Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Privacy. Show all posts
Privacy
consumer rights Data Sharing General Motors Insurance Company Privacy

General Motors Under Fire for Secretly Spying on Drivers

 

In a developing story that has captured public attention, General Motors (GM) finds itself embroiled in controversy amidst accusations of clandestine surveillance and unauthorised data sharing with insurance companies. The unfolding narrative, spearheaded by investigative journalist Kashmir Hill of The New York Times, sheds light on a concerning pattern of behaviour within the automotive giant, raising significant questions about privacy and consumer rights.

What Are The Practices?

Hill's extensive investigation unveils a troubling narrative surrounding GM's alleged surreptitious enrollment of customers into its Smart Driver program. Despite the absence of explicit consent or enrollment in OnStar services, Hill and her husband were taken aback to discover that their driving data had been discreetly shared with insurers via third-party data brokers.

Lack of Transparency

Central to the controversy are instances implicating GM dealerships in the alleged scheme, with allegations suggesting customers were unwittingly enrolled in data-sharing initiatives during vehicle purchases. The pressure purportedly exerted on dealerships by GM to achieve high enrollment rates in connected services adds a layer of complexity to the narrative.

Legal and Ethical Implications

The emergence of federal lawsuits against GM underscores the legal and ethical consequences of its data collection practices. Amidst accusations of non-disclosure and lack of transparency, concerns have been raised about the company's adherence to regulatory standards and commitments to consumer privacy.

Corporate Response and Accountability

In response to mounting scrutiny, GM has announced the discontinuation of its Smart Driver program and pledged to unenroll all affected customers. Additionally, the cessation of data sharing with third-party brokers signals a proactive effort to address concerns and restore trust among consumers.

Calls for Reform and Regulatory Oversight

The controversy surrounding GM's data collection practices serves as a catalyst for broader discussions on consumer privacy rights and corporate accountability. Industry experts and consumer advocacy groups have called for strengthened regulatory oversight and transparency measures to safeguard against similar instances of covert data collection in the future.

As the narrative continues to unfold, the General Motors saga stresses the inherent tensions between technological innovation, consumer privacy, and corporate responsibility. The fallout from these revelations serves as a telling reminder of the critical importance of transparency, accountability, and ethical conduct in the digital age.


Read more »
Social Media
2FA data security Discord Privacy Social Media

Discord Users' Privacy at Risk as Billions of Messages Sold Online

 

In a concerning breach of privacy, an internet-scraping company, Spy.pet, has been exposed for selling private data from millions of Discord users on a clear web website. The company has been gathering data from Discord since November 2023, with reports indicating the sale of four billion public Discord messages from over 14,000 servers, housing a staggering 627,914,396 users.

How Does This Breach Work?

The term "scraped messages" refers to the method of extracting information from a platform, such as Discord, through automated tools that exploit vulnerabilities in bots or unofficial applications. This breach potentially exposes private chats, server discussions, and direct messages, highlighting a major security flaw in Discord's interaction with third-party services.

Potential Risks Involved

Security experts warn that the leaked data could contain personal information, private media files, financial details, and even sensitive company information. Usernames, real names, and connected accounts may be compromised, posing a risk of identity theft or financial fraud. Moreover, if Discord is used for business communication, the exposure of company secrets could have serious implications.

Operations of Spy.pet

Spy.pet operates as a chat-harvesting platform, collecting user data such as aliases, pronouns, connected accounts, and public messages. To access profiles and archives of conversations, users must purchase credits, priced at $0.01 each with a minimum of 500 credits. Notably, the platform only accepts cryptocurrency payments, excluding Coinbase due to a ban. Despite facing a DDoS attack in February 2024, Spy.pet claims minimal damage.

How To Protect Yourself?

Discord is actively investigating Spy.pet and is committed to safeguarding users' privacy. In the meantime, users are advised to review their Discord privacy settings, change passwords, enable two-factor authentication, and refrain from sharing sensitive information in chats. Any suspected account compromises should be reported to Discord immediately.

What Are The Implications?

Many Discord users may not realise the permanence of their messages, assuming them to be ephemeral in the fast-paced environment of public servers. However, Spy.pet's data compilation service raises concerns about the privacy and security of users' conversations. While private messages are currently presumed secure, the sale of billions of public messages underscores the importance of heightened awareness while engaging in online communication.

The discovery of Spy.pet's actions is a clear signal of how vulnerable online platforms can be and underscores the critical need for strong privacy safeguards. It's crucial for Discord users to stay alert and take active measures to safeguard their personal data in response to this breach. As inquiries progress, the wider impact of this privacy violation on internet security and data protection is a substantial concern that cannot be overlooked.


Read more »
Privacy
CFPB Regulations Data Brokers Micro-Targeting National Security Privacy

National Security at Risk: The CFPB’s Battle Against Data Brokers

The CFPB’s Battle Against Data Brokers

Data brokers work in secrecy, collecting personal details about our lives. These entities collect, and misuse our personal information without our explicit consent. 

The Rise of Data Brokers

The Consumer Financial Protection Bureau (CFPB) has taken notice, and their proposed regulations seek to hold data brokers accountable by subjecting them to the Fair Credit Reporting Act (FCRA). This move transcends mere privacy concerns—it is a matter of national security.

For instance, data brokers can facilitate targeting individuals by allowing entities to purchase lists that match multiple categories, such as “Intelligence and Counterterrorism” combined with descriptors like “substance abuse,” “heavy drinker,” or even “behind on bills.” 

In other contexts, entities can buy records for pennies per person, leveraging relatively small investments into mass data collection. The concern is that adversaries, including countries like China, can use this data to identify targets for surveillance and other purposes. The government is increasingly worried about foreign governments’ access to Americans’ data.

The CFPB’s Call to Action

The Consumer Financial Protection Bureau intends to propose new regulations that will compel data brokers to follow the Fair Credit Reporting Act. Earlier this month, CFPB Director Rohit Chopra stated that the agency is looking into rules to "ensure greater accountability" for companies that buy and sell consumer data, in line with an executive order signed by President Joe Biden in late February.

Chopra added that the agency is examining suggestions that would classify data brokers who sell specific categories of data as "consumer reporting agencies," requiring them to comply with the Fair Credit Reporting Act (FCRA). The statute prohibits the sharing of certain types of data with companies unless they have a legally defined purpose.

The CFBP considers the purchase and sale of consumer data to be a national security issue rather than a privacy concern. Chopra cited three large data breaches—the 2015 Anthem leak, the 2017 Equifax hack, and the 2018 Marriott breach—as instances of foreign enemies illegally collecting Americans' personal information.  

The National Security Angle

He said, "When Americans' health information, financial information, and even their travel whereabouts can be assembled into detailed dossiers, it's no surprise that this raises risks when it comes to safety and security,". However, the attention on high-profile intrusions hides a more widespread, entirely legal phenomenon: data brokers' capacity to sell precise personal information to anyone willing to pay for it. 

