Skip to content

Recent Articles

16
Apr

Bloomberg: Google’s Facebook copycat moves leave it more exposed to privacy backlash

Facebook may be getting all the attention lately, but the Monster of Mountain View is still, well, a monster:

No one at Google envied Mark Zuckerberg last week as he was being grilled by Congress. But for years, they certainly coveted the personal data that made Facebook Inc. a formidable digital ad player. And the strategies they set to compete have now placed Google squarely in the cross hairs of a privacy backlash against the world’s largest social-media company.

A backlash that has been a long time in coming.

“Google, in every respect, collects more data. Google, in every respect, has a much bigger advertising business,” said David Chavern, president of News Media Alliance, a publisher trade group. Rather than “a Facebook privacy law,” he expects regulation to target the entire industry.

Google’s many brushes with controversy haven’t deterred the company from making its business practices ever more invasive. Mimicry of Facebook has been occurring for years.

In 2015, the search giant unveiled Customer Match, a tool letting advertisers target ads using consumers’ Gmail addresses. That mirrored a popular Facebook offering called Custom Audiences. Google Plus, the company’s social network, failed to catch on with users but did prompt millions of people to log in to Google’s other web properties, catnip for marketers. Those changes helped Google’s display ad business blossom. Morgan Stanley recently pegged its value at $36 billion.

Political advertisers are among those embracing DoubleClick. Last year, the unit touted a case study with i360, a marketing firm affiliated with the conservative power brokers Charles and David Koch. i360 uses its own data to slice online populations into segments, such as those for and against gun control and traditional marriage. A Google blog post explained how DoubleClick’s systems sucked in that information to help i360 boost the number of its ads people saw. i360 didn’t respond to a request for comment.

Google is incapable of regulating itself, so we clearly need an American equivalent of the European General Data Protection Regulation, or GDPR, as soon as possible.

23
Mar

Crooks infiltrate Google Play with malware in QR reading utilities

Google fails again… surprise, surprise:

SophosLabs just alerted us to a malware family that had infiltrated Google Play by presenting itself as a bunch of handy utilities.

Sophos detects this malware as Andr/HiddnAd-AJ, and the name gives you an inkling of what the rogue apps do: blast you with ads, but only after lying low for a while to lull you into a false sense of security.

We reported the offending apps to Google, and they’ve now been pulled from the Play Store, but not before some of them attracted more than 500,000 downloads.

The subterfuge used by the developers to keep Google’s “Play Protect” app-vetting process sweet seems surprisingly simple.

Prefer Android to iOS? Use F-Droid to get apps, NOT Google Play. There’s no malware lurking on F-Droid.

22
Nov

Google admits tracking users’ location even when location services are disabled

Big Brother is watching you. Even if you’ve told Big Brother Google you don’t want to be tracked.

Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card?

Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed.

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

Quartz observed the data collection occur and contacted Google, which confirmed the practice.

When confronted, Google claimed that the tracking was happening in part to improve message delivery, which Quartz rightly deemed to be a completely bogus explanation.

It is not clear how cell-tower addresses, transmitted as a data string that identifies a specific cell tower, could have been used to improve message delivery. But the privacy implications of the covert location-sharing practice are plain. While information about a single cell tower can only offer an approximation of where a mobile device actually is, multiple towers can be used to triangulate its location to within about a quarter-mile radius, or to a more exact pinpoint in urban areas, where cell towers are closer together.

The practice is troubling for people who’d prefer they weren’t tracked, especially for those such as law-enforcement officials or victims of domestic abuse who turn off location services thinking they’re fully concealing their whereabouts. Although the data sent to Google is encrypted, it could potentially be sent to a third party if the phone had been compromised with spyware or other methods of hacking. Each phone has a unique ID number, with which the location data can be associated.

Read the whole thing.

1
Nov

Google’s reCaptcha defeated again

NakedSecurity reports:

Researchers have created an automated system to solve Google’s reCAPTCHA auditory challenges.

Again.

Poor, poor prove-you’re-a-human reCAPTCHA tests – also known as Completely Automated Procedures for Telling Computers and Humans Apart – they get no respect!

