We’ve all used Chrome’s Incognito Mode at some point (for various reasons). But you might not know it’s never been as “incognito” as you think. Fortunately, Google’s about to delete all the data they stored.
TalkAndroid
The House of Representatives approved a measure targeting data brokers’ ability to sell Americans’ personal data to “adversary” countries, like Russia, China, Iran and North Korea. The Protecting Americans’ Data from Foreign Adversaries Act passed with a unanimous 414 – 0 vote.
The bill, which was introduced alongside a measure that could force a ban or sale of TikTok, would prohibit data brokers from selling Americans’ “sensitive” data to people or entities in “adversary” countries. Much like a recent executive order from President Joe Biden targeting data brokers, the bill specifically covers geolocation, financial, health, and biometric data, as well as other private information like text logs and phone call history.
If passed — the bill will need Senate approval before landing on Biden’s desk — it would represent a significant check on the relatively unregulated data broker industry. US officials have previously warned that China and other geopolitical rivals of the United States have already acquired vast troves of Americans’ information from brokers and privacy advocates have long urged lawmakers to regulate the multibillion-dollar industry.
The bill is the second major piece of bipartisan legislation to come out of the House Energy and Commerce this month. The committee previously introduced the “Protecting Americans from Foreign Adversary Controlled Applications Act,” which would require TikTok to divest itself from parent company ByteDance or face a ban in the US. In a statement, Representatives Frank Pallone and Cathy McMorris Rodgers, said that the latest bill “builds” on their work to pass the measure targeting TikTok. “Today’s overwhelming vote sends a clear message that we will not allow our adversaries to undermine American national security and individual privacy by purchasing people’s personally identifiable sensitive information from data brokers,” they said.
This article originally appeared on Engadget at https://www.engadget.com/house-passes-bill-that-would-bar-data-brokers-from-selling-americans-personal-information-to-adversary-countries-004735748.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
When you take a picture with your iPhone, chances are it’s saving your location data with each photo. What if you want to remove this info?
Digital Trends
The Department of Defense sent a data breach notification letter to thousands of current and former employees alerting that their personal information had been leaked, DefenseScoop reported on Tuesday. While the department first detected the incident in early 2023, the notifications didn’t begin to go out until earlier this month. More than 20,000 individuals appear to be affected by the breach.
The letter explains that emails messages were “inadvertently exposed to the internet” by a Defense Department “service provider.” The emails contained personally identifiable information. While the agency doesn’t clarify what type of information, PII generally ranges from information like social security numbers, home address or other sensitive details. “While there is no evidence to suggest that your PII was misused, the department is notifying those individuals whose PII may have been breached as a result of this unfortunate situation,” the letter says. It urges affected parties to sign up for identity theft protection.
According to TechCrunch, the breach stems from an unsecured cloud email server that leaked sensitive emails onto the web. The Microsoft server, which was likely misconfigured, could be accessed from the internet without so much as a password.
“As a matter of practice and operations security, we do not comment on the status of our networks and systems. The affected server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues that resulted in the exposure,” the Department of Defense said in a statement. “DOD continues to engage with the service provider on improving cyber event prevention and detection. Notification to affected individuals is ongoing.”
This article originally appeared on Engadget at https://www.engadget.com/defense-department-alerts-over-20000-employees-about-email-data-breach-164528056.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Apple’s Stolen Device Protection is a new feature that protects iPhone data and makes it harder for thieves to wreak havoc. Introduced in iOS 17.3, the feature requires a combination of Face ID (or Touch ID) scans and time delays before using payment features or changing account security when the device is away from familiar locations. Here’s precisely how Stolen Device Protection works.
Stolen Device Protection takes a bad situation — someone stealing your iPhone — and reduces the chance of it spiraling into something much worse. When activated, the feature will prompt you to perform a biometric scan (Face ID or Touch ID) when you’re away from familiar locations, like home or work. In those situations, it won’t allow you (or an iPhone snatcher) to use your passcode as a backup method. It also incorporates time delays for some security-related features.
The tool may have been inspired by a Wall Street Journal report from early 2023 about an increasingly common practice of thieves spying on users while entering their passcode — right before snatching the phone and taking off.
If the perp has both the phone and its passcode (without Stolen Device Protection activated), they could reset the Apple ID password, turn off Find My, possibly steal payment info or passwords and factory reset the iPhone. If they’re experts, they could theoretically do all that within minutes (if not seconds) before you can log onto Find My and report your device as lost.
