Google and Apple announce Big Brother
https://www.xda-developers.com/google-apple-contact-tracing-coronavirus
📡 @NoGoolag
#Google #Apple #spyware #knowtheenemy #bigbrother #contact #tracing
https://www.xda-developers.com/google-apple-contact-tracing-coronavirus
📡 @NoGoolag
#Google #Apple #spyware #knowtheenemy #bigbrother #contact #tracing
XDA Developers
[Update 6: API Live] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19
Google and Apple announced a Contact Tracing API and Bluetooth spec to fight COVID-19 by warning users who may have been exposed to SARS-CoV-2.
Google and Apple announce Big Brother
https://blog.google/inside-google/company-announcements/apple-google-exposure-notification-api-launches
📡 @NoGoolag
#Google #Apple #spyware #knowtheenemy #bigbrother #contact #tracing
https://blog.google/inside-google/company-announcements/apple-google-exposure-notification-api-launches
📡 @NoGoolag
#Google #Apple #spyware #knowtheenemy #bigbrother #contact #tracing
Google
Exposure Notification API launches to support public health agencies
Apple and Google's Exposure Notifications technology is available to public health agencies on both iOS and Android.
Amazon now offers third-party solutions for contact center AI
Amazon today announced the launch of AWS Contact Center Intelligence (CCI) solutions, a combination of services that enables customers to integrate contact centers with AI through partners in the AWS Partner Network. Amazon says that CCI, which has solutions for things like self-service, live call analytics, and agent assist, is designed to make it easier for companies to apply AI to existing and new systems.
As customer representatives are increasingly ordered to work from home in India, the U.S., and elsewhere, some companies are turning to AI to bridge the resulting gaps in service. The solutions aren’t perfect — there’s always going to be a need for human teams, even where chatbots are deployed — but COVID-19 has accelerated the need for AI-powered contact center messaging.
https://venturebeat.com/2020/08/18/amazon-now-offers-third-party-solutions-for-contact-center-ai/
#Amazon #contact #center #AI
Amazon today announced the launch of AWS Contact Center Intelligence (CCI) solutions, a combination of services that enables customers to integrate contact centers with AI through partners in the AWS Partner Network. Amazon says that CCI, which has solutions for things like self-service, live call analytics, and agent assist, is designed to make it easier for companies to apply AI to existing and new systems.
As customer representatives are increasingly ordered to work from home in India, the U.S., and elsewhere, some companies are turning to AI to bridge the resulting gaps in service. The solutions aren’t perfect — there’s always going to be a need for human teams, even where chatbots are deployed — but COVID-19 has accelerated the need for AI-powered contact center messaging.
https://venturebeat.com/2020/08/18/amazon-now-offers-third-party-solutions-for-contact-center-ai/
#Amazon #contact #center #AI
Google and Apple to roll out phase two of contact-tracing system
Operating system update will allow opt-in to coronavirus exposure notifications without need of an app
Apple and Google are preparing to roll out phase two of their Covid-19 contact-tracing system, allowing users to receive notifications about their exposure to infectious people without needing to install a specific app.
But the system will still not fully work in Britain until the UK government releases its own contact-tracing app – currently being trialled in the Isle of Wight and the London borough of Newham – nationally.
The basics of the “exposure notification” system were built into iPhones and Android devices in May. Users who have downloaded an app made by a public health authority can opt in to a decentralised tracking system. Their phones record details of other devices they have been near, and if one of those users later marks themselves as infectious, exposed individuals receive a notification.
https://www.theguardian.com/technology/2020/aug/27/google-and-apple-to-roll-out-phase-two-of-contact-tracing-system
#Apple #Google #coronavirus #COVID19 #contact #tracing
Operating system update will allow opt-in to coronavirus exposure notifications without need of an app
Apple and Google are preparing to roll out phase two of their Covid-19 contact-tracing system, allowing users to receive notifications about their exposure to infectious people without needing to install a specific app.
But the system will still not fully work in Britain until the UK government releases its own contact-tracing app – currently being trialled in the Isle of Wight and the London borough of Newham – nationally.
The basics of the “exposure notification” system were built into iPhones and Android devices in May. Users who have downloaded an app made by a public health authority can opt in to a decentralised tracking system. Their phones record details of other devices they have been near, and if one of those users later marks themselves as infectious, exposed individuals receive a notification.
https://www.theguardian.com/technology/2020/aug/27/google-and-apple-to-roll-out-phase-two-of-contact-tracing-system
#Apple #Google #coronavirus #COVID19 #contact #tracing
the Guardian
Google and Apple to roll out phase two of contact-tracing system
Operating system update will allow opt-in to coronavirus exposure notifications without need of an app
Forwarded from BlackBox (Security) Archiv
ndss2021_1C-3_23159_paper.pdf
430.5 KB
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods.
Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service.
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #study #pdf
📡 @nogoolag 📡 @blackbox_archiv
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods.
Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service.
