Tag: Privacy Breach

Apple And Google Will No Longer Listen To Private Conversations

Previously, several reports had surfaced that accused both Apple and Google of listening to users’ private conversations. Both companies explained through their official channels that the recordings were transcribed to improve their respective voice assistants. Now, Apple and Google are reportedly shutting down the program which had contractors listen in on private conversations.

Google Assistant and Apple’s Siri are both voice assistants that occasionally sent voice recordings of their surroundings to their parent companies. The companies claimed that they had started the program of hiring contractors, who listened to the recordings, for the purpose of improving the user interaction with the voice assistants. As of today, Google and Apple have suspended their respective programs after facing backlash from the community and regulatory bodies.

Apple in a statement said that they wanted to conduct a global review of its program to retain trust users trust in privacy. Grading had third party contractors listen to the recordings from Siri. Now, users can opt-in for the program and participate in grading. Furthermore, Google after having faced allegations, after its Dutch user recording was leaked, has also suspended its voice assistant program. Its “Hey Google” wake word had inadvertently triggered and had recorded many private and sensitive moments. Hence, the company will review its program as well.

Notably, the concerns raised over user privacy have become an increasingly sensitive aspect in the European regions. It is expected that Governmental regulatory bodies will soon step in and investigate the matter separately. However, the issue has expanded to an international level and should require some form of mediation if carried forward.

Also Read: Sony Announces Online Challenger Series Tournament For Every PS4 User

The digital world has dug its roots deep into humans’ lives. We are now observing much more at risk than ever regarding our privacy and data. Companies like Google and Apple operate on a global scale and have influences over a much broader audience. It is a daunting prospect to think about when considering the control these companies have over the general public. Stay tuned for more updates regarding the matter.

August 2, 2019
Apple Hires Contractors That Listen To Private Conversation Through Siri

Apple is a company that has always promised its customers industry-leading security. For the most part, it holds true. The company is one of the better-trusted consumer brands in the world, at least in terms of data privacy. However, a new report has surfaced which claims that the tech giant is regularly listening on private conversations by its hired contractors through Siri, its digital voice assistant.

Home Pod

Initial reports had revealed that Apple was hiring contractors across the globe to listen to Siri recordings to improve the voice assistants capabilities. What came as a surprise was the fact that the company had failed to enlighten its users regarding this practice. Now, a fresh report suggests that there have been “countless instances” of recordings carrying sensitive information or private conversations. Furthermore, it has also been reported that some cases of illegal activities have also been caught in the recordings. Apple had initially promised users that anonymity is being maintained and no user info is accessible. However, a source claimed that the recordings also feature user data showing locations, contact details and app data.

Apple started the initiative of human interaction with Siri recordings to improve its interface and interactional capabilities. The company said that only a small portion of Siri requests are analysed and users’ Apple ID is not associated alongside the recordings. Addtionally, Apple claimed that all reviewers are under strict confidential guidelines and are undertaken at secured facilities. Although the contractors and audio reviewing isn’t a secret, its privacy terms do not inform users of the practice.

Also Read: Indian Smartphone Market Reaches Record-Breaking 37 Million Shipments In Q2

People conscious about their privacy and afraid of the accidental triggering of Siri can turn off the “Hey Siri” feature. The new accusation marks the increasing frequency with which even the most trusted brands are being doubted. In a modern interconnected world, data privacy is now increasingly more important. Apple has yet to respond to the latest reports but a statement is expected to arrive soon.

July 27, 2019
Google Allows Its Employees To Listen To Voice Assistant Interaction With Users

Google has been accused of privacy related data breaches on many different occasions. According to a new report, the search giant has reportedly let some of its workers listen in on the intimate conversations between the user and its voice Assistant. The company in a statement has sought to defend the incident by claiming it to be for the users benefit. It is claimed to be a crucial aspect of delivering a better user experience overall.

Google Home, Home Mini

Google, in a blog post, stated that it takes various steps to ensure the complete anonymity of the user during the process; and that it has protections in place to prevent false recognition of the wake word. A report from a Belgian public broadcaster had first revealed the fact that contractors are paid to transcribe audio clips by Google’s AI Assistant; the conversation recorded may hold sensitive and private information regarding the user’s name, address and other personal details. A month ago even Amazon’s Alexa was accused of withholding audio clips of juveniles via its Echo devices without there consent.

