Rewarded for sharing your data? Sign me up!

Rewarded for sharing your data? Sign me up!

Companies now starting to pay users for their data, in efforts to be more ethical. Large Bluetooth security flaw detected proving potentially harmful to millions. Blockchain’s future looking bright as privacy-preserving technology booms. Canadian federal elections being ‘watched’ for their history of ‘watching’ public.

Rewarded for sharing your data? Sign me up!

Drop Technologies has secured USD$44 million in investments towards growing a technology-based alternative towards traditional customer loyalty programs. With over three million users signed up already, as well as 300 brands on its platform, such as Expedia and Postmates, the company is headed in the right direction. 

Given that Facebook and other tech giants are monetizing data without user permission, getting paid for it doesn’t seem like a bad idea after all. “I’m a Facebook user and an Instagram user, and these guys are just monetizing my data left and right, without much transparency,” said Onsi Sawiris, a managing partner at New York’s HOF Capital.” At least if I’m signing up for Drop, I know that if they’re using my data I will get something in return, and it’s very clear” (Source).

This alternative to rewards programs basically tracks your spending with all of their 300+ brands, and lets you earn points that you can spend at certain companies such as Starbucks of Uber Eats. If it’s an alternative to credit card rewards, it will be beneficial to consumers looking for extra savings on their purchases. So don’t drop it till you try it!

Bluetooth proving to be a potential data breach vulnerability 

Researchers have discovered a flaw that leaves millions of Bluetooth users vulnerable to data breaches. This flaw enables attackers to interfere while two users are trying to connect without being detected, as long as they’re within a certain range. From music to conversations, to data entered through a Bluetooth device, anything could be at risk. “Upon checking more than 14 Bluetooth chips from popular manufacturers such as Qualcomm, Apple, and Intel, researchers discovered that all the tested devices are vulnerable to attacks” (Source). 

Fortunately, some companies such as Apple and Intel have already implemented security upgrades on their devices. Users are also advised to keep their security, software, and firmware updated at all times. 

Get ready for blockchain advancements like never before

For the past decade, blockchain has been used to build an ecosystem where cryptocurrencies and peer-to-peer transactions are just a few of the many use cases. (Source).

Traditionally, data is shared across centralized networks, leaving systems vulnerable to attacks. However, with decentralization as an added security measure to blockchain, the threat of a single point of failure across a distributed network is eradicated. 

As more and more companies turn to blockchain to gain the benefits of more efficient data sharing and easier data transfers, privacy is overlooked.

In most public blockchains today, transactions are visible to all nodes of a network. Naturally, of course, the issue of privacy is raised due to the sensitive nature of the data, and this transparency comes at a cost. With digital transformation happening all around us, privacy protection cannot be ignored.

To address privacy, many blockchain companies are employing privacy-preserving mechanisms on their infrastructures, from zero-knowledge proofs to encryption algorithms such as Multi-Party Computation (MPC). These mechanisms encrypt data as it’s shared and only reveal the specific elements needed for a specific task (Source).

Costs efficiencies and a better understanding of consumer needs are just a few of the advantages of privacy-preserving mechanisms being introduced. As data and privacy go hand in hand in the future, equitability and trust will be our key to unlock new possibilities that enhance life as we know it (Source).

Upcoming Canadian elections could turn into surveillance problem

Once again, the Canadian federal elections are raising concerns about interference and disruption through the misuse of personal data. In the past, political parties have been known to use their power to influence populations who are not aware of how their data is being used. 

Since data has played a major role in elections, this could become a surveillance issue because experts who study surveillance say that harnessing data has been the key to electoral success, in past elections. “Politicians the world over now believe they can win elections if they just have better, more refined and more accurate data on the electorate” (Source).

A related issue is a lack of transparency between voters and electoral candidates. “There is a divide between how little is publicly known about what actually goes on in platform businesses that create online networks, like Facebook or Twitter, and what supporters of proper democratic practices argue should be known” (Source).

The officials of this upcoming election should be paying close attention to the public’s personal data and how it is being used.

Join our newsletter


A deep dive into Facebook’s privacy today

A deep dive into Facebook’s privacy today

This week we take an in-depth look into what privacy looks like for Facebook. First, we will explore what user data Facebook is collecting. Then, we will look at how Facebook is invading users’ privacy… again. Finally, we will discuss the new privacy scam directed at Facebook.

See and control what Facebook collects from you

Last year, Facebook announced their upcoming release of a tool to ‘clear history’ and delete data that third-party websites and apps share with the social media giant. Fast-forward to today, the company has kept its word and has released the tool in Ireland, South Korea, and Spain. 

