Advertise here
Advertise here

gathering

now browsing by tag

 
 

Apple to iPhone, Mac users: Here’s why our data gathering doesn’t invade your privacy

45122_emojitogetherlarge2x Apple to iPhone, Mac users: Here's why our data gathering doesn't invade your privacy

The results of Apple’s massive data collection allow it to see, for example, differences across keyboard locales.


Apple

Apple has added a new post to its Machine Learning Journal that explains how it’s using differential privacy to protect users, even when collecting very sensitive data such as keystrokes and the sites users visit.

This type of data collection occurs when users opt in to share usage analytics from macOS or iOS, allowing Apple to collect “privatized records”.

Apple introduced differential privacy in iOS 10 in support of new data collection aimed at improving QuickType, emoji suggestions, Spotlight suggestions, and media playback features in Safari.

The system works on the basis that statistical noise can be added to data on the device before it’s shared with Apple.

The post, Learning with Privacy at Scale, is Apple’s seventh issue in its first volume on the site that goes into detail about its machine-learning projects and how they impact its products. This one offers a deeper dive into its differential privacy framework and serves to reassure users that it’s not slurping up extremely private information.

It says its approach to differential privacy on the device allows data to be “randomized before being sent from the device, so the server never sees or receives raw data”.

The records arrive at a restricted access server where IP addresses are dropped. Apple says at that point it can’t tell if an emoji record and a Safari web domain record come from the same users. Apple then converts the records into aggregate compute statistics that are shared with relevant teams at Apple.

When users opt in to share device analytics, Apple defines a “per-event privacy parameter” and limits the number of records that are transmitted by each user per day.

Users can see the reports in iOS by going to Settings Privacy Analytics Analytics Data in entries that begin with ‘DifferentialPrivacy’. Mac users can see them in the Console in System Reports. Apple also offers sample images to show users how the reports can be identified.

Apple has what it calls an ‘injestor’ where metadata such as timestamps of records is removed and the records are grouped by use case. The records are then passed to an ‘aggregator’ for statistical analysis.

The end result of all this processing is that Apple can now, for example, tell which are the most popular emojis, and in different languages, which in turn helps it improve predictive emoji on the iOS keyboard.

Apple can also identify websites that are energy and memory hogs in Safari on iOS and macOS. Apple’s browser can detect these domains and report them to Apple using its differential privacy framework.

It also helps identify the websites that users want Auto-play enabled, which Safari began automatically blocking with macOS High Sierra.

The third benefit to Apple is that can discover new words, which help it improve its on-device lexicons and autocorrect.

Previous and related coverage

Apple reported a spike in secret national security orders this year

Device and requests went down, but secret and classified orders spiked by more than three-fold.

In defending China demands, Apple loses privacy high ground

Deep dive analysis: Apple says it will ‘follow the law’ wherever it does business. But questions remain over what happens — and how the company will react — when the laws fall foul of the company’s privacy promises.

Google faces inquiry in South Korea over gathering location data from Android phones

After Google reportedly confirmed the practice of gathering location data from Android devices even when the service was disabled by users, regulators in South Korea summoned representatives of the tech giant this week for questioning.

27d66_google-reuters-380p Google faces inquiry in South Korea over gathering location data from Android phones

Google. Reuters.

Data protection officials in Britain are also looking into the matter, CNNMoney reported on 24 November. The probe in South Korea follows a report by Quartz which found that Android phones have been collecting the addresses of nearby mobile towers — even when location services are disabled — and sending that data back to Google.

This makes search engine giant and the unit of Alphabet behind Android to have access to huge amount of data that invades their privacy. Users cannot opt out of this even when their devices are factory reset, the report said.

Google reportedly confirmed the move which was undertaken “to improve the speed and performance of message delivery”. The Korea Communications Commission (KCC) “is carrying out an inquiry into the claims that Google collected users’ Cell ID data without consent even when their smartphone’s location service was inactive,” Chun Ji-hyun, head of KCC’s privacy infringement division, told CNNMoney on 24 November.