Usually, audio clips are only recorded by the previously menitoned AI assistants once the wake word is spoken. However, multiple reports have shown such devices being woken up by accident and then go on recording its surroundings. Google says it has employees review the recordings to help in improving the system on multiple different languages to prevent such accidents. The company says it is a critical part of the process to make its Google Assistant viable.

Furthermore, Google also stated that it has caught two of its reviewers who had violated its data security policies. It is reported that they had leaked confidential Dutch audio data. The company has promised its review on this mistake and is investigating thoroughly on the matter. Additionally, Google claims that only 0.2% of all audio clips are reviewed by its language experts; the snippets are also not associated with the users accounts and the reviewers are instructed to ignore transcribing background conversations. They are only allowed to transcribe snippets aimed exclusively at Google and its services.

Also Read: Apple iPhone X & XS Prices To Drop Soon After Made In India Units Arrive

It is a known fact by people that work at the AI fields that human elements are necessary for training and growth. However, issues arise when large corporations like Google and Amazon are not transparent about their operations that involves its users. The end result was for the betterment of the customers but it seems lost when shrouded by secrecy that is later uncovered. Users should note that their conversation might just be heard by someone somewhere in the world, and avoid being near AI assistants during private interactions.

July 12, 2019
Instagram Testing Easier Recovery Of Hacked Accounts

Instagram has steadily been growing to become one of the most prominent social media platform over the last couple of years. With user base numbers easily crossing several hundreds of millions, there will always be “bad company”. Potential hackers that seek to harm or exploit are found in every major website or social platform. However, Instagram in its bid to strengthen its defences against these parties is now making accounts safer and easier than before to recover.

Numerous people had gone online to voice their grievances regarding their accounts that were broken into by hackers in 2018. Instagram now seeks to make the process of recovering users account easier in case of future attacks. The company is testing a new in-app account recovery process that will streamline the process while making it harder it to be hacked into.

Previously, users had to wait for an email or fill out support forms but now a new approach is being taken. The app will now ask for different types of information (like users original email address or even phone numbers). A six-digit code will then be sent on the details provided, and Instagram will thereon prevent hackers from accessing the user’s account using the email or phone number from a different device.

This method seeks to ensure users account recovery even if the thief has changed usernames and contact data. Instagram has also added a small period of time in which the original username cannot be claimed after being changed regardless of whether or not it was intended or unintended. This feature is already accessible to all Android and iOS users, however, the availability of the new in-app recovery system is still not certain.

Also Read: 1.4 Billion Apple iPhones And iPads Are Vulnerable To Hacks

Instagram is planning for a full in-app account recovery feature in the future without ever needing the security team. The social media giant’s security has been reportedly lax, with various exposed passwords and growing attacks on its systems occurring at frequent intervals. This new security feature cannot actually prevent all forms of hacking, but it may make it harder for hackers to take advantages of vulnerabilities in the recovery system that is currently live.

June 17, 2019
Amazon Sued Over Alexa Recording Children’s Voices

In a new report, a Massachusetts woman is apparently suing Amazon over privacy related issues. The woman is seeking class action status to sue the company on the behalf on recording children’s voices on eight different states. The lawsuit was filed in the federal court on Seattle on the 11th of June. Amazon is being accused of illegally recording children via its Alexa voice assistant. Additionally, the illegal recordings were also being held by the company contributing,” a massive database of billions of voice recordings containing the private details of millions of Americans.”

The woman that filed the case stated that she had bought Amazon Echo Dot in August of 2018 and was not aware that her child was being recorded. The lawsuit states that children are not eligible to provide consent to being recorded. Furthermore, children at that age are incapable of understanding the implications of having their voices recorded by a company. Most children’ privacy-related issues are filed by referencing the federal COPPA (Children’s’ Online Privacy and Protecting Act) of 1996. This invokes state law, implying that Illinois, Florida, Michigan, Maryland, Massachusetts, New Hampshire, Pennsylvania, and Washington all require consent from both parties involved in the case of “the recording of oral communications.”

For example, Apple’s Siri voice assistant abides by these laws by deleting any recordings taken for the tasks at hand. Amazon is being targeted with accusations of forming voiceprints comprising of millions of children. This could imply the company and even the Government being able to track kids’ use of Alexa devices in various locations while cataloguing detailed information on their life. Alexa can essentially record entire communications if the wake word is recognized. The prospect can be daunting considering the device can record private questions and encounters as well.

Amazon is clear in its stance regarding user trust and privacy, however, the company collecting data of children under the age of 13 violates the COPPA regulations. The Echo Dot Kids has a system for getting parental consent, but the argument states that this feature is easily bypassable by a child. Moreover, a report shows that the voice recording on default is saved for an indefinite period of time instead of just retaining it for the given task, as defined by COPPA. These recording cannot be deleted without contacting Amazon’s customer services.

Also Read: OnePlus Leaked User Email Addresses Caused By Security Flaw

The Amazon Echo Dot Kids serves the purpose of educating and entertaining children but the reality of storing data paints a dark picture for the tech company. A home is a place for comfort and letting one’s guard down but products like these seek to potentially invade the sacred sanctity from within.

June 15, 2019
OnePlus Leaked User Email Addresses Caused By Security Flaw

OnePlus has seen a great degree of success in the global market, especially India. The smartphone manufacturer is cementing its place with various critically acclaimed devices. However, A new report uncovers a critical flaw in OnePlus’s various devices that are widely known and owned. The Chinese company has allegedly had its user’s email addresses leaked by a security flaw.

Every new device carries (by default) the ‘Shot on OnePlus’ app that has a security flaw that revealed email addresses of several hundreds of its user base. The aforementioned application provides a platform for OnePlus users to upload that can be used and seen by other customers globally. However, it was discovered that the API that enables the link between OnePlus servers and the app was allegedly leaking email addresses associated with photo submissions.

The company was made aware of the flaw in May and has since patched the mistake but more changes have yet to be made for a complete fix. This app can be accessed through the Wallpapers selection menu and asks users to log in with their email addresses to upload images. The selected pictures that get publicized on the company’s website were found to have an easily accessible API. This API required an unencrypted key to retrieve an access token that allowed anyone to view email addresses of original uploaders.

The API was hosted on the OnePlus official website and the company is not sure of how long the leak has existed. The company has started investigating the serious matter and are taking users reports received into account as well. Regardless of the fix, the API that got patched can still be bypassed, with an update for the same being worked on. OnePlus has reportedly obscured the email addresses available through the API by adding asterisks to its local parts.

No reports have yet surfaced that point at any sort of exploitation caused by the security flaw. This was not the first time the company has faced a security issue, facing criticism for storing user data without consent back in 2017 via OxygenOS. A bootloader vulnerability on the OnePlus 6 had also hit the headlines in the year 2018.

Also Read: iPhone 11 Series Multiple Camera Setup Confirmed

Just a couple of years ago a company named OnePlus was barely heard of apart from the odd enthusiasts. Now the smartphone manufacturer has seen widespread popularity and growth in sales, especially in India. The company had arguably started the trend of manufacturing premium-grade smartphones at relatively affordable prices. Hence, the company’s stance on security and privacy is integral for the “Never Settle” moniker.

June 15, 2019
Facebook Ordered by US Judge to Turn Over Records on Data Privacy

As per latest reports, Facebook has been ordered by a US judge to turn over emails from various shareholders amongst other records. The records were related to the company’s model of handling data privacy and security. This happened as a consequence of when British Political Consulting firm Cambridge Analytica accessed private data of 87 million users in 2015.

Shareholders of the social media giant stated that they had a credible basis to believe in the fact that Facebook board members may have been involved in data privacy breaches. The breach involving Cambridge Analytica, however, was not revealed until the month of March 2018. It was noted that at the time of the breach, Facebook was subject to a US Federal Trade Commission consent decree that essentially required the company to strengthen its data security measures.

The shareholders in the organization filed a suit against Facebook in order to obtain various records concerning the Cambridge Analytica and other breaches. In case any anomalies would be detected with the reports, the shareholders can also sue the company officials and related directors via a derivative lawsuit. Basically, a shareholder derivative suit is brought by a shareholder on behalf of a corporation. A shareholder can only sue on behalf of a corporation when the corporation has a valid cause of action, but has decided not to use it.

