Tag Archives: Apple

Apple vs the FBI – the fight for privacy

At a time when many of us are more aware than ever before of how private, or not, our lives and personal information are online, the ongoing battle between Apple and the FBI is setting up to be the digital fight of our times, with a huge amount at stake for all of us – so where do you stand?

At the risk of being accused of fence-sitting, it’s clear there is merit on both sides, so no easy answers – but that hasn’t stopped the tech world lining up, mostly to back Apple’s stance.

As advocates for a more private world, and greater responsibility and controls over personal data generally, it’s hugely welcoming to hear a company citing user privacy as a key factor in the huge decision to oppose a legal order.

Personal privacy, and the responsibility each of us has to help find, develop and limit other people’s impact on it, is a huge topic of our times. Companies are increasingly realising this too – and there is an increasing feel that a new balance will need to be struck, a finding of a middle ground that all can live with and feel is acceptable.

As well as Apple’s stand, Mozilla has just released a new video series with a similar message – that we all, as active web citizens, need to take a stand to stop privacy erosion impacting on our lives. And the first step towards that is knowing what is important to us, and what our battle lines are – which Apple has clearly both identified and drawn.

The flip side, of course, is that while we’re all for online privacy and security, its real-life counterparts have very real needs too, above and beyond those of their digital cousins. We all want ourselves, those we love and our communities and world generally to be a safe place, and technology has a huge part in making that happen. It is also vital that those in charge of protecting our real-life privacy and security have the tools they need to do so, and can ask for expert help when they are struggling. But what we need to find is the line where reasonable becomes overreach, and this is the essence of the current battle (and indeed the state of the personal data economy more generally).

As we increasingly seek (rightly) to take more control of our own data, to own it and use it for our purposes rather than having companies take and use it without our knowledge, these decisions become ones that we need to make our own minds up on, rather than delegate to others, because we all have a significant personal stake in how this plays out.

Of course, the courts will ultimately decide the outcome of Apple vs the FBI, but the ramifications and continued debate over what constitutes reasonable government access to private data will hopefully help set the internet community, as a whole and in time, on a path that the majority can support.

Apple’s data debate call after ‘dangerous’ request ‘to hack own users’

Tim Cook has written a public letter criticising the US government for threatening “the security of our customers” while explaining why he is refusing to comply with a federal court order to help the FBI unlock an iPhone of one of the San Bernardino shooters.

In the letter, posted on the company’s website and headlined A Message to our Customers, Apple’s chief executive said: “This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.”

He said Apple is being asked to take “an unprecedented step…we oppose this order, which has implications far beyond the legal case at hand.”

The tech giant has been ordered to help the FBI, which wants to know more about the motives and background behind the shooting which killed 14, access the iPhone by building a bespoke operating system with fewer security features. Current security features, which have been in place since 2014, mean agents risk losing any data on the phone permanently if they make more than ten failed attempts to guess the passcode.

The government has, among other demands, asked to allow a passcode to be inputted electronically, which would make it easier to unlock an iPhone by “brute force”, especially with modern computers that are able to try thousands or millions of combinations.

Explaining his stand, Cook said: “The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

Cook cited grave personal data concerns and the security of users for the order challenge,  explaining his stance by saying: “Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

“All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

“Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

He added: “For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

He was clear that Apple is “shocked and outraged by the deadly act of terrorism in San Bernardino and has “no sympathy for terrorists”, adding: ” The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime.”, including complying with requests for “data that’s in our possession.

He stressed: “We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them.”

But that has come to an end now “the government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals.

“The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.We can find no precedent for an American company being forced to expose its customers to a greater risk of attack.”

Looking to the future, he added: “The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data.

“The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

“Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.”

Apple is now likely to file an appeal, triggering a fight that could end up in the Supreme Court – and a battle that will be keenly observed at all stages by those on both sides of the data privacy debate.

Apple removes hundreds of apps that collected personal data

Apple has removed hundreds of apps from its online store that were using Chinese advertising software that collects personal data in violation of its privacy policies.

The iPhone maker made the announcement a day after researchers discovered 256 apps using the software, which extracts “personally identifiable user information.” and which have had more than a million downloads.

In a statement, the tech giant said: “We’ve identified a group of apps that are using a third-party advertising SDK (software development kit), developed by Youmi, a mobile advertising provider, that… gathers private information, such as user email addresses and device identifiers, and route data to its company server.

“This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected.

“We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

Apple does not allow third-party applications to share data about a user without obtaining users’ permission, and it rejects apps that require users to share personal information, such as email addresses or birth dates.

Researchers at the mobile analytics firm SourceDNA said on Sunday that they had discovered hundreds of apps that extract personal information, saying it was “the first time we’ve seen iOS apps successfully bypass the app review process.”

The researchers said they found 256 apps with an estimated one million downloads that have a version of Youmi that violates user privacy.

“Most of the developers are located in China,” the researchers said in a blog post. “We believe the developers of these apps aren’t aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server.”

ad-blockers, apple, ios9, data, advertising

Why ad-blockers really aren’t the data privacy win you might think

Ad-blockers shot straight to the top of the paid-for apps list in the App Store when Apple’s iOS9 update that allowed users to block mobile advertising was released.

So far, so not unusual – ads are pesky little things, right? Popping-up unexpectedly when you least expect them and generally bloating pages, crucifying page load times and eating up data allowances. Not to mention their tracking qualities as well as the past searches and purchases that stalk you round the web, site after site, day after day. Nope, no redeeming features at all – let’s block them all.

Then something unexpected happened – Marco Arment, creator of the no1 paid ad-blocker Peace, pulled it from the store after just two days, saying that “success didn’t feel good”.

What exactly the problem is remains unclear, altrhough comments on the Instapaper’s founder’s blog where he talked of needing to find a “more nuanced, complex approach” offer some clues.

He added: “Ad blockers come with an important asterisk: while they do benefit a ton of people in major ways, they also hurt some, including many who don’t deserve the hit.”

What Arment seems to be alluding to is what Seth Godin termed the shared understanding that websites offer free content in return for attention. For most sites, advertising is what quite literally pays the content creation bills.

Of course, pages have become increasingly riddled with evermore intrusive ads over the past few years, and it’s hard not to see that the reader has been assailed from all sides. So the appearance of ad-blockers was only going to end one way. Or, as Godin put it: “In the face of a relentless race to the bottom, users are taking control, using a sledgehammer to block them all.”

But still the fact remains that readers and sites have been in a mutually-beneficial relationship where advertising has played a key role in funding content for which there is demand but no serious suggestion that users would pay the full creation cost. And that remains the case even as ad-blocking apps proliferate.

So if ad blocking is not the answer, what is? There is clearly change needed on both sides – advertisers needs to show self-restraint and not machine gun content over every page we open, while users need to understand that on the internet, as with so many things, we can’t simply have the good for free without giving something back.

But there also needs to be a fundamental shift in how we think about data. We don’t like these ads that follow us around, or trackers, because they feel like an assault on our privacy. Yet it is the information gained through this that allows businesses to begin to better target our wants and interests.

I say begin, as the data available to date is so thin and incomplete that it is estimated to be up to 30-50 per cent wrong, to the obvious detriment of both the business and user.

Imagine how much more beneficial for both sides a rich data set would be – useful data 100 per cent certified and licensed at source, used to target appealing ads back to that same user.

A vision for the future to be sure, but a vision that comes ever closer as the Internet of Me follows close on the heels of the Internet of Things, with companies like digi.me at the forefront of this digital revolution.

What Does Your Phone Know About You?

These days we really do rely on our mobile phones and it is quite scary to think how much your phone knows about you, where you have been and who you have seen.  It even knows some of your favourite hobbies, interests and activities. It is in essence your digital brain!  What would you do without it?