Google said Android phones are no longer requesting Cell ID codes, and collection should be phased out this month.

New digital ‘hurricane’ churns, gathering strength to land blow on the internet

Just as hurricane trackers chart storms in the Atlantic before they make landfall, cybersecurity researchers track viral infections that threaten mayhem. They’ve found a doozy.

A massive zombie robotic network, or botnet, has expanded to infect “an estimated million organizations” and could bring corners of the internet to its knees, an Israeli cybersecurity company, Check Point Software, says.

“The next cyber hurricane is about to come,” Check Point says.

Several cybersecurity researchers Monday confirmed Check Point’s findings, saying the botnet could replicate, and perhaps dwarf, the Mirai botnet that almost exactly a year ago took down major websites on the Atlantic Coast, crippling a part of the internet’s backbone and slowing traffic to a crawl.

It could be something that’s meant to create global chaos.

Maya Horowitz of Check Point Software

The botnet, which has been named either “Reaper” or “IoTroop,” was first detected in mid-September. A Chinese cybersecurity firm, Qihoo 360, says the botnet is swelling by 10,000 devices a day, forcibly recruiting foot soldiers in an ever-larger invisible rogue army.

Cybercrime gangs form botnets by infecting internet-enabled devices, often wireless cameras or routers with weak security features. Once corralled, controllers can send commands for the botnet to overwhelm a target, knocking its website off line or crippling the internet.

The new botnet has spread across the United States, Australia and other parts of the globe, researchers say, although Check Point notes that “it is too early to assess the intentions” of those propagating the infection.

“It could be something that’s meant to create global chaos,” Maya Horowitz, threat intelligence group manager at Check Point, said in a telephone interview from Israel. “But it could be something that’s more targeted,” perhaps aimed at a country or industry.

She said it is unlikely that cybersecurity experts will be able to halt an eventual attack.

“The chances are pretty low for that,” Horowitz said, adding that like an epidemic of infectious disease, “each infected device is looking for other devices to compromise.”

The motive more than ever is money.

Robert Hamilton of Imperva Incapsula

Criminal hackers are assembling increasingly powerful botnets.

“They are getting bigger and badder,” said Robert Hamilton, director of marketing at Imperva Incapsula, a Redwood Shores, California, cybersecurity firm that offers technology to mitigate botnet attacks.

“The motive more than ever is money,” he said, adding that criminal gangs send ransom demands to companies threatening to hit them with a distributed denial-of-service, or DDoS, attack unless paid off.

“We had a client that received a letter that said ‘if you don’t pay us, we are going to bring your websites down with a DDoS attack,’” Hamilton said. “This was a client that you’d definitely recognize their name,” declining to specify the company.

Last year’s Mirai botnet attack hit Dyn, a New Hampshire company that provides backbone services for the internet. Imperva says it found 49,657 infected devices spread over 164 countries. The top infected countries were Vietnam, Brazil and the United States.

Scores of major companies were hit in that Oct. 21, 2016, attack, including Netflix, Twitter, Spotify, HBO, Amazon, CNN, ancestry.com and Comcast.

The new botnet is based on the source code for Mirai, Horowitz said, “but about 100 different functions have been added … and it has the potential to reach many, many more devices.”

The malware creating the botnet is infecting a variety of Internet of Things (IoT) devices but has been found with functions to target networking gear or routers manufactured by D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys and Synology, Check Point said.

“Since Reaper is exploiting a number of known vulnerabilities in different IoT devices, this botnet could definitely be much more disruptive than Mirai,” said Merike Kaeo, chief technology officer at Farsight Security, a San Mateo, California, cybersecurity firm. “Known security issues in cameras, televisions, home routers, and any other internet-connected devices need to be addressed and fixed.”

Consumers can do their bit by checking to ensure that “all of their internet-connected devices, especially home routers, have the latest firmware upgrades and security patches installed,” Kaeo said.

New digital ‘hurricane’ churns, gathering strength to land blow on the internet

Just as hurricane trackers chart storms in the Atlantic before they make landfall, cybersecurity researchers track viral infections that threaten mayhem. They’ve found a doozy.

A massive zombie robotic network, or botnet, has expanded to infect “an estimated million organizations” and could bring corners of the internet to its knees, an Israeli cybersecurity company, Check Point Software, says.

“The next cyber hurricane is about to come,” Check Point says.

Several cybersecurity researchers Monday confirmed Check Point’s findings, saying the botnet could replicate, and perhaps dwarf, the Mirai botnet that almost exactly a year ago took down major websites on the Atlantic Coast, crippling a part of the internet’s backbone and slowing traffic to a crawl.

It could be something that’s meant to create global chaos.

Maya Horowitz of Check Point Software

The botnet, which has been named either “Reaper” or “IoTroop,” was first detected in mid-September. A Chinese cybersecurity firm, Qihoo 360, says the botnet is swelling by 10,000 devices a day, forcibly recruiting foot soldiers in an ever-larger invisible rogue army.

Cybercrime gangs form botnets by infecting internet-enabled devices, often wireless cameras or routers with weak security features. Once corralled, controllers can send commands for the botnet to overwhelm a target, knocking its website off line or crippling the internet.

The new botnet has spread across the United States, Australia and other parts of the globe, researchers say, although Check Point notes that “it is too early to assess the intentions” of those propagating the infection.

“It could be something that’s meant to create global chaos,” Maya Horowitz, threat intelligence group manager at Check Point, said in a telephone interview from Israel. “But it could be something that’s more targeted,” perhaps aimed at a country or industry.

She said it is unlikely that cybersecurity experts will be able to halt an eventual attack.

“The chances are pretty low for that,” Horowitz said, adding that like an epidemic of infectious disease, “each infected device is looking for other devices to compromise.”

The motive more than ever is money.

Robert Hamilton of Imperva Incapsula

Criminal hackers are assembling increasingly powerful botnets.

“They are getting bigger and badder,” said Robert Hamilton, director of marketing at Imperva Incapsula, a Redwood Shores, California, cybersecurity firm that offers technology to mitigate botnet attacks.

“The motive more than ever is money,” he said, adding that criminal gangs send ransom demands to companies threatening to hit them with a distributed denial-of-service, or DDoS, attack unless paid off.

“We had a client that received a letter that said ‘if you don’t pay us, we are going to bring your websites down with a DDoS attack,’” Hamilton said. “This was a client that you’d definitely recognize their name,” declining to specify the company.

Last year’s Mirai botnet attack hit Dyn, a New Hampshire company that provides backbone services for the internet. Imperva says it found 49,657 infected devices spread over 164 countries. The top infected countries were Vietnam, Brazil and the United States.

Scores of major companies were hit in that Oct. 21, 2016, attack, including Netflix, Twitter, Spotify, HBO, Amazon, CNN, ancestry.com and Comcast.

The new botnet is based on the source code for Mirai, Horowitz said, “but about 100 different functions have been added … and it has the potential to reach many, many more devices.”

The malware creating the botnet is infecting a variety of Internet of Things (IoT) devices but has been found with functions to target networking gear or routers manufactured by D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys and Synology, Check Point said.

“Since Reaper is exploiting a number of known vulnerabilities in different IoT devices, this botnet could definitely be much more disruptive than Mirai,” said Merike Kaeo, chief technology officer at Farsight Security, a San Mateo, California, cybersecurity firm. “Known security issues in cameras, televisions, home routers, and any other internet-connected devices need to be addressed and fixed.”

Consumers can do their bit by checking to ensure that “all of their internet-connected devices, especially home routers, have the latest firmware upgrades and security patches installed,” Kaeo said.

Health department begins gathering public data for state assessment – Casper Star

Whenever Seth Klamann posts new content, you’ll get an email delivered to your inbox with a link.

Email notifications are only sent once a day, and only if there are new matching items.




Advertise here