Category Archives: Privacy

Cell Phone Location Privacy

We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. “Pretty Good Phone Privacy” (PGPP) protects both user identity and user location using the existing cellular networks. It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers.

It’s a clever system. The players are the user, a traditional mobile network operator (MNO) like AT&T or Verizon, and a new mobile virtual network operator (MVNO). MVNOs aren’t new. They’re intermediaries like Cricket and Boost.

Here’s how it works:

  1. One-time setup: The user’s phone gets a new SIM from the MVNO. All MVNO SIMs are identical.
  2. Monthly: The user pays their bill to the MVNO (credit card or otherwise) and the phone gets anonymous authentication (using Chaum blind signatures) tokens for each time slice (e.g., hour) in the coming month.
  3. Ongoing: When the phone talks to a tower (run by the MNO), it sends a token for the current time slice. This is relayed to a MVNO backend server, which checks the Chaum blind signature of the token. If it’s valid, the MVNO tells the MNO that the user is authenticated, and the user receives a temporary random ID and an IP address. (Again, this is now MVNOs like Boost already work.)
  4. On demand: The user uses the phone normally.

The MNO doesn’t have to modify its system in any way. The PGPP MVNO implementation is in software. The user’s traffic is sent to the MVNO gateway and then out onto the Internet, potentially even using a VPN.

All connectivity is data connectivity in cell networks today. The user can choose to be data-only (e.g., use Signal for voice), or use the MVNO or a third party for VoIP service that will look just like normal telephony.

The group prototyped and tested everything with real phones in the lab. Their approach adds essentially zero latency, and doesn’t introduce any new bottlenecks, so it doesn’t have performance/scalability problems like most anonymity networks. The service could handle tens of millions of users on a single server, because it only has to do infrequent authentication, though for resilience you’d probably run more.

The paper is here.

Smashing Security podcast #210: DC rioters ID’d, Energydots, and ransomware gets you in a pickle

Penile penal problems, identifying rioters in Washington DC, and can a sticker protect you from radiation? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. And don't miss our featured interview with CrowdSec's Philippe Humeau.

Changes in WhatsApp’s Privacy Policy

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with.

In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice. Some of the data that WhatsApp collects includes:

  • User phone numbers
  • Other people’s phone numbers stored in address books
  • Profile names
  • Profile pictures and
  • Status message including when a user was last online
  • Diagnostic data collected from app logs

Under the new terms, Facebook reserves the right to share collected data with its family of companies.

EDITED TO ADD (1/13): WhatsApp tries to explain.

To Which Risks Are A Remote Workforce Exposed?

Organizations across the globe have quickly moved to a fast-digital transformation to allow a remote workforce model due to the global pandemic. That has naturally resulted in a multi-fold rise in the IT attack surface of a company. 

That’s why security leaders should consider the added risks carried by the remote workforce as well as their personal devices, which aren’t in the purview of the company’s security measures. This post aims to present you with information about which risks you might be exposed to. Are you ready? Then let’s jump in! 

Common Risks of an Attack Surface and Remote Workforce

  • Accidental exposure throughout the work from home

You will find a higher risk of company critical data being exposed incidentally, with most team members working remotely and accessing data outside of the company’s security measures. That includes codes, applications, and customer data, among others. 

  • Enhanced third or fourth risks 

Keep in mind your third, and fourth-party vendor risks have enhanced multi-fold because of the spurt in organizations selecting to allow their workforce to work from their home remotely, leading to a raised attack surface. 

  • Not realizing new assets uploaded on the internet during work from home

Many assets went online that today might be open to attack with less time to get ready for the worm from home and keep business continuity. The company’s security team needs to learn which assets are publicly visible and online to the world. 

  • Isolated IT assets

Organizations can deal with remote work as long as everybody utilizes a calibrated computer, which the IT team has solidified. The issue is that we would need to go back in time and to get ready for the pandemic ahead of time.

IT cannot access such devices to solidify cybersecurity or standardize settings, with many workers utilizing personal devices often or all the time. Every machine has vulnerabilities, which cannot be managed as well as liabilities, which cannot be understood. 

  • Strained security resources

Remote computers are on their own in the wild, lacking the cybersecurity resources, which the standard enterprise supplies in-house. Each is an isolated endpoint, which should bear the accountability for protecting company networks, applications, and data.

That is a lot to ask for a client-based antivirus and consumer firewall software, particularly when protecting against high-volume offensives and novel attacks. 

How to Manage the Risks of Remote Workforce

Working from home is a business essential throughout the present coronavirus pandemic. It is not clear if this trend is limited to the present crisis or if the pandemic will usher in a future with more flexibility for remote work. 

Some of the measures to mitigate risk because of work from home are the following:

  • Utilize unified endpoint management platforms (UEM)

Keep in mind that UEM platforms can streamline the procedure of rolling out security updates and patching assets through different operating systems. 

These tools also enable the security department to deal with the native security capabilities, enforce encryption across operating systems, and get higher visibility across the device. 

  • Automate threat detection to lessen the burden on security staff

Wide-ranging remote work has made new problems for security experts. You see, automated security tools like data encryption, threat prevention, response, and detection help take a few of the bonus off the admins. That enables them to concentrate their energy on embracing the new challenges that were caused by remote work. 

  • Support app-focused security

Most workers in the present environment have been obliged to utilize their personal devices to work from their homes. It will help to invest in app-based solutions like vpn or app security, app container, and app virtualization app to safeguard company assets, which are being accessed on personal devices. A good example of that is the Zero trust Application Access as Perimeter 81 that allows security experts to de-emphasize device-centric endpoint protection. 

  • Talk about the human factor in remote work security 

The typical safeguards of the employee against cyberthreats are down with so many distractions at home. They may utilize their personal devices at work, utilize unsecured Wi-Fi networks, share their work devices, or fall prey to phishing emails, becoming the biggest risk

On top of that, your data system can be put at great risk through poor documentation retention, the use of unsecured channels to send critical data, or the use of unencrypted USB flash drives. Fundamentally, information security protection measures aren’t there. That will leave your network susceptible to cyberattacks. 

Testing the responses and awareness of an employee to cybersecurity is essential before letting employees telecommute. That could be performed through a phishing simulator that enables you to set up emails from the IT team, management, or colleagues of convincing staff to open a link, download an attachment or submit credentials. 

The data you receive can be utilized to train staff on cybersecurity tips and best practices to prevent cyberattacks. 

  • Identify possible risks and their possible effect

It is essential to determine possible threats, their possibility, and how they would affect the company, which may hit the network apart from considering the technical and human side of remote work security.

It will help you list all potential attack points, which could be exploited by hackers to access the data or system, especially during the cybersecurity risk assessment. The next phase is to rate the possible effect on the network’s infrastructure as either low, medium and high, based on recoverability and significance. 

It will also help if you will assess the control setting that is composed of locating threat prevention, mitigation, and detection. It is time to resolve the possible concerns after discovering where the possible risk could be and have measured a risk rating. 

That may include opting to a better email filter, replacing the data backup system, or having a third-party security team. You can then reassess the risk after you update or implement new security controls. 

Risk assessment for a remote workforce is a complicated procedure that needs substantial planning and expert knowledge to ensure every person, data, process, and device in the company are covered. That could be worked out with trial and error without professional support. 

The post To Which Risks Are A Remote Workforce Exposed? appeared first on CyberDB.

Introducing: Cisco’s Innovated Transparency Report

As our customers’ businesses evolve in complexity and scale, we are hyperaware of our responsibility as a data steward to protect the privacy and trusted relationships that drive our business forward.

For many years, Cisco has published* the number of demands for customer data that we receive from law enforcement and governments around the world. In an age of growing geopolitical tensions, evolving threat landscapes, and increasing demands for corporate transparency, tech companies must stay focused on the steps they are taking to ensure customer privacy is recognized as a human right and a business imperative. A human focus is at the heart of every aspect of Cisco innovation, and we continuously work to make this apparent to our customers.

We listen to our customers’ security and privacy concerns as a guide to help shape our company and practices, all with a goal of being a trusted partner at every step. In response, we have refreshed our Transparency Report to answer our customers’ top questions about government data demands. Our leading additions are outlined below.

Global Map

The interactive map display gives geographic granularity into the very limited number of demands we receive from around the world. It illustrates the total disclosures of customer data by country and notes why some demands did not result in disclosure. One of the key metrics included in each country breakdown is the number of demands Cisco rejects during the given timeframe. We firmly hold law enforcement and governments accountable to our commitments to protect customer data, and this often includes rejecting requests that don’t meet our standards. Additionally, often Cisco does not have the data law enforcement is looking for, as illustrated by the no data disclosed metric.

Law Enforcement Guidelines

For the first time, we are publishing law enforcement guidelines to inform our customers and law enforcement agencies about the ways we protect customer data. It outlines the legal burden required of law enforcement agencies and governments when demanding customer data, and the laws to which these demands are subject. Cisco recognizes and appreciates government efforts to thwart bad actors and deter criminal activity. Nonetheless, we remain committed to ensuring that access to our solutions and services are protected from unlawful intrusion.

Frequently Asked Questions

At Cisco, we are constantly working on clear and simple communication to our customers, especially when it comes to important topics, like the ways in which we are protecting your data. We’ve added a Frequently Asked Questions (FAQ) section to guide customers through this crucial discussion. In this section, we reiterate that Cisco never allows backdoors or gives governments or law enforcement agencies direct access to content or non-content data without following appropriate legal process.

Our commitment to customers is to be open and transparent, particularly as it relates to issues that could potentially impact their business. As such, Our Principled Approach continues to guide every decision we make regarding government demands for customer data. It details the commitments we have made to protect customer privacy, minimize disclosure, and ensure we uphold and respect human rights.

To learn more about Cisco’s commitment to Transparency and Accountability, please visit our Trust Center or view our Global Data Demand Infographic. Questions about our Transparency Report or Our Principled Approach? Email: govt-data-requests@cisco.com

*Transparency report data is published twice yearly, covering a reporting period of either January-to-June or July-to-December. Cisco publishes this data six months after the end of a given reporting period, in compliance with legal restrictions on the timing of such reports.

Privacy in 2020 and What to Expect for the Year Ahead

2020 was dominated by news of the pandemic and anchored by reality that we all found ourselves in – entire families logging in remotely, trying to keep school and work feeling “normal.” While we tested the limits of what a home office could sustain, the privacy and security of a fully remote world was put front […]… Read More

The post Privacy in 2020 and What to Expect for the Year Ahead appeared first on The State of Security.

Predicated Data Classification Trends for 2021

Article by Adam Strange, Data Classification Specialist, HelpSystems

In the digitally accelerated COVID-19 environment of 2021 what are the top data security trends that organisations are facing? Here is HelpSystems Data Classification Specialist, Adam Strange’s take on the outlook and trends for 2021.

Ongoing Growth in Remote Working will Create Data Security Threats
  • The far-reaching impact of COVID-19 includes the intensified threat of malicious cyber attacks as well as an escalating number of damaging data breaches across almost every sector of business. The rapid shift to remote working during the pandemic left many employers exposed to hackers and highlighted multiple examples of serious network and data vulnerabilities.
  • For example, in a recent article, Infosecurity Magazine quotes research finding that attacks on the biotech and pharmaceutical industry alone rose by 50% in 2020 compared to 2019. And in the defence sector, The Pentagon is seeing a huge rise in cyber attacks through the pandemic, where unprecedented numbers of employees are forced to communicate through their own devices. 
  • As more companies move to facilitate a semi-permanent remote workforce, data security ecosystems will evolve to become more complex and advanced data management and classification solutions will be a critical technology investment.
  • ‘Insider threat’ will be categorised as the most prominent tier 1 data security risk in 2021, necessitating stricter corporate guidelines and protocols in data classification, as well as comprehensive employee education programmes around data security. 
  • HelpSystems’ recent research interviewed 250 CISOs and CIOs in financial institutions about the cybersecurity challenges they face and found that insider threat - whether intentional or accidental - was cited by more than a third (35%) of survey respondents as one of the threats with the potential to cause the most damage in the next 12 months. 
  • Further, the latest Information Commissioner’s Office (ICO) report confirmed that misdirected email remains one of the UK’s most prominent causes of security incidents, demonstrating the need for all organisations to control the dissemination of their classified data. 
  • HelpSystems’ technologies in data security and classification are enabling businesses to regain control of sensitive data, identify sensitive data by scanning and analysing data at rest and classify and protect personal data by detecting PII at creation. 
A Security Culture needs to be Embedded into Organisations, especially as Insider Breach Risk continues to Grow
  • In 2021 data governance will take centre stage in data security and privacy strategies. Companies will create Centres of Excellence (COE) to embed a solid data security culture across teams and corporate divisions and to formalise in-house data management processes, rolling out divisional best practice and placing data classification at the foundation of their data security strategy.
  • Employees play a vital role in ensuring the organisation maintains a strong data privacy posture. For this to be effective, organisations need to ensure that they provide regular security awareness training to protect sensitive information. In terms of how they go about doing this, they must invest in user training and education programmes. 
  • The security culture of the firm must be inclusive towards all employees, making sure they are continually trained so that their approach to security becomes part of their everyday working practice, irrespective of their location, and security becomes embedded into all their actions and the ethos of the business. 
  • Data classification solutions will allow businesses to protect data by putting appropriate security labels in place. HelpSystems data classification uses both visual and metadata labels to classify both emails and documents according to their sensitivity. Once labelled, data is controlled to ensure that emails, documents and files are only sent to those that should be receiving them, protecting sensitive information from accidental loss, through misdirected emails and the inadvertent sharing of restricted documents and files. 
Supply Chain Ecosystem Risk will get Bigger
  • Accenture quote that 94% of Fortune 100 companies experienced supply chain disruptions from COVID-19, and that as much as 40% of cyber threats are now occurring indirectly through the supply chain.
  • 2020 has been the year where businesses realised more than ever that data security across the supply chain was only as strong as its weakest link, where exposing a business’s network and sensitive data to its suppliers had the potential to carry significant additional risk. 
  • HelpSystems’ recent report interviewed 250 CISOs and CIOs from financial institutions about the cybersecurity challenges they face and nearly half (46%) said that cybersecurity weaknesses in the supply chain had the biggest potential to cause the most damage in the next 12 months. 
  • But sharing information with suppliers is essential for the supply chain to function. Most organisations go to great lengths to secure intellectual property (IP), personally identifiable information (PII) and other sensitive data internally, yet when this information is shared across the supply chain, it doesn’t get the same robust attention. 
  • The demand for greater resilience across supply chain operations in 2021 will require businesses to move quickly to overhaul existing tech investments and prioritise data governance. Organisations must ensure basic controls are implemented around their suppliers’ IT infrastructure and that they have robust security measures in place. 
  • Advanced data classification capabilities will deliver assurance and control to numerous industries including finance, defence and government. HelpSystems advises organisations to ensure their suppliers have a robust approach to security and information risk with security frameworks such as ISO 27001 and Cyber Essentials in place. 
  • Organisations should implement a data classification scheme and embed data risk management into the procurement lifecycle processes from start to finish. By effectively embedding data risk management, categorisation and classification into procurement and vendor management processes, businesses will prevent their suppliers’ vulnerabilities becoming their own and more effectively secure data in the supply chain. 
Data Privacy Regulations set to Increase
  • An increased focus on data privacy and protection of personal data and the continuing shift in privacy law, as reflected in the EU’s landmark GDPR in 2018 and, this year, the US’s CCPA, and the CPRA set to take effect in 2023, has changed the data regulatory landscape. We can expect to see similar US compliance rulings come into force beyond California through 2021.
  • In addition to individual state privacy rulings, we can expect to see federal US-wide regulation come into force. 
  • This new phase in privacy regulation will be complex and enforcement will demand changes in people, process and technology - proper corporate data governance programmes, employee training and solid data management systems in every organisation to counter reputational risk and hefty fines. 
  • Data automation will also be a priority as companies struggle to deliver relevant data protection strategies for every level of business and its users, across all platforms and infrastructures to conform with individual state and international laws. 
  • HelpSystems’ unified security, compliance and data classification solutions simplify compliancy reporting enabling business to easily generate the documentation necessary to identify security issues, give auditors the information that they need and prove compliance. 

iPhones vulnerable to hacking tool for months, researchers say

Analysis: NSO Group’s Pegasus spyware could allegedly track locations and access passwords

For almost a year, spyware sold by Israel’s NSO Group was allegedly armed with a computer security super-weapon: a zero-footprint, zero-click, zero-day exploit that used a vulnerability in iMessage to seize control of an iPhone at the push of a button.

That means it would have left no visible trace of being placed on target’s phones, could be installed by simply sending a message that the victim didn’t even need to click on, and worked even on phones that were running the then-latest version of iOS, the operating system for iPhones.

Continue reading...

Steps to Protect Your Computer From Cybersecurity Threats

There are plenty of different types of malware and viruses nowadays, and relying on a default computer set up to protect you is not enough. 

Tech-savvy people can detect a potential threat almost immediately, and they should not have problems. But not everyone has enough experience to rely on themselves. Moreover, it may be that someone who is not aware of potential malware and viruses could be using your computer and infecting the system without even knowing about it.

In other words, it is necessary to have a proper cybersecurity strategy in hand. If you have been looking for some suggestions on creating an effective plan and giving yourself peace of mind, take the steps in this article. 

Step #1 – Get Reliable Antivirus Software

Starting with reliable antivirus software is a good piece of advice. But do not limit yourself to just leaving the software in the background. While it should detect and eliminate most threats, it is also recommended to perform custom disk scans regularly. And, as one expects, remove any potentially corrupted files that the antivirus finds.

Step #2 – Be Smart About Passwords You Use

Macbook users may not be aware of Keychain access and accountsd – two tools that store and exchange login information. But even knowing what is a login keychain may not be enough to be smart about password creation and usage.

Whether you use a Mac, PC, or a smartphone, it is necessary to spend more time and come up with passwords that are actually difficult to crack. Avoid combinations like “password123” or “123password123” because they are too easy.

If you cannot come up with a strong password, use an online generator, and write the password on a piece of paper to memorize it. Also, do not use the same password for every account. If someone finds it out, they can access important profiles like emails and social media accounts.

Step #3 – Browse via VPNs

A virtual private network costs a couple of dollars per month, but they offer you access to geo-restricted content, internet anonymity, and security.

VPNs are particularly effective when you need to connect to public Wi-Fi available in places like cafes, hotels, or libraries. These public networks lack the necessary safety protocols that one can find in virtually every VPN service. In addition, you can also change your IP and surf the net as if you are in a different location.

Step #4 – Install Ad Blocker Extensions

Ad blocker browser extensions can be a life-saver in certain situations. Some sites are notorious for their aggressive ad policy, and they do not bother warning visitors how clicking on some ads redirect to a landing page full of malware.

Meanwhile, having an ad blocker eliminates most forms of advertisement you encounter online. Besides preventing potential cybersecurity threats, your overall internet experience should improve as well since you will not have to deal with ads.

Step #5 – Avoid Shady URLs

If a website link seems suspicious, do not risk and ignore it, even if you receive it from someone you know and trust. You should not have issues finding the same page using Google search if you want.

Step #6 – Keep the System up to Date

System updates may take some time to download and install, but they should still be one of the priorities if you want to avoid potential cybersecurity attacks

While most associate OS updates with the latest features and basic performance improvements, one should not underestimate how much of a boost a new update can be to the computer’s security.

Malware creators are one step ahead, and those who work in cybersecurity need to react to make sure that the user devices have enough protection. Missing the most recent system update could mean exposure to the most recent malware. And only installing an OS update could fix this potential cybersecurity hole.

Step #7 – Create Data Backups

It is better to be safe than sorry. Instead of second-guessing what you would do if some malware wiped your data, why not create a backup and have fewer worries?

You can use cloud services like Dropbox and iCloud or purchase an external hard drive. There is no need to back up every file on the computer as you can install something like video games or software without issues. It is personal information, pictures, and important documents that should be the priority.

Step #8 – Limit Physical Access to the Computer

Living alone means that you should not have to worry about another person getting their hands on your computer. However, if someone else uses the computer, you cannot guarantee that they will not end up infecting it with malware.

Limiting physical access is one of the options, but you can also create a non-admin account and disable certain features, like accessing system files. It might not seem like much, but it can help prevent potential cybersecurity threats.

The post Steps to Protect Your Computer From Cybersecurity Threats appeared first on CyberDB.

‘Antiquated process’: data regulator on obtaining Cambridge Analytica warrant

UK information commissioner calls for international approach to emerging threat

The information commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself, and renewed calls for an international approach to data privacy to tackle the emerging threat of data havens.

Elizabeth Denham, the information commissioner, spoke to Damian Collins MP, the former chair of the digital, culture, media and sport committee, who led the parliamentary enquiry into disinformation, on his podcast Infotagion. She described discovering that Facebook was inside the offices of defunct electioneering consultancy Cambridge Analytica while in the middle of an interview with Channel 4’s Jon Snow.

Continue reading...

Cybersecurity 101: How to Protect Yourself from Hackers

The internet has changed a lot of things; some for the better and others for the worst. Everything that we use in our homes, from mobile devices to the Internet of Thing (IoT) products, rely on the internet. The extensive use of these products have the potential to erode our privacy. When it comes to privacy, it is under attack from all sides. Whether we realize it or not, hackers are always trying to gain information about us so that they can control our lives. In order to make your devices, online identity, and everything that you do online more secure, you have to follow a few things. In this article, I am going to highlight five cybersecurity tips that you need to know.

Install an Antivirus

The first thing you have to do is make use of an antivirus that will protect you against malicious programs. With so many different kinds of viruses and malware, you need to ensure that you prevent these attacks. Once you have installed antivirus, update it regularly so that its security patch is fool-proof. However, installing an antivirus doesn’t mean that you can browse any site you want to. You will still have to be very careful as hackers can still find ways to get into your system.

Use Unique Passwords for Login

One of the easiest and most prevalent ways hackers get access to your information is by getting hold of your passwords. You must use a unique password for different platforms so that even if one account gets hacked, the hacker can’t access the rest of your accounts. Moreover, you should use a strong password for every account that contains a combination of numbers, upper-case and lower-case letters, special signs, etc. Every little thing that you do to make your password more secure goes a long way.

Get a VPN and Use It

You might have heard about using a VPN when browsing the internet, but most people don’t fully understand what a VPN does. Say that you go to a coffee shop and want to connect to its Wi-Fi. You can never be sure that the network you are using is secure. Whether you are using your home network or a public network, someone can easily steal data from your computer if he bypasses your network security. The best way to prevent that is by using a VPN as it encrypts all your data. Here are some best value VPNs that you can use to secure your computer files.

Use Two Factor Authentication

While I agree that using two-factor authentication can take a lot of time, but let me tell you that it is worth it. Two-factor authentication adds an extra layer of security in case someone bypasses the first one. For example, even if the hacker gets access to your password, he will never be able to access your account without bypassing the second level of authentication.

Protect Your Social Media Privacy

Last but not least, you have to pay some attention to how you use social media. Social media scams are at the peak nowadays as hackers fish for information through these platforms. You have to be extremely careful when using platforms like Facebook as you voluntarily give out your information and present it publically. Make sure that you have configured every social media platform and think twice before revealing any personal information. Once you give out your personal information yourself, you can blame it on anyone but you. After all, regardless of how many security protocols we put into place, the weakest link in the security chain is humans themselves.

The post Cybersecurity 101: How to Protect Yourself from Hackers appeared first on CyberDB.

Privacy-Preserving Smart Input with Gboard

Google Keyboard (a.k.a Gboard) has a critical mission to provide frictionless input on Android to empower users to communicate accurately and express themselves effortlessly. In order to accomplish this mission, Gboard must also protect users' private and sensitive data. Nothing users type is sent to Google servers. We recently launched privacy-preserving input by further advancing the latest federated technologies. In Android 11, Gboard also launched the contextual input suggestion experience by integrating on-device smarts into the user's daily communication in a privacy-preserving way.

Before Android 11, input suggestions were surfaced to users in several different places. In Android 11, Gboard launched a consistent and coordinated approach to access contextual input suggestions. For the first time, we've brought Smart Replies to the keyboard suggestions - powered by system intelligence running entirely on device. The smart input suggestions are rendered with a transparent layer on top of Gboard’s suggestion strip. This structure maintains the trust boundaries between the Android platform and Gboard, meaning sensitive personal content cannot be not accessed by Gboard. The suggestions are only sent to the app after the user taps to accept them.

For instance, when a user receives the message “Have a virtual coffee at 5pm?” in Whatsapp, on-device system intelligence predicts smart text and emoji replies “Sounds great!” and “👍”. Android system intelligence can see the incoming message but Gboard cannot. In Android 11, these Smart Replies are rendered by the Android platform on Gboard’s suggestion strip as a transparent layer. The suggested reply is generated by the system intelligence. When the user taps the suggestion, Android platform sends it to the input field directly. If the user doesn't tap the suggestion, gBoard and the app cannot see it. In this way, Android and Gboard surface the best of Google smarts whilst keeping users' data private: none of their data goes to any app, including the keyboard, unless they've tapped a suggestion.

Additionally, federated learning has enabled Gboard to train intelligent input models across many devices while keeping everything individual users type on their device. Today, the emoji is as common as punctuation - and have become the way for our users to express themselves in messaging. Our users want a way to have fresh and diversified emojis to better express their thoughts in messaging apps. Recently, we launched new on-device transformer models that are fine-tuned with federated learning in Gboard, to produce more contextual emoji predictions for English, Spanish and Portuguese.

Furthermore, following the success of privacy-preserving machine learning techniques, Gboard continues to leverage federated analytics to understand how Gboard is used from decentralized data. What we've learned from privacy-preserving analysis has let us make better decisions in our product.

When a user shares an emoji in a conversation, their phone keeps an ongoing count of which emojis are used. Later, when the phone is idle, plugged in, and connected to WiFi, Google’s federated analytics server invites the device to join a “round” of federated analytics data computation with hundreds of other participating phones. Every device involved in one round will compute the emoji share frequency, encrypt the result and send it a federated analytics server. Although the server can’t decrypt the data individually, the final tally of total emoji counts can be decrypted when combining encrypted data across devices. The aggregated data shows that the most popular emoji is 😂 in Whatsapp, 😭 in Roblox(gaming), and ✔ in Google Docs. Emoji 😷 moved up from 119th to 42nd in terms of frequency during COVID-19.

Gboard always has a strong commitment to Google’s Privacy Principles. Gboard strives to build privacy-preserving effortless input products for users to freely express their thoughts in 900+ languages while safeguarding user data. We will keep pushing the state of the art in smart input technologies on Android while safeguarding user data. Stay tuned!

5 Reasons Why You Should Avoid Free VPNs

Virtual Private Network (VPN) is a technology that offers total security for all your digital activities. It serves as a barrier against third-party groups, hackers, cyber threats, malware, and sensitive data leakage. 

More than ever, we need to invest with high-end protection to ensure our privacy is never compromised. VPNs are of high demand due to the current condition where most people stay at home and work remotely. With increased online activity, it’s high time to protect your privacy. 

Free VPNs are enticing and offer ‘great’ security without extra cost. Their services are too-good-to-be-true, which you need to doubt and stay away from it. 

Are There Alternatives To Top-Rated VPN Providers? 

The threat of using free VPN is high as it does not offer robust encryption compared to paid services. It is better to pay for a cheap VPN service than to compromise your security. Affordable VPN services offer powerful data encryptions for people with limited budgets. They provide standard encryption technology to ensure your privacy is protected and your digital activities are secured. 

There are a few reliable and trusted VPN solutions that offer affordable VPN instead of using free services that threaten your security. These are great alternatives that won’t hurt your wallet but will surely be of great help, especially if you’re a constant internet explorer. 

5 Facts Why Free VPNs Are A No-No

Free VPN software keeps records of your digital activities and sells them to third parties. They offer encryptions that don’t ‘really’ mask your activities nor protect your identity. Free VPN services log all your sensitive data which is already a threat to your privacy. Aside from that, here are five things you need to remember: Free VPNs are a no-no. 

  1. Monitor And Sell All Collected Data

VPNs act as your protective barrier against digital threats while you’re online. It secures all your data, online activities, and private information against prying eyes, government surveillance, etc. VPNs blocked hackers and your ISP from collecting or selling data to gain profit. 

Free VPN shifts the message, and you become their milking cow to fund the service they offer in exchange for the data they collected from you. These sensitive data are then sold to third parties, and prose threats not just to your information, but your privacy is at stake. 

  1. Leaks IP Addresses

Robust VPN solutions offer total security and encryption on all your digital activities and traffic. It serves as your secret portal in the world wide web against cyber threats, hackers, and prying eyes. 

Using free VPN is like a tunnel with tons of holes that can leak your data or IP address. Hackers can track your activity, prying eyes can monitor you, and worse can expose you to tons of privacy threats. 

  1. They Are Not Safe

Free VPN solutions are risky. They are a dangerous threat to your security and privacy. Running a VPN service is pricey and offering it for free to users is fishy. That means your data are the menu served for other people to devour. 

  1. Aggressive Ads

Free VPNs practice aggressive ads that can go over a hit where you land into a hazardous site. It can expose you to tons of threats and hackers that can instantly access your information and files. High volume ads can also weigh your system down and affect browsing experience aside from privacy threats. 

  1. Malware Exposure 

Free VPN solutions contain malware that can damage not just your privacy but your devices. You have higher chances to get exposed with these nasty bugs when you download such software. Mobile ransomware and malware can steal your sensitive information like social security details and bank login details. 

Conclusion

Free VPNs are enticing and offer ‘robust security’ without the need to pay for hundreds of dollars a year. However, your security is at stake, together with your sensitive data, and information. 

Though it can help you stream region-restricted websites, you need to reconsider options and potential threats. Free VPNs are not safe; if you want to secure your digital presence, you can opt for an affordable VPN solution that offers high-end encryption to ensure your privacy and data is protected against potential hacks.

The post 5 Reasons Why You Should Avoid Free VPNs appeared first on CyberDB.

The Top 4 Tips for Keeping Your Digital Marketing Company Safe From Cyber Crime

As the Digital Age flourishes, more and more people are switching to working online and having businesses that revolve around all things digital and technological. A well-known example of this is the marketing industry. In recent years the marketing industry has converted to being almost entirely digital; thus creating the genre of marketing: digital marketing. Almost every company has or has the ability to reap the benefits of digital marketing, making this industry a lucrative and important one.

As more people are beginning or expanding their careers in digital marketing, there are some things that they should know; most notably, how to keep their digital marketing company safe from cybercrime. Cybercrime can impact and ruin people’s lives as hackers can steal, exploit, and tamper with personal information and accounts. And for a business that exists only digitally, it’s important to take the necessary precautions in order to keep the business safe.

What You Need to Know to Keep Your Company Safe

Whether you own a digital marketing business, or you work for one, it’s imperative that you take cybercrime seriously. An expert from a company that is a digital forensics investigator pointed out that cybercrime is becoming a common threat for internet users. He added that hackers are becoming more skilled as people’s dependence on technology increases. With that being said, here are 4 ways that you can protect your digital marketing business or your digital marketing job from cybercrimes.

1.    Be Sure to Keep All of Your Software Up to Date

This is perhaps one of the easiest ways that you can make sure that your digital marketing business is safe from cybercrime. One of the most common ways that hackers get into accounts and documents is by finding code defects in the software. When it comes to the software designers’ attention that there is a code defect, an update will come out that will fix this error. However, when people don’t update their software, hackers can see this and will enter the account, document, etc., through this code defect. Because hackers can see what software has been updated and what software hasn’t, it will be worth your while to keep all of your software up to date.

2.    Think About Email Marketing Security

To protect your marketing content and all of your clients’ personal information, you will have to make sure that your email marketing system is secure. Hackers are aware that email is one of the most essential tools in digital marketing, so will try to gain access to these accounts. 

Email marketing systems often hold crucial, yet sensitive information belonging to clients; therefore, you should utilize email marketing tools that feature security measures that will store sensitive information using encryption, and lock down access. To further ensure that your marketing email is secure, make it a point to train all employees on how to keep these systems secure and avoid data breaches.

3.    Encrypt and Back-Up Sensitive Data

Encrypting and backing up data is the best way to avoid a security breach and to prevent hackers from stealing all of your data in the event of cybercrime. Data encryption means to translate data into another code that only people with access to a decryption key/password can read it. Similarly, backing up data simply means to make copies of the data and store it on another device or in a cloud storage provider.

4.    Set Up Strict Limitations

It will be in digital marketing agencies’ best interest to set up strict limitations that will not allow employees to install unauthorized software or open files that contain viruses. Setting up strict digital limitations could potentially save you from a catastrophic event. By being proactive and setting up strict limitations will prevent malware from infecting your company’s computer and network.

Keep Your Digital Marketing Content Secure

Digital marketing companies are a common target when it comes to internet crime, so it’s necessary you do all that you can to avoid being hacked or exploited. To keep yourself, your employees, your clients, and your overall business safe and secure keep these 4 digital marketing security tips in mind.  Turning these tips into actions will significantly lower your chances of becoming a victim of cybercrime.

About the Author

Jennifer Bell is a freelance writer, blogger, dog-enthusiast, and avid beachgoer operating out of Southern New Jersey

The post The Top 4 Tips for Keeping Your Digital Marketing Company Safe From Cyber Crime appeared first on CyberDB.

Security settings nobody cares to check when installing new software and why it’s dangerous

We live in the age of cyberspace, and every day each of us is faced with the need to use information technology. The human online presence is boundless, starting from posting personal data on social networks, making online payments, and downloading new software. Thus, our smartphones and PCs contain a lot of information about us. And we become much more vulnerable to attackers online than in real life. Cybersecurity is one of the key aspects of life in the information era. All electronic information, services, and devices require protection and compliance with certain security rules. But users rarely use reliable anti-virus software or specialized solutions to protect against DDoS attacks and ignore security settings. What can be the outcome and how to avoid potential hazards?

What Is Cyber Threat?

Everyone must have met this term on social media. But what exactly does it mean? It is a malicious act that is aimed at data damaging and stealing or disrupting the smooth functioning of digital devices. One of the first known computer viruses was Elk Cloner spread in the wild in the early 1980s. But cyber threats do not remain static and become more sophisticated. Malware is often hidden in software that you install on your devices. And the likelihood of this risk increases if you download it not from a trusted source, but from the net. When installing new programs, it is important to be alerted by various warnings, especially if they want to access your personal data.

Types of Cyber Security Threats

Today there is a great variety of malicious programs that may unnoticeably pop in your computer and gadgets. The most common are the following ones:

Viruses are malware that joins another program and when it is launched (which usually happens through the user’s negligence), it begins to reproduce itself and modify other applications on the computer by implementing elements of its malicious code into them.

Worms are programs very similar to a virus. It is capable of self-replication and can lead to irreversible consequences for your system. However, the worms do not need to infect other files to reproduce.  They crawl into a computer and send their copies to all your contacts.

Trojans, also known as Trojan horses, are one of the most dangerous hazards. They usually try to trick you by disguising as useful programs. After entering the system, attackers gain free access to the infected computer. Trojans pave the way for other malicious objects, such as viruses and ransomware.

Ransomware is a program that blocks your device and encrypts your files. It demands a ransom to get the system restored. Ransomware is considered a weapon of choice for cybercriminals because it enables them to make significant profits in cryptocurrencies that are difficult to trace. The ransomware code can be easily obtained from the black market, and it is never easy to defend against it.

Adware is a code that is included in the software to display advertisements without the user’s knowledge. Often such programs collect and forward personal information about the user to their developer, change various browser settings, and create uncontrolled traffic by the user. All of this can lead to both security policy violations and direct financial losses.

Spyware collects information about an individual user or organization without their knowledge. This malware records which keys users press getting personal data such as usernames, passwords, or credit card details.

Rootkits are able to hide hazards from anti-virus programs. They give attackers access to administration of the infected computer. They usually go unnoticed by the user, other programs, and the operating system itself.

Cryptojacking is a type of malware that is becoming more widespread. These objects are used for hidden cryptocurrency mining and are usually installed using a Trojan program. As a result, intruders can use the resources of your computer to mine cryptocurrencies.

Main Mistakes That Cause Data Leakage

Sometimes users themselves create fertile ground for cyber threats. We ignore and neglect to implement many basic security measures. The risk of catching malware increases in the following cases:

·        A download of free software. Buy legal programs and register them. Free software often asks to install additional programs on your PC that may carry a serious threat.

·        Untimely software updates. Make sure your software is up to date. Take time to install automatic updates for your system as they reduce the vulnerability of your system. It should be downloaded from trusted software vendors.

·        Occasional downloads. Block pop-ups to prevent unwanted programs. The web browser you are using should be locked. This prevents potentially dangerous ads from being displayed on the screen. Google Chrome, Firefox, and Microsoft Edge have built-in blockers. Viruses often use the extensions .vbs, .shs, .exe, .scr, .chm, .bat. If the system asks to download or open such a file, cancel your previous actions.

·        Opening potentially unsafe attachments and links. Do not click on links or open attachments received from unknown e-mail addresses. One of the most important sources of malware is emails from scammers. It can initiate fishing even from the Spam folder. Remove unwanted emails from strangers or companies, no matter how friendly they may look. Immediately close sites that open on your computer without your consent. Never follow any links as a single click can lead to malicious software being downloaded to your computer.

·        Ignoring recommended security settings. There are some basic safety practices to follow to boost your device protection. Users often neglect them opening the way to attackers.

Steps on Protecting Your PC

Everybody can  And there is a whole list of such solutions that will optimize the security level of your devices.

1.      Create strong passwords

This is one of the key rules of cybersecurity. The password must consist of a complex combination of characters. Use a different password for each service and site and never share your passwords with anyone, keep them on paper, or enter them on third-party sites. Use other protection means where.  For Windows, for example, you can activate Windows Hello technology which uses the face recognition method to log in. You can also use password managers such as KeePass.

2.      Back up your system

This process ensures that all data is copied and stored in a separate place to avoid loss of information. If the original document is damaged, you can restore it from a copy stored in a safe place. OS developers give clear-cut instruction on how to do it:

 You can also use special cloud storage.

3.      Enable two-factor authentication

Most reputable online services support two-factor authentication. Enable it with a software token (available on Facebook, Twitter, Google, etc.) or with a one-time password with SMS delivery.

4.      Use VPN

Use a VPN to protect your network data from being stolen. Experts consider public Wi-Fi networks unsafe. When working with them, you should not enter access to passwords, logins, personal data. Use such an Internet connection only via a VPN.

5.      Install antivirus software

Reputable antivirus programs will allow you to more carefully select and examine any software for its potential danger. Besides, the antivirus software will additionally ask for confirmation of the download decision and make comments on the security of file installation.

Unfortunately, it is not possible to entirely eliminate the risk. But implementing good safety practices helps significantly reduce it. It is not difficult and often free of charge to boost your security. Timely actions can prevent a lot of potential hazards. It would be the best approach to create a safety checklist covering the above-mentioned tips and check its compliance regularly.

The post Security settings nobody cares to check when installing new software and why it’s dangerous appeared first on CyberDB.

The DRaaS Data Protection Dilemma

Written by Sarah Doherty, Product Marketing Manager at iland

Around the world, IT teams are struggling with choosing between less critical, but important tasks, versus focusing on innovative projects to help transform your business. Both are necessary for your business and need to be actioned, but should your team do all of it? Have you thought about allowing someone else to guide you through the process while your internal team continues to focus on transforming the business? 

DRaaS Data protection dilemma; outsourcing or self-managing?
Disaster recovery can take a lot of time to properly implement so it may be the right time to consider a third-party provider who can help with some of the more routine and technical aspects of your disaster recovery planning. This help can free up some of your staff’s valuable time while also safeguarding your vital data.

Outsourcing your data protection functions vs. managing them yourself
Information technology has raised many questions about how it really should be done. Some experts favour the Disaster Recovery as a Service (DRaaS) approach. They believe that data protection, although necessary, has very little to do with core business functionality. Organisations commonly outsource non-business services, which has driven many to consider the idea of employing third parties for other business initiatives. This has led some companies to believe that all IT services should be outsourced, enabling the IT team to focus solely on core business functions and transformational growth.

Other groups challenge the concept and believe that the idea of outsourcing data protection is foolish. An organisation’s ability to quickly and completely recover from a disaster - such as data loss or an organisational breach - can be the determining factor as to whether the organisation will remain in business. Some may think that outsourcing something as critical as data protection, and putting your organisation’s destiny into the hands of a third party, is a risky strategy. The basic philosophy behind this type of thinking can best be described as: “If you want something done right, do it yourself.”

Clearly, both sides have some compelling arguments. On one hand, by moving your data protection solution to the cloud, your organisation becomes increasingly agile and scalable. Storing and managing data in the cloud may also lower storage and maintenance costs. On the other hand, managing data protection in-house gives the organisation complete control. Therefore, a balance of the two approaches is needed in order to be sure that data protection is executed correctly and securely.

The answer might be somewhere in the middle
Is it better to outsource all of your organisation’s data protection functions, or is it better to manage it yourself? The best approach may be a mix of the two, using both DRaaS and Backup as a Service (BaaS). While choosing a cloud provider for a fully managed recovery solution is also a possibility, many companies are considering moving away from ‘do-it-yourself’ disaster recovery solutions and are exploring cloud-based options for several reasons.

Firstly, purchasing the infrastructure for the recovery environment requires a significant capital expenditure (CAPEX) outlay. Therefore, making the transition from CAPEX to a subscription-based operating expenditure (OPEX) model makes for easier cost control, especially for those companies with tight budgets.

Secondly, cloud disaster recovery allows IT workloads to be replicated from virtual or physical environments. Outsourcing disaster recovery management ensures that your key workloads are protected, and the disaster recovery process is tuned to your business priorities and compliance needs while also allowing for your IT resources to be freed up.

Finally, cloud disaster recovery is flexible and scalable; it allows an organisation to replicate business-critical information to the cloud environment either as a primary point of execution or as a backup for physical server systems. Furthermore, the time and expense to recover an organisation’s data is minimised, resulting in reduced business disruption.

Consequently, the disadvantages of local backups is that it can be targeted by malicious software, which targets backup applications and database backup files, proactively searching for them and fully encrypting the data. Additionally, backups, especially when organisations try to recover quickly are prone to unacceptable Recovery Point Objectives (RPO).

What to look for when evaluating your cloud provider

It is also essential when it comes to your online backups to strike a balance between micromanaging the operations and completely relinquishing any sort of responsibility. After all, it’s important to know what’s going on with your backups. Given the critical nature of the backups and recovery of your data, it is essential to do your homework before simply handing over backup operations to a cloud provider. There are a number of things that you should look for when evaluating a provider.
  • Service-level agreements that meet your needs.
  • Frequent reporting, and management visibility through an online portal.
  • All-inclusive pricing.
  • Failover assistance in a moment’s notice.
  • Do it yourself testing.
  • Flexible network layer choices.
  • Support for legacy systems.
  • Strong security and compliance standards.
These capabilities can go a long way towards allowing an organisation to check on their data recovery and backups, on an as-needed basis, while also instilling confidence that the provider is protecting the data according to your needs. The right provider should also allow you the flexibility to spend as much or as little time on data protection, proportional to your requirements.

Ultimately, using cloud backups and DRaaS is flexible and scalable; it allows an organisation to replicate business-critical information to the cloud environment either as a primary point of execution or as a backup for physical server systems. In most cases, the right disaster recovery provider will likely offer you better recovery time objectives than your company could provide on its own, in-house. Therefore as you review your options, cloud DR could be the perfect solution, flexible enough to deal with an uncertain economic and business landscape.

The Cyber Security Guide For Small Business Owners

Cybercrime isn’t limited to large corporations or wealthy individuals; it also targets small businesses. According to the U.S. Congressional Small Business Committee, a significant amount of cyber-attacks targeted businesses with less than 100 workers. A related study by the SMB CyberSecurity Report established that 50% of SMBs had experienced a security breach in the past.

The reason small businesses are targeted more than large corporations is that they’ve vulnerabilities in their networks. This means it’s easier to breach the networks of small businesses than it’s to penetrate large corporations. Small businesses don’t allocate sufficient time and funds to secure their networks. They also lack expert personnel, have outdated security programs, and fail to secure their endpoints. The following are some of the basic cybersecurity best practices for small businesses.

Use a Firewall

Setting up a firewall is one of the basic ways of defending your business against a cyber-attack. The Federal Communications Commission urges small businesses to have firewalls to prevent data breaches. Some organizations have a standard firewall and an internal firewall for additional protection. Employees working remotely should also set up firewalls on their home networks.

Put Your Cybersecurity Policies In Writing

When it comes to cybersecurity, it’s advisable to put your policies in writing. To get started, you can attend online training through the Small Business Administration Cybersecurity portal. You can get help with drafting your policies from the FCC’s Cyberplanner 2.0. Alternatively, you can request a comprehensive toolkit for cybersecurity best practices through the C3 Voluntary Program for Small Businesses.

Use The CIA Model

When it comes to establishing cybersecurity policies, you should use the CIA model to guide you. This model helps keep your business secure by protecting your data. The elements of this model are Confidentiality, Integrity, and Availability. First, you should make sure information can’t be accessed by unauthorized personnel. You can do this by encrypting the information.

Secondly, you need to protect data and systems from being altered by unauthorized personnel. This means you should ensure that the information is unchanged from the time you create it to the time it reaches the end-user. Lastly, ensure authorized personnel have access to information when they need it and that you update your applications whenever necessary.

Train Employees In Cyber Security Measures

After you have established security policies, the next step is to train your employees on how to incorporate these measures. For example, you should train your employees on how to create strong passwords. It would help if you also established rules that penalize employees for violating the business’s Cybersecurity policies. Make ground rules on how to manage and protect client data and other important information. For example, you may establish rules that all machines should have the latest security software, operating system, and web browser to guard against malware, viruses, and online threats.

Device a Plan For Mobile Devices

According to Tech Pro Research 2016 BYOD, 59% of businesses allow BYOD. There’s a high surge in the use of wearables like wireless fitness trackers and smartwatches. For this reason, small businesses should establish BYOD policies that emphasize the need for security precautions. Norton by Symantec also urges small businesses to encourage employees to set automatic updates and use a strong password policy for mobile devices that are tapping into the company’s network.

Back up Your Data Regularly

You may still be breached after observing all the necessary security measures. This is why you need to back up data regularly. You also need to back up data that is kept in the cloud because those servers could also be compromised. Store your backups in a safe place to guard against fire outbreaks and floods. Make sure your backups are up to date.

Apply Multifactor Identification

No matter how secure you think you’re, mistakes are inevitable. An employee can make a mistake that leaves your network vulnerable. Using the multifactor identification settings provides an additional layer of protection to your network. You can use employees’ phone numbers because it would be unlikely for a cybercriminal to have both the pin code and the password.

Secure Your Wi-Fi Network

If your business has a Wi-Fi network, you need to secure it. Encrypt and hide the Wi-Fi network, so it’s not accessed by unauthorized personnel. To hide the network, set up a wireless access point to prevent it from broadcasting the name of the network, also called the Service Set Identifier (SSID). Protect access to the router using a password. 

Endnote

Many businesses downplay the threat of cybercriminals, arguing that they don’t have significant assets or that their data is not worth a security breach. However, cybercriminals target the weak networks of small businesses more than the heavily secured networks of large organizations. For this reason, it’s important to observe cybersecurity practices to ensure your business and clients are secured from cyber thieves. The above measures will help you tighten the data security of your organization, making it more difficult for hackers to breach your systems.

The post The Cyber Security Guide For Small Business Owners appeared first on CyberDB.

CEO of exam monitoring software Proctorio apologises for posting student’s chat logs on Reddit

Australian students who have raised privacy concerns describe the incident involving a Canadian student as ‘freakishly disrespectful’

The chief executive of an exam monitoring software firm that has raised privacy concerns in Australia has apologised for publicly posting a student’s chat logs during an argument on the website Reddit.

Mike Olsen, who is the CEO of the US-based Proctorio, has since deleted the posts and apologised, saying that he and Proctorio “take privacy very seriously”.

Related: Coalition's university fee overhaul accused of being an 'attack on women'

Related: Dan Tehan’s threat to police university enrolments can’t plug the holes in the Coalition’s logic

Continue reading...

EasyJet reveals cyber-attack exposed 9m customers’ details

Airline apologises after credit card details of about 2,200 passengers were stolen
Q&A: are you affected and what should you do?

EasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyber-attack on the airline.

The company said on Tuesday that email addresses and travel details were accessed and it would contact the customers affected.

Continue reading...

The Guardian view on an NHS coronavirus app: it must do no harm | Editorial

Smartphones can be used to digitally trace Covid-19. But not if the public don’t download an app over privacy fears – or find it won’t work on their device

The idea of the NHS tracing app is to enable smartphones to track users and tell them whether they interacted with someone who had Covid-19. Yet this will work only if large proportions of the population download the app. No matter how smart a solution may appear, mass consent is required. That will not be easy. Ministers and officials have failed to address the trade-offs between health and privacy by being ambiguous about the app’s safeguards.

Instead of offering cast-iron guarantees about the length of time for which data would be held; who can access it; and the level of anonymity afforded, we have had opacity and obfuscation. It is true that we are dealing with uncertainties. But without absolute clarity about privacy the public is unlikely to take up the app with the appropriate gusto.

Continue reading...