Search This Blog

Showing posts with label Privacy. Show all posts

Researcher Exposes Telegram's Location Bug, Company Say It's a Feature

An expert who observed that messaging platform Telegram's "People Nearby" feature revealed risk of accurate user location, is now informed that the feature is "working as expected." Users who use the "People Nearby" feature can view a list of other telegraph users within a short mile radius. Users can also find local group chats.  

Ahmad Hassan used a software that allowed him to fake the location of his Android phone, using it, he found locations of individuals from three different points. He used trilateration to pinpoint exact user location. Using this method, Ahmed could get accurate location of the users, including their home addresses, which is quite easy.  Hasan had found the issue hoping to get Bug Bounty as a reward, instead, he was told that the Telegram users share their locations intentionally i the "People Nearby" section. To determine the exact location of the users, one can expect sometimes to find it under certain conditions.  

But Hasan says that when a user allows "People Nearby" location, he is indirectly posting his residential address online. Many of the users are unaware of this information while they are using the feature. He also believes a widespread problem exists where hackers or users with malicious intent can use fake locations to join local group chats, and attack users with spams or phishing attacks using malicious links. It includes fraud links and fake Bitcoin investments, which is a proof to the poor app security.  Telegram claims that their platform is "more secure than mass market messengers like WhatsApp and Line." 

However, Telegram fails to mention the risks that can arise from malicious users. Others apps in recent times have also experienced the location issue.  The Register reports, "obtaining the location of nearby users is not an issue exclusive to digital devices. A stranger may follow someone home, for example. It is also not so long ago that a huge printed directory of local names, addresses, and telephone numbers used to be delivered to almost every home in many countries – and in the UK BT's online Phone Book service still offers a person search, including address details for those who have not opted out."

Russian experts give tips on how to prevent personal data leakage

In Russia, the number of cyber attacks increased by almost a quarter in the first quarter of 2020, said Anton Kukanov, head of the Russian Quality System (Roskachestvo) for Digital Expertise, citing Positive Technologies data.

The expert also clarified that about 13% of fraudulent links were related to the topic of the coronavirus pandemic. He drew attention to the fact that almost half of all stolen information in the first quarter of 2020 were usernames and passwords.

According to Anton Kukanov, the main purpose of scammers is not the personal data of users, but payment information.

"They use phishing campaigns, social engineering techniques, and a wide range of malicious programs for this purpose, such as keyloggers that record and transmit passwords, remote access programs that allow a hacker to control the device," said Mr. Kukanov.

The expert advises not to click on suspicious links and not to use sites with illegal content in order to prevent fraudsters from stealing logins and passwords. In particular, resources with free movies, including new products, or games that users love so much, can actually be "monetized" by viral software.

"It is also not recommended downloading applications on third-party sites. You need to do it exclusively in official stores, otherwise, you can quickly "catch" the virus. However, there is a risk of "infecting" the gadget through the official store, although less", noted Anton Kukanov.

Moreover, a specialist from Roskachestvo advises looking at the rating of the application before installing it and read reviews without fail in order not to download an application with a virus.

He also recommended paying attention to the permissions that are requested by installed applications. For security reasons, according to Kukanov, it is better to reject those that contradict the meaning of the application.

Learn how to Hide your WhatsApp Profile Picture and Why ?

 

The latest statistics of the messaging app usage have shown that WhatsApp has 2.0 billion users worldwide, which doesn't come as a surprise given the tremendous popularity and wide-acceptance of the messaging platform. 

Moreover, it is interesting to note that now businesses around the world have also integrated WhatsApp communication for purely work-related purposes, wherein people connect with one another because they are working in the same organization. 

However, it doesn’t necessarily mean that they can trust every person in their organization or that they do. Sometimes what happens is that one never wishes to show his or her display picture to the people whom they rarely know but are required to communicate with them through WhatsApp because of their professional work. 

Now, everyone doesn’t know how to hide their profile picture from unknown users, hence everyone who has their number or with whom they had a little dialogue on WhatsApp is able to see their profile picture and can also potentially take a screenshot of the same. Have you been in one such situation? If yes, we are here to educate you regarding the same. Do you know WhatsApp provides its users with very neat privacy features which allow us to save our privacy from non-friendly contacts, while letting your friends see your profile picture, at the same time? 

