All posts in “Privacy”

How Facebook prioritizes privacy when you die


Should your parents be able to read your Facebook messages if you die? Facebook explained why it won’t let them in a post in its Hard Questions series today about social networking after death.

Facebook admits it doesn’t have all the answers, but it has come up with some decent solutions to some issues with what it calls Memorialized Profiles and a “Legacy Contact.” When you pass away, once Facebook is informed, the word “Remembering” appears above your name on your profile and no one else can sign in to your account.

The Legacy Contact is a friend you select in your Manage Account Settings while you’re still alive, though they’re not informed until your profile is memorialized. They can pin a post atop your profile, change your profile pic, respond to friend requests or have your account removed. But Facebook explains they can’t log into your account, change or delete old posts, remove friends or read your messages.

Similarly, Facebook won’t allow parents or anyone else to read your messages after you die. That’s because “In a private conversation between two people, we assume that both people intended the messages to remain private,” writes Monika Bickert, Facebook’s Director of Global Policy Management. The Electronic Communications Privacy Act and Stored Communications Act may also prohibit it from sharing private communications even with parental consent.

Facebook also tries to minimize the emotional impact of losing a loved one by no longer sending birthday reminders about writing on their wall. But there are still plenty of opportunities for hurt feelings. Facebook’s On This Day feature and others can surface old content from when that person was still alive, creating an unexpected experience of having to think about their death.

The company has built features to enhance empathy with its users, allowing them to avoid unnecessarily seeing their exes on the app after a break-up. But it’s tough to know what will be a sweet nostalgic reminder and what will be a heart-wrenching spiral into the past.

What’s important is that Facebook is at least thinking and talking about these issues. Now at 2 billion users, Facebook has become a ubiquitous utility that impacts every phase of our lives. “There’s a deep sense of responsibility in every part of the company,” says Facebook CPO Chris Cox. “We’re getting to the scale where we have to get much better about understanding how the product has been used.”

EFF files court brief urging warrants for digital device searches at borders


The EFF has filed a court filing pressing for warrants be required for searches of mobile phones, laptops and other digital devices by federal agents at international airports and U.S. land borders — describing these as “highly intrusive forays into travelers’ private information”.

It’s urging that searches of digital devices should only be possible when a border agent has obtained a signed warrant from a judge.

Such searches are currently allowed under an exception to the Fourth Amendment for routine immigration and customs enforcement. However, the EFF says digital device searches at the U.S. border have more than doubled since the inauguration of President Trump.

It also points out that increasing numbers of people carry such devices when traveling — arguing both factors highlight the need for stronger privacy rights while crossing the U.S. border.

In July, the U.S. Customs and Border Protection agency also clarified that its policy allowing warrantless border searches is restricted to locally stored data — meaning cloud services cannot be legally searched without a warrant.

However the average device owner still likely holds a lot of data on their devices, from documents, to offline email to smartphone photos and videos.

“Our cell phones and laptops provide access to an unprecedented amount of detailed, private information, often going back many months or years, from emails to our coworkers to photos of our loved ones and lists of our closest contacts. This is light years beyond the minimal information generally contained in other kinds of personal items we might carry in our suitcases,” said EFF staff attorney Sophia Cope, in a statement.

“It’s time for courts and the government to acknowledge that examining the contents of a digital device is highly intrusive, and Fourth Amendment protections should be strong, even at the border.”

In addition, the filing makes the point that it can be difficult for border agents to distinguish between data held in the cloud and data stored locally on a device — noting how cloud data can “appear as a seamless part of the digital device when presented at the border”.

The EFF has filed the brief with the U.S. Court of Appeals for the Fifth Circuit in U.S. v. Molina-Isidoro. In that case the defendant, Maria Isabel Molina-Isidoro’s, cell phone was manually searched at the border, and data from the search was used to support a prosecution for attempting to import methamphetamine into the country.

In the filing, the EFF notes that border agents opened the defendant’s Uber and WhatsApp apps when they searched her device — implying that cloud data may have been accessed as part of the search. “There is no indication that border agents put her phone in airplane mode or otherwise disconnected it from the Internet when they accessed these apps,” the filing states.

The document also refers to the Supreme Court holding that police require a warrant to search the content of a phone seized during an arrest — with the EFF arguing the same principle should apply to the digital devices seized at the border.

