Tag: privacy

Posted on

The new WhatsApp Terms and Conditions of Use [Clarification – Jan 21st]

Let’s start with this passage from the article in The Register referred to below where the founder of WhatsApp talks about his reasons for creating WhatsApp …

“When WhatsApp was acquired by Facebook in 2014, it promised netizens that its instant-messaging app would not collect names, addresses, internet searches, or location data. CEO Jan Koum wrote in a blog post: Above all else, I want to make sure you understand how deeply I value the principle of private communication. For me, this is very personal. I was born in Ukraine, and grew up in the USSR during the 1980s

One of my strongest memories from that time is a phrase I’d frequently hear when my mother was talking on the phone: ‘This is not a phone conversation; I’ll tell you in person.’ The fact that we couldn’t speak freely without the fear that our communications would be monitored by KGB is in part why we moved to the United States when I was a teenager.

Two years later, however, that vow was eroded by, well, capitalism, and WhatsApp revealed it would be “coordinating more with Facebook,” and gave people the opportunity to opt out of any data sharing. This time around, there is no opt-out for the sharing of data with Facebook and its tentacles. Koum left in 2018.”

So this all started 4 years ago, when WhatsApp announced a change to their Terms and Conditions (Ts&Cs) – the first change in many years, and the first since being taken over by Facebook. It was possible to opt out of this change which was announced as only to “improve the experience of Facebook users” (that’s kind of them – do I believe that?).

I don’t know whether I chose to opt out, I suspect I did, but I have no way of knowing!!! Whatever … I only had 30-days to opt out then, and I can’t go back and opt-out now.

I was alerted to the current impending change on February 8th, which is a take it, or leave it choice by this article in a well respected techie (UK-based) blog – The Register. It’s subsequently been updated, and may be updated again I suspect as more information is squeezed out of Facebook.

You may remember in a Group meeting before Christmas I referred to the repatriation of UK-data to the US as a consequence of Brexit. So far Facebook and Google (and there could be more) have announced their attention to do just that, and others will undoubtedly follow. Free from Europe, our government has said we will follow GDPR (it had very little option), but the US tech companies see the wisdom of not having a European base for their (our) data and are hopeful of less stringent Federal privacy restrictions under a new Democratic Party controlled Senate committed to introducing legislation.

Once out of the European protection, we in Britain could in the course of time, and after the repatriation of Facebook data to California (read the article above), be deemed not to be part of the European area and so the protection offered by WhatsApp/Facebook suggested in this article in “The i“, would cease to apply. So the short-term acceptance of these Ts&Cs thinking they don’t apply to us, might be scuppered should the data-hosting move to the US. [I think it’s clear to me that those in the EU will continue to be offered an opt-out – the market is too large for them to enforce a retrospective acceptance, but we in the UK …. !!!]

[Clarification] I should have made it clear that it is not the data that’s being repatriated as this could be held on many servers all around the world, but it is the legal ownership of our accounts that is being repatriated. The US Tech Corps have been “troubled” by the number of Anti-Trust, and Anti-Competitive legal cases that have been brought against them in the EU just recently. Being found guilty can subject those companies to very high levels of fines. In addition the tax haven which was Ireland has been challenged which provides another impetus to move their (that is Facebook and Google) offices back to the US. So far Twitter and Apple have stood alone as companies that have decided to stay in Ireland, whilst Amazon is based in Luxembourg. So it’s not just Privacy that is a driver to repatriate our accounts.]

No certainties, just doubts and that’s where mistrust comes in.

As of today, I’m at a loss to know what to advise. I’m hopeful of further clarification in the days to come, but I’ll leave acceptance of the new Ts&Cs to the last few days before February 8th.

[NB. I’m posting both these articles on the Public Thought grazing site as well.]

Please Comment below, or in the Topic on the Privacy and the Internet Forum.

Posted on

Why do I dislike Facebook (Fb)? [Addendum – Jan 21st]

I was challenged with this question last Thursday when I told my family about the intended changes to the WhatsApp Terms and Conditions of Use. I didn’t reply to my IT-savvy son until this morning when I was first asked to agree to these new Ts&Cs. This is what I wrote …

“It starts with trust, and then you work away from that. It’s what a company does with information and whether you can then trust them to handle it properly. Google+ was a closed system that you opened up; Fb is an open system that even though it has Privacy Controls – which you need a degree to work out how to set them – essentially allows them to do anything with what appears on their platform.

