Beginning in 2015, all new cars in the United States will likely need to be fitted with data-recording “black boxes” very similar to the devices currently used in aircraft. The U.S. Senate has already passed a bill that will make the devices a requirement, and the House is expected to approve the bill as well. Section 31406 of Senate Bill 1813 states that mandatory event data recorders must in installed in all cars starting in 2015, and it outlines civil penalties that will be levied against violators, Infowars.com reports. While the primary function of the black box devices would be to record and transmit data that could be used to assist a driver and passengers in the event of an accident, the bill has legislation built in that would give the government access to the data with a court order, and it also gives authorities the ability to access the data as part of an investigation. According to the report, these caveats could potentially lead to Big Brother-like scenarios where citizens are monitored or even actively tracked without their knowledge or consent.

[Via Infowars.com]

Read

“Don’t be evil” is an unofficial motto first uttered by a Google executive during a meeting years ago, and while it started as a playful slogan Google used to jab at its rivals, the three little words have come back to haunt the company on countless occasions. The press and users alike often resurrect the credo when discussing the company’s mission to collect as much information about its users as possible, thus allowing it to target advertising more effectively for its clients. Not all Googlers are on board with this mission, however. In an effort to help users protect their privacy, two former Google employees have created a company with the aim of stopping Google and other sites from tracking users. Read on for more.

“Advertisers and other third parties track, clutter, and slow down your web browsing,” Disconnect.me explains on its website. “Disconnect makes the web your business not theirs.”

The company offers a simple plug-in for Google’s Chrome browser that allows users to stop sites like Google, Yahoo, Twitter and Facebook from tracking web browsing. According to TechCrunch, the Disconnect.me now attracts more than 400,000 weekly users. The company is just a few months old but it just raised $600,000 in funding from Highland Capital and other firms, and it aims to expand its service to block more websites from tracking users.

“We think your personal info should be treated with respect, that you should be the steward of your digital self, that you should own your own data,” the company states on its website. “But today, you’re getting a bum deal. Thousands of companies and organizations are taking, analyzing, and auctioning off things like the history of the webpages you go to and searches you do, without even telling you. So we’re building a platform to put you back in charge and let you decide who does what with your online data.”

Disconnect.me’s Chrome browser plug-in is free and available for download on its website.

Researchers from North Carolina State University have found that mobile applications that integrate advertisements pose privacy and a security risks. The team conducted a study that examined 100,000 apps from the Google Play market and noticed that more than half contained “ad libraries,” while 297 of the apps included “aggressive ad libraries” that could download and run code from remote servers. Researchers also found that more than 48,000 of the apps that were examined could track location via GPS, while others could access call logs, phone numbers and a list of all the apps a user has stored on his or her phone.  Read on for more.

“Running code downloaded from the Internet is problematic because the code could be anything,” said Dr. Xuxian Jiang, an assistant professor of computer science at NC State and co-author of a paper describing the work. “For example, it could potentially launch a ‘root exploit’ attack to take control of your phone – as demonstrated in a recently discovered piece of Android malware called RootSmart.”

In-app ad libraries, which retrieve advertisements from remote servers and display ads on a user’s smartphone, are provided to developers by Google or other third-parties. The ad libraries receive the same permissions, however, that the user granted to the app itself when it was first installed – regardless of whether the user is aware he or she was granting these same permissions to the ad library.

“To limit exposure to these risks, we need to isolate ad libraries from apps and make sure they don’t have the same permissions,” Jiang said. “The current model of directly embedding ad libraries in mobile apps does make it convenient for app developers, but also fundamentally introduces privacy and security risks. The best solution would be for Google, Apple and other mobile platform providers to take the lead in providing effective ad-isolation mechanisms.”

Study: Including Ads in Mobile Apps Poses Privacy, Security Risks

Researchers from North Carolina State University have found that including ads in mobile applications (apps) poses privacy and security risks. In a recent study of 100,000 apps in the official Google Play market, researchers noticed that more than half contained so-called ad libraries. And 297 of the apps included aggressive ad libraries that were enabled to download and run code from remote servers – which raises significant privacy and security concerns.

“Running code downloaded from the Internet is problematic because the code could be anything,” says Dr. Xuxian Jiang, an assistant professor of computer science at NC State and co-author of a paper describing the work. “For example, it could potentially launch a ‘root exploit’ attack to take control of your phone – as demonstrated in a recently discovered piece of Android malware called RootSmart.”