With Stolen Device Protection turned on, a thief in the same situation would be largely stymied. Requiring Face ID or Touch ID and time delays would prevent them from accessing your passwords and payment information, changing security features (to lock you out and further hijack your device) and factory resetting it. This gives you precious time to find another device, report your phone as lost in Find My, change your password and file a police report.
Stolen Device Protection requires a biometric (Face ID / Touch ID) scan — without the passcode as a backup option — for the following situations when your phone is away from your familiar locations:
Turning off Lost Mode
Performing a factory reset (“Erase all content and settings”)
Using or stealing saved passwords or passkeys for online accounts
Using payment methods saved for “autofill” in Safari
Using your phone to activate a new Apple device (Quick Start)
Viewing your Apple Card’s virtual card number
Applying for a new Apple Card
“Certain Apple Cash and Savings actions in Wallet” (examples include transferring money to or from Apple Cash or Savings)
In addition, the following actions require an extra time delay. With Stolen Device Protection activated, if someone away from your familiar locations tried to do anything on the list below, they would have to perform a Face ID (or Touch ID) scan, wait an hour and authenticate again with a second biometric scan:
Turning off Find My
Turning off Stolen Device Protection
Changing your Apple ID password
Signing out of your Apple ID
Adding or removing Face ID or Touch ID
Changing your phone’s passcode
Changing Apple ID account security (examples include creating a Recovery Key / Recovery Contact or adding / removing a trusted device)
Resetting all the phone’s settings
One thing missing from the list is Apple Pay. Someone with your stolen iPhone and passcode could still make Apple Pay purchases using only your passcode, which isn’t ideal.
Before activating the feature, make sure your device is updated to iOS 17.3 (or higher). Head to Settings > General > Software Update on your iPhone to check for updates and ensure you’re on the latest software. (If your device is stuck on pre-iOS 17 software and won’t update past that, your model is too old to run the latest software.)
Once you’re running (at least) iOS 17.3, do the following on your iPhone:
Open the Settings app
Scroll down and tap Face ID & Passcode (it will be called Touch ID & Passcode on older models and the iPhone SE)
Enter your passcode
Scroll down until you see Stolen Device Protection
Tap Turn On Protection
If you ever want to deactivate the feature, follow the same steps — except you’d tap Turn Off Protection in step five. It would perform a Face ID or Touch ID scan to confirm the change.
For more on the latest iPhone features, you can check out Engadget’s review of the latest models and our in-depth review of iOS 17.
This article originally appeared on Engadget at https://www.engadget.com/how-to-turn-on-stolen-device-protection-on-your-iphone-to-secure-your-data-182721345.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Resetting an iPhone can alleviate software woes and wipe personal data. Here’s how to factory reset an iPhone whenever you need to.
Digital Trends
Consumer Reports has published an extensive ranking of vehicle reliability, and the results pour cold water on the dependability of EVs and plug-in hybrids. The survey says electric vehicles suffer from 79 percent more maintenance issues than gas- or diesel-powered ones, while plug-in hybrids have 146 percent more problems. The troubles portray the industry’s growing pains with the relatively new technology as the planet sets record temperatures, and scientists warn of rapidly approaching deadlines to thwart global climate catastrophe.
The survey polled CR’s members about issues with their rides from the past year, gathering data on 330,000 vehicles. The publication’s data included models from 2000 to 2023, alongside a few (early launched) 2024 models. CR studied 20 “trouble areas,” including relatively minor issues like squeaky brakes or a broken interior trim and more problematic ones related to the transmission, engine or EV battery. The number of potential trouble areas varies by type: internal combustion engine (ICE) vehicles have 17, EVs have 12, traditional hybrids have 19 and plug-in hybrids have all 20.
The publication combined the data with its own track testing, owner satisfaction survey results and safety info. It then averaged it to assign each brand a numerical score (out of 100).
Non-plugin hybrids scored well, with the survey indicating they suffer from 26 percent fewer issues than gas- and diesel-powered vehicles. CR highlighted the most reliable brands in that space, including the Lexus’ UX and NX Hybrid and Toyota’s Camry Hybrid, Highlander Hybrid and RAV4 Hybrid.
If only plug-in hybrids (PHEV) could enjoy those ratings. Instead, their longer list of trouble spots led to 146 percent more problems than traditional gas-powered vehicles. Lowlights include the Chrysler Pacifica, which scored an abysmal 14 out of 100, and Audi Q5. However, several PHEVs defied the category’s expectations, including “standouts” like the Toyota RAV4 Prime and Kia Sportage. Several others, including the BMW X5, Hyundai Tucson and Ford Escape, scored “average” in reliability.