You take a photo – you don’t retain copyright, you assign that right to them when you publish to the platform. You have to struggle to find a way to opt out of adverts (understandably – that’s how they make their money) – you are conned into thinking that in allowing them, you will get a better experience.

For whom? For you – no, they’re just an annoyance to me, but for others they just drive people to buy stuff they might not want/need. For them – yes, that’s how they drive income and more.

So it’s the more that’s more interesting and insidious because what they do with that information leads to targeting people with posts, hence my reference to Brexit and Trump. [I had said in my brief first reply – Cambridge Analytica, Brext and Trump.] The algorithms behind the scenes work the data and susceptible people get targeted with posts as well, not just adverts. I could go on, but as I said – it’s all about Trust, and Fb as a company is one that I just don’t trust. [Addendum: Fb would say that it’s not them that uses the data; but we now have plentiful evidence that Fb Service Users have found ways of manipulating the data they have access to as Fb Business Users.]

Getting data from WhatsApp was something they committed at take-over they wouldn’t do. Now they are starting to do just that. Next step targeted adverts on a platform which is advert free; then “posts from others you might be interested in” – not the encrypted ones, but ones from Public Figures. Then “oh! dear” we have to drop encryption because of new privacy laws in the US. [Aside: is it a coincidence that Google, Twitter and Fb appear to be more privacy focussed since the Republicans lost control of the Senate and they just might want to be on the right side of the argument that’s going to come in the US in the next four years ].

So I always logout of Fb to stop them tracking me; I suspect that WhatsApp will have a mechanism that prevents a user from being disconnected so Fb with these new Ts&Cs will be tracking as well as getting the other personal info from users. [However, see the addendum below which has caused me to change my views on that.]

Please feel free to comment either on the post, or in the Topic I’ve created to discuss the subject in the Privacy and the Internet Forum.

Addendum: After posting this article, a former colleague provided a link to a page on Facebook’s website. That article is included in the many posts to Flipboard I’ve added in the past three weeks. However, it’s worth looking at, particularly as it affects the advice I’ve given many times to Logout of your Fb account. It would appear that Fb’s reach is wider than I thought, and so I can only now recommend that you logout. Some salient passages from the article …

When does Facebook get data about people from other websites and apps?
Many websites and apps use Facebook services to make their content and ads more engaging and relevant. These services include:

Social plugins, such as our Like and Share buttons, which make other sites more social and help you share content on Facebook;

Facebook Loginwhich lets you use your Facebook account to log into another website or app;

Facebook Analytics, which helps websites and apps better understand how people use their services; and

Facebook ads and measurement toolswhich enable websites and apps to show ads from Facebook advertisers, to run their own ads on Facebook or elsewhere, and to understand the effectiveness of their ads.

When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook.

I’ve added the emboldening to the last paragraph. So it means that if you do any of the above things on a site that uses Fb Services (ie pays to advertise on the Fb platform) personal information will be transferred to Fb.

Finally, if you’re just a bit more curious about Facebook’s Data Policy, take a read of this and be just a little gobsmacked at what’s going on behind the scenes and just consider it might be worthwhile reviewing your security settings. In particular look at the last section which explains how your information will be shared and especially look at the last part where they describe what they do with third-party partners (eg Cambridge Analytica ???).

Facebook have attempted to respond to the uproar about privacy with the announcement, and release of a Clear History Tool – and you should take a look at this page which explains What off-Facebook Activity means and describes how Fb’s third-party partners and business service providers may be interacting with Fb, and you.

Now you might realise why I dislike Facebook – they’ve lost my trust, and it’s just too much effort to make sure I’ve closed all the doors to protecting the personal information they hold on me.

Posted on

You, groups, flickr and privacy

Most of the time people join flickr to showcase their photos, to get faves, and to get comments (hopefully both positive and constructive) to enable them to improve their photography. The photos you upload are shown in your flickr Photostream (or Camera Roll) which you can browse and put into Albums. You can create your own Galleries of your (and other people’s) images; Fave images that appear in your Activity stream (see later) and Follow people whose photos you like.

We’ll start by looking at the default privacy settings you can apply to the images you upload. The Settings page is accessed from your profile tab …

… which gives you access to a page with these headings …

… clicking on Privacy and Permissions brings up this screen – from which you should first look at Defaults for new uploads

Read carefully the Note: “if you add something to a group pool, that group’s members will be able to view and add notes, comments or tags, regardless of privacy settings.” There’s no privacy within a group. All members of the group can see all members’ photos. If you’ve declared your image to have restricted viewing to Friends, or Family however they will not be visible for public viewing in the group, even though the group page might be visible for public viewing.

After uploading your photos they will (unless you’ve changed the default settings) appear by default in the Activity stream which you can access from the flickr logo …

… from which you will also be able to see the images of the people and groups you follow. This is the default view when you open Flickr on a mobile device.

Any photo you fave is then attached to your account so that you can return to view it on a later occasion.

It is also possible – unless you’ve prevented it – for someone to download the photo, or add it to their own Photostream as their own! You might wish to check your settings to prevent that happening.

… and …

… so it’s important that you know what you’re doing when you follow someone – I certainly wouldn’t recommend the default setting of “Anyone”.

There are occasions however when you might wish to keep your photos completely private, or to share them privately within a Group. The settings in flickr to allow this are not exactly as intuitive as they might be so this post continues by seeking to help understand how you can “hide” your photos from the Public photostream, but to show them within a Group. Let’s start there.

Groups can either be Public, open to invited membership (or upon application to join) and then also to be Private. Note especially carefully the note attached to Invite-Only Group which can be either Public or Private … “Anyone can view an Invite-Only group page …”

The last case is obviously the most restrictive and in this situation a Group is setup by a Flickr member and they invite either existing Flickr members, or non-members to join the group.

They will be sent an invite to join flickr, and the Group, as a member. You can therefore appreciate that you have to be a flickr member to view Photos which are in a Group. However if they’re not hidden from the Activity Stream by changing the default privacy settings (as above) and if it isn’t a Private group – they’ll still be visible to anyone unless you’ve also changed your search profile …

For the Invite-Only Group which has not been declared Private it is important to note that anyone (even non-Flickr members) can view the group page, so as we shall next, if you want your photos to be completely invisible to the outside world, you’ll have to do something else to make them invisible!!

If you want to keep your photos visible only to members of a Group, you need to specify on the Default privacy settings page either “Your friends”, or “Your family” depending upon the nature of the Group; similarly you should restrict Comments (and Notes, Tags and People) to “Your friends and family”.

However these settings will then apply to every image that you upload and that might be more privacy than you really want, so you are able to choose the level of privacy on an image by image basis after you’ve uploaded them. This is done by looking at the information attached to an image after you’ve clicked on it in your Photostream …

… so, as an alternative, you could leave your Photostream relatively open using settings similar to the ones in the screenshots above and then restrict viewing of individual photos to Friends, or Family, etc. within Groups.

I hope this helps.

Posted on

Using Zoom safely

Updated 13th May

Since this article was originally written back on March 31st, some other U3A have started using Zoom, and I thought it sensible to Review this article and see if I should change anything in it. Any changes will be marked in red. However, before I start, a couple of things.

Zoom have recognised that there were defficiencies in their security model and have moved in their new client (version 5) to implement end-to-end encryption – that’s what you get from WhatsApp. After May 30th, all users will be using version 5 because a forced upgrade will occur on any person attempting to join a Zoom meeting after that date. However, you are recommended to upgrade before that day and you can do that from this link.

A member has also sent me this really useful Infographic on implementing Zoom which I would recommend reading carefully …

Secure_Zoom_2020_03

 

I could stop here, but there’s a few things I differ from the advice in that infographic which will be highlighted below and which I’ve also discussed in another article here.

You might also like to take a look at this article with video that explains the new features on Zoom v.5.

So here’s the original article, as I said published on March 31st …

Since writing this article, just over a week ago – gosh it seems longer than that – more groups have started using Zoom, and it’s also clear that it’s being used very widely by friends, families, communities, etc. It’s also clear that Zoom has responded to some of the criticisms that have been levelled against it and disabled some of the “unintended” consequences of allowing people to Login using their Facebook credentials. That is all good news, so my concerns have been diluted, but I think it’s still wise to “proceed with caution” and to this end I’ve collected together some guidelines which I hope will be of use. First of all – you need to get started by signing-up and installing some software on your device.

Installing Zoom on your Desktop, Tablet or Phone.

