Jump to content

Search the Community

Showing results for tags 'snooping'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 12 results

  1. The Ministry of Home Affairs has issued a notification giving sweeping powers to 10 government agencies to snoop on any computer in the country. In the order dated Thursday, December 20, the ministry has enabled Intelligence Bureau, Narcotics Control Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Central Bureau of Investigation, National Investigation Agency, Cabinet Secretariat, Directorate of Signal Intelligence, and Delhi Commissioner of Police to monitor, decrypt, and intercept “any information generated, transmitted, received or stored in any computer.” After outrage on social media and elsewhere on Friday, the government moved to clarify that the order is not new and it merely reiterates the powers that were already available to these agencies since 2009. “No new powers have been conferred to any of the security or law enforcement agencies,” the government noted in a statement. It also stated that all requests to monitor, intercept, and decrypt any computer's data have to be approved by the competent authority. The Union Home Secretary is such an authority for the central government and the Chief Secretary for the state government. Signed by Home Secretary Rajiv Gauba, the order not just allows these agencies to track your digital life but also mandates full cooperation from the citizens to help the agencies access your data. According to the notification, the subscriber or service provider or any person in charge of the computer resource is bound to extend all facilities and technical assistance to the agencies. Failing this, they can face seven years in jail and a fine. The new order greatly expands the powers of these agencies, which were earlier only allowed to intercept calls or data. Essentially, the government agencies can now tap your calls, read your online communication, access data stored on your computer whether or not it is connected to the Internet as well as intercept any digital information that you share with others and vice versa. "For the first time, powers of scanning data at rest have been given to various agencies. Earlier, only data in motion could be intercepted. But now data revived, stored and generated can also be intercepted as powers of seizure have been given," a senior bureaucrat explained to NDTV. According to a home ministry official, the order extends the powers of the law enforcement agencies to match the needs of the present day. The government order has drawn sharp condemnation from politicians and citizens online. “Why is every Indian being treated like a criminal? This order by a government wanting to snoop on every citizen is unconstitutional and in breach of the telephone tapping guidelines, the Privacy Judgement and the Aadhaar judgement," CPM leader Sitaram Yechury tweeted. Organisations like the Internet Freedom Foundation have also criticised the order. source
  2. Stay-at-home Bond types set off the loudest irony klaxon Maybe don't snoop on a charity that makes privacy its priority... UK SPOOKS HAVE FESSED-UP to unlawfully snooping on and sifting through the private data of Privacy International, all thanks to bulk data collection. As part of the MI5's Bulk Communications Data and Bulk Personal Data programmes, supposedly used to detect criminal and terrorist activity, Britain's domestic intelligence agency ended up gathering and perusing Privacy International's private data. And it wasn't the only one, as other UK spook conclaves, GCHQ and MI6, were also found to have collected the charity's data. But all three were forced to admit they'd be carrying out such unlawful data collection as documents were published that revealed Privacy International has been caught up in MI5's investigations due to the charity's data being in the vast databases British intelligence has. Privacy International noted, in a somewhat own trumpet blowing fashion, that this all came to light as part of its legal challenge against bulk data collection powers. Having a look through the case notes ourselves - and bearing in mind we're journalists, not lawyers - it looks like the data held on Privacy International seemed to be more a quirk of bulk data collection as opposed to active spying against Privacy International. Not that such an activity excuses the intelligence services; it arguably demonstrates that bulk data collection isn't a great intelligence gathering technique. Unsurprisingly, Caroline Wilson Palow, general counsel at Privacy International was hardly impressed by the snooping. "Today's revelations are troubling for a whole host of reasons. The UK intelligence agencies' bulk collection of communications data and personal data has been shown to be as vast we have always imagined - it sweeps in almost everyone, including human rights organisations like Privacy International," Palow said. "Not only was Privacy International caught up in the surveillance dragnet, its data was actually examined by agents from the UK's domestic-facing intelligence agency - MI5. We do not know why MI5 reviewed Privacy International's data, but the fact that it happened at all should raise serious questions for all of us. "Should a domestic intelligence agency charged with protecting national security be spying on a human rights organisation based in London? Shouldn't such spying, if permitted at all, be subject to the strictest of safeguards? In an era when human rights and democracy are under threat all over the world, the UK should demonstrate leadership by protecting human rights defenders." Privacy Intentional is now asking for MI5 to clarify why it snooped on the charity, as well as writing an open letter to Home Secretary, Sajid Javid MP, expressing concern at the snooping and asking him to confirm ht changes he'll make to the Investigatory Powers Act as a result of the European Court of Human Right's judgment against it last week. We approached the Home Office for comment - MI5 doesn't sully itself with the unwashed public directly - but we've yet to get a response. Breaching the privacy of a charity that makes privacy its raison du etre is one of the dumbest things we've heard. And it's dryly amusing that it comes from MI5, which has apparently got a good track record of being pretty decent at intelligence work. As such, we wouldn't be surprised if this isn't the straw that breaks the camel's back when it comes to bulk data collection, as the UK intelligence agencies and government has basically given Privacy International an almighty big stick to brandish at them. Source
