TalkTalk Could be Put Out of Business by Compensation Claims

UK ISP TalkTalk could potentially be put out of business by compensation claims following the recent hack that compromised unencrypted user data. While TalkTalk admitted that it was a victim to a cyberattack last Thursday (22nd October), and has since claimed that it was not as serious as first feared, there is evidence to suggest that the company not only knew about the hack a week before revealing it and tried to cover it up, but that customers had received fraudulent phonecalls from parties that knew personal information as early as 16th October.

According to the Daily Star, city lawyers are drawing up compensation claims on behalf of thousands of customers, to the tune of around £1,000 each, which could cost TalkTalk up to £75 million, with further cases sure to follow.

“This is the Great Train Robbery of the 21st Century.,” Former Met Police detective and private security adviser Adrian Culley said. “There is a potentially huge liability for TalkTalk. Compensation payments could put them out of business.”

Meanwhile, TalkTalk CEO Dido Harding has claimed that it was not “legally required” to encrypt user data. Talking to The Sunday Times (paywalled content via Ars Technica), Harding said, “[Our data] wasn’t encrypted, nor are you legally required to encrypt it. We have complied with all of our legal obligations in terms of storing of financial information.” Giving your customers the finger isn’t illegal, either, but both demonstrate contempt for consumers, as does “leaving the backdoor open” for hackers to exploit.

Image courtesy of The Drum.

Microsoft Addresses Windows 10 Privacy Concerns by Pretending They Don’t Exist

Since the release of Windows 10 at the end of July this year, there’s been much frenzied concern – some hysterical, some justified – regarding the operating system’s approach to user privacy, but Microsoft has refused to directly comment on the issues, until now. Terry Myerson, Executive Vice President of the Windows and Devices Group, has this week paid lip service to user concerns over privacy in Windows 10, but has done so, bizarrely, by not mentioning them.

In the post, Myerson opens by assuring that all that data its collecting from you is encrypted which makes it fine – failing to acknowledge that the act of collecting user data itself is one of the prevailing issues Windows 10 owners are concerned about – and facilitates Microsoft’s desire to provide a “delightful” Windows experience. See, it’s for our own good, not for their benefit:

“We aspire to deliver a delightful and personalized Windows experience to you, which benefits from knowing some things about you to customize your experience, such as knowing whether you are a Seattle Seahawks fan or Real Madrid fan, in order to give you updates on game scores or recommend apps you might enjoy– or remembering the common words you type in text messaging conversations to provide you convenient text completion suggestions.”

Myerson follows up with a cheap, “Hey, at least we’re not Google!” jab:

“Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you.”

The blog post is little more than an echo chamber – setting its own agenda, then responding to it – and does little to address the genuine concerns of Windows 10 users. In fact, that it doesn’t reveal exactly how it uses the data it collects is conspicuous by its absence.

Thank you TechDirt for providing us with this information.

Image courtesy of Windows Central.

Mozilla Deploys Built-in Firefox Ads

Mozilla has implemented its long-proposed but negatively-received Suggested Tiles feature within Firefox, which effectively inserts Mozilla-approved ads into the browser. First vaunted back in February 2014, Suggested Tiles was put on hold after a negative reaction from Firefox users. Instead of putting the idea to bed, though, Mozilla has quietly deployed it with as little fanfare as possible, presumably hoping users don’t notice.

Mozilla revealed in May 2015 that it hadn’t entirely binned the proposal, with Darren Herman, Mozilla’s VP of Content Services, saying, “Suggested Tiles represents an important step for us to improve the state of digital advertising.”

Suggested Tiles, which has been rolled out to Firefox browsers for the past few weeks, not only shows sponsored links, it tracks user interaction with the browser, sending that raw data to its Disxo analysis engine, which is then converted into a high-level aggregate report that it sends to advertisers. Mozilla claims that is not getting paid for featuring the ads.

“Since early August,” Herman went on to explain, “we have been delivering promoted content provided by our first wave of partners including Yahoo, a number of top tier news titles including Fortune Magazine and Quartz, and mission-oriented partners such as the Make-a-Wish Foundation and the Electronic Frontier Foundation.”

“With Suggested Tiles, we want to show the world that it is possible to do relevant advertising and content recommendations while still respecting users’ privacy and giving them control over their data,” he added.

