Facebook Announces Series of Updates Aimed at Improving User Privacy

Facebook this week has detailed how it plans to give its users "more control" of their privacy on the mobile and desktop versions of the social network. One of the major new additions is described as a "privacy center" that will provide simple tools to manage privacy and combine all core privacy settings into one easy-to-find interface.

In order to explain how to use these features to its users, the company today is rolling out educational videos in its News Feed centering upon topics like "how to control what information Facebook uses to show you, how to review and delete old posts, and even what it means to delete your account." This marks the first time that Facebook shared its privacy principles with its users, stating that the updates "reflect core principles" it has maintained on privacy over the years.

As pointed out by TechCrunch, Facebook's planned rollout of beefed up privacy features comes ahead of a May 25 deadline for compliance with the General Data Protection Regulation (GDPR) in the EU. The GDPR's goal is to give citizens back control over their personal data while "simplifying" the regulatory environment for business, essentially affecting "any entities processing the personal data of EU citizens."
Under GDPR, the new game Facebook will need to play is gaming trust: Which it to say that it will need to make users feel they trust its brand to protect their privacy and therefore make them feel happy to consent to the company processing their data (rather than asking it to delete it). So PR and carefully packaged info-messaging to users is going to be increasingly important for Facebook’s business, going forward.
While all Facebook users will gain access to the updates, beginning today users in Europe will get reminders pushed out to them to take part in the network's existing privacy check-up feature. In terms of the new privacy center, Facebook didn't offer any specifics as to when it will launch and if the controls offered to users will be the same in the United States as they are in Europe. Another part of Facebook's plan is to run data protection workshops for small and medium businesses -- again focused on a launch in Europe -- that will center upon the GDPR.

Earlier in January, Facebook CEO Mark Zuckerberg announced a major change coming to the News Feed, which aims to cut down on the content displayed from publishers and instead highlight more content from family and friends. The update was described as a way to have more "meaningful social interactions" on Facebook by reducing the amount of posts from businesses, brands, and media.


Discuss this article in our forums

DuckDuckGo Launches Redesigned Privacy Browser Extension and Mobile App With Anti-Tracking Features

Privacy oriented search engine DuckDuckGo today launched revamped versions of its browser extension and standalone mobile app, promising users seamless built-in tracker network blocking and smarter encryption.

The headline feature in both the DuckDuckGo browser extension and mobile app is a Privacy Grade rating (A-F) information card whenever a user visits a site. The rating aims to let them see at a glance how protected they are, while providing additional options to dig deeper into the details of blocked tracking attempts.


The generated Privacy Grade score for a website is based on the prevalence of hidden tracker networks, encryption availability, and any existing privacy practices, according to the internet privacy company.
The vast majority of websites across the Internet contain hidden tracker networks, with Google trackers now lurking behind 76% of pages, Facebook’s trackers on 24% of pages, and countless others soaking up your personal information to follow you with ads around the Web, or worse. Our Privacy Protection will block all the hidden trackers we can find, exposing the major advertising networks tracking you over time, so that you can track who's trying to track you.
Together, the privacy rating and tracking breakdowns aim to provide a more effective solution than installing multiple add-ons and apps on each device, while offering a more upfront level of privacy than common private browsing modes. Elsewhere, a new encryption protection feature automatically sends users to an encrypted version of a website when available, rather than defaulting to a non-encrypted version.

As expected, the new software releases also include DuckDuckGo's private search engine by default. The updated macOSbrowser extension is available now for Safari, Firefox, and Chrome, with the mobile iOS app a free download from the App Store. For further details on privacy measures implemented in the new releases, check out the DuckDuckGo website.

Tag: privacy

Discuss this article in our forums

Ad Firms Hit Hard by Apple’s Intelligent Tracking Prevention Feature in Safari

Internet ad firms are losing out on "hundreds of millions of dollars" following the implementation of anti-tracking features introduced to Safari with iOS 11 and macOS High Sierra, reports The Guardian.

One of the largest advertising firms, Criteo, announced in December that Intelligent Tracking Prevention could have a 22 percent net negative impact on its 2018 revenue projections. Other advertising firms could see similar losses, according to Dennis Buchheim of the Interactive Advertising Bureau.
"We expect a range of companies are facing similar negative impacts from Apple's Safari tracking changes. Moreover, we anticipate that Apple will retain ITP and evolve it over time as they see fit," Buchheim told the Guardian.
Intelligent Tracking Prevention techniques were introduced in iOS 11 and in Safari 11 in macOS High Sierra 10.13, both of which were released back in September. Intelligent Tracking Prevention is designed to stop companies from invasively tracking customer web browsing habits across websites. Intelligent Tracking Prevention does not block ads -- it simply prevents websites from being able to track users' browsing habits without their permission.

