Search This Blog

Showing posts with label Privacy. Show all posts

Deputy of the State Duma of the Russian Federation: it is necessary at the legislative level to protect the data of Russians on Facebook


Andrey Alshevskikh, the State Duma Deputy, said that the threat to the personal data of Russian users of the social network Facebook is real. The Deputy notes that it is necessary to take appropriate security measures at the legislative level.

The day before it became known that the hacker group OurMine hacked two official Facebook accounts on Twitter. On the night of February 8, an appeal appeared on these pages stating the vulnerability of Facebook to hacker attacks. It was also said about the weakness of the Twitter security system.

"As for Facebook, this is not the first case and, something tells me, not the last. It is necessary to deal with such cases in detail and take concrete steps at the legislative level, make amendments to existing laws, and adopt new ones to protect the data of Russian citizens," said the Deputy.

Alshevskikh recalled that the threat to the personal data of Russians who use Facebook was mentioned repeatedly. Therefore, a law was adopted providing for the storage of personal data of citizens of the Russian Federation in Russia, however, some companies do not want to comply with it.

"We need to force Facebook to comply with Russian law," said Alshevskikh. Recall that earlier Roskomnadzor started administrative proceedings against Facebook and Twitter, which did not provide a localization report at the indicated time. Refusal to localize, according to Russian law, faces a multimillion-rubles fine. In the case of the first violation, legal entities may be charged up to 6 million rubles ($94,000), in the case of a second violation - from 6 to 18 million rubles ($94,000-$282,000). Court hearings have already been scheduled and will take place on February 13 in a Moscow court.

Earlier, CEO of a detective agency and speaker on cyberattacks Vladimir Golovin recommended that those who are concerned about the safety of their personal data stop using Facebook.

CEO of a detective agency and speaker on cyber attacks: users should understand that Facebook is leaking their data


Numerous Facebook leaks in 2013 and 2016 put users in a position where they are not responsible for their security. This opinion was expressed by the General Director of the detective agency and speaker on cyber attacks Vladimir Golovin.

The Cybersecurity team at Check Point Research found out that Internet attacks were most often carried out on Internet users to obtain their personal data via Facebook for the last quarter of 2019. A social network is not able to protect its customers from online fraud.

Experts told about such a fraud scheme as "phishing", which consists of the theft of the username, password and other personal data. Hackers operate through social networks or other platforms where people leave information about themselves. As a result, it turned out that Facebook has become the leader among platforms that are hacked by scammers. The second line is occupied by the Yahoo service, and in third place is Netflix.

According to Golovin, when a user leaves their data somewhere, their security depends on him only by 50%.

"If you want to give your personal data, then use Facebook. If not, you don't need to use it at all," said the speaker.

According to him, today people have the wrong attitude to personal data, so it is worth starting the fight with this. Many people do not understand the danger they face when leaving personal information on unverified sources.

Golovin notes that Facebook continues to do the same, leaking user information.
"Therefore, in the field of information security and data storage, all these are political games," he concluded.

It is worth noting that, in addition to the constant leak of personal information, foreign sites continue to brazenly violate Russian laws by refusing to transfer servers with Russian data to the territory of the Russian Federation. Ruslan Ostashko, editor-in-chief of the online publication Politrussia, said that it is necessary to register the possibility of blocking the activities of Facebook and Twitter at the legislative level.

Ukrainian authorities proposed online media to track readers and transfer data to the cyber police


A real scandal began with the rights of journalists, the media and freedom of speech in Ukraine. The Ukrainian cyber police sent a circular to various Internet publications in Ukraine with a proposal to install special software codes on the websites of publications in order to track and identify readers of publications. At the same time, all data must be transmitted to the cyber police of Ukraine.

In the document received by the media, the cyber police proposes to install a special script developed by the Agency on the site of publications, which would allow identifying network users who use a VPN or anonymizer. All data of users of Internet publications who have installed such a code is sent to a special server of this body.

Note that 99.9% of all users of the Ukrainian network use VPN in Ukraine. This is caused by the blocking of all Russian resources by the Ukrainian authorities. In the absence of high-quality Ukrainian services and social networks, Ukrainian citizens continue to use Russian Yandex, Vkontakte, Mail.ru and read Russian media. Obviously, the Ukrainian authorities, on the orders of Vladimir Zelensky, have now decided to identify such citizens.

