Brave, Google, Microsoft, Mozilla gather together to talk web privacy... and why we all shouldn't get too much of it
Enigma At the USENIX Enigma conference on Tuesday, representatives of four browser makers, Brave, Google, Microsoft, and Mozilla, gathered to banter about their respective approaches to online privacy, while urging people not to ask for too much of it.
Apple, which has advanced browser privacy standards but was recently informed that its tracking defenses can be used for er, tracking, was conspicuously absent, though it had a tongue-tied representative recruiting for privacy-oriented job positions at the show.
The browser-focused back-and-forth was mostly cordial as the software engineers representing their companies discussed notable privacy features in the various web browsers they worked on. They stressed the benefit of collaboration on web standards and the mutually beneficial effects of competition.
Eric Lawrence, program manager on the Microsoft Edge team, touched on how Microsoft has just jettisoned 25 years of Internet Explorer code to replatform Edge on the open source Chromium project, now the common foundation for 20 or so browsers.
Beside a slide that declared "Microsoft loves the Web," Lawrence made the case for the new Edge as a modern browser with some well-designed privacy features, including Microsoft's take on tracking protection, which blocks most trackers in its default setting and can be made more strict, at the potential cost of site compatibility.
Edge comes across as a reliable alternative to Chrome and should become more distinct as it evolves. It occupies a difficult space on the privacy continuum, in that it has some nice privacy features but not as many as Brave or Firefox. But Edge may find fans on the strength of the Microsoft brand since, as Lawrence emphasized, Microsoft is not new to privacy concerns.
That said, Microsoft is not far from Google in advocating not biting the hand that feeds the web ecosystem – advertising.
"The web doesn't exist in a vacuum," Lawrence warned. "People who are building sites and services have choices for what platforms they target. They can build a mobile application. They can take their content off the open web and put it into a walled garden. And so if we do things with privacy that hurt the open web, we could end up pushing people to less privacy for certain ecosystems."
Lawrence pointed to a recent report about a popular Android app found to be leaking data. It took time to figure that out, he said, because mobile platforms are less transparent than the web, where it's easier to scour source code and analyze network behavior.
Justin Schuh, engineering director on Google Chrome for trust and safety, reprised an argument he's made previously that too much privacy would be harmful to ad-supported businesses.
"Most of the media that we consume is actually funded by advertising today," Schuh explained. "It has been for a very long time. Now, I'm not here to make the argument that advertising is the best or only way to fund these things. But the truth is that print, radio, and TV, – all these are funded primarily through advertising."
And so too is the web, he insisted, arguing that advertising is what has made so much online content available to people who otherwise wouldn't have access to it across the globe.
Schuh said in the context of the web, two trends concern him. One, he claimed, is that content is leaving because it's easier to monetize in apps – but he didn't cite a basis for that assertion.
The other is the rise of covert tracking, which arose, as Schuh tells it, because advertisers wanted to track people across multiple devices. So they turned to looking at IP-based fingerprinting and metadata tracking, and the joining of data sets to identify people as they shift between phone, computer, and tablet.
Covert tracking also became more popular, he said, because advertisers wanted to bypass anti-tracking mechanisms. Thus, we have privacy-invading practices like CNAME cloaking, site fingerprinting, hostname rotation, and the like because browser users sought privacy.
Schuh made the case for Google's Privacy Sandbox proposal, a set of controversial specs being developed ostensibly to enhance privacy by reducing data available for tracking and browser fingerprinting while also giving advertisers the ability to target ads.
"Broadly speaking, advertisers don't actually need your data," said Schuh. "All that they really want is to monetize efficiently."
But given the willingness of advertisers to circumvent user privacy choices, the ad industry's consistent failure to police bad behavior, and the persistence of ad fraud and malicious ads, it's difficult to accept that advertisers can be trusted to behave.
Tanvi Vyas, principal engineer at Mozilla, focused on the consequences of the current web ecosystem, where data is gathered to target and manipulate people. She reeled off a list of social harms arising from the status quo.
"Democracies are compromised and elections around the world are being tampered with," she said. "Populations are manipulated and micro-targeted. Fake news is delivered to just the right audience at the right time. Discrimination flourishes, and emotional harm is inflicted on specific individuals when our algorithms go wrong."
Thanks, Facebook, Google, and Twitter.
Worse still, Vyas said, the hostile ecosystem has a chilling effect on sophisticated users who understand online tracking and prevents them from taking action. "At Mozilla, we think this is an unacceptable cost for society to pay," she said.