  3. Microsoft’s Obscure ‘Self Service for Mobile’ Office Activation Microsoft requires a product activation after installing. Users of Microsoft Office currently are facing trouble during telephone activation. After dealing with this issue, I came across another obscure behavior, Microsoft’s ‘Self Service for Mobile’ solution to activate Microsoft Office via mobile devices. Microsoft describes how to activate Microsoft Office 2013, 2016 and Office 365 within this document. There are several possibilities to activate an installed product, via Internet or via Telephone for instance. Activation by phone is required, if the maximum Internet activation threshold is reached. But Office activation by phone fails Within my blog post Office Telephone activation is no longer supported error I’ve addressed the basis issue. If a user re-installs Office, the phone activation fails. The activation dialog box shows the message “Telephone activation is no longer supported for your product“. Microsoft has confirmed this issue for Office 2016 users having a non subscriber installation. But also users of Microsoft Office 2010 or Microsoft Office 2013 are affected. A blog reader posted a tip: Use Mobile devices activation… I’ve posted an article Office 2010: Telefonaktivierung eingestellt? – Merkwürdigkeit II about the Office 2010 telephone activation issue within my German blog, back in January 2017. Then a reader pointed me within a comment to a Self Service for Mobile website. The link http: // bit.ly/2cQPMCb, shortened by bit.ly, points to a website https: // microsoft.gointeract.io/mobileweb/… that provides an ability to activate Microsoft Office (see screenshot below). After selecting a 6 or 7 Digits entry, an activation window with numerical buttons to enter the installation id will be shown (see screenshots shown below). The user has to enter the installation id and receives the activation id – plain and simple. Some users commented within my German blog, that this feature works like a charm. Obscurity, conspiracy, oh my God, what have they done? I didn’t inspect the posted link until writing last Fridays blog post Office Telephone activation is no longer supported error. My idea was, to mention the “Self Service for Mobile” page within the new article. I managed to alter the link to direct it to the English Self Service for Mobile language service site. Suddenly I noticed, that both, the German and also the English “Self Service for Mobile” sites uses https, but are flagged as “unsecure” in Google Chrome (see the screenshot below, showing the German edition of this web page. The popup shown for the web site „Self Service for Mobile“ says, that there is mixed content (images) on the page, so it’s not secure. That catches my attention, and I started to investigate the details. Below are the details for the German version of the web site shown in Google Chrome (but the English web site has the same issues). First of all, I noticed, that the „Self Service for Mobile“ site doesn’t belongs to a microsoft.com domain – in my view a must for a Microsoft activation page. Inspecting the details, I found out, the site contains mixed content (an image contained within the site was delivered via http). The content of the site was also delivered by Cloudflare (I’ve never noticed that case for MS websites before). The image flagged in the mixed content issue was the Microsoft logo, shown within the sites header, transferred via http. The certificate was issued by Go Daddy (an US company) and ends on March 2017. I’ve never noticed, that Go Daddy belongs to Microsoft. I came across Go Daddy during analyzing a phishing campaign months ago. A compromised server, used as a relay by a phishing campaign, has been hosted (according to Whois records) by Go Daddy. But my take down notice send to Go Daddy has never been answered. That causes all alarm bells ringing in my head, because it’s a typical behavior used in phishing sites. Also my further findings didn’t calm the alarm bells in my head. The subdomain microsoft used above doesn’t belongs to a Microsoft domain, it points to a domain gointeract.io. Tying to obtain details about the owner of gointeract.io via WhoIs ended with the following record. Domain : gointeract.io Status : Live Expiry : 2021-03-14 NS 1 : ns-887.awsdns-46.net NS 2 : ns-1211.awsdns-23.org NS 3 : ns-127.awsdns-15.com NS 4 : ns-1980.awsdns-55.co.uk Owner OrgName : Jacada Check for 'gointeract.sh' --- http://www.nic.sh/go/whois/gointeract.sh Check for 'gointeract.ac' --- http://www.nic.ac/go/whois/gointeract.ac Pretty short, isn’t it? No Admin c, no contact person, and Microsoft isn’t mentioned at all, but the domain has been registered till 2021. The Owner OrgName Jacada was unknown to me. Searching the web didn’t gave me more insights at first. Overall, the whole site looks obscure to me. The tiny text, shown within the browser’s lower left corner, was a hyperlink. The German edition of the „Self Service for Mobile“ site opens a French Microsoft site – the English site opens an English Microsoft site. My first conclusion was: Hell, I was tricked by a phishing comment – somebody set up this site to grab installation ids of Office users. So I deactivated the link within the comment and I posted a warning within my German blog post, not to use this „Self Service for Mobile“ site. I also tried to contact the user, who has posted the comment, via e-mail. … but “Microsoft” provides these links … User JaDz responded immediately in an additional comment, and wrote, that the link shortened via bit.ly has been send from Microsoft via SMS – after he tried the telephone activation and selected the option to activate via a mobile device. I didn’t noticed that before – so my conclusion was: Hell, this obscure „Self Service for Mobile“ site is indeed related to Microsoft. Then I started again a web search, but this time with the keywords Jacada and Microsoft. Google showed several hits, pointing