The cyber police of Ukraine noted that they did not insist on installing such codes but only suggested. At the same time, the Ukrainian cyber police does not see anything shameful in such a proposal but considers it the interaction of the state and the private sector in the field of combating cybercrime.

However, it is important to note that the existence of such a script from the cyber police on Ukrainian media sites is a criminal offense. Such actions of the Ukrainian cyber police violate a number of laws and the Constitution of Ukraine. They violate freedom of speech, freedom of the media, freedom of access and dissemination of information, human rights, processing of personal data, and the presumption of innocence. As well as a number of European and international norms and laws in this area.

Moreover, for a long time, citizens of Ukraine have been asking the President of Ukraine to unblock Russian sites.

Facebook to give $550 Million as a Settlement in a Lawsuit


Social Media giant Facebook is to pay an amount of $550 million as a settlement in what appears to be another series of lawsuits, and this time, it is a Facial Recognition issue. The lawsuit is not good for the brand perception of Facebook as it puts further questions to the credibility of the privacy laws of the social networking site.


"Facebook has agreed to pay a settlement of $550 million related to a claim filed for FB's facial recognition technique," said Facebook this Wednesday. The incident that appeared in Illinois is said to be a great triumph for privacy organizations as it raises the question of privacy laws of the company Facebook which is already among the controversies of data laws. The issue emerged from FB's image labeling technique named 'Tag Suggestions,' which uses facial recognition techniques to suggest the name of users present in the photo.

The company that has filed lawsuit accused Facebook of collecting the facial data of the company's employees that violate Ilionis Biometric Privacy law. It accuses Fb of storing data of millions of users for Tag suggestions without the knowledge of the company's employees and also without them knowing how long the data will be kept. Facebook has dismissed the allegations saying it has no basis of proof. As per the settlement, FB has to pay $550 Million as legal fees to the affected users of the Illinois company. This payment even surpasses the $380 Million amount that the reporting agency 'Equifax' had agreed to pay for the settlement of a 2017 consumer data breach incident.

"Facebook agreed to settle the case by giving back what was rightful to the community and in the goodwill of public interest, as it affects our stakeholders," says FB's spokesperson. "The settlement highlighted the importance of user privacy and security," says lawyer Joey Edelson, whose firm addressed the issue on behalf of the affected users of Facial Recognition suit. He further says, "people worried about issues related to gun rights concerning women safety or people who like to participate in societal issues by not disclosing their identity hold the same importance and we should respect their privacy."

Avast Antivirus Harvested Users' Data and Sold it Google, Microsoft, IBM and Others



Avast, a popular maker of free anti-virus software being employed by almost 435 million mobiles, Windows and Mac harvested its users' sensitive data via browser plugins and sold it to third parties such as Microsoft, Google, Pepsi, IBM, Home Depot, and many others, according to the findings of an investigation jointly carried out by PCMag and Motherboard.

As per the sources, the investigation basically relied on leaked data; documents used to further the investigation belonged to Jumpshot which is a subsidiary of Avast. The data was extracted by the Avast anti-virus software itself and then repackaged by Jumpshot into various products which were sold to big companies as the report specified, "Potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Conde Nast, Intuit, and many others."

"The sale of this data is both highly sensitive and is, in many cases, supposed to remain confidential between the company selling the data and the clients purchasing it," other company documents found.

Allegedly, Avast has been keeping a track of personal details such as exact time and date when a user starts surfing a website, the digital content being viewed by him and his browsing and search history. As per the findings, the information sold by Jumpshot includes Google Maps searches, Google search engine searches, YouTube videos viewed by users, activity that took place on companies' LinkedIn handles and porn websites visited by people. The data contained no traces of personal information of people like their names or email addresses, however, the investigators at Vice pointed out how the access to such precise browsing data can potentially lead back to the identification of the user anyway.

When the investigation reports were made public, Jumpshot stopped receiving any browsing-related data harvested by extensions as Avast terminated the operations, however, currently, the popular anti-virus maker is being investigated for collecting user data asides from browser plug-ins.

While Google denied commenting on the matter, IBM told Vice that they have no record of dealing with Avast's subsidiary, Jumpshot. Meanwhile, Microsoft made it clear that at present they are not having any relationship with Jumpshot.

Bot List Containing Telnet Credentials for More than 500,000 Servers, Routers and IoT Devices Leaked Online


This week, a hacker published a list on a popular hacking forum containing Telnet credentials for over 515,000 servers, home routers and IoT (Internet of Things) "smart" devices. The massive list which reportedly was concluded by browsing the whole internet in search of devices that left their Telnet port exposed, included IP addresses of all the devices, username and password for the Telnet service and a remote access protocol that can be employed to control devices over the internet.

After scanning the Internet in search of devices exposing their Telnet port, the hacker attempts to use either factory-set default usernames and passwords or custom but guessable combinations, as per the statements by the leaker himself.

These lists, generally kept private – are known as 'bot lists' that are built after hackers scan the Internet and then employed them to connect to the devices and install malware. Sources say that although there have been some leaks in the past, this one is recorded as the biggest leak of Telnet passwords till date.

As per the reports of ZDNet, the list was made available online by one of a DDoS-for-hire (DDoS booter) service's maintainer. There's a probability that some of these devices might now run on a different IP address or use other login credentials as all the leaked lists are dated around October-November 2019. Given that using any of the listed username and password to access any of the devices would be illegal, ZDNet did not use it. Therefore, they were not able to comment on the validity of these credentials.

A security expert in the field of IoT, requesting for anonymity, tells that even if some of the listed credentials are invalid by the time for devices now have a new IP address or password. However, the listings still hold a lot of value for a skillful and talented attacker who can possibly use the present information in the list to identify the service provider and hence update the list with the current IP addresses.

Certain authentic and verified security researchers are given access to the list of credentials as they volunteered for it.

European Union likely to ban Facial Recognition for 5 years


The EU (Europian Union) is considering restricting the use of facial recognition technology for a possible duration of 5 years, in public area sectors. The reason being is the regulators need some time to consider the protection of unethical exploitation of the technique. The facial recognition is a technique that lets to identify faces that are captured on camera footage to be crosschecked against real-time watchlists, mostly collected by the police.


However, the restrictions for the use are not absolute as the technique can still be used for research and development, and safety purposes. The committee formulating the restriction drafted an 18-page document, which implicates the protection of privacy and security of an individual from the abuse of the facial recognition technique. The new rules are likely to strengthen the security measures further against the exploitation. The EU suggested forcing responsibilities on either party, the developers, and the users of AI (artificial intelligence) and requested member countries of the EU to build an administration to observe the recent laws.

Throughout the ban duration that is 3-5 years, "a solid measure for evaluating the repercussions of facial recognition and plausible security check means can be discovered and applied." The recommendations appear among requests from lawmakers and activists in the United Kingdom to prevent the police from unethical abuse of the AI technique that uses live facial recognition technology for purposes of monitoring the public. Not too late, the Kings Cross estate got into trouble after a revelation that its owners were using facial recognition without the public knowing about it.

The politicians allege that facial recognition is fallacious, interfering, and violates the basic human right of privacy. According to a recent study, the algorithms that facial recognition uses are not only incorrect but are also flawed in identifying the black and Asian faces in comparison to those of the whites.

How Facial Recognition works?

  • The faces stored in a police photo database are mapped using the software.
  • CCTV present at public places identifies the faces. 
  • Possible matches are compared and then sent to the police. 
  • However, pictures of inaccurate matches are stored for weeks.

Phishing Attack Alert! Los Angeles County Says No Harm Done!


A Phishing attack last month surfaced over the LA County which was immediately contained before any devices got compromised.

The attack was discovered by the staff, last month. The containment of the attack was done by the staff instantaneously before much damage was done.

The hackers were apparently after the county’s residential data.

Per sources, it all began when the Los Angeles County received a phishing email which extended malicious activities. The malicious campaign was aimed at stealing the receiver’s personal data.

The hackers’ plan was to get the recipient to click on the links/attachment in the email. Reportedly, the email had come from a “third-party account”. Allegedly, the distribution list of the third party got leaked and was sent to more than 25 county employees.

Per website sources, The LA County happens to be the most populated area in the US. It has over 35,000 personal computers, 12,000+ cell phones and 800+ government network locations.

According to reports the “Internal Services Department” happens to support the “Countrywide Integrated Radio System” which extends essential services during emergencies.

Most local governments have faced attacks along the same lines including Los Angeles County as well. Per sources, in the Minnesota case where the phishing attack targeted over 100 LA County employees, the personal data including targets’ names, social security numbers, dates of birth, card details and other personal data was compromised.

