Blog 

Google finally reveals the amount of data Gmail collects on iPhone


Wow! Damn interesting the amount of information Apple and Google are gathering on YOU.

Wouldn't be so bad if only *they* used the information, but under suboena the government can make your life a living hell.


In a nutshell:

  • Your purchases
  • Your travels
  • Your  email, phone numbers, addressess
  • Your friends and other people you have contact with
  • Your documents and spreadsheet content
  • Your searches
  • Your web browsing sites
  • Your usage habits on your phone, pc, and other devices

and something that is only called "OTHER DATA".

There are ways to break the connection with Google on your phone, but so far no way of doing this on Apple devices.

-Stu

 


 

 

Google finally reveals the terrifying amount of data Gmail collects on iPhone
 

  • Google has finally revealed the terrifying amount of data apps like Gmail and YouTube can collect from iPhone and iPad.
  • Google started submitting App Privacy labels for it some of its iOS apps after facing criticism that it delayed app updates to delay implementing the mandatory iOS 14 privacy features.
  • Both Gmail and YouTube collect plenty of user data for different purposes, including information used for third-party advertising purposes.

Apple’s new iOS 14 privacy features sent shockwaves through the advertising industry last fall when they started rolling out. Apple will not stop advertisers from tracking users across the web and services, but it now forces developers to indicate all the personal data an app can collect and the purposes for said data collection. iPhone and iPad will also force developers to ask for permission to track users across apps and services. Facebook’s massive attack on Apple in mid-December is proof that the privacy changes are a big deal for companies that make money off of highly personalized ads. Those ads are based on the data users allow Facebook, Google, and others to collect about them in return for free access to their services. It’s the kind of trade-off that works in the trade industry. But users might not be aware of the scope of the data they give third-parties access to. That’s where Apple’s App Privacy labels in iOS 14 will help.

 

Unlike Facebook, Google did not make a big deal about Apple’s privacy features. But the company did delay updating its iOS apps for well over a month. Those updates are finally coming in, with major iPhone apps like YouTube and Gmail having just received their first major updates in several weeks. Unsurprisingly, there’s a massive amount of information that Google can collect from iPhone users.

 

As with Facebook’s privacy labels, Google’s labels indicate that its apps will collect plenty of user data for several purposes. This includes third-party advertising, analytics, product personalization, app functionality, and — the most annoying one — other purposes. These categories also contain an “other data types” section that suggests the apps can collect even more information than they’re ready to disclose.

Gmail App Privacy Label
An App Store screenshot of Gmail’s summary App Privacy label in iOS 14. Image source: App Store

 

The following comparison shows that Gmail and YouTube do not collect the same information for advertising purposes. YouTube hoards plenty of additional information compared to Gmail. All that data is used for Google to sell better-targeted ads that bring in more revenue. However, Google often says that it doesn’t share any user data with advertisers, and that’s true. Google doesn’t hand others this personal information, but it uses it to allow companies to target specific categories of users with specific types of ads.

 

 
Gmail App Privacy Label
App Privacy labels App Store screenshots show differences between Gmail (left) and YouTube (right) for the “third-party advertising” section. Image source: Chris Smith, BGR

Again, there’s no problem with Google and Facebook collecting all that data, and iOS 14 will not stop any developer from tracking users as long as apps obey its privacy rules. The apps have to list the data they collect, and they’ll have to ask permission for tracking.

 

However, these privacy labels could help users make more informed decisions about what sort of information they’re willing to allow apps to collect.

YouTube App Privacy Label

An App Store screenshot of YouTube’s summary App Privacy label in iOS 14. Image source: App Store

 


 

Created byStu Wise · Feb 24, 2021 ·  0 ·  0 · open 

Signal: The Pros and Cons of a Truly Private Chat App

Signal Messenger App: How to Develop a Secure Chat Solution

https://www.wsj.com/articles/signal-the-pros-and-cons-of-a-truly-private-chat-app-11592127002
 

Download Signal for Android

https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms

Download Signal for Apple

https://apps.apple.com/us/app/signal-private-messenger/id874139669

 
Download Signal for other Platforms

https://signal.org/download/

 

In 2013 Edward Snowden revealed that the United States government was spying on millions of American through phone wire taps, messaging wiretaps, and email wiretaps.
 


Because of this many people are moving their communications to encrypted messaging tools like Signal Enrypted Messaging


The pandemic (panic) drove unprecedented sign-ups on the encrypted messaging app, as people started communicating more online. Then, nationwide protests over police brutality prompted another round of records. Signal saw about one million downloads world-wide in May, according to analytics firm App Annie.

 

Protesters have flocked to the app. Even though people who organize and participate in protests are protected by the First Amendment, they often seek secure communication, out of caution. And if they do get into legal trouble, Signal is designed to limit the information the messaging service can give to the authorities.

 

That is what initially attracted privacy die-hards to Signal. In a 2015 talk, the app’s creator, Moxie Marlinspike, declared, “Privacy is at an all-time low, and surveillance is at an all-time high.” Signal was intended as the antidote.

 

In the intervening years the app has grown in popularity, with 32.4 million installs, according to data analytics firm Sensor Tower. It also has become a very useful, albeit bare-bones, messaging app. While Signal isn’t one of a kind— Facebook Inc.’s WhatsApp and Apple Inc.’s iMessage have similar end-to-end encryption—experts say Signal is the most secure.

 

If you aren’t already on Signal, you might be wondering: Should I be? This guide will help you answer that.

 
What exactly is Signal?

 

It’s a messaging app. It’s also a technology—Signal’s encryption protocol is used by platforms such as WhatsApp, and it is open-source, which allows any security researcher to scrutinize its code for flaws and verify that the encryption is as secure as Signal claims.

 
How does end-to-end encryption work?

 

 Encryption turns your messages and calls into a string of gibberish. Only the intended recipient is able to decrypt the message—no one else, not even the app’s maker. In fact, end-to-end encryption is so secure that it has drawn the ire of government officials, who say encrypted messaging apps make it difficult to track down criminals.

 

Even if you aren’t a criminal or concerned about government surveillance, there’s a strong argument for using encryption. It protects you from malicious actors keen on intercepting business secrets or credentials, as well as companies wanting to serve you personalized advertising.

 

Just remember, encryption doesn’t prevent a message’s recipient from taking a screenshot or passing it along, or from someone seeing your messages by gaining access to your phone. (Always use a strong passcode.)

 
What can I do on Signal?

 

You can send text and audio messages to individuals or groups, and make one-on-one voice or video calls over the internet or a data connection. Everyone involved must be on Signal.

 

There are mobile apps for Android, iPhone and iPad, as well as desktop apps for Mac, Windows and Linux. There is no support for  Chrome OS on Chromebooks.

 

Recently, Signal introduced a blur tool, which can be used to obscure faces or sensitive information on documents. To use it, tap on the camera icon from the main page of the app. Take a picture or select a photo from your library, then tap the checkered-circle blur icon.

 


Blurring sensitive parts of a picture

 

 
How can I make Signal messages even more private?

 

Disappearing messages: Select a conversation, and tap your contact’s name. There you can set a time between five seconds and one week, after which viewed messages will automatically delete.

 

View-once media: This mobile-only feature automatically removes a photo or video from a conversation once it has been viewed. From the main app page, tap the camera icon. Take a photo or select one from your library. At the bottom left of the screen, tap to switch the infinity-symbol icon to the “1x” icon.

 

Signal PIN: This prevents someone else from registering your phone number on Signal, an attack known as SIM swapping. Tap on your profile icon (top left), then Privacy, then enable Signal PIN.
 

 
Is Signal really better than WhatsApp and iMessage?

How do I download WhatsApp? | TechRadar                          iMessage App Icon

Both WhatsApp and iMessage offer end-to-end encryption by default, and it’s likely you already use at least one of them. So is Signal the superior app?

First you should compare what the apps are gathering.

Signal’s core mission, privacy, is evident throughout the design of the app. For example, when someone initiates a video call on Signal, your video isn’t automatically turned on when you pick up. You accept the call, then turn on your camera.

 

The app also doesn’t log much information (metadata) about the nature of the messages themselves. “Signal makes it a point to keep as little data as possible while still being able to provide service,” said Lujo Bauer, professor of computer science at Carnegie Mellon University.

 

In a recent blog post, Mr. Marlinspike boasted that the only data the U.S. government was able to obtain from a 2016 grand jury subpoena was the date of an account’s creation and the date of last use, nothing else.


One-Time Use photos
 

 

WhatsApp, on the other hand, tracks things like who you contacted and when, said Prof. Bauer. A spokeswoman said Facebook doesn’t provide WhatsApp data to law-enforcement agencies retroactively—the company only shares the transaction log data collected after it receives a valid legal request.

 

Apple also retains some metadata from iMessage (aka the Messages app). When you enter a phone number to message someone, Apple verifies whether the number is iMessage-compatible. A date and time of that lookup, along with the phone number, is saved for 30 days, then deleted. An Apple spokeswoman said Apple can’t determine if any communication took place—only whether a user looked at a contact or initiated an iMessage.
 

 

While that might not seem like much, metadata can easily serve as evidence. “Just knowing who the contacts of a target are can expand an investigation,” said Mary Fan, a law professor at the University of Washington.

 

Cloud backups, while convenient, are yet another potential vulnerability with popular apps. Media and messages stored in the cloud aren’t protected by end-to-end encryption on either WhatsApp or iMessage.

 

All Signal data is stored locally, which means when you buy a new phone, you need to manually transfer your old Signal messages over.

 

Because Signal isn’t owned by a tech giant and is backed by a nonprofit foundation—with $50 million from WhatsApp co-founder and Facebook ex-executive Brian Acton —it likely won’t ever show you ads.

 

Why might I not I use Signal?

 

WhatsApp and iMessage have more features. To name a few: temporary location sharing, which is useful for meetups, and group video chat—up to 8 on WhatsApp and 32 on Apple’s embedded FaceTime service.
 

Signal also doesn’t have those apps’ massive user base. WhatsApp has two billion users and Apple has sold nearly two billion iPhones. Your friends and family are more likely to use those companies’ messaging services. “I often find that whatever is the most convenient for people is what they’re most likely to use successfully,” Prof. Bauer said.

 

In other words, WhatsApp and iMessage are still more private and secure than plain SMS text messaging, and if that’s where your contacts are, then they are still a good option.

 

 

 

Created byStu Wise · Jan 3, 2021 ·  0 ·  0 · open 

Google will officially support running Chrome OS on old PCs


Over the past five years, a company called Neverware has allowed individuals, schools and businesses to essentially turn their old PCs and Macs into a Chromebook with its CloudReady software. The beauty of the operating system is that it allows you to extend the life of a computer that would otherwise be obsolete.


This week, Google acquired Neverware and now plans to make CloudReady into an official Chrome OS release. When that happens, Neverware says its existing users will be able to seamlessly upgrade to the updated software. Moreover, once that transition is complete, Google will support CloudReady in the same way that it currently does Chrome OS. In the immediate future, Neverware says it’s business as usual. The Home Edition of CloudReady isn’t changing, and the company says it’s committed to supporting its existing education and enterprise customers. Moreover, there’s no plan to change pricing at the moment, and Google will honor any current multi-year licenses.



Not only does this acquisition make a lot of sense from Google’s perspective, but it’s hard to see a downside for CloudReady users. The fact the operating system wasn’t officially supported by Google was one of the few downsides to the software. It meant you couldn’t install Android apps on CloudReady devices, even though it’s based on Chromium OS. With this acquisition, support for Android apps becomes much more likely. Direct support from Google will also make the software more appealing to schools and businesses since they can get help directly from the company if they have any technical issues.  

 

Created byStu Wise · Dec 17, 2020 ·  0 ·  0 · open 

Wow...Windows becomes based on Linux?!

 

For those of you not keeping up, Windows System for Linux (WSL) now allows unmodified Linux binaries to run under Windows 10. No emulation, no shim layer, they just load and go.This is a recent improvement for Microsoft.

At the Microsoft Build 2020 virtual developers' conference, CEO Satya Nadella announced that Windows Subsystem for Linux (WSL) 2.0 would soon support Linux GUIs and applications. That day is closer now than ever before. At the recent X.Org Developers Conference, Microsoft partner developer lead Steve Pronovost revealed that Microsoft has made it possible to run graphical Linux applications within WSL.


Microsoft has already ported Edge to run under Linux. There is only one way that this makes any sense, and that is it is using Edge as a trial run for moving the rest of the Windows to Linux.

Azure makes Microsoft most of its money. The Windows monopoly has become a sideshow, with sales of conventional desktop PCs (the only market it dominates) declining. Accordingly, the return on investment of spending on Windows development is falling. As PC volume sales continue to fall off , it’s inevitably going to stop being a profit center and turn into a drag on the business.

Now enter Proton.  Proton is the emulation layer that allows Windows games distributed on Steam (for Windows) to run over Linux. It’s not perfect yet, but it’s getting close.

So, you’re a Microsoft corporate strategist. What’s the profit-maximizing path forward given all these factors?

It’s this: You make Microsoft Windows become a Proton-like emulation layer over a Linux kernel, with the layer getting thinner over time as more of the support lands in the mainline kernel sources. The economic motive is that Microsoft sheds an ever-larger fraction of its development costs as less and less has to be done in-house.

Created byStu Wise · Oct 4, 2020 ·  0 ·  0 · open 

Joker Malware on Android Apps

 

If you’re unfamiliar with Joker, it is a particularly sneaky piece of malware that’s been circulating in apps delivered via the Google Play store to Android devices.


Typically, a small piece of software — that is but one component of Joker — is injected into the advertising framework or hidden in another part of an app. And when the user runs that app, if the user’s information, carrier network, and device meet certain criteria, another component of Joker kicks-in and downloads a more nefarious payload. When that payload is executed, Joker hides in the background on a device and silently spies on the user, stealing their contact lists, SMS messages, and other identifying data stored on the device. In addition, Joker mimics user interactions on premium advertising and subscription-based services, and leverages its access to SMS and other personal data to secretly sign people up for paid services.

 

Since it was first discovered, security researchers and Google have found numerous variants of Joker. When that happens, Google is usually quick to pull the affected apps from the Play Store and any parties involved will publish their findings. A couple of days ago, researchers in cloud security company Zscaler’s ThreatLabz team identified 17 new apps carrying Joker, which Google quickly removed from the Play Store. Those apps included:

  • All Good PDF Scanner
  • Mint Leaf Message-Your Private Message
  • Unique Keyboard - Fancy Fonts & Free Emoticons
  • Tangram App Lock
  • Direct Messenger
  • Private SMS
  • One Sentence Translator - Multifunctional Translator
  • Style Photo Collage
  • Meticulous Scanner
  • Desire Translate
  • Talent Photo Editor - Blur focus
  • Care Message
  • Part Message
  • Paper Doc Scanner
  • Blue Scanner
  • Hummingbird PDF Converter - Photo to PDF
  • All Good PDF Scanner

 

I recommend paying close attention to the permission list in the apps that you install on your Android device.

Watch out for the odd permissions unrelated to SMS, call logs, contacts, etc.

Reading the comment or reviews on the app page also helps identify compromised apps. Look for people complaining about unusual behaviors.

Created byStu Wise · Sep 28, 2020 ·  0 ·  0 · open