In Google Play (formerly known as the Android Market) and other markets, many developers offer free apps. To generate revenue, these app developers incorporate “in-app ad libraries,” which are provided by Google, Apple or other third-parties. These ad libraries retrieve advertisements from remote servers and run the ads on a user’s smartphone periodically. Every time an ad runs, the app developer receives a payment.

This poses potential problems because the ad libraries receive the same permissions that the user granted to the app itself when it was installed – regardless of whether the user was aware he or she was granting permissions to the ad library.

Jiang’s team looked at a sample of 100,000 apps available on Google Play between March and May 2011 and examined the 100 representative ad libraries used by those apps. One significant find was that 297 of the apps (1 out of every 337 apps) used ad libraries “that made use of an unsafe mechanism to fetch and run code from the Internet – a behavior that is not necessary for their mission, yet has troubling privacy and security implications,” Jiang says. But that is only the most extreme example.

Jiang’s team found that 48,139 of the apps (1 in 2.1) had ad libraries that track a user’s location via GPS, presumably to allow an ad library to better target ads to the user. However, 4,190 apps (1 in 23.4) used ad libraries that also allowed advertisers themselves to access a user’s location via GPS. Other information accessed by some ad libraries included call logs, user phone numbers and lists of all the apps a user has stored on his or her phone.

These ad libraries pose security risks because they offer a way for third parties – including hackers – to bypass existing Android security efforts. Specifically, the app itself may be harmless, so it won’t trigger any security concerns. But the app’s ad library may download harmful or invasive code after installation.

“To limit exposure to these risks, we need to isolate ad libraries from apps and make sure they don’t have the same permissions,” Jiang says. “The current model of directly embedding ad libraries in mobile apps does make it convenient for app developers, but also fundamentally introduces privacy and security risks. The best solution would be for Google, Apple and other mobile platform providers to take the lead in providing effective ad-isolation mechanisms.”

The paper, “Unsafe Exposure Analysis of Mobile In-App Advertisements,” was co-authored by Jiang; NC State Ph.D. students Michael Grace and Wu Zhou; and Dr. Ahmad-Reza Sadeghi of the Technical University Darmstadt. The paper will be presented April 17 at the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks in Tucson. The research was supported by the National Science Foundation.

It was recently revealed that Google and a number of advertisers had found a way to bypass some privacy features in modern web browsers, allowing them to forgo third-party cookie policies and serve targeted ads regardless of a user’s privacy settings. The report caused a stir among privacy advocates and consumers alike, and it prompted Google and other companies to agree to honor browsers’ do-not-track policy by the end of the year. Some users may not want to wait up to nine months to know they’re not being tracked, however, and Google has a solution for privacy-conscious web users who don’t want to be followed. Read on for more.

Google has an extension called “Keep My Opt-Outs” available for Chrome browser users that will block all cookies related to personalized ads. The cookies in question track a user’s path across various websites and then use that history to serve relevant advertisements. Web browsers all include a setting to block this process but a number of advertisers such as Google use a special code to circumvent this setting in browsers like Safari and Internet Explorer.

“Keep My Opt-Outs is an extension for users who are not comfortable with personalization of the ads they see on the web,” Google noted on the extension’s Chrome Web Store page. “It’s a one-step, persistent opt-out of personalized advertising and related data tracking performed by companies adopting the industry privacy standards for online advertising.”

Keep My Opt-Outs will work on OS X and Windows computers, but only in the Chrome browser.

Last week, it was revealed that Google and other leading advertising companies had been bypassing the privacy settings of millions of unknowing Safari users. The Mountain View-based company maintained its innocence and claimed it “used known Safari functionality to provide features that signed-in Google users had enabled.” Microsoft is now claiming that the search giant has used a similar technique to bypass privacy settings in Internet Explorer. By default, IE blocks third-party cookies unless the site provides a “P3P Compact Policy Statement” indicating how the cookies will be used and agreeing to not track the user. Microsoft claims that Google is improperly representing certain cookies, which allows them to pass through IE’s security without disclosing the company’s intent. Google has not responded to Microsoft’s claims.

