programs — and if you look closely, most of those turn out to be shots at Google.

Continue reading…

The Verge – All Posts

4 Extreme Ways People Protect Their Privacy

Edward Snowden may be old news as his leaks on the US National Security Agency (NSA) have just passed their one year mark. However, international relations have soured since then and changing the public’s damaged perception would be an uphill challenge.

The impact of the NSA leaks also affects us, the average citizen of today. We are more sensitive about our social media accounts’ privacy settings, as evident from our reactions when Facebook experimented on manipulating our timeline feeds. With this heightened sense that someone is always watching us, tech trends and our Internet habits have changed as well.

1. The rise of the anonymous and ephemeral apps. More people have started using Whisper, Secret and Snapchat especially teenagers. Younger people in general have a greater awareness in online privacy which lead them to change their Internet usage habits. Of course, there’s a slew of other reasons as to why they change their online behaviour and this is just one of them.

2. Major tech companies have beefed up their security. This came about when the Snowden revealed that Microsoft, Facebook, Google, Yahoo and Apple provided their users data to the NSA through the agency’s PRISM program. Tech companies initially denied this until the evidence showed that they did unwillingly in accordance to the law, to their horror. To date, Google and Yahoo have enabled encryption for email. Facebook encode the site and all its data in SSL whereas Microsoft took the legalistic route by demanding for a reform in the law.

3. People are more aware of anonymous browsing sites like DuckDuckGo and Tor. After the NSA and its PRISM program broke on Jun 6, 2013, DuckDuckGo saw an increase of traffic and search queries of 3 million a day. Tor’s usage undoubtedly increased too but the NSA knows when you are on the browser. Its security is top notch though as the NSA has repeatedly tried and failed to breach the browser.

4. The emergence of a new tech privacy market. This saw the creation of the Blackphone which was much touted as an NSA-proof phone. Besides the Blackphone, Boeing came up with a self-destruct phone and free Internet provider FreedomPop invented what it dubs as the Snowden Phone that has a feature to wipe out the phone’s contents.

The above are however relatively tamer measures compared to the extreme ones below:

1. Hiring a Digital bodyguard

Glenn Greenwald is among the first few journalist that Snowden leaked the documents to. His reports on the NSA leaks that were published in The Guardian have put him almost on the same pedestal as Snowden. It has also unwittingly, put Greenwald at high risk of the NSA (or other foreign spies) intercepting the top secret information that he still receives from Snowden.

glenngreenwald
(Image source: Mashable)

Enter Micah Lee, digital bodyguard and tech security extrodinaire. Lee was hired to join The Intercept, the media outlet Greenwald set up with fellow journalists, Jeremy Scahill and Laura Poitras, to help secure the journalists’ computers. To do that, Lee had to replace the operating system to Linux, install firewall, disk encryption and other various software.

micahlee
(Image source: Mashable)

So good was Lee at his job that he ended up helping other journalists from other media outlets to secure their computers and brief them on computer security. No journalist is safe as there have been reports of the US Department of Justice demanding some to reveal their sources in the past as well as obtaining phone records from news wire Associated Press.

Although hiring a digital bodyguard for reporters is not widely practiced at other news outlets, it may soon be, as long as the NSA continues to poke around. So far, the only other media company that adopted The Intercept’s security modal is The Washington Post, which hired privacy and security researcher Ashkan Soltani to work alongside the other reporter working on the NSA leaks, Barton Gellman.

2. Going low tech

Among the countries that were spied on by the NSA, Germany felt the most insulted. Not only were their leaders spied on like chancellor Angela Merkel whose mobile phone was tapped for years, an agent in their intelligence services was found selling confidential documents to the US. The agent has since been arrested. This also led to the expulsion of another top CIA officer residing in Germany.

typewriter
(Image source: Mashable)

International relations with the US, needless to say, worsened at this point. It got so bad that it brought about an increase in encryption services as well as a decline in technology use. Politicians eventually came up with the idea to invest in and communicate internally with typewriters. There are also talks to play classical music during parliament sessions to deter anyone from listening in.

