News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

Newsletter Archives

  • Take control of your privacy – iPhone & iPad

    Posted on April 5th, 2021 at 01:02 Comment on the AskWoody Lounge

    APPLE

    Take control of your privacy – iPhone & iPad

    Nathan Parker

    By Nathan Parker

    Apple heavily promotes its devices and services as being focused on your privacy, especially for those who heavily use Apple’s built-in apps and services.

    Apple has a prominent page on its site devoted to its view of privacy.

    Read the full story in the AskWoody Plus Newsletter 18.12.0 (2021-04-05).

    Apple, AskWoody Plus Newsletter, Privacy , , , ,

  • Here’s looking at you, kid: the child-cam scam

    Posted on March 1st, 2021 at 01:06 Comment on the AskWoody Lounge

    PUBLIC DEFENDER

    Here’s looking at you, kid: the child-cam scam

    By Brian Livingston

    It’s terrible when no one is paying attention to you. But it’s much worse when someone is paying attention to you whom you don’t WANT to be paying attention to you.

    Around the world, millions of nursery schools, daycare centers, and private homes have installed “child cams.” These are intended to allow parents to see what their kids and caregivers are doing at daycare, how their infants are sleeping in a crib room, and so on. Many of the systems allow the video to be viewed from a distance across the Internet.

    Read the full story in AskWoody Plus Newsletter 18.8.0 (2021-03-01).

    AskWoody Plus Newsletter, Public Defender, Security , , ,

  • Business cyber insurance: A sea change

    Posted on November 15th, 2020 at 21:00 Comment on the AskWoody Lounge

    SMALL-BUSINESS COMPUTING

    By Amy Babinchak

    For IT businesses — and by extension, their clients — adapting to a rapidly shifting technology environment has been a challenge.

    Not the least of those changes is insuring for data-related privacy and security losses.

    Not that long ago, insuring my business was relatively simple. We were covered primarily for liability and errors/omissions. Today, the array of events covered by my policy is mind-boggling — much of it focused on data security and privacy.

    Read the full story in AskWoody Plus Newsletter 17.45.0 (2020-11-16).

    AskWoody Plus Newsletter, Small Business Computing , , , ,

  • Privacy update: Brave is the most private browser, Edge blabs like crazy

    Posted on March 2nd, 2020 at 15:12 Comment on the AskWoody Lounge

    An interesting white paper from Prof Leith, Trinity College, Dublin (PDF):

    We measure the connections to backend servers made by six browsers: Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser, during normal web browsing. Our aim is to assess the privacy risks associated with this back-end data exchange. We find that the browsers split into three distinct groups from this privacy perspective. In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari and in the third (least private) group lie Edge and Yandex…

    [When typing the text leith.ie/nothingtosee.html,] Edge sends text to www.bing.com as it is typed. A request is sent for almost every letter typed, resulting in a total of 25 requests. Each request contains contains a cvid value that is persistent across requests although it changes across browser restarts. Once the typed URL has been navigated to Edge then makes two additional requests: one to web.vortex.data. microsoft.com and one to nav.smartscreen.microsoft.com. The request to nav.smartscreen.microsoft.com includes the URL entered while the request to web.vortex.data.microsoft.com transmits two cookies…

    For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed…

    From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft [emphasis added] and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.

    So it looks like the new Edge (Leith says the tested version is 80.0.361.48, which is definitely Chredge) not only tracks what you’re doing, it flags all of your actions with a hardware-unique identifier.

    Somebody tell me again how Microsoft values your privacy?

    Thx Catalin Cimpanu.

    Windows News ,

  • Apple to enhance Siri privacy protection

    Posted on August 29th, 2019 at 16:05 Comment on the AskWoody Lounge

    From Nathaniel Parker:

    Apple has recently made a statement concerning a series of privacy enhancements to Siri as a followup to Apple’s halting of employees listening to Siri requests as part of their “grading” program

    After briefly mentioning how Siri protects customer privacy in its current iteration and a brief description of how Siri’s “grading” program works, Apple issued an apology for how it has not fully communicated the current “grading” program, has reiterated that the current program is now halted, and has also announced that the program will be resumed in the fall after a software update (likely in iOS 13 and the other major Apple operating system updates that utilize Siri).

    When the “grading” program resumes in the fall, the following changes will be made, according to Apple’s statement:

    • First, Apple will no longer retain audio recordings to help improve Siri. Apple will, however, continue to use computer-generated transcripts to help improve Siri.
    • Second, Apple will allow customers to opt-in to help improve Siri by learning from their audio samples. Those who choose to opt-in can also choose to opt-out anytime, and Apple will apply strong privacy controls to this collected data.
    • Third, when customers do opt-in to help improve Siri by learning from their audio samples, only Apple employees (not third-party contractors) will be able to listen to the audio samples. Apple employees will also work to delete audio samples which are determined to inadvertently trigger Siri.

