Skip to content

Privacy

TomTom Privacy – a Good Model!

So I previously posted the disgusting Garmin Privacy policy. There is a fine alternative. TomTom.  (I have no financial interest in TomTom and do not sell their products. I just want to show an alternative)

Firstly they state clearly the principles

TomTom is all about where you are and getting to where you want to be. We help you achieve more. Sometimes we’ll need to know some things about you in order to help you. While we collect and use your data, we fully understand that you value your privacy.

We believe privacy is about freedom and being able to decide for yourself who uses your data and how. This is why we have established our Privacy Principles:

1. We will always keep you fully informed about your data

We make sure you understand which data from or about you we use, why we use it, how long we use it and who can use it.

2. We enable you to remain in control of your data

We consider the data from or about you to be yours. We only use it for the purposes for which you have given it to us, or for which we collected it from you. You can opt out or opt in at any time using our software and websites.

3. We protect your data

Your data is yours. We keep it that way by protecting it as best as we reasonably can to prevent it from falling into the wrong hands.

Read the whole thing HERE. Unlike Garmin their default is privacy

We will not share your data with others without asking you for permission first, unless there is a legal obligation that prohibits us from asking.

Say YES to TomTom and shame on Garmin

Garmin: Your Privacy Matters (NOT!)

So here is the latest privacy update to come out in the wake of all the Facebook flack. This one is terrible.

Garmin Privacy Policy Full Text Here

Personal data that is processed when you use your Garmin auto navigation device or app:

If you use a Garmin auto navigation device or app and provide your consent, then Garmin will collect and upload from your device data such as location, speed, direction, and time and date of recording. If you provide your consent when asked, then Garmin may also share this aggregated data with or sell this data to third parties to enhance the quality of the traffic, parking and other features enabled by content providers.

Oh great Garmin – Why is the default to violate your user’s privacy? Where is the link to OPT OUT?

Personal data that is processed when you use location features on your Garmin device or app:

If you elect to use location-based services, such as weather, traffic information, fuel prices, movie times, and local event information, on your Garmin app or device, then the physical location of your device will be collected, in order for Garmin or our providers to provide you with such location-based services.

No Consent option??

Basically Garmin the deal is this. We have high prices for your products and your default is to monetize this further by stealing and selling our personal information as the default.

Sorry – Just say NO to Garmin

Yahoo Mail – The “OATH” to spy and track you

“Yahoo is now part of Oath, the media and tech company behind today’s top news, sports and entertainment sites and apps.”

..and behind overt violations of your privacy

This includes: analyzing content and information when you use our services (including emails, instant messages, posts, photos, attachments, and other communications), linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends. …sharing Data with Verizon. Oath and its affiliates may share the information we receive with Verizon.

Verizon – another bad actor when it comes to privacy and acting like a monopoly

And of course, like Facebook, they buy other data sources, combine it and build a profile on you

Information from Others. We collect information about you when we receive it from other users, third-parties, and affiliates, such as:

When you connect your account to third-party services or sign in using a third-party partner (like Facebook or Twitter).
From publicly-available sources.
From advertisers about your experiences or interactions with their offerings.
When we obtain information from third-parties or other companies, such as those that use our Services. This may include your activity on other sites and apps as well as information those third-parties provide to you or us.
We may also receive information from Verizon and will honor the choices Verizon customers have made about the uses of this information when we receive and use this data.

The details — full privacy policy here

Just say no to Yahoo and OATH which includes AOL

ROKU = SPYWARE

Roku has updated their privacy policy. It is awful.

B. Information collected automatically

When you use the Roku Services, we and our partners may use unique device identifiers, cookies, pixel tags, web beacons and other similar technologies to receive and store information on an automated basis.

What this means

[They} collect usage data such as your search history (including letters you key in for searches, and utterances provided if you choose to use voice-enabled functions such as voice search (if available on your Roku Device)), search results, content and advertisements you select and view, including through use of automatic content recognition technology (ACR) (see “Smart TV Experience and ACR on Roku TVs” (Part I, Section B-4) and “Choices regarding Smart TV Experience and ACR on Roku TVs” (Part IV, Section E), below), and content settings and preferences, channels you add and view, including time and duration in the channels, and other usage statistics….