Fully electric cars and SUVs, the vehicles many automakers aim to fill their dealership lots with by 2030, have mediocre average scores: 44 and 43, respectively. Electric pickups, the newest technology in the bunch, perhaps unsurprisingly scored worse with an average of 30.
Lexus came out on top among EV brands. All but one of its models scored above average or better in CR’s ratings. And the lone exception, the NX, still had an average score. Toyota also did well, including the 4Runner SUV, which CR describes as “among the most reliable models in the survey.” However, its electric Tundra pickup scored poorly. Other EVs with above-average scores include Acura’s RDX and TLX.
Once practically synonymous with electric vehicles, Tesla had overall scores in the middle of the pack (alongside brands like Chevrolet, Buick, Ram, Cadillac and Dodge). CR says the Elon Musk-led company’s EV powertrains tend to fare better than those from traditional automakers. However, Ars Technica notes the company’s reliability scores struggled more with things like bodywork, paint / trim and climate systems.
Regionally speaking, Asian automakers enjoyed the highest average scores in the survey at a healthy 63. European companies were second with an average of 46, while US brands slumped with a somewhat disappointing score of 39.
This article originally appeared on Engadget at https://www.engadget.com/evs-are-way-more-unreliable-than-gas-powered-cars-consumer-reports-data-indicates-212216581.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Google is about to begin deleting inactive Google accounts, meaning you could lose valuable data. Here’s what you need to do to keep your account.
Digital Trends
Biotech company 23andMe, known for its DNA testing kits, confirmed to BleepingComputer that its user data is circulating on hacker forums. The company said the leak occurred through a credential-stuffing attack.
A credential-stuffing attack involves user information that has already been compromised (usernames and passwords, for example) from one organization, which a hacker obtains and attempts to reuse with a second organization — in this case, 23andMe. Because of the nature of credential-stuffing, it does not appear this was a breach of the company’s internal systems. Rather, accounts were broken into piecemeal. The perpetrators of this attack appear to have obtained quite sensitive information from the compromised accounts (genetic testing results, photos, full names and geographical location, among other things).
The initial leak comprised “1 million lines of data for Ashkenazi people,” according to BleepingComputer. By October 4, data was being offered for sale in bulk, in increments of 100, 1,000, 10,000 or 100,000 profiles. The scale of the attack is as yet unknown, but the scope of its impact has likely been exacerbated by 23andMe’s ‘DNA Relatives’ feature. “Relatives are identified by comparing your DNA with the DNA of other 23andMe members who are participating in the DNA Relatives feature,” the company states. After accessing an unknown number of profiles via credential-stuffing, the threat actor behind this breach apparently scraped the ‘DNA Relatives’ results for those profiles, netting much more sensitive data. According to the same FAQ page, “The number of relatives listed [..] grows over time as more people join 23andMe.” For the fiscal year 2023, the company reported it “genotyped” around 14 million customers.
Ever since 23andMe went public in 2021, the company has faced extra scrutiny for its data protection practices — rightly so, since it deals with sensitive medical data derived from saliva sampling, including predispositions for diseases like Alzheimer’s, Type 2 diabetes and even cancer. On its website the company claims it “exceeds” data protection standards for its industry.
This article originally appeared on Engadget at https://www.engadget.com/23andme-user-data-breached-in-credential-stuffing-attack-231757254.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
T-Mobile is back in the news and yes, the carrier has once again experienced issues trying to protect its customer’s data. After numerous reports by Uncarrier subscribers saying that they were seeing other subscriber’s data in the T-Mobile app, rather than yet another data breach causing by a cyberattack the carrier is saying that it […]
Come comment on this article: T-Mobile claims its latest data leak isn’t caused by a cyberattack
After testing it for almost a year, Intel has finally unveiled the new Thunderbolt 5 connectivity standard which brings a number of new features and improvements over its predecessor. With up to 80Gbps of bi-directional bandwidth, support for up to 3 x 4K monitors with 144Hz refresh rate, and compatible with USB4 V2, Thunderbolt 5 […]
Come comment on this article: Intel’s new Thunderbolt 5 standard promises faster charging, speedier data transfers, and support for 540Hz displays
On the surface, ChatGPT might seem like a tool that can come in useful for an array of work tasks. But before you ask the chatbot to summarize important memos or check your work for errors, it's worth remembering that anything you share with ChatGPT could be used to train the system and perhaps even pop up in its responses to other users. That's something several Samsung employees probably should have been aware of before they reportedly shared confidential information with the chatbot.