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #study #pdf
📡 @nogoolag 📡 @blackbox_archiv
Forwarded from BlackBox (Security) Archiv
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (Interesting quotes and conclusion)
💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.me/BlackBox_Archiv/2042
Both WhatsApp and Telegram transmit the contacts of users in clear text to their servers (but encrypted during transit), where they are stored to allow the services to push updates (such as newly registered contacts) to the clients. WhatsApp stores phone numbers of its users in clear text on the server, while phone numbers not registered with WhatsApp are MD5-hashed with the country prefix prepended (according to court documents from 2014 [2]).
Signal does not store contacts on the server. Instead, each client periodically sends hashes of the phone numbers stored in the address book to the service, which matches them against the list of registered users and responds with the intersection. The different procedures illustrate a trade-off between usability and privacy: the approach of WhatsApp and Telegram can provide faster updates to the user with less communication overhead, but needs to store sensitive data on the servers.
💡Signal:
Our script for Signal uses 100 accounts over 25 daysto check all 505 million mobile phone numbers in the US. Our results show that Signal currently has 2.5 million users registered in the US, of which 82.3 % have set an encrypted user name, and 47.8 % use an encrypted profile picture. We also cross-checked with WhatsApp to see if Signal users differ in their use of public profile pictures, and found that 42.3 % of Signal users are also registered on WhatsApp (cf. Tab. IV), and 46.3 % of them have a public profile picture there. While this is slightly lower than the average for WhatsApp users (49.6 %), it is not sufficient to indicate an increased privacy-awareness of Signal’s users, at least for profile pictures.
💡Telegram:
For Telegram we use 20 accounts running for 20 days on random US mobile phone numbers. Since Telegram’s rate limits are very strict, only 100,000 numbers were checked during that time: 0.9 % of those are registered and 41.9 % have a non-zero importer_count. These numbers have a higher probability than random ones to be present on other messengers, with 20.2 % of the numbers being registered with WhatsApp and 1.1 % registered with Signal, compared to the average success rates of 9.8 % and 0.9 %, respectively. Of the discovered Telegram users, 44 % of the crawled users have at least one public profile picture, with 2 % of users having more than 10 pictures available.
💡 Comparison WhatsApp | Signal | Telegram:
With its focus on privacy, Signal excels in exposing almost no information about registered users, apart from their phone number. In contrast, WhatsApp exposes profile pictures and the About text for registered numbers, and requires users to opt-out of sharing this data by changing the default settings. Our results show that only half of all US users prevent such sharing by either not uploading an image or changing the settings. Telegram behaves even worse: it allows crawling multiple images and also additional information for each user. The importer_count offered by its API even provides information about users not registered with the service. This can help attackers to acquire likely active numbers, which can be searched on other platforms.
💡 Conclusion:
Mobile contact discovery is a challenging topic for privacy researchers in many aspects. In this paper, we took an attacker’s perspective and scrutinized currently deployed contact discovery services of three popular mobile messengers: WhatsApp, Signal, and Telegram. We revisited known attacks and using novel techniques we quantified the efforts required for curious serv[...]
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #comment #conclusion
📡 @nogoolag 📡 @blackbox_archiv
💡 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers (PDF)
https://t.me/BlackBox_Archiv/2042
Both WhatsApp and Telegram transmit the contacts of users in clear text to their servers (but encrypted during transit), where they are stored to allow the services to push updates (such as newly registered contacts) to the clients. WhatsApp stores phone numbers of its users in clear text on the server, while phone numbers not registered with WhatsApp are MD5-hashed with the country prefix prepended (according to court documents from 2014 [2]).
Signal does not store contacts on the server. Instead, each client periodically sends hashes of the phone numbers stored in the address book to the service, which matches them against the list of registered users and responds with the intersection. The different procedures illustrate a trade-off between usability and privacy: the approach of WhatsApp and Telegram can provide faster updates to the user with less communication overhead, but needs to store sensitive data on the servers.
💡Signal:
Our script for Signal uses 100 accounts over 25 daysto check all 505 million mobile phone numbers in the US. Our results show that Signal currently has 2.5 million users registered in the US, of which 82.3 % have set an encrypted user name, and 47.8 % use an encrypted profile picture. We also cross-checked with WhatsApp to see if Signal users differ in their use of public profile pictures, and found that 42.3 % of Signal users are also registered on WhatsApp (cf. Tab. IV), and 46.3 % of them have a public profile picture there. While this is slightly lower than the average for WhatsApp users (49.6 %), it is not sufficient to indicate an increased privacy-awareness of Signal’s users, at least for profile pictures.
💡Telegram:
For Telegram we use 20 accounts running for 20 days on random US mobile phone numbers. Since Telegram’s rate limits are very strict, only 100,000 numbers were checked during that time: 0.9 % of those are registered and 41.9 % have a non-zero importer_count. These numbers have a higher probability than random ones to be present on other messengers, with 20.2 % of the numbers being registered with WhatsApp and 1.1 % registered with Signal, compared to the average success rates of 9.8 % and 0.9 %, respectively. Of the discovered Telegram users, 44 % of the crawled users have at least one public profile picture, with 2 % of users having more than 10 pictures available.
💡 Comparison WhatsApp | Signal | Telegram:
With its focus on privacy, Signal excels in exposing almost no information about registered users, apart from their phone number. In contrast, WhatsApp exposes profile pictures and the About text for registered numbers, and requires users to opt-out of sharing this data by changing the default settings. Our results show that only half of all US users prevent such sharing by either not uploading an image or changing the settings. Telegram behaves even worse: it allows crawling multiple images and also additional information for each user. The importer_count offered by its API even provides information about users not registered with the service. This can help attackers to acquire likely active numbers, which can be searched on other platforms.
💡 Conclusion:
Mobile contact discovery is a challenging topic for privacy researchers in many aspects. In this paper, we took an attacker’s perspective and scrutinized currently deployed contact discovery services of three popular mobile messengers: WhatsApp, Signal, and Telegram. We revisited known attacks and using novel techniques we quantified the efforts required for curious serv[...]
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #comment #conclusion
📡 @nogoolag 📡 @blackbox_archiv
Telegram
BlackBox (Security) Archiv
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist…
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist…
Forwarded from BlackBox (Security) Archiv
Google Promised Its Contact Tracing App Was Completely Private—But It Wasn’t
Researchers say hundreds of preinstalled apps can access a log found on Android devices where sensitive contact tracing information is stored.
When Google and Apple introduced their COVID-19 contact tracing framework in April 2020, the companies aimed to reassure people worried about sharing private health information with major corporations.
Google and Apple provided assurances that the data generated through the apps—people’s movements, who they might have come in contact with, and whether they reported testing positive for COVID-19—would be anonymized and would never be shared with anyone other than public health agencies.
“Our goal is to empower [public health agencies] with another tool to help combat the virus while protecting user privacy,” Google CEO Sundar Pichai wrote in a tweet last May, when the framework became publicly available.
Apple CEO Tim Cook provided similar assurances.
Since then, millions of people have downloaded contact tracing apps developed through Apple’s and Google’s framework: The U.K.’s National Health Services’ app has at least 16 million users, while Canada’s Digital Service COVID Alert app boasted more than six million downloads in January, and Virginia’s Department of Health noted more than two million residents were using its COVIDWISE app.
California governor Gavin Newsom endorsed his state’s version of the app, calling it “100% private & secure” in a tweet last December.
But The Markup has learned that not only does the Android version of the contact tracing tool contain a privacy flaw, but when researchers from the privacy analysis firm AppCensus alerted Google to the problem back in February of this year, Google failed to change it. AppCensus was testing the system as part of a contract with the Department of Homeland Security. The company found no similar issues with the iPhone version of the framework.
https://themarkup.org/privacy/2021/04/27/google-promised-its-contact-tracing-app-was-completely-private-but-it-wasnt
#google #DeleteGoogle #contact #tracing #app #privacy
📡 @nogoolag 📡 @blackbox_archiv
Researchers say hundreds of preinstalled apps can access a log found on Android devices where sensitive contact tracing information is stored.
When Google and Apple introduced their COVID-19 contact tracing framework in April 2020, the companies aimed to reassure people worried about sharing private health information with major corporations.
Google and Apple provided assurances that the data generated through the apps—people’s movements, who they might have come in contact with, and whether they reported testing positive for COVID-19—would be anonymized and would never be shared with anyone other than public health agencies.
“Our goal is to empower [public health agencies] with another tool to help combat the virus while protecting user privacy,” Google CEO Sundar Pichai wrote in a tweet last May, when the framework became publicly available.
Apple CEO Tim Cook provided similar assurances.
Since then, millions of people have downloaded contact tracing apps developed through Apple’s and Google’s framework: The U.K.’s National Health Services’ app has at least 16 million users, while Canada’s Digital Service COVID Alert app boasted more than six million downloads in January, and Virginia’s Department of Health noted more than two million residents were using its COVIDWISE app.
California governor Gavin Newsom endorsed his state’s version of the app, calling it “100% private & secure” in a tweet last December.
But The Markup has learned that not only does the Android version of the contact tracing tool contain a privacy flaw, but when researchers from the privacy analysis firm AppCensus alerted Google to the problem back in February of this year, Google failed to change it. AppCensus was testing the system as part of a contract with the Department of Homeland Security. The company found no similar issues with the iPhone version of the framework.
https://themarkup.org/privacy/2021/04/27/google-promised-its-contact-tracing-app-was-completely-private-but-it-wasnt
#google #DeleteGoogle #contact #tracing #app #privacy
📡 @nogoolag 📡 @blackbox_archiv
themarkup.org
Google Promised Its Contact Tracing App Was Completely Private—But It Wasn’t – The Markup
Researchers say hundreds of preinstalled apps can access a log found on Android devices where sensitive contact tracing information is stored