Third parties who provide us with analytics services for the Roku Services may also automatically collect some of the information described above, including, for example, IP address, access times, browser type and language, device type, device identifiers and Wi-Fi information…

We may receive data about you from data providers and combine it with the data that we collect from you.

You don’t like, They will charge you a fee

If you have a Roku account, you may view and update certain contact and billing information we have about you by logging into your account on Roku.com. If you otherwise wish to ask for access, correction, or deletion of any of your personal information held by us or a change in the way we use your information (for which we reserve the right to charge you a fee, as permitted by applicable law), please contact us at: customer.advocate@roku.com. However, Roku may decline requests that are unreasonable, prohibited by law, or are not required to be honored by applicable law.

Oh and this cop out…

At this time there is no accepted standard for how to respond to Do Not Track signals, and we do not respond to such signals.

After all this I logged into my Roku account and tried to find the privacy and/or opt-out links. Not there! The only way is to reset your identifier, but that is temporary as the new identifier starts a new collection process.

Bottom line — use a NON Smart TV and build your own KODI box.

Full ROKU Privacy statement is here for the US

Still Using Yahoo Mail? Maybe time to stop

Quote

Yahoo and AOL’s privacy policy lets them plunder your emails for ads

TECH COMPANY and porridge ingredient for lispers Oath has updated its privacy policy, and it seems it’s all policy and no privacy.

As you may recall, Oath is a group of companies made up primarily of Yahoo and AOL. Keen to find some way of making some actual ruddy money, it appears that targeted adverts in its mail services are going to be a big part of it.

If we’ve learned one thing over the past month or so, it’s that targeted adverts require access to users’ personal data.

And sure enough, the new privacy policy introduces ‘scanning’ of emails for the purposes or finding just the right thing to annoy you with.

Let’s look at some of the really scary bits.

Firstly it says that it “analyses and stores all communications content, including email content from incoming and outgoing mail,” so it can “deliver, personalise and develop relevant features, content, advertising and Services.”

Yahoo did that already, but now it applies to AOL too.

If there was any clearer indication that this is a bad thing, it’s that Google had already stopped doing this for Gmail as a reflection of public opinion turning against this invasion of privacy.

The Oath group can also “analyse your content and other information (including emails, instant messages, posts photos, attachments, and other communications),” and even check up on your spending habits with the somewhat chilling analysis of “user content around certain interactions with financial institutions.”

The company says that it has automated systems to take out anything to identify you, but at the same time, those same systems are going to be used potentially to identify and tag your pictures. So… what’s up with that?

The fact that the company has decided to do this now, when the issue is so embedded in the news already and moral panic is rising, suggests that Oath has no choice in doing something like this to maintain profitability.

Thing is, you do. Yahoo, particularly, has been a security nightmare for a long time over its email service and if you’re still using it, then perhaps its time to take another look at whether it’s time to take a step back and question if it’s time for a change.

Internet of insecure Things: Software still riddled with security holes

Quote

An audit of the security of IoT mobile applications available on official stores has found that tech to safeguard the world of connected things remains outstandingly mediocre.

Pradeo Security put a representative sample of 100 iOS and Android applications developed to manage connected objects (heaters, lights, door-locks, baby monitors, CCTV etc) through their paces.

Researchers at the mobile security firm found that around one in seven (15 per cent) applications sourced from the Google Play and Apple App Store were vulnerable to takeover. Hijacking was a risk because these apps were discovered to be defenceless against bugs that might lend themselves to man-in-the-middle attacks.

Four in five of the tested applications carry vulnerabilities, with an average of 15 per application.

Security
Internet of insecure Things: Software still riddled with security holes
Which means devices could be pwned by crooks
By John Leyden 28 Mar 2018 at 15:29
15 Reg comments SHARE ▼

An audit of the security of IoT mobile applications available on official stores has found that tech to safeguard the world of connected things remains outstandingly mediocre.

