Mobile advertiser tracked users' locations, without their consent, FTC alleges


The privacy settings on your phone don’t mean much if tech companies choose to ignore them. One major mobile advertiser allegedly did just that.

The company InMobi was secretly tracking user locations, regardless of consent, the U.S. Federal Trade Commission alleged on Wednesday. The motive: to serve location-based ads over mobile apps.

InMobi is headquartered in India and partners with thousands of apps to offer advertising. This gives the company access to 1.5 billion devices.

Collecting user information to serve tailored ads is all too common, but InMobi did so through deception, the FTC alleged. The company stated it would only collect the location-based data if given permission, however, InMobi secretly collected it anyway, the agency said.

InMobi also created a database that could guess a user’s whereabouts, even when the location-tracking function had been shut off, the FTC said.

The company also allegedly tracked the locations of children, when promising not to do so.  A U.S. privacy regulation requires companies collecting information about children to first gain the consent from their parents.


Mobile advertising from InMobi

“The case is the FTC’s first charging a mobile ad company with deception and with violating the Children’s Online Privacy Protection Act,” the agency said in a blog post.

InMobi has agreed to a settlement and will pay a US$950,000 fine. The company blamed a “technical error” for serving children with the targeted advertising.

Source link

Opera's launched an iOS app to expand its free, unlimited, ad-blocking VPN


This story was updated with further information about the user data collected by the app.

Opera Software takes its VPN campaign to iOS with a free, unlimited virtual private network app. Launched Monday, the new app follows Opera’s debut in late April of a free, built-in virtual private network in the beta version of its PC and Mac browsers. Opera’s VPN services are offered by SurfEasy, a Canadian VPN provider that Opera acquired in early 2015.

Opera says one reason it decided to offer the app was to help people get around corporate and school firewalls. “Every day, millions of people, from students to working people, find that social-media sites…are blocked when they surf on their campus or workplace Wi-Fi…we help people to break down the barriers of the web,” SurfEasy president Chris Houston said in the iOS app’s announcement.

Opera’s new VPN app will find a formidable opponent in Netflix, however. Since its expansion to pretty much every country on the planet, Netflix has cracked down on VPN use. In my tests, the new Opera app didn’t get around the “great firewall of Netflix.”

Opera VPN for iPad.

That said, if you do run up against other regionally restricted sites you can always give Opera’s VPN a try. Currently, Opera VPN for iOS offers exit servers (where websites think you are) in the U.S., Canada, Germany, the Netherlands, and Singapore.

The new Opera VPN app also includes ad-blocking features to kill online ads, and web trackers that follow your browsing habits online to better target advertising.

Using Opera VPN is pretty straightforward. All you do is download and install the app from the App Store. Click through the agreements for the terms of service and privacy policy. Then you hit a few more Continue buttons to add a VPN profile to your device.

Once that’s done, the app starts working automatically. If you want to change exit locations, just tap the lightning bolt icon (upper-right corner on the iPad version). Next choose the country you’d like to “appear” in and that’s it.

Source link

Why Windows 10 wants your feedback and diagnostics, and how to control them


We now know the tradeoff for free Windows 10: Microsoft wants data about what you do with your device. But you don’t have to send everything you do back to Redmond.

You can control the data you send back, and how often, by delving into Windows 10’s privacy settings (we’ve taken you here before) and looking specifically at Feedback frequency and Diagnostic and usage data. The former is typically just an automated survey, but the diagnostic component actually peers into your machine.

These features comprised the Customer Experience Improvement Program, or CEIP, in previous versions of Windows—and they were voluntary. In Windows 10 they’ve become mandatory, but you can control some aspects.

Start by going to Settings > Privacy > Feedback & diagnostics in Windows 10.

Set limits on what Microsoft sees with these feedback and diagnostic settings.

Changing the Feedback frequency

Every so often, Microsoft gets curious: Did you like this new version of an app? Would you recommend Windows 10 to a friend? Microsoft typically asks these sorts of questions of Insiders who’ve signed up to test Microsoft’s beta software, but regular Windows 10 users may be quizzed as well.

Solicitations for feedback are infrequent. In fact, if you leave the Feedback frequency setting at Automatic, you’ll rarely see a popup. But you may set Feedback to Never if you’re dead-set against ever receiving the prompts.

windows feedback app

If you don’t want to wait for Microsoft to ask you for your opinion, you can change the Feedback setting to your liking.

If, on the other hands, you can’t wait to tell Microsoft what you really think, you can adjust the setting to Once a week, or Once a day, or even Always, so that presumably anything Microsoft has a question about will be flagged for your attention. You can also go to Start > Windows Feedback and use that app to send feedback on a specific issue.

What’s collected for diagnostic and usage data

The diagnostic and usage data that Microsoft wants to collect, however, is much more intrusive. Microsoft won’t know who you are by name, but it does track your device using a unique ID. 

Source link

Opera browser build adds a first: Free, unlimited VPN for secure surfing


After successfully launching a version of its browser that offered ad blocking, Opera just won’t quit. On Wednesday night, the company released a free VPN service with unlimited bandwidth, built right into its latest beta. The Opera release is developer edition version 38.0.2204.0 for the Mac and the PC.

Opera also won’t make you pay for the amount of bandwidth that you route through the VPN—which would normally cost you about $48 per year.

A virtual private network spoofs your IP address, pretending that your PC is actually physically located in London, for example, when it’s actually sitting in Los Angeles. That offers all sorts of possibilities: It helps hide your identity when surfing, or allows you access to a website that you normally wouldn’t be able to see. VPNs are also common in countries like China, whose so-called “Great Firewall” insulates the Chinese Internet from the rest of the world.


Note the blue “VPN” button to the left of the URL, highlighting that you’re protected.

Of course, a VPN may also enable illicit activities. For years, international users watched Netflix via VPN so they could see movies that weren’t available in their country—until Netflix cracked down. And, of, course, people use VPNs to evade the prying eyes of government watchdogs when downloading data via BitTorrent.

Why this matters: Free, unlimited VPN is an enormous coup for Opera. There are two major questions that Opera will need to answer, though: First, what are the terms of service of the VPN, and the acceptable use policy? “Unlimited” services rarely are. Second: What will the performance of the VPN network (and the browser, too) be under load?

No surprise to Opera watchers

The integrated VPN may not be that surprising if you’ve been watching Opera for long. About a year ago, Opera bought SurfEasy, a Canadian VPN provider whose network Opera is apparently using as the backbone of its services. (A few days ago, SurfEasy promised to protect BitTorrent downloads, possibly preparing for the Opera launch.)

surfeasy vpn plans

This is what you’ll normally pay for the SurfEasy services.

Today, you can take advantage of SurfEasy’s network through downloadable plugins from Chrome and the release version of Opera. Just by signing up with an email address, you’ll receive 500MB of secured data per month, for free. Confirm your email, and you’ll receive 250MB more. Follow them on Twitter, and it’s 100MB more, and so on. 

Normally, SurfEasy’s unlimited VPN service costs $3.99 per month and includes support for up to five devices—including Mac and Android devices. Now that the service has been integrated into the developer edition of the Opera browser, however, all of those limitations have apparently gone away.

Source link

Viber joins WhatsApp and Apple with end-to-end message encryption


Not wanting to be left behind in the pursuit of enhanced user security, Viber is adding end-to-end encryption (E2EE) following WhatsApp’s E2EE roll out earlier in April. Viber announced on Tuesday that E2EE would roll out to its users globally over the next two weeks. The new encryption will cover text, voice, and group chats, and will work across mobile and PC versions of Viber.

Viber with end-to-end encryption.

The new feature will be made available to users automatically. You’ll know you have it when you see a lock icon in the text entry box in chats. But Viber’s implementation won’t be as behind-the-scenes as WhatsApp’s is. Instead, the company has added a few extra features for those who want added protection.

When you see a gray lock icon, that means your communication is being protected using the service’s standard E2EE. In addition, each user also has a cryptographic key associated with their device that can be used to authenticate your identity to other Viber users. When this feature’s in use the lock turns green. If it turns red instead, that can mean someone is trying to listen in on your conversation through a man-in-the-middle attack.

However, you’ll probably see a red lock more often when the person you’re talking to switches to a new device. When that happens you’ll need to re-authenticate each other to get the lock icon back to green. We haven’t had a look at Viber’s new encrypted app yet, so we can’t comment on how easy it is to use the service’s new authentication feature.

In addition to E2EE, Viber also introduced a new hidden chats feature that removes chats from your regular logs and protects them behind a PIN lock.

Why this matters: Blame it on the Snowden revelations, the increasing secret demands for personal data by law enforcement, or just plain old hacking. Whatever the reason, more people are concerned about personal online security, and at least some messaging companies would rather not be involved in demands for user data. Apple’s iMessages also offers E2EE, as does Signal, while Line and Telegram offer it as an option. Many other services don’t offer E2EE encryption at all, including major ones like Facebook Messenger, Google Hangouts, Kik, and Snapchat. With so many holdouts we’re not quite at the tipping point for universal E2EE, but it’s getting there.

Source link

Oculus Rift privacy policy prompts lawmaker concern


As if summoned by the Bat-Signal, U.S. Senator Al Franken is seeking answers on Oculus’ privacy policies after some users expressed concerns.

Gizmodo rounded up some of those concerns last week, noting that Oculus Rift’s privacy policy allows the company to gather information on users’ locations, physical movements, and interactions with games and services. The policy notes that Oculus may use that information for marketing and promotional purposes.

This appears to have prompted an inquiry from Franken, who on Thursday sent and published a letter to Oculus CEO Brendan Iribe. In that letter, Franken asks whether Oculus services require the collection of location data, physical movement data, and communication among Oculus users, and he asks whether Oculus shares this information with third parties for anything other than the provision of services. Franken also asks whether Oculus sells aggregate user data, and what sort of safeguards the company uses to keep user data secure.

“Oculus’ creation of an immersive virtual reality experience is an exciting development, but it remains important to understand the extent to which Oculus may be collecting Americans personal information, including sensitive location data, and sharing that information with third parties,” Franken wrote.

Adam Patrick Murray

Franken has a long history of sending these types of letters to technology companies, including AppleGoogleUber, and Samsung. But these companies aren’t obligated to respond, and even when they do, their answers aren’t always particularly insightful. Franken has also tried to introduce location privacy bills several times throughout his tenure, but hasn’t succeeded at passing them into law.

Why this matters: Privacy was a major concern for Oculus’ fans when Facebook acquired the VR firm in 2014, so it’s understandable that they’d be hypersensitive about the Rift’s terms of service. Now that the Rift is a real product, it’s reasonable to expect a plain-English explanation of what Oculus will do with all the data it’s able to collect.

Oculus has basically responded already

Although Oculus has not yet answered Franken’s letter, the company has responded directly to the VR community, so it seems likely that Franken will get a similar response.

In a statement to UploadVR earlier this week, Oculus said it is “thinking about privacy every step of the way,” adding that it collects user data to check device stability, address technical issues, and improve the experience overall.

Source link's virtual Visas are burner debit cards that keep online shoppers safe


Slinging your credit card information all over the web may be the norm when you’re online shopping, but playing fast and loose with those precious numbers is just begging for identity theft to happen. A new company dubbed thinks it has a solution to the problem. Instead of handing out your actual debit and credit card numbers, lets you create “virtual” debit cards that are locked for use with a single vendor, or “burner” cards that are valid only for one-time use.

If no one has your actual credit card, the thinking goes, then your credentials are safe from the next major database breach—or the one after that.

That basic idea has already gained interest from investors. The company announced in October that it had raised $1.2 million from investors, including Jim Messina, former White House deputy chief of staff and main driver of President Obama’s 2012 re-election campaign. And the company’s founders include Andy Roth, the former chief privacy officer for American Express.’s auto-fill feature lets you create a new card without switching tabs. is free to use and makes its money by taking a cut from the interchange fees that merchants pay to Visa and the banks. It works primarily as a web app in Chrome and Firefox (Safari and Internet Explorer support is coming soon), but there’s an iOS app too. There’s also a handy Chrome extension that can auto-detect payment forms to create a new temporary card in a few clicks without leaving the page.

Why this matters: is another example of the Internet coming up with solutions that just aren’t practical in the physical world. Having multiple cards linked to your bank account and locked to specific vendors is a good way of reducing credit card fraud. An individual card is far less useful to thieves if all it can do is buy Netflix subscriptions or video games on Steam. Creating that system with plastic cards would be far too costly. A computer, however, can generate a card number and get into the payment system in seconds.

How it works


The dashboard.

The sign-up process for is very simple. You start with an email and password, then add your name, address, and date of birth on the next screen. Finally, you connect your bank account to your account by handing over your banking account’s username and password. Once that’s done you’re on your way.

You read that correctly. Right now, you can’t use by connecting it to your debit card or using details from the bottom of a check. Only your bank login credentials will do.

“We’re planning to add [debit card and check sign-ups] as funding options later,” CEO Bo Jiang told PCWorld via email. “But instant account verification (bank login) was the fastest and lowest friction way of doing so. It also helps us reduce fraud.”

Source link

How FBI vs. Apple could cripple corporate and government security


As the rhetoric and legal wranglings of the FBI and Department of Justice fight against Apple’s encryption continue to escalate, it’s only natural that much of the debate centers on personal privacy and the symbiotic role our phones now play in our lives.. Even President Obama himself, siding with the FBI at the South by Southwest conference, stated, “You can’t take an absolutist stance on this. It’s fetishizing our phones above every other value, and that can’t be the right answer.”

As the discussion focuses on privacy and crime, what is mostly lost is an analysis of the potential business and government implications—not merely the impact to Apple, technology vendors, and law enforcement agencies, but the effects to the wider business community and daily operation of thousands of agencies at all levels of government. Taken from that point of view, the President’s statement could become, “… it’s fetishizing the investigation of a limited set of highly serious crimes above every other value.”

Day to day I work as an IT security industry analyst. Formerly a research vice president at Gartner, where I was the lead analyst for datacenter encryption, I now run my own firm. For the past 15 years, I have advised some of the largest companies and government agencies in the world on using encryption systems. I’ve written multiple research papers, and I continue to work with most of the major encryption technology vendors.

Knowing how encryption is used throughout the business world, it is clear that one of our most fundamental security tools is at the center of a civil rights debate, and the slightest misstep could set back corporate and government security by decades.

At SXSW, President Obama warned against taking an “absolutist” stance. 

Encryption is technology’s backbone, and we break it all the time

Encryption is ubiquitous in the digital world. We use it for every credit card transaction, every time we unlock a car with a key fob, every time we log into nearly anything with a password, visit a secure website, connect to a wireless network, update software, or do pretty much anything with a bank. Society relies on encryption for far more than merely protecting our phones and online chats.

Encryption is merely math, not sorcery. It is a heavily studied field of math with an extensive body of work in the public domain. The U.S. government once restricted the export of strong encryption products, forcing companies to use weaker versions overseas and support the weaker encryption here at home since the Internet doesn’t respect national boundaries. It’s a decision we still pay the price for daily, as earlier this year researchers discovered yet another vulnerability in about a third of the Internet directly due to this deliberate weakening back in the 1990s.

The fight was known as the Crypto Wars, and the government, under President Clinton, eventually relented. Those attempts at control did little more than weaken the security of products and businesses. An encryption algorithm isn’t a nuclear centrifuge, and when all you needed to do was print source code for software in a book and ship it overseas for someone to scan into a computer and compile, the idea of restricting a bit of math to a national border became farcical. Especially when that math was already legal and public.

The U.S. government backed down on the battle for encryption because it was essential to running businesses and government services over the Internet. Attempts to allow encryption outside the country only in a weakened state left everyone vulnerable to attack since domestic systems also needed to support the lower security levels. The remnants of those early attempts are still having repercussions decades later.