The government is increasingly concerned about foreign governments gaining access to Americans' data. In March, the House passed legislation that would bar data brokers from selling Americans' personally identifiable information to "any entity controlled by a foreign adversary." 

Why Data Brokers Matter

According to the Protecting Americans' Data from Foreign Adversaries Act, data brokers would be facing fines from the Federal Trade Commission if they sold sensitive information — such as location or health data — to any person or business situated in a few countries. The Senate has yet to vote on the legislation.

US government agencies also depend on data brokers to keep surveillance on Americans. In 2022, the American Civil Liberties Union released a series of files exposing how the DHS (Department of Homeland Security) exploited location data to track the movement of millions of cell phones — and the users who own them — across the United States.

Read more »
Privacy
Data Collection Siri Data Transparency iPhone Privacy

Privacy is ‘Virtually Impossible’ on iPhones, Experts Warn

Privacy is ‘Virtually Impossible’ on iPhones, Experts Warn

Keeping your data hidden from Apple is ‘virtually impossible’, experts have warned. A groundbreaking study reveals that the default apps on iPhones, iPads, and MacBooks collect personal data even when they appear to be disabled. In a world where privacy concerns are paramount, this revelation raises significant questions about Apple’s commitment to safeguarding user information.

The Invisible Data Collection

The study, conducted by researchers from Aalto University in Finland, focused on Apple’s integral apps: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My, and Touch ID. These apps are deeply embedded in the Apple ecosystem, making them challenging to remove. The researchers discovered that users often remain unaware of the data collection happening behind the scenes.

For instance, consider Siri—the friendly virtual assistant. When users enable Siri, they assume it only relates to voice control. However, Siri continues to collect data from other apps, regardless of the user’s choice. Unless users delve into the settings and specifically change this behaviour, their data remains vulnerable.

The Complexity of Protecting Privacy

Protecting your privacy on an Apple device requires expert knowledge and persistence. The online instructions provided by Apple are not only confusing but fail to list all necessary steps. Participants in the study attempted to change their settings, but none succeeded in fully protecting their privacy. The process was time-consuming, and the scattered instructions left users puzzled.

Amel Bourdoucen, a doctoral researcher at Aalto, highlights the complexity: “The online instructions for restricting data access are very complex and confusing, and the steps required are scattered in different places. There’s no clear direction on whether to go to the app settings, the central settings—or even both.”

The Uncertain Fate of Collected Data

While the study sheds light on the data collection process, the exact purpose of this information remains uncertain. Apple’s use of the collected data is not explicitly disclosed. However, experts predict that it primarily contributes to training Siri’s artificial intelligence and providing personalized experiences.

Recommendations for the Future

The study, to be presented at the prestigious CHI conference, offers several recommendations for improving guidelines:

Clearer Instructions: Apple should provide straightforward instructions for users to protect their privacy effectively. Clarity is essential to empower users to make informed decisions.

Comprehensive Settings: Consolidate privacy-related settings in one place. Users should not have to navigate a maze of menus to safeguard their data.

Transparency: Apple should be transparent about how collected data is used. Users deserve to know the purpose behind data collection.

In a world where privacy is a fundamental right, Apple’s slogan—“Privacy. That’s Apple.”—must translate into actionable steps. As users, we deserve control over our data, even in the face of seemingly insurmountable challenges.

Read more »
USA
Data Privacy Federal Agencies Privacy surveillance Technology Threats USA

Controversial Reverse Searches Spark Legal Debate


In a growing trend, U.S. police departments and federal agencies are employing controversial surveillance tactics known as reverse searches. These methods involve compelling big tech companies like Google to surrender extensive user data with the aim of identifying criminal suspects. 

How Reverse Searches Operate 

Under Reverse Searches Enforce Agencies order digital giant companies such as Google to give them vast reservoirs of user data. Under this law, these agencies have the power to demand information related to specific events or queries which include: 

  • Location Data: Requesting data on individuals present in a particular place at a specific time based on their phone's location. 
  • Keyword Searches: Seeking information about individuals who have searched for specific keywords or queries. 
  • YouTube Video Views: A recent court order disclosed that authorities could access identifiable information on individuals who watched particular YouTube videos. 

In the past, when law enforcement needed information for an investigation, they would usually target specific people they suspected were involved in a crime. But now, because big tech companies like Google have so much data about people's activities online, authorities are taking a different approach. Instead of just focusing on individuals, they are asking for massive amounts of data from these tech companies. This includes information on both people who might be relevant to the investigation and those who are not. They hope that by casting a wider net, they will find more clues to help solve cases. 

Following the news, critics argue that these court-approved orders are overly broad and potentially unconstitutional. They raise concerns that such orders could force companies to disclose information about innocent people unrelated to the alleged crime. There are fears that this could lead to prosecutions based on individuals' online activities or locations. 

Also, last year an application filed in a Kentucky federal court disclosed that federal agencies wanted Google to “provide records and information associated with Google accounts or IP addresses accessing YouTube videos for a one-week period, between January 1, 2023, and January 8, 2023.” 

However, it did not end here, the constitutionality of these orders remains uncertain, paving the way for a probable legal challenge before the U.S. Supreme Court. Despite the controversy, federal investigators continue to push the boundaries of this contentious practice.
Read more »
Safe Browsing
Google Incognito Lawsuit Privacy Safe Browsing

Google’s Incognito Mode: Privacy, Deception, and the Path Forward

Google’s Incognito Mode: Privacy, Deception, and the Path Forward

In a digital age where privacy concerns loom large, the recent legal settlement involving Google’s Incognito mode has captured attention worldwide. The tech giant, known for its dominance in search, advertising, and web services, has agreed to delete billions of records and make significant changes to its tracking practices. Let’s delve into the details and explore the implications of this landmark decision.

The Incognito Mode Controversy

Incognito mode promises users a private browsing experience. It suggests that their online activities won’t be tracked, cookies won’t be stored, and their digital footprints will vanish once they exit the browser. However, the reality has been far from this idealistic portrayal.

The Illusion of Privacy: Internal documents revealed that Google employees referred to Incognito mode as “effectively a lie” and “a confusing mess”. Users believed they were operating in a secure, private environment, but Google continued to collect data, even in this supposedly incognito state.

Data Collection Despite Settings: The class action lawsuit filed against Google in 2020 alleged that the company tracked users’ activity even when they explicitly set their browsers to private modes. This revelation shattered the illusion of privacy and raised serious questions about transparency.

The Settlement: What It Means

Google’s proposed legal settlement aims to address these concerns and bring about meaningful changes:

Data Deletion: Google will wipe out “hundreds of billions” of private browsing data records it had collected. This move is a step toward rectifying past privacy violations.

Blocking Third-Party Cookies: For the next five years, Google Chrome’s Incognito mode will automatically block third-party cookies by default. These cookies, often used for tracking, will no longer infiltrate users’ private sessions.

