Month: June 2023

Location Sharing Is Apparently Really Common Among Acquaintances vox.com

Rebecca Jennings, Vox:

Friends sharing their real-time locations with each other is a pretty recent facet of modern life. Though apps like Foursquare have been around since the dawn of the smartphone age, mass location sharing was only introduced around 2017, when Google rolled out location sharing on its Maps function and Snapchat launched Snap Map, allowing users to see where their contacts were at any moment. By the time Apple merged the Find My iPhone and Find My Friends apps into a single app called “Find My” in 2019, location sharing had become just another type of social networking, despite the fact that for many people, it still feels a little icky.

Shows how out of touch I am that I am only now learning this is an apparently common thing among friends. When Apple launched Find My Friends in 2011, these kinds of use cases were in its marketing pitch — why would someone need to know the location of their friends, even temporarily, “for a couple of hours for a dinner”? — and I do not know anyone who has actually used Find My in this way. None of my friends do; neither does my family.

U.S. FTC Settles With Amazon Over Insecure Ring Cameras ftc.gov

Lesley Fair, of the U.S.’ Federal Trade Commission:

Many consumers who use video doorbell and security cameras want to detect intruders invading the privacy of their homes. Consumers who installed Ring may be surprised to learn that according to a proposed FTC settlement, one “intruder” that was invading their privacy was Ring itself. The FTC says Ring gave its employees and hundreds of Ukraine-based third-party contractors up-close-and-personal video access into customers’ bedrooms, their kids’ bedrooms, and other highly personal spaces – including the ability to download, view, and share those videos at will. And that’s not all Ring was up to. In addition to a $5.8 million financial settlement, the proposed order in the case contains provisions at the intersection of artificial intelligence, biometric data, and personal privacy. It’s an instructive bookend to another major biometric privacy case the FTC announced today, Amazon Alexa.

To put the financial settlement in context, Amazon sold an estimated 1.7 million Ring cameras in 2021 — the most recent year for which I could find sales figures — and the cheapest Ring camera you could buy at the time retailed for $60. In response to years of contractor and public abuses of its insecure webcams, Amazon has to pay about three weeks’ worth of a single year of sales. That is hardly a punitive amount, and the FTC only says it is to be “used for consumer refunds”: sorry Amazon fibbed about the security of the cheap product it sold to 55,000 people, thus permitting many of them to be tormented and spied upon, but at least some of them can get their money back. And of course Amazon has to admit no culpability.

Russian Intelligence Baselessly Accuses Apple of Assisting the NSA in Breaching Officials’ iPhones therecord.media

Daryna Antoniuk, the Record:

Russia’s Federal Security Service (FSB) is accusing U.S. intelligence of hacking “thousands of Apple phones” to spy on Russian diplomats.

According to FSB’s statement published on Thursday, the U.S. used previously unknown malware to target iOS devices.

[…]

Russian intelligence claims that the investigation revealed that Apple is collaborating with the U.S. National Security Agency (NSA).

[…]

Oleg Shakirov, an expert on foreign policy and security at the Center for Strategic Research, said that this type of accusation — which he referred to as “quasi-attribution” — is not unusual for Russian authorities.

Kaspersky discovered this malware. It has affected devices running versions up to iOS 15.7, and it has been seen in use as early as 2019.

The FSB, for its part, has shown no proof of Apple’s involvement — nor has Kaspersky made such an accusation — and Apple denied those claims in a statement to Reuters. Creating a loophole for law enforcement or intelligence purposes would deviate from its longstanding objections and be a blatant violation of users’ trust. Furthermore, the NSA does not need Apple’s help; there are plenty of spyware developers with which it would be happy to sign a contract. Finally, it is an accusation made by a government agency, and should be treated with at least the same level of skepticism of a similar claim made by any other spy agency.

This is a serious accusation, made without any proof, and should obviously be rejected until substantive evidence is shown.