Vyas described various pro-privacy technologies implemented in Firefox, including Facebook Container, which sandboxes Facebook trackers so they can't track users on third-party websites. She also argued for legislation to improve online privacy, though Lawrence from his days working on Internet Explorer recalled how privacy rules tied to a privacy scheme known as P3P two decades ago had proved ineffective.
Speaking for Brave, CISO Yan Zhu argued a slightly different approach, though it still involves engaging with the ad industry to some extent.
"The main goal of Brave is we want to repair the privacy problems in the existing ad ecosystem in a way that no other browser has really tried, while giving publishers a revenue stream," she said. "Basically, we have options to set micropayments to publishers, and also an option to see privacy preserving ads."
Micropayments have been tried before but they've largely failed, assuming you don't consider in-app payments to be micropayments.
Faced with a plea from an attendee for more of the browser makers to support micropayments instead of relying on ads, Schuh said, "I would absolutely love to see micropayments succeed. I know there have been a bunch of efforts at Google and various other companies to do it. It turns out that the payment industry itself is really, really complicated. And there are players in there that expect a fairly large cut. And so long as that exists, I don't know if there's a path forward."
It now falls to Brave to prove otherwise.
Shortly thereafter, Gabriel DeWitt, VP of product at global ad marketplace Index Exchange, took a turn at the mic in the audience section in which he introduced himself and then lightheartedly asked other attendees not to throw anything at him.
Insisting that his company also cares about user privacy, despite opinions to the contrary, he asked the panelists how he could better collaborate with them.
It's worth noting that next week, when Chrome 80 debuts, Google intends to introduce changes in the way it handles cookies that will affect advertisers. What's more, the company has said it plans to phase out cookies entirely in a few years.
Schuh, from Google, elicited a laugh when he said, "I guess I can take this one, because that's what everyone is expecting."
We were expecting privacy. We got surveillance capitalism instead. ®
Sponsored: Detecting cyber attacks as a small to medium business
How to Check Battery Percentage on iPhone X
If you just bought an iPhone X you might’ve discovered that there’s no way to add a permanent battery percentage indicator to the phone’s status bar. Some iPhone X users are frustrated, but fortunately there are a few ways to quickly check the exact battery percentage on the device.
It’s unclear why Apple removed this option from the Settings app though there’s speculation that it might have something to do with the lack of real estate in the iPhone X’s status bar. Design decision or not, the change has some iPhone X users wondering how to see the device’s exact battery percentage.
There are a few ways to check the iPhone X battery percentage and we’re going to guide you through four ways to quickly get a read on your device’s battery life.
This article may contain affiliate links. Click here for more details. Use Control Center
One of the quickest ways to check your iPhone X battery percentage is via Control Center.
On older iPhones, Control Center is accessed via a swipe up from the bottom of the screen. This isn’t the case on the iPhone X because a swipe from the bottom of the screen serves as the home button.
To access Control Center on the iPhone X, you swipe inwards from the top right of the screen. If done correctly, you’ll notice the screen above.
Now when you check the top right corner of the display you’ll get an exact battery percentage readout.
Charge Your iPhone X
Another quick method requires a Lightning cable and an outlet or wireless iPhone X charger. While your iPhone X is charging, you can easily check its battery percentage.
Press the Side button on the right side of the iPhone X to get to your lock screen and you’ll notice the phone gives you a precise read out of your battery life.
Ask Siri
If you have Siri enabled on your iPhone X you can quickly ask it for a readout on your iPhone X’s battery.
You can bring up Siri on the iPhone X by pressing and holding the Side button or by using Hey Siri. Simply ask “What’s my battery life?” and Siri will tell you exactly how much battery life you have left.
Check Your Widgets
If your device is connected via Bluetooth to another device you can check your iPhone X’s widgets for your battery percentage.
To check your widgets, go to your iPhone X’s home screen and swipe to the right.
If you are connected to a device, you should notice a battery life percentage readout for both your iPhone X and the other device be it a case, a headset, or a Bluetooth-powered speaker.
4 Reasons Not to Install iOS 13.3.1 & 11 Reasons You Should
Install iOS 13.3.1 for Better Security 
If security is important to you, think about installing the iOS 13.3.1 update right away.
The iOS 13.3.1 update includes 21 new security patches that will help protect your device from harm. The company's outlined those patches in detail if you want to dig in.
If you skipped iOS 13.3, you get its patches with iOS 13.3.1. iOS 13.3 brought 12 new security patches to the iPhone and you can read about each one over on Apple's security page.
The iOS 13.3 update also added support for NFC, USB, and Lightning FIDO2-compliant security keys in the Safari browser.
If you missed iOS 13.2, it had 16 new security patches on board. You can read about all of them on Apple's website right here.
iOS 13.1.1 brought a security patch for a third-party keyboard issue to your iPhone. If you're interested in the particulars, you can read about them over on Apple's website.
If you passed on installing iOS 13.1, you get an additional patch with your iOS 13.3.1 update. You can learn more right here.
If you're moving up from iOS 12, you'll get iOS 13.0's nine security patches with your upgrade to iOS 13.3.1. Read about those here.
If you skipped iOS 12.4.1 or any older versions of iOS 12, you'll get their security patches with your iOS 13.3.1 update.
iOS 12.4.1 only had one patch on board, but Apple's iOS 12.4 brought 19 security patches to the iPhone. If you're interested in the specifics, you can read about them on right here.
In addition to those patches, iOS 13 itself comes with some security and privacy upgrades including improved anti-tracking features in Safari and the ability to get rid of location metadata in your photos.
You also now have the ability to block apps from using Bluetooth and the ability to allow apps to access your location just once.
iOS 13 will also send you reminders about applications that track your data.
EFF: Ring app sends user data to third parties. Ring: Duh
The Ring app for Android is "packed with third-party trackers sending out a plethora of customers' personally identifiable information," claims the Electronic Frontier Foundation (EFF) in a new report.
"Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers," adds the EFF in the report, posted on the group's website yesterday (Jan. 27).
The EFF names those companies as AppsFlyer, Branch, MixPanel and, um, Facebook. The first three aren't household names, but they're well-known app-analytics firms that help developers see how their apps are used. All are present in many apps already on your smartphone, whether it's an Android phone or an iPhone.
In a statement to Tom's Guide, Ring denied that it was collecting this user information for nefarious or commercial purposes, and said that the data being collected was for Ring's exclusive use.
"Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience, and evaluate the effectiveness of our marketing," the statement said.
"Ring ensures that service providers' use of the data provided is contractually limited to appropriate purposes such as performing these services on our behalf and not for other purposes."
What you need to know
So should you worry that your Ring app is tracking your every move? Probably not.
Whether you use an iPhone or an Android phone, your smartphone is running dozens of apps that, like Ring's, send information to third parties for various purposes. Many of those apps sell that data to marketing companies, although it doesn't appear that Ring's app is among them.
How to disable third-party tracking on Ring cameras
While not all of the trackers mentioned in the EFF report are listed on this page, Ring camera owners can opt out of third-party tracking services by going to this page:
https://ring.com/third-party-services
How the EFF analyzed the Ring app
To analyze the traffic coming from the Ring app on an Android phone, the EFF used tools called MITMProxy and Frida. At first, Ring's encryption turned out to be so good that the EFF researchers couldn't see what was being transmitted.
The EFF report says Ring's strong encryption is a bad thing because it can "prevent security researchers and users from seeing exactly what information these devices are sending."
We never thought we'd see the EFF agree with the FBI and the U.S. Department of Justice on that point.
Ring has been in the spotlight for a couple of reasons. First, many of its customers set up their Ring accounts with weak or reused passwords, making it easy for jerks to access those accounts and get Ring indoor cameras to say rude things to little kids.
While Ring did not make it obvious at first, you can lock down your Ring camera's security by enabling its two-factor authentication option.
The other reason may be political. Ring asks its customers to share footage from Ring video doorbells and other Ring home security cameras with local police forces who might want to track miscreants.
That may or may not reduce crime. But it has set off alarms among privacy advocates worried that we're "surveillance capitalism," in which Big Brother looks a lot like Amazon CEO Jeff Bezos, whose company owns Ring.
The EFF hints at this angle in its report on the Ring app: It says the company "profit[s] from a surveillance network which facilitates police departments' unprecedented access into the private lives of citizens."
That's a valid point, although we would use less loaded language. What we'd really like to see is the EFF and other privacy advocates analyze the data-sharing behavior of all major security-camera and video-doorbell apps -- Arlo, Nest, Wyze and so on -- instead of just focusing on the one that's currently making headlines.
No comments:
Post a Comment