Pradeo Security put a representative sample of 100 iOS and Android applications developed to manage connected objects (heaters, lights, door-locks, baby monitors, CCTV etc) through their paces.

Researchers at the mobile security firm found that around one in seven (15 per cent) applications sourced from the Google Play and Apple App Store were vulnerable to takeover. Hijacking was a risk because these apps were discovered to be defenceless against bugs that might lend themselves to man-in-the-middle attacks.

Four in five of the tested applications carry vulnerabilities, with an average of 15 per application.

Around one in 12 (8 per cent) of applications phoned home or otherwise connected to uncertified servers. “Among these, some [certificates] have expired and are available for sale. Anyone buying them could access all the data they receive,” Pradeo warns.

Pradeo’s team also discovered that the vast majority of the apps leaked the data they processed. Failings in this area were many and varied.

Application file content: 81 per cent of applications
Hardware information (device manufacturer, commercial name, battery status…): 73 per cent
Device information (OS version number…): 73 per cent
Temporary files: 38 per cent
Phone network information (service provider, country code…): 27 per cent
Video and audio records: 19 per cent
Files coming from app static data: 19 per cent
Geolocation: 12 per cent
Network information (IP address, 2D address, Wi-Fi connection state): 12 per cent
Device identifiers (IMEI): 8 per cent

Pradeo Security said it had notified the vendors involved about the security problems it uncovered in their kit

Facebook’s Mark Zuckerberg Vows to Bolster Privacy Amid Cambridge

Sounds like bullshit to me. And how can he even do this. This is his business: harvesting and selling his user’s personal data by offering a honeypot free service to clueless (and some not so clueless) users?

After several days of silence, amid a growing chorus of criticism, Facebook chief executive Mark Zuckerberg publicly addressed the misuse of data belonging to 50 million users of the social network.

“We have a responsibility to protect your data,” Mr. Zuckerberg said Wednesday in a Facebook post, his preferred means of communication, “and if we can’t then we don’t deserve to serve you.”

Wait – you don’t serve your users..they serve you Zucky

Read more

Facebook Leak or OMG – you mean facebook has my data?

Well unless you live under a rock, Facebook has been caught once again with their pants down. Lets see…

LONDON — As the upstart voter-profiling company Cambridge Analytica prepared to wade into the 2014 American midterm elections, it had a problem.

The firm had secured a $15 million investment from Robert Mercer, the wealthy Republican donor, and wooed his political adviser, Stephen K. Bannon, with the promise of tools that could identify the personalities of American voters and influence their behavior. But it did not have the data to make its new products work.

So the firm harvested private information from the Facebook profiles of more than 50 million users without their permission, according to former Cambridge employees, associates and documents, making it one of the largest data leaks in the social network’s history. The breach allowed the company to exploit the private social media activity of a huge swath of the American electorate, developing techniques that underpinned its work on President Trump’s campaign in 2016.


But the full scale of the data leak involving Americans has not been previously disclosed — and Facebook, until now, has not acknowledged it. Interviews with a half-dozen former employees and contractors, and a review of the firm’s emails and documents, have revealed that Cambridge not only relied on the private Facebook data but still possesses most or all of the trove.

Read more

Oh I am so shocked, SHOCKED I Say

And today learned that Cambridge Analytica Suspends C.E.O. Amid Facebook Data Scandal

Cambridge Analytica, the political data firm with ties to President Trump’s 2016 campaign, suspended its chief executive, Alexander Nix, on Tuesday, amid the furor over the access it gained to private information on more than 50 million Facebook users.

The decision came after a television broadcast in which Mr. Nix was recorded suggesting that the company had used seduction and bribery to entrap politicians and influence foreign elections.

The suspension marked a new low point for the fortunes of Cambridge Analytica and for Mr. Nix, who spent much of the past year making bold claims about the role his outfit played in the election of Mr. Trump. The company, founded by Stephen K. Bannon and Robert Mercer, a wealthy Republican donor who has put at least $15 million into it, offered tools that it claimed could identify the personalities of American voters and influence their behavior.

So-called psychographic modeling techniques, which were built in part with the data harvested from Facebook, underpinned Cambridge Analytica’s work for the Trump campaign in 2016. Mr. Nix once called the practice “our secret sauce,” though some have questioned its effectiveness.

But in recent days, the firm has found itself under increased scrutiny from lawmakers, regulators and prosecutors in the United States and Britain following reports in The New York Times and The Observer of London that the firm had harvested the Facebook data, and that it still had a copy of the information.

Read more

As I said before, anyone who uses facebook, has an Alexa, smart TVs (for the clueless) and so forth really needs to get educated on privacy and IT Security. I will copy and post the “Whips” excellent comment to this article

Let’s be clear here: Facebook doesn’t steal our data; we give it to them, one Like at a time.

For decades, Europe has had a Data Protection Directive that runs circles around the U.S.’s, such as it is–and it’s about to get even stronger with the GDPR, which will improve user control over our own data.

Instead of Americans spewing moral outrage at the weekly corporate affront (last week Experian, this week Facebook, next week who knows), why not grow up and demand a national approach to data protection?

Lets Encrypt/Certbot

Been busy updating and moving our server last few weeks so not much time for posting. I did try out Lets Encrypt. My experience is mixed. I wanted to put it on our *non store* sites like this one. (On our store we use a real paid for cert.) They seem to have a lot of issues with timeouts and no real solution. We were able to hit their limits. For every timeout we encountered, they had actually issued a cert, but we never got it.

It is a nice idea, but it is not with out controversy. Here is a good article:

Lets Encrypt Good, Bad, Ugly

Facebook needs to be regulated more tightly, or broken up so that no single entity controls all of its data

Quote

The message was clear: The company just wanted negative stories to stop. It didn’t really care how the data was used.

Facebook knows what you look like, your location, who your friends are, your interests, if you’re in a relationship or not, and what other pages you look at on the web. This data allows advertisers to target the more than one billion Facebook visitors a day. It’s no wonder the company has ballooned in size to a $500 billion behemoth in the five years since its I.P.O.

The more data it has on offer, the more value it creates for advertisers. That means it has no incentive to police the collection or use of that data — except when negative press or regulators are involved. Facebook is free to do almost whatever it wants with your personal information, and has no reason to put safeguards in place.

For a few years, Facebook’s developer platform hosted a thriving ecosystem of popular social games. Remember the age of Farmville and Candy Crush? The premise was simple: Users agreed to give game developers access to their data in exchange for free use of addictive games.

..

In one instance, a developer appeared to be using Facebook data to automatically generate profiles of children, without their consent. When I called the company responsible for the app, it claimed that Facebook’s policies on data use were not being violated, but we had no way to confirm whether that was true. Once data passed from the platform to a developer, Facebook had no view of the data or control over it. In other cases, developers asked for permission to get user data that their apps obviously didn’t need — such as a social game asking for all of your photos and messages. People rarely read permissions request forms carefully, so they often authorize access to sensitive information without realizing it.

At a company that was deeply concerned about protecting its users, this situation would have been met with a robust effort to cut off developers who were making questionable use of data. But when I was at Facebook, the typical reaction I recall looked like this: try to put any negative press coverage to bed as quickly as possible, with no sincere efforts to put safeguards in place or to identify and stop abusive developers. When I proposed a deeper audit of developers’ use of Facebook’s data, one executive asked me, “Do you really want to see what you’ll find?”

The message was clear: The company just wanted negative stories to stop. It didn’t really care how the data was used.

This makes for a dangerous mix: a company that reaches most of the country every day and has the most detailed set of personal data ever assembled, but has no incentive to prevent abuse. Facebook needs to be regulated more tightly, or broken up so that no single entity controls all of its data. The company won’t protect us by itself, and nothing less than our democracy is at stake.

Indeed. And users, including businesses, need to get serious about privacy and the damage the likes of facebook are doing and flee Facebook and their ilk in droves. Will this happen? I doubt it. As long as it is free they will come. As the increased popularity of Alexa, and other personal assistants that listen in shows, people are continuing to invite these modern forms of big brother into their private lives.