Tag Archives: data collection

Time To Protect Your IN-PHONE-FO

Posted on by

Change your phone settings so Apple, Google can’t track your movements

Your phone tracks your movements all the time. grapestock/Shutterstock.com

Author

  1. Director of Consumer Privacy, Center for Internet and Society, Stanford University

Disclosure statement

The Center for Internet and Society receives funding from multiple organizations; information is available here: http://cyberlaw.stanford.edu/about-us

Technology companies have been pummeled by revelations about how poorly they protect their customers’ personal information, including an in-depth New York Times report detailing the ability of smartphone apps to track users’ locations. Some companies, most notably Apple, have begun promoting the fact that they sell products and services that safeguard consumer privacy.

Smartphone users are never asked explicitly if they want to be tracked every moment of each day. But cellular companies, smartphone makers, app developers and social media companies all claim they have users’ permission to conduct near-constant personal surveillance.

The underlying problem is that most people don’t understand how tracking really works. The technology companies haven’t helped teach their customers about it, either. In fact, they’ve intentionally obscured important details to build a multi-billion-dollar data economy based on an ethically questionable notion of informed consent.

How consumers are made to agree

Most companies disclose their data protection practices in a privacy policy; most software requires users to click a button saying they accept the terms before using the program.

But people don’t always have a free choice. Instead, it’s a “take-it-or-leave-it” agreement, in which a customer can use the service only if they agree.

Consumers often do not have a free choice when it comes to privacy agreements. Marta Design/Shutterstock.com

Anyone who actually wants to understand what the policies say finds the details are buried in long legal documents unreadable by nearly everyone, perhaps except the lawyers who helped create them.

Often, these policies will begin with a blanket statement like “your privacy is important to us.” However, the actual terms describe a different reality. It’s usually not too far-fetched to say that the company can basically do whatever it wants with your personal information, as long as it has informed you about it.

U.S. federal law does not require that a company’s privacy policy actually protect users’ privacy. Nor are there any requirements that a company must inform consumers of its practices in clear, nonlegal language or provide consumers a notice in a user-friendly way.

Theoretically, users might be able to vote with their feet and find similar services from a company with better data-privacy practices. But take-it-or-leave-it agreements for technologically advanced tools limit the power of competition across nearly the entire technology industry.

Data sold to third parties

There are a few situations where mobile platform companies like Apple and Google have let people exercise some control over data collection.

For example, both companies’ mobile operating systems let users turn off location services, such as GPS tracking. Ideally, this should prevent most apps from collecting your location – but it doesn’t always. Further, it does nothing if your mobile provider resells your phone’s location information to third parties.

App makers are also able to persuade users not to turn off location services, again with take-it-or-leave-it notifications. When managing privileges for iOS apps, users get to choose whether the app can access the phone’s location “always,” “while using the app” or “never.”

But changing the setting can trigger a discouraging message: “We need your location information to improve your experience,” says one app. Users are not asked other important questions, like whether they approve of the app selling their location history to other companies.

And many users don’t know that even when their name and contact information is removed from location data, even a modest location history can reveal their home addresses and the places they visit most, offering clues to their identities, medical conditions and personal relationships.

Why people don’t opt out

Websites and apps make it difficult, and sometimes impossible, for most people to say no to aggressive surveillance and data collection practices. In my role as a scholar of human-computer interaction, one issue I study is the power of defaults.

When companies set a default in a system, such as “location services set to on,” people are unlikely to change it, especially if they are unaware there are other options they could choose.

Further, when it is inconvenient to change the location services, as is the case on both iOS and Android systems today, it’s even less likely that people will opt out of location collection – even when they dislike it.

Companies’ take-it-or-leave-it privacy policies and default choices for users’ privacy settings have created an environment where people are unaware that their lives are being subjected to minute-by-minute surveillance.

They’re also mostly not aware that information that could identify them individually is resold to create ever-more-targeted advertising. Yet the companies can legally, if not ethically, claim that everyone agreed to it.

Overcoming the power of defaults

Monitor your phone’s default settings. Georgejmclittle/Shutterstock.com

Privacy researchers know that people dislike these practices, and that many would stop using these services if they understood the extent of the data collection. If invasive surveillance is the price of using free services, many would rather pay or at least see companies held to stronger data collection regulations.

The companies know this too, which is why, I argue, they use a form of coercion to ensure participation.

Until the U.S. has regulations that, at a minimum, require companies to ask for explicit consent, individuals will need to know how to protect their privacy. Here are my three suggestions:

  • Start by learning how to turn off location services on your iPhone or Android device.
  • Turn location on only when using an app that clearly needs location to function, such as a map.
  • Avoid apps, such as Facebook Mobile, that dig deeply into your phone for as much personal information as possible; instead, use a browser with a private mode, like Firefox, instead.