“In sum, portable digital devices differ wildly from luggage and other physical items a person possesses when entering or leaving the country. Now is the time to acknowledge the full force of the privacy implications of border searches of digital devices. As the Supreme Court said, “It would be foolish to contend that the degree of privacy secured to citizens by the Fourth Amendment has been entirely unaffected by the advance of technology,” it adds.

Featured Image: Sarra22/Shutterstock

Wire launches e2e encrypted team messaging in beta


End-to-end encrypted messaging platform Wire is targeting Slack’s territory with a new messaging for teams product, called Teams.

It announced a beta launch yesterday, and is offering teams a 30-day free trial — with pricing starting at €5 per user per month thereafter, or custom pricing for enterprise installations offering extras such as self-hosted servers and an integration API.

Co-founder Alan Duric tells TechCrunch that demand for the team messaging launch is being driven “primarily” by Wire’s existing user base.

Alex, a TC reader and Wire user who tipped us to the beta launch, is one of those existing users with an interest in the new team messaging feature — although he says his team won’t be signing up until the product exits beta.

Explaining how his team originally started using Wire, Alex says: “One of the team was traveling and visited China where we found the firewall was blocking basically everything. Skype would randomly keep crashing / lagging under a VPN, though Wire simply worked there. We decided just to stick with it.”

The Wire Teams product supports logging in with multiple accounts, so users can maintain a personal Wire messaging account separate from a Wire work account, for example.

There’s also support for adding guests to projects to allow for collaboration with outsiders who don’t have full Wire accounts of their own.

And, in future, Teams users will be able to switch off notifications for different accounts — so they could turn off work alerts for the weekend, for example.

“More and more businesses and international organizations have started using Wire for work since we launched end-to-end encryption. Teams make it easy to organize work groups and related conversations,” it writes in a blog post announcing the beta.

While the company started by offering a more general comms app, launched in late 2014 and backed by Skype co-founder Janus Friis, in recent years it’s shifted emphasis to focus on privacy — rolling out end-to-end encryption in March last year — perhaps calculating this makes for a better differentiator in the crowded messaging platform space.

When it comes to team messaging, services offering end-to-end encryption are certainly a relative rarity. Slack’s data request policy, for example, notes that it will turn over customer data “in response to valid and binding compulsory legal process”.

In its blog about Teams, Wire includes a comparison graphic across a range of team comms products and messaging apps, such as Slack, Skype for business, WhatsApp and Signal, which shows its commercial positioning and marketing at work.

As well as flagging as a plus its use of e2e encryption — which extends to securing features such as group calls, screen-sharing and file sharing — other differentiating advantages it’s claiming include its business having a European base (specifically it’s based in Switzerland, which has a legal regime that’s generally perceived as offering some of the most robust data protection and privacy laws in Europe); and its code being open sourced (unlike, for example, the Facebook-owned WhatsApp messaging platform).

Wire also suggests e2e encryption for team messaging could be a way for companies to ensure compliance with incoming European privacy legislation. The General Data Protection Regulation, which ramps up fines for data breaches, is due to come into force in May next year.

“Businesses affected by the EU’s upcoming GDPR rules benefit from end-to-end encryption, as it automatically protects the data they share with the team from third party access,” Wire claims.

Earlier this year the company published an external audit of its e2e encryption. This uncovered some flaws and issues but generally found the reviewed components to have a “high security”.

Although a third layer of security review — to consider Wire’s complete solution in the round — remained outstanding at that point.

At the time Wire published the audit it committed to ongoing security reviews of “every major development” of its product.

So — presumably — that should include one for the Teams addition when it launches.

Wire hosts its open sourced code on GitHub.

UK’s digital-only Starling Bank adds Apple Pay support


Digital-only UK “challenger” bank, Starling Bank, has added support for Apple Pay — meaning its customers can now add their Starling debit card to their Apple Wallet and make contactless payments drawing from funds in their Starling account via their Apple devices.

The fintech startup launched a beta for its own app back in March so it’s been pretty quick to add support for Apple’s contactless payment tech — and is lauding itself as the first of the fintech banks to do so. (Although, also today, two European fintech startups are announcing Apple Pay support in some markets.)

