Signal has become the privacy-focused consumer’s go-to messaging app. But a recent change to its back-end systems that was designed to make the app more accessible and competitive with other encrypted messaging services could be putting user data at risk.
At the core of Signal’s appeal is a level of digital protection and commercial disinterest in its users’ communications rarely seen by messaging service providers. Signal is now used broadly not just by hackers and professional paranoids, but activists, journalists, politicians, and any number of people who believe that their text messages and phone calls should be as private as an in-person conversation. Few other apps offer a similar level of security and privacy.
Video chatting app Houseparty has boomed in popularity in the last two weeks, but experts say users could inadvertently be sharing more personal data than they realize.
“Anybody who decides to use the Houseparty application to stay in contact during quarantine needs to be aware that the app collects a worrying amount of personal information,” Ray Walsh, digital privacy expert at the U.K.-based ProPrivacy, said in a statement to Digital Trends. “This includes geo-location data — which could in theory be used to map the location of each user.”
Last year was a landmark for online privacy in many ways, with something of a consensus emerging that consumers deserve protection from the companies that sell their attention and behavior for profit.
The debate now is largely around how to regulate platforms, not whether it needs to happen.
The consensus among key legislators acknowledges that privacy is not just of benefit to individuals but can be likened to public health; a level of protection afforded to each of us helps inoculate democratic societies from manipulation by vested and vicious interests.
Forget telephoto lenses and fake mustaches: The most important tools for America’s 35,000 private investigators are database subscription services. For more than a decade, professional snoops have been able to search troves of public and nonpublic records—known addresses, DMV records, photographs of a person’s car—and condense them into comprehensive reports costing as little as $10. Now they can combine that information with the kinds of things marketers know about you, such as which politicians you donate to, what you spend on groceries, and whether it’s weird that you ate in last night, to create a portrait of your life and predict your behavior.
After the Sony mega-hack, protecting email privacy may seem paramount. But at digital payments startup Stripe, email isn’t kept all that private in the first place.
Recently, Stripe openly detailed the internal system it uses to achieve what it calls “email transparency,” saying “almost all” messages inside the company can be read by all employees. Private emails at Stripe aren’t forbidden. But they are the exception.
No, these emails can’t be read by people outside the company. But it shows that privacy isn’t always as important as we think it is. Stripe’s system is part of wide-ranging effort to build services that seek to make our communications more public, not less—an effort that includes everything from familiar consumer services like Facebook to business tools offered by the likes of Slack and GitHub.
As far as the technology goes, open email at Stripe isn’t that complicated. Employees are asked to CC any work-related emails to topic-specific mailing list archives managed through Google Groups. Project lists are the most common, but categories range from individual countries to a “crazyideas@” list. Via the lists, all email becomes public and searchable inside the company. Stripe now has 428 lists in all.
Maintaining your privacy online, like investing in stocks or looking good naked, has become one of those nagging desires that leaves Americans with a surplus of stress and a deficit of facts. So it’s no surprise that a cottage industry of privacy marketers now wants to sell them the solution in a $50 piece of hardware promising internet “anonymity” or “invisibility.” And as with any panacea in a box, the quicker the fix, the more doubt it deserves.
Last week saw the fast forward rise and fall of Anonabox, a tiny $45 router that promised to anonymize all of a user’s traffic by routing it over the anonymity network Tor. That promise of plug-and-play privacy spurred Anonabox to raise $615,000 on the fundraising platform Kickstarter in four days, 82 times its modest $7,500 goal. Then on Thursday, Kickstarter froze those pledges, citing the project’s misleading claims about its hardware sources. Other critics pointed to flaws in Anonabox’s software’s security, too.
Edward Snowden — the ex-government contractor who exposed the NSA’s efforts to spy on the web’s most popular services — offers a simple answer to this sweeping online surveillance campaign. The way to combat NSA eavesdropping, he says, is to encrypt data as it moves across the wire.
That’s what he told the tech heads at the South by Southwest conference in Austin, Texas last week, appearing by way of a video feed streamed across the net from Russia, where he’s been granted temporary asylum from the U.S. government. Properly implemented, he explained, today’s encryption techniques work: The NSA has no way of cracking them. The onus is on the tech world to actually use them. “You guys who are in the room now are all the firefighters,” he said. “And we need you to help fix this.”
The good news is that the giants of the net — including Google and Microsoft — are already working to encrypt data, not only as it moves across the public internet but as it travels through private lines that run between the massive data centers that underpin their many web services. According to leaked government documents, the NSA has ways of tapping these lines, opening a backdoor to the internet that even those at the heart of the tech world hadn’t thought about. If the Googles and the Microsofts encrypt the data moving between their computing facilities, they can go a long way towards answering Snowden’s call to arms.
“I wanted to see how breakup distress is related to Facebook use,” said Veronika Lukacs, who next week will defend her Masters thesis, called, It’s Complicated: Romantic breakups and their aftermath on Facebook.
Having attracted 900 million users to the biggest party in history, Facebook now has to sell them stuff — without being a buzz kill.
The two-year, $9 million project will create a suite of algorithms that can detect multiple types of insider threats by analyzing massive amounts of data — including email, text messages and file transfers — for unusual activity.