How to do it? 


To access the privacy features of WhatsApp in its entirety, follow the steps given below. 

First Open WhatsApp and go to ‘Settings’. 

Now click on ‘Account’ and then click on ‘Privacy’. 

Then, tap on Profile Photo.  

Now you must be able to see that the default setting here allows 3 options to choose first, “Everyone”, second, “My Contact’’ and third, “No One’’. 

So now what you have to do just select the second option “My Contact’’, this privacy feature will only allow your saved contact number to see your profile picture, while others will be seeing a grey avatar on your profile, instead of the picture you had put on display. And, if you wish to not reveal your profile picture to anyone then you can select the third option “Nobody”. This will hide your picture from everyone on the messaging app. 

To your dismay, unfortunately, currently, there is no option that will allow you to hide your profile picture from a particular bunch of users like it does for story privacy settings.

Virtual Website Neopets Exposes Sensitive Data

Neopets is an online platform where kids can take care of "virtual pets." The website has revealed many sensitive user data online, including login credentials used for gaining access to company databases, email ids of employees, and repositories that contain proprietary code for the website. 

The exposed data comprises the IP address of Neopets users, data that can be used by hackers to target Neopets visitors. John Jackson, an independent cybersecurity researcher, found the issue while he was searching Neopet's website with his security software. The Security Ledger reports, "this is the second serious security incident involving the Neopets site. In 2016, the company acknowledged a breach that spilled usernames, passwords, IP addresses, and other personal information for some 27 million users. That breach may have occurred as early as 2013." 

Neopet, an online pet platform, was launched in the year 1999. It allows users, mostly kids, and children to take care of virtual pets/animals and buy virtual accessories for these pets using the "Neopoint" or "Neocash," virtual points earned in-game. Users can buy Neocash with real money or with the help of the awards. Viacom purchased Neopets for $160 million in 2005, but in 2017 it was purchased by NetDragon, a Chinese company. 

"The issue appears to be related to a misconfigured Apache web server, Jackson said. Though many web-based applications are hosted on infrastructure owned by cloud providers such as Amazon, Google, or Microsoft's Azure, leaked documents indicate that the 20-year-old Neopets website continues to operate from the infrastructure it owns and operates," reports The Security Ledger. 

Hacked accounts on sellout 

According to researcher Jackson, he found that Neopets accounts were "on-sale" on a website. It led him to scan Neopet's website using a security tool, which reported Neopets' subdomain exposed the website data. Upon research, Jackson found the employees' database, emails, login credentials, and complete code-base. The screenshots of the Neopets repository shared by Jackson show that the credentials were either embedded in the website's underlying code or "hard-coded." With the help of cybersecurity expert Nick Sahler, Jackson downloaded Neopet's full code-base, it revealed a database, private code repositories, user IP addresses, and employee emails.

UK Finance Body: Beware of Parcel Delivery Scam, Especially During Christmas Season

 


After months of lockdown, this Christmas season has become even more special to people but fraudsters are also beginning to capitalize on the much-delayed excitement of the users. The banking trade body UK Finance has warned the public against parcel delivery scams getting popular during the Christmas shopping season. 

The banking trade body said that this Christmas, more people across the nation are expected to shop online than ever before and there are high chances that con men will take advantage of this.
 
According to Intelligences from UK Finance Trade body, malicious actors’ are sending purportedly phishing emails from genuine delivery companies, claiming that companies have been unable to deliver parcels, large letters or packages and later requesting recipients to send their personal and financial information such as their date of birth, address, bank details, and mobile numbers along with a fee in order to rearrange the delivery. 

It also has been observed that in certain cases, bank customers are also receiving a phone call from the fraudsters as their bank’s fraud team, suggesting them to move their money to a safe account or reveal their passcodes. 

Katy Worobec, managing director of economic crime at UK Finance said, "We are urging people not to give gift to fraudsters this Christmas and to follow the advice of the Take Five to Stop Fraud campaign. Criminals will stop at nothing to commit fraud and that includes exploiting the festive season to target their victims". 