Multiple UK banks and building societies already support Apple Pay, including the major high street banks. Although Starling says it will be the first bank in the UK to offer in-app provisioning for Apple Pay users which means that new Starling customers will be able to load their card into their digital wallet virtually, before the physical MasterCard debit card arrives in the post.

Apple pay is accepted as a method of payment by “hundreds of thousands” of retail locations in the UK, according to Apple. Back in May, the company also suggested a majority of UK POS terminals were now able to support higher value contactless payments via the tech (those that don’t support unlimited payments have a cap of £30).

Aside from offering contactless payments with a layer of biometric security, Apple is pushing the privacy angle to drive uptake of its payment tech, noting on its website that “your card details are never shared by Apple when you use Apple Pay, making purchases with your iPhone, Apple Watch, iPad and Mac is the safer, more private way to pay”.

That’s especially interesting when you consider Google’s stated intent, earlier this year, to track credit and debit card spending to further profile web users for ad targeting purposes.

Other ad targeting giants such as Facebook also buy up large amounts of third party data relating to users’ offline lives in a bid to expand its ability to profile people.

Apple Pay shields users’ credit or debit card numbers from this type of tracking because the numbers are not stored on a user’s device nor on Apple’s servers. Instead, a unique Device Account Number is assigned, encrypted and securely stored in the Secure Element on the device, with each transaction authorized via a one-time unique dynamic security code.

Why is everyone so worried about Snap Maps when Venmo is the OG creeper?

No better creeping happens than the creeping on Venmo.
No better creeping happens than the creeping on Venmo.

Image: Christopher mineses/mashable

The internet collectively went insane when Snapchat introduced its new Maps feature at the end of June. 

The update lets you see where your friends are on a virtual map. It can also give you some indication of what they’re doing, like sleeping or listening to music. So, naturally, everyone was all up in arms about this info being out there.

But have we all forgotten about a little app called Venmo?

That’s right: Venmo gives people way more access to your personal life than Snap Maps does. This is especially true considering a lot of people now keep their Snapchat account on Ghost Mode. 

Let me break down exactly why Venmo is the true creeper’s paradise. 

It might seem like a friendly, harmless payment app on the surface. In reality, Venmo exposes your darkest secrets to the world. 

…OK, it’s not that bad, but you can find out some serious info if you decide to dig through your friends’ Venmo transactions.

The first thing I found a little suspicious when I downloaded the app a few years ago was how I suddenly knew who lived together (and sometimes where). I would see a bunch of rent transactions popping up for one person. 

Occasionally that person even paid their landlord on Venmo, so I knew exactly where their house was. The transaction would description would look like this: “Molly Sequin July Rent 432 W Dayton Street”. So all of a sudden, everyone on your feed knows right where you’re at.

But this was just the beginning of it all. 

Sometimes people get shy about sharing details about a new person they might be seeing. Have a hunch? Confirm it on Venmo — where there’s no hiding. If you see your friend paying the same fellow over and over again for food and adventures, something might be up. 

You can do some deep diving here. Julia and Tim went out to dinner — Mexican, specially — three times this week. They saw a concert on Friday night. Julia paid Tim for a cab in the wee hours of the morning. (Yes, Venmo not only tells you what the transaction was, but how many minutes ago it went down.)

It’s like a real life detective game, and all of your friends and acquaintances are the players. I’ve found out about new relationships, breakups, and reconciliations, all through Venmo creeping. And I know I’m not the only one.

While the Snapchat community was worried that Maps would give people FOMO, Venmo users already know all about that. I don’t know the number of times I’ve seen “best friend fee” used as the transaction description. And as annoying as that is, I’ve definitely used it myself. 

Besides the fact that people are straight up declaring their friendship, you’re also constantly seeing the fun things your friends are doing together while you’re home alone, creeping through their Venmo feeds.

Just like you can go on Ghost Mode to prevent people from creeping on you on Snapchat, there’s also a way to hide your Venmo activities. When you’re in the app, go to Settings > Privacy. From there, you can  make all of your future transactions visible to participants only, everyone, or just yourself. You can do the same for past transactions.

Although this won’t stop you from creeping on others, it’ll make sure the whole world doesn’t know the ins and outs of your life. So increase your privacy or leave your life up for grabs. 

Just remember: Humans are creepy and someone’s always watching you. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80651%2fa89e5d82 4395 4b27 92cf 20cc235f1746