Despite this extreme switch to low tech, Germany isn’t the first country to do so. Soviet state Russia quickly invested in some 20 units of typewriters following Snowden’s expose last year in a bid to avoid internal communications from being leaked. Each typewriter is said to have a unique signature in order for documents typed on it to be easily traced back to.

3. Using make-up

One of the revelations that was released over time was that the NSA collects images for facial recognition. The Atlantic associate editor Robinson Meyer was concerned about this fact and wondered if there’s a way to thwart the cameras that are probably tracking him down. Meyer eventually decided to apply an interesting make-up called CV Dazzle and wrote about his experience.

cvdazzle
(Image source: Adam Harvey)

CV Dazzle was invented by then New York University student Adam Harvey for his Interactive Telecommunications Program in 2010. Inspired by WWI naval camouflage called Dazzle, the make-up includes obscuring tonal areas of the face such as the cheeks with paint and draping hair across the nose bridge. At the time of creation, Harvey merely wanted to get around Facebook’s newest feature which uses facial recognition algorithm for auto-tagging photos.

styling
(Image source: The New York Times)

Wearing CV Dazzle while going about his everyday life, undoubtedly made Meyer stand out. He did however note that when he tested the make-up with his iPhone’s camera algorithm, it couldn’t register his face. How effective CV Dazzle has against facial recognition technology in the long run however remains to be seen.

4. Modifying clothes

Building on the work he has done with CV Dazzle, Adam Harvey went on to develop a range of clothing dubbed as Stealth Wear. The artist and privacy advocate collaborated with fashion designer Johanna Bloomfield to create the clothing whilst he was experimenting on metalized fabric. Stealth Wear is meant to hide the wearer from thermal imaging cameras and drones.

stealthwear
(Image source: Adam Harvey)

Harvey is not the only one to get into anti-surveillance clothes judging by the emerging popularity of wearable tech. Montreal fashion designer Ying Gao had came up with dresses in 2013 that will deconstruct when exposed to a camera’s flash. This year, Austrian architecture firm Coop-Himmelblau came up with the Jammer Coat which shields wireless signals from the wearer’s phone, rendering the person invisible to tracking software or search engines.





hongkiat.com

Netflix is testing a ‘privacy mode’ for watching guilty pleasures

The feature colloquially referred to as “porn mode” on web browsers is headed to Netflix soon. The company just began testing a new feature on its streaming service called “privacy mode,” that won’t keep track of what you’ve watched or use it to come up with new recommendations. That means with the feature enabled, you could watch Dana Carvey’s The Master of Disguise (which holds a 1 percent on Rotten Tomatoes) without fear of having future recommendations skewed, or loved ones seeing what you’ve done.

The feature is being tested in some markets and only to some users, GigaOm reports. If made a permanent fixture, it would join the multiple user profile feature, which Netflix introduced nearly a year ago, and lets several people share…

Continue reading…

The Verge – All Posts

10 Free Crypto Apps To Help Protect Your Online Privacy

Many of us have uploaded our lives onto the Internet, to the point that we cannot imagine living without it. We use online services that we entrust to keep our data secure and private. Unfortunately, many of us don’t realize that it’s not truly secure as they are subject to many third parties that can view its content, from the company providing the service to the government itself.

Most of the time, we might not mind this but sometimes, it’s better to be safe than sorry. From sensitive personal data to work related materials, we all have information that we wish to keep private. When we use the word crypto, we mean that these apps will help you make most of your online activity more secure and private, shielding it from being spied upon. With that said, here are 10 free apps that will help you protect your online privacy.

1. Tails OS (Operating System)

Tails (The Amnesic Incognito Live System) is built upon the idea of privacy and anonymity for the user. Everything that could be done and every tool that could help has been added to the OS. For one, it is a live OS, meant to be run on a CD or a USB drive, leaving absolutely no trace of your activity on the computer’s drive.