    Two points Apple did not specifically include in the statement are:

    • Whether customers can choose to opt-in or opt-out of allowing Apple to use computer-generated transcripts to help improve Siri. From the reports I have read on other Apple and tech news sites, it sounds as though Apple will continue to use computer-generated transcripts to help improve Siri, without the ability for customer’s to opt-out (although the data should be randomized as to not tie it to a user’s personal information according to Apple’s current iteration of Siri’s privacy protections).
    • Whether customers will need to upgrade to iOS 13 (or the other major Apple operating system updates that utilize Siri) to take advantage of the new “grading” program opt-in. I am concerned especially for those on older Apple hardware that cannot upgrade to the latest operating system updates and wonder if Apple would possibly address such concerns in minor updates to older Apple operating system releases.

    In general, I trust Apple’s privacy stance with Siri more than I do Apple’s competitors.

    With Apple’s competitors such as Amazon (Alexa), all of my Alexa recordings are stored in Amazon’s servers and tied to my Amazon account (although I can delete any of my recordings anytime).

    It is good, however, that Apple is addressing concerns with and is being forthcoming with the current Siri “grading” program and making the necessary adjustments this fall. I hope Apple will clarify the other two points above, and I look forward to seeing how Apple fully rolls out the new privacy enhancements this fall.

    I respect Apple for working hard to keep privacy at the forefront of the customer experience, and it another reason I enjoy using Apple’s products and services.

    Apple ,

  • Microsoft contractors listen to some Skype calls

    Posted on August 8th, 2019 at 06:15 Comment on the AskWoody Lounge

    Joseph Cox on Motherboard/Vice has a startling discovery:

    Contractors working for Microsoft are listening to personal conversations of Skype users conducted through the app’s translation service, according to a cache of internal documents, screenshots, and audio recordings obtained by Motherboard. Although Skype’s website says that the company may analyze audio of phone calls that a user wants to translate in order to improve the chat platform’s services, it does not say some of this analysis will be done by humans.

    Like other voice snooping revelations in recent weeks — by both Apple and Google — this fiasco appears to be limited to a very small subset of all translated conversations. And it appears to be covered by a tiny clause in a terms of service agreement. But it still makes me wonder what kind of corporate culture allows this sort of thing to happen — not just at Microsoft.

    UPDATE: That was quick… Lexington Law Group is seeking class action status for a lawsuit against Apple for listening to Siri commands. Thx Bogdan Popa.

    Other

  • Apple’s revelations about keeping/scanning Siri recordings demand a response

    Posted on July 29th, 2019 at 10:11 Comment on the AskWoody Lounge

    Excellent article out this morning from Johnny Evans in Computerworld.

    You may have heard on Friday the Guardian assertion:

    Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or “grading”, the company’s Siri voice assistant

    For a company that touts its privacy superiority, that’s clearly way over the line. Even I was shocked – and I’ve been jaded by years of Microsoft’s snooping.

    This morning, Johnny Evans published a clear plan for fixing the wrongs:

    • Apple should introduce much clearer and easier to understand privacy warnings around use of Siri on its devices.
    • When setting up Siri on a new device you as a user should be given the chance to explicitly reject use of your voice for any purpose other than the original request.
    • Apple should bring this [contracted human snooping] work in-house, become completely accountable for what its voice workers and management do with these recordings, and ensure customers have some way in which to punish any infraction of their data privacy.
    • In the event Siri is invoked but no specific request is made, the system should be smart enough to ignore the interaction and delete any recording made as a result of that interaction.
    • Only in those instances in which different voice recognition systems can’t find a way to agree on what is said should human ears be necessary.

    It’s an excellent article. Windows users take note.

    Other , ,

  • Cimpanu: The US Govt Accountability Office recommends the US adopt GDPR-like privacy legislation

    Posted on February 17th, 2019 at 07:48 Comment on the AskWoody Lounge

    It’s about time.

    Catalin Cimpanu, writing for ZDNet, has some great news:

    An independent report authored by a US government auditing agency has recommended that Congress develop internet data privacy legislation to enhance consumer protections, similar to the EU’s General Data Protection Regulation (GDPR).

    The report (PDF) recommends:

    Congress should consider developing comprehensive legislation on Internet privacy that would enhance consumer protections and provide flexibility to address a rapidly evolving Internet environment. Issues that should be considered include what authorities agencies should have in order to oversee Internet privacy, including appropriate rulemaking authority.

    It’s about time. (Although it looks like the report was published on January 15. First I’ve heard of it.)

    Other

  • New, improved privacy in Win10 1803 may not be what you think

    Posted on January 31st, 2018 at 05:32 Comment on the AskWoody Lounge

    I’ve been reading the wave of mainstream articles that followed Marisa Rogers’s publication last week of an official Microsoft notice about new privacy features in the next version of Windows.

    Being the skeptic that I am, the articles sounded to me like Microsoft Press Releases bouncing around the blogosphere — long on accolades, short on real-world experience. Sadly, we’re seeing a whole lot of “reporting” like that these days.

    So it heartens me to see a hard-boiled look at the new feature, from my old friend Preston Gralla. In his Computerworld opinion piece Don’t believe Microsoft’s latest privacy hype, Gralla hit it right on the nose:

    Microsoft got plenty of kudos for the new tool. For the company, that was mission accomplished. But it was anything but that for users. The Diagnostic Data Viewer is a tool that only a programmer could love — or understand. Mere mortals, and even plenty of programmers, will be baffled by it, and they won’t gain the slightest understanding of what data Microsoft gathers about them.

    His conclusion:

    Microsoft should change this. It should release a simple-to-use tool that shows in granular detail and in plain English exactly what diagnostic information is being sent to Microsoft. People should then be allowed to opt in or out for every type of diagnostic information that is sent. And everyone should be able to do that, not just those who have a specific version of Windows 10.

    With the EU apparently poised to do some real privacy protection — I’m not talking about the glossy installation switches in Win10 1703 and later, which are all hat and no cattle — the topic’s going to get heated in the next few months.

    If you want to know the real, nitty-gritty story on Win10 privacy — which settings do what, and how it all fits together — take a look at Martin Brinkmann’s The Complete Windows 10 Privacy Guide: Windows 10 Fall Creators Update version. I have a link to it over on the right side of this page.

    That’s the meat. Don’t settle for the sizzle.

    Windows News ,

  • Privacy, Apple style

    Posted on September 28th, 2017 at 11:12 Comment on the AskWoody Lounge

    Apple may be hobbling its advertising revenue by its strict adherence to privacy-friendly policies, but it’s getting a lot of respect at the same time.

    Read about it in Rene Ritchie’s article in iMore:

    Apple, because of its own business model, has no need to persist our data, our behavior, and our relationships on its servers. What’s more, by virtue of the company’s belief in privacy and security, it wants no part of our data. Instead, it encrypts our data end-to-end in transit and purges it as quickly as is practical.

    I’m not saying it’s perfect. I’m saying it sounds better than Google and Microsoft.

    Other

  • Google will no longer scan Gmail to serve up personalized ads

    Posted on June 23rd, 2017 at 17:14 Comment on the AskWoody Lounge

    It’s a remarkable development. Martin Binkmann at gHacks reports that Google’s giving up on its email scanning.

    Wouldn’t surprise me a bit if EU privacy concerns prompted the move. Whatever the impetus, the result is important. Google stopped scanning email in paid accounts and educational accounts years ago. This is another step in the right direction.

    Far as I know, Microsoft still scans the subject line in free Hotmail/Outlook.com mail accounts.

    Other ,

  • HIPAA compliance using Win10 Enterprise

    Posted on April 14th, 2017 at 06:40 Comment on the AskWoody Lounge

    Here’s an excellent article about walking the thin line between modern technology and HIPAA (think: keeping private information private in the US — if that isn’t an oxymoron). From HIPAA One, Steven Marco, Arch Bear, and Markus Muller have put together an insightful analysis. From the introduction:

    In today’s computing environment, record-breaking data breaches (e.g. Premera Blue Cross with 11+ Million members breached in 2015) that include healthcare identity theft have increased by over 20% year-over-year between 2012 and 2014

    1. It is no surprise most of us feel we have lost control of our personal data

    2 . This is especially true in the healthcare industry in the form of data breaches and HIPAA Privacy violations.

    Simultaneously, massive populations of users are fully-embracing new mobile applications to store and share data across platforms. As a result, cloud computing has bridged the gap between consumer devices and sensitive data. Is there a price to pay for our love affair with cloud-based apps and mobile devices?

    As a cloud-based technology user, have you ever wondered about the safeguards protecting your personal and health information? Ever contemplated how modern operating systems like Google Android, Apple iOS and Microsoft Windows 10 access your data to provide cloud
    powered features?

    For example, Siri, the Dragon dictation cloud, Google Voice search and Docs all send voice recordings to the cloud and back while other built-in OS features share contacts between apps. How do these cloud-powered features impact these risks?

    If a medical facility utilizes voice-to-text technology (e.g. by saying “Hey Cortana”, “Siri” “OK Google”, or “Alexa”) to dictate notes about a patient, that information is automatically exchanged with the cloud. Without a business associate agreement, that medical facility could
    face a HIPAA violation. How do we combine the past 30 years of email-use, file and print sharing with today’s cloud-enabled apps securely?

    These questions and concerns are currently top-of-mind for IT and legal professionals responsible for managing electronic Protected Health Information (ePHI) while ensuring and maintaining HIPAA compliance. In light of the recent focus on HIPAA enforcement actions, hospitals, clinics, healthcare clearinghouses and business associates are trying to understand how to manage modern operating systems with cloud features to meet HIPAA regulatory mandates. Additionally, many of these healthcare organizations are under pressure to broadly embrace the benefits of cloud computing.

    Microsoft has invested heavily in security and privacy technologies to mitigate today’s threats.

    Lounger zero2dash, who posted the original link to this story, says:

    They configured the heck out of 10 AU Enterprise to not phone home, and it did it anyway. Very interesting to see all the settings they tweaked in GP but still saw all the traffic going to MS.

    Having to deal with PCI Compliance is bad enough for me; I’m glad I don’t have to try to keep our environment HIPAA compliant.

    Well worth reading (PDF).

     

    Windows News ,
  • « Older Entries

Recent Replies

Recent Topics

April 2021
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  

Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.