Read

Google and other leading advertising companies have been bypassing the privacy settings of millions of unknowing Safari users, reports the Wall Street Journal. Using “a special code,” the companies were able to bypass the browser’s privacy restrictions and install cookies on a user’s computer, even when such actions were supposed to be blocked. Companies such as Google use cookies to track browsing habits across websites that it places advertisements on. Apple’s Safari Web browser blocks these third-party cookies by default, only allowing them on a website that a user directly interacts with. Read on for more.

The Journal’s research found that this “special code” was present in 22 of the top 100 websites when browsing from a computer, and 23 sites when using the iPhone’s browser. The publication notes that “once the coding was activated, it could enable Google tracking across the vast majority of websites.”

The Mountain View-based company has maintained its innocence, claiming its advertising cookies do not collect personal information. “The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information,” responded a Google representative.

Vibrant Media, Media Innovation Group and PointRoll all employed a similar code for tracking. Out of all the companies, Google has the largest market share, delivering Internet ads that were viewed at least once by 93% of all U.S. Web users in December. Apple reached out to The Journal and informed the publication that the company is “working to put a stop” to codes that bypass Safari’s privacy settings.

Read

Documents related to a Senate inquiry into Carrier IQ and its smartphone software reveal that Sprint is by far the company’s biggest carrier client in the United States. Sprint stated in a letter to Senator Al Franken, which is now public record, that Carrier IQ software is installed on more than 26 million of its handsets. A similar letter from AT&T states that the mobile tracking software is installed on 900,000 AT&T phones, but the carrier said it is only collecting data from approximately 575,000 of them. Both companies reaffirmed earlier statements claiming they only use Carrier IQ software for diagnostic purposes and not to gather private user data or to track subscribers. ”Sprint has not used Carrier IQ diagnostics to profile customer behavior, serve targeted advertising, or for any purpose not specifically related to certifying that a device is able to operate on Sprint’s network or otherwise to improve network operations and customer experiences,” Sprint wrote in its letter. AT&T made similar claims. A link to Senator Franken’s full response to the letters, which includes links to letters from Sprint, AT&T, Samsung and HTC regarding their use of Carrier IQ, follows below. Samsung states in its letter that Carrier IQ is installed on approximately 25 million of its smartphones, and HTC says roughly 6.3 million of its handsets shipped with the software pre-installed.

Read

New York University’s Polytechnic Institute has discovered a Skype security flaw that leaves Skype users’ locations and P2P sharing activity accessible to hackers. The security hole was discovered while NYU scientists monitored 10,000 Skype users and 20 volunteers during a two-week period. “A hacker anywhere in the world could easily track the whereabouts and file-sharing habits of a Skype user – from private citizens to celebrities and politicians – and use the information for purposes of stalking, blackmail or fraud,” professor Keith Ross from computer science NYU-Poly’s computer science program said. Hackers can also keep track of a Skype user’s movements as he or she places calls from various locations. The scientists were able to follow a Skype user during a vacation from New York to Chicago and then all the way home to France, Financial Post explained. “A fairly straightforward and inexpensive fix would prevent hackers from taking the critical first step in this security breach – that of obtaining users’ IP addresses through inconspicuous calling,” the scientists said. Skype chief information officer Adrian Asher said his company will work to improve the security of Skype’s software. 

Read

Apple, HTC, Samsung, Motorola, AT&T, Sprint, T-Mobile and Carrier IQ have been sued in a federal court by what the lawyers involved have deemed a “cell phone tracking software scandal.” Law firms Sianni & Straite LLP, Eichen Crutchlow Zaslow & McElroy LLP, and Keefe Bartels L.L.C. have jointly filed a class action complaint in a Delaware Federal Court related to the “unprecedented breach of the digital privacy rights of 150 million cell phone users.” The complaint suggests that the aforementioned carriers and vendors violated the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act. The suit of course refers to the companies’ use of Carrier IQ, the carrier and vendor-implemented cell phone spyware discovered recently on a number of handsets from multiple manufacturers. Read on for more.

Carrier IQ’s software is intended to be a “Mobile Service Intelligence solutions that have revolutionized the way mobile operators and device vendors gather and manage information from end users” according to the company, but cell phone users are up in arms now that the software’s capabilities have once again been widely covered across the press and on blogs. Carrier IQ software fell under the spotlight to a lesser degree back in September when the software was discovered on Sprint devices. A number of lawsuits have been filed since then, including a complaint flied last week against HTC, Samsung and Carrier IQ.

“This latest revelation of corporate America’s brazen disregard for the digital privacy rights of its customers is yet another example of the escalating erosion of liberty in this country,” David Straite, one of the lawyers leading this crusade, said in a statement. ”We are hopeful that the courts will allow ordinary customers the opportunity to remedy this outrageous breach.” His co-counsel Steve Grygiel added, ”Anyone who cares at all about their personal privacy, or the broader constitutional right to privacy, ought to care and care a great deal about this case.” The firms’ joint press release follows below.

Apple, HTC, Samsung, Motorola, AT&T, Sprint, T-Mobile and Carrier IQ Sued in Delaware Federal Court in Cell Phone Tracking Software Scandal

WILMINGTON, Del., Dec. 2, 2011 – The law firms of Sianni & Straite LLP of Wilmington, DE, Eichen Crutchlow Zaslow & McElroy LLP of Edison, NJ, and Keefe Bartels L.L.C. of Red Bank, NJ, have today filed a class action complaint in Federal Court in Wilmington, Delaware related to the unprecedented breach of the digital privacy rights of 150 million cell phone users.  The complaint asserts that three cell phone providers (T-Mobile, Sprint and AT&T) and four manufacturers of cell phones (HTC, Motorola, Apple and Samsung) violated the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act.

The carriers and manufacturers were caught last month willfully violating customers’ privacy rights in direct violation of federal law.  A technology blogger in Connecticut discovered that software designed and sold by California-based Carrier IQ, Inc. was secretly tracking personal and sensitive information of the cell phone users without the consent or knowledge of the users.  On Nov. 30, 2011, the United StatesSenate Committee on the Judiciary said in a letter to Carrier IQ that “these actions may violate federal privacy laws.”  It added, “this is potentially a very serious matter.”

David Straite, one of the attorneys leading the action, noted “this latest revelation of corporate America’s brazen disregard for the digital privacy rights of its customers is yet another example of the escalating erosion of liberty in this country.  We are hopeful that the courts will allow ordinary customers the opportunity to remedy this outrageous breach.”  Steve Grygiel, co-counsel for the proposed class, agreed: “anyone who cares at all about their personal privacy, or the broader constitutional right to privacy, ought to care and care a great deal about this case.”  Barry Eichen added, “today’s comment from Larry Lenhart, CEO of Carrier IQ, that his software is somehow good for consumers starkly demonstrates what is at stake.”

A copy of the Class Action Complaint in Pacilli v. Carrier IQ, Inc. can be viewed on the Firms’ websites at www.siannistraite.com, www.keefebartels.com, and www.njadvocates.com.

Plaintiffs are represented by Sianni & Straite LLP, a Delaware-based litigation firm with a branch office in New York, Keefe Bartels LLC, a New Jersey-based plaintiffs’ rights trial law firm, and Eichen Crutchlow Zaslow & McElroy LLP, a leading plaintiffs firm with three offices in New Jersey.

Microsoft has updated its Windows Phone platform to address what is now presumed to have been a bug that caused phones to gather location data before a user opted in to such services. Windows Phone developer Rafael Rivera last week revealed that Microsoft’s mobile platform was exhibiting behavior that directly contradicted earlier claims the company made to the United States government. Microsoft’s new “Mango” update, however, appears to have remedied the matter. Read on for more.

“Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data,” Microsoft said recently in a letter to the U.S. House of Representatives. Meanwhile, Rivera discovered that Windows Phone devices began collecting and transmitting “pin-point accurate positioning information” before users were even given the option to opt into such a service.

This behavior now appears to have been a bug. Rivera analyzed the latest version of Windows Phone currently being pushed out to smartphones around the world, and he found that the new OS no longer collects location data until users opt in.

“I have confirmed that Windows Phone ‘Mango’ no longer sends location data prior to being granted permission to do so,” Rivera wrote in a blog post earlier this week. “The behavior I’m now seeing is perfectly aligned with Microsoft’s letter to the U.S. House of Representatives.”

Pending lawsuits against Microsoft surrounding the collection of location data will no doubt continue, but it appears as though Windows Phone’s collection of positioning data is now completely transparent and in line with descriptions provided in the terms of use.

Apple has repeatedly accused Samsung of “copying” its products, but it looks like Microsoft is now the one following Apple’s lead. A class action lawsuit filed in Seattle on Wednesday accuses Microsoft of unlawfully tracking users of smartphones that run the company’s emerging Windows Phone 7 operating system. According to the complaint, the camera application in Microsoft’s Windows Phone software continues to track users’ locations and transmit that data to Microsoft even if users opt-out of Windows Phone’s tracking and feedback functions. The class action suit seeks an injunction as well as punitive damages. Earlier this year, Apple was caught tracking iPhone and iPad users’ locations and storing them in a hidden file on the devices. Apple would go on to state that the issue was caused by a bug, and the Cupertino-based company quickly issued a software update to remedy the problem. Numerous complaints were filed as a result of the scandal however, and while damages have been minimal so far, several cases are still outstanding.

Read

Apple has been fined by South Korea’s telecommunications regulator following the “Locationgate” scandal that caused public outrage earlier this year, Dow Jones reports. This marks the second time Apple has had to pay penalties resulting from the iOS location-tracking snafu. A South Korean lawyer sued Apple and was awarded $1 million won, or approximately $945 at the time, by a court this past June. It was discovered in April that the iPhone and some iPad models were secretly tracking users and storing their locations in a local file. Apple determined that a software bug was responsible for the collection of location data, and it promptly issued a fix. The damage had already been done, however, and lawsuits were filed. Apple’s prompt attention to the matter likely limited the damage, and Wednesday’s fine levied by the Korea Communications Commission is the first penalty we’ve seen issued by a regulatory body. So what’s the damage this time around? $3 million won, or approximately $2,829.

Read

Following the “Antennagate” scandal that cost Apple zero sales last year, a new “Locationgate” scandal took the media by storm earlier this year that ultimately cost Apple zero sales. It was discovered in late April that the iPhone and 3G-equipped iPads were secretly tracking and storing users’ locations. Apple issued a statement seven days later, claiming the culprit was a bug that would be addressed as soon as possible. Apple also said that it does not track its users or their locations. Some people tend to take things more personally than others — or perhaps they’re out for a quick buck — so lawsuits were inevitable. Thus far, just one single complaint related to Locationgate has resulted in a payout from Apple, and it was awarded to South Korean man Kim Hyung-suk this past May, Reuters reports. What was the damage? 1 million won, which translates to a whopping $945. Kim, a lawyer, said Apple sent the payment last month.

Read

Consumer electronics tracker NPD Group on Thursday released its tallies for the U.S. gaming industry, revealing continued console sales growth and rebounding software sales. Last month, sales of video game software dipped to $735.4 million from $875.3 million in March 2010. While sales shrank sequentially, as they do in April in many industries, gaming software jumped 26% from $398.5 million in April 2010 to $503.2 million last month. Microsoft’s Xbox 360 was the best-selling console in April, having climbed 60% year-over-year to 297,000 units. Sales of Sony’s PlayStation 3 grew 13% to 204,000 units and Nintendo sold 174,000 Wii consoles, a 37% decline compared to April 2010. Mortal Kombat 2011 was the best-selling software title in April, having sold over 1 million units including standard games and special editions. Portal 2, Lego Star Wars III, Call of Duty: Black Ops, and Tiger Woods PGA Tour 12: The Masters rounded out the top five titles.

Read

In an effort to be “clear and transparent” with its customers and the government, Verizon Wireless has sent a letter to Congress detailing plans on how it will better inform consumers about location data collection on their smartphones. The wireless carrier will soon apply a removable stickers to its devices with the following warning:

“This device is capable of determining its (and your) physical, geographical, location adn can associate location data with other customer information. To limit access to location information by others, refer to the User Guide for Location settings and be cautious when downloading, accessing, or using applications and services.”

Verizon Wireless will also issue alerts more clearly in its V CAST applications, some of which can be used to track family members or friends voluntarily. It confirmed that it does not sell or rent out personal user information, and that user habits are only used for internal marketing purposes. Verizon says it only collects location data for “various service and operational purposes,” and that it uses the data to ensure customers have solid call and data quality. Hit the jump for a full PDF of Verizon’s letter to Congress.

[Via Phone Scoop]

Read (PDF)