Today we’re going to look at a new nice touch that controls what kind of information you display on the sign-in screen, specifically your email address.
Right now, when you land on the login screen on a Windows 10 PC it displays your name and the email address associated with your Microsoft account. When you’re at home that’s no big deal, but you may not want that information displayed where someone might sneak a peek, such as at a coffee shop or in a business meeting.
In my tests with the latest Insider builds this information was taken off the login screen by default. It’s not clear if the same will be true for people upgrading from a previous version of the operating system.
Regardless, accessing the setting is pretty easy if you end up needing to hide this data or, conversely, want to to display it again.
In my tests with build 14388, you go to Start > Settings > Accounts > Sign-in options. There, under the Privacy subheading, you’ll have one slider labeled Show account details (e.g. email address) on sign-in screen. Flip that on or off depending on your needs, and that’s it.
This new feature has been around for months so presumably it will remain once the official Anniversary Update rolls out. If it doesn’t we’ll adjust this article accordingly.
If you have Pokémon Go fever, but you’re concerned about the controversy surrounding the app and access to your Google data, you’ll want to install the Pokémon Go update. Even if you didn’t use Google to sign into the game, you’ll want the update, since it has bug fixes.
The 1.0.1 update is now available in the App Store. Before you perform the update, sign out of the game. You can do this in Pokémon Go by going into the app settings and tapping Sign Out at the bottom of the screen. (If you don’t sign out before updating the app, that’s OK. You’ll need to do so when you launch the update.)
To update the game directly on your iPhone, tap on the App Store app, and then tap the Updates tab on the bottom navigation bar. When you see the update appear on the list, tap the Update button. You can also install the update via iTunes on your Mac, with your iPhone connected.
After the update is installed, launch the app and sign in as usual. If you sign in using Google, you’ll see this new screen.
If you go to the web and check your Google account for your connected apps, you should see a change in what Pokémon Go accesses. If you don’t sign out and then sign back into the game as mentioned earlier, you may not see this updated status.
Niantic, the developer of the game, released a statement on Monday, clarifying what the company can access in relation to google accounts. Niantic’s complete statement:
Secret conversations will only be available to a limited number of users at first, with a wider roll out planned for later this summer. The feature name “secret conversations” first surfaced in March.
Messenger’s secret conversations won’t be like WhatsApp, which offers complete E2EE for all messages when all users in the conversation have a compatible version of the app. Instead, secret conversations will allow Messenger users to encrypt one-on-one conversations on the fly. Group messaging will not be covered.
When encrypted, the messages will only be accessible to the two conversation participants. While the message is in transit from one device to the other it won’t be possible for third parties—including Facebook—to decipher the message.
Facebook is also adding a Snapchat-like self-destruct setting that allows secret conversations to disappear after a predetermined amount of time. Rumors about Facebook’s plans for a Snapchat-like feature for Messenger first surfaced in May.
Each secret conversation will also exist in its own section of the app for each Messenger contact. Secret conversations will not be integrated with the main conversation thread for that person.
The biggest limitation of secret conversations is that new feature will only work on one device. Facebook told Wired it doesn’t have a system in place to distribute encryption keys (bits of information that encrypt and decrypt messages) across multiple devices.
Secret conversations will also start with a slimmed down feature set, leaving out support for animated GIFs, video, Facebook’s payments system, and other features.
The story behind the story: Facebook hasn’t said whether it plans to move towards a fully-encrypted Messenger or only offer the option for people who need it. As more features get added to secret conversations, and if Facebook lifts the one device limit, the E2EE feature could become a standard part of the massive messaging platform.
If going full E2EE is indeed the final plan it wouldn’t be the first time Facebook took a piecemeal approach to encryption. Facebook’s move to make all parts of the social network’s website SSL/TLS-compatible took several years. At first, users had to enable SSL/TSL encryption manually, and many features of the site didn’t work when early versions of the security measure were turned on.
A reader whom I won’t name worries that his cousin watches what he does on his Android phone. The cousin actually told him so.
It’s possible that your cousin is just messing with your head. Ask for proof—such as texts you’ve sent and received.
