Tag: Privacy

Google location tracking continues even when turned off

Turning off Google location tracking may not be as simple as changing one setting to “off,” according to new research.

An AP investigation found that even with Google location tracking turned off, certain apps will take a timestamped snapshot of the user’s location and store that data when the user performs a search, opens Google Maps, or checks the weather.The unexpected Google location tracking behavior on Android and iOS devices has been confirmed by computer science researchers at Princeton University.

Read more about how it is possible for Google to track your movements even when location tracking is turned off, on TechTarget.

Digital trust: Security pros, business execs and consumers see it differently

An extensive global survey of consumers, cybersecurity professionals and business executives about their views on digital trust conducted by analyst firm Frost & Sullivan, highlights how consumers perceive and trust organizations to protect their digital data.

Responses to the survey showed that the Digital Trust Index for 2018 is 61 points out of 100, a score that indicates flagging faith from consumers surveyed in the ability or desire of organizations to fully protect user data.

Read more about the findings of the new survey by Frost & Sullivan on Help Net Security.

California Consumer Privacy Act: What you need to know to be compliant

In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect this past spring. The California law doesn’t have some of GDPR’s most onerous requirements, but in certain respects it goes even farther.

The California Consumer Privacy Act takes a broader view than the GDPR of what constitutes private data. The challenge for security, then, is to locate and secure that private data.

Read more about California’s new privacy law, AB 375, and learn how to be compliant on CSO.

Privacy pros gaining control of technology decision-making over IT

TrustArc and IAPP announced the results of new research that examined how privacy technology is bought and deployed to address privacy and data protection challenges.

Surveying privacy professionals worldwide, the findings of the survey show that privacy management technology usage is on the rise across all regions and that privacy teams have significant influence on purchasing decisions for eight of the ten technology categories surveyed.

Read more about the findings of the new survey by TrustArc and IAPP on Help Net Security.

German web hosting firm DomainFactory suffers data breach

DomainFactory, one of the largest web hosting companies in Germany, has suffered a data breach. The breach dates back to January 29, 2018, and the attacker had access to the following data: customer name, company name, customer number, address, email address, telephone number, DomainFactory phone password, date of birth, bank name and account number, and Schufa score (German credit score).

The first indication that a breach happened was a post by the attacker on the DomainFactory support forum on July 3. The forum has since been temporarily shut down but, according to Heise Online (in German), the attacker published data of a number of customers as proof.

Read more about the data breach at German web hosting firm DomainFactory on Help Net Security.

Polar fitness app exposed locations, names and addresses of soldiers and spies

For the second time this year, a fitness app is to blame for revealing the locations of people working at military bases, intelligence agencies and other sensitive sites as well as pinpointing those users’ homes.

The fitness app Polar Flow allows users to share the GPS locations of where they are exploring – aka exercising; that’s supposedly a feature and not a flaw. Yet the API could be queried to reveal users’ fitness activities, their locations, their homes – as it is often where people would turn on and later off the tracking when beginning and ending a workout – and some additional sleuthing revealed even users’ names.

Read how reporters used the Explore API of the Polar fitness app to determine the GPS location data of sensitive locations as well as the names and addresses of soldiers and spies, on CSO.

A Seismic Shift: What California’s New Privacy Law Means for Cybersecurity

The enactment of the California Consumer Privacy Act of 2018 (CCPA) on June 28 is the latest in a series of new laws and regulations around the world that represent a fundamental shift from the reactionary approach to security governance we’ve followed since the 1980s.

Starting with the European Union’s General Data Protection Regulation (GDPR) and continuing with New York’s Department of Financial Services (NY DFS) cybersecurity regulations, privacy and security are now inextricably linked in the U.S.

Read how the CCPA, GDPR and the NY DFS regulations are driving a change in how businesses approach cybersecurity thanks to similar language found in all three policies: the duty to implement and maintain reasonable security procedures and practices, on Security Magazine.

Phone apps aren’t secretly listening to your calls: But what they do is still ‘alarming’

For years people have suspected apps on their phone are listening to what they say after suddenly seeing ads for things they only spoke of but never searched for. But, as Gizmodo reports, researchers from Northeastern University who analyzed over 17,000 popular Android apps found that none of them activates the microphone and sends out audio without a user prompt.

The researchers nonetheless say they have found “alarming” privacy risks in the Android ecosystem after discovering that some apps share image and video data with third parties without the user knowing or consenting to it.

Read more about the disconcerting findings of the research by Northeastern University on ZDNet.

Be careful business pros: App developers could be spying your Gmail inbox

Employees of third-party app developers are reading Gmail users’ private messages, the Wall Street Journal has reported. Outside app developers create services that function with Gmail to give users personalized assistance, like shopping or travel suggestions. However, these developers are also using personal emails to gain insight into users’ interests.

Last year, Google promised to not read user emails for ad targeting purposes. But the tech giant has done little to protect Gmail user accounts accessed by third-party developers, according to the Journal.

Read more about how third-party app developers can read the Gmail inboxes of users who opt in to email-based services on TechRepublic.

NSA deleting millions of phone call and text records over privacy violations

“Technical irregularities” have the NSA scrambling to delete millions upon millions of phone and text message data records the agency should never have obtained under the USA Freedom Act.

While The New York Times reported the number of call detail records (CDR) the NSA was deleting was in “hundreds of millions,” the Associated Press clocked the number at “more than 685 million call records.” If that number is correct, then it came from the 534 million records the NSA collected in 2017 as well as the 151 million records collected in 2016, which was the first full year after the USA Freedom Act surveillance rules kicked in.

Read more about why the NSA has started deleting all call detail records acquired since 2015, something it has admitted  in a public statement, on CSO.