Second is that every single connection through the internet must be relayed through the Tor network, meaning that your online activity will be anonymized. Every app in the OS has been configured with privacy and secrecy in mind. For example, both the e-mail and messaging client includes encryption tools. [Get it here]

Tails

2. Replicant (Operating System)

Replicant is a mobile OS based on Android that aims to replace every single bit of proprietary software on the phone with free (as in speech) software. The reasoning behind this is that those proprietary components could have a backdoor access in them to your phone and data. With free software, the source will be open and can be subjected to scrutiny.

Currently, Replicant is able to run mostly on Samsung devices, mainly the Galaxy S series and all of the software included is free software, meaning no Google Apps such as Gmail, Maps, Play Store, etc. It comes with its own app store, F-Droid, that is filled only with free, open source software. [Get it here]

Replicant

3. Tor Browser (Web Browser)

We have briefly covered the Tor Project on this site before and how it works. As a brief recap, Tor works by bouncing your online activity through several relay proxies that are part of the Tor network. Doing so will help obscure the point of origin and the requested content made from your machine.

The Tor Browser is a modified version of Firefox that is provided by the Tor Project, which gives the user an easy way to access the Tor network. In addition to Tor, the browser includes other tools to help with the anonymizing process, including NoScript (to prevent any sort of script from running) and HTTPS-Everywhere, which enables HTTPS on websites by default. [Get it here]

Tor Browser

4. OwnCloud (Online Storage)

When you are using an online storage provider such as Dropbox or Google Drive, you are trusting them with your data and its security. There have been several instances where the security of the data held by these companies have been compromised. The best solution is to create your own cloud.

OwnCloud allows you to build your own, personal cloud, where you control everything about it, from the disk size to the hardware. There is no third party involved in handling your data, meaning that the chances of someone peeking into your data is lower. The only one responsible and in charge of the privacy and security of your data is you. [Get it here]

OwnCloud

5. Boxcryptor (Online Storage)

Even with the risks, there are still reasons to use a third party online storage provider. It’s easy, cheap and convenient. In this case, there are ways to protect your online data from being pried upon. The best way is to encrypt the data stored on your online drive, so that no one will be able to view the contents.

Enter Boxcryptor, an app that will easily allow you to encrypt the files that live on your online storage drives. Boxcryptor will work on the major online storage providers and uses AES-256 and RSA encryption algorithms. The keys to decrypt your data are yours alone so even the company that created Boxcryptor cannot decrypt your data. [Get it here]

Boxcryptor

6. ProtonMail (Email)

The majority of us rely on email in our day-to-day lives. Most people would prefer it that our emails are kept private, as some of them may contain sensitive information related to work or our private lives. While most of the major email providers have some sort of privacy tools to protect your email, most of them have the ability to read your email, if they wanted.

ProtonMail is a service currently in beta and you have to request for an invite to create an account but it promises to offer an easy way to keep your email safe and secure from any type of snooping. ProtonMail offers end-to-end encryption and no one but the person who holds the key to decrypt them can gain access, not even ProtonMail themselves. ProtonMail is cross platform and you can still send encrypted and unencrypted email to other services. [Get it here]

ProtonMail

7. Cryptocat (Messaging)

Everyone loves to communicate with a good messaging app. Did you know that WhatsApp alone processes more that 20 billion messages a day? And what if we told you that that those 20 billion messages are not completely secure? While many of those sent are not important enough to qualify for any protection, some people may need a messaging app that provides security and privacy.

Crytocat is a popular messaging app that will encrypt your messages before it leaves for the intended recipient. It is easy to use and set up, living as an extension in your browser or as an app. The service uses Off-The-Record Messaging, a protocol that is designed to encrypt instant messaging conversations, meaning only you and the recipient will have access to the messages. [Get it here]

CryptoCat

 

8. Pidgin (Messaging)

Pidgin is a versatile, multi-platform instant messaging client, letting you chat with many of the online chat services that you may already be using, such as Facebook, so you can have all of your chat sessions under one app. The app is free and open source, so the source code can be viewed and studied.