Also Read: Alphabet’s New AI Defeats Human Players In A Multiplayer Game

Cambridge Analytica was hired during US President Donald Trump’s 2016 election campaign, and it used various profiling techniques to influence the behaviour of voters in general. However, as soon as the data breach was out in the open, it shut down, leading to the introduction of several US and European regulatory probes into Facebook. The company has been surrounded with controversies for quite some time now, including the disclosure of user passwords in plaintext to company employees. Current situations are not hinting towards the betterment of the scenario, indicating that Facebook needs to employ some serious discretionary measures in order to stabilize.

June 1, 2019
Snapchat Users Were Snooped Upon By Company Employees, Here’s How

It seems like information transferred via most applications is not secure anymore. Where local security was an important matter of concern some years back, privacy has lost its dignified spot with the advancements in technology. Conglomerates like Facebook were previously under scrutiny for indulging in activities that led to data leaks worldwide. The latest addition to the list includes Snapchat, a popular media sharing platform that has been allegedly accused of accessing private user data without consent.

It has been reported that the company consists of multiple departments, some of them with access to user data via dedicated tools. Former employees of Snapchat have divulged that multiple Snap employees misused their access privileges to pry on private Snapchat user data several years ago. The user data included location information, saved snaps, phone numbers and email addresses. All this information has been derived from a cache of internal company emails obtained by sources.

Reports also state that one of the aforementioned tools that the company employees were allegedly using was SnapLion. The original intended use of the tool was to make a database of information concerning users – all of this in response to valid law enforcement requests. Reportedly, this tool was only intended for use by select officials of Snapchat, but this was clearly not the result.

Also Read: OnePlus 7 Pro Camera May Not Have A True 3x Optical Zoom

It is very unnerving to see that the application which relies on end-to-end message security as a central basis of its existence fall to internal security breaches like these. Snapchat has more than 180 million users worldwide who need to be aware of the same. Almost 5 years back in 2014, Snapchat was fined by the FTC (Federal Trade Commission) for failing to disclose the collection, transmission and storage of geolocation data derived from the users. Users need to know that behind the “secure” application which they use every day are actual people who can access their highly sensitive data at the press of a button.

May 24, 2019
Facebook Admits To Have “Unintentionally Uploaded” 1.5 Million Email Addresses Without Consent

The world’s largest social media network, Facebook has been involved in a multitude of controversies over the past couple of years, and a majority of those were directly associated with security. Previously, Facebook claimed to have “accidentally” exposed millions of user passwords in plaintext to employees, which raised questions yet again regarding the privacy protocols of the company. As per fresh reports, Facebook claims to have “unintentionally uploaded” 1.5 million email addresses of new users.

As per sources, Facebook is taking necessary steps to fix this breach. A security researcher noticed that the social media platform was requesting email passwords from new users in order to verify their identities. If the user filled the password field with the intended details, Facebook automatically started importing the contact list associated with the respective email ID, that too without asking for permission to do so.

When this issue was brought to light, Facebook spokesperson came forward with a statement regarding the breach, which stated that a total of 1.5 million contacts were collected by the company. All these addresses were fed into the company’s database, where they were used to develop a web of connections allowing friend recommendations. However, Facebook refused to make a statement regarding the fact that the addresses were being used for advertisement based marketing or not.

Also Read: Samsung Galaxy A60 With Punch Hole Display Launched In China

Additionally, Facebook is planning to notify the affected users regarding the uninformed data misuse by the company. Furthermore, the spokesperson also said that the American Social media organization is planning to delete all the collected email addresses off the databases. In the light of a variety of security breaches, Whatsapp co-founder previously urged students to stop using Facebook. With the number of improprieties building up over time, the company is facing grave times in the future, especially since a lot of users are being made aware of the same.

April 18, 2019
Huawei Sues The US Government Over The Ban On Its Devices

Huawei has announced on March 7 that it is suing the government of the United States of America (USA) owing to the ban of its products the country put in place. The company has claimed that it has filed a lawsuit in the US district court in Plano, Texas. A senior executive of the company claims that the company was left with no choice other than to take legal actions against the government. It also called the ban on its devices ‘unlawful’ in a bid to justify its actions.