Soon after Samsung's semiconductor division started allowing engineers to use ChatGPT, workers leaked secret info to it on at least three occasions, according to The Economist Korea (as spotted by Mashable). One employee reportedly asked the chatbot to check sensitive database source code for errors, another solicited code optimization and a third fed a recorded meeting into ChatGPT and asked it to generate minutes.
Reports suggest that, after learning about the security slip-ups, Samsung attempted to limit the extent of future faux pas by restricting the length of employees' ChatGPT prompts to a kilobyte, or 1024 characters of text. The company is also said to be investigating the three employees in question and building its own chatbot to prevent similar mishaps. Engadget has contacted Samsung for comment.
ChatGPT's data policy states that, unless users explicitly opt out, it uses their prompts to train its models. The chatbot's owner OpenAI urges users not to share secret information with ChatGPT in conversations as it's “not able to delete specific prompts from your history.” The only way to get rid of personally identifying information on ChatGPT is to delete your account — a process that can take up to four weeks.
The Samsung saga is another example of why it's worth exercising caution when using chatbots, as you perhaps should with all your online activity. You never truly know where your data will end up.
This article originally appeared on Engadget at https://www.engadget.com/three-samsung-employees-reportedly-leaked-sensitive-data-to-chatgpt-190221114.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
T-Mobile revealed on Thursday that a data breach earlier this month impacted around 37 million T-Mobile customers accounts.
Digital Trends
Last September Getty Images banned the inclusion of AI-generated works in its commercial database over copyright concerns. On Tuesday, Getty Images announced that it is suing Stability AI, maker of the popular AI art tool Stable Diffusion, in a London court over alleged copyright violations.
"It is Getty Images’ position that Stability AI unlawfully copied and processed millions of images protected by copyright and the associated metadata owned or represented by Getty Images absent a license to benefit Stability AI’s commercial interests and to the detriment of the content creators," Getty Images wrote in a press statement released Tuesday. "Getty Images believes artificial intelligence has the potential to stimulate creative endeavors."
"Getty Images provided licenses to leading technology innovators for purposes related to training artificial intelligence systems in a manner that respects personal and intellectual property rights," the company continued. "Stability AI did not seek any such license from Getty Images and instead, we believe, chose to ignore viable licensing options and long‑standing legal protections in pursuit of their stand‑alone commercial interests."
The details of the lawsuit have not been made public, though Getty Images CEO Craig Peters told The Verge, that charges would include copyright and site TOS violations like web scraping. Furthermore, Peters explained that the company is not seeking monetary damages in this case so as much as it is hoping to establish a favorable precedent for future litigation.
Text-to-image generation tools like Stable Diffusion, Dall-E and Midjourney don't create the artwork that they produce in the same way people do — there is no imagination from which these ideas can spring forth. Like other generative AI, these tools are trained to do what they do using massive databases of annotated images — think, hundreds of thousands of frog pictures labelled "frog" used to teach a computer algorithm what a frog looks like.
And why go through the trouble of assembling and annotating a database of your own when there's an entire internet's worth of content there for the taking? AI firms like Clearview and Voyager Labs have already tried and been massively, repeatedly fined for scraping image data from the public web and social media sites. An independent study conducted last August concluded that a notable portion of Stable Diffusion's data was likely pulled directly from the Getty Images site, in part as evidenced by the art tool's habit of recreating the Getty watermark.
German researchers who purchased biometric capture devices on eBay found sensitive US military data stored on the machine’s memory cards. According to The New York Times, that included fingerprints, iris scans, even photographs, names and descriptions of the individuals, mostly from Iraq and Afghanistan. Many individuals worked with the US army and could be targeted if the devices fell into the wrong hands, according to the report. One device was purchased at a military auction, and the seller said they were unaware that it contained sensitive data. There was an easy solution too: The US military could have eliminated the risk by simply removing or destroying the memory cards before selling them.
– Mat Smith
Razzmatazz review: A delightful (and delightfully pink) drum machine
LG's 2023 soundbars offer Dolby Atmos and wireless TV connections
What we bought: The standing desk I chose after a lot of research
Workers at Proletariat, a Boston-based studio Blizzard bought earlier this year, announced they recently filed for a union election with the National Labor Relations Board (NLRB). Proletariat is the third Activision Blizzard studio to announce a union drive in 2022. However, past campaigns at Raven Software and Blizzard Albany involved the quality assurance workers at those studios – the effort at Proletariat includes all non-management workers. The employees at Proletariat say they aim to preserve the studio’s “progressive, human-first” benefits, including its flexible paid time off policy and robust healthcare options. Additionally, they want to protect the studio from crunch – compulsory overtime during game development.
