Privacy

Instagram prototypes handing your location history to Facebook

This is sure to exacerbate fears that Facebook will further exploit Instagram now that its founders have resigned. Instagram has been spotted prototyping a new privacy setting that would allow it to share your location history with Facebook. That means your exact GPS coordinates collected by Instagram, even when you’re not using the app, would help Facebook to target you with ads and recommend you relevant content. Worryingly, the Location History sharing setting was defaulted to On in the prototype. The geo-tagged data would appear to users in their Facebook Profile’s Activity Log, which include creepy daily maps of the places you been. This commingling of data could upset users who want to limit Facebook’s surveillance of their lives. With Facebook installing its former...

Facebook is weaponizing security to erode privacy

At a Senate hearing this week in which US lawmakers quizzed tech giants on how they should go about drawing up comprehensive Federal consumer privacy protection legislation, Apple’s VP of software technology described privacy as a “core value” for the company. “We want your device to know everything about you but we don’t think we should,” Bud Tribble told them in his opening remarks. Facebook was not at the commerce committee hearing which, as well as Apple, included reps from Amazon, AT&T, Charter Communications, Google and Twitter. But the company could hardly have made such a claim had it been in the room, given that its business is based on trying to know everything about you in order to dart you with ads. You could say Facebook has ‘hosti...

Security experts say Chrome 69’s ‘forced login’ feature violates user privacy

A new feature in the latest version of Google Chrome that logs users into the browser when they sign in to a Google site has come under fire. Until recently, it was the user’s choice to log-in to the browser. Now, any time that you sign in to a Google site in Chrome 69 — like Google Search, Gmail or YouTube — Chrome will also log you in, too. But the change has left users unclear why the “feature” was pushed on them in the first place. Many security folks have already panned the move as unwanted behavior, arguing it violates their privacy. Some users had good reasons not to want to be logged into Chrome, but now Chrome seems to takes that decision away from the user. Matthew Green, a cryptography professor at Johns Hopkins, rebuked the move in a blog post over the weekend...

Seven reasons not to trust Facebook to play cupid

This week Facebook has launched a major new product play, slotting an algorithmic dating service inside its walled garden as if that’s perfectly normal behavior for an ageing social network. Insert your [dad dancing GIF of choice] right here. Facebook getting into dating looks very much like a mid-life crisis — as a veteran social network desperately seeks a new strategy to stay relevant in an age when app users have largely moved on from social network ‘lifecasting’ to more bounded forms of sharing, via private messaging and/or friend groups inside dedicated messaging and sharing apps. The erstwhile Facebook status update has long been usurped by the Snapchat (and now Instagram) Story as the social currency of choice for younger app users. Of course Facebook owns t...

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Most modern computers, even devices with disk encryption, are vulnerable to a new attack that can steal sensitive data in a matter of minutes, new research says. In new findings published Wednesday, F-Secure said that none of the existing firmware security measures in every laptop it tested “does a good enough job” of preventing data theft. F-Secure principal security consultant Olle Segerdahl told TechCrunch that the vulnerabilities put “nearly all” laptops and desktops — both Windows and Mac users — at risk. The new exploit is built on the foundations of a traditional cold boot attack, which hackers have long used to steal data from a shut-down computer. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But...

The best security and privacy features in iOS 12 and macOS Mojave

September is Apple hardware season, where we expect new iPhones, a new Apple Watch and more. But what makes the good stuff run is the software within. First revealed earlier this year at the company’s annual WWDC developer event in June, iOS 12 and macOS Mojave focus on a running theme: security and privacy for the masses. Ahead of Wednesday big reveal, here’s all the good stuff to look out for. macOS Mojave macOS Mojave will be the sixth iteration of the Mac operating system, named after a location in California where Apple is based. It comes with dark mode, file stacks, and group FaceTime calls. Safari now prevents browser fingerprinting and cross-site tracking What does it do? Safari will use a new “intelligent tracking prevention” feature to prevent advertisers ...

Firefox will soon start blocking trackers by default

Mozilla today announced that its Firefox browser will soon by default automatically block all attempts at cross-site tracking. There are three parts to this strategy. Starting with version 63, which is currently in testing in the browser’s nightly release channel, Firefox will block all slow-loading trackers (with ads being the biggest offender here). Those are trackers that take more than five seconds to load. Starting with Firefox 65, the browser will also strip all cookies and block all storage access from third-party trackers. In addition, Mozilla is also working on blocking cryptomining scripts and trackers that fingerprint users. As usual, the timeline could still change, depending on how these first tests work out. “In the physical world, users wouldn’t expect hundreds of vendors to...

This is Google’s Titan security key

Google isn’t one to shy away from bold claims. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a spokesperson told TechCrunch. And it’s probably true. Think of a security key as like a two-factor authentication code that’s sent to your phone — but instead a USB stick in your pocket. Two-factor authentication is stronger than just a username and password, but text message codes can be intercepted and many sites and services don’t yet support the stronger authenticator codes. Security keys are one of the strongest lines of defense against account breaches. That’s because a hacker on the other side of the world trying to break into your account needs not only your password but also your physical key — and that’s not something a hacker can e...

DuckDuckGo gets $10M from Omers for global privacy push

Pro-privacy search engine DuckDuckGo, which offers an alternative to surveillance engines like Google, has quietly picked up $10M in fresh funding from Canadian pension fund Omers’ VC arm. The Globe and Mail reported the news earlier this month. It’s only the second funding round for the ten year old company — which last picked up $3M in VC all the way back in 2011, according to Crunchbase. In a blog post announcing the investment, Omers Ventures argues that privacy and security concerns have “risen to the forefront of public consciousness” over the past five years — noting how governments are responding to public demand and data breaches and “starting to take real action”, citing the European Union’s updated privacy framework, GDPR, as one example. With that conviction in mind, the fund a...

Privacy groups ask senators to confirm US surveillance oversight nominees

A coalition of privacy groups are calling on lawmakers to fill the vacant positions on the government’s surveillance oversight board, which hasn’t fully functioned in almost two years. The Privacy and Civil Liberties Oversight Board, known as PCLOB, is a little-known but important group that helps to ensure that intelligence agencies and executive branch policies are falling within the law. The board’s work allows them to have access to classified programs run by the dozen-plus intelligence agencies and determine if they’re legal and effective, while balancing Americans’ privacy and civil liberties rights. In its most recent unclassified major report in 2015, PCLOB called for an end of the NSA’s collection of Americans’ phone records. But the board fell out of quorum when four members left...

George Church’s genetics on the blockchain startup just raised $4.3 million from Khosla

Nebula Genomics, the startup that wants to put your whole genome on the blockchain, has announced the raise of $4.3 million in Series A from Khosla Ventures and other leading tech VC’s such as Arch Venture Partners, Fenbushi Capital, Mayfield, F-Prime Capital Partners, Great Point Ventures, Windham Venture Partners, Hemi Ventures, Mirae Asset, Hikma Ventures and Heartbeat Labs. Nebula has also has forged a partnership with genome sequencing company Veritas Genetics. Veritas was one of the first companies to sequence the entire human genome for less than $1,000 in 2015, later adding all that info to the touch of a button on your smartphone. Both Nebula and Veritas were cofounded by MIT professor and “godfather” of the Human Genome Project, George Church. The partnership between the two comp...

Yahoo still scans your emails for ads — even if its rivals won’t

You’re not the only one reading your emails. A deep dive in The Wall Street Journal on Tuesday dug out new details on a massive email scanning operation by Oath, the Verizon-owned subsidiary that’s the combined business of AOL and Yahoo. The email-scanning program analyzes over 200 million AOL and Yahoo inboxes for data that can be sold to advertisers. (Disclosure: TechCrunch is owned by Verizon by way of Oath.) The logic goes that by learning about its users, the internet giant can hone its ad-targeting effort to display the most relevant ads. But where other major email providers have bailed from email scanning amid privacy scandals and security issues, Oath remains the outlier. Google ended its ad-targeting email-scanning operation across its consumer Gmail service last year — a decisio...