Tech Giants GDPR Privacy Settings Unethical Says Council

The ‘Deceived By Design’ report by the government-funded Norwegian Consumer Council has accused tech giants Microsoft, Facebook and Google of being unethical by leading users into selecting settings that do not benefit their privacy.

Illusion of Control

The report alleges that, far from actually giving users more control over their personal data (as laid out by GDPR), the tech giants may simply be giving users the illusion that this is happening. The report points to the possible presence of practices such as:

– Facebook and Google making users who want the privacy-friendly option go through a significantly longer process (privacy intrusive defaults).

– Facebook, Google and Microsoft Windows 10 using pop-ups that direct users away from the privacy-friendly choices.

– Google presenting users with a hard-to-use dashboard with a maze of options for their privacy and security settings. For example, on Facebook it takes 13 clicks to opt out of authorising data collection (opting in can take just one).

– Making it difficult to delete data that’s already been collected. For example, deleting data about location history requires clicking through 30 to 40 pages.

– Google not warning users about the downside of personalisation e.g. telling users they would simply see less useful ads, rather than mentioning the potential to be opted in to receive unbalanced political ad messages.

– Facebook and Google pushing consumers to accept data collection e.g. with Facebook stating how, if users keep face recognition turned off, Facebook won’t be able to stop a stranger from using the user’s photo to impersonate them, while not stating how Facebook will use the information collected.

Dark Patterns

In general, the reports criticised how the use of “dark patterns” such as misleading wording and default settings that are intrusive to privacy, settings that give users an illusion of control, hiding privacy-friendly options, and presenting “take-it-or-leave-it choices”, could be leading users to make choices that actually stop them from exercising all of their privacy rights..

Big Accept Button

The report, by Norway’s consumer protection watchdog, also notes how the GDPR-related notifications have a large button for consumers to accept the company’s current practices, which could appear to many users to be far more convenient than searching for the detail to read through.

Response

Google, Facebook and Microsoft are all reported to have responded to the report’s findings by issuing statements focusing on the progress and improvements they’ve made towards meeting the requirements of the GDPR to date.

What Does This Mean For Your Business?

GDPR was supposed to give EU citizens much more control over their data, and the perhaps naive expectation was that companies with a lot to lose (in fines for non-compliance and reputation), such as the big tech giant and social media companies would simply fall into line and afford us all of those new rights straight away.

The report by the Norwegian consumer watchdog appears to be more of a reality check that shows how our personal data is a valuable commodity to the big tech companies, and that, according to the report, the big tech companies are willing to manipulate users and give the illusion that they are following the rules without actually doing so. The report appears to indicate that these large corporations are willing to force consumers to try to fight for rights that have already been granted to them in GDPR.

 IF YOU’RE STRUGGLING WITH GDPR CALL US ON 0203 005 9650 FOR SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

New, Improved Wi-Fi Security Standard WPA3 Starts Rollout

The non-profit, global trade group, the Wi-Fi Alliance, has announced the commencement of the rollout of the new Wi-Fi Protected Access (WPA) protocol WPA3 which should bring improvements in authentication and data protection.

What’s Been The Problem?

There are estimated to be around 9 billion Wi-Fi devices in use in the world, but the current security protocol, WPA2, dates back to 2004. The rapidly changing security landscape has, therefore, left many Wi-Fi devices vulnerable to new methods of attack, fuelling the calls for the fast introduction of a new, more secure standard known as WPA3.

WPA2 Vulnerabilities

For example, WPA2 which is mandatory for Wi-Fi Certified devices, is known to be vulnerable to offline dictionary attacks to guess passwords. This is where an attacker can have as many attempts as they like at guessing Wi-Fi credentials without being on the same network. Offline attacks allow the perpetrator to either passively stand and capture an exchange, or even interact with a user once before finding-out the password. Using Wi-Fi on public networks with the current protocol has also left people vulnerable to ‘man-in-the-middle’ attacks or ‘traffic sniffing’.

One key contributor to the vulnerability of using Wi-Fi with the WPA2 standard is the home / business using obvious / simple passwords.

What’s So Good About WPA3?

The new WPA3 standard has several advantages. These include:

  • The fact that WPA3 has been designed for the security challenges of businesses, although it has two modes of operation: Personal and Enterprise.
  • The equivalent of 192-bit cryptographic strength, thereby offering a higher level of security than WPA2.
  • The addition of Easy Connect, which allows a user to add any device to a Wi-Fi network using a secondary device already on the network via a QR code. This makes the connection more secure and helps simplify IoT device protection.
  • WPA3-Personal mode offers enhanced protection against offline dictionary attacks and password guessing attempts through the introduction of a feature called Simultaneous Authentication of Equals (SAE). Some commentators have suggested that it ‘saves users from themselves’ by offering improved security even if a user chooses a more simple password. It also offers ‘forward secrecy’ to protect communications even if a password has been compromised.
WPA2 and WPA3 in Tandem

The current standard WPA2 will be run in tandem with the new WPA3 standard until the standard becomes more widely used.

Protection Against Passive Evesdropping

In June, the Wi-Fi Alliance also announced the rollout of the Wi-Fi Enhanced Open, a certification program. This provides protection for unauthenticated networks e.g. coffee shops, hotels and airports, and protects connections against passive eavesdropping without needing a password by providing each user with a unique individual encryption that secures traffic between their device and the Wi-Fi network.

What Does This Mean For Your Business?

Wi-Fi security and the security of a growing number of IoT devices has long been a source of worry to individuals and businesses, particularly as the nature and variety of attack methods have evolved while the current security standard is 14 years old.

The introduction of a new, up-to-date standard / protocol which offers greater security, has been designed with businesses in mind, offers more features, and protects the user from their own slack approach to security is very welcome. WPA3 will be particularly welcomed by those who use networks to send and receive very sensitive data, such as the public sector or financial industry.

Globalnet IT Innovations offer a range of managed IT services and on-demand IT services, including secure Internet and Wi-FI solutionsCall us on 0203 005 9650 to speak to one of our IT consultants and discover how we can help you reach your business goals.

 

Samsung Phones Sending Photos Without Permission

The Samsung Galaxy S9, Galaxy S9+ and Note 8 are all reported to have been recently affected by a bug in the Samsung Messages app that sends out photos from the user’s gallery without their permission … to random contacts.

What Happens to Photos?

According to Samsung phone users on social media and the company’s forum, some users have been affected by a bug in the default texting app on Galaxy, Samsung Messages. Reports indicate that the bug causes Samsung Messages to text photos stored in a user’s gallery to a random person listed as contact. The user is not informed that the pictures have been sent, or to whom, and there has even been one reported complaint that a person’s whole gallery was sent to a contact in the middle of the night!

Samusing Messages Bug Speculation

Although there is no conclusive evidence concerning the cause, online speculation has centred on the bug being related to the interaction between Samsung Messages and recent RCS (Rich Communication Services) profile updates that have rolled out on carriers including T-Mobile. These updates have been rolled out to add updated and new features to the outdated SMS protocol e.g. better media sharing and typing indicators.

Acknowledged by Samsung

Samsung is reported to have acknowledged the reports of problems with Messages, and is said to be looking into them. Samsung is also reported to have urged concerned customers to contact them directly on 1-800-SAMSUNG, and the company supposedly have been in contact with T-Mobile about the issue. T-Mobile is recorded as saying that it is not their issue.

What Can You Do?

As well contacting Samsung, and in the absence of any definitive news of a fix as yet, there are two main possible fixes that Samsung owners can pursue. These are:

  1. To go into the phone’s app settings and revoke Samsung Messages’ ability to access storage. This should stop Messages from sending photos or anything else stored on the device.
  2. Switch to a different texting app e.g. Android Messages or Textra. There are no known reports of these being affected by the same bug.
What Does This Mean For Your Business?

People pay a lot of money to get the latest phones and to get the right contracts to allow for the high volume of communications associated with business use. It is (at the very least) annoying, but more generally scary and potentially damaging that personal, private image files can be randomly sent. These photos could, for example, contain commercially sensitive information that could put a company’s competitive advantage at risk if sent to the wrong person. Also, some photos could cause embarrassment for the user and / or the subject of the photo, and could damage business and personal relationships if they fell into the wrong hands. Some photos sent to the wrong person, as well as compromising privacy, could pose serious security risks.

At a time when we acknowledge that photos of ourselves / our faces stored by e.g. CCTV cameras are our personal data, Samsung could find itself on the wrong end of GDPR-related and other lawsuits if found to be directly responsible for the bug and its results.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

Submit Your Dash-Cam Footage To Police

A new website has been launched by manufacturer Nextbase allowing drivers to upload their dash-cam footage of dangerous drivers they’ve filmed, thereby making it easy for drivers to submit their footage to the police.

Initiative

The initiative, which has already received widespread praise, allows owners of any brand of dash-cam, action camera, mobile phone or any other type of camera from any manufacturer to upload footage to the National Dash-Cam Safety Portal (NDSP), and then to send it on to the appropriate local England or Wales police force.

As well as uploading footage, drivers can use the free portal to submit witness statements, all of which are securely stored, and only viewable by the police force to which they are submitted.

How Does It Work?

Part of the Nextbase website, the portal at https://www.nextbase.co.uk/national-dash-cam-safety-portal/ shows a clickable map of England and Wales divided into regions. Drivers with footage to submit are asked to click on the region where the incident recorded took place. Clicking on the geographic region then reveals the police force for all regions. Clicking on the relevant police force region should, when / if the police force has chosen to use the portal, send you to the relevant police force website and allow you to submit your statement and footage.

Drivers submitting footage are also prompted to contact their local force by email or by calling 101, and to email their witness statement to a given police email address in order to help speed up the process of reporting the incident.

Since the initiative is still in its early stages, many of the relevant police forces are not yet fully participating in the video-submitting system.

Dash-Cam Footage Can Be Used In Court

Dash-cam footage can provide useful information and evidence in court cases and the first jail sentence for dangerous driving that used dash cam footage as its main evidence took place in 2015.

Things To Remember

Drivers submitting footage and statements via the portal should be aware that by doing so they are filing an official police report, the process can require the driver to take time to answer lots of questions, and that there is a possibility that they may be required to appear in court. Also, if the footage shows the driver who submitted the footage to be breaking the law e.g. speeding to catch up with and film the perpetrator, they may also be prosecuted.

The NDSP web page provides FAQs to answer questions about the type / quality of footage and the process.

What Does This Mean For Your Business?

Anyone who drives on UK roads, particularly as part of their job and / or their daily commute is likely to have witnessed dangerous or irresponsible driving. Dash-cams have provided one way for drivers to have some fall-back protection against the reckless and / or criminal actions of others and against potentially costly insurance implications. Footage provides something more than just testimony and conjecture.

The big advantage of the NDSP portal is that, for the first time, it provides a central point for drivers to go to submit footage, and it simplifies the process of submitting footage and statements to the correct police force.

Critics could argue, however, that this initiative could be promoting a trade-off between road safety and privacy, and could be encouraging a culture of citizen surveillance and suspicion.

For Nextbase, the portal (and the media reports about it) will provide some positive publicity if the system works properly and securely, and since it is part of their product website, could even lead to some more sales of dash-cams.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

Tech Tip – Save Space By Quickly Creating Compressed Folders

If you’re running Windows and you’d like to save some space on your disk, there is a way to quickly pack files into a compressed archive, with no third-party software required. Here’s how:

– Select the files you want to compress.

– Right-click on part of the selection.

– Choose ‘Send to and Compressed’ (zipped) folder.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.