Tag Archives: information security & privacy

Good move by Apple: Scanning for Child Sexual Abuse Material (CSAM) on iPhones

Abstract

Expanded Protections for Children

At Apple, our goal is to create technology that empowers people and enriches their lives — while helping them stay safe. We want to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material (CSAM).

Apple is introducing new child safety features in three areas, developed in collaboration with child safety experts. First, new communication tools will enable parents to play a more informed role in helping their children navigate communication online. The Messages app will use on-device machine learning to warn about sensitive content, while keeping private communications unreadable by Apple.

Next, iOS and iPadOS will use new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy. CSAM detection will help Apple provide valuable information to law enforcement on collections of CSAM in iCloud Photos.

Read more in

https://www.apple.com/child-safety/

Fake Comments: How U.S. Companies & Partisans Hack Democracy to Undermine Your Voice

This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of U.S. democracy — the ability of citizens to express their voice to their political representatives. And it was carried out by generating millions of fake comments and fake emails purporting to come from real citizens.

This attack was detected because it was relatively crude. But artificial intelligence technologies are making it possible to generate genuine-seeming comments at scale, drowning out the voices of real citizens in a tidal wave of fake ones.

The big telecommunications companies paid millions of dollars to specialist “AstroTurf” companies to generate public comments. These companies then stole people’s names and email addresses from old files and from hacked data dumps and attached them to 8.5 million public comments and half a million letters to members of Congress. All of them said that they supported the corporations’ position on something called “net neutrality,” the idea that telecommunications companies must treat all Internet content equally and not prioritize any company or service. Three AstroTurf companies — Fluent, Opt-Intelligence and React2Media — agreed to pay nearly $4 million in fines.

Read more

https://www.washingtonpost.com/outlook/2021/05/20/ai-bots-grassroots-astroturf/

Be careful of using Chinese goods: Chinese smart TVs caught hoovering up data

Abstract

Millions of smart TVs in China may have collected data without the knowledge of viewers about Wi-Fi networks found within range and attached devices.

According to the South China Morning Post, an owner of a Skyworth smart TV posted last month on a Chinese technical forum that their suspicions were aroused when they felt their TV’s operation had slowed down, and wondered what background processes might be running.

The unnamed user examined the code running on his Android-powered Skyworth TV, and discovered it was scanning for devices connected to their family’s Wi-Fi every 10 minutes, scooping up information:

What do they collect?

“TV App installed in users TV sends back the hostname, mac, ip and even the network delay time. It also detects the surrounding wifi SSID names, The mac address is also packaged and sent to this domain name of gz-data.com.” GZ-Data.com is the domain name of Gozen Data, a data analytics company that specializes in delivering targeted advertising to smart TVs.

Read more in

https://www.bitdefender.com/box/blog/iot-news/chinese-smart-tvs-caught-hoovering-data-devices-customers-networks/

Good Read: Search Yourself Online

Abstract

You most likely have heard how important it is to protect your privacy and the information you share online. To demonstrate this, we are going to try something new; we are going to show you how to research yourself and discover what information is publicly known about you. The process is called OSINT, a fancy way of saying Open Source Intelligence.

Read more in

https://www.sans.org/newsletters/ouch/search-yourself-online/

User Privacy: Chrome Floc is going to block third party cookies. Not good for ads business

Abstract

If Google sticks to its roadmap, by this time next year Chrome will no longer allow websites to use third-party cookies, which are cookies that come from outside their own domains. The change theoretically makes it vastly more difficult for advertisers to track your activities on the web and then serve you targeted ads.

Because of course Google doesn’t want to kneecap the online ad industry — the one it dominates and from which it makes all its money. Instead, Google wants to replace the third-party tracking cookie with a complicated set of (bird-themed) technologies that are meant to let ad companies target specific demographics like age and location, while at the same time allowing the people who are targeted to remain anonymous. 

Read more in