Steps to Prevent Fraud Campaign:

• According to intelligence, people must be vigilant against phishing emails with fake links which can lead people to fake platforms and will ask them to fill in important data, particularly personal and financial. It can be seen that these emails may appear more genuine and trusted but be aware of any fraud scam like this which can cost you more than you expect. 

• People are advised to check their delivery notification attentively to ensure that they are genuine. Criminals are employing the same pattern as genuine companies use for their customers. 

• Customers should always remember that they are about to claim and hence, they should ask questions to the authorities or companies before sending information and money. 

• If one feels that the company is not genuine then he is advised to contact the company directly before sending any form of information. 

• Last and also the most important step to take is to report and register a complaint on a genuine platform if you are being attacked by any fraud or scam.

South Korea Fines Facebook For Sharing Data Without User Consent


South Korea fines social networking giant Facebook for 6.7 billion Won (around $6 million) for sharing user data without their consent. According to PIPC (Personal Information Protection Commission), Facebook has a total userbase of around 18 million users in South Korea. It says FB shared user data of 3.3 million users to third-party companies without user consent. The incident happened from May 2012 to June 2018. Also, PIPC says that it will charge a criminal complaint against the company for violating "personal information laws." 

The shared information includes user names, academic background, work profile, relationship status, and home addresses. The users logged into other third-party apps using their FB credentials but without giving any permission to access personal information. Nonetheless, FB shared its data with the third-party apps the users were using. 

The issue came to notice when a FB user shared their data with a service while logging in with the FB account, but the user's friends didn't, however, unaware that their FB data was also shared. Following the incident, these third-party apps used Facebook's provided information to show customized ads on social media users' profiles. 

According to PIPC, with no user permission, Facebook provided user data to third-party companies and made monetary profits. PIPC also charges FB to store login credentials (with no encryption) without user knowledge and not notify the users while accessing their data. Besides this, it claims that Facebook presented fake and incomplete documents while the legal investigation was ongoing, instead of providing the real documents. 

It affected the inquiry's credibility and caused difficulties in assessing FB's clear violations of rules and laws. For this misdoing, FB was charged for an extra 66 million won. 

The company Facebook, however, claims that it provided full cooperation during PIPC's investigation. FB find PIPC's complaint regrettable; however, it will respond after the commission takes its final decision. 

"The investigation against the US tech giant started in 2018 by the Korea Communication Commission, the country's telecommunication regulator, in the wake of the Cambridge Analytica scandal. The regulator handed the case to PIPC," reports ZDNet.

White House Declares Guidelines to U.S Federal Agencies for AI Applications

The U.S White House has issued guidelines to the U.S federal agencies regarding the AI (Artificial Intelligence) applications produced in the U.S. According to the Director of the Office of Management and Budget (OMB), the notice inspects policies that will overlook a limit allowed by legislation, non-regulatory and regulatory plans to AI apps made and used outside the U.S federal agencies. These OMB guidelines appear after almost two years when the former U.S President Donald Trump signed an executive order for fast-track expansion of Artificial Intelligence in the United States. 

When signing the executive order, President Trump emphasized that it would overlook the launch and ensure that the U.S resources are spent in developing the AI locally. As per the guidelines, the aim is to assure that organizations won't bring out rules or regulations that may restrict AI's growth and innovation. The guidelines also ask agencies to point out challenging, difficult, or other state laws that may affect the launch of AI in the national market. OMB has issued ten principles that federal agencies can use while implementing AI applications. 

The principles were first brought out as a part of the draft memorandum during the start of 2020. The principles include creating a trust for AI among the people with ensuring the privacy and safety of AI users, promote public participation in the application of AI, provide scientific data and information to the public, assuring risk assessment measures accross various agencies, profit maximization while implementing the AI, aim for ways to AI that won't affect the innovation, technology must be safe and reliable, user transparency, promotion of a safe AI system that is secure and companies must share their experience with the AI. 

The White House memo says, "given that many AI applications do not necessarily raise novel issues, the following principles also reflect longstanding Federal regulatory principles and practices that are relevant to promoting the innovative use of AI. Promoting innovation and the growth of AI is a high priority of the U.S. government. Fostering AI innovation and growth through forbearing from new regulation may be appropriate in some cases."

