Skip to content

Spyware

Not so Smart using a Smart TV

As reported Vizio’s Smart TVs spied on you

Starting in 2014, Vizio made TVs that automatically tracked what consumers were watching and transmitted that data back to its servers. Vizio even retrofitted older models by installing its tracking software remotely. All of this, the FTC and AG allege, was done without clearly telling consumers or getting their consent.

What did Vizio know about what was going on in the privacy of consumers’ homes? On a second-by-second basis, Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie, and commercial content. What’s more, Vizio identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts. Add it all up and Vizio captured as many as 100 billion data points each day from millions of TVs.

Vizio then turned that mountain of data into cash by selling consumers’ viewing histories to advertisers and others. And let’s be clear: We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership. And Vizio permitted these companies to track and target its consumers across devices.

That’s what Vizio was up to behind the screen, but what was the company telling consumers? Not much, according to the complaint.

Source here

Well for their offense Vizio was slapped with 2.2million fine. Sounds like a lot, right? Well as a colleague of mine observed, that is 20cents per TV. In other words, it was a great ROI for Vizio and points out how toothless the FTC really is.

So what to do? Turn off all the Smart TV features, boycott Vizio (that said, Samsung and others are just as bad it may appear). Better Yet, unplug the TV from the Internet.

Some sites suggest that Roku and Apple streaming boxes front-ending your TV are better. I am not so sure as I know with the Roku, at least, one needs to reset your ID often to clear the tracking and there does not appear to be a permanent “Kill” switch for this type of spyware crap.

I am toying of building my own set top streaming device using the RasberryPI. If I do so, I will pay pay special attention to the privacy aspects of the embedded software I use and report findings here. Don’t hold your breath, time is at a premium of here.

Anyway – welcome to the iDIoT. The Insecure Dumbed-down Internet of Things

Nick

Microsoft Admits Windows 10 Automatic Spying Cannot Be Stopped

Windows10-Spy
Quote

…Speaking to PC World, Microsoft Corporate Vice President Joe Belfiore explained that Windows 10 is constantly tracking how it operates and how you are using it and sending that information back to Microsoft by default. More importantly he also confirmed that, despite offering some options to turn elements of tracking off, core data collection simply cannot be stopped:

“In the cases where we’ve not provided options, we feel that those things have to do with the health of the system,” he said. “In the case of knowing that our system that we’ve created is crashing, or is having serious performance problems, we view that as so helpful to the ecosystem and so not an issue of personal privacy, that today we collect that data so that we make that experience better for everyone.”

To his credit, Belfiore does recognise the controversial nature of this decision and stresses that:

“We’re going to continue to listen to what the broad public says about these decisions, and ultimately our goal is to balance the right thing happening for the most people – really, for everyone – with complexity that comes with putting in a whole lot of control.”

B.S.!


Interestingly Belfiore himself won’t be around to oversee this as he is about to take a year long sabbatical. When he comes back, however, I suspect this issue will still be raging as Windows and Devices Group head Terry Myerson recently confirmed Windows 10 Enterprise users will be able to disable every single aspect of Microsoft data collection.

This comes in combination with Windows 10 Pro and Enterprise users’ ability to permanently disable automatic updates which are forced upon consumers and shows the growing divide between how Microsoft is treating consumers versus corporations.

So how concerned should users be about Windows 10’s default data collection policies? I would say very.

By default Windows 10 Home is allowed to control your bandwidth usage, install any software it wants whenever it wants (without providing detailed information on what these updates do), display ads in the Start Menu (currently it has been limited to app advertisements), send your hardware details and any changes you make to Microsoft and even log your browser history and keystrokes which the Windows End User Licence Agreement (EULA) states you allow Microsoft to use for analysis.

The good news: even if Belfiore states you cannot switch off everything, editing your privacy settings will disable the worst of these. To find them open the Start menu > Settings > Privacy.

The bad news: despite Belfiore’s pledge “to continue to listen”, Microsoft’s actions (including the impending Windows 7 and Windows 8 upgrade pressure) suggests the company’s recent love for Big Brother tactics is only going to get worse before it gets better…

Answer? Stay on windows 7 pro or switch to a Linux distro. It is time that users stand up and say “Stop spying or I will stop using your products.” Remember, Windows 10 is not free, you pay for the privileged to get raped by their ilk!

Spyware from Apple iTunes, Google Play, and Microsoft App Store

Quote

“Many trusted applications downloaded from Apple iTunes, Google Play, and Microsoft App Store are spying, snooping and stealing,” said Cybersecurity Expert Gary S. Miliefsky, CEO of SnoopWall, Inc.

See: https://www.youtube.com/watch?v=Q8xz8xKEFvU

This video has gone viral with nearly 6 million views, yet malicious flashlight app downloads have reached nearly 1 billion devices.

During FinDEVr, Miliefsky will demonstrate how popular apps are eavesdropping on bank accounts stealing PINs and credentials and monitoring check deposit from the largest banks in America. Consumers must be made aware of the fact that their smartphones are natural targets; that malware exists in trusted apps; and that ALL major mobile banking applications are susceptible to this exploitation.”

One of the big issues I see in the mobile space is the phone manufacturers & providers themselves. Their updates often contain spyware to sell more services, the operating systems themselves are not secure, especially with Android, and there is no easy application level control that allows users to select which apps can talk to the internet and which cannot (like a good workstation based firewall). Google Apps (GAPPS) are one of the biggest offenders. But they are not alone.

This is a big part of the Cyber Security problem and not just in mobile. Systems are insecure in many ways by design so manufacturers can collect as much data as they can and sell it advertisers and/or use it themselves to sell more. Windows 10 OS s a good case in point. Unfortunately, those same vehicles use by manufacturers to get user data are also used by nefarious actors to do the same and then use the data for identity and credit card theft and other criminal pursuits.

I think the ultimate solution for Mobile, at least in the non Apple market, will be a complete divorce from hardware and operating system. CyanogenMod and other open source projects have started in this direction. Will this take off? I think it will be very difficult as there is so much money at stake form both the Phone Manufacturers that want to sell more kit and the Phone Carriers that are in bed with them to sell more services and collect as much info as they can on users. I also think the average user will still want a turn-key easy to use solution. That said, a secure feature rich phone is not difficult, just at the moment not as profitable.