Zoom is a multi-platform piece of software – that puts it in a great place to serve the maximum number of people who are all using different equipment. This puts it in the same category as Skype and Google Hangouts.
It’s important to remember that the software was intended for business users, and so some of the language might be slanted in that direction. No matter, what you do need to do, is sign-up to get an account. I would not recommend using your Facebook credentials; I might be tempted to link my Google account to Zoom and use it to Login; but overall, it’s probably better to setup an account directly. I have given advice before to use a “throwaway” email account – one you’ve created which is separate from your main email account for this sort of thing. You can have many Google (gmail) accounts – I probably have 6 or 7!
Once you’ve provided an email address – you’ll be asked to confirm it from an email that will have arrived in your Inbox. Then you’ll be asked to provide normal identity stuff – your name, and then provide a password for your account-you’ll  get a screen which provides you with this information. This is what you can do with your account – you don’t need to press Upgrade Now.

It might be a good idea to allow your self the time before your first meeting to look at the three videos which are in your welcome email – they will give you a flavour of what Zoom is all about and how to take part in a video call.
If you’re going to use a Windows PC or an Apple Mac, now would be a good time to have a look at this page and install the app on your desktop or laptop – but if you’re really careful with your privacy, see the cautionary note below about using a desktop or laptop. [I don’t have this fear now, so I would disregard my cautionary note.]

If you’re using a smartphone, or tablet, it would be a good idea to check this page and install the app on your device.

If you’ve done all that and have an idea how it’s going to work – you’re ready to start. I’d suggest having a go with a friend or family member first, to practice and test your understanding. If you’ve got a problem with anything add a comment to this post and someone will try and get back to you with an answer/solution.

So now we come to making things safer for you. As I said before there have been concerns about Zoom’s Privacy policies or procedures, so although they have tightened up these there are a couple of things you should do. [I’ll add some screenshots from my iPad shortly. I didn’t and I won’t be doing this.]

First of all some tips on which device to use and how to use it …

  • I’ve said this already, but I’ll repeat it. Don’t sign into Zoom with Facebook. This stops Zoom from collecting your Facebook profile info. Although, if you’re already giving all your private info to Facebook, maybe it doesn’t matter.
  • Use a separate device if you need to do anything during the call, if possible, in that way you stop Zoom from tracking any other activity on the device.
  • If you’re an Apple user, use an iPad or iPhone instead of your Mac. Zoom’s iOS app is subject to Apple’s App Store rules, which gives an extra degree of security. The Mac version is a direct download from Zoom, so you have no idea what’s inside. The same is probably true for Windows – but I haven’t checked. So it’s generally safer to use a Mobile device rather than a desktop/laptop. [I don’t consider this a problem now. Zoom have increased their security and it’s MUCH MORE convenient to use a laptop/desktop as you can more easily see everyone on the call in a Gallery view – rather than having to scroll across images of people on a smaller screen device.]

Hints and tips on staying safe …

If you do decide to use Zoom, the company offers a few good tips on its blog for staying safe. First, don’t share a meeting link on social media or any public forum, because then anyone who sees it can join. This can lead to “Zoom bombing,” where bad actors crash the party, and drop off a payload of porn and/or other disruptions, before leaving. Something you definitely want to avoid!

Next, if you’re hosting the event, do not use your Personal Meeting ID (PMI) to do it. “Your PMI is basically one continuous meeting,” says Zoom, “and you don’t want randos crashing your personal virtual space after the party’s over.”

I use Scheduled Meetings even for Recurring Meetings, I can then send a Meeting Invite round in Beacon, that users just click on to join. This is much easier than sending out invites to every meeting.

Also, consider making use of the Zoom “Waiting Room,” which is a way to control who can get into your meeting. [This is now the default setting for a meeting.]You can then decide who you want to admit to the call. [This may not be relevant to your calls, but it’s worth bearing in mind if someone you don’t know somehow appears on the call. Next time they won’t because you’ll have implemented the Waiting Room.]

For more information on staying safe, read Zoom’s blog post, as mentioned above.

Zoom changed a couple of their Default settings from today – 5th April. Now when you join a meeting the default setting from the host is to ENABLE a Waiting Room, from which the Host can invite people in.

The second change is to set a Password on Personal Meeting IDs (PMI). It’s not recommended anyway to use PMI as it’s like a permanently open meeting; far better (if you’re the host), as I’ve described above and elsewhere, to create a specific meeting ID which sets a password anyway. Here’s a link that better explains these changes.

