Privacy is a growing concern in today’s world. Follow along with all our coverage related to privacy, security, what Apple and other companies are doing to keep your information safe, and what steps you can take to keep your information private.
Despite widespread support for a federal privacy law across US citizens, businesses, civil rights groups, and even politicians, efforts to create one appear to have stalled.
Congress now appears to be placing its hopes in FTC regulation instead …
Expand Expanding Close
Some popular iPhone apps are using some sneaky techniques to uniquely identify you, even if you refused permission for app tracking. The data they are gathering includes everything from your iPhone’s Last Restart Time to your screen brightness setting measured to 15 significant digits.
A former iCloud engineer says that this type of privacy workaround makes Apple’s App Tracking Transparency rules a “dud” …
Expand Expanding Close
Apple giving into Russia twice this week on key civil liberties issues proves that the company’s CSAM misuse assurances cannot be trusted, argues a high-profile security expert.
Apple today pulled from the App Store an opposition tactical voting app after the Russian government threatened specific local company employees with “punishment” if they refused. It turns out that Apple also turned off its Private Relay service in Russia just yesterday, likely also in response to government pressure…
Expand Expanding Close
An iPhone exploit sold to the United Arab Emirates for $1.3M was developed by a US company that used American mercenaries to facilitate the sale, according to the Department of Justice …
Expand Expanding Close
London police chief Cressida Dick has used the 20th anniversary of 9/11 to attack companies like Apple, WhatsApp, Telegram, and Signal for offering end-to-end encrypted message services.
It follows the British Home Secretary – in charge of policing for the UK – seeking tech companies to find some way to break end-to-end encryption …
Expand Expanding Close
Facebook has confirmed to me that all WhatsApp messages are end-to-end encrypted, and that a ProPublica report is based on a misunderstanding. Update: ProPublica has added a ‘clarification’ and amended its story to reflect Facebook’s explanation.
Expand Expanding CloseA previous version of this story caused unintended confusion about the extent to which WhatsApp examines its users’ messages and whether it breaks the encryption that keeps the exchanges secret. We’ve altered language in the story to make clear that the company examines only messages from threads that have been reported by users as possibly abusive. It does not break end-to-end encryption.
The British government has expressed support for Apple’s now-delayed CSAM scanning plans, and says that it wants the ability to scan encrypted messages for CSAM, even where end-to-end encryption is used.
The country is offering to pay anyone who can find a way “to keep children safe in environments such as online messaging platforms with end-to-end encryption” …
Expand Expanding Close
Privacy and civil rights activists say that a US GDPR-style federal privacy law should be passed to replace the confusing mass of federal and state laws in place at present. This is an approach also favored by Apple, which wants the simplicity of a single set of privacy requirements across the US.
In the European Union, the General Data Protection Regulation (GDPR) provides the strongest protections ever seen for consumer data, all within a single piece of legislation. The US, in contrast, has no fewer than eight different federal privacy laws, and a mass of current and planned state ones …
Expand Expanding Close
The German government has reportedly admitted to buying Pegasus spyware, despite the fact that using some of the functionality would break privacy laws in the country. Privacy is a particularly hot-button issue in the country, given the country’s history.
Sources cited in the report say that the version purchased from NSO had certain features disabled so that its use would be lawful in the country …
Expand Expanding Close
An annual National Privacy Test shows that Germans are the most privacy-savvy of 197 nationalities surveyed, followed by Americans…
Expand Expanding Close
Apps used by children – defined as any app “likely to be used by children,” even if they are not the target audience – must meet new UK privacy standards from today …
Expand Expanding Close
Update: Apple did make a security announcement, but only a supply-chain related one.
We learned earlier this week about a potential Tim Cook White House visit to attend a cybersecurity summit hosted by President Biden. Cook’s participation has now been confirmed by a list of attendees shared by an administration official, and could provide an excellent opportunity for Apple’s CEO to drive home the company’s stance on privacy and strong encryption.