Global Impact: The settlement extends beyond U.S. borders. Google’s commitment to data deletion and cookie blocking applies worldwide. This global reach emphasizes the significance of the decision.

The Broader Implications

Transparency and Accountability: The settlement represents an “historic step” in holding tech giants accountable. Lawyer David Boies, who represented users in the lawsuit, rightly emphasized the need for honesty and transparency. Users deserve clarity about their privacy rights.

User Trust: Google’s actions will either restore or further erode user trust. By deleting records and blocking cookies, the company acknowledges its missteps. However, rebuilding trust requires consistent adherence to privacy commitments.

Ongoing Legal Battles: While this settlement is a milestone, Google still faces other privacy-related lawsuits. The outcome of these cases could result in substantial financial penalties. The tech industry is on notice: privacy violations won’t go unnoticed.

The Road Ahead

As users, we must remain vigilant. Privacy isn’t just a checkbox; it’s a fundamental right. Google’s actions should prompt us to reevaluate our digital habits, understand the trade-offs, and demand transparency from all tech companies.

In the end, the battle for privacy isn’t won with a single settlement. It’s an ongoing struggle—one that requires vigilance, legal scrutiny, and a commitment to safeguarding our digital lives. Let’s hope that this landmark decision serves as a catalyst for positive change across the tech landscape.

Read more »
User Data
AI Chatbots Google Google Gemini AI Privacy User Data

Google Messages' Gemini Update: What You Need To Know

 



Google's latest update to its Messages app, dubbed Gemini, has ignited discussions surrounding user privacy. Gemini introduces AI chatbots into the messaging ecosystem, but it also brings forth a critical warning regarding data security. Unlike conventional end-to-end encrypted messaging services, conversations within Gemini lack this crucial layer of protection, leaving them potentially vulnerable to access by Google and potential exposure of sensitive information.

This privacy gap has raised eyebrows among users, with some expressing concern over the implications of sharing personal data within Gemini chats. Others argue that this aligns with Google's data-driven business model, which leverages user data to enhance its AI models and services. However, the absence of end-to-end encryption means that users may inadvertently expose confidential information to third parties.

Google has been forthcoming about the security implications of Gemini, explicitly stating that chats within the feature are not end-to-end encrypted. Additionally, Google collects various data points from these conversations, including usage information, location data, and user feedback, to improve its products and services. Despite assurances of privacy protection measures, users are cautioned against sharing sensitive information through Gemini chats.

The crux of the issue lies in the disparity between users' perceptions of AI chatbots as private entities and the reality of these conversations being accessible to Google and potentially reviewed by human moderators for training purposes. Despite Google's reassurances, users are urged to exercise caution and refrain from sharing sensitive information through Gemini chats.

While Gemini's current availability is limited to adult beta testers, Google has hinted at its broader rollout in the near future, extending its reach beyond English-speaking users to include French-speaking individuals in Canada as well. This expansion signifies a pivotal moment in messaging technology, promising enhanced communication experiences for a wider audience. However, as users eagerly anticipate the platform's expansion, it becomes increasingly crucial for them to proactively manage their privacy settings. By taking the time to review and adjust their preferences, users can ensure a more secure messaging environment tailored to their individual needs and concerns. This proactive approach empowers users to navigate digital communication with confidence and peace of mind.

All in all, the introduction of Gemini in Google Messages underscores the importance of user privacy in the digital age. While technological advancements offer convenience, they also necessitate heightened awareness to safeguard personal information from potential breaches.




Read more »
Smart TV Security
Data collection Personalized Advertising Privacy privacy protection Smart TV Security

Protecting Your Privacy: How to Safeguard Your Smart TV Data


In an era of interconnected devices, our smart TVs have become more than just entertainment hubs. They’re now powerful data collectors, silently observing our viewing habits, preferences, and even conversations. While the convenience of voice control and personalized recommendations is appealing, it comes at a cost: your privacy.

The Silent Watcher: Automatic Content Recognition (ACR)

Automatic Content Recognition (ACR) is the invisible eye that tracks everything you watch on your smart TV. Whether it’s a gripping drama, a cooking show, or a late-night talk show, your TV is quietly analyzing it all. ACR identifies content from over-the-air broadcasts, streaming services, DVDs, Blu-ray discs, and internet sources. It’s like having a digital detective in your living room, noting every scene change and commercial break.

The Code of Commercials: Advertisement Identification (AdID)

Ever notice how ads seem eerily relevant to your interests? That’s because of Advertisement Identification (AdID). When you watch a TV commercial, it’s not just about the product being sold; it’s about the unique code embedded within it. AdID deciphers these codes, linking them to your viewing history. Suddenly, those shoe ads after binge-watching a fashion series make sense—they’re tailored to you.

The Profit in Your Privacy

Manufacturers and tech companies profit from your data. They analyze your habits, preferences, and even your emotional reactions to specific scenes. This information fuels targeted advertising, which generates revenue. While it’s not inherently evil, the lack of transparency can leave you feeling like a pawn in a digital chess game.

Taking Control: How to Limit Data Collection

Turn Off ACR: Visit your TV settings and disable ACR. By doing so, you prevent your TV from constantly analyzing what’s on your screen. Remember, convenience comes at a cost—weigh the benefits against your privacy.

AdID Management: Reset your AdID periodically. This wipes out ad-related data and restricts targeted ad tracking. Dig into your TV’s settings to find this option.

Voice Control vs. Privacy: Voice control is handy, but it also means your TV is always listening. If privacy matters more, disable voice services like Amazon Alexa, Google Assistant, or Apple Siri. Sacrifice voice commands for peace of mind.

Brand-Specific Steps

Different smart TV brands have varying privacy settings. Here’s a quick guide:

Amazon Fire TV: Navigate to Settings > Preferences > Privacy Settings. Disable “Interest-based Ads” and “Data Monitoring.”

Google TV: Head to Settings > Device Preferences > Reset Ad ID. Also, explore the “Privacy” section for additional controls.

Roku: Visit Settings > Privacy > Advertising. Opt out of personalized ads and reset your Ad ID.

LG, Samsung, Sony, and Vizio: These brands offer similar options. Look for settings related to ACR, AdID, and voice control.

Balancing Convenience and Privacy

Your smart TV isn’t just a screen; it’s a gateway to your personal data. Be informed, take control, and strike a balance. Enjoy your favorite shows, but remember that every episode you watch leaves a digital footprint. Protect your privacy—it’s the best show you’ll ever stream.

Read more »
ransomware attacks
Identity Protection LOCKBIT Cybergang Personal Data Breach Privacy ransomware attacks

Russian Cybergang Responsible for Cybertheft in Jacksonville Beach: What You Need to Know


In late January, the city of Jacksonville Beach, Florida, fell victim to a cybertheft incident that potentially impacted up to 50,000 residents. The responsible party? A Russian-based cybergang known as LOCKBIT. In this blog post, we delve into the details of the attack, the aftermath, and what citizens need to be aware of moving forward.