to the site jacada.com (see screenshot below). It seems that Jacada is a kind of service provider for several customers. I wasn’t able to find Microsoft within the customer reference. But I know, that Microsoft used external services for some activities. Now I suppose, that somebody from Jacada set up the „Self Service for Mobile“ activation site. The Ajax code used is obviously able to communicate with Microsoft’s activation servers and obtain an activation id. And Microsoft’s activation mechanism provides an option to send the bit.ly link via SMS. Closing words: Security by obscurity? At this point I was left really puzzled. We are not talking about a startup located within a garage. We are having dealing with Microsoft, a multi billion company, that claims to run highly secured and trustable cloud infrastructures world wide. But what’s left, after we wipe of the marketing stuff? The Office activation via telephone is broken (Microsoft confirmed that, after it was reported by customers!). As a customer in need to activate a legal owned, but re-installed, Microsoft Office is facing a nasty situation. Telephone activation is refused, the customers will be (wrongly) notified, that this option is no longer supported. Internet activation is refused due “to many online activations” – well done. But we are not finish yet. They set up a „Self Service for Mobile“ activation site in a way, that is frequently used by phishers. They are sending links via SMS to this site requesting to enter sensitive data like install ids. A site that is using mixed content via https, and is displaying an activation id. In my eyes a security night mare. But maybe I’ve overlooked or misinterpreted something. If you have more insights or an idea, or if my assumptions a wrong, feel free, to drop a comment. I will try to reach out and ask Microsoft for a comment about this issue. Article in German Source Alternate Source reading - AskWoody: Born: Office activation site controlled by a non-Microsoft company
  4. Microsoft published master lists of endpoint connections that recent versions of the company's Windows 10 operating system make recently. Microsoft released the first version of Windows 10 three years ago and privacy has been a hot topic ever since. We published Windows 10 and Privacy back in 2015 to highlight privacy issues such as the inability to turn off Telemetry collection and transfers in the user interface. Microsoft was criticized by government agencies in various countries such as France or the Netherlands for privacy issues, and a rising arsenal of privacy tools for Windows 10 promised users protection against the data hunger of Microsoft. One option that Windows users and administrators have is to block endpoints so that connections can't be established. The method requires extensive testing as critical functionality may become unavailable when connections are blocked. If you block Windows Update endpoints, you should not be surprised that you cannot use the automatic updating system anymore to keep the operating system up to date. Default Windows 10 systems, those installed using default settings and left untouched, make a large number of connections automatically for a variety of purposes. Windows 10 checks for updates regularly, checks new files against Windows Defender databases, or submits telemetry data to Microsoft. While some connections are required for the operating system to work properly, others may be disabled without noticeable impact in functionality; the latter is true especially if features are not used on the system. Microsoft released a master list of Windows Endpoints for non-Enterprise and for Enterprise editions of Windows recently. The non-Enterprise listing is available for Windows 10 version 1709 and 1803, the Enterprise-specific listing for Windows 10 version 1709. Tip: Check out my side-project Privacy Amp for detailed lists and other privacy related topics. Without further ado, here are the connection endpoints of Windows 10 version 1803 (non-Enterprise). Windows 10 Family Destination Protocol Description *.e-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.g.akamaiedge.net HTTPS Used to check for updates to maps that have been downloaded for offline use. *.s-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ HTTP Enables connections to Windows Update. arc.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. arc.msn.com/v3/Delivery/Placement HTTPS Used to retrieve Windows Spotlight metadata. client-office365-tas.msedge.net* HTTPS Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. config.edge.skype.com/config/* HTTPS Used to retrieve Skype configuration values. ctldl.windowsupdate.com/msdownload/update* HTTP Used to download certificates that are publicly known to be fraudulent. cy2.displaycatalog.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.licensing.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.settings.data.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. displaycatalog.mp.microsoft.com* HTTPS Used to communicate with Microsoft Store. dm3p.wns.notify.windows.com.akadns.net HTTPS Used for the Windows Push Notification Services (WNS). fe2.update.microsoft.com* HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. fe3.delivery.dsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. fe3.delivery.mp.microsoft.com HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. g.live.com/odclientsettings/Prod HTTPS Used by OneDrive for Business to download and verify app updates. g.