A new report today also raises the possibility of a security-related announcement by Apple after the meeting has finished …
Expand Expanding Close
A newly discovered NSO Pegasus zero-click iPhone attack against a human rights activist managed to succeed despite Apple’s Blastdoor protections, according to security researchers at Citizen Lab.
It is unclear, however, whether the protections Apple added to iOS 14.7.1 would have succeeded in blocking the attack, as it took place at a time when iOS 14.6 was the latest version available …
Expand Expanding Close
The CSAM controversy ought to have been obvious to Apple, but it seems that it wasn’t. Instead, the company was left scrabbling to respond as it came under fire from all quarters.
The question is: What will Apple do now? I have my theory …
Expand Expanding Close
Apple has confirmed to me that it already scans iCloud Mail for CSAM, and has been doing so since 2019. It has not, however, been scanning iCloud Photos or iCloud backups.
The clarification followed me querying a rather odd statement by the company’s anti-fraud chief: that Apple was “the greatest platform for distributing child porn.” That immediately raised the question: If the company wasn’t scanning iCloud photos, how could it know this?
Expand Expanding Close
In a massive data breach we first learned about earlier this week, T-Mobile is continuing to discover the extent of the damage that’s rising beyond 50 million accounts. In an update today, the uncarrier says it has found an additional 5.3 million current postpaid customer accounts had their name, address, date of birth, or other personal information compromised.
Expand Expanding Close
There has been a claimed AT&T hack of personal data from 70 million customers, less than a week after a confirmed hack of tens of millions of T-Mobile customer records. In both cases, the data includes social security numbers.
Update: The carrier denied in stronger terms that it was hacked.
Expand Expanding Close
Two academics from Princeton University say they know for a fact that Apple’s CSAM system is dangerous because they built one just like it.
They say the system they prototyped worked in exactly the same way as Apple’s approach, but they quickly spotted a glaring problem…
Expand Expanding Close
Update: A likely explanation for this comment has now emerged.
An explanation for Apple’s controversial decision to begin scanning iPhones for CSAM has been found in a 2020 statement by Apple’s anti-fraud chief.
Eric Friedman stated, in so many words, that “we are the greatest platform for distributing child porn.” The revelation does, however, raise the question: How could Apple have known this if it wasn’t scanning iCloud accounts… ?
Expand Expanding Close
More than 90 civil rights groups around the world have signed an open letter objecting to what they call iPhone surveillance capabilities, asking Apple to abandon its plans for CSAM scanning.
Additionally, they would also like the iPhone maker to drop plans for the iMessage nude detection, as this could place young gay people at risk.
Expand Expanding Close
Update: Apple mentions a second check on the server, and a specialist computer vision company has outlined one possibility of what this might be – described below under ‘How the second check might work.’
An early version of the Apple CSAM system has effectively been tricked into flagging an innocent image, after a developer reverse-engineered part of it. Apple, however, says that it has additional protections to guard against this happening in real-life use.
The latest development occurred after the NeuralHash algorithm was posted to the open-source developer site GitHub, enabling anyone to experiment with it…
Expand Expanding Close
A developer claims to have reverse-engineered the NeuralHash algorithm used in Apple’s CSAM detection. Conflicting views have been expressed about whether this would enable the child sexual abuse material detection system to be defeated…
Expand Expanding Close
The T-Mobile hack reported earlier this week has now been confirmed by the company. Some of the details differ from claims made by the hacker, but the carrier has admitted that 47.8 million records were taken – and not just from customers. You could be at risk if you have ever even applied for a T-Mobile account, whether or not it was ever opened…
Expand Expanding Close
Security company Corellium is offering to pay security researchers to check Apple CSAM claims, after concerns were raised about both privacy, and the potential of the system for misuse by repressive governments.
The company says that there are any number of areas in which weaknesses could exist, and they would like independent researchers to look for these…
Expand Expanding Close