Mobile phones have moved on an incredible amount over the past 30 years, from a device that is clunky and cumbersome to small, light incredibly fast computers that fit in our pockets and handbags. We connect other devices to them such as our fitness trackers, smartwatches, children’s toys and much more.  They are the central hub of our daily lives.  As such they collect a massive amount of data about us.  Some of which is passed on to the applications that we use and some just sits idle on the phone.  Then there is some data that goes back to the carrier as well and some that is collected by the sites that we browse. They are complicated little devices and often we forget just how valuable that data is to us until we lose or break our phone.

A couple of weeks back I wrote a piece on how you can find your phone using the data stored online about you that relates to your phone and it’s location.  This week I thought we would look more at just what data there is on these devices and why it is important to secure and back up your phone and it’s content.

Most mobile phones these days have the option for you to store a copy of your photo’s and contacts in the cloud.  This means that every new contact and photo is saved both on your phone and somewhere on the internet.  The chance of losing this data is low unless of course you haven’t set your phone up to do that. It is one of the first things I set up whenever I get a new phone and I would recommend that if you haven’t done this already then do it as it is a life saver when your phone is damaged or lost as you still have all your contacts and those precious pictures of friends and family.

The next thing that I always set up is a way to secure my phone so that if I lose it someone else can’t just use my phone, run up a massive bill and cause all sorts of trouble. I have heard too many friends lose their phones abroad and because it is abroad they are still liable for the call charges made. Put a pin on it and it is at least a deterrent. You can also turn on phone tracking and remote wipe which take that process one step further. The only issue with these is that you need to have GPS turned on and this can be a bit of a battery drain. You can still find your phone’s last known location through other means so to me this is not essential.  Android phones track where you are using a process called triangulation which uses WiFi and cellular data to identify where you were last so I tend to use that as my fallback.

The apps that you have installed on your phone and have paid for are all stored by the app store where you bought them from so these too are recoverable. The data within these apps is stored remotely too by the app creators. As long as you have stored your contacts, pics and videos remotely you should be able to pretty much recreate your device time and time again. This is the beauty of distributed data.

Looking at this another way though all that distributed data is accessible from a single point – your phone. Once someone has that they have access and potentially control of everything. Just bear that in mind the next time you turn your phone on and you haven’t got any security turned on. You are putting your online identity at risk. That digital footprint that we have talked about here on the blog a few times could become compromised if you don’t protect it properly.

This article was brought to you by digi.me who put you in control of your social media content. Download it now to protect your digital memories. 

How Tim Cook and the NY Times Opened Up the Privacy Debate

This week really has been an interesting one with two big stories hitting the news both relating to personal data and privacy.  The first was this story “Tim Cook blasts Silicon Valley companies for ‘gobbling up’ your personal data” and that was followed up with this article today in the New York Times “Mark Zuckerberg, Let Me Pay for Facebook“.

Both of these articles have one thing in common. Personal data, control of that data, use of the data and ownership of it.  Tim Cook rightly reminds us all that our personal data is incredibly valuable and important. Too important in fact to let other companies take ownership, control and use it.  Tim Cook is fighting for you to own your data, control and use it how you see fit. Some people have argued that we already do that and have made the trade off between personal privacy and service access with services like Facebook and Twitter however where do the boundaries sit?  At what point is a line crossed where we are no longer happy with this?

Taking this one step further New York Times writer Zeynep Tufekci believes that companies like Twitter and Facebook should actually be paying us to be on their platforms if they are selling our data or if we choose for them not to we pay to access the platform.  That actually doesn’t sound like an unreasonable compromise.  Times are changing and as we start to understand more how valuable and useful our data is to us and others we may choose to take more control over it.

What are your thoughts on the issues raised in these articles and where do you see the power and control of your personal data in the future?

We here at digi.me want to place that firmly in your hands in a way that you can easily understand and with the ability to revoke access and control of your data from any platform or service as you see fit.

Apple co-Founder Threatens To Leave Facebook Over Data Ownership Concerns

A lengthy article about the Facebook Terms of Service – and how it more or less gives the social network carte blanche to do what it likes with all of your data – has caught the eye of Apple co-founder Steve Wozniak, who is not best pleased that he doesn’t appear to own his own profile picture.

The article in question is from the US edition of the Huffington Post, and breaks down a lot of the salient points of Facebook’s Data Use Policy and Terms of Service, which the overwhelming majority of us will have accepted without reading. It also goes on to elaborate on how our Facebook information is combined with some of our general internet browsing data to come up with ‘inferred’ information about you from evidence and reasoning rather than from explicit statements.

But it’s more the question of data ownership that was ruffling Wozniak’s feathers, to the point where the Apple co-founder is considering leaving Facebook. Sharing the Huffington Post article on Facebook, he included the following message:

“Not right. My profile picture is owned by Facebook, not by myself, etc. I may not be here much longer.”

steve wozniack huffington post facebook pictures

Data ownership and the issues of privacy when our personal information is posted online is becoming an increasingly sensitive subject for individuals and privacy groups alike. Here at SocialSafe we firmly believe that the individual should be the single biggest owner of their personal data, which is why we have been helping users of social networks take control of their data.

The SocialSafe application allows users to download their own copy of the information they post to social networks (updates, tweets, photos, messages, posts and more) to their own machines. Once this information is stored in the users own private, local library they can they do more with it, such as search across multiple networks, create collections, export to PDF and see their most popular content.

Looking forward, we are working on expanding SocialSafe to support personal data from all sorts of sources. To start taking back control of your personal data now, download SocialSafe for free and back up the content from your social networks.

Giving Your Passwords To Third-Party Apps: A Lesson From ‘InstLike’

An app promising free likes and followers for Instagram users has harvested the usernames and passwords from over 100,000 people who downloaded the app since June this year. The Apple and Google approved InstLike app directly asked users for their login credentials rather than using the Instagram API, and created a massive ecosystem of botnets that would like random photos and follow random users.

Security firm Symantec  subsequently alerted Google and Apple, who have both removed InstLike from their respective app stores.

This story serves to highlight what can be a tricky situation for both app developers and app users. Any third-party app that you download to enhance or expand your use of a service such as Instagram (or for that matter Facebook, Twitter etc) would need you to login to your account. However, how do you know who you can trust?

If the app developers are playing by the book, any logging in to a network should be done through that respective network’s API. However in reality it’s not hard for people to create something that looks very similar to those login screens, which might convince the slightly less privacy conscious users that they’re logging in through the normal channels. This appears to be what we’ve seen with InstLike, which saw users submitting their usernames and passwords directly to the developers.

It’s tough on the legitimate app developers as well as the users, as stories like this foster an environment of distrust against any app that requires the user to login via an online account. Adhering to the APIs is one thing, but making sure that your audience realises that you are one of the good guys is another.

With more people choosing to remain logged in to their accounts on their own devices, it’s easy what the actual login screens look like. Just to refresh your memory, here are how five of the most common login/authorisation screens appear:

Facebook Authorisation LinkedIn Authorisation Twitter Authorisation Instagram Authorisation Google Login

At SocialSafe your privacy, trust and peace of mind mean a huge amount to us. That is why we never see nor store any of your data, nor do we ever have access to any of your login credentials. All of the content that you choose to back up from your social networks is downloaded directly from the host network in adherence with the respective APIs, and it is stored on your own machine where you have complete control over your data.

If you ever have any questions about how SocialSafe works and what this means in terms of privacy and social network access, then we are always happy to talk to you about this. Just get in touch via one of our social platforms (Facebook, Twitter, LinkedIn, Google+) or leave a comment below.