Russian expert told how to figure out surveillance via a webcam

 It is becoming more and more difficult to find out whether you are being followed through a webcam. According to Arseny Shcheltsin, General Director of Digital Platforms, earlier it was used by a special indicator, which showed whether the camera is recording, but now it’s easy to bypass this device.

"The most characteristic signs of tracking are the “freezing” of the computer or phone only when there is an Internet connection, or immediately after switching on,” explained the specialist.

As Shcheltsin noted, the appearance of unknown programs on the device that significantly "slow down" its work should also be alerted. One of the most obvious confirmations that a person is being spied on through a webcam is its spontaneous activation, but today, as the expert clarified, the burning icon near the device's camera may not light up, while it will record what is happening around.

The expert noted that it is worth paying attention to where the potential use of the camera can harm its owner. For example, it is better not to use the phone where the person is not fully dressed — in the locker room, bathroom, etc.

It is also important to keep your computer's antivirus software up-to-date. They should be updated as a new version is released.

Previously, Mr. Shcheltsin reported that intelligence services of various countries are using backdoors to spy on people around the world through Smart TVs.

U.S Elections: Spammers Use Fake Voter Registration Forms To Steal User Data and Banking Credentials

 

As the U.S. presidential elections are approaching, the hacking and spamming attacks related to it are rising. In a similar incident, hackers use fake voter registration forms to steal data of the users who access the fake government sites. The voter registration links work as bait, and if the user clicks it, he is redirected to a fake government website. The hacker then steals personal user data, along with banking credentials sometimes. 

"Whatever the intent behind this particular phishing attack, it should serve as a reminder that human beings -- users, employees, citizens, and voters -- are "soft targets" for malicious actors. This is especially true in turbulent times such as the present -- when fear, confusion, and doubt are surging in the run-up to a historic election that happens to fall in the middle of a catastrophic pandemic," says KnowBe4. These phishing campaigns started in September and are still active. 

Cybersecurity firms KnowBe4 and Proofpoint identified the attacks; they say that these attacks are trying to undermine the U.S. government agency's credibility (U.S. Election Assistance Commission (EAC), which is responsible for generating the voter list. The phishing emails have a simple subject line, and it works because citizens feel that they might be left out from the voting list. The phishing campaign uses hacked WordPress websites to host fake websites operated for luring the users. The sites contain incorrect URLs, and if the user fails to notice it, his data can be susceptible to hackers. According to experts, the hackers use a simple template for phishing attacks, and the fake website looks exactly as same as the original government website. 

According to Proofpoint, these spammers have become more aggressive in their recent attacks. They have changed their strategies and now ask for user's data and along with his banking credentials. "Now, as the U.S. election draws closer, many individuals are confirming their voter registration status. Using messages that suggest voter registration is invalid drives user urgency and uncertainty in an election season. We observed the last news from this actor using voter registration themes sent on October 7, 2020. This suggests that the actor may have already shifted to another type of lure," says Proofpoint.

Spying Malware Attacks Activists and Civil Societies in Egypt


Spying malware "FinSpy" has come back again in Egypt. This time in new campaigns is attacking activists and protestor organizations. Cyber experts have found evidence that the malware is attacking Linus and macOS users. In earlier campaigns, the spyware used to attack Android, Windows, and iOS users. But now, according to researchers, these campaigns are using malware that attacks Linux and macOS systems. FinSpy is a spying malware used for monitoring and surveillance purposes. According to the findings by Amnesty International, the new malware variants can record target's calls, control audio, and video, monitor chats and steal personal data. Law enforcement agencies and government has been using this software since 2011. But in recent findings, the experts identified new variants of the spyware operating since October 2019. The sample "PDF" targets Linux, and the sample "Jabuka.app" targets macOS users; both the samples are FinSpy variants. Researchers announced the samples to the public last week.

According to Amnesty International, "In September 2019, Amnesty International discovered samples of FinFisher's spyware distributed by malicious infrastructure tied to the attacker group, commonly known as NilePhish. Likely to be state-sponsored, these attacks took place amid an unprecedented crackdown on independent civil society and critical voices. Over the years, numerous research reports, including Amnesty International, detailed NilePhish's campaigns of targeting Egyptian civil society organizations." 

About FinSpy 

Enforcement agencies and the government has been using FinSpy since 2011. But through the years, experts have noticed that the spyware has become more creative in its approaches. Amnesty International had published a report in 2019. It covered how phishing campaigns in Egypt were targeting Human Rights organizations, activists, civil societies, and protestor organizations. The campaign was operated by a hacking group called "NilePhish." 

Amnesty reports, "the attacks all bear the same hallmarks and appear to be part of a coordinated campaign to spy on, harass and intimidate their targets." Kaspersky, in 2019, reported that it had observed new variants of spying malware working in Myanmar. Experts say that the new malware variant has infected over a dozen of Android and iOS devices.

Facebook Bans Suspicious Russian Accounts, Says Russian Spy Intelligence Interfering With U.S Presidential Election


Social networking giant Facebook says it terminated three fake account networks that could have been working for Russian intelligence. The intelligence, according to FB, might be leaking suspicious documents before the U.S presidential elections. According to FB, the suspended accounts contained fake users and identities and were suspended for 'coordinated inauthentic behavior.' The company associated all these accounts to Russian intelligence and hackers linked to St. Petersburg organization based in Russia.

The U.S officials accuse the group of meddling with the 2016 U.S presidential elections and votes. As per now, the Russian authorities haven't responded to these allegations. Neither did the Russian foreign aid ministry when asked for the comment regarding the issue. Since the beginning of its rivalry with the U.S, it is common knowledge that Russia has always denied allegations of interference in the U.S. According to Russia, the country doesn't meddle with the domestic policies of the U.S, and it has nothing to do with the presidential elections.
There was no solid proof whether the fake accounts leaked the hacked documents, but suspending these accounts helped us prevent any future leak, says Nathaniel Gleicher, head of security, Facebook. "Our team watches for the threats and trends that we need to be ready for, and one that we are very aware of ... is a hack-and-leak operation, particularly in the next 6-8 weeks. We want to make sure that the accounts are down to prevent their ability to pivot them to facilitate a hack-and-leak around the U.S. election," told Nathaniel to Reuters. 

Reuters reports, "Facebook said the networks were small with only a handful of accounts on its website and photo-sharing service Instagram, some of which posed as independent media outlets and think tanks. The accounts had a combined total of around 97,000 followers. While some of the activity did target audiences in Britain and the United States, the networks were predominantly focused on countries in the Middle East and bordering Russia, such as Syria, Turkey, Ukraine, and Belarus, Facebook said."

Russia is planning to create a working group to protect the digital rights of citizens

The Presidential Council for the Development of Civil Society and Human Rights is planning to create a working group. Its specialists will protect the digital rights of Russians

In Russia, a group will be created whose task will be to protect the digital rights of citizens. This was announced by the head of the Presidential Council for the Development of Civil Society and Human Rights Valery Fadeev.

Members of the working group will try to understand how to minimize the damage from progress in the field of IT technologies, he explained.

According to him, the process of digitalization has not only a positive impact but also a negative one. "Digitalization cannot be stopped, progress, of course, cannot be stopped. As with any powerful technological or technical process, there are always various negative sides, negative aspects, and they accumulate, “ said Fadeev at the round table "Digital threats to human rights".

Negative examples include bullying on social networks and surveillance of people through city surveillance cameras.

"Today there was a message in the media that Anna Kuznetsova filed a lawsuit. The girl conducted an experiment – she bought online from someone for 16 thousand rubles ($213) information about where she was last month, providing her photo. Two days later, she received information from Moscow cameras,” said Mr. Fadeev.

Examples like these show that there is a security problem in the digitalization space. People are no longer protected and cybercriminals take advantage of this. Another problem is a fraud, which has begun to actively manifest itself on the network. Therefore, the main task of the working group is to understand how to minimize the damage from progress in the field of IT technologies.

American IT-businessman of Russian origin says Durov gave data of Telegram to Kremlin

The founder of Telegram Pavel Durov  gave the messenger with the data of all users to the Kremlin because the messenger became an unbearable financial burden, the costs of which exceeded $2-3 million a month, said an American IT businessman of Russian origin, the head of Pi5 Cloud Michael Talan.