Huawei’s Lawsuit On The US Government

In a press conference on Thursday, March 7, Chinese telecommunications giant Huawei announced its decision to file the aforementioned lawsuit. It claimed the ban on its devices in the country is ultimately harming US consumers. It said it is looking forward to the court’s verdict and trusts that it will eventually benefit both Huawei and the people of America. The lawsuit arrives after several accusations of the company spying for, and having ties with the Chinese government.

The ban on the company’s products was taken into effect in August 2018. It was earlier set to enter the US market with its smartphone Mate 10 and Mate 10 Pro in 2017. Not only the company’s deal with telecom carrier fell flat, but the President of the country, Donald Trump also signed a provision of the National Defence Authorisation Act; which prevented government agencies using third-party contractors to use Huawei products.

Also read: Google Launches Bolo App To Improve Children Literacy In India

Huawei alleges that by singling out the company for punishment without a fair trial, the US government has violated the terms of its own constitution. The company also fired back at reports claiming it installs backdoors in its devices to spy on the users. Notably, Huawei is the world’s largest supplier of telecoms equipment, the second largest smartphone maker and is currently one of the global leaders in the development of wireless 5G networks.

March 7, 2019
Google Didn’t Mention The Nest Secure Has A Built-In Microphone

American search engine giant Google hasn’t had the best reputation when it comes to users privacy. The company failed to maintain user data when a serious security bug in its social media offering, Google+ was found. The company has once again found itself amidst controversy when it was discovered that one of is products, the Nest Secure has a built-in microphone which went unnoticed for more than a year.

Google Nest Secure Controversy

Google acquired the home security company Nest in 2014 and then merged it under the Google brand last year. The Nest Secure bundle of devices were introduced in 2017. Google announced in early February this year that the Nest Guard, one of the devices in the Secure bundle, would double up as a voice assistant; as it will gain Google Assistant functionality. Using Google Assistant to work hands-free requires a microphone, and this microphone was never disclosed to have been present in the device. After the update, the users then would receive an email with instructions on how to turn on the microphone and set Google Assistant up on the device.

The controversy also arises from the fact that the product page of the device didn’t mention the presence of the hardware for more than a year. The page has since been updated with a microphone mentioned in the ‘Audio and Lights’ section of the product description. This oversight on Google’s part is being taken down as a serious offence in breaching a users privacy. There have been many negative sentiments about the company’s actions, most of them coming from US politicians who are concerned about the user’s privacy.

Also read: Samsung Galaxy S10e, Galaxy S10, Galaxy S10+ India Price Revealed

Google has since clarified in a statement, that it never meant to keep the information about the presence of a microphone a ‘secret’. It also mentioned that the hardware was disabled until the update, and will continue to do so if the user desires.

February 22, 2019
Google Is Tracking User Location Without Consent

Google Maps is one of the most used services across all platforms. Even until Apple unveiled iOS 6 in 2012, the company relied on Google Maps. However, even to this date, many prefer Google over Apple maps for navigation. For a long time, Google has been optimizing its Maps services to provide better and more accurate results. However, there are times when the company goes above and beyond to ensure accuracy. According to reports, the company is secretly tracking its users’ location even after they turned their location history off. According to the company, if a user has turned his or her location history off then it will no longer be able to track their location. But, that does not seem to be the case.

As a new user, Google would ask the user to allow it to track his/her location for navigation. Once allowed, the entire location history of the user is recorded in a timeline fashion. This means that the company can keep a track of all the users who opted in for its map services, putting their privacy at risk. To deal with this, the company allows the user to turn off their location history. This, at least on paper, prevents the company from storing its users’ location. However, Google is still able to track its users with the help of some of the company’s apps. For instance, a simple Google search for a particular food item like a biscuit could help pinpoint your precise location. Moreover, the company even stores the instances of the times when you open its map service on a device. While mostly been open about tracking its users’ location, the company has never explicitly mentioned that it stores their location history even while turned off. It is with this privacy issue that more than two billion devices are at risk.

The issue of data privacy and the risks involved with it has always been a major concern. It does not help to know that big league companies like Google can misuse their users’ information. There is no word from the company on this issue but stay tuned as we will closely cover this news.

Have something to add? Leave a Comment Below!

August 14, 2018
Google Accused Of Allowing Third-Party Apps To Read Users’ Gmail

Online privacy has been at the centre stage of a global conversation for quite some time now. Every move by big tech companies is scrutinised for potentially risking the privacy of online users. The latest to join this ever-growing list is Google. One of the biggest tech companies in the world has been accused of allowing third-party apps to read users’ Gmail.