LG is taking a more minimalist approach to its kitchen appliances in 2023, with less showy profiles, colors and, seemingly, controls. While we’re not getting a close-up look at all the dials and buttons yet, the appliances look restrained compared to previous years’ models. In the past, we’ve seen a washing machine whose flagship feature was an entire extra washing machine. There was also a dryer that had two doors. Just because. LG says it’s used recycled materials across multiple machine parts, adding that its latest appliances also require fewer total parts and less energy than typical kitchen appliances. This would dovetail with the company’s announcements at the start of the year, where LG said it would offer upgradability for its home appliances. So far, that’s included new filters for certain use cases and software upgrades with new washing programs for laundry machines.
TikTok is now banned on any device owned and managed by the US House of Representatives, according to Reuters. The House's Chief Administrative Officer (CAO) reportedly told all lawmakers and their staff in an email that they must delete the app from their devices, because it's considered "high risk due to a number of security issues." Further still, everyone detected to have the social networking application on their phones would be contacted to make sure it's deleted.
LG may not make smartphones anymore, but it's still building components for them. The company's LG Innotek arm just unveiled a periscope-style true optical zoom camera module with a 4-9 times telephoto range. Most smartphone cameras use hybrid zoom setups that combine certain zoom ranges (typically 2x, 3x, 10x, etc.) with a digital zoom to fill in between those (2.5x, 4.5x, etc.), leading to reduced detail. LG's "Optical Zoom Camera," however, contains a zoom actuator with movable components, like a mirrorless or DSLR camera. That would help retain full image quality through the entire zoom range, while potentially reducing the size and number of modules required. Could this mean the death of the camera bump?
Some Florida residents may be keeping a close eye on their finances after a security incident. Researcher Kamran Mohsin tellsTechCrunch that Florida’s Department of Revenue website had a flaw that exposed hundreds of filers’ bank account and Social Security numbers. Anyone who logged in to the state business tax registration site could see, modify and even delete personal data just by modifying the web address pointing to a taxpayer’s application number — you just needed to change the digits in the link.
There were over 713,000 applications in the Department’s pipeline at the time of the discovery, Mohsin said. Mohsin warned the Department about the flaw on October 27th.
Department representative Bethany Wester said in a statement that the government fixed the flaw within four days of the report, and that two unnamed firms have deemed the site secure. She added there was “no sign” attackers abused the flaw, but didn’t say how officials might have spotted any misuse. The agency contacted every affected taxpayers by phone or writing within four days of learning about the issue, and has offered a year of free credit monitoring.
Bugs like these, known as insecure direct object references, are relatively easy to fix. The damage might also be limited compared to other tax-related breaches, such as a Healthcare.gov intrusion that compromised about 75,000 people in 2018. However, the incident underscores the potential harm from weak security — even a small-scale exposure like this could be used to commit tax fraud and steal refunds.
One of Wear OS’s biggest issues is the lack of a proper backup feature which means every time you get a new smartwatch or phone you have to set everything up from scratch. Every single time. Reset the watch or phone? Reconnect from scratch. You get the picture. But it seems that Google is on […]
Come comment on this article: Wear OS teardown reveals that watch face, tile, and app data backups are on the horizon
The Federal Trade Commission is officially starting its efforts to broadly regulate data security. The agency has published an early notice of proposed rulemaking that asks the public to comment on commercial surveillance and data gathering practices, such as camera monitoring or protections for sensitive info. Officials not only want to understand the harms and benefits of technologies, but gauge interest in rules that could require stricter safeguards (such as tougher encryption) and bans on deceptive security claims.
The FTC's request for input also touches on specific issues, such as biased surveillance systems and algorithmic errors. Similarly, regulators are interested in whether or not existing data security practices hurt children.
In explaining the proposal, the FTC was concerned that enforcement by itself wasn't enough to protect consumers. The Commission can't seek civil penalties for first-time violators, for instance. In theory, new rules would encourage stronger security policies, provide more relief to hack victims and ensure a more consistent approach to cases.
On top of the comments, you'll have a chance for more direct feedback. The FTC is hosting a virtual public forum on September 8th that will give people two minutes each to share their views. The session will also include a panel discussion.
The FTC is still far from outlining rules, let alone putting them into effect. Even so, there's plenty of pressure to act. Governments at multiple levels in the US are increasingly banning or withdrawing at least some uses of surveillance tech, and there's a growing backlash against companies that either misuse personal data or are prone to data breaches. New regulations could reduce violations and otherwise ensure that data holders show more respect for your privacy.