The tool, known as ‘Off-Facebook Activity’, allows you to see and control what information has been collected about you by apps and websites and sent to Facebook. It will show you information about your online activities, the questions you search on Google and your online shopping history. However, while it has the option to disconnect the data, it cannot delete it.

If you choose to clear your activity, Facebook will simply remove your identifying information from the data and unlink it to your account. It will not delete the data (Source).

This is the first step in the right direction, as this is the first time Facebook has allowed users to control or even see this information.

Facebook’s voice transcripts more invasive

Facebook has been transcribing users’ audio clips for quality control and to improve the accuracy of their services. Unlike Alexa or Google Home workers listening to user recordings, Facebook’s audio does not come from users giving smart assistants commands but from human-to-human communication. Bloomberg reported that Facebook contractors were kept in the dark with regards to where the audio came from and why these audio clips needed to be transcribed. 

While Google, Apple, and Facebook have temporarily suspended human audio reviews, Amazon has chosen to let its users opt-out (Source).

Another Facebook privacy scam, and this time it’s not Facebook’s fault

People have been reposting and resharing a viral message, that explicitly notifies Facebook of their rights as users.

“Don’t forget tomorrow starts the new Facebook rule where they can use your photos. Don’t forget Deadline today!!! It can be used in court cases in litigation against you. Everything you’ve ever posted becomes public from today Even messages that have been deleted or the photos not allowed. It costs nothing for a simple copy and paste, better safe than sorry. Channel 13 News talked about the change in Facebook’s privacy policy. I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, messages or posts, both past and future. With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents. The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308- 1 1 308-103 and the Rome Statute. NOTE: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version. If you do not publish a statement at least once it will be tacitly allowing the use of your photos, as well as the information contained in the profile status updates. FACEBOOK DOES NOT HAVE MY PERMISSION TO SHARE PHOTOS OR MESSAGES.”

It is not real, it is a scam, and there are several reasons why:

1. The message is written poorly with no attention to capitalization and grammar.

2. There is no way you can end up in court by using social media.

3. Facebook does not own your content, there are several discrepancies. 

4. Posting a statement on your Facebook timeline that is contrary to Facebook’s privacy terms has no legal effect nor does it change Facebook’s privacy policies (Source).

However, if you are still wary about your privacy being at risk, take some measures to be safer. Change your privacy controls. Don’t post content that you don’t want being shared. Or, simply cancel your account for the best protection guaranteed. 

 

Join our newsletter


How to Decode a Privacy Policy

How to Decode a Privacy Policy

How to Decode a Privacy Policy

91% of Americans skip privacy policies before downloading apps. It is no secret that people and businesses are taking advantage of that, given that there’s a new app scandal, data breach, or hack everyday. For example, take a look at the FaceApp fiasco from last month.

In their terms of use, they clearly state the following;

 “You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public” (Source).

However, these documents should actually be rendered important, especially since it discloses legal information about your data, including what the company will do with your data, how they will use it and with whom they will share it. 

So let’s look at the most efficient way to read through these excruciating documents. Search for specific terms by doing a keyword or key phrase search. The following terms are a great starting point: 

  • Third parties
  • Except
  • Retain
  • Opt-out
  • Delete
  • With the exception of
  • Store/storage
  • Rights 
  • Public 

“All consumers must understand the threats, their rights, and what companies are asking you to agree to in return for downloading any app,” Adam Levin, Founder of CyberScout says. “We’re living in an instant-gratification society, where people are more willing to agree to something because they want it right now. But this usually comes at a price” (Source).

New York Passes Data Breach Law

A New York law has recently been passed, known as the SHIELD Act, or the Stop Hacks and Improve Electronic Data Security Act. This act requires businesses that collect personal data from New York residents to comply. Below are some of the act’s enforcement and features: 

  • requires notification to affected consumers when there is a security breach,
  • broadens the scope of covered information, 
  • expands the definition of what a data breach means, 
  • and extends the notification requirement to any entity with the private information of a New York resident (Source)

Why Apple Won’t Let You Delete Siri Recordings

Apple claims to protect its users’ privacy by not letting them delete their specific recordings. “Apple’s Siri recordings are given a random identifier each time the voice assistant is activated. That practice means Apple can’t find your specific voice recordings. It also means voice recordings can’t be traced back to a specific account or device” (Source).

After it was reported that contractors were listening to private Siri conversations, including doctor discussions and intimate encounters, Apple needed to change its privacy policies. 

The reason why Siri works differently than its rivals is because of how Google Assistant or Alexa data is connected directly with a user’s account for personalization and customer service reasons. Apple works differently, as they don’t rely too much on ad revenue and customer personalization like their rivals – they rely on their hardware products and services.

