Apple Launches New Consumer-Friendly Privacy Site

Apple this morning launched a revamped and redesigned Privacy website designed to make its privacy policies more accessible to consumers.

The new site better outlines how Apple's commitment to privacy benefits users through concrete examples of features like Apple Pay and an iPhone's passcode, and it explains how Apple uses encryption, Differential Privacy, and strict app guidelines to protect users.


Apple has a section on the new privacy site that cover all of its apps and features, including iMessage, Apple Pay, Health, Analytics, Safari, iCloud, CarPlay, Education, Photos, Siri, Apple Music, News, Maps, and more.

It's incredibly detailed and explains the security measures and privacy features built into each and every feature.


There's also a new feature on how to secure devices with a passcode and Touch ID, and how to keep your Apple ID safe with a strong password, two-factor authentication, and an awareness of scams and phishing attempts. It explains how these features work, and beyond that, why customers should want to use them.


Apple has long had a transparent privacy policy and has outlined all of its privacy practices on its website, but this new site does so in a way that's easier for customers to understand and digest in just a few minutes. For anyone who has a question about one of Apple's products, the new site is worth checking out.

Tag: privacy

Discuss this article in our forums

Telegram Encrypted Chat App Gains Self-Destructing Video and Photo Messages

Encrypted messaging app Telegram received an update on Sunday that makes it the latest chat platform to embrace Snapchat-style disappearing messages.

Up until now, Telegram users have only been able to send text-based "secret chats" that self-delete, but in version 4.2 of the app they can now share videos and photos armed with a self-destruct timer.


Timers are set using the clock icon in the media picker and can be anything up to one minute long. The countdown starts the moment the recipient opens the photo or video that's sent, and the sender is notified if the recipient tries to take a screenshot of the disappearing media.

Elsewhere in the update, there's an improved photo editor and a speed boost for media downloads from large public channels, thanks to new encrypted content delivery networks.

Lastly, users can now add a bio to their profile in settings, so that people in large group chats know who they are. Telegram is a free download for iPhone and iPad from the App Store. [Direct Link]


Discuss this article in our forums

Changes to iCloud Put Apple on Collision Course With Governments Seeking Access to Encrypted Messages

Apple has sent its top privacy executives to Australia twice in the past month to lobby government officials over proposed new laws that would require companies to provide access to encrypted messages.

According to the Sydney Morning Herald, Apple privacy advocates met with attorney general George Brandis and senior staff in Prime Minister Malcolm Turnbull's office on Tuesday to discuss their concerns about the legal changes, which could compel tech companies to provide decryption keys to allow access to secure communications such as that provided by WhatsApp and iMessage.

Apple has consistently argued against laws that would require tech companies to build so-called "back doors" into their software, claiming that such a move would weaken security for everyone and simply make terrorists and criminals turn to open-source encryption methods for their digital communications.

While Apple's position is clear, the Turnbull government has yet to clarify exactly what it expects tech companies to give up as part of the proposals. A source familiar with the discussions said that the government explicitly said it did not want a back door into people's phones, nor to weaken encryption.

However, given that encrypted services like WhatsApp and iMessage do not possess private keys that would enable them to decrypt messages, a back door would seem the only alternative. "If the government laid a subpoena to get iMessages, we can't provide it," CEO Tim Cook said in 2014. "It's encrypted and we don't have a key."

As it happens, Cook's comment only applies to iMessages that aren't backed up to the cloud: Apple doesn't have access to messages sent between devices because they're end-to-end encrypted, but if iCloud Backup is enabled those messages are encrypted on Apple's servers using an encryption key that the company has access to and could potentially provide to authorities.

However, Apple is moving in the same direction as WhatsApp and Telegram to make encryption keys entirely private. As announced at WWDC in June, macOS High Sierra and iOS 11 will synchronize iMessages across devices signed into the same account using iCloud and a new encryption method that ensures the keys stay out of Apple's hands.

As senior VP of software Craig Federighi noted in interview with Daring Fireball's John Gruber, even if users store information in the cloud, "it's encrypted with keys that Apple doesn't have. And so they can put things in the cloud, they can pull stuff down from the cloud, so the cloud still serves as a conduit — and even ultimately a kind of a backup for them — but only they can read it."

How this will play out in Apple's discussions with the Australian government – and indeed other governments in the "Five Eyes" intelligence sharing network seeking similar access to encrypted communications – is anything but clear. According to sources, Apple and the Turnbull government are taking a collaborative approach in the discussions, but previous statements by officials imply a tougher stance behind the scenes.

Last week, Senator Brandis said the Australian government would work with companies such as Apple to facilitate greater access to secure communications, but warned that "we'll also ensure that the appropriate legal powers, if need be, as a last resort, coercive powers of the kind that recently were introduced into the United Kingdom under the Investigatory Powers Act... are available to Australian intelligence and law enforcement authorities as well".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Encrypted Chat App Telegram to Remove Terrorist Content Following Ban Threat in Indonesia

Telegram is to form a team of moderators to remove terrorist-related content from the encrypted messaging platform in Indonesia, after the country's government threatened to ban the app.

Indonesia's Ministry of Communications and Information Technology has already blocked access to the web version of the chat platform, citing concerns that it was being used to spread "radical and terrorist propaganda" in the country, according to Reuters.

"This has to be done because there are many channels on this service that are full of radical and terrorist propaganda, hatred, ways to make bombs, how to carry out attacks, disturbing images, which are all in conflict with Indonesian law," the communications ministry said in a statement on its website.
Telegram co-founder Pavel Durov said on Sunday that the service had blocked channels reported by the government and that it would take further action to remove the illegal content.
"We are forming a dedicated team of moderators with knowledge of Indonesian culture and language to be able to process reports of terrorist-related content more quickly and accurately," Durov said in a Telegram post quoted by Associated Press.
Telegram has been criticized by governments before for its use by terrorist groups to spread propaganda and recruit members. Last month Telegram agreed to provide basic information about the company to Russia after authorities threatened to block access to the service.

Despite pressure from governments, Telegram's founders have refused to bow to demands for backdoors into the platform for authorities to access encrypted messages, arguing that security and privacy are central tenets of the service.

Speaking to The Wall Street Journal on Sunday, Durov said Telegram is "heavily encrypted and privacy-oriented, but we're no friends of terrorists – in fact, every month we block thousands of ISIS-related public channels".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Australia to Push for Greater Powers on Encrypted Messaging at ‘Five eyes’ Meeting

Australia is set to push for greater international powers to thwart the use of encrypted messaging services by terrorists and criminals, according to reports on Sunday (via Reuters).

The topic will be addressed this week at a meeting of officials from the "Five Eyes" intelligence sharing network, which includes the U.S., the U.K, Canada, Australia, and New Zealand.

Australia claimed the increasing use of strong encryption on smartphones and other devices was hindering law enforcement's capacity to gather and act on intelligence, and said it wants tech companies to do much more to give intelligence and law enforcement agencies access to encrypted communications.

Security experts and privacy groups regularly argue that any such methods would simply weaken overall security for everyone.
"I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption," Australian Attorney General Senator Brandis said in a joint statement.

"These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies."
The announcement followed the U.K. government's recent statement of intent to pressure technology companies to do more to put an end to the "safe spaces" that the internet offers extremists. The country has also called for measures to "regulate cyberspace", following terror attacks in the country.

In related news, a leaked draft technical paper prepared by the U.K. government states that technology companies would be required to remove encryption from private communications and provide the raw data "in an intelligible form" without "electronic protection". However, it's not clear if the Conservatives still intend to pursue these powers after recent elections left the party with a minority government and a diminished mandate.

Last year Apple refused requests from the FBI to break the security of its mobile software, following the recovery of an iPhone used by the San Bernardino shooter. Apple argued the FBI's request would set a "dangerous precedent" with serious implications for the future of smartphone encryption. The dispute ended after the government found an alternate way to access the data on the iPhone through the help of professional hackers.

Last week, the European Union published draft proposals that would enforce end-to-end encryption on all digital communications and forbid backdoors that enable law enforcement to access private message data. If ratified, the law would put it at odds with both the U.S. and U.K. intelligence communities.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Russia Threatens to Ban Encrypted Messaging App Telegram

Russia has threatened to block access to the Telegram messaging platform unless the company that runs the app provides more information about itself (via Sky News).

The head of communications regulator Roskomnadzor, Alexander Zharov, said repeated efforts to obtain the information had been ignored by the company and warned that "time is running out" for the app.

"There is one demand and it is simple: to fill in a form with information on the company that controls Telegram," Zharov said in an open letter. "And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information."
Telegram's non-response appears to be down to the repercussions of handing over the requested details: Doing so would effectively add it to the state regulators' registry, which would require it to retain users' chat histories and encryption keys and share them with authorities if asked, according to Russian news agency TASS.

The demand isn't the first time the Russian founders of Telegram – Kremlin, Nikolai and Pavel Durov – have failed to comply with state requests. In 2014, the Durovs refused to turn over data on Ukranian users of Vkontakte, a social network they also set up together.

Telegram claims to split its encryption keys into separate data centers around the world to ensure "no single government or block of like-minded countries can intrude on people's privacy and freedom of expression".

According to the group's policy, it can only be forced to hand over data if "an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Swiss Encrypted Email Provider Launches ProtonVPN With Free Subscription Tier

Encrypted email provider ProtonMail today launched its own VPN service called ProtonVPN, which includes a free user tier in its pricing plan.

The Swiss-based company said it had been testing its VPN service for four months with the help of over 10,000 members of the ProtonMail community, and the group was ready to make ProtonVPN available to everyone starting Tuesday.


The Proton group said they were motivated to create ProtonVPN to combat increased threats to online freedom, such as the recent repeal of Obama-era rules designed to protect consumer internet browsing history, calls by British Prime Minister Theresa May for increased online surveillance, and the attempts by the U.S. FCC to dismantle net neutrality.
"In the past year, we have seen more and more challenges against Internet freedom," said ProtonMail Co-Founder Dr. Andy Yen, "now more than ever, we need robust tools for defending privacy, security, and freedom online.

"The best way to ensure that encryption and privacy rights are not encroached upon is to get the tools into the hands of the public as soon as possible and widely distributing them," said Yen. "This is why, as with ProtonMail, we're committed to making a free version of ProtonVPN available to the world."
The group says it has worked to make the best possible VPN service by addressing many of the common pitfalls with existing VPNs. Features therefore include a Secure Core architecture that routes traffic through multiple encrypted tunnels in multiple countries to better defend against network based attacks, a no logs policy backed by Swiss law, as well as seamless integration with the Tor anonymity network. Headquartered in Switzerland, the VPN is also outside of E.U. and U.S. jurisdiction and is not a member of the fourteen eyes surveillance network.

The free tier includes servers in three countries and usage on one device, but bandwidth speeds cannot be guaranteed. The Basic tier costs $4 a month (billed as $48 a year) and includes access to all 112 ProtonVPN servers across 14 countries, high speed bandwidth, and usage on up to two devices, while the Plus tier ($8 per month/$96 per year) offers the highest bandwidth, connection on up to 5 devices, Tor servers, and access to Secure Core data networks hosted in Switzerland, Iceland, and Sweden. The Highest tier ($24 a month/$288 a year) includes a ProtonMail Visionary account.

ProtonMail began crowdfunding in May 2014 and launched in March 2016, led by a group of scientists from CERN and MIT who aimed to deliver an easy-to-use end-to-end encrypted email service with freely available open source code. Earlier this year, the team launched a Tor-based site to make ProtonMail available to users in regions under the oppression of strict state online censorship.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

EU Proposes Enforcing Data Encryption and Banning Backdoors

The European Parliament's Committee on Civil Liberties, Justice, and Home Affairs has published draft proposals that would enforce end-to-end encryption on all digital communications and forbid backdoors that enable law enforcement to access private message data.

The proposed amendment relates to Article 7 of the EU's Charter of Fundamental Rights, which says that EU citizens have a right to personal privacy, as well as privacy in their family life and at home. By extension, the "confidentiality and safety" of EU citizens' electronic communications needs to be "guaranteed" in the same manner.

Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communication.

The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e-mail, internet phone calls and messaging provided through social media.
The regulation states that the disclosure of contents in electronic communications may reveal highly sensitive information about citizens, from personal experiences and emotions to medical conditions, sexual preferences and political views, which could result in personal and social harm, economic loss or embarrassment.

In addition, the committee argues that not only the content of communications needs to be protected, but also the metadata associated with it, including numbers called, websites visited, geographical location, and the time, date, and duration of calls, which might otherwise be used to draw conclusions about the private lives of persons involved.

The regulations would apply to providers of electronic communication services as well as software providers that enable electronic communications and the retrieval of information on the internet. However, the amendment goes further by stating that the use of software backdoors by EU member states should be outlawed.
When encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited.  

Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.
The proposals appear to have been tabled in response to comments made by EU member states such as the U.K., which has argued that encrypted online channels such as WhatsApp and Telegram provide a "safe haven" for terrorists because governments governments and even the companies that host the services cannot read them.

The U.K. home secretary Amber Rudd recently claimed that it is "completely unacceptable" that authorities cannot gain access to messages stored on mobile applications protected by end-to-end encryption. A leaked draft technical paper prepared by the U.K. government was leaked shortly after Rudd's comments, containing proposals related to the removal of encryption from private communications.

The EU proposals could also put European security policy at odds with federal legislators in the U.S., who recently called on technology companies to compromise the encryption built into their mobile software. Last year, Apple and the FBI were involved in a public dispute over the latter's demands to provide a backdoor into iPhones, following the December 2015 shooter incidents in San Bernardino.

Apple said the software the FBI asked for could serve as a "master key" able to be used to get information from any iPhone or iPad - including its most recent devices - while the FBI claimed it only wanted access to a single iPhone.

The European Union proposals have to be approved by MEPs and reviewed by the EU council before the amendments can pass. It remains unclear how the laws would apply in the U.K. after Brexit, initial negotiations for which begin on Monday. 

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Apple’s Concern With User Privacy Reportedly Stifling Siri Development

Former Apple employees who worked on Siri believe the virtual assistant is struggling to catch up with its rivals because of a lack of ambitious goals stemming from the company's overarching concern with user privacy, a report by The Wall Street Journal revealed on Thursday.

Unlike Amazon and Google, which leverage and retain user data off-device to inform and enhance queries put to their respective smart speakers, Apple is said to work within a culture that prioritizes user privacy, "making it difficult to personalize and improve" Siri, according to ex-Apple employees. The project has also reportedly suffered from the departures of key members as a result, some of whom went to competitors.
About a year after [Steve] Jobs’s death, Apple hired Bill Stasior, an Amazon search executive, to oversee Siri. Mr. Stasior studied artificial intelligence at Massachusetts Institute of Technology, but his expertise was in search rather than speech or language. This led some members of the Siri team to believe he didn't fully appreciate the product's original vision: to expand beyond the iPhone to third-party apps.
Former staff reportedly offered this loss as the main reason behind the departure of Siri co-founders Adam Cheyer and Dag Kittlaus, who left to found Viv, which now powers Samsung's Bixby assistant. Apple finally started opening up Siri to third-party developers last year, but many former Siri engineers believe it didn't come soon enough, while developers still remain unhappy at the lack of openness behind the scenes.
The limited scope of Siri's commands disappointed many developers, said Brian Roemmele, a developer who attended the announcement. "People went from being happy and excited to sitting in workshops and realizing, 'I can’t use it,'" he said. "Some went back to that attitude: Siri's always going to be dumb."
According to the article, the first inkling Apple got that it was falling behind its rivals came when members of the Siri team arrived at an Amazon event in 2014.
Apple's three-year-old product had gained popularity for its ability to handle calendar appointments, text messaging and a few other simple tasks based on voice commands. Siri had no real competitors.

The outlook quickly changed as the team watched Amazon's video showing off a small, voice-controlled speaker that could play music, order products and search the web. It demonstrated Amazon had figured out how to isolate voices from background noise and have a digital assistant respond to requests from a distance — abilities Siri hadn't yet mastered.

'People at Apple's anxiety level went up a notch,' said a former member of Apple's Siri team who was there that night.
WSJ notes that Siri's performance still doesn't match Amazon's Echo or Google Home because of the collective weight of Apple's self-imposed limitations. For example, in tests across 5,000 different questions, Siri answered accurately 62 percent of the time, lagging the roughly 90 percent accuracy rate of Google Assistant and Amazon's Alexa, according to Stone Temple, a digital marketing firm.

It remains to be seen whether Apple feels it needs to compete on these specific AI metrics, or if it sees a future for Siri in other areas, such as linguistics – Siri works across 21 language, while Alexa and Google Assistant only speak English and German.

During this week's Worldwide Developers Conference, Apple announced a number of forthcoming enhancements to Siri with iOS 11, including live language translation, contextual query comprehension, and an ability to learn a user's interests. It also unveiled its own Siri-powered premium smart speaker, HomePod, but emphasized sound quality and music enjoyment over the general intelligence of its virtual assistant, which some might say speaks volumes as to Apple's future ambitions in the AI space.

Tags: Siri, privacy

Discuss this article in our forums

iOS 11 Users to Gain More Control Over Apps’ Use of Location Services

Users of iOS 11 will be able to restrict the gathering of location data by any third-party app so that it can only access the device's location status when the app is in use.

Previously the security setting only applied to certain apps that chose to offer it – as well as to developers wanting to test their own app's use of location data – but it appears Apple is extending the setting for any installed app in iOS 11, potentially handing an additional element of privacy back to the end user.


The new setting in iOS 11 should come as a welcome change for many, given that the use of device location data by some apps has been a point of controversy. For example, Uber has been criticized for forcing users to grant its app full access to location services whether it is open or not, which has been construed by some as creepy or invasive location gathering.

The new setting should also improve the battery life of devices that update to iOS 11, since it puts a limit on the amount of time GPS is activated by apps in the background.

(Via TechCrunch.)

Related Roundup: iOS 11
Tags: privacy, Uber

Discuss this article in our forums