The LOCKBIT Cybergang

LOCKBIT is not a new player in the cybercrime world. Known for its sophisticated tactics, this group specializes in ransomware attacks. Their modus operandi involves infiltrating systems, encrypting data, and demanding hefty ransoms in exchange for decryption keys. In the case of Jacksonville Beach, LOCKBIT targeted the city’s information system, potentially compromising sensitive data.

The Jacksonville Beach Incident

On February 12, LOCKBIT escalated the situation by listing local residents’ personal information on their website. Social security numbers, addresses, and other private details were suddenly exposed. Panic ensued as citizens grappled with the realization that their identities were at risk. The city’s response was swift: they refused to pay the ransom demanded by LOCKBIT, adhering to Florida’s laws prohibiting such payments.

The International Police Operation

Fortunately, an international police operation intervened, dismantling the criminal empire. LOCKBIT’s reign of terror was cut short, but the damage had already been done. The question remained: where did the stolen data end up? Forensic experts began their painstaking work, attempting to trace the digital breadcrumbs left by the cybergang. Months of investigation lay ahead, and even then, a complete picture might never emerge.

The Fallout

The fallout from the Jacksonville Beach incident is multifaceted. First and foremost, citizens face the uncertainty of whether their personal information is circulating on the dark web. LOCKBIT’s exposure of social security numbers and addresses could have severe consequences, from identity theft to financial fraud. The hotline set up by the city (844-709-0703) aims to address citizens’ concerns, but the road ahead remains murky.

Lessons Learned

As we reflect on this cybertheft, several crucial lessons emerge:

Vigilance is Key: Cyber threats are real and ever-evolving. Citizens must remain vigilant, practicing good cybersecurity hygiene. Regularly update passwords, avoid suspicious emails, and be cautious when sharing personal information online.

Backup Your Data: Ransomware attacks can cripple organizations and individuals. Regularly back up your data to secure locations. If your files are encrypted, having backups ensures you don’t have to pay a ransom to regain access.

No Ransom Payments: Jacksonville Beach’s refusal to pay the ransom was commendable. By adhering to this stance, they not only followed the law but also sent a message to cybercriminals that their tactics won’t work.

Collaboration Matters: International cooperation played a crucial role in dismantling LOCKBIT. Cybercrime knows no borders, and joint efforts are essential to combating it effectively.

Read more »
Privacy
AI Systems Bank Accounts Data protection DWP Financial Security Fraud Privacy

UK Government’s New AI System to Monitor Bank Accounts

 



The UK’s Department for Work and Pensions (DWP) is gearing up to deploy an advanced AI system aimed at detecting fraud and overpayments in social security benefits. The system will scrutinise millions of bank accounts, including those receiving state pensions and Universal Credit. This move comes as part of a broader effort to crack down on individuals either mistakenly or intentionally receiving excessive benefits.

Despite the government's intentions to curb fraudulent activities, the proposed measures have sparked significant backlash. More than 40 organisations, including Age UK and Disability Rights UK, have voiced their concerns, labelling the initiative as "a step too far." These groups argue that the planned mass surveillance of bank accounts poses serious threats to privacy, data protection, and equality.

Under the proposed Data Protection and Digital Information Bill, banks would be mandated to monitor accounts and flag any suspicious activities indicative of fraud. However, critics contend that such measures could set a troubling precedent for intrusive financial surveillance, affecting around 40% of the population who rely on state benefits. Furthermore, these powers extend to scrutinising accounts linked to benefit claims, such as those of partners, parents, and landlords.

In regards to the mounting criticism, the DWP emphasised that the new system does not grant them direct access to individuals' bank accounts or allow monitoring of spending habits. Nevertheless, concerns persist regarding the broad scope of the surveillance, which would entail algorithmic scanning of bank and third-party accounts without prior suspicion of fraudulent behaviour.

The joint letter from advocacy groups highlights the disproportionate nature of the proposed powers and their potential impact on privacy rights. They argue that the sweeping surveillance measures could infringe upon individual liberties and exacerbate existing inequalities within the welfare system.

As the debate rages on, stakeholders are calling for greater transparency and safeguards to prevent misuse of the AI-powered monitoring system. Advocates stress the need for a balanced approach that addresses fraud while upholding fundamental rights to privacy and data protection.

While the DWP asserts that the measures are necessary to combat fraud, critics argue that they represent a disproportionate intrusion into individuals' financial privacy. As this discourse takes shape, the situation is pronouncing the importance of finding a balance between combating fraud and safeguarding civil liberties in the digital sphere. 


Read more »
Privacy
Cars Cyberattacks CyberCrime CyberThreat Data Protection Flaws Privacy

New Car Owners Beware: Study Finds Serious Data Protection Flaws

 


Modern gadgets have been collecting every bit of user data they can gather, just to sell it off to the highest bidder, ever since tech companies realized that data could be sold for dollars. While the user's car has long been a part of the data-sharing network, it seems that its contribution might be significantly greater than most of us would have expected. 

It may even be the biggest seller of users' personal information. There are so many so-called connected cars out there, cars that have internet access, that are becoming a regular part of the car driving experience, and the proliferation is raising concerns among consumers regarding their data privacy rights. 

As reported by Counterpoint Technology Market Research, more than 95% of the passenger cars sold by 2030 will be equipped with embedded connectivity, according to the company. Consequently, car manufacturers are now able to offer functions related to safety and security, predictive maintenance, and prognostics to their customers. 

Additionally, this opens the door for companies to collect, share, or sell personal information about individuals, including driving habits, and other information that people may not wish to share with others. Despite many car manufacturers' efforts to give consumers the option to opt out of excessive data sharing, Counterpoint senior analyst Parv Sharma explains that these options are often hidden within menus, which is also the case for many other consumer technologies where the sale of data has the potential to generate income. 

As a result of a McKinsey report published in 2021, various use cases of monetizing car data could result in an annual revenue stream of $250 billion to $400 billion for industry players by 2030 from multiple use cases for monetizing car data. It is true that there are valid reasons for collecting data from drivers and vehicles, such as those for emergency and security-related purposes, and that there may not always be a way for individuals to opt out of some essential services like that. 

It is important to share more data with other companies as a result of the fact that predictive maintenance enables manufacturers to detect when a part of their fleet is failing earlier than expected and to issue a recall on it, according to James Hodgson, ABI Research's director of smart mobility and automotive research. 

It is becoming increasingly apparent that there are privacy concerns surrounding the use of car companies to share driver information with insurers, and as car companies become involved in the insurance business, there is growing concern about privacy. For instance, driving habits and details regarding car usage might be reported to data collectors and passed along to insurance companies to make rate decisions based on those details. 