"Telegram is a fully cloud-based solution that hosts its systems in three providers: Google, Amazon, and DigitalOcean. According to my calculations, for Pavel Durov, monthly payments on Telegram exceed $2-3 million. For him, this has become an expense that cannot be recouped. Previously, he paid with money from investors TON (Telegram Open Network),” said Talan.

He clarified that Durov had financial problems related to Telegram after the decision of the American Securities and Exchange Commission, which banned the Russian programmer from launching the TON commercial platform.

"I am 100% convinced of this. So if you are still using Telegram in Ukraine, I urge you: delete all correspondence from there and close your account, because now Telegram is a tool of the Kremlin," the American IT businessman addressed the Ukrainians.

It’s important to note that, in early August 2020, Pavel Durov reported that in two countries he was offered to sell part of Telegram, but he refused because the messenger is not sold "either partially or completely". "This will always be our position,” stressed Durov.

It should be noted that the social network VKontakte, created by Pavel Durov, has found a way to circumvent the ban on the use of the social network in Ukraine. The social network mobile application is now working on the territory of Ukraine. At the same time, in order to access the social network from a computer, residents of Ukraine still need to use another VPN.

Earlier, Ukrainian President Zelensky extended a decree banning Russian social networks.

TikTok Files Lawsuit Against the U.S. Government Over Ban of Its Application


Tiktok has confirmed that it is going to sue the U.S. government for banning the use of Tiktok application in the United States. However, the Lawsuit will not ensure the Chinese company's future in the U.S. market even if it wins. The company claims that it has been trying to agree with Donald Trump administration's concerns and has been trying to reach a consensus for one year. Instead of entering a general agreement, the U.S. government is not paying attention to this issue, says TikTok. According to the company, the administration is not willing to offer any opportunities to resolve the problems.


Reuter reports, "it was not immediately clear which court TikTok plans to file its lawsuit. The company had previously said it was exploring its legal options, and its employees were also preparing their own lawsuit. While TikTok is best known for its anodyne videos of people dancing and going viral among teenagers, U.S. officials have expressed concerns that information on users could be passed on to China's communist government."

Tiktok says that to safeguard fair treatment of its users' and justice, it has no other option than to challenge the Trump administration in the court. Earlier this month, Trump had banned financial dealings with Tiktok, owned by ByteDance and WeChat, owned by Tencent. According to him, these Chinese apps could be a threat to U.S. national security, economy, and trade affairs. According to the administration, TikTok stores a large amount of user data, including internet usage, browser history, network data, and location.

The Chinese Communist Party can exploit this data and use it for extortion purposes, blackmail, cyberattacks, and even espionage acts. "TikTok did not specify which court it planned to tap for its lawsuit, but this move would not stop the company from being compelled to relinquish its U.S. operations, which was laid out under Trump's second executive order issued on August 14 and was not subject to judicial review," reports ZDNet. In response, TikTok says that it modified its user policies to deal with the issue, bringing new measures to prevent misinformation and ensure user privacy.

Here's how to Ensure Data Security Using FShred App


Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on their Android, it doesn't get deleted in an irrecoverable manner and can be recovered in a number of ways using recovery tools. Although regaining access to a deleted file might be rewarding in many scenarios, the rest of the time users would prefer a once and for all deletion of the same to ensure data safety.

In the sphere of Data security, continually rising unwanted activities of unauthorized users call for the creation of something that can protect users against data breaches and cyberattacks destroying their sensitive data. Users need their data to be erased in a manner that no recovery tool can undo it.

How can it be done?

When users have no intention to retrieve their deleted data by any means, data eraser apps come into play. These apps help users delete their sensitive data in ways that make it irrevocable from their Android devices. It proves to be of significant service when users plan to sell their smartphone or just share it with someone as it could mean a serious threat to their important data.

FShred is a user-friendly app that makes use of data sanitization methods that overwrite data on both, internal and external storage of Android phone to permanently delete the deleted files from the internal storage, it does so by overwriting all available space with random data. What does that mean? It's a process that replaces all the deleted files (Photos, videos, etc) with purposeless bytes sent by a random generator; by overwriting the occupied space, it effectively ensures the deletion of that data beyond recovery.

