Facebook Cares Nothing For Your Privacy

They make money off selling access to data about you. Why would they want to cut into that? Facebook fears more secret documents have been leaked.

Among them were emails showing that Facebook tried to strangle its competitors by cutting off their access to its data, as well as emails in which Facebook employees discussed how to read users’ mobile phone logs without prompting a dialogue box asking for their consent.

So they wield monopoly power, and the want to trample over privacy. What a surprise.

I don’t use Facebook. (I have an account which I log into a few times a year to change the password and deactivate.) I use Google as little as possible. (I am still using Gmail, but I am working to get it out of anything important, like banking.)

I have pretty much stopped using Twitter. (I was sort of disappointed that I wasn’t banned, but then I wasn’t really trying.)

I don’t want information about my life to someone’s product for sale.


Yet Another Data Breach

This is not surprising, not even a little. Records of 114 Million US Citizen and Companies Exposed Online.

Researchers from HackenProof, a penetration testing company based in Estonia, found the massive cache of data via the Shodan search engine, in two Elasticsearch indices.

They couldn’t determine who owned that data, only that Shodan had indexed it on November 14th. It was likely sitting there, available to all, for a considerable period of time. (And Shodan probably isn’t the only web-crawler that found it.)

One of the instances contained personal information of 56,934,021 US citizens, including sensitive details like full name, employer, job title, email and street address, ZIP code, phone number, and an IP address.

Because actually securing all of that data that companies are so eager to Hoover up is time consuming and expensive.

Google Gets Creepier Every Year

They want to monitor everything in your life. Everything. Google Reveals Plans to Monitor Our Moods, Our Movements, and Our Children’s Behavior at Home.

Google is developing smart-home products that are capable of eavesdropping on us throughout our home in order to learn more about us and better target us with advertising. It goes much further than the current Google Home speaker that’s promoted to answer our questions and provide useful information, and the Google-owned Nest thermostat that measures environmental conditions in our home. What the patents describe are sensors and cameras mounted in every room to follow us and analyze what we’re doing throughout our home.

They want to be able to recognize – via cameras – individuals. In their own homes.

You couldn’t pay me to have one of these things in my home.

Hat to Claire Wolfe and her Thursday Links, which you should definitely take a look at. This is (perhaps) the most upsetting link she highlights, but it isn’t the ONLY upsetting story. Not by a long shot.

Google+ Hack Convinces Google to End Google+

Or maybe it was the backlash after they covered up a data breach. Google+ to shut down after coverup of data-exposing bug.

A security bug allowed third-party developers to access Google+ user profile data since 2015 until Google discovered and patched it in March, but decided not to inform the world. When a user gave permission to an app to access their public profile data, the bug also let those developers pull their and their friends’ non-public profile fields.

They didn’t admit to any of this because – according to a company memo – they didn’t want the Cambridge-Analytica-style publicity. OK, now they have their own bad publicity.

Now Google+, which was already a ghost town largely abandoned or never inhabited by users, has become a massive liability for the company.

When will companies take security seriously? When an executive who makes a boneheaded decision – like either not funding security, or covering it up – is held accountable in a court of law. Nothing else is going to get it done.

Chrome 69 Won’t Delete Google’s Cookies

Ask to delete all cookies, Google won’t delete all cookies. Chrome 69 Keeps Google’s Cookies After You Clear Browser Data.

Because Google knows better than you. And they dropped their “Don’t Be Evil” goal, and seem to be doubling down on being evil.

It has been discovered that when you try to clear all cookies in the Chrome browser, every cookie will be deleted except for authentication cookies created by Google. This means that after clearing cookies, you will be logged out of every site that you are currently logged into, except for Google.

This “Let’s not delete our own data” behavior from Google is on top of them logging you into the browser, when you didn’t ask them to. If you logged into Gmail or YouTube, Google would log you into Chrome – even if you didn’t want them to. Log out of YouTube, and Google kept you logged into the browser. They say they didn’t scoop up all of your browser history, but given how evil they’ve become, do you believe them?

Chrome 70 will walk back some of these “evil” changes, but I’ve stopped using Chrome in the interim. You may want to reconsider your use of browsers.

I use a bunch of different browsers. Opera and Vivaldi. Firefox. Chrome. Very rarely Microsoft’s Edge (when I need to test something that isn’t working because of all the privacy extensions I have in the other browsers). I even have an old version of Pale Moon installed, though I need to see if there is a new version available. And of course the TOR Browser. I may have to drop the use of Chrome.

I do this because websites love to track you. And one of the ways they do that is by tracking all kinds of things about your browser. Version, size of display, etc.

Seems like I’m not alone: Why I’m done with Chrome. Matthew Green is a cryptographer and professor at Johns Hopkins University. He takes issue with the “forced login” policy.

If you didn’t respect my lack of consent on the biggest user-facing privacy option in Chrome (and didn’t even notify me that you had stopped respecting it!) why should I trust any other consent option you give me? What stops you from changing your mind on that option in a few months, when we’ve all stopped paying attention?

Hat tip to Security Now.

If the App is Free, That Means YOU Are the Product

They have to make money somehow, so it is by selling all of your information. Dozens of popular iPhone apps caught sending user location data to monetization firms.

A group of security researchers say dozens of popular iPhone apps are quietly sharing the location data of “tens of millions of mobile devices” with third-party data monetization firms.

Almost all require access to a user’s location data to work properly, like weather and fitness apps, but share that data often as a way to generate revenue for free-to-download apps.

There is a list of at least some of the apps involved, including those, like AccuWeather and NOAA Weather Radar that changed the code once they were busted. But some don’t.</p

Apple is demanding that all apps have a privacy policy by October 3, which will do nothing, but lets them pretend they are doing something. Have you EVER not installed an app or piece of software because something the privacy policy or the other disclaimers made you hesitant? And yes, I do read those and I do take them seriously. And when I don’t like something, I have been known to perpetrate misinformation. (You mean you don’t have disposable email addresses?)