It's also important to understand that this is not the same as the new model of usage-based insurance that would allow drivers to earn lower rates if they allow insurers to embed devices into their cars that track their behaviour, which could be offered by companies such as Progressive and Root. There are widespread efforts underway by regulatory authorities to understand car manufacturers' data-sharing practices and to ensure that potential privacy violations are not committed. 

On the other hand, in response to the announcement made at its board meeting in July 2023 by the enforcement division of the California Privacy Protection Agency, there will be a review of the connected vehicle industry conducted under its purview. An official spokeswoman declined to comment further on that review, saying that it is underway. 

A federal investigation of the data-sharing practices of carmakers might also be a basis for federal action in the future. In Doubt-Keegan's view, publishing basic information about data practices can be insufficient to avoid the FTC's enforcement of those practices. There has been an increase in public awareness about this issue. There has been a letter sent (December) by Senator Edward J. Markey (D-Mass.) to 14 car manufacturers urging them to implement and enforce stronger privacy protections in their automobiles, as the senator is a member of the Senate Commerce, Science, and Transportation Committee.
Read more »
Smart Drivers
Cars Cyberattacks CyberCrime Cybersecurity Cyberthreats Data Issuers Ford Motor Privacy Smart Drivers

Premiums Affected as Internet-Connected Cars Share Data with Insurers

 


All kinds of popular features, such as in-car apps, remote functions, and even Wi-Fi hot spots, are available on most new vehicles that offer internet services. In addition to being a goldmine of data for automakers, these "connected" cars can also serve as a goldmine for insurance companies as well. An article published in the New York Times this week discussed the extent to which tracking driver information can affect insurance rates, as well as how it may affect driver insurance rates. 

The insurance industry has in recent years provided incentives to consumers who install dongles in their cars or download smartphone apps that allow them to monitor a variety of things, including how much they drive, how fast they turn corners, how hard they hit the brakes, and whether or not they speed when driving. 

A patent application by Ford Motor describes how “drivers are traditionally reluctant to participate in such programs,” but instead, car companies are collecting information directly from internet-connected vehicles for use by insurance companies. This is the opposite of what's happening now. As far as tracking users' driving data regarding car insurance adjustments is concerned, it is not a new concept at all. 

If users prove that they are good drivers, they can often reduce their insurance premiums, normally by letting their insurance company track users' vehicle data such as trips taken, speeds, distance driven, etc. This is a way that the insurer will be able to lower users' premiums. Certainly, there is a significant difference between tracking of that type and what is emerging about the Smart Driver from General Motors. 

There are a lot of direct insurer tracking programs that help consumers save money on their bills, but Smart Driver is not a user's typical tracking program, most of its users are not knowingly entering into such an agreement seeking savings; in Smart Driver's case, as well as the way data is transmitted to insurers, the consent is not nearly as clear as it might seem. GM's "connected" services, OnStar Smart Driver, are known to share driver data with other auto manufacturers. 

According to Car and Driver, it was not surprising that other automakers also had a similar data-sharing program. The idea is fine when automakers effectively notify consumers that their data will be tracked and shared with others. A usage-based insurance policy entails that the insurance company monitors the behaviour of the driver to determine the best policy. 

There is a problem with the growing number of internet-connected vehicles that share the personal information of their drivers without these drivers even being aware that they have consented to this practice. Kenn Dahl says he has always been able to drive safely because he was careful as a child. In addition to driving a leased Chevrolet Bolt, he owns a software company near Seattle and owns one of its employees. Neither he nor anyone else in his family has a history of causing accidents. 

The cost of his auto insurance shot up by 21% in 2022, and Mr Dahl, 65, was shocked when he received a bill for a hike of such proportion. It was also not uncommon to receive high insurance quotes from other insurers as well. The insurer told him it was the LexisNexis report that he had on file that was a contributory factor.

It is important to understand that LexisNexis is a global data broker with a stake in the insurance and auto insurance industries and is known for keeping tabs on traffic accidents and speeding tickets in the automobile industry. LexisNexis sent Mr. Dahl his 258-page "consumer disclosure report" at his request as per the Fair Credit Reporting Act, which it is required to provide to customers under the law. 

Typically, someone will agree to the terms of service when they install or update an app on their smartphone, but they need to read the fine print before accepting these terms before installing or updating the app on their smartphone. Even though consumers are advised to carefully read contracts before agreeing to them, there is also a powerful argument that corporations must be transparent as to how and when their personal information is going to be shared with others.

This is why the California Privacy Protection Agency (CPPA) has enlisted the help of its Enforcement Division to investigate how and to what extent automobiles equipped with features such as location sharing, smartphone integration, web-based entertainment, and cameras could collect and share consumer data with others, according to a report from Reuters. 

The apprehension echoed by the US Department of Commerce regarding the prospective national security threats posed by Chinese electric vehicles (EVs) finds a parallel in the contemporary discourse surrounding the management of data about driving behaviour in "connected" automobiles.

Individuals keen on understanding the handling of such data by their vehicles are advised to diligently examine the privacy policies associated with any car applications they utilize. Additionally, consumers may avail themselves of consumer disclosure reports provided by LexisNexis, as mandated by the Fair Credit Reporting Act overseen by the Federal Trade Commission.
Read more »
Reddit
AI Data Licensing IPO Privacy Reddit

User Privacy: Reddit Discloses FTC Probe into AI Data Licensing Ahead of IPO


In a surprising turn of events, Reddit, the popular social media platform, has revealed that it is under investigation by the Federal Trade Commission (FTC) regarding its practices related to AI data licensing. The disclosure comes just before Reddit's highly anticipated initial public offering (IPO), raising important questions about user privacy and the responsible use of data in the age of artificial intelligence.

The Investigation 

The FTC's inquiry focuses on Reddit's handling of user-generated content, particularly its sale, licensing, or sharing with third parties to train AI models. While the details of the investigation remain confidential, the fact that it is non-public suggests that the agency is taking the matter seriously. As Reddit prepares to go public, this scrutiny could have significant implications for the company's reputation and future growth.

User Privacy at Stake

At the heart of this issue lies the delicate balance between innovation and user privacy. Reddit, like many other platforms, collects vast amounts of data from its users—posts, comments, upvotes, and more. This data is a goldmine for AI developers seeking to improve algorithms, personalize recommendations, and enhance user experiences. However, the challenge lies in ensuring that this data is used ethically and transparently.

Transparency Matters

Reddit's disclosure sheds light on the need for greater transparency in data practices. Users entrust platforms with their personal information, assuming it will be used responsibly. When data is shared with third parties, especially for commercial purposes, users deserve to know. Transparency builds trust, and any opacity in data handling can erode that trust.

Informed Consent

Did Reddit users explicitly consent to their content being used for AI training? The answer is likely buried deep within the platform's terms of service, a document few users read thoroughly. Informed consent requires clear communication about data usage, including how it benefits users and what risks are involved. The FTC's investigation will likely scrutinize whether Reddit met these standards.