Don’t let default settings reveal more about you than you want.

from:    Change your phone settings so Apple, Google can’t track your movements January 14, 2019 6.41am EST Your phone tracks your movements all the time. grapestock/Shutterstock.com Author Jen King Director of Consumer Privacy, Center for Internet and Society, Stanford University Disclosure statement The Center for Internet and Society receives funding from multiple organizations; information is available here: http://cyberlaw.stanford.edu/about-us Partners View all partners Republish this article Republish Republish our articles for free, online or in print, under Creative Commons license. Email Twitter103 Facebook421 LinkedIn Print Technology companies have been pummeled by revelations about how poorly they protect their customers’ personal information, including an in-depth New York Times report detailing the ability of smartphone apps to track users’ locations. Some companies, most notably Apple, have begun promoting the fact that they sell products and services that safeguard consumer privacy. Smartphone users are never asked explicitly if they want to be tracked every moment of each day. But cellular companies, smartphone makers, app developers and social media companies all claim they have users’ permission to conduct near-constant personal surveillance. The underlying problem is that most people don’t understand how tracking really works. The technology companies haven’t helped teach their customers about it, either. In fact, they’ve intentionally obscured important details to build a multi-billion-dollar data economy based on an ethically questionable notion of informed consent. How consumers are made to agree Most companies disclose their data protection practices in a privacy policy; most software requires users to click a button saying they accept the terms before using the program. But people don’t always have a free choice. Instead, it’s a “take-it-or-leave-it” agreement, in which a customer can use the service only if they agree. Consumers often do not have a free choice when it comes to privacy agreements. Marta Design/Shutterstock.com Anyone who actually wants to understand what the policies say finds the details are buried in long legal documents unreadable by nearly everyone, perhaps except the lawyers who helped create them. Often, these policies will begin with a blanket statement like “your privacy is important to us.” However, the actual terms describe a different reality. It’s usually not too far-fetched to say that the company can basically do whatever it wants with your personal information, as long as it has informed you about it. U.S. federal law does not require that a company’s privacy policy actually protect users’ privacy. Nor are there any requirements that a company must inform consumers of its practices in clear, nonlegal language or provide consumers a notice in a user-friendly way. Theoretically, users might be able to vote with their feet and find similar services from a company with better data-privacy practices. But take-it-or-leave-it agreements for technologically advanced tools limit the power of competition across nearly the entire technology industry. Data sold to third parties There are a few situations where mobile platform companies like Apple and Google have let people exercise some control over data collection. For example, both companies’ mobile operating systems let users turn off location services, such as GPS tracking. Ideally, this should prevent most apps from collecting your location – but it doesn’t always. Further, it does nothing if your mobile provider resells your phone’s location information to third parties. App makers are also able to persuade users not to turn off location services, again with take-it-or-leave-it notifications. When managing privileges for iOS apps, users get to choose whether the app can access the phone’s location “always,” “while using the app” or “never.” But changing the setting can trigger a discouraging message: “We need your location information to improve your experience,” says one app. Users are not asked other important questions, like whether they approve of the app selling their location history to other companies. And many users don’t know that even when their name and contact information is removed from location data, even a modest location history can reveal their home addresses and the places they visit most, offering clues to their identities, medical conditions and personal relationships. Why people don’t opt out Websites and apps make it difficult, and sometimes impossible, for most people to say no to aggressive surveillance and data collection practices. In my role as a scholar of human-computer interaction, one issue I study is the power of defaults. When companies set a default in a system, such as “location services set to on,” people are unlikely to change it, especially if they are unaware there are other options they could choose. Further, when it is inconvenient to change the location services, as is the case on both iOS and Android systems today, it’s even less likely that people will opt out of location collection – even when they dislike it. Companies’ take-it-or-leave-it privacy policies and default choices for users’ privacy settings have created an environment where people are unaware that their lives are being subjected to minute-by-minute surveillance. They’re also mostly not aware that information that could identify them individually is resold to create ever-more-targeted advertising. Yet the companies can legally, if not ethically, claim that everyone agreed to it. Overcoming the power of defaults Monitor your phone’s default settings. Georgejmclittle/Shutterstock.com Privacy researchers know that people dislike these practices, and that many would stop using these services if they understood the extent of the data collection. If invasive surveillance is the price of using free services, many would rather pay or at least see companies held to stronger data collection regulations. The companies know this too, which is why, I argue, they use a form of coercion to ensure participation. Until the U.S. has regulations that, at a minimum, require companies to ask for explicit consent, individuals will need to know how to protect their privacy. Here are my three suggestions: Start by learning how to turn off location services on your iPhone or Android device. Turn location on only when using an app that clearly needs location to function, such as a map. Avoid apps, such as Facebook Mobile, that dig deeply into your phone for as much personal information as possible; instead, use a browser with a private mode, like Firefox, instead. Don’t let default settings reveal more about you than you want.

from:https://theconversation.com/change-your-phone-settings-so-apple-google-cant-track-your-movements-109059

NSA XKeyscore Data Collection Program

Posted on by

It turns out the NSA was collecting voice calls, photos, passwords, documents, and much more

Cale Guthrie Weissman

Jul. 1, 2015

NSA documents leaked to the Guardian in 2013 described a covert program called XKeyscore, which involved a searchable database for intelligence analysts to scan intercepted data.