It is evident that the phishing attack could have taken a gigantic form if it hadn’t been for the prompt skills of the employees and staff of the LA County.

Given that such a humongous number of devices and networks could have been jeopardized this attack must necessarily be taken as a serious warning.

The already existing and well-established security controls of the county also had a lot to contribute to this successful aversion of the accident.

Reportedly, the county’s Chief Executive Officer had taken this incident as quite a forewarning and mentioned that they would work stalwartly towards improving the security provisions and strengthening them.

The overall incident is still under investigation by the county along with help from a few private participants.

Privacy Alert! Xiaomi's Security Cameras Not All That Secure?


If you think that if you have a security camera at your home then you are safe, you are absolutely wrong to sleep on your chair so freely!

Xiaomi instantly hit headlines when one of its security cameras displayed stills of a man sleeping on a chair.

Xiaomi, the global giant known for its great products at a low price per reports, had launched a “Home Security Camera” earlier. With increase in the use of security cameras the aspect of privacy and security are still a major concern.

The Home Security Camera by Xiaomi which offers a 1080p recording, infrared night vision, AI motion detectors ad lots more apparently was too high-tech when it displayed pictures from other cameras from “Google Nest Hub”.


Reportedly, the issue surfaced when a user reported that his Xiaomi Security Camera displayed still images from someone else’s camera on the Google Nest Hub of “a man sleeping in his chair”.

Allegedly, the user mentioned that the firmware the “Nest hub” and the “Xiaomi Security Camera” were freshly bought and working on the version 3.5.1_00.66.

Google, as a result of this case disabled Xiaomi integrations on its devices. Users could link the Xiaomi Home Security Camera to their Google accounts and access the Nest devices via the Mi Home application.

Xiaomi immediately, stunned with Google’s response apparently, issued a statement mentioning that they had fixed the issue and that in fact the issue happened owing it to a “cache update”.

The update which was supposed to make the security cameras better in terms of improved streaming quality ended up displaying images “under poor network conditions”.

Per sources, the company cited that over 1000 users had the above mentioned “integrations” and only a “few” with tremendously poor network were majorly affected.

Eventually, the service got suspended by Xiaomi as it mentioned to Google, allegedly.

It goes without saying that the conditions in which this incident took place are extremely rare and the entire satiation is under investigation by the security team of Xiaomi and that the issue wouldn't occur at all if the cameras are linked to the Mi Home app.

Xiaomi also profoundly cited that for them, users’ privacy and security has always been paramount. The issue about the reception of still images while connecting to Mi Home Security Camera on Google Home hub is deeply regretted for. They also apologized for it profusely.



7 Easy Habits to make you Digitally Secure!


So 2019, was quite a year for hackers and security breaches. Countless malware, trojans, ransomware and data breaches attacked the business and financial sector leaving our security and information more exposed and feeble. And these hackers have moved from targeting the rich and high profile to the common people and the consequences can be right down scary. And that's why it becomes imperative that we protect ourselves from these attacks. It may seem like impossible feet but a few simple habits can go a long way to keep us cyber safe and cyber secure. Let's take a look-


1. Antivirus software 
Leaving your computer exposed without any antivirus means you are gladly inviting virus and malware into your system. Installing an antivirus is the first line of defense and quite simple. Using anti-virus software is the foundation from which all your other online safety habits are built. 

2.Thinking free means safe 
Always be aware of freebies on the internet and cyberspace be it free software or free wifi. Especially using free or public wifi can cost you dearly. Since this type of network is open for use by anyone, there’s a high risk of exposing your system to malware and having the information you send or receive (including passwords) viewed and collected by criminals. So, avoid using public wifi and even if you have to consider VPN( Virtual Private Network)

3.“Remind me later” 
FoxNews says, "Are you notorious for rescheduling software updates but never actually installing them? If you often hit the “Remind me later” button, you’re asking for trouble. "Don’t prevent your system from receiving the latest tools and security patches needed to fight off attackers and viruses."

4. Beware of attachments on Emails 
Clicking before you investigate, can be lethal for your security. Many ransomware seems like legit emails from governments and when you click the attachment, the word file activates the ransomware in your system. So, always be prudent about opening attachments and links given in mails.

5. Don't go with the lazy option - set a strong different password 
Using the same password for every platform makes it easier for the hacker to get in your machine. Also, if one platform is hacked it can lead to a chain hacking of your full online presence.