Developed by Emile Gee, FShred is one amazing tool that would allow you easily wipe all your sensitive data using advanced shredder algorithms, it shreds your data and recovers valuable storage space on your Android device.

The app has undergone various tests with file recovery tools such as GT File Recovery and none of the applications were successful in recovering the deleted data. Additionally, the app contains no in-app purchases or advertisements and is completely free and handy for users.

For Privacy and Safety, Disable these features from your Google Assistance


It's difficult to imagine life without Google and every day the search engine gets more involved and intricate in our lives. One of its features - the Google Assistant is used quite extensively by masses to make their life easier and tasks swifter.

Google Assistant is an Artificial Intelligence virtual assistant developed by Google that can be availed from your smartphone and smart devices. A very efficient digital assistant that can hold two-way conversations, as Google says, "Meet your Google Assistant. Ask it questions. Tell them to do things. It's your own personal Google, always ready to help whenever you need it." 

 "Meet your Google Assistant. Ask it questions. Tell them to do things. It's your own personal Google, always ready to help whenever you need it." 

But since it is connected with almost all of your smart devices and able to listen and record you always, it's imperative to be concerned over privacy and thus there are few tips that you should consider to make your Google assistant more safe and private-
  
Change Voice Recording Settings

 Only recently Google updated their voice recording privacy settings and you can now opt-in or opt-out for the voice recording to be saved and shared with their human analyzers. So, definitely check out these settings in the Your Data in the Assistant then Audio Recordings and set them as you like but the recordings saved previously should also be looked into- you can choose to delete them manually or set how long can Google keep them.

 Turn off Continued Conversation

 Under the Continued Conversation feature your Google Assistant can listen for another follow up question without you saying 'Hey, Google'. Though the feature can be useful it can allow your device to listen in when you're not interacting with the assistant and simply asking a question to someone else. 

 May want to keep the camera disable when not in use

If you're using a Google-enabled smart display it's best to keep the camera disabled when not in use. It might become tedious to switch it on and off every time you make a video call but it's better than to keep it on always. 

 Google Activity Controls 

Google Assistant gathers up information from other apps you use from the Google account for better performance. If you like you can control the amount and type of information that your Google Assistance can access for privacy concerns. You can also opt for auto-delete and intervals for which data can be kept.

Facebook is testing Instagrams' new messaging app, Threads with Automated Data Sharing


Facebook's team is working on a companion app for Instagram, called "Threads", which will automatically share your location, battery, a movement to a close group of friends.


It is much like a messenger application and the company plans to rival snapchat, an app that also caters to close friends and sharing updates. Though Snapchat has been standing as a good alternative for Facebook and Instagram with much more engagement with young people, Threads could be a game-changer.

The Instagram team was itself working on Direct, a messaging app since 2017 but they closed the project in May. But after the acquisition by Facebook, the team was transferred to the Facebook Messenger team and Threads could be the prized outcome.

 The Verge reported, "Threads will regularly update your status, giving your friends a real-time view of information about your location, speed, and more. At the moment, Threads does not display your real-time location — instead, it might say something like a friend is 'on the move'." 

Though the core of the messaging app will be that "messaging", where friends can text, and even see status updates made on Instagram and can manually update the status on Threads but it does not dispute the privacy concerns over the automated data sharing. 

Concerns over privacy and data 

Facebook is testing Automated data sharing on Instagrams' companion app Threads and if successful we could see it applied to other Facebook apps too. Privacy, of course, is a big concern with automatic updates and does need to be concerned over but what's more interesting is how Facebook could use this data. After Mark Zuckerberg's pivot over privacy and data, Facebook has become more private and a loss but with this new automated data sharing, users can become layman and habitual of sharing their updates.

“You change your behavior if you’re constantly being looked at,” said Siân Brooke, a researcher at Oxford Internet Institute "If you know people see where you are, what you’re consuming, you’ll change what you’re doing, change what is normal in a group.”

And thus the data mining cycle will resume where data could be tracked by the app and sold.