LAPD Data Breach Exposes 2,500 Officers’ Data

The PII of about 17,500 LAPD applicants and 2,500 officers has been stolen in a recent data breach, with information such as names, IDs, addresses, dates of birth and employee IDs compromised.

LAPD and the city are working together to understand the severity and impact of the breach. 

“We are also taking steps to ensure the department’s data is protected from any further intrusions,” the LAPD said. “The employees and individuals who may have been affected by this incident have been notified, and we will continue to update them as we progress through this investigation” (Source).

Join our newsletter


How Google Can Solve its Privacy Problems

How Google Can Solve its Privacy Problems

Google and the University of Chicago’s Medical Center have made headlines for the wrong reasons.  According to a June 26th New York Times report, a lawsuit filed in the US District Court for Northern Illinois alleged that a data-sharing partnership between the University of Chicago’s Medical Center and Google had “shared too much personal information,” without appropriate consent. Though the data sets had ostensibly been anonymized, the potential for re-identification was too high. Therefore, they had compromised the privacy rights of the individual named in the lawsuit.

The project was touted as a way to improve predictions in medicine and realize the utility of electronic health records through data science. Its coverage today instead focuses on risks to patients and invasions of privacy. Across industries like finance, retail, telecom, and more, the same potential for positive impact through data science exists, as does the potential for exposure-risk to consumers. The potential value created through data science is such that institutions must figure out how to address privacy concerns.

No one wants their medical records and sensitive information to be exposed. Yet, they do want research to progress and to benefit from innovation. That is the dilemma faced by individuals today. People are okay with their data being used in medical research, so long as their data is protected and cannot be used to re-identify them. So where did the University of Chicago go wrong in sharing data with Google — and was it a case of negligence, ignorance, or a lack of investment?

The basis of the lawsuit claims that the data shared between the two parties were still susceptible to re-identification through inference attacks and mosaic effects. Though the data sets had been stripped of direct identifiers and anonymized, they still contained date stamps of when patients checked in and out of the hospital. When combined with other data that Google held separately, like location data from phones and mapping apps, the university’s data could be used to re-identify individuals in the data set. Free text medical notes from doctors, though de-identified in some fashion, were also contained in the data set, further compounding the exposure of private information.

Inference attacks and mosaic effect methods combine information from different data sets to re-identify individuals. They are now well-documented realities that institutions cannot be excused for being ignorant of. Indirect identifiers must also be assessed for the risk of re-identification of an individual and included when considering privacy-protection. 

Significant advancements in data science have led to improvements in data privacy technologies, and controls for data collaboration. Autonomous, systematic, meta-data classification, and re-identification risk assessment and scoring, are two processes that would have made an immediate difference in this case. Differential privacy and Secure Multiparty-Computation are two others.

Privacy automation systems encompassing these technologies are a reality today. Privacy management is often seen as an additional overhead cost to data science projects. That is a mistake. Tactical use of data security solutions, like encryption and hashing, to privacy-protect data sets are also not enough, as can be attested to by the victims of this case.

As we saw with Cybersecurity over the last decade, it took several years and continued data theft and hacks making headlines before organizations implemented advanced Cybersecurity and intrusion detection systems. Cybersecurity solutions are now seen as an essential component of an enterprise’s infrastructure and have a commitment at the board level to keep company data safe and their brand untarnished. Boards must reflect on the negative outcomes of lawsuits like this one, where the identity of its customers are being compromised, and their trust damaged. 

Today, data science projects without advanced automated privacy protection solutions should not pass internal privacy governance and data compliance. Additionally, these projects should not use customer data, even if the data is anonymized, until automated privacy risk assessments solutions can accurately reveal the level of re-identification risk (inclusive of inference attacks, and the mosaic effect).  

With the sensitivity around privacy in data science projects in our public discourse today, any enterprise not investing and implementing advanced privacy management systems only exposes itself as having no regard for the ethical use of customer data. The potential for harm is not a matter of if, but when.

Join our newsletter


Productivity at the Cost of Privacy? WhatsApp Has Been Compromised.

Productivity at the Cost of Privacy? WhatsApp Has Been Compromised.

Facebook privacy issues

Smart homes are not so smart when it comes to protecting privacy. WhatsApp gets hacked by Israeli spies. Intel notifies customers about security flaws with chipNew regulations push companies to have better data management. Australian data breach affects 10 million civilians.

Smart Homes: Not so Smart

Smart homes reduce effort and make life easier, but it comes at a cost. You and your family’s privacy is put at risk because of the trade-off between productivity and safety.