The AI Black Box

AI models are often considered "black boxes." Users contribute data, but they rarely understand how it is transformed into insights or recommendations. When Reddit licenses data to third parties, users lose control over how their content is used. The investigation should prompt a broader conversation about making AI processes more transparent and accountable.

Balancing Innovation and Responsibility

Reddit's situation is not unique. Companies across industries grapple with similar challenges. AI advancements promise incredible benefits, from personalized content to medical breakthroughs, but they also raise ethical dilemmas. As we move forward, striking the right balance between innovation and responsibility becomes paramount.

Industry Standards

The FTC's investigation could set a precedent for industry standards. Companies must adopt clear guidelines for data usage, especially when AI is involved. These guidelines should prioritize user consent, data anonymization, and accountability.

User Empowerment

Empowering users is crucial. Platforms should provide accessible tools for users to manage their data, control permissions, and understand how their content contributes to AI development. Transparency dashboards and granular consent options can empower users to make informed choices.

Responsible AI Partnerships

When licensing data, companies should choose partners committed to ethical AI practices. Collaboration should align with user expectations and respect privacy rights. Responsible partnerships benefit both users and the AI ecosystem.
Read more »
Privacy
Cyberattacks CyberCrime Cybersecurity Digital Footprints Online Photos Pregnancy Privacy

Privacy Perils: Experts Warn of Pitfalls in Sharing Pregnancy Photos Online

 


Taking pregnancy pictures online can even lead to the creation of a digital identity for your child that could be exploited, according to data scientists. When a child appears online, experts say it puts them at risk of identity theft or distribution of images to third parties once they appear online. 

In addition, they say parents should consider what their children share online because this contributes to their child's development as a digital individual. Children are exposed to identity theft, as well as the distribution of images to third parties as soon as they appear online, according to experts who claim they have a digital identity once they appear online.

According to a new study published in Paediatrics and Parenting, parents often think sharing pictures on social media sites is safe, but this may not always be the case, according to the study. As the experts pointed out, parents should consider the content they share with their children on social media, as this contributes to the development of a digital identity in them as a child. 

Dr Valeska Berg, from Edith Cowan University, in Australia, says that many parents do not realize the importance of building a digital identity for their children when they share photos and other identifying information on social media sites such as Facebook. Their posts about being pregnant or anticipating the birth of their child often include personal information that identifies them. 

A study published in Paediatrics and Parenting shows that parents think it is safe to share pictures on social media platforms, even before the child is born, and that this creates a digital identity even before the child is born. 

The doctor has emphasized that parents need to establish secure networks for virtual interactions, regardless of whether they are using Instagram, Facebook, or any other platform. Changing the profile to private is not enough to ensure that a child's photos are safe, she explained. 

As a rule of thumb, Dr Berg advises people to shield their children's faces from photos to preserve their privacy and to avoid publishing specific information about them on the Internet. The researcher said that children should be involved in the process of establishing their digital identity as much as possible. 

For a deeper understanding of this important, fast-moving field, research is needed to identify ways of accomplishing this as well as give voice to the experiences of young children. “In conclusion, the findings highlight the necessity for parents to remain aware and vigilant about the implications of sharing pregnancy and childhood photos online in the future.” 

In conclusion, future studies should explore the perspectives of children as key stakeholders in the creation of their digital identity.” Thoughtful consideration and proactive measures must be taken to safeguard the privacy of children, as their digital footprints are developed from an early age. 

The research of Dr. Valeska Berg emphasizes the importance of ongoing exploration and dialogue for children to participate actively in shaping their digital identities in the future. In today's digital age, it is very important to make informed decisions and take responsible digital practices, and this call to action underscores this.
Read more »
WhatsApp
Apple Cyber Crime Cyberattacks CyberCrime DMA Compliant E2EE iMessage Messenger Meta Privacy Protocol Technology Fusion TikTok WhatsApp

Signal Protocol Links WhatsApp, Messenger in DMA-Compliant Fusion

 


As part of the launch of the new EU regulations governing the use of digital "gatekeepers," Meta is ready to answer all of your questions about WhatsApp and Messenger providing end-to-end encryption (E2EE), while also complying with the requirements outlined in the Digital Markets Act (DMA). A blog post by Meta on Wednesday detailed how it plans to enable interoperability with Facebook Messenger and WhatsApp in the EU, which means users can message each other if they also use Signal's underlying encryption protocol when communicating with third-party messaging platforms. 

As the Digital Markets Act of Europe becomes more and more enforced, big tech companies are getting ready to comply with it. In response to the new competition rules that took effect on March 6, Google, Meta, and other companies have begun making plans to comply and what will happen to end users. 

There is no doubt that the change was not entirely the result of WhatsApp's decision. It is known that European lawmakers have designated WhatsApp parent company Meta as one of the six influential "gatekeeper" companies under their sweeping Digital Markets Act, giving it six months to allow others to enter its walled garden. 

Even though it's just a few weeks until the deadline for WhatsApp interoperability with other apps approaches, the company is describing its plans. As part of the first year of the regulation, the requirements were designed to support one-to-one chats and file sharing like images, videos, or voice messages, with plans for these requirements to be expanded in the coming years to include group chats and calls as well. 

In December, Meta decided to stop allowing Instagram to communicate with Messenger, presumably to implement a DMA strategy. In addition to Apple's iMessage app and Microsoft's Edge web browser, the EU has also made clear that the four parent companies of Facebook, Google, and TikTok are "gatekeepers," although Apple's parent company Alphabet and TikTok's parent company ByteDance are excluded. 

ETA stated that before the company can work with third-party providers to implement the service, they need to sign an agreement for interoperability between Messenger and WhatsApp. To ensure that other providers use the same security standards as WhatsApp, the company requires them to use the Signal protocol. 

However, if they can be found to meet these standards, they will accept others. As soon as another service sends a request for interoperability, Meta is given a window of three months in which to do so. The organization warns, however, that functionality may not be available for the general public to access immediately. 

The approach Meta has taken to interoperability is designed to meet the DMA requirements while also providing a feasible option for third-party providers looking to maximize security and privacy for their customers. For privacy and security, Meta will use the Signal Protocol to ensure end-to-end encrypted communication. This protocol is currently widely considered the gold standard for end-to-end encryption in E2EE.
Read more »
Privacy
Banking Cash Cyberattacks CyberCrime Cyberhackers Cybersecurity Privacy

Advocating for the Persistence of Cash to Counteract Intrusive Banking Practices

 


The Bank of England released news this week that the value of notes in circulation has increased by nearly 16 percent since last year as it announced the opening of a new exhibition on the future of money (who could resist a tour through the history of payment methods?) 

A curator at the Bank of England Museum, Jennifer Adam, stated that even though many people are making more use of digital payments regularly, many people may still be using cash regularly. She also added that if users are physically handing over cash in shops to keep track of their finances, it will be much easier for them to keep track of their finances. 