6.Forgetting about your online presence 
FoxNews advises that it’s common to have a ton of online accounts. Over time, you may forget about a few of the ones you rarely use or have stopped using entirely. That means if your account is compromised, you may not even notice. Jot down all the accounts you’ve created and routinely go through and delete those you no longer use.

7.Accepting terms you never read 
And the last and most common mistake that we are all guilty of- accept terms and conditions without reading them. Apps and software can easily access our data, pictures, SMS, and others legally and easily because of this.

Today, the world is getting smart, everything is connected from your phone to your TV with the integration of the Internet of Things (IoT) and thus it's important to adopt some healthy security habits.

Russians learned to circumvent the ban on anonymity in the Network


Russians learned to circumvent the ban on anonymity on the Internet using online services. Services give the customer a phone number for rent for a small amount for a few hours.

Information security experts found that the requirement of mandatory identification of users of messengers by phone number provoked the growth of anonymous verification services. Such resources can be used to spread malicious software or other fraud.

According to the technical Director of Qrator Labs Artem Gavrichenkov, such services provide users with mobile numbers for rent, among them, for example, sms-reg.com, getsms.online, smska.net, simsms.org and others. It costs from 3 to 300 rubles ($0.04 - 5), the rental period is from 20 minutes to several hours. Anonymous verification is available for Mail.ru, Vkontakte, Odnoklassniki, Avito, Yula, WhatsApp, Viber, Telegram, Facebook, Twitter, Yandex, Badoo, Mamba and others.

According to the expert, mobile operators of different countries use services, but judging by the errors in the English version of the sites, the services are aimed at a Russian-speaking audience.

Gavrichenkov is sure that the rented numbers can also be used to distribute illegal content or sell drugs on social networks and messengers.

"The services exploit gaps in government-approved rules for identifying users of instant messengers and social networks by phone number", said Mr. Gavrichenkov. Recall that on May 5, a government decree on the obligation of the owners of Messengers to identify the users of their resources by telephone number came into force in Russia.

The use of anonymous numbers can lead to increased fraud. So, using the generated accounts, anonymous users can make fake likes at posts to lure other users. Most often it is the posts that sell non-existent goods. The situation is the same with malicious applications.

To block all numbers of anonymous Internet portals it is not possible as their list is very quickly updated.

Data leak- Thousands of US defense contractors' data leaked !


A digital consultancy firm accidentally leaked personal information of thousands of defense contractor employees of United States due to A misconfiguration in cloud infrastructure .

 IMGE, a Washington DC based firm unintentionally revealed personal data like names, phone numbers, home and email addresses of more than 6000 Boeing staff as reported by The Daily Post.

 The employees whose data was leaked included defence staff, government relations staff, senior executives and even those who worked on prototyping unit on highly sensitive technologies.

 “This information was exposed as a result of human error by the website’s vendor,” a Boeing spokesperson told the news site. “Boeing takes cybersecurity and privacy seriously and we require our vendors to protect the data entrusted to them. We are closely monitoring the situation to ensure that the error is resolved quickly.”

 The data was collected by IMGE from a website called Watch US Fly, with the idea - “advancing and protecting American aerospace and manufacturing.” The website asks its users for contact details for future campaigns. The Daily Post reports that, Chris DeRamus, CTO of DivvyCloud, explained that cloud misconfigurations like this are increasingly common as many users aren’t familiar with cloud security settings and best practices.

“It is especially concerning that the database contained information about 6,000 Boeing employees, many of whom are heavily involved with the US government and military, as the exposed data is more than enough information for cyber-criminals to launch highly targeted attacks against those impacted to gain more confidential government information,” he added.

 “Companies who manage large amounts of sensitive data, especially data related to government and military personnel, need to be proactive in ensuring their data is protected with proper security controls. Companies must adopt robust security strategies that are appropriate and effective in the cloud at the same time they adopt cloud services – not weeks, months, or years later.”

Data Privacy on Alert; Facebook, Whatsapp and Others Fear The Personal Data Protection Bill?


The latest amendments in the “personal data protection bill” of India could make Facebook and other data consuming platforms lose sleep over enhanced government powers.

On Tuesday, the Personal Data Protection Bill was passed around in the parliament which could have strong consequences on the way the organizations store, process and use public data.

The newest addition to the bill is the stipulation that endows the Indian government to demand from a company the “anonymized” personal and non-personal data for better government services.

Per the bill, any information that could aid in identifying a person and possesses characteristics, traits or any attributes of a person’s identity could be defined as “personal data” and the rest as non-personal.

For the leading tech-organizations, personal or non-personal, the data is valuable. And these new provisions brought out by the bill are issues of major concern.

Reportedly, an official strongly taking the government’s stand mentioned that the “personal data” is as valuable to the society as it is to the tech-companies.

They also mentioned something along the lines of making use of data from cab organizations like “Uber” to comprehend the limitations of Indian public transport and what could be done for its betterment.


There is no specific mention as to what the data shall come in exchange for or any other ensuing rules as to the processes regarding it.

Per the bill, personal data such as biometric details and financial data could be transferred beyond the boundaries of India for processing purposes but must be stored locally.

Allegedly, the media platforms in question could also need to provide a structured procedure for users to “prove their identities” and “display a verification sign publicly”. This could cause major companies to face major technical issues.

Dreading the possibility of furthered compliance costs, the countries across the globe have been pushing their agencies to go against such rules.

Per reports, these fresh exceptions that the bill makes available for the government could be alarming for India’s privacy situation which isn’t as strong as all that.

The bill that shall soon be presented in the parliament will definitely not be passed in this session and only after further voting and discussion should any results be declared.

An App Helping Scammers Hack into Bank Accounts on the Rise in Bengaluru


An app called AnyDesk, utilized by telecallers pretending to be officials from legitimate banks is clearly on the rise in Bengaluru, helping hackers effectively access to the bank accounts of clueless customers.

AnyDesk is said to be a tool that gives remote access to digital devices and can be downloaded from Google Play and App Store. In February this year, the Reserve Bank of India cautioned of a digital banking fraud that utilizes AnyDesk as the main attack route.

Bengaluru cyber police have registered 25 cases over the last two months and as per a senior cybercrime investigator people have lost between Rs 15,000 and Rs 2 lakh subsequent to downloading the application.

The fakes talk about complimentary gifts, coupons and limits to draw their exploited people. “They use these to bait people into sharing their pin, and then access OTPs and credit card and CVV numbers saved on their phones,” he says.

The callers essentially persuade the victim to share their pin saying it is important to enact free insurance or extra credit. OTPs are their greatest weapons as they can be utilized to get to photos and recordings as well as personal data, which is now and then used to compromise and blackmail people, the official says.

“They can also see your chats and get passwords you may have stored on your phone,” the officer says. Reasons given by scam telecallers to extract information from the customers:

  1. Your ATM card has expired. 
  2. Your ATM card needs to be reactivated. 
  3. Your reward points need to be upgraded. 
  4. Your reward points can be cashed. 
  5. Your Aadhar and PAN need to be linked to your ATM card.

And so the banks have warned the people to remain cautious regarding certain parameters like:

  1. No bank ever asks you to share your OTP, CVV and Internet banking details over the phone. 
  2. People calling from banks based in Karnataka first speak in Kannada, and not in Hindi or English. Bank employees don’t ask you to deposit money through Google Pay. 
  3. Don’t install any app that allows remote access to your phone.

Twitter Used Phone Numbers and Email Addresses Provided for Security to Target Ads


Twitter, on Tuesday, admitted using phone numbers and email addresses of users provided for the purpose of enhancing security via two-factor authentication to serve target ads.

However, sensitive user data has not been shared with the company’s third-party partners and the issue which stemmed the incident has been taken care of; now the phone numbers and email addresses are only asked for security purposes, according to Twitter.

Last year, Facebook was caught for engaging in a similar practice where the phone numbers and email addresses provided by the users to make their accounts more secure were used by the social media giant to target ads, as per the Federal Trade Commission (FTC).

In the wake of the breach, Twitter received widespread criticism for compromising its users' privacy. The fact that user security has been violated through a framework that was intended to rather strengthen it, further fuelled the public reproval. Although the company did not intend to use sensitive user data for the purpose of ad targeting, one can’t deny that the platform was practicing the aforementioned without the knowledge of its users. Moreover, it took the company almost a month to disclose the information.

Putting what Twitter called as an 'error' into perspective, it wrote in a post on its Help Center website, “Tailored Audiences is a version of an industry-standard product that allows advertisers to target ads to customers based on the advertiser's own marketing lists (e.g., email addresses or phone numbers they have compiled)."

"When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes." The company added.

Remarking data (here) as a liability, Duruk, a human-computer interface expert, wrote “Phone numbers stored for 2FA end up in advertising hellhole. The more you accrue, the more someone inside your org will find a way to abuse it.”

Apologizing for the inadvertent mistake, Twitter further wrote, "We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again."

End of Facebook encrypted messaging?


The United States, United Kingdom and Australia, in an open letter, dated 4 October urged Facebook to create backdoors into its encrypted messaging apps to grant law enforcers faster access to private messages. This would help the government to tackle child abuse, terrorism and organized crimes.

The open letter was signed by UK home secretary Priti Patel, the US Attorney General William Barr, Acting US Homeland Security Secretary Kevin McAleenan and the Australian minister for Home Affairs Peter Dutton on the grounds that cross-platform messaging encryption threatens public safety. It also aligns with UK and US’s agreement of “world-first” data access that will make cross border access to data easier and faster.

Earlier this process took from six months to a year however this agreement will speed up the process by weeks to even days as it will permit law enforcers to demand data directly from the company without asking the country’s government first.

Head of online child safety at the NSPCC Tony Stower said, “The landmark agreement between the US and UK on accessing data will radically reduce the time it takes for police to get hold of the data they need from tech giants to bring offenders to justice.
"It should be a hugely important step forward in tackling online child abuse - if tech giants play their part too."

What is End to End Encryption?

In End to End Encryption, the key to access the message is only with the sender and the recipient, even the platform can’t access the content. And, to access the content the platform needs to add backdoors that they themselves and government can access.

Facebook owned, WhatsApp already has end to end encryption and in March 2019, following the data scandal and Facebook's incompetence to protect its user’s data, Mark Zuckerberg announced plans to incorporate this encryption in messenger and Instagram.

With this open letter the governments of US, UK and Australia are pressuring Facebook to pause its plans of encrypting all messages. To which Facebook stand in opposition saying "people have the right to have a private conversation online." Facebook states that it is "consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology" to keep people safe.

Privacy or Public Safety 

The letter chiefly focuses on child abuse and exploitation, considering the risk of easy access to offenders and criminals with encryption. In 2018, Facebook reported 16 million child-exploitation tips last year, Deputy Attorney General Jeffrey Rosen said.

FBI Director Christopher Wray said that Facebook’s proposal to encrypt its popular messaging program would turn the platform into a “dream come true for predators and child pornographers.” (Sc Reuters)

The letter supports encryption but with backdoors that grants government “a means for lawful access to the content of communications”

Facebook spokesperson said “We believe people have the right to have a private conversation online, wherever they are in the world. Ahead of our plans to bring more security and privacy to our messaging apps, we are consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe.”

Electronic Frontier Foundation (EFF) called the letter “ an all-out attack on encryption” and the organization cautioned that such measures could pose a risk to journalist and activists and could be used by “authoritarian regimes... to spy on dissidents in the name of combating terrorism or civil unrest.” (Sc Forbes)

Roskomnadzor began the installation of equipment for the isolation of the Russian Internet (Runet)


The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roscomnadzor) started testing the equipment for implementation of the law on the isolation of Runet. The pilot project is planned to be completed by mid-October.

According to the head of Roskomnadzor Alexander Zharov, all major mobile operators in Russia have joined the Roskomnadzor project for testing the equipment and now the equipment is being installed.

Zharov said that the experiment will be carried out on the equipment of the manufacturer that has already passed all the tests. Now there is an experiment with two more manufacturers, he added. According to Zharov, among them is company RDP.ru. It is interesting to note that the development of the company RDP.ru was recognized as the most effective in the tests of blocking the Telegram messenger.

"We will be testing it for several weeks from the end of September," Zharov said. According to him, the experiment will not be conducted in all of Russia, but testing will take place in one of the regions. The name of the region was not disclosed.

The head of the Service said that they would tell about the results of the experiment in mid-October, but so far he cannot disclose all the details.

"My reluctance to speak is due solely to information security issues," he stressed.
Also, during the conversation with journalists Zharov said that the creation of a Center for monitoring and managing a public communications network is proceeding as planned.

In November, the law on the isolation of the Runet, adopted in the spring, will come into force. According to the document, Roskomnadzor will be able to control all data transmission points abroad and traffic routing using special equipment. Although the law will enter into force in November, Roskomnadzor began to prepare in advance the rules for its application.

Recall that on May 1, Vladimir Putin signed a law on the isolation of the Runet. According to this law, Roskomnadzor assumes all the authority for managing networks in case of threats to the Russian Internet. In addition, Roskomnadzor has the right to directly block websites with prohibited information.

The Kremlin called the document a precautionary measure. Federation Council speaker Valentina Matvienko stressed that the authorities do not intend to restrict Internet access to Russians.
The Ministry of Сommunications has identified a list of threats in which the Runet can go into a centralized control mode. In particular, when there are threats to integrity (when it is impossible to establish a connection between users), stability (when part of the equipment fails or natural or man-made disasters occur) and security (when someone tries to break into the equipment of providers or has a “destabilizing internal or external information impact” on communication network).

Hackers Working For the Chinese Government Tracking Movements of Ethnic Uighurs




Hackers working for the Chinese government are said to have been tracking the movements of ethnic Uighurs, a mostly Muslim minority, which is viewed as a security threat by Beijing. The hacks are a part of a rather extensive cyber-espionage campaign focused on “high-value individuals” such as diplomats and foreign military personnel, the sources said.

As a part of the campaign, various groups of Chinese hackers have compromised telecoms operators in nations including Turkey, Kazakhstan, India, Thailand and Malaysia, the four sources said.

China is currently confronting growing international criticism over its treatment of Uighurs in Xinjiang , as the members from the group have been subject to mass confinements in what China calls  “vocational training”  centres as well as 'widespread state surveillance'.

The nation has more than once denied association in any cyber-attacks or any abuse of the Uighur people, whose religious and cultural rights Beijing says are completely ensured, and the Chinese Foreign Ministry said any hacking charges should be upheld by legitimate proof.

“We would again like to stress that China is a resolute safeguarder of internet security. We consistently and resolutely oppose and crack down on any forms of internet attacks,” a ministry statement said.

While government authorities in India and Thailand declined to remark in regards to the specific telecoms operators that were undermined, officials in Malaysia, Kazakhstan and Turkey refused to promptly react to the requests for comments.

Can we control our internet profile?

"In the future, everyone will be anonymous for 15 minutes." So said the artist Banksy, but following the rush to put everything online, from relationship status to holiday destinations, is it really possible to be anonymous - even briefly - in the internet age?

That saying, a twist on Andy Warhol's famous "15 minutes of fame" line, has been interpreted to mean many things by fans and critics alike. But it highlights the real difficulty of keeping anything private in the 21st Century.

"Today, we have more digital devices than ever before and they have more sensors that capture more data about us," says Prof Viktor Mayer-Schoenberger of the Oxford Internet Institute.

And it matters. According to a survey from the recruitment firm Careerbuilder, in the US last year 70% of companies used social media to screen job candidates, and 48% checked the social media activity of current staff.

Also, financial institutions can check social media profiles when deciding whether to hand out loans.

Is it really possible to be anonymous in the internet age?

Meanwhile, companies create models of buying habits, political views and even use artificial intelligence to gauge future habits based on social media profiles.

One way to try to take control is to delete social media accounts, which some did after the Cambridge Analytica scandal, when 87 million people had their Facebook data secretly harvested for political advertising purposes.

- Netflix Cambridge Analytica film- Social media is 'like a crime scene'

- Facebook to pay $5bn to settle privacy concerns

- Is leaving Facebook the only way to protect your data? While deleting social media accounts may be the most obvious way to remove personal data, this will not have any impact on data held by other companies.

Fortunately, in some countries the law offers protection.

Google Is Supplying Private Data to Advertisers?




A big time accusation on Google is allegedly in the wind that it’s surreptitiously using secret web pages to give away data to advertisers.

Per sources and the evidence provided it’s being said that maybe Google is dealing in data without paying much attention to data protective measures.

The matter is under investigation and is a serious matter of research. Apparently the sensitive data includes race, political and health inclinations of its users.

Reportedly, the secret web pages were discovered by the chief policy officer of a web browser and they’d also found that Google had tagged them with identifying trackers.

Allegedly, using that very tracker, Google apparently feeds data to advertisers. This is possible an attempt at predicting browsing behavior.

According to sources, Google is doing all it can to cooperate with the investigations. The Google representative also said that they don’t transact with ad bidders without users’ consent.

Reportedly, Google has mentioned previously that it shall not “share encrypted cookie IDs in bid requests with buyers in its authorized buyers marketplace”.