According to Mozilla, Suggested Tiles records and stores the following user data:

  • Language preference
  • Tile ID
  • How many times the Tile was displayed
  • Where in the grid of tiles a Tile was displayed
  • What interaction the user has with a Tile:
  • “Rolled over”
  • “Hovered over”
  • Pinned
  • Blocked
  • Clicked
  • Moved

“This data is associated with an IP address and is stored for a maximum of seven days, while Mozilla reports on the performance of the Tile. Then the IP address is removed from the data which is then archived. Mozilla does not create a profile of an individual over time,” a Mozilla representative said.

Will this move scare away the remaining Firefox users, or put off people considering migrating to Firefox?

Thank you ZDNet for providing us with this information.

Image courtesy of Wikimedia.

Reddit Refused 42% of User Data Requests in 2014

 

As part of its annual transparency report, released on Thursday, reddit has revealed that it turned down 42% of all official requests for user data in 2014. Granted, the total number of requests it received was only 55, but it demonstrates that the site will not hand over data on its users unless absolutely necessary.

As reddit wrote in its report:

In 2014, we received 55 requests for user information (including account registration data, log data, and content uploaded by users) from outside parties. We take all requests for the disclosure of user information seriously. When we receive a request, we make sure it is legitimate and not overbroad, and we provide advance notice to affected users unless prohibited by a court order or where we decide delayed notice is appropriate based on clear criteria described in our privacy policy.

Many government requests we receive contain demands to withhold notice from users that carry no legal weight. We actively disregard these non-binding demands. Our goal is to give users the information they need to seek legal advice before their records are disclosed. As stated in our privacy policy, we provide advance notice to affected users unless prohibited by a court order or where we decide delayed notice is appropriate based on clear criteria.

In March last year, reddit was served with a subpoena by the Delaware Attorney General’s Office, seeking “all records and information including registered name, e-mail, and IP address” for user “un1cornbl00d”, specifically relating to a two-day period that month. State authorities suspected un1cornbl00d was part of a couple caught on camera having sex in a public place in Newark, Delaware on St. Patrick’s Day, 2014.

Source: Ars Technica

Apple Doesn’t Want to be a ‘Treasure Trove’ of Data For the NSA

Being the biggest tech company in the world isn’t easy. Apple has been under hawk eye vision by both users and the press since the dawn of the iPod. The latest incident involving leaked celebrity nude photos via iCloud has only increased user security concerns regarding Apple’s services. CEO Tim Cook today spoke with journalist Charlie Rose regarding such matters – and went into great lengths outlining the importance that the company places on user security.

“Our business is not based on having information about you. You’re not our product. Our product are these, and this watch, and Macs, and so forth. And so we run a very different company. I think everyone has to ask, how do companies make their money? Follow the money. And if they’re making money mainly by collecting gobs of personal data, I think you have a right to be worried. And you should really understand what’s happening to that data, and the companies — I think — should be very transparent.”

“I don’t think that the country, or the government’s found the right balance,” Cook told Rose. Continuing with “I think they erred too much on the collect everything side. And I think the president and the administration is committed to kind of moving that pendulum back.”

It’s evident that the Cupertino based company has user data privacy high on their responsibility lists – if you’re picking up a new iPhone 6 or iPhone 6 Plus model, how important is digital security to you?

Thank you Charlie Rose for providing us with this information

Angry Birds Maker Rovio Denies Allowing NSA To Spy On Its Users

Reports from Edward Snowden about alleged NSA spying techniques and ‘how deep the rabbit hole goes’ information have been rolling in since last year. The latest being a highly classified documentation relating to the collaboration between the NSA and GCHQ on collecting private user data for popular mobile applications such as Angry Birds. Following the accusations, Rovio released a press statement in which they denied having collaborating with either party to allow collection of private user data from their application

Rovio has clearly underlined the reports about their popular game as purely “speculations”, and if the reports about the agencies’ techniques in collecting the data are true, no device that “visits ad-enabled websites or uses ad-enabled applications is immune to such surveillance.”. However, the statement does not mention anything about the Angry Birds application might have failed at protecting its user database full of personal information.

Both agencies, as stated in the report, are able to collect data such as call logs, text messages, emails and more by simply exploiting popular mobile applications, but there was nothing in the documents which could hint at the companies which develop the applications could have directly collaborated with the NSA.

Thank you Ubergizmo for providing us with this information