Type what you’re looking for and press Enter.

Samsung and Apple cannot be trusted with security and privacy

According to an article on Computerworld Samsung have been spying on their users and selling their data. It appears that the money they make from selling their phones to people was not enough; they decided to make even more money by collecting as much data as possible from their users and selling or otherwise exploiting that data. Here’s from “Galaxy users, take note: Samsung’s probably selling your data” (Januari 22nd 2020):

Samsung, as XDA discovered, recently added a toggle into its Pay app’s settings called “Do not sell.” If you find it and activate it — and no, it isn’t activated by default — then and only then, your payment-related data “can be locked away from Samsung Pay partners.”

This switch’s addition seems to be tied to a new set of privacy regulations enacted by the state of California: the California Consumer Privacy Act, or CCPA, which went into effect at the start of this year — on the same day that Samsung’s privacy policy was updated.

Samsung says:

We may allow certain third parties (such as advertising partners) to collect your personal information. You have the right to opt out of this disclosure of your information.

It also warns California-dwellers that prior to the CCPA’s passage, it “may have” sold several specific categories of alarming-to-the-IT-department info, including:

Identifiers such as a unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; other forms of persistent or probabilistic identifiers), online identifier, and internet protocol address

Commercial information, including records of products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies

Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications, or advertisements

Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Yikes. And that’s barely scratching the surface. The company notes that it also may have “disclosed” even more personal info to “vendors” for “a business purpose” — everything from your name, address, and phone number to your signature, bank account number, credit card number, purchase history, browsing history, search history, geolocation data, and once again that lovely-sounding collection of “inferences drawn” from all that info.

A comment on website Tweakers.net (Dutch) goes into more details about what Samsung themselves claim that they are collecting from you. Basically you’re being tracked everywhere you go physically and digitally. Think about that the next time you decide to buy anything from Samsung.

Then there’s also Apple who have refused to encrypt their users’ data in the cloud after complaints from the FBI. Here’s from Reuters, “Exclusive: Apple dropped plan for encrypting backups after FBI complained – sources” (January 21st 2020):

SAN FRANCISCO (Reuters) – Apple Inc (AAPL.O) dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information.

Apple did in fact did turn over the shooter’s iCloud backups in the Pensacola case, and said it rejected the characterization that it “has not provided substantive assistance.”

Behind the scenes, Apple has provided the U.S. Federal Bureau of Investigation with more sweeping help, not related to any specific probe.

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters could not determine why exactly Apple dropped the plan.

“Legal killed it, for reasons you can imagine,” another former Apple employee said he was told, without any specific mention of why the plan was dropped or if the FBI was a factor in the decision.

That person told Reuters the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.

Apple’s iCloud, on the other hand, can be searched in secret. In the first half of last year, the period covered by Apple’s most recent semiannual transparency report on requests for data it receives from government agencies, U.S. authorities armed with regular court papers asked for and obtained full device backups or other iCloud content in 1,568 cases, covering about 6,000 accounts.

This isn’t any different from what’s happening in other countries, such as China, where laws exist that force companies to work with the government to hack other people (“national intelligence work”). Apple was one of the more prominent US companies to close their eyes for all the evil taking place in China so their above mentioned stance on encryption and helping criminal governments comes as no surprise.

Not encrypting users’ data and backups in the cloud is a serious security risk and vulnerability. Your device might be secured and encrypted, your communications might be encrypted, but if you allow backups to be made to the cloud where the data is not encrypted, all of the aforementioned security measures become useless. Apps such as WhatsApp claim to have end-to-end encryption, but not only is the database where messages are stored on your phone not encrypted, but that database gets backed up to the cloud where it is also not encrypted and can easily be accessed without you knowing about it. In contrast, Signal not only has end-to-end encryption but also encrypts the database on your phone including backups you make.

Speaking of WhatsApp, I mentioned how fucked it was a while back, but here’s from a recent article on Reuters, “U.N. says officials barred from using WhatsApp since June 2019 over security” (January 23rd 2020):

UNITED NATIONS (Reuters) – United Nations officials do not use WhatsApp to communicate because “it’s not supported as a secure mechanism,” a U.N. spokesman said on Thursday, after U.N. experts accused Saudi Arabia of using the online communications platform to hack the phone of Amazon chief executive and Washington Post owner Jeff Bezos.

When asked if U.N. Secretary-General Antonio Guterres had communicated with the Saudi crown prince or any other world leaders using WhatsApp, U.N. spokesman Farhan Haq said on Thursday: “The senior officials at the U.N. have been instructed not to use WhatsApp, it’s not supported as a secure mechanism.”

“So no, I do not believe the secretary-general uses it,” Haq said. He later added that the directive not to use WhatsApp was given to U.N. officials in June last year.

We need more alternatives to these companies that provide secure and reliable products that don’t track you and collect all your data. Two alternatives that I’m closely following right now are the Librem 5 phone and PinePhone. Take a look if these things are important to you.

Pingbacks

  1. Stop using your Facebook, Google and Apple accounts — Karel Donk (16/10/2020)

Comments

There’s one response. Follow any responses to this post through its comments RSS feed. You can leave a response, or trackback from your own site.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.