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. geo-prod.dodsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update. ipv4.login.msa.akadns6.net HTTPS Used for Microsoft accounts to sign in. licensing.mp.microsoft.com/v7.0/licenses/content HTTPS Used for online activation and some app licensing. location-inference-westus.cloudapp.net HTTPS Used for location data. maps.windows.com/windows-app-web-link HTTPS Link to Maps application. modern.watson.data.microsoft.com.akadns.net HTTPS Used by Windows Error Reporting. ocos-office365-s2s.msedge.net* HTTPS Used to connect to the Office 365 portal's shared infrastructure. ocsp.digicert.com* HTTP CRL and OCSP checks to the issuing certificate authorities. oneclient.sfx.ms* HTTPS Used by OneDrive for Business to download and verify app updates. query.prod.cms.rt.microsoft.com* HTTPS Used to retrieve Windows Spotlight metadata. ris.api.iris.microsoft.com* HTTPS Used to retrieve Windows Spotlight metadata. settings.data.microsoft.com/settings/v2.0/* HTTPS Used for Windows apps to dynamically update their configuration. settings-win.data.microsoft.com/settings/* HTTPS Used as a way for apps to dynamically update their configuration. sls.update.microsoft.com* HTTPS Enables connections to Windows Update. storecatalogrevocation.storequality.microsoft.com* HTTPS Used to revoke licenses for malicious apps on the Microsoft Store. storeedgefd.dsx.mp.microsoft.com* HTTPS Used to communicate with Microsoft Store. tile-service.weather.microsoft.com* HTTP Used to download updates to the Weather app Live Tile. tsfe.trafficshaping.dsp.mp.microsoft.com HTTPS Used for content regulation. ip5.afdorigin-prod-am02.afdogw.com HTTPS Used to serve office 365 experimentation traffic. watson.telemetry.microsoft.com/Telemetry.Request HTTPS Used by Windows Error Reporting. Windows 10 Pro Destination Protocol Description *.e-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.g.akamaiedge.net HTTPS Used to check for updates to maps that have been downloaded for offline use. *.s-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. .tlu.dl.delivery.mp.microsoft.com/ HTTP Enables connections to Windows Update. *geo-prod.dodsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update. arc.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. au.download.windowsupdate.com/* HTTP Enables connections to Windows Update. ctldl.windowsupdate.com/msdownload/update/* HTTP Used to download certificates that are publicly known to be fraudulent. cy2.licensing.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.settings.data.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. dm3p.wns.notify.windows.com.akadns.net HTTPS Used for the Windows Push Notification Services (WNS) fe3.delivery.dsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. g.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. ipv4.login.msa.akadns6.net HTTPS Used for Microsoft accounts to sign in. location-inference-westus.cloudapp.net HTTPS Used for location data. modern.watson.data.microsoft.com.akadns.net HTTPS Used by Windows Error Reporting. ocsp.digicert.com* HTTP CRL and OCSP checks to the issuing certificate authorities. ris.api.iris.microsoft.com.akadns.net HTTPS Used to retrieve Windows Spotlight metadata. tile-service.weather.microsoft.com/* HTTP Used to download updates to the Weather app Live Tile. tsfe.trafficshaping.dsp.mp.microsoft.com HTTPS Used for content regulation. vip5.afdorigin-prod-am02.afdogw.com HTTPS Used to serve office 365 experimentation traffic Windows 10 Education Destination Protocol Description *.b.akamaiedge.net HTTPS Used to check for updates to maps that have been downloaded for offline use. *.e-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.g.akamaiedge.net HTTPS Used to check for updates to maps that have been downloaded for offline use. *.s-msedge.net HTTPS Used by OfficeHub to get the metadata of Office apps. *.telecommand.telemetry.microsoft.com.akadns.net HTTPS Used by Windows Error Reporting. .tlu.dl.delivery.mp.microsoft.com HTTP Enables connections to Windows Update. .windowsupdate.com HTTP Enables connections to Windows Update. *geo-prod.do.dsp.mp.microsoft.com HTTPS Enables connections to Windows Update. au.download.windowsupdate.com* HTTP Enables connections to Windows Update. cdn.onenote.net/livetile/* HTTPS Used for OneNote Live Tile. client-office365-tas.msedge.net/* HTTPS Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. config.edge.skype.com/* HTTPS Used to retrieve Skype configuration values. ctldl.windowsupdate.com/* HTTP Used to download certificates that are publicly known to be fraudulent. cy2.displaycatalog.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.licensing.md.mp.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. cy2.settings.data.microsoft.com.akadns.net HTTPS Used to communicate with Microsoft Store. displaycatalog.mp.microsoft.com/* HTTPS Used to communicate with Microsoft Store. download.windowsupdate.com/* HTTPS Enables connections to Windows Update. emdl.ws.microsoft.com/* HTTP Used to download apps from the Microsoft Store. fe2.update.microsoft.com/* HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. fe3.delivery.dsp.mp.microsoft.com.nsatc.net HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. fe3.delivery.mp.microsoft.com/* HTTPS Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. g.live.com/odclientsettings/* HTTPS Used by OneDrive for Business to download and verify app updates. g.msn.com.nsatc.net HTTPS Used to retrieve Windows Spotlight metadata. ipv4.login.msa.akadns6.net HTTPS Used for Microsoft accounts to sign in. licensing.mp.microsoft.com/* HTTPS Used for online activation and some app licensing. maps.windows.com/windows-app-web-link HTTPS Link to Maps application modern.watson.data.microsoft.com.akadns.net HTTPS Used by Windows Error Reporting. ocos-office365-s2s.msedge.net/* HTTPS Used to connect to the Office 365 portal's shared infrastructure. ocsp.digicert.com* HTTP CRL and OCSP checks to the issuing certificate authorities. oneclient.sfx.ms/* HTTPS Used by OneDrive for Business to download and verify app updates. settings-win.data.microsoft.com/settings/* HTTPS Used as a way for apps to dynamically update their configuration. sls.update.microsoft.com/* HTTPS Enables connections to Windows Update. storecatalogrevocation.storequality.microsoft.com/* HTTPS Used to revoke licenses for malicious apps on the Microsoft Store. tile-service.weather.microsoft.com/* HTTP Used to download updates to the Weather app Live Tile. tsfe.trafficshaping.dsp.mp.microsoft.com HTTPS Used for content regulation. vip5.afdorigin-prod-ch02.afdogw.com HTTPS Used to serve office 365 experimentation traffic. watson.telemetry.microsoft.com/Telemetry.Request HTTPS Used by Windows Error Reporting. bing.com/* HTTPS Used for updates for Cortana, apps, and Live Tiles. Source PS: I'm sure there would be much more connections not revealed due to privacy issues with MS. Hope will be revealed by any whistle-blower or someone like Woody/abbodi/.... soon to demolish Win 10 & MS - the day I'm feel much more joyful.