A City In Colorado Attacked, Forced to Pay $45,000 Ransom


Lafayette city from Colorado had to pay a ransom amount worth $45,000 for decryption of files that were encrypted in July, as the City was unable to restore the data from the backup. The town was attacked on 27th July, and the ransomware cyberattack affected people's smartphones, emails, and payment services. During the attack, the City didn't offer any explanation about what caused the problems. It asked its people to call 911 or emergency services if they were facing trouble with the outage. After a few days of the incident, Lafayette informed the citizens that the town had suffered a cyberattack. All the systems were encrypted by the hackers, which caused the outage problem.


The City managed to recover the lost financial data, but it had to pay a ransom of $45,000 to hackers (anonymous) for retrieving data. The recipient of the payment, an unknown identity, has offered a decryption software in return for the refund. The town on its official website says, "system servers and computers are currently being cared for and rebuilt. Once complete, data will be restored to the system, and operations will resume. No permanent damage to hardware has been identified. While core City operations continue, online payment systems have not resumed. At this time, the City is unable to estimate a timeline that all systems will be back up and running."

The city Mayor Harkens decided not to reveal the attacker's identity to the people as it might compromise their negotiation terms. As per the reports, neither user data nor the credit card credentials was stolen. The mayor has advised townpeople to stay wary of any suspicious activity in their accounts.

The Lafayette town must be lucky as the hackers demanded a minimal amount of ransom in return. According to experts, in cases like these, the ransom demand can go from a hundred thousand to millions of dollars. "System servers and computers are currently being cleaned and rebuilt. Once complete, data will be restored to the system, and operations will resume. No permanent damage to hardware has been identified," says the town's website.

The Russian Federation leads in the number of users monitored via smartphones


In the first six months of 2020, the number of gadgets with Stalker software in Russia increased by 28% compared to the same period in 2019.

"This probably happened because as a result of self-isolation, many people began to spend much more time at home,” said Viktor Chebyshev, an expert on mobile threats at Kaspersky Lab.

He explained that such programs are often installed to spy on their loved ones, allowing them to access the contents of a mobile device, as well as to spy on a person through a smartphone camera in real-time. They are often used by initiators of domestic violence. All Stalker software is not free.

"There have always been jealous spouses and those who just want to look into someone else's life, and the development of IT has given such people additional opportunities," said Andrey Arsentiev, head of Analytics and special projects at InfoWatch Group.

According to Kaspersky Lab, the number of users on whose mobile devices Stalkerware is installed is increasing not only in Russia. In Europe, such programs are most often found in German, Italian and British users.

It is interesting to note that the anti-stalker software coalition was formed in November 2019. It was named Coalition Against Stalkerware. In addition to Kaspersky Lab, it includes 20 organizations. One part of them works in the field of information security, the other helps victims of domestic violence. The coalition is working to raise awareness among people about the threat of stalker software, as well as to counter the crimes that are committed using such programs. 

An IT expert at the Russian State Duma Explains Data Risks of Using VPN


"To prevent hackers from getting personal data of users, users don't need to use a VPN connection in their daily life", said Yevgeny Lifshits, a member of the expert council of the State Duma Committee on Information Policy, Information Technology and Communications.

He explained that a VPN is a virtual network that is supposed to protect the user's personal data from hackers. It is assumed that using this network allows users to maintain network privacy. However, according to the expert, VPN services carry more danger than protection.According to Lifshits, such services are not needed in everyday life.

"Sometimes VPN services are necessary for work to transfer commercial data. In everyday life, they have no value."

According to the expert, if a person does not commit crimes that he wants to hide with a VPN, then he does not need to protect himself.  Otherwise, passwords may end up in the hands of hackers.

"A user installing a VPN believes that he has secured himself, but the service provider may allow a data leak,” said Lifshitz. 

According to him, if the VPN service is unreliable, hackers can get passwords and other personal data of the user. The expert noted that now there are thousands of companies offering a secure connection and an ordinary person can make a mistake with the choice of a reliable one.

Earlier it was reported that the personal data of 20 million users of free VPN services were publicly available on the Internet. Experts found on the open server email addresses, smartphone model data, passwords, IP addresses, home addresses, device IDs, and other information with a total volume of 1.2 terabytes. It is noted that the leak occurred from networks such as UFO VPN, Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN. Some of them have millions of downloads from Google Play and the App Store and high ratings.