Facebook's Banned App Snooped on 156,000 Indian Users

Zack Whittaker, reports for TechCrunch how Facebook, through its banned Research app, was able to obtain the personal and sensitive device data of about 187,000 users.

He writes:

The social media giant said in a letter to Sen. Richard Blumenthal’s office — which TechCrunch obtained — that it collected data on 31,000 users in the U.S., including 4,300 teenagers. The rest of the collected data came from users in India.

Read that carefully. Of the 187,000 users that Facebook snooped data from, (only) 31,000 were from the U.S. The rest of the users were from India, which makes it about 156,000 users. According to the letter obtained by TechCrunch, a whopping 34,000 users were between the ages of 13 and 17, of which 4,300 were from the US, which means close to a whopping 30,000 users from India whose data Facebook was snoop ing on were underage.

These “research” apps relied on willing participants to download the app from outside the app store and use the Apple-issued developer certificates to install the apps. Then, the apps would install a root network certificate, allowing the app to collect all the data out of the device — like web browsing histories, encrypted messages and mobile app activity — potentially also including data from their friends — for competitive analysis.

The fact that Facebook collected data from over 1.5 Lakh Indian users, of which close to 30,000 users were between 13 and 17 years of age, is truly mind-boggling.

June 13, 2019 ✚ Permalink

FBI Hacker Calls Apple ‘Jerks’ and ‘Evil Geniuses’ for Encrypting iPhones

Lorenzo Franceschi-Bicchierai, writing for Motherboard:

FBI forensic expert Stephen Flatley lashed out at Apple, calling the company “jerks,” and “evil geniuses” for making his and his colleagues’ investigative work harder.

Sure, buddy. The people that are actually giving a fuck about customer privacy are “jerks” because it’s making your job harder to do.

That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time—if the attempts per minute are limited, it becomes much harder and slower to crack.

Yeah, no shit, Sherlock!

January 12, 2018 ✚ Permalink

UIDAI Announces Virtual ID & Limited KYC

The UIDAI has today announced that it will be introducing a way to generate Virtual IDs from their website.

The Virtual ID, which would be a random 16-digit number, together with biometrics of the user would give any authorised agency like a mobile company, limited details like name, address, and photograph, which are enough for any verification.

Officials said a user can generate as many Virtual IDs as he or she wants. The older ID gets automatically canceled once a fresh one is generated. UIDAI will start accepting these IDs from March 1, 2018.

In theory, this would work like Virtual Credit Card numbers do — use and throw. But practically, I think it’s still going to be a mess.

January 10, 2018 ✚ Permalink

Apple’s Privacy Feature in Safari Costs Ad Companies Millions

Alex Hern, writing for The Guardian,

Internet advertising firms are losing hundreds of millions of dollars following the introduction of a new privacy feature from Apple that prevents users from being tracked around the web.

The feature in question is Safari’s ability to prevent cross-site tracking.

Advertising technology firm Criteo, one of the largest in the industry, says that the Intelligent Tracking Prevention (ITP) feature for Safari, which holds 15% of the global browser market, is likely to cut its 2018 revenue by more than a fifth compared to projections made before ITP was announced.

LOL!

January 10, 2018 ✚ Permalink