There is also a theory that the spike in cash can also be attributed to “the turmoil caused by the pandemic and a rise in living costs”. In today's world, users are sick and tired of Big Brother, the state that is grabbing our data with its tentacles. 

Big Brother isn't the only problem. The government is utilizing its catalogue of scapegoats to avoid addressing the current economic hardship that families are facing to avoid addressing the election looming ahead. To whip up divisive and xenophobic, anti-immigrant sentiment, there is no better example than Rishi Sunak’s ongoing struggle to implement an illegal flagship Rwanda policy which is the best example of this principle. 

During the last week, Sunak accepted (then backed out of) a £1000 bet with TalkTV host Piers Morgan that he would get planes in the air before the next general election, which exemplifies the government’s distancing from asylum seekers most affected by this policy, highlighting how the government has become increasingly indifferent to the misfortunes of asylum seekers.  

In light of the passage of the second reading in the House of Lords of the Data Protection and Digital Information Bill (DPDI), amendments to the bill will likely have a greater impact on benefits recipients regarding savings accounts, overseas travel, and other benefits. Additionally, several cruel pieces of legislation have been passed to weaken the welfare system in a misguided attempt to help people find work and to 'crackdown' on fraudulent welfare claimants by debilitating the system. 

This government seems determined to fight workers and benefits recipients against one another for votes, as evidenced by Sunak's promise of cutting disability benefits to reduce taxes. As a result of the DPDI Bill, a bill introduced by the Secretary for Work and Pensions, Mel Stride, the DWP will be able to spy on welfare recipients' bank accounts to improve the welfare system. 

Accordingly, nearly 9 million people and anyone connecting them to the claimant could be involved in surveillance. This can include previous and current partners, children, and even landlords, who may be linked to the claimant. The government is, however, facing mounting pressure against the bill, which is being backed by the private sector.

Over 80,000 signatures have been collected so far in favour of a petition asking that the government stop scrutinizing bank accounts, and to preserve benefits claimants' dignity and privacy. There have also been concerns voiced by politicians regarding privacy and surveillance. 

According to a senior government official, the government is making an Orwellian "nightmare" come true, as the House of Lords is considering a bill that would allow officials to snoop on the bank accounts of benefit claimants. For the Department for Work and Pensions (DWP) to be able to track fraud and errors among those claiming benefits, the Data Protection and Digital Information Bill would compel banks to provide the Department with data to assist in finding fraud and errors. 

In the House of Lords, it has now passed its second reading, which means it has passed its second reading in parliament. In his speech, Sir Prem Sikka told the House of Lords that George Orwell's iconic novel 1984, first published in 1949, proclaimed Big Brother to be the spectre of the future. 

A newly elected Conservative government has now given shape to this nightmare by allegedly rolling back many of the policies and programs of the state. As a result of the government's actions, the right of people to protest and withdraw their labour has already been undermined. The sick, disabled, elderly, poor, unfortunate, and everyone else there is on the streets are now subjected to snooping and 24/7 surveillance of their bank accounts, building societies, and other accounts without a court order.

Cash is resurging as a means of sending a reassuring message to those who have fled data to ensure that users are not alone in our flight. After the Facebook generation began to realise that posting photos of themselves getting sloshed on the internet was a mistake in an attempt to make their future bosses rethink their claims of loving nothing more than a quiet night in front of the TV, they soon stopped posting photos of themselves getting sloshed on the internet. The convenience and ease of buying everything on the go with a phone are now being less attractive for Millennials as they begin to realize that banks are watching their every move.
Read more »
Privacy
Cyber Threats Data Privacy Laws data security Personal Information Privacy

Privacy Under Siege: Analyzing the Surge in Claims Amidst Cybersecurity Evolution

 

As corporate directors and security teams grapple with the new cybersecurity regulations imposed by the Securities and Exchange Commission (SEC), a stark warning emerges regarding the potential impact of mishandling protected personally identifiable information (PII). David Anderson, Vice President of Cyber Liability at Woodruff Sawyer, underscores the looming threat that claims arising from privacy mishandling could rival the costs associated with ransomware attacks. 

Anderson notes that, while privacy claims may take years to navigate the legal process, the resulting losses can be just as catastrophic over the course of three to five years as a ransomware claim is over three to five days. This revelation comes amidst a shifting landscape where privacy issues, especially those related to protected PII, are gaining prominence in the cybersecurity arena. 

In a presentation outlining litigation trends for 2024, Dan Burke, Senior Vice President and National Cyber Practice Leader at Woodruff-Sawyer sheds light on the emergence of pixel-tracking claims as a focal point for plaintiffs. These claims target companies engaging in website activity tracking through pixels without obtaining proper consent, adding a new layer of complexity to the privacy landscape. 

A survey conducted by Woodruff-Sawyer reveals that 31% of cyber insurance underwriters consider privacy as their top concern for 2024, following closely behind ransomware, which remains a dominant worry for 63% of respondents. This underscores the industry's recognition of the escalating importance of safeguarding privacy in the face of evolving cyber threats. James Tuplin, Senior Vice President and Head of International Cyber at Mosaic Insurance predicts that underwriters will closely scrutinize privacy trends in 2024. 

The prolonged nature of privacy litigation, often spanning five to seven years, means that this year will witness the culmination of cases filed before the implementation of significant privacy laws. Privacy management poses challenges for boards and security teams, exacerbated by a lack of comprehensive understanding regarding the types of data collected and its whereabouts within organizations. 

Sherri Davidoff, Founder and CEO at LMG Security, likens data hoarding to hazardous material, emphasizing the need for companies to prioritize data elimination, particularly PII, to mitigate regulatory and legal risks. Companies may face significant challenges despite compliance with various regulations and state laws. Michelle Schaap, who leads the privacy and data security practice at Chiesa Shahinian & Giantomasi (CSG Law), cautions that minor infractions, such as inaccuracies in privacy policies or incomplete opt-out procedures, can lead to regulatory violations and fines. 

Schaap recommends that companies leverage assistance from their cyber insurers, engaging in exercises such as security tabletops to address compliance gaps. A real-world example from 2022, where a company's misstatement about multifactor authentication led to a denied insurance claim, underscores the critical importance of accurate and transparent adherence to privacy laws. 

As privacy claims rise to the forefront of cybersecurity concerns, companies must adopt a proactive approach to privacy management, acknowledging its transformation from an IT matter to a critical business issue. Navigating the intricate web of privacy laws, compliance challenges, and potential litigation requires a comprehensive strategy to protect sensitive data and corporate reputations in this evolving cybersecurity landscape.
Read more »
Serco Leisure
Biometric Authentication data security Information Commissioner's Office Privacy Serco Leisure

Serco Leisure Faces Legal Action for Unlawful Employee Face Scanning



Serco Leisure, a prominent leisure firm based in the UK, finds itself at the centre of a regulatory storm as the Information Commissioner's Office (ICO) intensifies its scrutiny. The ICO has raised serious concerns over the alleged illegal processing of biometric data, affecting more than 2,000 employees spread across 38 leisure facilities operated by the company. At the heart of the matter is the contentious implementation of facial scanning and fingerprint technology, ostensibly deployed to track staff attendance. This move has drawn sharp criticism from the ICO, which contends that the company's actions in this regard are not only ethically questionable but also fall short of principles of fairness and proportionality.

