Oh Snap, SnapChat Agrees to Settle FTC Charges/ Incriminating Selfies Could Come Back to Haunt You
In a news release issued Thursday, the Federal Trade Commission (FTC) reported that SnapChat, Inc., maker of the mobile app “Snapchat”, “has agreed to settle Federal Trade Commission charges that it deceived consumers with promises about the disappearing nature of messages sent through the service.” According to the FTC’s complaint, Snapchat had previously touted privacy and security as selling points in providing its service which allows users to share “snaps”, ephemeral photos or videos with other users. The FTC’s release quotes FTC Chairwoman Edith Ramirez: “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.” Additional charges against SnapChat included misrepresented information regarding data collection in its privacy policy, the tracking and transmission of Android users’ geo-location information despite Snapchat claiming otherwise, and the collection of names and phone numbers from users’ mobile address books without notice or permission.
* * *
Honey Badger, Stand Down: There’s a New Badger in Town
Peter Eckersley, Copper Quintin and Yan Zheuff announced on the Electronic Frontier Foundation’s (EFF) Deeplinks Blog that EFF has released Privacy Badger, a browser extension for Firefox and Chrome which “automatically detects and blocks spying ads around the web”. Eckersley, Quintin, and Zheuff report that, according to recent Mozilla research, users want privacy more than anything else in a web browser. According to the post, EFF considers Privacy Badger a part of the organization’s “growing campaign to deliver privacy by giving you the technical means to disallow trackers within the pages you read on the Web.”
Privacy Badger is currently in alpha release and they want your feedback. You can install it here.
* * *
Security Expert Warns Against Encrypting Everything
Warwick Ashford writes for Computer Weekly that Hugh Thompson, chief security strategist at Blue Coat, a business security firm, recently stated: “Firms need to ensure [that] the use of encryption to increase online privacy does not impair their visibility of network traffic.” Thomson’s statement came in response to a newly formed privacy alliance’s[AM1] announcing its plan to “Reset the Net”. Thompson specifically warns against the encryption of all online data exchanges, which is exactly what “Reset the Net” calls for. Ashford writes, “The group is encouraging the use of proven security such as SSL encryption (HTTPS), HTTP Strict Transport Security (HSTS) and Perfect Forward Secrecy (PFS) to block state surveillance.” He then quotes Thompson: “Greater user of HTTPS is a great thing because it helps secure the transaction between websites and end users… But at the same time, organisations need to recognise that this will enable bad guys to push down malicious files or binaries to a machine where no security scanning is done”.
* * *
“iDecide” App Needed
Interesting point made by the United States Deputy Solicitor General Michael Dreeben during Supreme Court oral arguments on April 28th in the cases Riley v California and United States v Wurie. The cases involved the rights of police to search mobile phones seized from arrest subjects without first obtaining a warrant. One of the arguments advanced by the government is that warrants should not be required because of concerns about criminal suspects destroying evidence of the crimes contained on their cell phones. As The Economist reported it last week, Justice Sotomayor “wondered why the police can’t just put the smartphone in ‘airplane mode’ to prevent criminals from wiping the data remotely and secure the phone to await a judge’s warrant.”
According to The Economist, Deputy Solicit General Dreeben responded:
“[T]he assumption that we’re going to have airplane mode and that the Court should craft a constitutional rule around airplane mode assumes that cell phones are not going to be able to be used in airplanes in the next five years and that manufacturers will continue to make an easily available button for airplane mode. I don’t think the Court should found a constitutional ruling on that assumption.”
* * *
Facebook Making “Moves” Against Personal Privacy?
Reed Albergotti, in his advertising blog on WSJ.com, reported last week that Moves, a fitness-tracking app acquired recently by Facebook, had changed its privacy policy in connection with its sale to Facebook. In particular, Albergotti noted that Moves changed its policy from its previous commitment to not “disclose an individual user’s data to third parties,” to “We may share information, including personally identifying information, with our Affiliates (companies that are part of our corporate groups of companies, including but not limited to Facebook) to help provide, understand, and improve our Services”.
This presumably includes allowing Facebook to access Moves user data for purposes of targeting advertising, although Albergotti writes that “a Facebook spokeswoman said the two companies would not commingle data. … But she said the companies plan to share the data.”
Charlie Warzel wrote in Buzzfeed that
“For Facebook, data from Moves is especially precarious as the data the app collects is highly personal. Using a variety of motion sensors inside your phone like Apple’s M7 motion-sensing chip (which is always on), Moves knows not only where you’ve been but if you walked, ran, biked, or were transported there by vehicle. When activated, the app makes full use of a smartphone’s ability to comprehensively track its owner, which, to some may feel highly invasive.”
Warzell places the Moves acquisition in the context of Facebook’s recent “F8 Conference”, where (according to Warzell), “The company rolled out a review process for third-party apps as well as an anonymous third-party app login system to keep user data private.”
Add Comment