On the other hand, they may actually be spying on your phone. There are a surprising number of Android apps that can do just that.
[Have a tech question? As Answer Line transitions from Lincoln Spector to Josh Norem, you can still send your query to firstname.lastname@example.org.]
But first, let me clarify one thing: No one is tracking you via your phone’s IP address. Take your phone on a morning jog, and its IP address will change three or four times before you get home.
In order to track your phone, someone would need to install a spying app onto it. That could come in the form of malware such as the recently discovered Godless, which can be downloaded as part of a seemingly innocent app.
And then there are spyware apps that don’t pretend to be anything else; tools such as GPS Phone Tracker. And yes, you can download them from the Play Store.
Why doesn’t Google block these apps? Because they have legitimate purposes. If your employer assigns you a company phone, they have every right to see what you do with it. And parents should monitor kids’ Internet use.
Believe it or not, some people put these apps in their phones willingly. Couple Tracker allows suspicious lovers to track each other’s movements and texts.
Personally, I prefer to just trust my wife.
If you’re an adult and you bought the phone with your own money, only you should have the right to install or not install such an app. But if someone else has physical access to your phone and knows your PIN or password, or if they can log into your Google account, they can install an app without your knowing or noticing it.
How can you tell if you’ve got a spy app on your phone? An unusually hot phone, or a battery that’s suddenly losing power fast, should make you suspicious. But not too suspicious. Those same symptoms may also be a sign of other, less malicious problems.
If you want to make sure, try running Anti Spy Mobile. It finds spying apps and gives you a chance to uninstall them.
The privacy settings on your phone don’t mean much if tech companies choose to ignore them. One major mobile advertiser allegedly did just that.
The company InMobi was secretly tracking user locations, regardless of consent, the U.S. Federal Trade Commission alleged on Wednesday. The motive: to serve location-based ads over mobile apps.
InMobi is headquartered in India and partners with thousands of apps to offer advertising. This gives the company access to 1.5 billion devices.
Collecting user information to serve tailored ads is all too common, but InMobi did so through deception, the FTC alleged. The company stated it would only collect the location-based data if given permission, however, InMobi secretly collected it anyway, the agency said.
InMobi also created a database that could guess a user’s whereabouts, even when the location-tracking function had been shut off, the FTC said.
The company also allegedly tracked the locations of children, when promising not to do so. A U.S. privacy regulation requires companies collecting information about children to first gain the consent from their parents.
“The case is the FTC’s first charging a mobile ad company with deception and with violating the Children’s Online Privacy Protection Act,” the agency said in a blog post.
InMobi has agreed to a settlement and will pay a US$950,000 fine. The company blamed a “technical error” for serving children with the targeted advertising.
In no way was this “deliberate,” and the company notified the FTC as soon as the problem was discovered, InMobi said in an email.
It also said that the company was only tracking users’ location without their permission in “certain instances.” The problems were corrected in last year’s fourth quarter, InMobi added.
As part of the settlement, InMobi must delete all the information it illegally collected and operate a privacy program for the next 20 years to keep the company in line with regulations. It must also honor the user’s location privacy settings.
This story was updated with further information about the user data collected by the app.
Opera Software takes its VPN campaign to iOS with a free, unlimited virtual private network app. Launched Monday, the new app follows Opera’s debut in late April of a free, built-in virtual private network in the beta version of its PC and Mac browsers. Opera’s VPN services are offered by SurfEasy, a Canadian VPN provider that Opera acquired in early 2015.
Opera says one reason it decided to offer the app was to help people get around corporate and school firewalls. “Every day, millions of people, from students to working people, find that social-media sites…are blocked when they surf on their campus or workplace Wi-Fi…we help people to break down the barriers of the web,” SurfEasy president Chris Houston said in the iOS app’s announcement.
Opera’s new VPN app will find a formidable opponent in Netflix, however. Since its expansion to pretty much every country on the planet, Netflix has cracked down on VPN use. In my tests, the new Opera app didn’t get around the “great firewall of Netflix.”
That said, if you do run up against other regionally restricted sites you can always give Opera’s VPN a try. Currently, Opera VPN for iOS offers exit servers (where websites think you are) in the U.S., Canada, Germany, the Netherlands, and Singapore.
The new Opera VPN app also includes ad-blocking features to kill online ads, and web trackers that follow your browsing habits online to better target advertising.
Once that’s done, the app starts working automatically. If you want to change exit locations, just tap the lightning bolt icon (upper-right corner on the iPad version). Next choose the country you’d like to “appear” in and that’s it.
The fine print on privacy
Specifically, Opera says it “may” collect usage data while connected to its VPN, including the web addresses you visit. It’s not clear whether the company is actually collecting your web history while using this VPN, or if it’s just reserving the right to do so in some unforeseen future.
We contacted Opera for comment, and received this response from SurfEasy’s Houston: “While the Opera VPN is completely free to the user we do use anonymous market insights derived from customer usage to help support the service. We make this information available to third parties who are interested in better understanding the mobile ecosystem and how it’s evolving.”
In other words, it sells user data to marketers. Houston added, however, that the data is aggregated and not focused on individual activity. “It’s important to understand that this is not data about what you do with your phone, but rather this is data about how a large group of people use their phones.”
We now know the tradeoff for free Windows 10: Microsoft wants data about what you do with your device. But you don’t have to send everything you do back to Redmond.
You can control the data you send back, and how often, by delving into Windows 10’s privacy settings (we’ve taken you here before) and looking specifically at Feedback frequency and Diagnostic and usage data. The former is typically just an automated survey, but the diagnostic component actually peers into your machine.
These features comprised the Customer Experience Improvement Program, or CEIP, in previous versions of Windows—and they were voluntary. In Windows 10 they’ve become mandatory, but you can control some aspects.
Start by going to Settings > Privacy > Feedback & diagnostics in Windows 10.
Changing the Feedback frequency
Every so often, Microsoft gets curious: Did you like this new version of an app? Would you recommend Windows 10 to a friend? Microsoft typically asks these sorts of questions of Insiders who’ve signed up to test Microsoft’s beta software, but regular Windows 10 users may be quizzed as well.
Solicitations for feedback are infrequent. In fact, if you leave the Feedback frequency setting at Automatic, you’ll rarely see a popup. But you may set Feedback to Never if you’re dead-set against ever receiving the prompts.
If, on the other hands, you can’t wait to tell Microsoft what you really think, you can adjust the setting to Once a week, or Once a day, or even Always, so that presumably anything Microsoft has a question about will be flagged for your attention. You can also go to Start > Windows Feedback and use that app to send feedback on a specific issue.
What’s collected for diagnostic and usage data
The diagnostic and usage data that Microsoft wants to collect, however, is much more intrusive. Microsoft won’t know who you are by name, but it does track your device using a unique ID.
“As you use Windows, we collect diagnostic and usage data that helps us identify and troubleshoot problems, improve our products and services, and provide you with personalized experiences,” Microsoft explains in a FAQ. “This data is transmitted to Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device and understand the device’s service issues and use patterns.”
Here’s the bad news: You can’t turn off diagnostic data in the Settings menu. By default, it’s set to Full, which sends pretty much everything; however, you do have two dialed-back choices called Basic and Enhanced.
The Basic data setting collects the configuration data of your device (device name and model, as well as the hardware and software, including third-party apps and drivers); performance data, including how quickly programs respond to input; network data, including details of the networks you connect to and what radios you’re using; and details of other hardware that’s connected to your device.
Enhanced adds the ability to log “how frequently or how long you use certain features or apps, which apps and features you use most often, how often you use Windows Help and Support, and which services you use to sign into apps,” according to Microsoft. It will also report the memory state of an app when it crashes, helping Microsoft improve the Windows 10 experience. Microsoft cautions that it may collect parts of a document stored in that memory data.
Finally, the Full setting peers even deeper into your PC, but only in certain cases. When devices experience problems that are difficult to diagnose or replicate with Microsoft’s internal testing, Microsoft will randomly select a small number of devices set to the Full level that are also exhibiting the problem, and gather all of the data needed to diagnose and fix the problem. (Note that if you’re a Windows Insider, your Diagnostic setting is automatically set to Full.)
Microsoft apparently doesn’t even anonymize any personal data it collects via its Full diagnostics; it simply won’t use that data for any sales purposes. “If an error report contains personal data, we won’t use that information to identify, contact, or target advertising to you,” Microsoft says.
The data may also travel further than you’d like. Microsoft says its own employees use it, but the company also shares the data with third-party affiliates and hardware partners where relevant.
After successfully launching a version of its browser that offered ad blocking, Opera just won’t quit. On Wednesday night, the company released a free VPN service with unlimited bandwidth, built right into its latest beta. The Opera release is developer edition version 38.0.2204.0 for the Mac and the PC.
Opera also won’t make you pay for the amount of bandwidth that you route through the VPN—which would normally cost you about $48 per year.
A virtual private network spoofs your IP address, pretending that your PC is actually physically located in London, for example, when it’s actually sitting in Los Angeles. That offers all sorts of possibilities: It helps hide your identity when surfing, or allows you access to a website that you normally wouldn’t be able to see. VPNs are also common in countries like China, whose so-called “Great Firewall” insulates the Chinese Internet from the rest of the world.
Of course, a VPN may also enable illicit activities. For years, international users watched Netflix via VPN so they could see movies that weren’t available in their country—until Netflix cracked down. And, of, course, people use VPNs to evade the prying eyes of government watchdogs when downloading data via BitTorrent.
Why this matters: Free, unlimited VPN is an enormous coup for Opera. There are two major questions that Opera will need to answer, though: First, what are the terms of service of the VPN, and the acceptable use policy? “Unlimited” services rarely are. Second: What will the performance of the VPN network (and the browser, too) be under load?
No surprise to Opera watchers
The integrated VPN may not be that surprising if you’ve been watching Opera for long. About a year ago, Opera bought SurfEasy, a Canadian VPN provider whose network Opera is apparently using as the backbone of its services. (A few days ago, SurfEasy promised to protect BitTorrent downloads, possibly preparing for the Opera launch.)
Today, you can take advantage of SurfEasy’s network through downloadable plugins from Chrome and the release version of Opera. Just by signing up with an email address, you’ll receive 500MB of secured data per month, for free. Confirm your email, and you’ll receive 250MB more. Follow them on Twitter, and it’s 100MB more, and so on.
Normally, SurfEasy’s unlimited VPN service costs $3.99 per month and includes support for up to five devices—including Mac and Android devices. Now that the service has been integrated into the developer edition of the Opera browser, however, all of those limitations have apparently gone away.
This is the sound of a beta crashing
Unfortunately, I had one heck of a time getting the developer edition—which, obviously, is far less stable than the release version—to work.
Opera provided me with a test build of the browser, which downloaded and installed just fine. To enable the VPN function, click the Opera (“O”) menu, then scroll down to Settings. Under Privacy & Security, you’ll need to click the checkbox to enable the VPN function. When I did so, I didn’t notice any differences—though I hadn’t tried to surf anywhere yet. I then turned off the ads using the native ad blocker that Opera had installed in a previous edition of the browser, and tested everything on PCWorld’s homepage.
I didn’t notice anything within the interface that signaled whether the VPN service was working. (A popup window in the ad-blocking edition, on the other hand, alerted me that the feature was there, and how and why to take advantage of it.) I closed and restarted the browser.
Unfortunately, that was a mistake. I haven’t been able to open it since, as it promptly crashes on launch. I tried uninstalling it, and received error messages. I tried manually cleaning out the files, removing most of them. After re-downloading and re-installing the browser, though, I still experienced the crash-on-launch bug.
What Opera tells me, however, is that the VPN encrypts data with 256-bit encryption, hiding your actual IP address behind a virtual one. You can select an IP address in the United States, Canada, or Germany. More location options will be available as Opera rolls out this feature in release form.
I did download the SurfEasy VPN plugin for Chrome, and I can report that the service works as advertised, though slowly. Don’t expect to be able to watch an overseas version of Netflix, though: The service reportedly uses rotating IP addresses, and though I was able to log into Netflix UK, only one of three shows actually began playing. (Otherwise, Netflix kindly informed me I was using a VPN, and to cut it out.) The movie that did play was somewhere below 1080p resolution, though the audio was perfectly acceptable.
For now, it’s not clear what will happen for those users who have already signed up for a SurfEasy subscription, and whether Opera will crack down on users who try to download hundreds of gigabytes through the service. Fortunately, though, it won’t cost you a dime to find out. Once Opera fixes a few bugs, download the beta and try it for yourself.
Not wanting to be left behind in the pursuit of enhanced user security, Viber is adding end-to-end encryption (E2EE) following WhatsApp’s E2EE roll out earlier in April. Viber announced on Tuesday that E2EE would roll out to its users globally over the next two weeks. The new encryption will cover text, voice, and group chats, and will work across mobile and PC versions of Viber.
The new feature will be made available to users automatically. You’ll know you have it when you see a lock icon in the text entry box in chats. But Viber’s implementation won’t be as behind-the-scenes as WhatsApp’s is. Instead, the company has added a few extra features for those who want added protection.
When you see a gray lock icon, that means your communication is being protected using the service’s standard E2EE. In addition, each user also has a cryptographic key associated with their device that can be used to authenticate your identity to other Viber users. When this feature’s in use the lock turns green. If it turns red instead, that can mean someone is trying to listen in on your conversation through a man-in-the-middle attack.
However, you’ll probably see a red lock more often when the person you’re talking to switches to a new device. When that happens you’ll need to re-authenticate each other to get the lock icon back to green. We haven’t had a look at Viber’s new encrypted app yet, so we can’t comment on how easy it is to use the service’s new authentication feature.
In addition to E2EE, Viber also introduced a new hidden chats feature that removes chats from your regular logs and protects them behind a PIN lock.
Why this matters: Blame it on the Snowden revelations, the increasing secret demands for personal data by law enforcement, or just plain old hacking. Whatever the reason, more people are concerned about personal online security, and at least some messaging companies would rather not be involved in demands for user data. Apple’s iMessages also offers E2EE, as does Signal, while Line and Telegram offer it as an option. Many other services don’t offer E2EE encryption at all, including major ones like Facebook Messenger, Google Hangouts, Kik, and Snapchat. With so many holdouts we’re not quite at the tipping point for universal E2EE, but it’s getting there.
As if summoned by the Bat-Signal, U.S. Senator Al Franken is seeking answers on Oculus’ privacy policies after some users expressed concerns.
This appears to have prompted an inquiry from Franken, who on Thursday sent and published a letter to Oculus CEO Brendan Iribe. In that letter, Franken asks whether Oculus services require the collection of location data, physical movement data, and communication among Oculus users, and he asks whether Oculus shares this information with third parties for anything other than the provision of services. Franken also asks whether Oculus sells aggregate user data, and what sort of safeguards the company uses to keep user data secure.
“Oculus’ creation of an immersive virtual reality experience is an exciting development, but it remains important to understand the extent to which Oculus may be collecting Americans personal information, including sensitive location data, and sharing that information with third parties,” Franken wrote.
Franken has a long history of sending these types of letters to technology companies, including Apple, Google, Uber, and Samsung. But these companies aren’t obligated to respond, and even when they do, their answers aren’t always particularly insightful. Franken has also tried to introduce location privacy bills several times throughout his tenure, but hasn’t succeeded at passing them into law.
Why this matters: Privacy was a major concern for Oculus’ fans when Facebook acquired the VR firm in 2014, so it’s understandable that they’d be hypersensitive about the Rift’s terms of service. Now that the Rift is a real product, it’s reasonable to expect a plain-English explanation of what Oculus will do with all the data it’s able to collect.
Oculus has basically responded already
Although Oculus has not yet answered Franken’s letter, the company has responded directly to the VR community, so it seems likely that Franken will get a similar response.
In a statement to UploadVR earlier this week, Oculus said it is “thinking about privacy every step of the way,” adding that it collects user data to check device stability, address technical issues, and improve the experience overall.
As for advertising, Oculus said it is relying on Facebook for some infrastructure elements, but is not sharing information with the social networking giant, at least for now. “We don’t have advertising yet and Facebook is not using Oculus data for advertising—though these are things we may consider in the future,” the company said.