Windows 10 has a reputation for spying on its users. So much so, that a number of privacy-based third-party programs (such as Ashampoo AntiSpy and Spybot Anti-Beacon) have sprung up to disable Windows 10’s numerous tracking features.

In September 2015, Microsoft's Terry Myerson defended how the company has handled privacy in Windows 10, saying in a blog post that "Trust is a core pillar of our More Personal Computing vision, and we know we have to earn it". Today, in a new blog post, he says much the same thing, but announces two new ways for users to take back control of their privacy. Does it go far enough?

Continue reading →

Facebook, Apple and Google face a drop in ad revenue if EU proposals to apply the same rules to online messaging services that currently apply to telecoms companies go through. In a nutshell, the proposals suggest that the likes of WhatsApp, Gmail and iMessage should ask for explicit user permission to allow tracking with a view to delivering targeted ads.

Google and Microsoft have already faced criticism for scanning emails and using the contents to tailor advertising to the recipient. The EU wants online message services to be subject to the ePrivacy Directive to help improve confidentiality and security.

Continue reading →

We're all looking for ways to save time and effort, so it's hardly surprising that some web browsers offer a feature that automatically fills in online forms with commonly requested personal information. While incredibly useful, the feature can also be exploited to extract data a user might not want to share with a particular website.

Chrome, Opera and Safari all offer to save and automatically fill in details such as name, address, phone number, and so on, and users are ordinarily only aware of the data which is obviously filled in on their behalf. But a web developer shows how it is possible -- and very, very easy -- to use hidden fields to secretly gather all of the information saved in an autofill profile.

Continue reading →

The Investigatory Powers Act 2016 -- better known to many as the snooper's charter -- faced massive public criticism in the run-up to becoming law at the end of 2016 for the privacy-invading powers it affords the UK government to gather data about internet usage.

Towards the end of the year, the European Court of Justice ruled that the "general and indiscriminate retention" of internet data and communication is illegal, potentially threatening the Investigatory Powers Act. Now the human rights group Liberty is launching its own legal attack on the Act, asking for a High Court judicial review of the bulk surveillance powers that have been voted into law.

Continue reading →

The system used by millions of travelers each day to share data between travel agencies, airlines, passengers and websites is incredibly insecure. Security researchers have presented details that highlight just how easy it is to hack flight bookings.

German security firm SR Labs says that using nothing more than a traveler's surname and a six-digit Passenger Name Record (PNR), it is possible to not only gather personal information about people, but also make changes to bookings.

Continue reading →

It's no secret that despite being billed as a great way to download large Linux distros and copyright free software, BitTorrent is primarily used to download the latest Star Wars movie, episodes of The Grand Tour, and illicit copies of Photoshop.

A new website -- unsophisticatedly named 'I Know What You Download' -- does exactly what you might expect: it exposes the torrents you have downloaded. More than this, it can be used to check what has been downloaded by any IP address, and there is even an option to trick people you know into letting you spy on what they are torrenting.

Continue reading →

The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. The group has just published its end-of-year report summarizing months of meetings, analysis and debate.

The report makes four key observations, starting off with: "Any measure that weakens encryption works against the national interest". This is certainly not a new argument against encryption backdoors for the likes of the FBI, but it is an important one. EWG goes on to urge congress not to do anything to weaken encryption.

Continue reading →

In a move that has drawn criticisms from privacy groups, the US government this week started to ask some foreign travelers arriving in the country to hand over their social media account details.

Since Tuesday, visitors to the US arriving under the visa waiver program have been asked if they will provide "information associated with your online presence". Travellers are prompted to provide their usernames for the likes of Facebook, Google+, Instagram, LinkedIn and YouTube, and while the handing over of information is currently marked as "optional", it's not clear what the consequences of failing to provide it may be, or if there are plans to make it mandatory.

Continue reading →

Facebook has released its Global Government Requests Report for H1 2016, and it shows that there has been a significant increase in the number of government requests for account data.

Compared to the first half of 2015, Facebook received 27 percent more requests globally. Most of these 59,229 requests came from the US government, and more than half of them (56 percent) included a gagging order preventing Facebook from notifying the affected users.

Continue reading →

The UK government's Investigatory Powers Act 2016 (also known as the Snooper's Charter) has been dealt a blow after the European Court of Justice ruled that the "general and indiscriminate retention" of internet data and communication is illegal.

This is a serious setback for Theresa May's government which introduced legislations that not only requires ISPs to store customers' browsing history for a year, but also make this data available to a large number of agencies. The European court made the ruling following a legal challenge made by MPs David Davis and Tom Watson which gained the support of privacy groups.

Continue reading →

With the end of the year approaching, many people are looking back over 2016 and picking out the highlights. Others, however, are looking back to see what can be learned for 2017; this is exactly what digital rights group Electronic Frontier Foundation is doing.

EFF has drawn up a wishlist for 2017, outlining some of the things it hopes technology companies like Google, Twitter, Apple and Facebook will take action on. There are lots of familiar names on the list, and while some of the requests might seem a little hopeful, there is certainly scope for some of the changes to be implemented.

Continue reading →

The European Commission could hit Facebook with a colossal fine for providing misleading information during its $19bn takeover of WhatsApp.

The social networking giant could be hit with a fine equivalent to 1 percent of annual sales (around $125m) for failing to correctly communicate planned changes to privacy policies. The data sharing between WhatsApp and Facebook is already the subject of investigations, but this latest accusation comes as a fresh blow.

Continue reading →

The data processing landscape has seen huge changes since 1995, in May 2018 the EU is replacing the Directive with a new regulation, the General Data Protection Regulation (GDPR). Enforceable from May 2018, organizations have had to take account of their responsibilities under the DPA for many years now.

Many have mature and well-considered data management policies in place that already address elements of the GDPR. Nonetheless, with the threat of significant penalties for data breaches under the GDPR it would be prudent to reexamine procedures and to consider how these can be enhanced to ensure compliance when GDPR comes into effect in May 2018.

Continue reading →

With the world so focused on privacy, Evernote should really not have been surprised when there was something of a backlash at an update to its privacy policy that said company employees would be able to access users' unencrypted notes.

Forced to clarify the situation, CEO Chris O'Neill issued an apology for any "confusion" and "angst" the announcement caused, but this was seemingly not enough. Faced with mounting pressure and criticism, the company admits it "messed up" and has now announced that employees will only be able to access notes if users opt-in to allow this. Furthermore, Evernote "will not implement the previously announced Privacy Policy changes that were scheduled to go into effect January 23, 2017".

Continue reading →

There has been great concern over the last day or so following an update to Evernote's Privacy Policy. The update said that Evernote employees might be able to access unencrypted notes as part of a human review of machine learning technologies. Users were unsurprisingly rather concerned, and there was much talk online of a mass exodus to OneNote and other alternatives.

In the face of a user backlash, Evernote CEO Chris O'Neill has issued an apology for any "angst we may have caused" and stressed that "privacy has always been at the heart" of the company. He concedes that the changes to the Privacy Policy were "communicated poorly"... but then managed to half-shift the blame for upset back onto users by saying the change "resulted in some understandable confusion".

Continue reading →