  5. US Senator from Arizona Jeff Flake speaks during a press conference A Portland woman recently told a local news outlet that her Amazon Echo device had gone rogue, sending a recording of a private conversation to a random person in her contact list. On Thursday, two senators tasked with investigating consumer privacy sent a letter to Amazon CEO Jeff Bezos demanding answers. In the letter, Republican senator Jeff Flake and Democratic senator Chris Coons, who serve respectively as chairman and ranking member of the Judiciary Subcommittee on Privacy, Technology and the Law, ask Bezos to explain how exactly the Amazon Echo device listens to and stores users' voices. The senators also seek answers about what the company is doing to protect users from having that sensitive information misused. Amazon didn't respond to WIRED's request for comment. The letter, which was reviewed by WIRED, comes in the midst of what Flake calls a "post-Facebook" world, referring to the data privacy scandal in which Facebook says the data of as many as 87 million Americans may have been misappropriated by a political consulting firm called Cambridge Analytica. "Congress is feeling that we need to be ahead of the curve here," Flake told WIRED. "Companies are establishing procedures and protocols, and we need to know what they are to make sure that privacy is protected." The letter specifically cites the Portland story, in which an Echo mistook part of a background conversation for the word "Alexa." That caused the device to wake up. Once it started listening, the Echo misheard later parts of the conversation as a series of voice commands instructing it to send a message to one of the woman's contacts. The mishap in Portland wasn't caused by a glitch, the lawmakers write, but is instead an example of the Echo working "precisely how it was designed." The letter demands "prompt and meaningful action" to prevent it from happening again. "This incident makes it clear we don't fully understand the privacy risks we’re taking," Coons says. "Amazon owes it to the American people to be clearer about what’s happening with this technology." The letter asks Amazon to report the number of complaints the company has received from users about the Echo improperly interpreting a command. Among the nearly 30 questions contained in the letter are requests for details on when and how frequently the device sends voice data to Amazon's servers, how long that recording is stored, and how that data is anonymized. The senators also ask Amazon to share information on how long the Echo records a conversation after it hears the word "Alexa," and whether consumers have the ability to delete these recordings. The answers to some of these questions are a matter of public record. As WIRED has explained, the Echo microphone is always live, but it's only listening for its so-called "wake word." Once it hears the word, "Alexa," it begins recording and sends those clips to Amazon servers. That voice recording will stay there unless users take the time to manually delete it in the Alexa app. But other questions warrant further exploration. Flake and Coons want Bezos to explain, for example, "any and all purposes for which Amazon uses, stores, and retains consumer information, including voice data, collected and transmitted by an Echo device." That explanation may be buried in the company's terms of service somewhere, but the fine print that dictates what tech companies do with people's data is often viewed differently when magnified. Portland is hardly the first time users have reported their AI assistants misbehaving. Recently, users reported that their Echoes were laughing at them, a menacing quirk that Amazon attributed to the device mishearing the term "Alexa, laugh." Amazon calls these mistakes "false positives," where the algorithmic brain of Alexa believes it's hearing something it's not. But while these flukes make good headlines, the odds of an Amazon Echo mishearing its way through the multi-step process of sending a voice recording are slim. And yet, the senators' questions for Amazon are still valid. They extend far beyond the particulars of any single mistake and cut to the heart of a key issue facing tech leaders. For decades now, companies like Facebook, Google, and Amazon have collected unlimited amounts of data on their customers, given them minimal control over that data, and offered even less transparency into how they collect and store it. Now, after seeing how data can be manipulated for political purposes through the Facebook scandal, lawmakers are reevaluating the freedom they've given tech companies all these years. "The age of innocence is gone," says Flake. Source
  6. Microsoft is asking Windows 10 users whether the OS offers enough control over the personal data it collects. The firm is consulting Windows 10 users testing early builds of the OS under the Windows Insider program, who will be asked for feedback on a new privacy settings menu. The data collection toggles are designed to make it easier for users to choose which information they are comfortable being sent back to Microsoft. The new menu will be shown to all users before Windows 10 upgrades them to the Creators Update, which is expected to rolled out in April. Want more about Windows? The privacy settings page appears to be unchanged from when it was revealed in January, allowing users to choose broadly which data should sent to Microsoft, for example, location data when using maps, voice recordings when using the Cortana virtual assistant or diagnostic information related to what they type and write, and the apps they use. Insiders can give feedback on the new privacy settings page via the Feedback Hub application, where they will be able to see a prototype of the settings menu, shown above. By default the settings all appear to be toggled on to collect the maximum amount of data. The new privacy controls will be introduced alongside an option for Windows 10 Home and Pro users to dial back data collection further than is possible today, with Microsoft pledging that Windows 10's 'Basic' telemetry setting will ensure the OS "only collects data vital to the operation of Windows". Many of the privacy-focused changes to Windows 10 appear to address concerns raised by the French privacy watchdog, the chair of the National Data Protection Commission (CNIL), last year. At the time CNIL said the amount of data Windows 10 collected from users was "excessive" and that Microsoft needed to do more to seek users' permission before downloading advertising cookies to Windows 10 machines. It gave Microsoft until January 20 to set out how it would make Windows 10 compliant with the French data-protection act. In January, CNIL said it was evaluating whether Windows 10 would comply with French data-protection law following these changes. At the time this article was published, CNIL had not responded to a request for comment about whether a compliance decision has since been reached. While the changes caused Swiss data protection and privacy regulator FDPIC to drop its lawsuit, Microsoft still faces official questions about how Windows 10 handles data collection. Just last month, an EU watchdog, the Article 29 Working Party, said that, even with the changes to how Windows 10 handles personal data, it "remained concerned about the level of protection of users' personal data". Source
  7. Microsoft Re-Releases Snooping Patches KB 2952664, KB 2976978 Earlier versions of the Win7 and 8.1 patches kicked off enhanced snooping routines, and there's no indication what's changed in these versions We don't know what KB 2952664 (for Windows 7) and KB 2976978 (for Windows 8.1) actually do. But both patches have been shown in the past to trigger a new Windows task called DoScheduledTelemetryRun. The patches appeared in the Automatic Update chute earlier todayas Optional, so they won't be installed unless you specifically check and install them. But in the past, the Optional versions have been converted rapidly to Recommended, and thus installed on most machines. The last release of KB 2952664 went from Optional to Recommend in a week. Microsoft's descriptions of the patches are quite bland: GWX, of course, is Microsoft's malware-like "Get Windows 10" campaign that plagued Windows 7 and 8.1 users last year. I last wrote about the patches on Oct. 5, 2016: The revision dates on the KB articles don't instill any confidence. When I wrote about KB 2952664 last October, I noted that the KB article was up to revision 25, dated Oct. 4, 2016. The current KB article, dated Feb. 9, 2017, is at revision 11. I have no idea what's up. Why is Microsoft releasing this CEIP diagnostic program on a Thursday? Why isn't it being held for next Tuesday's Monthly Rollup? Why does it fall outside the announced schedule of Security Only and Monthly Rollup patches? Why did the revision numbers change? But I do know that earlier versions of these patches triggered new snooping scans, whether the Customer Experience Improvement Program is enabled or not. And I do know that Microsoft hasn't documented much at all. Discussion continues on the AskWoody Lounge. AskWoody Lounge - Comments Source Alternate Source: Windows KB2652664 And KB2976978 Telemetry Updates Re-Released (Again)
  8. Mozilla: The Internet Is Unhealthy And Urgently Needs Your Help Mozilla argues that the internet's decentralized design is under threat by a few key players, including Google, Facebook, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce, and search. Can the internet as we know it survive the many efforts to dominate and control it, asks Firefox maker Mozilla. Much of the internet is in a perilous state, and we, its citizens, all need to help save it, says Mark Surman, executive director of Firefox maker the Mozilla Foundation. We may be in awe of the web's rise over the past 30 years, but Surman highlights numerous signs that the internet is dangerously unhealthy, from last year's Mirai botnet attacks, to market concentration, government surveillance and censorship, data breaches, and policies that smother innovation. "I wonder whether this precious public resource can remain safe, secure and dependable. Can it survive?" Surman asks. "These questions are even more critical now that we move into an age where the internet starts to wrap around us, quite literally," he adds, pointing to the Internet of Things, autonomous systems, and artificial intelligence. In this world, we don't use a computer, "we live inside it", he adds. "How [the internet] works -- and whether it's healthy -- has a direct impact on our happiness, our privacy, our pocketbooks, our economies and democracies." Surman's call to action coincides with nonprofit Mozilla's first 'prototype' of the Internet Health Report, which looks at healthy and unhealthy trends that are shaping the internet. Its five key areas include open innovation, digital inclusion, decentralization, privacy and security, and web literacy. Mozilla will launch the first report after October, once it has incorporated feedback on the prototype. That there are over 1.1 billion websites today, running on mostly open-source software, is a positive sign for open innovation. However, Mozilla says the internet is "constantly dodging bullets" from bad policy, such as outdated copyright laws, secretly negotiated trade agreements, and restrictive digital-rights management. Similarly, while mobile has helped put more than three billion people online today, there were 56 internet shutdowns last year, up from 15 shutdowns in 2015, it notes. Mozilla fears the internet's decentralized design, while flourishing and protected by laws, is under threat by a few key players, including Facebook, Google, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce and search. "While these companies provide hugely valuable services to billions of people, they are also consolidating control over human communication and wealth at a level never before seen in history," it says. Mozilla approves of the wider adoption of encryption today on the web and in communications but highlights the emergence of new surveillance laws, such as the UK's so-called Snooper's Charter. It also cites as a concern the Mirai malware behind last year's DDoS attacks, which abused unsecured webcams and other IoT devices, and is calling for safety standards, rules and accountability measures. The report also draws attention to the policy focus on web literacy in the context of learning how to code or use a computer, which ignores other literacy skills, such as the ability to spot fake news, and separate ads from search results. Source Alternate Source - 1: Mozilla’s First Internet Health Report Tackles Security, Privacy Alternate Source - 2: Mozilla Wants Infosec Activism To Be The Next Green Movement
  9. Windows 10 Share “Soon With” Ads Microsoft plans to roll out the upcoming Windows 10 feature update Creators Update with a new Share UI, and will push ads in that UI. Microsoft is working on the next feature update for Windows 10 called the Creators Update. The new version of Windows 10 will be made available in April 2017 according to latest projections, and it will introduce a series of new features and changes to the operating system. The built-in Share functionality of Windows 10 will be updated in the Creators Update as well. We talked about this when the first screenshots of the new user interface leaked. The core change is that the Share user interface will open up in the center of the screen instead of the sidebar. Along with the change come ads. If you take a look at the following screenshot, courtesy of Twitter user Vitor Mikaelson (via Winaero), you see the Box application listed as one of the available share options even though it is not installed on the device (and never was according to Vitor). The suggested app is listed right in the middle of the share interface, and not at the bottom. Microsoft uses the Share UI to promote Windows Store applications. This is one of the ways for Microsoft to increase the visibility of the operating system's built-in Store. The Share UI is not the first, and likely not the last, location to receive ads on Windows 10. Ads are shown on Windows 10's lockscreen, and in the Windows 10 start menu for instance. While it is possible to disable the functionality, it is turned on by default. Ads in the Share UI will likely be powered by the same system which means that you will be able to turn these ads off in the Settings. Microsoft is not the only company that uses recommendations in their products to get users to install other products. I'm not fond of this as I don't like it that these suggestions take away space. While I don't use the Share UI at all, I do use the Start Menu. The recommendations there take away space from programs and applications that I have installed or am using. Yes, it is easy enough to turn these off, and that's what I did as I have no need for them. Should I ever run into a situation where I require functionality, say sharing to Box, I'd search for a solution and find it. I can see these recommendations being useful to inexperienced users however who may appreciate the recommendations. There is a debate going on currently whether to call these promotions advertisement, or recommendations / suggestions. Now You: What's your take on these? How do you call them? Source
