09-02-2019, 12:00 AM
(08-02-2019, 01:34 PM)BRT Wrote: [ -> ]article sheds some light on the whatsapp acquisition. overall very interesting read n shows the power of big tech today. facebook keeps with data sniffing n other violations... consumers have to choice but to spectate? get victimized slowly through the loss of control n privacy? even the act of apple "standing up" for consumers and removing disobeying apps from the store is such a powerful one.
"Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using. Internal documents acquired by Charlie Warzel and Ryan Mac of BuzzFeed News reveal that Facebook was able to leverage Onavo to learn that WhatsApp was sending more than twice as many messages per day as Facebook Messenger. Onavo allowed Facebook to spot WhatsApp’s meteoric rise and justify paying $19 billion to buy the chat startup in 2014. WhatsApp has since tripled its user base, demonstrating the power of Onavo’s foresight."
https://techcrunch.com/2019/01/29/facebo...ect-atlas/
It's unfortunate, but the modern consumer gives no excrement about data privacy. JP Morgan? Yahoo? Mariott? All hacked - no perceptible effect on consumers. But far worse is that by and large people don't care about companies intentionally abusing their data without telling them. Facebook and Google are the biggest offenders. You can try it out yourself - AdSense will start modelling ads with data from everywhere. I just bought a new Lenovo laptop through their site and boom, Lenovo ads start popping up everywhere.
Even your ISPs - I was taken for a tour at SingTel once and it was horrific. They told me they were using mobile location to gather data on people's movements and selling them to customers, for example retailers or shopping mall owners. Even the government and especially the government. An industry guy told me about how Planatir has an office in Singapore. This means they have business here. Now according to their website, Planatir does data management and analysis and other corporate jargon, but what it really does as its primary business is sell software to aggregate the vast amounts of electronic data gathered in national surveillance into actionable intelligence. Its a big business. And frankly the Singapore government has unlimited powers to compel everyone from corporations to individuals to hand them data with non-existent oversight. Laws like the Personal Data Protection Act apply to companies, not the government. In the Snowden leaks, Singapore was revealed to be tapping undersea cables. Real time inspection of packets is also a given.
In this day and age, data privacy and security is earned, not given. Here are some tips if you want to keep your data private.
- Assume every piece of data you create and receive is tracked.
- Use incognito mode or the equivalent in your browser, do not log in with gmail on Chrome. Google and other companies will tie your behavior to your IP, but through gmail it can track you anywhere on Earth.
- Whatever you post on social media or corporate sites they can use. Its up to you to decide how much you want to share. These companies business fundamentally rely on grabbing user data so there's really no "private" social media site.
- Duckduckgo is a free untracked search engine. You can also try Yandex, a Russian search engine which has a better reverse image search and as far as I know is not working with Google.
- Mobile data location can be tracked through which base station you're transmitting to, giving away your position within several hundred meters of it. In the US, it was possible for individuals to track other individuals.
- Use end to end encryption if you want your messages secure, virtually any third party can be accessed by state actors both foreign and domestic. valuebuddies for example uses the HTTPS standard (you can see it in the URL) so your traffic is probably secure from even state actors. Traffic between the site and us is encrypted, but not the data on valuebuddies itself.
- End to end encryption only hides what you are transmitting, not where you are transmitting. IP addresses can be plainly seen in ISPs and even third party software providers like Onavo. Use a proper VPN service - VPN services encrypt your traffic and bounce your traffic off multiple international servers to hide your destination IP. Many VPN services claim to be trackless (meaning your traffic is deleted immediately), but if you don't trust them you can use TOR. The TOR network is an whole load of volunteer relays internationally that your traffic is routed through, AND the exact path is constantly changing. But while the encryption is secure, your local ISP can still see encrypted traffic is being routed to TOR servers. BUT be aware of the TOR exit node - this is the server where your traffic hits the Internet. If someone has control of this, they can see what your destination IP is (what site you are going to).
- For email there are free end to end encrypters like ProtonMail. Anything email you can read from more than one computer is not end to end.
- Do not use the same password. Sites routinely get hacked and while password storage is supposedly secure, they often are not. It just takes one weak site to lose everything even to random strangers. Is your valuebuddies password the same as any other accounts'? Probably. Don't do this. https://haveibeenpwned.com/ is a free site to check if an email associated with an account has been compromised. Note that in certain cases was the password you used for that site cracked. Most sites store your passwords in one-way encryption, but some like Yahoo used encryption so weak the passwords could be cracked, meaning anyone could see what the password for that account was.
- Read the terms and conditions! Governments are practically extralegal, but companies are still (largely) bound by laws. https://tosdr.org/ is a free site that will read the terms and conditions for you and flag out all the bad parts with a rating.
- The most difficult and troublesome part would be securing your computer. Unfortunately this is tricky and unlikely to stop any state actors because they have the resources to research zero day vulnerabilities - vulnerabilities that no in the world knows about yet and hence cannot patch. Thankfully, you are also unlikely to be the target of any state actors (unless valuebuddies lead more interesting lives that I thought). The basics you can do is install a virus scanner to stop widespread malware. This is however moot if you give administrative access to untrusted programs when installing.
- Android is a sausage fest of malware even on the PlayStore. Install a virus scanner, I'd recommend VirusTotal or Kaspersky. iOS users can breathe easy, there are no known malware for unrooted iOS phones.