In a report published by The Wall Street Journal, it has been revealed that Google allows partner companies to read Gmail messages in order to offer better products and services. This is not the first time a company has been accused of using private user data for better-targeted advertisements. Facebook was involved in a global controversy after Cambridge Analytica was exposed.

Must Read: Google Sued For £3.2 Billion For Secretly Tracking Browsing Data For 4.4 Million iPhone Users

It has been a common practice by many companies to use machines to go through emails for keywords and phrases. This helps them identify what sort of goods or services that particular user is on the lookout for. This data once studied properly allows advertisers to make targeted ads and display them across the user’s web browsing experience. In fact, some companies allow human employees to read through the emails and not rely on machine learning.

Google, too, has been previously exposed for reading emails of users. In 2017, Google promised its users that it would stop reading Gmail content of users. However, this report claims that Google has done little to nothing to preserve the privacy of users. It is also worth noting that Gmail has over 1.4 billion users, making it the most popular email service in the world.

Must Read: New Facebook Patent Reveals Tech That Will Turn On Your Smartphone Microphone

WSJ quoted many representatives of partners that snoop through Gmail, claiming that this is indeed a “common practice.” There are, however, strict rules in place as specified by user agreements.

July 3, 2018
Google Sued For £3.2 Billion For Secretly Tracking Browsing Data For 4.4 Million iPhone Users

Google is in hot waters with the law in the UK. The search giant is being sued in the high court for as much as £3.2 billion for secretly tracking and collecting personal information of 4.4 million iPhone users in the UK. The lawsuit action again the company is being led by former Which? director Richard Lloyd. He claims that claims Google bypassed the privacy settings of Apple iPhones’ Safari browser between August 2011 and February 2012 to divide people into categories for advertisers.

The Guardian reports that Lloyd’s campaign group ‘Google You Owe Us’ told the court information collected by Google included race, physical and mental health, political leanings, sexuality, social class, financial, shopping habits and location data. The information was then aggregated and users were put into groups such as football lovers or current affairs enthusiasts for the targeting of advertising.

Must Read: OnePlus 6T To Follow OnePlus 6 In Q4 2018

Hugh Tomlinson QC, representing Lloyd and Google You Owe Us said that the data was gathered through “clandestine tracking and collation” of browsing on the iPhone, known as the “Safari Workaround.” This activity was first exposed by a PhD researcher in 2012. Ahead of the first hearing, Lloyd said:

I believe that what it did was quite simply against the law. Their actions have affected millions in England and Wales and we’ll be asking the judge to ensure they are held to account in our courts.

Google has already been fined in the US for similar practices. The company had to pay US$39.5 million to settle claims in the US, it was also fined US$ 22.5 million for the practice by the US Federal Trade Commission in 2012. Google You Owe Us, according to the filing, could be seeking as much as £3.2 billion. This would mean that every claimant could receive £750 per individual if successful.

May 24, 2018
Twitter Warns 330 Million Users Of A Password Vulnerability

If anyone logged on to Twitter late last night, must have been greeted with a “Keeping Your Account Secure” notice. It is fair to say that not everyone went ahead and read the whole thing. However, what the popup window informs users about is quite damning. It essentially says that the passwords of all 330 million Twitter users were exposed in plain text. This happened due to a bug that the company claims to have fixed now.

Twitter claims that its investigation showed that there was no evidence that any breach of the unmasked passwords occurred. However, out of an “abundance of caution,” it has adviced all users to change their passwords.

Must Read: WhatsApp C-Founder Leaves Facebook

According to the company, the bug occurred because of an issue in the hashing process of storing passwords. The hashing process replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. In this way, it can validate a user’s account credentials without revealing their password.

We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do. https://t.co/yVKOqnlITA

— Parag Agrawal (@paraga) May 3, 2018

While the company has explained what the issue was, it hasn’t revealed how many users’ passwords may have potentially been compromised. We don’t even know how long the bug exposed the passwords and how long the company took to fix it. However, urging its entire userbase to change their passwords indicates to a significant user number.

We advise all users to change their passwords irrespective of Twitter’s claims that no compromise occurred.

May 4, 2018