  10. Snowden Leaks Reveal NSA Snooped On In-Flight Mobile Calls NSA, GCHQ intercepted signals as they were sent from satellites to ground stations. GCHQ and the NSA have spied on air passengers using in-flight GSM mobile services for years, newly-published documents originally obtained by Edward Snowden reveal. Technology from UK company AeroMobile and SitaOnAir is used by dozens of airlines to provide in-flight connectivity, including by British Airways, Virgin Atlantic, Lufthansa, and many Arab and Asian companies. Passengers connect to on-board GSM servers, which then communicate with satellites operated by British firm Inmarsat. "The use of GSM in-flight analysis can help identify the travel of a target—not to mention the other mobile devices (and potentially individuals) onboard the same plane with them," says a 2010 NSA newsletter. A presentation, made available by the Intercept, contains details of GCHQ's so-called "Thieving Magpie" programme. GCHQ and the NSA intercepted the signals as they were sent from the satellites to the ground stations that hooked into the terrestrial GSM network. Initially, coverage was restricted to flights in Europe, the Middle East, and Africa, but the surveillance programme was expected to go global at the time the presentation was made. GCHQ's Thieving Magpie presentation explains how in-flight mobile works. Ars has asked these three companies to comment on the extent to which they were aware of the spying, and whether they are able to improve security for their users to mitigate its effects, but was yet to receive replies from Inmarsat or AeroMobile at time of publication. A SitaOnAir spokesperson told Ars in an e-mail: The Thieving Magpie presentation explains that it is not necessary for calls to be made, or data to be sent, for surveillance to take place. If the phone is switched on, and registers with the in-flight GSM service, it can be tracked provided the plane is flying high enough that ground stations are out of reach. The data, we're told, was collected in "near real time," thus enabling "surveillance or arrest teams to be put in place in advance" to meet the plane when it lands. Using this system, aircraft can be tracked every two minutes while in flight. If data is sent via the GSM network, GCHQ's presentation says that e-mail addresses, Facebook IDs, and Skype addresses can all be gathered. Online services observed by GCHQ using its airborne surveillance include Twitter, Google Maps, VoIP, and BitTorrent. Meanwhile, Le Monde reported that "GCHQ could even, remotely, interfere with the working of the phone; as a result the user was forced to redial using his or her access codes." No source is given for that information, which presumably is found in other Snowden documents, not yet published. As the French newspaper also points out, judging by the information provided by Snowden, the NSA seemed to have something of a fixation with Air France flights. Apparently that was because "the CIA considered that Air France and Air Mexico flights were potential targets for terrorists." GCHQ shared that focus: the Thieving Magpie presentation uses aircraft bearing Air France livery to illustrate how in-flight GSM services work. Ars asked the UK's spies to comment on the latest revelations, and received the usual boilerplate response from a GCHQ spokesperson: It is longstanding policy that we do not comment on intelligence matters. So that's OK, then. Source
  11. How Windows 10 Data Collection Trades Privacy For Security Here's what data each telemetry level collects and the price you pay to send the least telemetry to Microsoft Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft. But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features. Microsoft isn’t merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user’s personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality. With the current shift to Windows-as-a-service, Microsoft plans to release more updates to the operating system more frequently, and it will use telemetry data to understand how people are actually using Windows and applications. Microsoft can use the information to figure out what new features are needed or to prioritize changes to existing components. For Microsoft, more data means more security But the telemetry data is used for more than how to improve or evolve Windows. There is an actual security impact, too. Knowledge is power, and in the case of Windows 10, that usage data lets Microsoft beef up threat protection, says Rob Lefferts, Microsoft’s director of program management for Windows Enterprise and Security. The information collected is used to improve various components in Windows Defender, such as Application Guard and Advanced Threat Detection (these two features are available only to customers with Windows 10 Enterprise with Anniversary Update and Enterprise E5 subscriptions). As Windows 10’s built-in security tool, Windows Defender uses real-time protection to scan everything downloaded or run on the PC. The information from these scans is sent back to Microsoft and used to improve protection for everyone else. For example, Windows Defender Application Guard for Microsoft Edge will put the Edge browser into a lightweight virtual machine to make it harder to break out of the browser and attack the operating system. With telemetry, Microsoft can see when infections get past Application Guard defenses and improve the security controls to reduce recurrences. Microsoft also pulls signals from other areas of the Windows ecosystem, such as Active Directory, with information from the Windows 10 device to look for patterns that can indicate a problem like ransomware infections and other attacks. To detect those patterns, Microsoft needs access to technical data, such as what processes are consuming system resources, hardware diagnostics, and file-level information like which applications had which files open, Lefferts says. Taken together, the hardware information, application details, and device driver data can be used to identify parts of the operating system are exposed and should be isolated into virtual containers. How Windows 10 telemetry levels affect security and administration IT admins can control what telemetry is sent back to Microsoft using group policy objects—if they are using an enterprise version of Windows 10 and a Microsoft administration tool, of course. (Consumer versions of Windows don’t provide this capability, which is why there are now third-party telemetry blockers on the market, though not all telemetry can be blocked.) The Privacy option in Settings lets administrators choose one of three telemetry levels: Basic, Enhanced, and Full. Windows 10 Home and Pro are set by default to Full. Windows 10 Enterprise and Education are set by default to Enhanced. But there’s a fourth level called Security available only in Windows 10 Enterprise and Education editions, and only through group policies (not via Settings). Available to admins only, Security level sends the least data. The Security level sends less telemetry to Microsoft than the Basic level does. And it collects enough technical data about Windows’s Connected User Experience and Telemetry component settings, the MSRT (Malicious Software Removal Tool), and Windows Defender to keep Windows, Windows Server, and System Center secure. At the Security level, only OS information, device ID, and device class (server, desktop, mobile device) are sent to Microsoft, along with the MSRT report that contains information about the infection and IP address. Windows Defender and System Center Endpoint Protection provide diagnostic information, user account control settings, UEFI (Unifieid Extensible Firmware Interface) settings, and IP addresses. (If this latter information shouldn’t be sent, then turn off Windows Defender and use a third-party tool instead.) If the goal is to not have any data go to Microsoft, using the Security level is the best option. But it has one big drawback: Windows Update won’t work, because Windows Update information—such as whether the update installation succeeded or failed—does not get collected at the Security level. MSRT also won’t run if Windows Update is not working. Thus, it requires a lot of IT involvement to keep the systems updated and secure if the telemetry level is set to Security. Basic level is the least a user can choose within Windows. For most users focused on privacy, the Basic level is probably the best option for limiting what gets sent to Microsoft. The Basic level sends device information like application compatibility and usage information in addition to the information sent from the Security level. This can include the number of crashes and the amount of processor time and memory an application used at a time. System data can help Microsoft know whether a device meets the minimum requirements to upgrade to the next version. Data from the Basic level helps identify problems that can occur on a particular hardware or software configuration. The types of data collected include device attributes, such as camera resolution, display type, and battery capacity; application and operating system versions; networking devices, such as the number of network adapters; IMEI number (for mobile devices) and mobile operator network; architecture details, such as processor, memory type, and firmware versions; storage data, such as number of drives, type, and size; and virtualization support. The Basic level also collects and transmits compatibility details, such as how add-ons work with the browser, how applications work with the operating system, and whether peripherals like printers and storage devices would work with the next version of the operating system. Enhanced level aids user-experience improvements. The Enhanced level, the default setting for Windows 10 Enterprise and Education, also sends data on how Windows, Windows Server, System Center, and applications are used; how they perform; and their reliability. This includes operating system events, such as those from networking, Hyper-V, Cortana, storage, and file system; operating system application events, such as those from Server Manager, Mail, and Microsoft Edge; device-specific events such as data from Microsoft HoloLens; and all crash dumps. Data collected from the Enhanced level helps Microsoft improve user experience because the company can use the detailed information to find patterns and trends in how the applications are being used. Enhanced is the minimum level needed for Microsoft to identify and address Windows 10, Windows Server, and System Center quality issues. The Full level makes your PC an open book. The Full level—the default for consumer versions of Windows—is the free-for-all level that has privacy folks worried, because it includes significant technical data, which Microsoft claims is “necessary to identify and help to fix problems.” At the Full level, devices send information related to reliability, application responsiveness, and usage along with all crash dumps. Data collection has changed in Windows Telemetry data is not new to Windows 10. Microsoft used telemetry in previous versions of Windows and Windows Server to check for updated or new Windows Defender signatures, verify Windows Update installations, and gather reliability information through the RAC (Reliability Analysis Component) and Windows CEIP (Customer Experience Improvement Program). What’s changed is that Windows 10 has expanded the scope to better understand the type of hardware being used, basic system diagnostics, logs of how frequently features are being used, what applications have been installed, how users are using those applications, and the reliability data from device drivers. Microsoft says it tries to avoid collecting personal information, but it can happen. For example, crash dumps can contain the contents of a document that was in memory at the time of the crash. The news that Microsoft would include threat intelligence content such as indicators and reports of past attacks from FireEye’s iSight Intelligence product into Windows Defender Advanced Threat Protection, there were concerns that FireEye would gain access to some of the telemetry data. But Microsoft says that is not part of the FireEye deal. Microsoft’s plan to put advertising on users’ lock screens and Start screens—and block IT admins from disabling them—has also fanned the flames of security fear. After all, similar advertising from the likes of Google ad Facebook relies heavily on the intense collection of personal data to target the ads. It’s worth noting that Windows is not intentionally collecting functional data, such as the user’s location when the user is looking at local weather or news. The application may collect such data, but not the Windows 10 operating system—and thus not the Windows 10 telemetry. Of course, Microsoft collects personal information from its own applications. Cortana is such an example, but users can turn off Cortana completely. Overall, IT organizations should be able to find a telemetry level they’re comfortable with in terms of privacy, while not sacrificing the core security of Windows. They may have to pay the price of higher admin costs if they use the lowest telemetry level (Security), but only if they choose to do so. Source AskWoody's Word On This Article
  12. Vodafone has revealed the extent of government snooping on its networks around the world, in a long report that appears to confirm the worst fears of privacy campaigners. The firm reveals that authorities in 29 countries have approached it for information on users, and while some are fairly open about their demands, others do not permit the company to reveal anything. However, more worryingly for those who value privacy, the report shows that in six countries Vodafone is obliged to allow governments to listen-in to communications at will, without obtaining a warrant first. Vodafone said it complies with these requests because it has to abide by the laws of the countries in which it operates. "In every country in which we operate, we have to abide by the laws of those countries which require us to disclose information about our customers to law enforcement agencies or other government authorities, or to block or restrict access to certain services," it said. "Refusal to comply with a country's laws is not an option. If we do not comply with a lawful demand for assistance, governments can remove our licence to operate, preventing us from providing services to our customers. Our employees who live and work in the country concerned may also be at risk of criminal sanctions, including imprisonment." The UK is fairly open about its demands, according to the report, but other countries, such as Turkey, will not let the firm reveal anything about its data requests. According to the report, the UK government made 2,760 interception requests, or warrants, and over half a million communications data requests. In the report, Vodafone calls on all governments to allow greater transparency and to consider the impact the actions of their intelligence agencies is having on business and consumers. "In our view, it is governments – not communications operators – who hold the primary duty to provide greater transparency on the number of agency and authority demands issued to operators," it said. "We believe that regulators, parliaments or governments will always have a far more accurate view of the activities of agencies and authorities than any one operator." In the meantime, Vodafone said it will continue to release all the information it can. "Whilst we have included factors relevant to national security powers in compiling this report, it is important to note that many countries prohibit the publication of any form of statistical information relating to national security demands," it said. "We think many governments could do more to ensure that the legal powers relied upon by agencies and authorities are fit for the internet age." Source
×
×
  • Create New...