Category Archives: privacy

Ummm FBI…what are you doing with my UDID?

When I first heard about the recent hack of 12 million Apple device UDIDs, I wasn’t too concerned.

I caught a sound bite on Fox 5 News, on my way out the door, so the details were necessarily sketchy.

But hackers hack.

So what?

In my mind, the 12 million hacked UDIDs was a drop in the bucket relative to the total number of Apple devices out there.

I felt my nonchalant attitude was warranted.

But then I learned that these IDs had allegedly been lifted from a FBI laptop that hackers had somehow gained access to.

And then I started to be a little more concerned.

Why is the FBI just leaving laptops with sensitive information laying around?

And why the hell does an FBI laptop have 12 million UDIDs on it?

What legitimate purpose could the FBI possibly have for acquiring the UDIDs in the first place?

And then I learned that it wasn’t just random UDIDs.

The laptop allegedly also contained specific information about the users connected to those device IDs, including their names, email addresses and credit card information.

And now I’m concerned.

My colleagues, in the office, were following the story and passed around the link to the site where you could check to see if you were among the victims of this latest digital security breach.

We joked about how not being on the list didn’t mean that you were any more secure, than if you had been.

All jokes aside – I immediately checked to see if any of my devices were among those compromised.

Luckily they were not.

But despite my relief, I can’t help but be a tad ticked off.

The infamous hacks and blatant privacy policy violations of Google, Facebook, LinkedIn, Chase, et al, can leave no doubt that ‘online security’ is a misnomer.

With this latest gaffe, we’ve learned that even the Feds are in on the chicanery.

And although both the FBI and Apple have denied that any such leak occurred, in light of the frequency with which hacks occur it’s hard to believe either of them.

It seems like every other day, we hear about some major leak of private or secure data.

And if it’s hackers, doing their thing, then so be it.

Hackers serve a legitimate role in keeping these corporations, who have a fiduciary duty to safeguard our information, on their collective j-o-b.

Without hackers exposing the flaws in corporate firewalls and security protocols, our shit would be a whole lot less secure than it is.

On an aside – I’m waiting for September 29th – the day after hackers have threatened to release Romney’s tax returns.

I digress.

This latest incident has exposed a reality that few of us really consider…

That online information is inherently insecure.

Each time you fill out an online form, use your credit card to make a purchase from your mobile phone, or create a digital profile on some site, you compromise your data.

And in this increasingly digital world we live in, this compromise is virtually inescapable.

Of course, most many some a few of us take steps to safeguard our information online.

We use services like 1password to avoid the trap of using common passwords for all of our online accounts.

We change our passwords frequently and don’t share them with anyone.

We do whatever we have to do to avoid having our private info floating around in cyberspace.

At the end of the day, I pray that these cats get their acts together.

And despite the denials, if this hack is real, then Apple and the FBI, you’ve got some splainin’ to do!

Leave a comment

Filed under digital advocacy, opinion, privacy, rant, technology

Google sucks balls (and steals Safari user’s information)

I’m sure you’ve heard about the $22.5 million settlement between Google and the FTC to resolve Google’s theft of information by users of the Apple Safari browser.

Apparently, Google pimped a loophole in Safari’s privacy settings designed to prevent third-party cookies.

Employing what was essentially a hack, Google fooled Safari into thinking that a user had interacted with a Google ad.

Once Safari was tricked, cookies were placed on the device, unbeknown to the user.

20120810-110517.jpg

The Wall Street Journal summarized Google’s trickery quite succinctly.

For a company whose motto is ‘Don’t Be Evil’, Google seems to be pretty rotten pretty often.

Wasn’t there a dust up not too long ago about Google surreptitiously mining its users’ data in ways violative of their own privacy policy?

Mind you, Google was already in hot water for its previous naughty behavior.

This settlement comes in the wake of another 2011 settlement, in which Google was found to have engaged in questionable practices.

Of course, Google has admitted no wrongdoing.

Every time they get caught with their pants down, they do a Sandusky a proclaim their innocence.

“It wasn’t me.”

“It was an accident.”

“They wanted me to stick my cookies in there.”

Lies. Lies. Lies.

And we all know they’re lying.

Google didn’t become the search giant they are by accident.

I mean seriously?

Google employs some of the most sophisticated search algorithms known to man.

They have thousands of Ivy League engineers and computer scientists on staff.

Everything they do is calculated.

So you’ll pardon me if I find it a tad implausible that “an accident” caused them to circumvent the privacy protocols on the browser of its principal rival.

Me thinks not.

More likely, this was a carefully crafted strategy to make more money at the expense of unwitting Safari users.

At the end of the day, as many observers have noted, $22.5M is a drop in the bucket to Google.

They’ll make that shit back in a day.

Since this settlement didn’t include an admission of guilt on Google’s part, it’s business as usual.

We’ll all soon forget and forgive.

Google will get back to playing Big Brother to the unsuspecting masses, all the while flashing innocent doe eyes.

But I’ll not be lulled into a false sense of security.

And know this, Google: you suck balls and one day your evil ways shall be your undoing.

1 Comment

Filed under digital advocacy, opinion, privacy, technology

Trouble in Paradise. Apple’s Privacy Loophole.

Apple, I hope you're paying attention! Cause we're watching you!

With all the different websites, email platforms, social media sites, and mobile apps out there, we’re constantly agreeing to the terms and conditions of use as a condition for being able to use these platforms.

Few of us, rarely (if ever) actually read the fine print, and typically scroll through to the end of this usually voluminous text or simply check the “I Agree” box so that we can get passed the legalese and into the <insert name of digital thing you want to play with here>.

Most of us take it for granted, that if we’re signing up for something – anything – online, that there are sufficient safeguards in place that protect our personal information.

We usually aren’t worried that our private information isn’t going to be shared, sniffed, phished, sold, traded or otherwise accessed in any nefarious way.

And if it IS going to be so utilized, we’ll be given clear and unambiguous notice of such (nefarious) intent, and the option and opportunity to opt out of such use/mis-use of our information.

Right?

WRONG!

Last week, Gizmodo reported that Path, the smart journal app that lets you share your life’s experiences with your friends and personal network, was uploading its’ users’ contact information to their servers, without either the knowledge or consent of the apps’ users.

After the issue was raised, and many bloggers expressed outrage and dismay at Path’s actions, the company quickly removed all the uploaded data and apologized.

However, another Gizmodo’s piece (published today) exposed a troubling issue that continues to exist with Apple’s apps: the fact that any app can access and utilize the contacts from any user’s address book unchecked by Apple.

Now you must know, Apple’s entire paradigm is built on protecting a user’s privacy.

Anyone who uses Apple devices, can attest to the fact that everything is permission based.

You can’t pass gas using an Apple device,without a pop-up asking if you’re sure you want to do that.

Which makes the Path loophole, even more disconcerting.

If you’re like me, you’ve got a number of different apps on your iOS devices.

You take it for granted that any app that you’ve got on your device, passed Apple’s rigorous muster, and isn’t going to do anything or can’t do anything to compromise the integrity of other data you’ve got residing on your device.

You certainly don’t expect that an app is going to be able to not only access your private data, but also share that data without your knoweldge or consent.

Mind you, Path had taken advantage of Apple’s failure to protect the data in your contacts.

While Apple scrutinizes every app that ultimately makes it into the App store, this loophole exists on an operating system level, outside of that scrutiny.

As Gizmodo aptly summarizes:

The problem is that the address book service doesn’t use the same mechanism. It’s free for the taking. This is where the privacy clusterfuck ensues. Some app developers—like Path did—are taking advantage of this weakness. The fact is that, at this point, any app can access your address book and steal all your contacts. Just like that. We don’t know which apps may be doing this right now. That is a scary thought and Apple should have thought about it.

Who knows which of these apps are utilizing this back-door approach to access (and potentially suck up) my contacts (and who knows what else).

Apple MUST do something about this – and soon!

As Jesus Diaz (the author of the Gizmodo piece) puts it, “Apple should have made the access to your contacts information as restricted as to the user’s geolocation data.”

I’m going to keep an eye out for the resolution of this issue, and keep you posted.

But whatever the case may be, be careful what you put on your iOS device, it may be gaffling your info!

Leave a comment

Filed under apps, digital advocacy, iPad, iPhone, mobile, privacy, technology, Uncategorized