The main reason that the app is on the list is its ability to add Off-The-Record Messaging on top of the those protocols. For example, with Pidgin, you and your friends are able to have a encrypted conversation over Facebook, meaning no one but you and the intended recipient will have access to the messages, not even Facebook. [Get it here]

Pidgin

9. Linphone (Telephony)

If you want an internet phone app that is both secure and encrypted, with immunity from wiretapping, Linphone provides both a service and app that can help you with that. Linphone is another free and open source app that lets you place calls using a standard known as Session Initiation Protocol (SIP), which is an open protocol, unlike Skype, which is closed.

In addition to the app, Linphone has a service where you can create your own SIP account with them to get you started using the app. The great thing about a SIP account is that you are not tied in to the app, and can be used by other telephony apps that support SIP. [Get it here]

Linphone

10. OnionShare (File Sharing)

A new, command line based app written in Python and created by Micah Lee, who works for Glenn Greenwald’s The Intercept news site. If the name Glenn Greenwald doesn’t ring a bell, he is the reporter who broke the news about the NSA leaks. The app has a single purpose, which is to allow you to share your files through the internet anonymously through Tor.

It does this by using the Tor hidden services. When you share a file, the app will create an unguessable .onion URL, which can only be accessed by using a Tor Browser, ensuring anonymity for the parties involved. To share the file, you will have to pass on the .onion URL to the intended recipient. [Get it here]





hongkiat.com

Google must face Street View privacy suit after Supreme Court declines challenge

Google will have to contend with a class-action lawsuit alleging that its Street View cars illegally snooped on private Wi-Fi networks after the US Supreme Court declined this morning to hear a challenge to dismiss the complaint. Google said in 2010 that its Street View cars had accidentally been collecting content sent over unencrypted Wi-Fi networks, explaining that it had stopped the practice as soon as it realized this was happening. Nonetheless, various lawsuits and investigations have popped up in the time since, with Google settling a major interstate investigation a little over a year ago.

Beyond that, Google has been caught up in a class-action suit over whether its actions violated the Wiretap Act. Google argued that Wi-Fi…

Continue reading…

The Verge – All Posts

Lessons in Innovation from Raspberry Pi’s Jack Lang: The serial entrepreneur speaks about open-source, data privacy and the power of technological transformations at Paris’ Connected Conference

Lessons in Innovation from Raspberry Pi's Jack Lang


At this year’s Connected Conference—a Parisian event dedicated to connected hardware and the internet of things—we had the chance to hear Jack Lang, the co-founder of Raspberry Pi, speak….

Continue Reading…


Cool Hunting

8 Best Cloud Storage Providers for Corporate Data Privacy

Editor’s note: This is a contributed post by Daren Low, an expert in cloud storage services who has done all the research to find the best providers available. He posts online storage reviews on his site, FindMyCloudStorage.com to help consumers and corporate users make the best choice for their needs.

Most organizations now store records digitally using the Cloud to handle the large amount of data generated. But is that data safe if it resides on the cloud? Have you ever wondered how easy it is for a hacker to access files stored in the Cloud?

In this age of digital information overload, it’s important that businesses take the necessary steps to keep customer records private and secure. It’s not only important – it’s often a point of law. It is critical that corporations select an online storage company that complies with the need for privacy, safety and security.

Cloud storage providers take a variety of stringent measures to ensure that transmitted data is safe and their servers are secure. However, some are better than others at providing ultimate privacy and security. The following cloud storage providers are top picks for any organization concerned about data security.

Note: Pricing Plans are on enquiry basis, unless stated otherwise. The figures are correct at the time of publication.

1. SpiderOak

SpiderOak is one of the safest and most secure cloud storage provider, due to their "zero-knowledge" privacy practices. SpiderOak does not store their users’ passwords and encryption keys. Their "de-duplicated central storage repository" represents uber secure cloud storage.