Looking for a new pre-paid plan with a handy amount of high-speed 5G data? AT&T has a limited-time offer of 16GB of data (instead of the usual 8GB) each month for a year for an upfront payment of $ 300, which works out to $ 25 a month. We’ve got more details for you after the break. […]
Come comment on this article: [Deal] A $ 300 one-off payment gets you 16GB of high-speed data monthly for a year on AT&T
As international travel continues to open up, T-Mobile is handing its customers a couple of handy freebies that will make accessing data when overseas so much easier. The carrier’s new Coverage Beyond product will give customers an allowance of high-speed data in more than 210 countries with the added bonus of free, unlimited in-flight internet […]
Come comment on this article: Get free unlimited in-flight internet, 5GB of international data, and roadside assistance for a year on T-Mobile
TikTok says it’s achieved a “significant milestone” toward its promises to beef up the security of its US users’ data. In a new update, the company says it has “changed the default storage location of US user data.”
As the company notes, it had already stored much of its user data in the United States, at a Virginia-based data center. But under a new partnership with Oracle, the company has migrated US user traffic to a new Oracle Cloud Infrastructure.
“Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure,” the company wrote in a blog post. “We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users' private data from our own data centers and fully pivot to Oracle cloud servers located in the US.” Additionally, TikTok says it has made “operational changes,” including a new department “with US-based leadership, to solely manage US user data for TikTok.”
The moves are part of a longstanding effort by TikTok to address US officials’ concerns over how user data is handled by TikTok and parent company ByteDance. The company has been working to separate US user data so that it’s not accessible to China-based ByteDance as US lawmakers eye legislation to curb the influence of Chinese tech companies.
Still, the new safeguards are unlikely to fully sway critics of TikTok, who say the company still hasn’t addressed all potential concerns about how US user data is handled. In fact, just after TikTok published its blog post, BuzzFeed Newspublished a report that raises new questions about how the company handles the data of its US users.
The report, which was based on hours of internal meetings leaked to BuzzFeed, says that “China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users.” The recordings, which cover a time period between last September and January 2022, offer new details about the complex effort to cut off Bytedance's access to US user data.
The report quotes an outside consultant hired by TikTok to oversee some of the work saying that they believed there was “backdoor to access user data in almost all” of the company’s internal tools. It also quotes statements from several employees who say “that engineers in China had access to US data between September 2021 and January 2022, at the very least.”
It also notes that while data deemed “sensitive,” like users’ birth dates and phone numbers, will be stored in the Oracle servers, other information about US-based users could remain accessible to ByteDance. “ByteDance’s China-based employees could continue to have access to insights about what American TikTok users are interested in, from cat videos to political beliefs,” the report says.
That may not seem as serious as more personal information like birthdays and phone numbers, but it’s exactly the kind of details that some lawmakers in the US have raised concerns about. US officials have questioned whether the app’s “For You” algorithm could be used as a means of foreign influence.
“We know we're among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data,” TikTok said in a statement to BuzzFeed News.
Apps taking your data to push ads to you is a tale as old as time itself (or at least since the invention of the smartphone). However, with newer and more transparent pro-consumer policies as late, customers are now getting a say in reducing the ads pushed to them on their Android Smartphones. With this […]
Come comment on this article: [Guide] How to stop apps sharing data with Google on Android
Many kids use apps on a daily basis, but how much data are these apps really collecting — and which kids apps collect the most data? We find out.
Mobile | Digital Trends
T-Mobile is still suffering from data breaches, although its latest headache may be more reflective of the phone business at large. The carrier has confirmed to Bleeping Computer that a recent data breach stemmed from SIM swapping attacks. Intruders compromised a "very small number" of customers by reassigning SIM cards or viewing "limited" account info, T-Mobile said.
It's not clear what methods the attackers used, but SIM swaps are frequently used to take control of internet accounts and circumvent SMS-based two-factor authentication. The attacks sometimes rely on tricking or paying carrier staff to make the swaps.
The provider said it "quickly corrected" the problem using existing measures and took further steps to protect targets. The company also contended that swaps are a "common industry-wide occurrence." While that's sadly true, that won't be much help for victims — it could be a long while before SIM swap attacks are impractical.
Worried about going over your data limit? There are many settings you can tweak to ensure that your iPhone doesn’t guzzle as much data as it otherwise would.
Mobile | Digital Trends
The changes Verizon has made to its Selects program also changed at least some subscribers' privacy settings. Verizon (Engadget's former parent company) collected users' location, web browsing and mobile application usage data to send them marketing messages or offers under Selects, though subscribers could opt out if they wanted to. As Ars Technica notes, the carrier recently replaced its Selects program with the Verizon Custom Experience Plus and Custom Experience programs. And that's all well and good, except users have been receiving emails to tell them that they'd been automatically enrolled.