Source link

Obama on encryption: 'It's fetishizing our phones above every other value'


President Barack Obama can’t comment on the specifics of the ongoing feud between Apple and the FBI, but he did sit down with Texas Tribune editor-in-chief Evan Smith at South by Southwest Interactive on Friday to weigh in on one of the most pressing issues facing American society today: Is national security more important than privacy in the digital age?

“The question we now have to ask is if technologically it is possible to make an impenetrable device or system where the encryption is so strong there’s no key, there’s no door at all, then how do we apprehend the child pornographer? How do we disrupt a terrorist plot?” Obama said. “If you can’t crack that [device] at all, if government can’t get in, everybody’s walking around with a Swiss bank account in their pocket.”

Obama is the first sitting president to take the stage at South by Southwest, the annual converge of tech, music, and film in Austin, Texas. He appeared at the festival to urge tech companies, engineers, and the creative thinkers drawn to SXSW to work on innovative solutions plaguing American democracy, like making it easier to vote, and bringing Internet access to more people.

Those are important issues, of course, but with the Department of Justice pressing Apple to help unlock an iPhone 5c used in the San Bernardino terrorist plot, Obama’s feel-good message on civic engagement took a backseat to who he sides with, Apple or FBI. He wouldn’t say, of course, but said he came down on the side of civil liberties, with a caveat.

“I suspect the answer will come down to how we create a system where the encryption is as strong as possible, the key is as secure as possible, it’s accessible by the smallest number of people possible for the subset of issues that we agree is important.”

The Edward Snowden effect

Obama realizes that Edward Snowden’s NSA surveillance leaks have made the American people skeptical about the government’s intentions when it comes to our devices.

“There are very real reasons why we want to make sure the government cannot just willy-nilly go into everyone’s iPhones—smartphones—that are full of personal data,” he said. “The whole Snowden disclosure episode elevated people’s suspicions of this.”

Snowden himself appeared at SXSW in 2014 to urge the American people to embrace encryption, which makes it difficult if not impossible for the National Security Agency to monitor communications.

Source link

How to seize control of your privacy with Mozilla's Firefox browser


When it comes to online privacy, Mozilla’s open-source Firefox browser is probably the best choice for keeping your data away from prying eyes. Even though Mozilla does have some behavior-based advertising on its new tab page, it’s still by far the browser maker that most respects your right to browse unmolested.

Nevertheless, Firefox does require several tweaks if you want to avoid privacy-invading tactics like ad tracking. Here’s a rundown of the basic steps you can take in this browser.

Do not track and tracking protection

The default settings for the Firefox Privacy tab.

To get started, open the preferences tab by typing about:preferences#privacy into the address bar. Or type about:preferences and choose Privacy in the left-hand navigation panel.

First up in the privacy section is tracking. By default, Firefox does not enable the do-not-track feature. You turn it on by clicking the checkbox labeled “Request that sites not track you.”

With this feature enabled, Firefox will make a request to every website you visit that they do not track you. Unfortunately sites don’t have to honor the request, and few do. To enforce your intentions you need to use an add-on such as Ghostery or the Electronic Frontier Foundation’s Privacy Badger. Be further warned, however, that some sites are choosing not to allow people to access content with add-ons like these enabled.

Returning to the tracking section in Firefox, there’s a relatively new feature enabled by default called “tracking protection in private windows.” Leave this setting turned on. The new enhanced tracking protection blocks ads and other online trackers when you’re in private browsing mode.

Reconciling with history

By default, Firefox remembers your history, which makes it easier to return to a site you visited a day, week, or even a month ago. Click the drop-down menu labeled “Firefox will:” and you can also tell the browser to never remember your history (the scorched-earth option), or use custom settings. Selecting the latter brings up several new options. At the top is a checkbox for “Always use private browsing mode,” which is another hardcore privacy choice to make. You can find out the full implications of private browsing mode on Mozilla’s support pages.

Below that are a variety of options that are pretty straightforward, but here’s how I would suggest setting it up.

Source link