Despite Serco Leisure claiming it sought legal advice before installing the cameras and asserting that employees did not complain during the five years, the ICO found the firm had failed to provide a clear alternative to collecting biometric data. The company's staff, who also undergo fingerprint scanning, were not offered less intrusive methods, such as ID cards or fobs.

The ICO, led by UK Information Commissioner John Edwards, argued that Serco Leisure's actions created a power imbalance in the workplace, leaving employees feeling compelled to surrender their biometric data. Edwards emphasised that the company neglected to fully assess the risks associated with biometric technology, prioritising business interests over employee privacy.

According to the ICO, biometric data, being unique to an individual, poses greater risks in the event of inaccuracies or security breaches. Unlike passwords, faces and fingerprints cannot be reset, heightening concerns regarding data security.

Serco Leisure, while committing to comply with the enforcement notice, insisted that the facial scanning technology aimed to simplify clocking in and out for workers. The company claimed that it consulted with team members before the technology's implementation and received positive feedback.

After this occurrence, the ICO is releasing new guidance for organisations considering the use of employees' biometric data. This guidance aims to help such organisations comply with data protection laws. The controversial nature of biometric technology has sparked debates, with privacy advocates asserting that it infringes on individuals' rights, especially as artificial intelligence enhances the capabilities of these systems. On the other hand, law enforcement and some businesses argue that it is a precise and efficient method for ensuring safety and catching criminals. 

Serco Leisure's use of facial scanning technology to monitor staff attendance has raised legal concerns, leading to an enforcement notice from the ICO. The incident surfaces the need for organisations to carefully consider the privacy implications of biometric data usage and explore less intrusive alternatives to protect employee privacy while maintaining operational efficiency. The ICO's upcoming guidance will serve as a crucial resource for organisations navigating the complexities of using biometric data in the workplace.



Read more »
Robust security
american express Cybersecurity Password Policy Privacy Robust security

American Express Faces Criticism Over Weak Password Policies

 



American Express found itself under scrutiny as users raised eyebrows over their seemingly weak password policies. The requirements, limiting passwords to 6 to 8 characters with a narrow scope of allowed characters, have sparked concerns about the vulnerability of user accounts. This has ignited a broader conversation about the importance of robust password practices and the need for companies to adapt to advancing cybersecurity standards.

Upon investigation, it was discovered that a user who raised the issue received a response from American Express, defending their policy. The email claimed that the website employs 128-bit encryption, making passwords composed solely of letters and numbers more secure. The rationale behind avoiding special characters was explained as a measure to thwart hacking software, which supposedly recognizes them easily.

However, security experts argue that this explanation is flawed. The concept of password "entropy," representing the variety of possible values, is critical in assessing the strength of a password. American Express's limitations on character types result in low password entropy, potentially compromising user accounts. The assertion that hackers can easily identify non-alphabetic characters is debunked by cybersecurity experts who emphasise that allowing special characters and longer passwords enhances security.

Moreover, the email defended the 8-character limit by claiming it reduces keyboard contact, purportedly preventing hacking software from deciphering passwords based on common key presses. However, critics argue that the opposite is true – encouraging longer and more complex passwords would provide greater protection against hacking attempts.

In an effort to address the apprehensions voiced by users, American Express sought to reassure its clientele by emphasising the implementation of robust security measures. The company highlighted the presence of advanced monitoring systems meticulously designed to promptly identify any instances of irregular or potentially fraudulent activity related to card usage. Despite this assurance, a palpable sense of scepticism lingers among users, casting doubt upon the efficacy of the prevailing password policy. This incredulity suggests that, for users, the confidence in the overall security posture of their accounts may be influenced by factors beyond the mere detection of suspicious activities, placing a spotlight on the ongoing debate regarding the adequacy of the current password protocols in place.

The controversy has surfaced a review of American Express's password policies. It remains to be seen whether the company will adapt its approach to align with modern cybersecurity standards. As users await potential changes, the debate serves as a reminder of the importance of robust password practices and the need for companies to stay vigilant in the confounding world of online security.


Read more »
vCISO
Cybersecurity Digital Security Online Threat Privacy vCISO

What Is The Virtual Chief Information Security Officer?

 


In our fast-paced digital age, where everything is just a click away, ensuring the safety of our online space has become more important than ever. It's like having a virtual fortress that needs protection from unseen threats. Now, imagine having a friendly digital guardian, the Virtual Chief Information Security Officer (vCISO), to watch over your activities. This isn't about complex tech jargon; it's about making your online world safer, simpler, and smarter.

Understanding the vCISO

The vCISO operates from a remote stance yet assumes a pivotal role in securing your digital assets. Functioning as a vigilant custodian for your crucial data, they meticulously enforce compliance, maintain order, and mitigate potential risks. Essentially, the vCISO serves as a professional guardian, even from a distance, ensuring the integrity and security of your data.


Benefits of Opting for a vCISO

1. Save Costs: Hiring a full-time CISO can be expensive. A vCISO is more budget-friendly, letting you pay for the expertise you need without breaking the bank.

2. Flexibility: The vCISO adapts to your needs, providing support for short-term projects or ongoing guidance, just when you need it.

3. Top-Tier Talent Access: Imagine having a pro on speed dial. The vCISO gives you access to experienced knowledge without the hassle of hiring.

4. Strategic Planning: A vCISO crafts specific security plans that align with your business goals, going beyond mere checkboxes to authentically strengthen the defenses of your digital infrastructure.

5. Independent View: Stepping away from office politics, a vCISO brings a fresh, unbiased perspective focused solely on improving your security.

Meet Lahiru Livera: Your Virtual Cybersecurity Guide

Lahiru Livera serves as a trusted expert in ensuring online safety. He's skilled at spotting and tackling problems early on, setting up strong security measures, and acting quickly when issues arise. Moreover, he shares valuable knowledge with your team, enabling them to navigate the digital world effectively and become protectors against potential online threats.

Whether your team is big or small, consider getting a vCISO. Connect with Lahiru Livera, your online safety guide, and firmly bolster digital existence of your team to withstand any forthcoming challenges.

All in all, the vCISO presents a straightforward and cost-effective method to ensure online safety. Think of it as having a knowledgeable ally, readily available when needed, without straining your budget. Lahiru Livera stands prepared to assist you in identifying potential issues, establishing intelligent protocols, and transforming your team into adept defenders against online threats. 


Read more »
Subscribe to: Posts (Atom)