In the email, Verizon stated that they will be included in the programs, which means their data will be collected, even if they previously opted out of participating in Selects. Custom Experience only collects browsing and app usage history, while the Plus version also collects location information and data about the numbers that users call and call them.
In its FAQ page, Verizon said it doesn't sell user information, but it shares them with the service providers that work with them. "These service providers are required to use the information only for the purposes Verizon defines and not for their own or others' marketing or advertising purposes," the company wrote. The carrier also wrote that it keeps browsing information for no more than 6 months. It keeps location and phone number information for approximately one year.
To remove themselves from the program, users will have to opt out again. While we're sure a lot of subscribers wouldn't appreciate being enrolled into marketing programs they previously chose not to participate in, it's at least easy to unsubscribe. They can go to their Verizon account's privacy preferences page or "My Verizon" in their mobile app and head to "Manage Settings" or "Manage Privacy Settings" to toggle off both programs.
Uh yeah no fucking thank you, verizon pic.twitter.com/QgWxQjVMiq
— Jordan's Happy House of Horrors (@jordanhirsch) December 6, 2021
Online stock trading platform Robinhood has been hit by a data breach affecting seven million of its customers, the company revealed on Monday, November 8.
Mobile | Digital Trends
It’s somehow fitting that our first Cyber Monday deal is for CyberGhost VPN that you can grab a three-year plan at just $ 2.25/£1.99 monthly, with an extra 3 months bundled in on top. With more than 36 million customers worldwide, CyberGhost VPN promises to keep your data safe from prying eyes and unblock geo-restricted websites […]
Come comment on this article: [Deal is still live] Secure your data with a 3-year plan to CyberGhost VPN at just $ 2.25/month and get an extra 3 months free
Some data leaks contain more sensitive info than most. Security researcher Bob Diachenko and Comparitech discovered (via Threatpost) that Broadvoice, a cloud VoIP provider for businesses, left over 350 million records exposed online in an unprotected…
Engadget RSS Feed
If you are living the dongle life because your current laptop is low on ports thanks to its designer prioritizing form over function, Anker’s 8-in-1 Data Hub could be the all-in-one solution you need. Down to its lowest-ever price of $ 40 on Amazon, the Data Hub has everything you need to be the most productive […]
Come comment on this article: [Deal] At just $ 40, Anker’s 8-in-1 USB-C Data Hub with Power Delivery and built-in Ethernet is down to its lowest ever price
If you recently bought something from Razer, you'll want to keep an eye on your email inbox for suspicious links. According to security researcher Bob Diachenko, the company recently misconfigured one of its Elasticsearch servers, leaving the sensiti…
Engadget RSS Feed
Folding@home and Rosetta@home can now run on billions of Android smartphones, Raspberry Pi devices and ARM-based servers. The distributed computing projects, which give citizen scientists a way to contribute their devices’ computing power to the deve…
Engadget RSS Feed
If you’re about to hop from your current Samsung phone to a Galaxy S20, don’t expect your keyboard info to come along for the ride. Samsung has stopped syncing keyboard data through its Cloud service as of April 13th, according to a notice seen by Sa…
Engadget RSS Feed
5G is set to continue dominating headlines in 2020 as carriers continue their rollouts of the new technology. While some networks are charging extra to access 5G, Vodafone UK has announced that its PAYG customers can enjoy unlimited data and access to 5G, at no extra cost. Vodafone currently provides 5G connectivity in a total […]
Come comment on this article: Vodafone UK launches 5G with unlimited data for its Pay As You Go customers
A couple of weeks ago, the Electronic Frontier Foundation published the results of its investigation into data the Ring app is sharing with third parties. While the Amazon-owned company has faced criticism over its links to law enforcement and the se…
Engadget RSS Feed
The FBI thinks it has a way for companies to limit the damage from data breaches: lure thieves into taking the wrong data. Ars Technica has learned of an FBI program, IDLE (Illicit Data Loss Exploitation), that has companies plant "decoy data" to co…
Engadget RSS Feed
Chrome updates are normally good things, but some Android users have good reason to complain about the latest release. Google has paused the rollout for Chrome 79 on Android after reports of the update 'wiping' data from third-party apps that use th…
Engadget RSS Feed
NASA's OSIRIS-REx spacecraft made a startling discovery shortly after arriving at its target, a 1614-foot-wide rock called Bennu: the asteroid was ejecting particles from its surface. While that's common behavior on icy comets, it's much rarer on ast…
Engadget RSS Feed
Early in 2018, popular cellphone maker OnePlus revealed it had coughed up credit card information on over 40,000 users in a data breach, and now it's informing users of another one. This time, while the website is the source of the breach, the compan…
Engadget RSS Feed
T-Mobile has been relatively quiet about any plan changes leading up to its proposed merger with Sprint, but now it looks like they might be using that potential acquisition to build up some goodwill with states and customers alike. They’ve announced a new plan that’s priced pretty cheaply, plus some other discounts for specific customers. […]
Come comment on this article: T-Mobile teases a $ 15 data plan ahead of its merger with Sprint
EA opened up registrations for the FIFA 20 Global Series competition today. However, those trying to register noticed that the sign-up page displayed personal details of players who had already done so. They saw usernames, email addresses and dates o…
Engadget RSS Feed
We are changing how we treat data for children’s content on YouTube. Starting in about four months, we will treat data from anyone watching children’s content on YouTube as coming from a child, regardless of the age of the user. This means that we will limit data collection and use on videos made for kids only to what is needed to support the operation of the service. We will also stop serving personalized ads on this content entirely, and some features will no longer be available on this type of content, like comments and notifications. In order to identify content made for kids, creators will be required to tell us when their content falls in this category, and we’ll also use machine learning to find videos that clearly target young audiences, for example those that have an emphasis on kids characters, themes, toys, or games.
We continue to recommend parents use YouTube Kids if they plan to allow kids under 13 to watch independently. Tens of millions of people use YouTube Kids every week but we want even more parents to be aware of the app and its benefits. We’re increasing our investments in promoting YouTube Kids to parents with a campaign that will run across YouTube. We’re also continuing to improve the product. For example, we recently raised the bar for which channels can be a part of YouTube Kids, drastically reducing the number of channels on the app. And we’re bringing the YouTube Kids experience to the desktop.
We know these changes will have a significant business impact on family and kids creators who have been building both wonderful content and thriving businesses, so we’ve worked to give impacted creators four months to adjust before changes take effect on YouTube. We recognize this won’t be easy for some creators and are committed to working with them through this transition and providing resources to help them better understand these changes.
We are also going to continue investing in the future of quality kids, family and educational content. We are establishing a $ 100 million fund, disbursed over three years, dedicated to the creation of thoughtful, original children’s content on YouTube and YouTube Kids globally.
Championing the protections we have in place for children is a shared responsibility across the company. To that end, we are introducing new, mandatory annual training for our teams about our requirements in this area.
Today’s changes will allow us to better protect kids and families on YouTube, and this is just the beginning. We’ll continue working with lawmakers around the world in this area, including as the FTC seeks comments on COPPA. And in the coming months, we’ll share details on how we’re rethinking our overall approach to kids and families, including a dedicated kids experience on YouTube. I have the privilege of working alongside parents who deeply care about protecting kids. We know how important it is to provide children, families and family creators the best experience possible on YouTube and we are committed to getting it right.
Susan Wojcicki
It's common to secure data when its sitting put or flying to its destination, but not so much when you're actually using it — there's still a risk someone could peek at your content while you work. Industry heavyweights might help keep your info se…
Engadget RSS Feed
StockX isn't the only company that appears to have warned users about a data breach through password resets. T-shirt seller CafePress has been asking customers to choose new passwords as part of an updated "password policy," but the news came soon a…
Engadget RSS Feed
Facebook knew its Libra cryptocurrency would face a regulatory gauntlet, but it might not have expected a united front. Regulators from the US, UK, EU and four other governments have asked Facebook to answer several questions about how it will prote…
Engadget RSS Feed
Online account hijackers received a taste of ironic punishment this week. KrebsOnSecurity has learned that hackers stole the database from the popular hijacker forum OGusers on May 12th, obtaining email addresses, hashed passwords, IP addresses and…
Engadget RSS Feed
Being an expert at analyzing Microsoft Excel data would be a big lift to just about any career or hobby, especially if you’re planning to make money from it. But there’s a lot to doing that, which is why we’re offering a killer deal on a bundle that will show you everything you need to […]
Come comment on this article: [TA Deals] Become an expert Excel Data Analyst with today’s deal (97% off)
Interested in figuring out how machine learning & data science can help you in your job or hobbies? We’re offering a discount on the Machine Learning & Data Science certification training bundle right now that will help you out. This bundle includes 8 courses and 48 hours of content covering tons of material for Tensorflow, […]
Come comment on this article: [TA Deals] Save 97% on the Machine Learning & Data Science certification training bundle