Shortly after the launch of the two new operating systems, advertising groups asked Apple to "rethink" its position and its decision to block cross-site tracking, arguing that Apple would "sabotage the economic model for the internet."

An open letter signed by the Data and Marketing Association and the Network Advertising Initiative said the collective digital advertising community was "deeply concerned" because Apple's cross-site tracking prevention is "bad for consumer choice." "Blocking cookies in this manner will drive a wedge between brands and their customers, and it will make advertising more generic and less timely and useful," read the letter.

In response, Apple defended cross-site tracking and said its customers "have a right to privacy." From Apple in September:
Ad tracking technology has become so pervasive that it is possible for ad tracking companies to recreate the majority of a person's web browsing history. This information is collected without permission and is used for ad re-targeting, which is how ads follow people around the Internet. The new Intelligent Tracking Prevention feature detects and eliminates cookies and other data used for this cross-site tracking, which means it helps keep a person's browsing private.
There was initially an Intelligent Tracking Prevention workaround that companies like Criteo were using following the launch of iOS 11, but as mentioned in Criteo's announcement, Apple closed that loophole with the introduction of iOS 11.2.

Ad company Criteo says that it is working to circumvent Intelligent Tracking Prevention with an "alternative sustainable solution for the long term" that will align the interests of Apple users, publishers, and advertisers, but it's unclear whether Apple and its customers will find any cross-site tracking feature to be acceptable.

Apple customers who are running iOS 11 and macOS High Sierra can double check to make sure Intelligent Tracking Prevention is enabled on their devices.

In iOS 11, the toggle to disable cross-site tracking can be accessed by going to Settings --> Safari --> Prevent Cross-Site Tracking. With macOS High Sierra, the feature can be activated by going to the Preferences section of the Safari app, choosing Privacy, and then checking "Prevent Cross-Site Tracking."


Discuss this article in our forums

Apple Launches New Consumer-Friendly Privacy Site

Apple this morning launched a revamped and redesigned Privacy website designed to make its privacy policies more accessible to consumers.

The new site better outlines how Apple's commitment to privacy benefits users through concrete examples of features like Apple Pay and an iPhone's passcode, and it explains how Apple uses encryption, Differential Privacy, and strict app guidelines to protect users.


Apple has a section on the new privacy site that cover all of its apps and features, including iMessage, Apple Pay, Health, Analytics, Safari, iCloud, CarPlay, Education, Photos, Siri, Apple Music, News, Maps, and more.

It's incredibly detailed and explains the security measures and privacy features built into each and every feature.


There's also a new feature on how to secure devices with a passcode and Touch ID, and how to keep your Apple ID safe with a strong password, two-factor authentication, and an awareness of scams and phishing attempts. It explains how these features work, and beyond that, why customers should want to use them.


Apple has long had a transparent privacy policy and has outlined all of its privacy practices on its website, but this new site does so in a way that's easier for customers to understand and digest in just a few minutes. For anyone who has a question about one of Apple's products, the new site is worth checking out.

Tag: privacy

Discuss this article in our forums

Telegram Encrypted Chat App Gains Self-Destructing Video and Photo Messages

Encrypted messaging app Telegram received an update on Sunday that makes it the latest chat platform to embrace Snapchat-style disappearing messages.

Up until now, Telegram users have only been able to send text-based "secret chats" that self-delete, but in version 4.2 of the app they can now share videos and photos armed with a self-destruct timer.


Timers are set using the clock icon in the media picker and can be anything up to one minute long. The countdown starts the moment the recipient opens the photo or video that's sent, and the sender is notified if the recipient tries to take a screenshot of the disappearing media.

Elsewhere in the update, there's an improved photo editor and a speed boost for media downloads from large public channels, thanks to new encrypted content delivery networks.

Lastly, users can now add a bio to their profile in settings, so that people in large group chats know who they are. Telegram is a free download for iPhone and iPad from the App Store. [Direct Link]


Discuss this article in our forums

Changes to iCloud Put Apple on Collision Course With Governments Seeking Access to Encrypted Messages

Apple has sent its top privacy executives to Australia twice in the past month to lobby government officials over proposed new laws that would require companies to provide access to encrypted messages.

According to the Sydney Morning Herald, Apple privacy advocates met with attorney general George Brandis and senior staff in Prime Minister Malcolm Turnbull's office on Tuesday to discuss their concerns about the legal changes, which could compel tech companies to provide decryption keys to allow access to secure communications such as that provided by WhatsApp and iMessage.

Apple has consistently argued against laws that would require tech companies to build so-called "back doors" into their software, claiming that such a move would weaken security for everyone and simply make terrorists and criminals turn to open-source encryption methods for their digital communications.

While Apple's position is clear, the Turnbull government has yet to clarify exactly what it expects tech companies to give up as part of the proposals. A source familiar with the discussions said that the government explicitly said it did not want a back door into people's phones, nor to weaken encryption.

However, given that encrypted services like WhatsApp and iMessage do not possess private keys that would enable them to decrypt messages, a back door would seem the only alternative. "If the government laid a subpoena to get iMessages, we can't provide it," CEO Tim Cook said in 2014. "It's encrypted and we don't have a key."

As it happens, Cook's comment only applies to iMessages that aren't backed up to the cloud: Apple doesn't have access to messages sent between devices because they're end-to-end encrypted, but if iCloud Backup is enabled those messages are encrypted on Apple's servers using an encryption key that the company has access to and could potentially provide to authorities.

However, Apple is moving in the same direction as WhatsApp and Telegram to make encryption keys entirely private. As announced at WWDC in June, macOS High Sierra and iOS 11 will synchronize iMessages across devices signed into the same account using iCloud and a new encryption method that ensures the keys stay out of Apple's hands.

As senior VP of software Craig Federighi noted in interview with Daring Fireball's John Gruber, even if users store information in the cloud, "it's encrypted with keys that Apple doesn't have. And so they can put things in the cloud, they can pull stuff down from the cloud, so the cloud still serves as a conduit — and even ultimately a kind of a backup for them — but only they can read it."

How this will play out in Apple's discussions with the Australian government – and indeed other governments in the "Five Eyes" intelligence sharing network seeking similar access to encrypted communications – is anything but clear. According to sources, Apple and the Turnbull government are taking a collaborative approach in the discussions, but previous statements by officials imply a tougher stance behind the scenes.

Last week, Senator Brandis said the Australian government would work with companies such as Apple to facilitate greater access to secure communications, but warned that "we'll also ensure that the appropriate legal powers, if need be, as a last resort, coercive powers of the kind that recently were introduced into the United Kingdom under the Investigatory Powers Act... are available to Australian intelligence and law enforcement authorities as well".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Encrypted Chat App Telegram to Remove Terrorist Content Following Ban Threat in Indonesia

Telegram is to form a team of moderators to remove terrorist-related content from the encrypted messaging platform in Indonesia, after the country's government threatened to ban the app.

Indonesia's Ministry of Communications and Information Technology has already blocked access to the web version of the chat platform, citing concerns that it was being used to spread "radical and terrorist propaganda" in the country, according to Reuters.

"This has to be done because there are many channels on this service that are full of radical and terrorist propaganda, hatred, ways to make bombs, how to carry out attacks, disturbing images, which are all in conflict with Indonesian law," the communications ministry said in a statement on its website.
Telegram co-founder Pavel Durov said on Sunday that the service had blocked channels reported by the government and that it would take further action to remove the illegal content.
"We are forming a dedicated team of moderators with knowledge of Indonesian culture and language to be able to process reports of terrorist-related content more quickly and accurately," Durov said in a Telegram post quoted by Associated Press.
Telegram has been criticized by governments before for its use by terrorist groups to spread propaganda and recruit members. Last month Telegram agreed to provide basic information about the company to Russia after authorities threatened to block access to the service.

Despite pressure from governments, Telegram's founders have refused to bow to demands for backdoors into the platform for authorities to access encrypted messages, arguing that security and privacy are central tenets of the service.

Speaking to The Wall Street Journal on Sunday, Durov said Telegram is "heavily encrypted and privacy-oriented, but we're no friends of terrorists – in fact, every month we block thousands of ISIS-related public channels".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Australia to Push for Greater Powers on Encrypted Messaging at ‘Five eyes’ Meeting

Australia is set to push for greater international powers to thwart the use of encrypted messaging services by terrorists and criminals, according to reports on Sunday (via Reuters).

The topic will be addressed this week at a meeting of officials from the "Five Eyes" intelligence sharing network, which includes the U.S., the U.K, Canada, Australia, and New Zealand.

Australia claimed the increasing use of strong encryption on smartphones and other devices was hindering law enforcement's capacity to gather and act on intelligence, and said it wants tech companies to do much more to give intelligence and law enforcement agencies access to encrypted communications.

Security experts and privacy groups regularly argue that any such methods would simply weaken overall security for everyone.
"I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption," Australian Attorney General Senator Brandis said in a joint statement.

"These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies."
The announcement followed the U.K. government's recent statement of intent to pressure technology companies to do more to put an end to the "safe spaces" that the internet offers extremists. The country has also called for measures to "regulate cyberspace", following terror attacks in the country.

In related news, a leaked draft technical paper prepared by the U.K. government states that technology companies would be required to remove encryption from private communications and provide the raw data "in an intelligible form" without "electronic protection". However, it's not clear if the Conservatives still intend to pursue these powers after recent elections left the party with a minority government and a diminished mandate.

Last year Apple refused requests from the FBI to break the security of its mobile software, following the recovery of an iPhone used by the San Bernardino shooter. Apple argued the FBI's request would set a "dangerous precedent" with serious implications for the future of smartphone encryption. The dispute ended after the government found an alternate way to access the data on the iPhone through the help of professional hackers.

Last week, the European Union published draft proposals that would enforce end-to-end encryption on all digital communications and forbid backdoors that enable law enforcement to access private message data. If ratified, the law would put it at odds with both the U.S. and U.K. intelligence communities.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Russia Threatens to Ban Encrypted Messaging App Telegram

Russia has threatened to block access to the Telegram messaging platform unless the company that runs the app provides more information about itself (via Sky News).

The head of communications regulator Roskomnadzor, Alexander Zharov, said repeated efforts to obtain the information had been ignored by the company and warned that "time is running out" for the app.

"There is one demand and it is simple: to fill in a form with information on the company that controls Telegram," Zharov said in an open letter. "And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information."
Telegram's non-response appears to be down to the repercussions of handing over the requested details: Doing so would effectively add it to the state regulators' registry, which would require it to retain users' chat histories and encryption keys and share them with authorities if asked, according to Russian news agency TASS.

The demand isn't the first time the Russian founders of Telegram – Kremlin, Nikolai and Pavel Durov – have failed to comply with state requests. In 2014, the Durovs refused to turn over data on Ukranian users of Vkontakte, a social network they also set up together.

Telegram claims to split its encryption keys into separate data centers around the world to ensure "no single government or block of like-minded countries can intrude on people's privacy and freedom of expression".

According to the group's policy, it can only be forced to hand over data if "an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Swiss Encrypted Email Provider Launches ProtonVPN With Free Subscription Tier

Encrypted email provider ProtonMail today launched its own VPN service called ProtonVPN, which includes a free user tier in its pricing plan.

The Swiss-based company said it had been testing its VPN service for four months with the help of over 10,000 members of the ProtonMail community, and the group was ready to make ProtonVPN available to everyone starting Tuesday.


The Proton group said they were motivated to create ProtonVPN to combat increased threats to online freedom, such as the recent repeal of Obama-era rules designed to protect consumer internet browsing history, calls by British Prime Minister Theresa May for increased online surveillance, and the attempts by the U.S. FCC to dismantle net neutrality.
"In the past year, we have seen more and more challenges against Internet freedom," said ProtonMail Co-Founder Dr. Andy Yen, "now more than ever, we need robust tools for defending privacy, security, and freedom online.

"The best way to ensure that encryption and privacy rights are not encroached upon is to get the tools into the hands of the public as soon as possible and widely distributing them," said Yen. "This is why, as with ProtonMail, we're committed to making a free version of ProtonVPN available to the world."
The group says it has worked to make the best possible VPN service by addressing many of the common pitfalls with existing VPNs. Features therefore include a Secure Core architecture that routes traffic through multiple encrypted tunnels in multiple countries to better defend against network based attacks, a no logs policy backed by Swiss law, as well as seamless integration with the Tor anonymity network. Headquartered in Switzerland, the VPN is also outside of E.U. and U.S. jurisdiction and is not a member of the fourteen eyes surveillance network.

The free tier includes servers in three countries and usage on one device, but bandwidth speeds cannot be guaranteed. The Basic tier costs $4 a month (billed as $48 a year) and includes access to all 112 ProtonVPN servers across 14 countries, high speed bandwidth, and usage on up to two devices, while the Plus tier ($8 per month/$96 per year) offers the highest bandwidth, connection on up to 5 devices, Tor servers, and access to Secure Core data networks hosted in Switzerland, Iceland, and Sweden. The Highest tier ($24 a month/$288 a year) includes a ProtonMail Visionary account.

ProtonMail began crowdfunding in May 2014 and launched in March 2016, led by a group of scientists from CERN and MIT who aimed to deliver an easy-to-use end-to-end encrypted email service with freely available open source code. Earlier this year, the team launched a Tor-based site to make ProtonMail available to users in regions under the oppression of strict state online censorship.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums