Privacy Is SUCH a 20th Century Concept

An online payment system owned by PayPal has security problems? Say it ain’t so! Millions of Venmo transactions scraped in warning over privacy settings.

“There’s truly no reason to have this API open to unauthenticated requests,” he told TechCrunch. “The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that’s your goal then you should require a token with each request to verify that the user is logged in.”

You want a Modern Tech Company™ to spend time and resources on YOUR privacy? There is no privacy. (F*c*book’s lawyer said so!)

Advertisements

Georgia Town Says Privacy = No Response to a Burglar Alarm

Want to get police response to your burglar alarm? Then you have to put cameras in your home and connect them to the internet. Because that never ends badly. Confusion abounds over new Sandy Springs alarm law.

Under the law, police officers will not respond to home and business burglary alarms without video, audio or in-person verification that a crime is occurring.

So basically if you value your privacy, you are screwed in terms of having a burglar alarm in Sandy Spring.

Now I get the police position. 90 percent (or more) of burglar alarms are false alarms. And besides…

The chief told residents huddled around him Monday night that the average burglar alarm response time is 40 minutes, which he said is basically useless because a criminal is almost always gone by then.

Under those conditions, why bother with a monthly fee? Though hopefully the fire department can get their faster in the event of a smoke-detector going off.

Google Hates Privacy

And so they play games with privacy settings. Google Payment Privacy Settings Hidden Behind Special URL.

This Settings page can be accessed using the navigation sidebar, as shown below, or directly through the URL https://pay.google.com/payments/u/0/home#settings. From the Settings screen you can set your address, payment users, some general settings, and other information. There is, though, no privacy settings on this page when accessing it normally.

Because Google thinks they have the RIGHT to know every time you stop at Starbucks, what you had for lunch yesterday, how many drinks you paid for at happy hour, etc.

WhatsApp Is Lacking In Security

But then the people behind it don’t care about security. How Hackers Broke WhatsApp With Just a Phone Call.

A new Financial Times report alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them. The targets didn’t need to pick up to be infected, and the calls often left no trace on the phone’s log.

Apparently the latest patch fixes some of the problem, and they are “doing infrastructure upgrades” to also address the issue. But WhatsApp is all about convenience. And convenience is in many ways the enemy of security.

“This does indeed sound like a freak incident, but at the heart of it seems to be a buffer overflow problem that is unfortunately not too uncommon these days,” says Bjoern Rupp, CEO of the German secure communication firm CryptoPhone. “Security never was WhatsApp’s primary design objective, which means WhatsApp has to rely on complex VoIP stacks that are known for having vulnerabilities.”

They bad guys are targeting high-profile dissidents and political activists. So probably bad-states.

The Apple $1 Billion Suit Over Facial Recognition Gone Wrong

The story from earlier already has a broken link. So here it is again from a different source. Teen hits Apple with $1B lawsuit over facial recognition arrest.

Ousmane Bah was arrested by New York Police Department officers on Nov. 29 after being accused of thefts at Apple Stores in Manhattan, Boston, New Jersey and Delaware, according to his lawsuit.

The lawsuit says the actual thief was caught stealing $1,200 worth of merchandise — specifically Apple Pencils — from the Boston store on May 31, 2018. The person then used a stolen ID that included Bah’s name, address and other personal details, but not his photo, according to the suit. This may actually have been a non-photo learner’s permit that Bah previously lost, the suit says. Bah is African American.

The lawsuit accuses Apple of negligence, emotional distress, defamation, slander, libel and fraudulent concealment.

Because they didn’t bother to look at the guy they arrested vs the security camera footage BEFORE they arrested him. Though that’s as much on the cops as on Apple.

Apple Defamed a Kid, He Wants His Payday

Facial recognition gone wrong. A teenager is suing Apple for $1 billion over facial recognition tech. OK that link is broken in a day. Here’s the CNET story. Teen hits Apple with $1B lawsuit over facial recognition arrest. Quotes are from the original. Not sure why that source booted the story…

An 18-year-old from New York is currently trying to take Apple for around 0.1 per cent of the company worth – $1 billion – for a facial recognition faux pas that has allegedly seen him charged in New York, Massachusetts, Delaware and New Jersey for thefts that were nothing to do with him.

The only way to get the tech giants to change their ways – short of antitrust action, which I don’t see happening – is to cause them real financial harm.

Facial recognition not being a reliable tool in law enforcement? We’re shocked. Absolutely shocked.

Would You Let a Random Stranger Install Cameras In Your Home?

Of course not. But you will buy cheap “security cameras” and install them without even bothering to change the default credentials, for the most part. P2P Weakness Exposes Millions of IoT Devices.

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

The “random people” viewing stuff collected from security cameras, doorbell-cameras, baby-monitors, etc. include the .gov, as well as bad people.

There are at least 2 million vulnerable devices on the internet. Only about 7 percent are in the USA, with largest portion in China, and about 17 percent in Europe. (Click thru – there’s a map.)

And in a side note about how these companies treat security… none of the companies that manufacture/rebrand this stuff responded to requests, or even acknowledged the problem. And then there’s this.

Interestingly, iLnk’s Web site (p1.i-lnk[.]com) currently appears to be non-functional, and a review of its HTML source code indicates the site is currently compromised by an obfuscated script that tries to redirect visitors to a Chinese gaming Web site.

And the researcher doesn’t think it is possible for these to be fixed in the field, not that any of the companies involved are likely to try.

If you install this kind of crap in your home, and you don’t know precisely what the risks are, well, the best thing I can say is you need to educate yourself. And you may want to rethink that.