Connect with us

Information

The Empire Strikes Back: Google Refutes EFF Privacy Claims

Published

on

chromebook-pixel-1The Electronic Frontier Foundation recently lodged a complaint with the Federal Trade Commission alleging that Google’s seemingly benign student Chromebook program is in fact a data privacy nightmare, in so many words. The complaint begins by noting that Google is a signatory to the Student Privacy Pledge, which is an industry-wide effort to provide data privacy protections for kindergarten to high school students. Then, it outlines the ways it believes it has identified Google, which thrives on data collection and usage,violating the pledge.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

First, when students are logged in to their Google for Education accounts, student personal information […] is collected, maintained, and used by Google for its own benefit, unrelated to authorized educational or school purposes. Second, the “Chrome Sync” feature of Google’s Chrome browser is turned on by default on all Google Chromebook laptops – including those sold to schools as part of Google for Education – thereby enabling Google to collect and use students’ entire browsing history and other data for its own benefit […] And third, Google for Education’s Administrative settings, which enable a school administrator to control settings for all program Chromebooks, allow administrators to choose settings that share student personal information with Google and third-party websites in violation of the Student Privacy Pledge.

The last part would seem to be the most damning, as it introduces a human element of failure. Administrators are not known for their technical savvy, and thus might accidentally enable data sharing without the permission of the students involved or their parents. The full report for the FTC is worth a read, especially if one has children in a district where Google for Education has a foothold.

Also read: Facebook Set to Appeal Belgian Data Privacy Decision

Following the report and widespread media coverage, Jonathan Rochelle, Director of Google Apps for Education shot back in a blog post, roundly denying the EFF’s claims.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

While we appreciate the EFF’s focus on student data privacy, we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge, which we signed earlier this year. The co-authors of the Student Privacy Pledge […] have both criticized EFF’s interpretation of the Pledge and their complaint.

He refers here to Jules Polonetsky, Executive Director of the Future of Privacy Forum (which spearheaded the Student Privacy Pledge along with others), who said:

We have reviewed the EFF complaint but do not believe it has merit. […] We understand that any data collected is not used for behavioral advertising and all other data uses are aggregated and anonymous. […] We don’t believe the complaint raises any issues about data use that are restricted by the Student Privacy Pledge.

Rochelle also refers to Software and Information Industry Association Senior Vice President of Public Policy Mark McCarthy, who wrote in a blog post:

[…] this information is collected at the direction of the school as part of a student’s educational experience. The pledge was never intended to prevent the collection of personal information as part of students’ educational experience.

The rest of Rochelle’s post is dedicating to explaining how Google Apps for Education work, and seems to ignore the overwhelming majority of the FTC complaint – as did much of the media. As such, the EFF saw fit to double down on its claims, and make clear to those paying attention that they are not merely pointing out a singular feature of the Google program, but the behavior of the program as a whole. The new post says:

[…] the primary thrust of our complaint focuses on how Google tracks and builds behavioral profiles on students when they navigate to Google-operated sites outside of Google Apps for Education.

This much was lost as anxious reporters sought to get their articles done, but essentially the activity of Google Sync is secondary to the nature of Chrome OS as a whole. Chrome Sync is enabled by default on all Chromebooks, an interesting choice for a search provider which relies on user data to earn targeted advertising revenue – to the tune of billions per year. Nevertheless, Google’s “educational” Chromebooks are treated the same when they are not on Apps specifically part of the GAFE program.

[W]hen a student logs into their educational account, and then uses Google News to create a report on current events, or researches history using Google Books, or has a geography lesson using Google Maps, or watches a science video on YouTube, Google tracks that activity and feeds it into an ad profile attached to the student’s educational account […] [D]espite having promised not to track students, Google is abusing its position of power as a provider of some educational services to profit off of students’ data when they use other Google services—services that Google has arbitrarily decided don’t deserve any protection.

The saga will likely continue as the FTC mulls the complaint over. How Google’s educational program will be perceived in the future could very much hinge on this one complaint, in that Google could either be severely limited in its tracking abilities as regard students (despite supposedly volunteering to be as much) or it could be permitted to continue as is. With industry heavyweights already flocking to Google’s side, there is no telling what will happen. What’s for sure is that Google needs user data to maintain its business model, and if a new generation hands it over unwittingly before they’re even consumers, advertising of the future could be a very different thing indeed.

Images from Shutterstock and Google/Chromebook Pixel.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Cybersecurity

This Tool Lets you Scan the Dark Web for your (Stolen) Personal Data

Published

on

A recently revealed a dark web scanning service was launched in the UK. The service is called OwlDetect and is available for £3,5 a month. It allows users to scan the dark web in search for their own leaked information. This includes email addresses, credit card information and bank details.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The service reportedly uses online programs and a team of trained experts to scan hundreds of thousands of dark web websites in order to look for their customers’ data. If any personal data is found, the company helps its users act in order to keep themselves safe. It was launched in an attempt to remove reliance on big companies, as users usually only know they were hacked after these companies make it public.

In a few cases, however, the information is revealed a long time after users are hacked. Earlier this year, Yahoo confirmed that, at least 500 million user accounts were compromised by what they believed to be a “state-sponsored actor”. The breach reportedly occurred in 2014, so it took users two years to know they were hacked.

Chairman of the National Cyber Management Centre, and member of OwlDetect’s advisory team, Professor Richard Benham said:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Today the risk of having your personal information compromised is greater than ever. From messaging apps to online shopping and dating websites, we trust a huge number of companies with our details, and there are endless opportunities for those details to fall into the wrong hands.

Crawling the Deep Web

The deep web is, as we all know, beyond the reach of regular search engines. That may be about to change in the future, as more and more tools keep on claiming to be able to crawl it in search for specific information.

According to their website, this new service has a database of stolen data. This database was created over the past 10 years, presumably with the help of their software and team. A real deep web search engine does exist, however.

A few days ago, Hacked.com reported how the Department of Defense’s deep web search engine was to be enhanced by a recent acquisition. This search engine, named Memex, is reportedly able to crawl 90 to 95% of the deep web, presenting its search results in sophisticated infographics.

Image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Companies

Facebook Looking into “Disrupting Economics” of Fake News Sites

Published

on

Facebook

In a Facebook post Friday night, founder of the popular social network Mark Zuckerberg took time to outline the steps the company will take to tackle its “fake news” problem, which has been a hot topic in the wake of the election. One way the social media behemoth plans on doing that is by making sure fake news sites can’t profit. 

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Mr. Zuckerberg calls it “disrupting fake news economics.”

“A lot of misinformation is driven by financially motivated spam,” he posted. “We’re looking into disrupting the economics with ads policies like the one we announced earlier this week, and better ad farm detection.”

Mr. Zuckerberg underscored that Facebook takes “misinformation serious” and reinforced the company’s goal “to connect people with the stories they find most meaningful.”

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The social media tycoon admits “We’ve been working on this problem for a long time.” There’s more work to be done, he says.

“Historically, we have relied on our community to help us understand what is fake and what is not,” he wrote in the long post. “…The problems here are complex, both technically and philosophically. We believe in giving people a voice, which means erring on the side of letting people share what they want whenever possible. We need to be careful not to discourage sharing of opinions or mistakenly restricting accurate content. We do not want to be arbiters of truth ourselves, but instead rely on our community and trusted third parties.”

Mr. Zuckerberg claims the percentage of misinformation is small, then outlines what Facebook will do, including stronger detection, easy reporting by users, third party verification via fact checking organization, warnings for stories flagged as false by other users, and raising bar for articles which appear in related articles suggestions.

“Some of these ideas will work well, and some will not,” he admits. “But I want you to know that we have always taken this seriously, we understand how important the issue is for our community and we are committed to getting this right.”

Image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Cybersecurity

LastPass Password Manager Goes Free Cross-Platform

Published

on

LastPass, arguably the most widely used password manager around is passing on some welcome news to its users. Starting Wednesday, LastPass users will be able to sync their passwords across multiple devices and platforms, for free.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The cross-platform sync for users’ credentials, previously a perk enjoyed by paying members, will now be enabled for all users and members on the free tier can start using the feature immediately across on multiple devices beyond their desktops or laptops.

Launched in 2008, LastPass has come a long way in becoming a ubiquitous name in password management. Joe Siegrist, founder and general manager of LastPass who made the announcement , sees the move enabling good password habits into becoming the norm. Using a password manager that works everywhere across devices and platforms, he notes, will help users with a strong foundation for securing their identities.

LastPass protects users’ credentials (usernames and passwords) and other data in a vault that’s secured by a master password. The data is encrypted with AES-256 bit encryption with Sha-256 salted hashes, which enables encryption and decryption to take place offline.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The announcement makes for a significant move for LastPass, the second in as many years. In August 2015, LastPass announced that it would enable users to manage their passwords, for free, on any one device. The popular choice was, of course, between desktops or smartphones. Now, users will merely have to put up with ads to use LastPass on their mobile devices once they’re out and about, away from their desktops or laptops.

Just under a year ago, LastPass was acquired by remote-access management provider LogMeIn, in a deal worth $110 million. This year, LastPass was proven to be vulnerable through a phishing attack. Since the revelation, the company has revamped and strengthened its security framework, before eventually launching its own two-factor authentication app, comparable to the likes of Google Authenticator and Authy.

 Image from LastPass.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending