Spyware

Data Privacy Day – January 28, 2016

Data Privacy Day – January 28, 2016

Data Privacy Day (DPD) is an effort to empower people to protect their privacy, control their digital footprint and escalate the protection of privacy and data as everyone’s priority. Held annually on January 28th, Data Privacy Day aims to increase awareness of privacy and data protection issues among consumers, organizations, and government officials. DPD helps industry, academia, and advocates to highlight consumer privacy efforts.​

Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now a celebration for everyone, observed annually on Jan. 28.​

Data Privacy Day is led by the National Cyber Security Alliance, a non-profit, public private partnership focused on cyber security education for all online citizens. StaySafeOnline.org has many resources to help you, your family and your business stay safe online.

Free Security Check-Ups​ Check your computer for known viruses, spyware, and discover if your computer is vulnerable to cyber attacks.
https://www.staysafeonline.org/stay-safe-online/free-security-check-ups/

Check Your Privacy Settings​ One-stop shop for easy instructions to update your privacy settings wherever and however you go online.
https://www.staysafeonline.org/data-privacy-day/check-your-privacy-settings/

 Parent Resources Information regarding cyberbullying, child identity theft, Facebook for parents, social networking, etc.
https://www.staysafeonline.org/data-privacy-day/parent-resources

 Educator Resources​ Prepared educational materials for the classroom, K – 12th grades.
https://www.staysafeonline.org/data-privacy-day/educator-resources

 Business Resources Informational resources for businesses regarding bring your own device, information security, document destruction, compliance, data breach, and risk management. https://www.staysafeonline.org/data-privacy-day/business-resources

 Privacy and Domestic Violence Resources for domestic violence survivors and victims to help safeguard the privacy of their personal information.
https://www.staysafeonline.org/data-privacy-day/privacy-and-domestic-violence/

Should You Buy A Smart Toy For Christmas?

What toy should you put under the Christmas tree this year?  If you were thinking about buying a smart toy for Christmas, the Vtech hack may cause you to re-think your  decision.

For many parents the thought of their children’s personal data being stolen and made available online is the stuff of nightmares. So what exactly is a smart toy and should you be avoiding them in favor of a more traditional gift this year?

What happened to Vtech? Vtech’s tablets and other connected toys are all currently unable to access the app store. The Learning Lodge app store – which provides downloads of apps, games, music and books for toys made by VTech – had its database hacked on 14 November.

The personal information stolen, which was not encrypted, included the parent’s names, email addresses, passwords, secret questions and answers for password retrieval, IP addresses, postal addresses, download histories and children’s names, genders and birthdates. It has also been reported that photos, audio files and chat-logs were stolen – something that Vtech has not yet confirmed.

The numbers involved are huge – according to Vtech, 6.4 million children’s accounts were affected and it has now employed a security firm – Mandiant – to look at the damage and fix it. Until then, the app store will remain offline.

What’s the risk? If a toy is labeled “smart” then that probably means it’s connected to the internet in some manner, whether this be via an app, wi-fi or another method.

Security has not traditionally been an area of expertise for most toymakers so combining tech and toys could lead to problems.

Hello Barbie, another net-connected toy that can share conversations, games and stories with children, has also been subject to some scrutiny from security experts. Security researcher Matt Jakubowski discovered that conversations with children stored in the cloud can be accessed by others and that the toy can also be used as a surveillance device.

The risks of internet-enabled toys don’t end with security. Children confide in dolls and reveal intimate details about their lives, but Hello Barbie won’t keep those secrets. When Barbie’s belt buckle is held down, everything your child says is transmitted to cloud servers, where it will be stored and analyzed by ToyTalk, Mattel’s technology partner.

ToyTalk states that passwords are stored in a hardware-encrypted section of the doll and that no conversation history is stored on the toy. It also said that stored data is “never used for advertising purposes.

Do connected toys destroy imaginative play? Those days many children live large parts of their lives on the internet so it seems obvious that toymakers would want to tap into that cultural shift.

And many of the toys they make are attempting to bridge the gap between the real world and the digital one. Some critics point out that tech toys – like talking dolls and dinosaurs – may limit the imaginative play element that is part of more traditional toys.

What kind of limits will you be setting for your children this year?

Windows 10 Is Spying On You


Windows 10 is here and it’s faster, smoother and more user-friendly than any Windows operating system that has come before it. Windows 10 is everything Windows 8 should have been, addressing nearly all of the major problems users had with Microsoft’s previous operating system in one fell swoop.

But there’s something you should know: As you read this article from your newly upgraded PC, Windows 10 is also spying on nearly everything you do.

“It’s your own fault if you don’t know that Windows 10 is spying on you.” That’s what people always say when users fail to read through a company’s terms of service document, right?

Well, here is Microsoft’s 12,000-word service agreement. Some of it is probably in English. I’m pretty sure it says you can’t steal Windows or use Windows to send spam, and also that Microsoft reserves the right to take possession of your first-born child if it so chooses. And that’s only one of several documents you’ll have to read through.

Actually, here’s one excerpt from Microsoft’s privacy statement that everyone can understand:

Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
2.Protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;
3.Operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
4.Protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.

If that sentence sent shivers down your spine, don’t worry. As invasive as it is, Microsoft does allow Windows 10 users to opt out of all of the features that might be considered invasions of privacy. Of course, users are opted in by default, which is more than a little disconcerting, but let’s focus on the solution.

First, you’ll want to open Settings and click on Privacy. There, you’ll find 13 different screens — yes, 13 — to go through, and you’ll want to disable anything that seems at all intrusive or worrisome. Most of the important settings can be found on the General tab, though other tabs are important as well. For example, you’ll definitely want to adjust what types of data each app on your system can access.

Next, users should consider dumping Cortana. Yes, the voice-driven assistant is easily one of the best new features in Windows 10, but it also plays fast and loose with your data. As a result, many users will find that the benefits do not outweigh the risks.

To complete the third task, you’ll have to venture outside the confines of your PC and hit the web. Perhaps this is a good opportunity to check out Microsoft’s nifty new Edge browser. In it, click on this link and set both “Personalized ads in this browser” and “Personalized ads wherever I use my Microsoft account” to off. This will disable Microsoft’s Google-style ad tracking features.

The last tip is one that most users will likely skip, as it is a bit excessive. Some users are removing their Microsoft account from Windows 10 completely and using a newly created local account instead. This way, Microsoft doesn’t grab hold of all your data to sync it across machines. To me, that’s a pretty good feature so I’ve opted to keep it.

OpenDNS Internet Parental Control

Here’s another tool in the never ending battle against malware, drive-by and infected webpages – and this one is FREE

CISCO is currently in the process of buying OpenDNS to the tune of $635 million. That means very little to most people who probably haven’t even heard of OpenDNS until today. What’s important here is that even with that market valuation – YOU can still get this valuable service absolutely FREE!

OpenDNS is a company and service which extends the Domain Name System (DNS) by adding features such as phishing protection and optional content filtering to traditional recursive DNS services.

The OpenDNS Global Network processes an estimated 70 billion DNS queries daily from over 65 million active users across 160+ countries connected to the service through 24 data centers worldwide. Previously OpenDNS was an ad-supported service showing relevant ads when they show search results and a paid advertisement-free service. The free service has since evolved to no longer showing advertisements.

DNS services for personal/home use Back on May 13, 2007, OpenDNS launched a domain-blocking service to block web sites or non-Web servers visited based upon categories, allowing control over the type of sites that may be accessed. The categories can be overridden through individually managed blacklists and whitelists. In 2008, OpenDNS changed from a closed list of blocked domains to a community-driven list allowing subscribers to suggest sites for blocking; if enough subscribers (the number has not been disclosed) concur with the categorization of the site it is added to the appropriate category for blocking. As of 2014 there were over 60 categories. The basic FREE OpenDNS service does not require users to register, but using the customizable block feature requires registration.

Other free, built-in features include a phishing filter and a service called Phish Tank for users to submit and review suspected phishing sites.

The OpenDNS service consists of recursive nameserver addresses as part of their FamilyShield parental controls which block pornography, proxy servers, and phishing sites as well. The service works with any device connected to a single home network after the user makes a simple DNS change in their router. Instructions for making this change in all the popular routers and modem can be found on their support forums link below.

How does OpenDNS work?

  • Instantly blocks access to adult websites No complicated configuration FamilyShield is pre-configured to block adult websites across your Internet connection.  Just turn it on and go.  The filter is always up-to-date, adding new sites 24/7.
  • Flexible parental controls that protect every Internet-connected device in your home, instantly. When you set up FamilyShield on your router, every device in your home gets protected. That means everything: your kids’ Xbox, Playstation, Wii, DS, iPad, and even their iPhone.
  • Built-in anti-fraud and phishing protection Take the guesswork out of identifying fraudulent sites. FamilyShield automatically blocks phishing and identity theft websites.
  • Makes your Internet faster and more reliable Setting up FamilyShield frees you of frustrating, intermittent Internet outages and makes Web pages load faster, which makes your overall Internet connection faster.

Visit the following links for additional information:

The best tool for protecting your kids (or employees) from malware and porn: http://www.techrepublic.com/article/the-best-tool-for-protecting-your-kids-or-employees-from-malware-and-porn/

To get more information or get started protecting your family from internet challenges visit: https://www.opendns.com https://www.opendns.com/home-internet-security/

Getting Started Forums and FAQ’s https://support.opendns.com/home

CryptoWall Ransomware


What is CryptoWall?

CryptoWall is classified as a Trojan horse, which is known for masking its viral payload through the guise of a seemingly non-threatening application or file. Its payload involves encrypting the files of infected computers in an effort to extract money for the decryption key.

CryptoWall and viruses similar to it are also known as “ransomware” in that the infection offers the end user a means with which to remove the threat and recover all their files in exchange for paying a ransom. After they pay, the user is allowed to download and run a file and/or application to cleanup the infection or, in this case, decrypt the encrypted files to return them back to a working state.

Where does it come from?

Geographically speaking, that is unknown as of this writing. What is known regarding origins of infection is that CryptoWall is most typically spread through email as an attachment and from infected websites that pass on the virus — also known as a drive-by download.

Additionally, CryptoWall has been linked to some ad sites that serve up advertising for many common websites users visit on a daily basis, further spreading its distribution

How does it infect a computer?

The infection process, as stated previously, is pretty standard for a virus. However, once it gets a hold of the host computer, it begins by establishing a network connection to random servers, where it uploads connection information like the public IP address, location, and system information including OS.

Next, the remote server will generate a random 2048-bit RSA key pair that’s associated with your computer. It copies the public key to the computer and begins the process of copying each file on its pre-determined list of supported file extensions. As a copy is created, it’s encrypted using the public key, and the original file is deleted from the hard drive.

This process will continue until all the files matching the supported file types have been copied and encrypted. This includes files that are located on other drives, such as external drives and network shares — basically, any drive that’s assigned a drive letter will be added to the list. Also, cloud-based storage that stores a local copy of the files on the drive will be affected, and changes will propagate to the cloud as the files are changed. The automatic backup programs like Drop Box and One Drive will see that the local files have changed as they have been encrypted so it will automatically send the encrypted files offsite and there go your backup(s)

Finally, once the encryption process has completed, CryptoWall will execute some commands locally to stop the Volume Shadow Copy Service (VSS) that runs on all modern versions of Windows. VSS is the service that controls the backup and restoration of data on a host computer. It also controls file versioning, a feature introduced in Windows 7 that keeps histories of changes made to files. The file may be rolled back or restored to a previous version in the event of an unintended change or catastrophic event that causes the integrity of the file to have been modified. The command run by the virus stops the service altogether and also adds the command argument to clear/delete the existing cache, making it even more difficult to recover files through versioning or system restore. Then, CryptoWall simply deletes itself making it even more difficult to catch.

Will I know if my computer is infected?

There are two telltale signs that indicate CryptoWall has compromised a host computer.

When attempting to open certain files, such as .doc, .xls or .pdf, for example, the files are launched with the correct program; however, data may be garbled or not properly displayed. Additionally, an error message may be accompanied when trying to open infected files.

The most common indication will be the appearance of three files at the root of every directory that contains files that were encrypted by CryptoWall.

DECRYPT_INSTRUCTION.txt

DECRYPT_INSTRUCTION.html

DECRYPT_INSTRUCTION.url

Clicking on any of these files left behind in the wake of CryptoWall’s infection will lead the end user to step-by-step instructions necessary to carry out the ransom payment.

The HTML file will actually have a caption indicating the amount of time left on the ransom and how much money is being requested as payment. Typically, the ransom amount begins at $500 (USD), and the countdown timer provides for a period of three days in which to get payment to the requestor.

After the timer has reached zero, the caption will change. The new amount requested will double to $1,000 (USD) and the timer will provide a cutoff date and time. Usually, the timeframe is about one week, and it will indicate that if payment is not received before the cutoff time, the remote server housing the private key and decryption application to decrypt your files will be automatically deleted, making your files unrecoverable.

What are my options if my computer is infected with CryptoWall?

After having confirmed infection with CryptoWall, the next step for the end user is to decide if they are willing to pay the ransom to get their data back, or if they’re not going to pay and lose access to their data altogether.

Paying the ransom is an exercise in and of itself. Unfortunately, the ransom amount must be paid in Bitcoin, a digital currency that’s used to purchase goods and services, similar to US currency. However, due to its lack of regulation and general lack of acceptance, Bitcoin is a niche market and not as common as US currency.

Adding to the difficulty of procurement is that many exchanges that accept US currency for Bitcoins have limited purchases of larger Bitcoin amounts. There are also strengthened company policies that further restrict the accumulation of the necessary amount of Bitcoins to pay off the ransom. Many of these changes have come about as a direct result of the CryptoWall virus, with some exchanges known to cancel transactions and restrict accounts suspected of using their services to pay off the ransom. It’s definitely a Catch-22.

Though difficult, it’s still possible to open an account at an online exchange to begin funding the purchase of Bitcoins in order to pay the ransom in the time allotted. If neither time nor technology is on your side, another viable option is seeking out the services of an IT consultant with experience in this matter. They may be able to assist you in the overall recovery process of your data and may even be able to do so without incurring any penalty due to non-payment within the specified time frame.

Other Options?

Don’t just delete the encrypted files – save them somewhere for future decryption. In the recent past, government security experts have actually confiscated some of the Crypto servers and after working with them, they’ve been able to provide end users with the necessary decrypt codes and information to restore their lost data. Not a guarantee but still a possibility in the future.

Viruses, regardless of whether they’re attacking your files or stealing your banking credentials, are nuisances. We all need to contend with them as our connected lives stretch further out.

While there may be little recourse once infected, there are a lot of possibilities available to limit our exposure to infection and subsequent loss of data. We just need to be proactive enough to ensure that these fail-safes are in place and check on them from time to time.

As the old saying goes, “An ounce of prevention is worth a pound of cure” – Ben Franklin

Popular Password Security Company Hacked

LastPass, the Fairfax, Va-based company behind one of the most popular password management tools, announced Monday that it had suffered a security breach. Email addresses, password reminders and authentication hashes were compromised.’

CEO and co-founder Joe Siegrist said on the company blog that the LastPass team detected an intrusion on its systems last week. “We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network,” he wrote. “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”

LastPass lets its users store encrypted versions of their passwords for all their online accounts on servers in the cloud, sealing them off behind one master password. The tool offers people the ability to rely on one super strong passcode, rather than having to remember dozens of such codes of across the web.

The LastPass team has urged the users of its service to change their master passwords as soon as possible. It also recommends that its users strengthen their authentication procedures by adding a device-specific step: “We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. (Recently, the photo sharing app Snapchat announced that it would adopt two-factor authentication. And the car service Uber is reportedly exploring new verification measures, too.)

LastPass said that “encrypted user data was not taken,” and that “you do not need to change your passwords on sites stored in your LastPass vault.” For those who have reused their master password on other sites, however, the company recommends replacing those passwords.

“We are confident that our encryption measures are sufficient to protect the vast majority of users,” Siegrist wrote in his blog post. “Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email.”

Currently, the website is flooded with inquiries related to the breach. “Sorry, but we are currently experiencing an extremely high volume of support tickets due to our recent security announcement,” its contact page reads. “Please be patient while we try to respond to your questions and issues as quickly as possible. Anticipated wait times for non-critical issues are currently 3 days for Premium and over 5 days for free users.”

To recap: If you use LastPass, go change your master password immediately and set up two-factor authentication. And if you happen to use the same password to lock your LastPass account that you use to secure, say, your personal email or other online account, you should change that immediately, too.

ALERT: Is Your Network Infected With A Sleeper Ransomware Strain?

There is a new, challenging “sleeper” ransomware twist.

It’s called Locker and has been infecting employee’s workstations but sat there silently until midnight May 25, 2015 when it woke up. Locker then started to wreak havoc in a massive way.

Since this strain literally reared its ugly head, Reddit has a topic on it with over 600 comments. Bleepingcomputer has a support topic that is more than 30 pages long and they received 100s of emails from consultants all over the world. Based on their experience with cryptoware, they stated this strain has a large “installed” base, which does not bode well, Topics related to this new strain are suddenly being posted on all the major support boards, AV forums, etc.

It appears we have a new player in the Ransomware world, but they only charge 0.1 Bitcoin, something between 20 and 30 bucks. At the moment, it looks like the infection vector are compromised sports-websites that have exploit kits on them, and there is a compromised MineCraft installer out there.

Here is what it does:

  • A series of Windows services are used to install Locker on the computer and encrypt data files.
  • During the install process, Locker will check if the computer is virtual machine and terminate if detected.
  • Encrypts data files with RSA encryption, and does not change the file extension.
  • After the encryption it deletes your c:\ shadow volume copies and displays its ransom interface.
  • If your backups failed and you are forced to pay the ransom, once payment has been confirmed the ransomware will download the private key and automatically decrypt your files.

The files that are encrypted are the following types: .doc, .docx, .xlsx, .ppt, .wmdb, .ai, .jpg, .psd, .nef, .odf, .raw, .pem, .rtf, .raf, .dbf, .header, .wmdb, .odb, .dbf, and again. Locker does not change the file extension so users will get error messages from their applications that the file is corrupted.

LockerAs you see on the screenshot below, it presents a scary message in red at the bottom of the screen stating: “Warning any attempt to remove damage or even investigate the Locker software will lead to immediate destruction of your private key on our server!” This is just to force you into paying, not something to be too worried about. The amount is negligible, but the hassle and time is significant.

The initial discovery is very new and things are still somewhat murky, but we will keep you in the loop about any developments.

 

Relief From Password Pain

Wasting time on forgotten passwords is often very frustrating so not having to remember your passwords is the logical answer.  Many people also reuse their passwords multiple times on different websites which is also a big no-no.

In today’s world, most people who use the internet at home and at work have between 8 and 20 passwords to remember each and every day. PassPack™ just might be the answer for individuals, families and small business owners who need to keep track of multiple passwords as well as shared info between family members and co-workers.

1: Organization: Strong passwords combined with having too many passwords can cause headaches. The Passpack manager helps eliminate that by letting you tag, sort, search and manage multiple logins per site.

2: Everywhere Access: Passpack is web based and available to you from any web browser, anywhere, anytime, there’s no need to carry yet another device or install on multiple computers.

3: Collaborative: Family, co-workers and team members all need access to shared accounts. You can securely share and provision passwords using military grade encryption. You can even securely send passwords and messages to people you trust.

4: Easy To Use: Simply click your personal login button. Just install it once in any browser then click to login to your favorite websites.

5: Disposable Login’s: One unique feature of PassPack allows you to use disposable logins when you’re travelling or using a computer that is not your own. These disposable logins are a one-time use only and then it’s discarded protecting your private password information from key-loggers and other hacker tools designed to capture your info and identity.

So what makes PassPack different from many other password managers? You won’t have to pay a penny to use it. Passpack offers something better than a free trial – they have a free version that allows you to store up to 100 passwords, add a shared user (perhaps a family member) as well giving you 3 disposable logins.

If the Free version isn’t enough, you can upgrade to the next higher level at any time. The PRO version cost is $1.50 per month or if you have a group of people (say up to 15 shared users) the cost is only $4.00 per month (a paltry 27 cents per user).

The PassPack password manager works with the latest versions of Google Chrome, Firefox, Safari as well as Internet Explorer 7 and above.

Take a look and give it a try: www.passpack.com

Net Neutrality – What Does It Mean?


Last week the Federal Communications Commission (FCC) adopted stricter net neutrality rules that will basically treat the internet like a public utility.

What’s in the new regulations? There are three major principles that internet service providers—like Comcast, AT&T, Time Warner Cable, and Verizon—have to follow when sending data from their networks to your computer:

No blocking Internet service providers can’t prevent you from accessing “legal content, applications, services, or non-harmful devices” when you’re on the internet. This is intended to prevent censorship and discrimination of specific sites or services. Some open internet advocates worry the phrase “legal content” will create a loophole that might let internet providers block stuff they see as questionable on copyright grounds without a fair hearing.

No throttling Internet service providers can’t deliberately slow down data from applications or sites on the internet. That means, for instance, that a broadband company has to let all traffic flow equally, regardless of whether it’s coming from a competitor or a streaming video service like Netflix that uses a lot of data bandwidth.

No paid prioritization Internet service providers can’t charge content providers extra to bring their data to you faster. That means no internet “fast lanes,” because regulators fear they will lead to degraded service for anyone not willing to pay more.

If content providers or the networks that make up the internet complain about internet providers acting as gatekeepers for their users, the FCC says it will have the authority “to hear complaints and take appropriate enforcement action if necessary, if they determine the interconnection activities of ISPs are not just and reasonable.” It’s not clear yet what that will mean in practice.

Of course, this ruling could (and probably will) be challenged in the courts by the big broadband companies. But many internet advocates and stock investors are already shifting their focus to looming consolidation in America’s communications markets that could change the way Americans access the internet and consume video.

What Net Neutrality Means For Consumers?  Has anything really changed?
1: It won’t make your home broadband connection faster
2: It won’t eliminate your Wireless data usage cap
3: It won’t stop your wireless carrier from throttling your service when you reached your data threshold
4: It won’t create competition
5: It won’t improve your Friday night Netflix viewing experience
6: It won’t stop the Comcast-Time Warner Cable merger

So what will change as a result of these stricter regulations?
Nothing…. That’s the whole point. The Internet has always operated on this basic principle of openness, or Net neutrality. The decade long debate over how to implement Net Neutrality has really been a battle to make certain a level of openness is preserved. And the way to preserve it is by establishing rules of the road that let ISPs, consumers and innovators know what’s allowed and what’s not allowed on the Net.

The only things that do change are that the government now has its fingers in the pie and innovation will take a backseat to profit. The 2 worst possible outcomes for the internet and everyone involved.

See below what our local ISP’s have to say about this:

Verizon is not happy with the Title II regulations announcing their dissent on their blog with the heading “FCC’s Throwback Thursday Move Imposes 1930’s Rules on the Internet”. The remainder of the post was initially written and released in “Morse Code”: http://publicpolicy.verizon.com/blog/entry/fccs-throwback-thursday-move-imposes-1930s-rules-on-the-internet

Comcast’s public stand on Net Neutrality: http://corporate.comcast.com/openinternet?utm_source=google&utm_medium=ppc&utm_campaign=TWCMerger_NB_Natl_Exact&utm_term=net%20neutrality-73498182-VQ16-c&iq_id=73498182-VQ16-c

What Happens To Our Privacy When The Internet Is In Everything?


As the number of internet connected devices — also known as the Internet of Things — continues to grow, so too does the number of devices using voice recognition technology as an interface to allow for hands free control.

Last fall, Amazon revealed a connected speaker with a Siri-style assistant named “Echo” that can perform tasks like adding items to your ecommerce shopping basket on command. At the recent CES conference, Internet connected ‘smart TVs’ which let couch-potatoes channel-hop by talking at their screen, rather than pushing the buttons of a physical remote control are now even more common. It’s clear that the consumer electronics of our future will include more devices with embedded ears that can hear what their owners are saying. And, behind those ears, the server-side brains to data-mine our conversations for advertising intelligence.

The potential privacy intrusion of voice-activated services is massive. Samsung, which makes a series of Internet connected TVs, has a supplementary privacy policy covering its Smart TVs which includes the following section on voice recognition:

“You can control your SmartTV, and use many of its features, with voice commands. If you enable Voice Recognition, you can interact with your Smart TV using your voice. To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you. In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use od Voice Recognition.”

This Samsung example is just the latest privacy-related concern involving SmartTVs — many of which routinely require users to agree to having their viewing data sent back to the TV maker and shared by them with advertisers and others simply in order for them to gain access to the service. The clarity of wording in Samsung’s privacy policy is unique — given that it amounts to warning users not to talk about private stuff in front of your TV screen because multiple unknown entities can listen in.

Creepy is an understatement here. As usual, these “Privacy Policy” warnings are contained within the most often overlooked type of document on the Internet so will easily go unnoticed by the average user.

If the SmartTV owner realizes how ridiculous this is, Samsung does at least allow them to disable the eavesdropping voice recognition ‘feature’, and instead use a more limited set of predefined ‘voice commands’ — and in that instance says it does not harvest their spoken words.

However it will still gather usage info and any other text-based inputs for data mining purposes, as it also notes further down in the policy. So an entire opt-out of being tracked is not part of this very expensive package.

If you do not enable Voice Recognition, you will not be able to use interactive voice recognition features, although you may be able to control your TV using certain predefined voice commands. While Samsung will not collect your spoken word, they may still collect associated texts and other usage data so that we can evaluate the performance of the feature and improve it.

Samsung states: “You may disable Voice Recognition data collection at any time by visiting the “settings” menu. However, this may prevent you from using all of the Voice Recognition features.”

An Internet connected TV that eavesdrops on the stuff you say when you’re sitting on the sofa or watching TV in bed is just the latest overreaching privacy intrusion to come to light for consumers. As technology continues its ever onward march, it’s unlikely to be the worst, and certainly won’t be the last. As more smart devices are deployed in our homes, cars and lives are networked and brought online, and given the technical ability to snoop on us — there is a growing imperative to clean up the darker corners of the digital commerce environment. As consumers we need to insist on setting some boundaries on what is and is not acceptable. Just last month the FTC even warned us of the huge security risks in the Internet of Things.

What happens to our privacy when the Internet is in everything? When all the technological things in your home have networked ears that are fine-tuned for commercial intelligence gathering, where will you go to talk about “personal” or “sensitive” stuff?

ActSmartDentalThe Most Dental IT Experience
on the South Shore!

David’s Blog Archives
Our Clients Say:
Everybody @ ActSmart is WONDERFUL! We are very relieved to have you on our team & know that we are in great hands. ~Leslie, Glivinski & Associates
Proud To Be:
Attention Dental Practices:

We Offer:
Follow Us: