Privacy News Online | Weekly Review: September 25, 2020
Featured: Privacy News Online – Week of September 25th, 2020
TikTok and WeChat banned in the US? American users need a VPN
The U.S. Department of Commerce has issued an order to essentially ban Chinese apps TikTok and WeChat though the move has since been temporarily halted by a judge’s order. Additionally, the approval of TikTok’s sale to Oracle should also keep it from being banned. If removed from Google and Apple app, users will have to sideload the app or use a VPN to access the app store from another country. Those that have the app installed already will still be able to use it; however, the order is expected to eventually cause connectivity and reliability issues.
Researchers were able to figure out which American phone numbers use Signal
Whenever you sign up for a new messaging app, contact discovery lets you know which of your friends are already using that app so you can start chatting right away. The way that apps like Telegram, WhatsApp, and Signal do contact discovery has privacy flaws – chief among them is the fact that an attacker can enumerate users, that’s when they use contact discovery to test whether certain numbers are registered or not.
AT&T to offer ad supported phone plans where you give up privacy for $5 to $10
In a recent interview with Reuters, AT&T’s CEO John Stankey revealed that the phone company plans to offer ad-supported phone plans that are cheaper, but significantly less private. That doesn’t quite pass the smell test… The ad supported plans would cost less because you’d be agreeing to let AT&T track what you do on your phone. If that sounds like a deal with the devil, that’s because it is. Stankey said these plans will be offered within the next few years.
More Privacy News This Week:
Latest developments in the long-running and crucial Schrems vs. Facebook GDPR privacy battle
Max Schrems has been fighting a privacy battle in court with Facebook for seven years now. Most recently, Ireland’s Data Privacy Commission has warned Facebook that sending information on European users to American soil might need to stop. Even though this sounds like a good thing, the Data Privacy Commission’s word is unlikely to change how Facebook processes the private information of Europeans. Facebook is now arguing that sending data overseas is a necessity and GDPR compliant.
Companies Can Track Your Phone’s Movements to Target Ads
As smartphone makers are finally waking up to privacy concerns of ad tracking, and starting to require user consent to be tracked across services, ad companies now need a new way to target ads. There are a handful of companies that are hoping for a revival of contextual advertising – this time the context is how you move your phone. Changes in your phone’s accelerometer readings can be used to infer what you’re doing – whether that’s running, picking up your phone for the first time after waking up, or entering a pin.
Experts Say Internet Shutdowns Don’t Thwart Protests
Some governments around the world like Belarus and Ethiopia have taken to shutting down internet access during times of political unrest in a naive attempt to thwart protesters from organizing. Researchers have taken a close look at instances of internet shutdowns and have confirmed what we already know: internet shutdowns don’t thwart protests. In fact, they might just add more fuel to the fire.
Firefox bug lets you hijack nearby mobile browsers via Wi-Fi
A serious flaw has been found in older versions of Firefox for Android. The bug lets anyone on the same wifi network hijack Firefox for Android and redirect the browser to malicious websites. To stay safe, Android users must update to the latest version of Firefox.
Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw
Another week, another bluetooth vulnerability. Billions of devices reportedly vulnerable to BLESA, a Bluetooth LE spoofing attack. Unlike most Bluetooth security bugs, BLESA exploits an implementation flaw in the reconnection process which normally occurs when bluetooth devices come back in range of each other. You should be safe from BLESA if you’re running the latest version of Windows or iOS; however, there’s currently no fix for Android or certain IOT devices.
Brought to you by Private Internet Access
Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.
Special thanks to Intego
Thank you to Josh Long, our cybersecurity correspondent from Intego, makers of award-winning security software.