One of the most popular forms of a smart home is the digital assistant. Google Home and Alexa are the major players in this area. These devices are continuously listening for “activation” words or phrases, and thus, your entire conversation history is saved in their server. As a result, many scary and embarrassing stories have surfaced, and yes, even from Amazon and Google products. 

If consumers do their part and take the necessary security steps, they should be able to enjoy the benefits of their smart home without sacrificing privacy. Here are some ways you can secure your smart home:

  • Review and delete your voice history from time to time.
  • Secure your network.
  • Change your wake or activation word or phrase.
  • Delete old recordings.
  • Strengthen your passwords.

Do everything you can to secure your home from being vulnerable to attacks.

WhatsApp Gets Hacked

WhatsApp, an app used by millions of people worldwide, has been compromised. On Tuesday, an Israeli spy firm injected malware into targeted phones to steal data, by simply placing a call. Recipients did not even need to answer the call. What’s worse, the call could not be traced in the log. The company states that only a select few have been affected, but they do not know the exact number.

Intel Chip Suffers Security Flaws

In other news, Intel, also known as the worldwide computer chip maker, has just notified the world about a security flaw that can prove to be harmful to millions of PCs. Attackers are able to get their hands on any data that a victim’s processor touches. Not scary at all…

New Regulations Call for Better Data Management

With privacy laws, such as the GDPR, in place, businesses now need to implement firmer data privacy enforcement. 

Every company we interact with uses our data -from The Weather Network to IBM. “[C]ompanies use… data to calibrate advertising campaigns to potential customers’ preferences, a type of personalization 90 percent of consumers say they find appealing,” says, Eric Archer-Smith, from BETA News. Although it helps with preferences and marketing, if found in the wrong hands, it could prove to be dangerous. Thus, companies today must find the perfect balance between personalization and privacy when collecting consumer data for analysis.

Australian Data Breach Affects 10 Million Civilians

The Office of the Australian Information Commissioner (OAIC) recently reported that over 10 million people were hit in a single Australian data breach. Although the report did not specify the origin of the breach that affected these people, it specified that the incident took place between January 1, 2019, and March 31, 2019. Private health was, yet again, the most affected sector.

Join our newsletter



See How Companies Are Taking Part in Privacy Awareness Week

See How Companies Are Taking Part in Privacy Awareness Week

Facebook privacy issues

It’s Privacy Awareness week! This year, the theme is how “protecting privacy is everyone’s responsibility.” Google is trying to fix their privacy blunders even though experts are not impressed, while Amazon is still making the same blunders as before. Beware Canada, a rise in data breaches prompts significant warning. Canadian wireless carrier, Freedom Mobile, exposed for leaking 15,000 of their customers’ data.

Google wants us to know they have changed. They are emphasizing privacy like never before. For example, they are enhancing existing and adding new features.

A lot of their new moves are straight out of Apple’s playbook, such as:

  • On-device machine learning
  • Better in-app privacy controls
  • More control over websites tracking with cookies
  • Incognito mode on Google Search and Maps

Not to mention, by reducing the cost of their hardware, they have the upper hand over Apple’s costlier hardware.

However, with their announcement on how they plan to give people more privacy control, experts are not very impressed. Ad-blocker company, Ghostery, says these changes are more to save face and less to save consumer privacy. These are marginal improvements, as they may be ignoring larger problems associated with consumer data privacy.

Regardless, Google’s new privacy features put the responsibility on users. They recently announced Android Q, its latest mobile OS, combined with 50 privacy and security features, including enhanced location tracking controls. Additionally, Google users can now set time limits for how long Google retains a certain type of information.

While Google is trying to make up for its data sins, Amazon is still making the same mistakes. Amazon Echo’s kid version, Echo Dot Kids, has been accused of tracking kids data without consent. Complaints have been filed to the Federal Trade Commission urging investigation. “We urge the FTC to investigate Amazon’s violations of the Children’s Online Privacy Protection Act (COPPA) for the safety and privacy of American children”.

Specifically, in Canada, the BC Office for the Information and Privacy Commissioner and the Better Business Bureau are warning individuals and companies to do a better job protecting their personal data. Last year, online shopping scams reached a whopping 3.5 million across Canada. “People get caught in the excitement to capitalize on a sale, grab that risk-free trial or purchase the last item before it goes out of stock and ends up jeopardizing their privacy.”

That being said, a Freedom mobile data breach has hit 15,000 customers. They were warned by researchers days before the breach, but Freedom responded only after the breach was made public. Luckily, they found no evidence leading them to believe data has been misused and they are now “conducting a full forensic investigation to determine the full scope of impact”.

With privacy awareness week upon us, now is a great time to stay informed on the best tools to help your business remain fool-proof in terms of data breaches and privacy protection.

Join our newsletter