The point of reCAPTCHA challenges is to act as a gate that lets humans through but stops or slows down bots (software robots), so a bot that can solve a CAPTCHA automatically defeats the whole object of reCAPTCHA. And yet, that’s precisely what keeps happening. There are three kinds, and they’ve all been automatically kicked over by researchers.

reCAPTCHA tests aren’t much of a hurdle for sophisticated spammers, but they definitely inconvenience and annoy users. Yet they are in widespread use all over the place. Time to get rid of them and replace them with something better.

17
Oct

Journalist’s Home Mini review unit was sending Google a recording of every sound it picked up

This journalist’s experience with a Google Home Mini is being called a glitch, or malfunction.

But let’s face it: these “smart home” devices are DESIGNED to perform 24/7 hour audio surveillance. And a user has no way of knowing when the device is “phoning home” without checking the logs. Anyone who installs one of these stupid things is signing up for the possibility of being surveilled, accidentally or intentionally by a hostile party, without knowing it.

The privacy glitch that befell Google’s new £49 ($49) Home Mini speaker last week was small but, critics might suggest, still revealing.

The trouble started when journalist Artem Russakovskii, who had been given a review unit at the launch event on 4 October, noticed that the Mini kept turning itself on even when not commanded to.

Deciding to search for clues in the device’s logs, he got a shock:

I opened it up, and my jaw dropped. I saw thousands of items, each with a Play button and a timestamp.

The Mini, it seemed had recorded and uploaded to Google every sound detected in its vicinity for a two-day period, which seemed to be every sound no matter how inconsequential. It even activated after a simple knock on the wall.

This behaviour could be disabled and recordings deleted but only at the expense of harming the system’s future voice recognition accuracy.

If you value your privacy, don’t install a so-called smart speaker in your home, whether made by Google, Amazon, Apple, or any other company. It’s not worth it. The fact that microphones and cameras are standard in laptops, tablets, and smartphones and can be remotely hijacked is problematic enough.

4
Oct

Big Brother Google unveils Clips, a $249 semi-autonomous recording device

Yikes:

Google has just announced Google Clips, a new hands-free camera that takes photos for you. Instead of having to pull yourself out of special moments to shoot photos and videos, Clips will capture moments so you can be in them.

Software is at the core of the camera, meaning Clips can be made smarter and more powerful over time as Google continues to push out new updates.

Clips can capture a 130-degree field of view at 15 frames per second. Each motion photo moment captured by Clips lasts several seconds and is called a “clip,” and they can be browsed using your Pixel phone. No audio is recorded. Each clip can be saved as motion photo, or you can select a single frame from the motion to save as an auto-enhanced, high-resolution photo.

On the front of Clips is a button for capturing photos manually. With a tiny form factor, Clips is designed to be clipped to “almost anything” or set down to document things remotely.

Clips has facial learning features — the more it sees a person, the more it learns to capture more clips of that individual. It also learns to recognize pets like cats and dogs.

Google engineers have laughably attempted to address the privacy implications of their Orwellian creation by giving it an offline mode. In other words, they’re telling potential buyers you don’t need to connect it to the Internet to use it. But of course, you’ll be encouraged to do so — the device has been designed for semi-autonomous recording and the presumption is people will want to share moments they’ve recorded.

There’s also an indicator light — which is a standard feature of webcams.

Commenters at PetaPixel are rightly skeptical. Writes one:

This is not about memories. How many people actually have time to go back and relive the unbelievable amount of memories that would build up? This is about Google’s AI learning and growing. This is about amassing algorithms to make their AI smarter. Simply put, this is getting scary. A record of intimate moments kept on Google servers. But like you, I guess I have already given up freedoms because of my Google phones and tablets. What have I done?

Says another:

As if Google didn’t know enough of our lives yet….

And another:

I don’t like it… We’re getting into some real Orwellian #$%& here. Always listening microphones, bed facing cameras and 24/7 recording body cams… I don’t want any of this stuff, having a phone is bad enough.

Save your $250 and pass on Google Clips, another unnecessary invention the world doesn’t need.

3
Oct

Naked Security breaks down the Google tracking feature you didn’t know you’d switched on

This is a must-read:

Using GPS, Wi-Fi and cell tower data, Google’s Your Timeline can paint a very accurate picture of your daily life. If you’ve got it switched on, it stores every step you take and everywhere you go.

And the thing is, lots of people seem to have it switched on without even realising, including me, and my favourite hats come in tinfoil.

I was surprised it had slipped past me so I started asking other people if they had it switched on too. More often than not, without making a conscious decision to let Google follow them around, they had.

In the end I decided to ask 20 people at random and write down the answers. The result of my short, non-scientific survey? 95% of the people I asked – a mixture of people in technical and non-technical roles – had location history, or its slightly less obnoxious iPhone equivalent Frequent Locations, turned on, tracking their every step, without realising.

Check for yourself. On Android it’s under Settings > Location > Google Location History.

So what exactly is Google Timeline? Google says: “Your timeline in Google Maps helps you find the places you’ve been and the routes you’ve travelled. Your timeline is private, so only you can see it.”

Only you. And Google.

Read the whole thing. The WHOLE THING.

This could be the best post Naked Security has ever published.

Well done, Sophos, and thanks for helping more people understand how to liberate themselves from having their every move tracked by the Monster of Mountain View.

30
Sep

Did Russia exploit Google’s offerings to meddle in the 2016 United States presidential election?

An investigation is underway:

Google is examining what role its services could have played in Russian interference during the 2016 US presidential election, according to a report published Friday by The Wall Street Journal.

The search giant joins its rivals Facebook and Twitter in their own probes, as they try to figure out how Russian agents could have misused their advertising platforms, among other services, to meddle in the campaign.

“We will of course cooperate with inquiries,” a Google spokesperson said. “We’re looking into how we can help with any relevant information.”

But will the results be made publicly available? Facebook has been less than forthcoming about what its probes have turned up.

28
Sep

AlterNet: Google is a “monopoly on steroids”

The venerable progressive news outlet AlterNet has published an editorial making the case that it has gotten swept up in Google’s crackdown on “fake news”:

The New Media Monopoly Is Hurting Progressive and Independent News

The story is about monopoly on steroids. It is about the extreme and unconstrained power of Google and Facebook, and how they are affecting what you read, hear and see. It is about how these two companies are undermining progressive news sources, including AlterNet.

In June, Google announced major changes in its algorithm designed to combat fake news. Ben Gomes, the company’s vice president for engineering, stated in April that Google’s update of its search engine would block access to “offensive” sites, while working to surface more “authoritative content.”

This seemed like a good idea. Fighting fake news, which Trump often uses to advance his interests and rally his supporters, is an important goal that AlterNet shares.

But little did we know that Google had decided, perhaps with bad advice or wrong-headed thinking, that media like AlterNet—dedicated to fighting white supremacy, misogyny, racism, Donald Trump, and fake news—would be clobbered by Google in its clumsy attempt to address hate speech and fake news.

Read the whole thing.

18
Sep

Malware still lurking in the Google Play mobile app store

Embarrassing:

It seems almost too ironic that the Google Play Store has been secretly invaded by even more malware after it has promoted its Google Play Protect security platform for Android. Boasting of technologies like machine learning and artificial intelligence, Play Protect promises to protect Android users more thoroughly without having to increase manpower. Alas, it seems that another malware, named ExpensiveWall, has gotten past the Play Store’s security and this lapse is costing users a lot more than just peace of mind but actual money as well.

Check Point, the cybersecurity firm who reported this latest news, says that ExpensiveWall, named after one of its carriers, “Lovely Wallpaper” is actually a new variant of another malware discovered earlier this year. Both types of malware care costing users money by silently signing them up for premium subscriptions or sending premium SMS. Both strains have also made it past Google’s security checks and have been downloaded thousands of times by users.

SlashGear, which posted the report excerpted above, says Google needs to step its security game. Duh. Supposedly, that’s what they were doing when they launched “Play Protect”. But obviously, they failed.

Anyone who wants a secure mobile platform should invest in a BlackBerry device — and preferably one that runs the secure BlackBerry 10 operating system — to keep their data and networks secure.