iPhone apps share your data with trackers, ad companies and research firms
It’s the middle of the night. Do you know who your iPhone is talking to?
Apple says, “What happens on your iPhone stays on your iPhone.” Our privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week.
It’s 3 a.m. Do you know what your iPhone is doing?
Mine has been alarmingly busy. Even though the screen is off and I’m snoring, apps are beaming out lots of information about me to companies I’ve never heard of. Your iPhone probably is doing the same — and Apple could be doing more to stop it.
On a recent Monday night, a dozen marketing companies, research firms and other personal data guzzlers got reports from my iPhone. At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with.
And all night long, there was some startling behavior by a household name: Yelp. It was receiving a message that included my IP address -— once every five minutes.
Our data has a secret life in many of the devices we use every day, from talking Alexa speakers to smart TVs. But we’ve got a giant blind spot when it comes to the data companies probing our phones.
You might assume you can count on Apple to sweat all the privacy details. After all, it touted in a recent ad, “What happens on your iPhone stays on your iPhone.” My investigation suggests otherwise.
IPhone apps I discovered tracking me by passing information to third parties — just while I was asleep — include Microsoft OneDrive, Intuit’s Mint, Nike, Spotify, The Washington Post and IBM’s the Weather Channel. One app, the crime-alert service Citizen, shared personally identifiable information in violation of its published privacy policy.
And your iPhone doesn’t only feed data trackers while you sleep. In a single week, I encountered over 5,400 trackers, mostly in apps, not including the incessant Yelp traffic. According to privacy firm Disconnect, which helped test my iPhone, those unwanted trackers would have spewed out 1.5 gigabytes of data over the span of a month. That’s half of an entire basic wireless service plan from AT&T.
“This is your data. Why should it even leave your phone? Why should it be collected by someone when you don’t know what they’re going to do with it?” says Patrick Jackson, a former National Security Agency researcher who is chief technology officer for Disconnect. He hooked my iPhone into special software so we could examine the traffic. “I know the value of data, and I don’t want mine in any hands where it doesn’t need to be,” he told me.
Read more:
https://outline.com/q38TDx
Comments
https://news.ycombinator.com/item?id=20031443
#apple #iphone #trackers #datamining #privacy #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
It’s the middle of the night. Do you know who your iPhone is talking to?
Apple says, “What happens on your iPhone stays on your iPhone.” Our privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week.
It’s 3 a.m. Do you know what your iPhone is doing?
Mine has been alarmingly busy. Even though the screen is off and I’m snoring, apps are beaming out lots of information about me to companies I’ve never heard of. Your iPhone probably is doing the same — and Apple could be doing more to stop it.
On a recent Monday night, a dozen marketing companies, research firms and other personal data guzzlers got reports from my iPhone. At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with.
And all night long, there was some startling behavior by a household name: Yelp. It was receiving a message that included my IP address -— once every five minutes.
Our data has a secret life in many of the devices we use every day, from talking Alexa speakers to smart TVs. But we’ve got a giant blind spot when it comes to the data companies probing our phones.
You might assume you can count on Apple to sweat all the privacy details. After all, it touted in a recent ad, “What happens on your iPhone stays on your iPhone.” My investigation suggests otherwise.
IPhone apps I discovered tracking me by passing information to third parties — just while I was asleep — include Microsoft OneDrive, Intuit’s Mint, Nike, Spotify, The Washington Post and IBM’s the Weather Channel. One app, the crime-alert service Citizen, shared personally identifiable information in violation of its published privacy policy.
And your iPhone doesn’t only feed data trackers while you sleep. In a single week, I encountered over 5,400 trackers, mostly in apps, not including the incessant Yelp traffic. According to privacy firm Disconnect, which helped test my iPhone, those unwanted trackers would have spewed out 1.5 gigabytes of data over the span of a month. That’s half of an entire basic wireless service plan from AT&T.
“This is your data. Why should it even leave your phone? Why should it be collected by someone when you don’t know what they’re going to do with it?” says Patrick Jackson, a former National Security Agency researcher who is chief technology officer for Disconnect. He hooked my iPhone into special software so we could examine the traffic. “I know the value of data, and I don’t want mine in any hands where it doesn’t need to be,” he told me.
Read more:
https://outline.com/q38TDx
Comments
https://news.ycombinator.com/item?id=20031443
#apple #iphone #trackers #datamining #privacy #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Forwarded from BlackBox (Security) Archiv
Facebook Is Giving Advertisers Access to Your Shadow Contact Information
Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.
One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.”
You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.
Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.
Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it. Luckily for those of us obsessed with the uncannily accurate nature of ads on Facebook platforms, a group of academic researchers decided to do a deep dive into how Facebook custom audiences work to find out how users’ phone numbers and email addresses get sucked into the advertising ecosystem.
Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser. They came up with a novel way to detect whether that information became available to advertisers by looking at the stats provided by Facebook about the size of an audience after contact information is uploaded. They go into this in greater length and technical detail in their paper.
👉🏼 PDF:
https://mislove.org/publications/PII-PETS.pdf
Read more:
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
#DeleteFacebook #Facebook #targeting #advertising #datamining #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.
One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.”
You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.
Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.
Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it. Luckily for those of us obsessed with the uncannily accurate nature of ads on Facebook platforms, a group of academic researchers decided to do a deep dive into how Facebook custom audiences work to find out how users’ phone numbers and email addresses get sucked into the advertising ecosystem.
Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser. They came up with a novel way to detect whether that information became available to advertisers by looking at the stats provided by Facebook about the size of an audience after contact information is uploaded. They go into this in greater length and technical detail in their paper.
👉🏼 PDF:
https://mislove.org/publications/PII-PETS.pdf
Read more:
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
#DeleteFacebook #Facebook #targeting #advertising #datamining #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from ➡️ Go NoGAPPS
👁 New York Times was able to track President Trump's movements by combining leaked location data with public information, showing the ease which which cell phone location data can be turned into a spying tool ❗️
➖Times Privacy Project got the data from anonymous whistleblowers concerned about this vulnerability and a lack of regulations ❗️Dataset of >50 billion location pings from the phones of >12 million people in this country. It was a random sample from 2016 and 2017, but it took only minutes, with assistance from publicly available information to deanonymize location data and track the whereabouts of President
➖NYT said result being tracking and identifying people as easy. And there is no regulation to stop the exchange of sych data between different parties and companies for profit❗️
➖“Tech companies are profiting by spying on Americans.. report is another alarming case for why we need to break up big tech, adopt serious privacy regulations and hold top executives of these companies personally responsible.” Senator Elizabeth Warren, a Democrat running for president, told NYT
➖“Location tracking data of individuals can be used to facilitate reconnaissance, recruitment, social engineering, extortion and in worst-case scenarios, things like kidnapping and assassination,” warned a cybersecurity expert
💡The sources who provided the trove of location information to Times Opinion did so to press for regulation and increased scrutiny of the location data market. So far, Washington has done virtually nothing to address the threats, and location data companies have every reason to keep refining their tracking, sucking up more data and selling it to the highest bidders.
🌐 Read - a #GoodRead with good infographics
#Tracking #Location #Datamining
🌐Stop using Google/Other location data malware. Go NoGapps
➖Times Privacy Project got the data from anonymous whistleblowers concerned about this vulnerability and a lack of regulations ❗️Dataset of >50 billion location pings from the phones of >12 million people in this country. It was a random sample from 2016 and 2017, but it took only minutes, with assistance from publicly available information to deanonymize location data and track the whereabouts of President
➖NYT said result being tracking and identifying people as easy. And there is no regulation to stop the exchange of sych data between different parties and companies for profit❗️
➖“Tech companies are profiting by spying on Americans.. report is another alarming case for why we need to break up big tech, adopt serious privacy regulations and hold top executives of these companies personally responsible.” Senator Elizabeth Warren, a Democrat running for president, told NYT
➖“Location tracking data of individuals can be used to facilitate reconnaissance, recruitment, social engineering, extortion and in worst-case scenarios, things like kidnapping and assassination,” warned a cybersecurity expert
💡The sources who provided the trove of location information to Times Opinion did so to press for regulation and increased scrutiny of the location data market. So far, Washington has done virtually nothing to address the threats, and location data companies have every reason to keep refining their tracking, sucking up more data and selling it to the highest bidders.
🌐 Read - a #GoodRead with good infographics
#Tracking #Location #Datamining
🌐Stop using Google/Other location data malware. Go NoGapps
Nytimes
Opinion | How to Track President Trump (Published 2019)
Smartphones leave a trail that anyone — and any foreign government — could follow.
Forwarded from ➡️ Go NoGAPPS
💡Edward Snowden: How Your Cell Phone Spies on You
Timestamps:
1. Network data collection
2. App data collection
3. Importance of Firewall & Permissions on per app bases
4. Buying device & still not owning it
5. Third party doctrine, loophole to prove your data is no yours👌
💡"The scandal isn't how they're breaking the law, the scandal is that they don't have to break the law"
🎥 WATCH -YT
🎥 WATCH - Invidio
🎥 Watch Source
#GoodShare #DataMining #Surveillance
🚀 Adopt Android Privacy > Go NoGapps
Timestamps:
1. Network data collection
2. App data collection
3. Importance of Firewall & Permissions on per app bases
4. Buying device & still not owning it
5. Third party doctrine, loophole to prove your data is no yours👌
💡"The scandal isn't how they're breaking the law, the scandal is that they don't have to break the law"
🎥 WATCH -YT
🎥 WATCH - Invidio
🎥 Watch Source
#GoodShare #DataMining #Surveillance
🚀 Adopt Android Privacy > Go NoGapps
YouTube
Edward Snowden: How Your Cell Phone Spies on You
Taken from JRE #1368 w/Edward Snowden: https://youtu.be/efs3QRr8LWw