Now, new documents show the breadth of this program and just what sort of data XKeyscore catalogs.

According to a new report from The Intercept, the amount of data XKeyscore scoops up as well as the sort of data it collects is much larger than originally thought.

Here are a few highlights from the new report:

The XKeyescore database is “fed a constant flow of Internet traffic from fiber optic cables that make up the back of the world’s communication network, among other sources, for processing,” the new report writes. Its servers collect all of this data for up to five days, and store the metadata of this traffic for up to 45 days.
Web traffic wasn’t XKeyscore’s only target. In fact, according to the documents posted by The Intercept, it was able to gather data like voice recordings. A list of the intercepted data included “pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.”
How the search works is very advanced. The new documents detail ways that analysts can query the database for information on people based on location, nationality, and previous web traffic.
XKeyscore was also used to help hack into computer networks for both the US and its spying allies. One document dated in 2009 claims that the program could be used to gain access into unencrypted networks.
Using XKeyscore was reportedly insanely easy. “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds,” security researcher Jonathan Brossard told The Intercept. “Simple. As easy as typing a few words in Google.”

While XKeyscore has been known as an intelligence tool for years now, these new documents highlight just how advanced and far-reaching the program’s surveillance is.

The NSA, in a statement to The Intercept, claims that all of its intelligence operations are “authorized by law.” It added, “NSA goes to great lengths to narrowly tailor and focus its signals intelligence operations on the collection of communications that are most likely to contain foreign intelligence or counterintelligence information.”

Read more: http://www.businessinsider.com/nsa-xkeyscore-surveillance-program-details-revealed-in-new-snowden-documents-2015-7#ixzz3eqx12a82

Considering Uber? Consider this

Posted on by
health

Uber is your Big Brother: It tracks you everywhere, even when you’re not using the Uber app

Wednesday, June 24, 2015 by: Daniel Barker

(NaturalNews) Uber, the popular mobile ride-finding app, has been at the center of controversy since its launch in 2009. Much of the uproar has been due to the fact that its low-cost ride service poses a direct threat to the livelihood of cab drivers and other professional drivers who claim that the competition is unfair, unethical and downright illegal. In March 2015, Brussels cab drivers went on strike in protest of the Uber service, and since then, there has been increasing pressure on the company regarding its practices.

In June, the debate reached a fever pitch when taxi drivers in France staged anti-Uber demonstrations that turned violent, leading to a raid by police on the Uber headquarters in Paris and the detainment of two Uber executives for questioning.

However, there is another issue with the Uber smartphone app that has raised serious concerns among the public and various privacy groups: Uber tracks and records information regarding the location of passengers who use the service even when the app is not in use.

In the first years of its operations, Uber came under fire over charges that the company had “casually” used the information it gathered with its “God View” technology, which gives the company the capability of monitoring the location of all its drivers as well as users who have flagged its vehicles. The company even reportedly shared some of this data with third parties who did not work for Uber.

Recently, however, it has been revealed that Uber’s updated policy tracks passengers and allows access to their personal information.

The Electronic Privacy Information Center in Washington, D.C., has called for the Federal Trade Commission to conduct an investigation into the company’s invasive practices.

The complaint filed by the EPIC reads:

Uber will claim the right to collect personal information and detailed location data of American consumers, even when they are not using the service.

Among the concerns raised by the EPIC complaint is the fact that Uber employees have admitted to tracking the geo-locations and other info regarding journalists who were questioning the company’s policies. The EPIC also points to the possible threat of hackers gaining access to users’ personal information.

In the EU, regulators have been scrutinizing the company’s privacy policies in an attempt to determine if Uber is in compliance with European privacy laws. Among the EU regulations are requirements that companies that use geo-location tracking must first obtain clear consent from the user.

EU guidelines also require the company to provide users with “comprehensive, easily accessible and understandable notice” regarding their data collection policies and to allow users access to their own collected data so that they can modify or delete particular details.

Finally, the regulations require that the data collected by companies such as Uber must be deleted as soon as the information is no longer needed for the purpose for which it was obtained.

It is unclear at this point whether Uber has revised its policies to reflect the EU regulations or similar privacy laws in the United States. The company has stated that it it amended its privacy policies to address the concerns raised by various legal entities and privacy groups.

Judging from Uber’s past track record, there is plenty to remain concerned about. The company has showed a clear disregard for the privacy rights of its users, not to mention their continued undermining of the rights of cab drivers and other professionals throughout the world whose jobs have been threatened by Uber’s cheap, non-professional ride services.

Sources:

http://money.cnn.com

http://www.theguardian.com

Center for All Sorts of Data in Utah

Posted on by

Behold the NSA’s Dark Star: the Utah Data Center

by

It’s the ultimate machine of what’s become our Paranoid State. Clive Irving on the Orwellian mass-surveillance data center rising in the Utah desert.

Remember the Stasi, the secret police who operated in East Germany when it was a communist state? When the Berlin Wall came down, East Germans discovered they had been living in a society so rotted by paranoia that at least one in three of its adult citizens were spying on the other two.

NSA Phone Records
NSA’s Utah Data Center shown June 6, in Bluffdale, Utah. (Rick Bowmer/AP)

In the case of East Germany, this ended up producing warehouses stuffed with bulging files containing the minutely observed details of the everyday, humdrum lives of millions. The product was both banal and, in its range and results, terrifying (a world caught beautifully in the film The Lives of Others).

In the case of the U.S., the apotheosis of the same mind-set lies in a sprawling complex at Camp Williams, Utah, due to start operating this fall. Billions of dollars have gone into creating this cyberintelligence facility for the National Security Agency.

There’s no official explanation of the Utah Data Center’s real mission, except that it’s the largest of a network of data farms including sites in Colorado, Georgia, and Maryland. But it’s obviously been built to vastly increase the agency’s capacity to suck in, digest, analyze, and store whatever the intelligence community decides to collect. As of this week, we know a lot more about the kind of data that includes.

Of course, the U.S. is still far from being the police state that East Germany was. But I do think we need to better understand how this technological juggernaut works, what its scope really is—and particularly we need to appreciate how our political acceptance of this scale of surveillance is shaping the kind of society we are.

The national-security industrial complex is now of the size, power, and influence of the military-industrial complex of the Cold War, which President Eisenhower first defined and warned of. As then, this complex uses the national interest as a reason for having to operate in secrecy, and invokes patriotism—literally in the PATRIOT Act—to create a political consensus.

Nineteen terrorists with minimal technology—box cutters—have enabled the counterterrorism industry to enjoy unbounded reach. White House Deputy Press Secretary Josh Earnest used the familiar argument to defend the newly disclosed surveillance: it was, he said, “a critical tool in protecting the nation from terror threats as it allows counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terror activities, particularly people located inside the United States.”

NSA Phone Records
The Utah Data Center is part of “a network of data farms” in the U.S. (Rick Bowmer/AP)

Where is it absolutely essential to violate privacy and where not?

That’s actually a simplification. Surveillance has two fundamental purposes: to track the known and discover the unknown. It’s hard to comprehend the science involved. How, for example, do you cull billions of bytes of data a second in a way that discriminates between the useless and the essential? Only one thing is for sure, and that is that the policy driving the velocity of the NSA’s ever-expanding sweeps is first to make those sweeps as global and indiscriminate as possible and then to apply algorithms able to instantly see the significant from the insignificant. If only it were that simple.

It is patently easy to defend the resources devoted to intelligence gathering by saying that many attacks have been thwarted, without saying what and where they were. Neither the Boston Marathon atrocity nor the London assassination of a British soldier were detected in advance, even though intelligence services in both countries had the perpetrators on their radar.

There is a certain kind of intellectual depravity in trying to have us accept that all surveillance is good for us. Politicians of both parties who now say there is nothing new in what has been revealed, that this was all authorized and kosher, are captives of this depravity, because they don’t really know any more than we do where to draw the line. Where is it absolutely essential to violate privacy and where not?

This is made even worse by the cover of enormous technical complexity. At least the Stasi’s low-tech methods could be seen for what they were, part of a cumbersome and gross bureaucratic machine, essentially human in its systems, allowing culpability to be clearly assigned.

In our case there is the Dark Star factor, like the Utah operation, working on robotic principles, not dependent on putting bugs in chandeliers, leaving no fingerprints, and capable of awesome penetration. We have the ultimate machine of the Paranoid State, an Orwellian apparatus that intoxicates its operators with its efficiency, enthralls its masters with its omniscience, and emasculates its political overseers with its promise of efficacy.

from:    http://www.thedailybeast.com/articles/2013/06/08/behold-the-nsa-s-dark-star-the-utah-data-center.html