For developers, SpiderOak’s proprietary Crypton provides a way to build horizontally scalable and truly private apps. The company’s Nimbus.io is aimed at server-level storage and backup; it provides long-term cloud storage combined with an open backend. They’ve also founded the Zero Knowledge Privacy organization with the goal of promoting online privacy rights globally. [Pricing Plans]

2. BackBlaze

BackBlaze uses a data center described as a "Mission Critical Facility" which employs biometric security measures for staff access. Their partners include 25 independent telecom providers to ensure secure transmittal of data to their data center. Upon arrival, the data is compressed and encrypted with AES military grade encryption. From there, data is moved to the cloud server using a secure SSL connection.

Customers have the option of setting a personal, private encryption key as well. Further, BackBlaze developed proprietary software for its cloud environment that "de-duplicates and chops data into blocks; encrypts and transfer it for backup; reassembles, decrypts, re-duplicates, and packages the data for recovery; and monitors and manages the entire cloud system." [Pricing Plans]

3. Carbonite

Carbonite‘s online storage plans are certified HIPAA (Health Insurance Portability and Accountability Act) compatible. Their data centers are secured by guards working 24/7/365 and human access to the facility secured via the use of biometric scanners at entry points.

Data safety is ensured through 128-bit Blowfish encryption standards. Further security is provided at the customer level via personal encryption keys. Data transmission uses standard Secure Socket Layer (SSL) technology. [Pricing Plans]

4. Hightail

Hightail (formerly YouSendIt) allows customers to share folders with the ability to limit access to specific files. Account holders can also add an expiration date to file access and are able to use identity verification protocols, password protection and file tracking reports.

Data is sent with 128-bit SSL encryption and stored using 256-bit AES encryption. Hightail’s cloud storage is certified SAS 70 Type II, SSAE, SOC 2 Type 2, TRUSTe, PCI, HIPAA and GLBA compliant. [Pricing Plans]

5. LiveDrive

LiveDrive customers have an SSL option at login to ensure all activity between their computing devices and cloud storage uses a secure connection. Data is encrypted using AES 256 encryption and stored on more than one server so that a security breach on one server will not provide total access.

Data transfers between devices and the Livedrive cloud are also encrypted. Customers have the option to set up their own FTP accounts, however this could leave data vulnerable during transfer since FTP doesn’t inherently employ security or encryption protocols. [Pricing Plans]

6. SuperSync

As with many other cloud storage providers, SugarSync allows account holders to limit others’ access to specific files when sharing data. Their admin dashboard provides access control and an activity log for all users. A unique feature of their plans is the option to remotely wipe of all a customer’s data in case of a security breach.

File security is provided by read-only access, industry-standard secure (SSL 3.3) Transport Layer Security data encryption, 256-bit AES during sending, and handshake protocol to verify secure communication during transmission via the internet. [Pricing Plans]

7. Bitcasa

With an effortless backup features that allows you to mirror any folder on a hard drive, Bitcasa is very user friendly while also safe for storage data. The company uses a proprietary program that employs block-level encryption before transfer to their servers.

All stored files are encrypted before being uploaded and once they arrive at Bitcasa’s servers, no one can access them except the account holder – not even their own employees. [Pricing Plans]

8. SOS Online Backup

Although SOS Online Backup is geared more toward the personal user, it’s a good, and inexpensive option for a small enterprise. This online storage company ensures the privacy of your data by encrypting it 3 times: once locally, once during upload to their servers and one more time at the server level (what SOS refers to as "ultrasafe").

Their data centers use military grade equipment and security measures. Customers who use SOS are automatically HIPAA compliant and the services meets all SEC (Securities & Exchange Commission) regulatory standards. [Pricing Plans]

Wrap Up

There will always be a risk when data is transmitted anywhere, in any manner. However, by utilizing the best encryption and security measures available, today’s cloud storage providers are doing everything possible to mitigate the risks.





hongkiat.com