Casualty Report: The War for Privacy

Like any war,  the war for privacy has seen battles won and lost on both sides. Everyday the news mentions a new violation and likewise developers find better methods of keeping their privacy. With no end in sight many of us are wondering just whether we, the public, are winning.

Following the attacks in Paris last month, the Prime Minister of the UK David Cameron proposed plans to ban encryption. To defend these absurd new laws, he stated, “We must not allow terrorists’ safe space to communicate with each other“, “In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to listen in on mobile communications” and “The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not.”

Naturally, this caused an outcry not long after the government announced that the statement was referring to reforms of the Data Retention and Investigatory Powers Act (DRIPA) and the Regulation of Investigatory Powers Act (RIPA), both of which cover the legalities of intercepting communications. For those of us living in Britain it is already illegal to refuse to give up your password or encryption key under RIPA (Section 3), a crime that carries a prison sentence. Thankfully in the US the fifth amendment protects people from having to disclose such information. With encryption becoming more popular with mobile devices, OEMs could be made to adapt devices that would be used in the UK.

US and UK government surveillance by the NSA and GCHQ has recently been found to be unlawful by The Investigatory Powers Tribunal who stated that they had violated human rights law. Breaches had been made for at least seven years since the introduction of the PRISM program in 2007. Following the news, the Privacy International charity created a petition for the release of details on who had been spied upon, which garnered 6000 signatures within just 24 hours. This petition will then be taken to a court in the hopes that the agencies will be ordered to release names.

Many aspects of our lives have been found to be under threat recently with many large companies going beyond how we would expect them to handle our data. AT&T has just launched their rival service to Google Fiber and are utilizing a brilliantly disguised violation of privacy to make more money. For $99 a month you can enjoy their service, however if you join their Internet Preferences scheme you can save $29 a month. Sounds great, until you look closer and realize what is actually happening. They are charging $70 for their service, but if you’d like your privacy as well it costs extra. The Internet Preferences scheme is an agreement where you allow AT&T to monitor you browsing “Independently of your browser’s privacy settings regarding cookies, do-not-track and private browsing. If you opt-in to AT&T Internet Preferences, AT&T will still be able to collect and use your Web browsing information independent of those settings.” In return, they will send you adverts: online, via email and by mail.

Lenovo has also made some questionable decisions regarding its users’ privacy. Up until now, it has been shipping laptops with malware preinstalled, a software called Super Fish. The program analyzes images from your browser and then brings up adverts with links to the products for sale. However, Super fish has been reported to be performing Man In The Middle attacks by impersonating security certificates of encrypted websites, which in turn could compromise sensitive information of users. By installing these MITM certificates they open up to two risks, firstly the private key becomes available and shared amongst all users. Secondly and much more alarming, if you were to present a user of the Lenovo adware with an invalid SSL site, it would result in the the site being resigned and therefore appearing valid to the user even if the certificate in not legitimate. After significant media attention Lenovo has stopped shipping devices with this software preinstalled.

Even Samsung televisions have been in at the forefront of the war at the moment with reports that unencrypted recordings of users voices were being uploaded to Samsung for analysis. The privacy policy for these devices contains the following ridiculous phrase: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”  The third party in question is a company called Nuance who specializes in voice recognition and control. However Samsung has defended this by saying that the televisions will only transmit what is sent when the voice controls are activated via the remote. Regardless the thought that a conversation in the background may be sent to a company you have no knowledge of is alarming for many people.

The search for true privacy in our digital lives may be far from perfect but with a few precautions you can come a lot closer than most. The tide may be finally turning on this war with people becoming more aware of the need for digital privacy everyday. We may see in the future, a scenario where we have complete control of our data, but that day is still far off.

 

We have previously covered several methods for increasing your privacy:
Krypton Browser is an Android application that integrates the Tor network to provide a more private experience for you.
Xprivacy is an Xposed module that prevents applications accessing sensitive data by returning false or no results to requests for information, such as contacts or location. With Xposed now supporting Lollipop this is a must have app for everyone.

 

Which tools do you use to protect your privacy? Leave us a comment below!

The post Casualty Report: The War for Privacy appeared first on xda-developers.

source: xdadevelopers