Posted on

Creating a "magazine" – 25 Oct 2018

Boot-up
Meeting – 11th October. Ted Richards was the Convenor of the Group that day looked at Family History software – any questions or issues arising?
Changes to Thought grazing – https://thoughtgrazing.org
Logging in to Thought grazing – any problems or issues.
Password: Ca3rdyddU3A
Sextortion!!!!
Email scam threatens to show you watching pornography to your friends
An old scam with a new “flavour”

How safe are you online? 10 Questions to ask yourself
Another Facebook security breach
What to do if your Facebook account has been hacked
Google gets itself into trouble too by not telling users of a security hole and kills off Google+
The Brave browser – follow-up
also The best secure browser

News

Apple and Samsung fined for slowing-down older smartphones
Deleting your search history if you use Google
Fake review factories on Facebook
How to spot a fake five-star review on Amazon
Creating a magazine using Feedly, Pocket and Flipboard
Public article will follow – “Creating a Lightroom magazine”
Curating the web
Step 1 – create a Feedly account
Step 2 – select websites you want to get an RSS feed from [What is an RSS feed?]
Step 3 – check periodically to see what has “popped-up” in your feed reader.
[NB You can also download an app for your phone or tablet for Feedly]
Saving for another day, or for off-line reading (bookmarking+)
Step 1 – create a Pocket account
Step 2 – save to Pocket from your browser (perhaps using a browser extension), or from a feedly sharing icon
Step 3 – tag your articles, and read at your leisure, or when you want to
[NB You can also download an app for your phone or tablet for Pocket]
Creating a magazine to share with others
Step 1 – create a Flipboard account
Step 2 – create a Magazine, and decide whether to make it Private or Public
Step 3 – add articles to your magazine from Pocket, or from your web browser
[NB You can also download an app for your phone or tablet for Flipboard]

Posted on

Let's start at the beginning …

So … you’ve dipped your toe in the water, got that computer that your son/daughter has persuaded you to get, allowed the telecommunications company to install broadband in your house with that WiFi thing and you don’t exactly know what to do with it – apart from send them emails to say you’re still alright and still alive – and oh yes,  there’s online shopping – that must be a good idea.

I don’t intend to replicate by way of providing a guide all the things you should or should not do as a silver surfer, just point you in certain directions and provide as impartial follow-up advice as I can, should you require it. Therefore what follows is not a comprehensive guide to getting started, just some of the things that appear to me to be most important. At the bottom of this post I provide links to some resources that are a) reputable, and b) authoritative which I would encourage you to also look at.

So we start with Internet Security and Safety Online. Yes, I know it’s not exciting, and yes … it’s a bit scarey as well. I’m not trying to put you off before you even start but it is important to get the basics of security and safety right, at the beginning, because habits picked-up when you start something have a habit of providing a good basis for ongoing practice. Now … didn’t my mother say something similar to that many, many years ago!

The basics are very simple actually and can be summarised in one sentence. Don’t do anything online that you wouldn’t be prepared to do with a stranger you’ve met for the first time in the street, or in a shop. In practice of course it’s a little bit more complex and so a few guidelines follow.

1) Everything falls apart if you don’t have a strong password to anything you do online. Your password is like the key to your front door. You wouldn’t give that to a stranger, or make it easy to find under the doormat, so why put so little value on your password? Furthermore, why use one key to unlock all the doors in your house (online information). Make it a bit more difficult for the burgler (hacker) by using different keys (passwords). But creating and more importantly remembering lots of passwords is a bit of a pain and so my suggestion for a password is to think of a phrase that means something to you and then create the password from it using a combination of letters, numbers and “odd” characters and then add a couple of letters to that to distinguish the site you’re accessing with that password from any others you might use.

So, an example. The phrase … “Cardiff won the Cup once in 1927”, and the site … say “Amazon”. For this I might construct a password like this – “Amzn_Cwtc01n27”. Replacing the vowels o and i with 0 and 1, and changing “nineteen” (as you would say the year) to “n”. Using a technique like this would make your password both unique and very difficult to guess … as long as you didn’t give it to anyone else.

By the way, I wouldn’t recommend basing a phrase on a hobby, or anything connected to you – so the example above would not be a great idea for a Cardiff City fan!

I’ll return to this theme a little later on when I post about Password Managers, a really useful tool to assist the “little grey cells” that have difficulty remembering passwords.

2) Don’t give away information you don’t really think the person asking for it really needs to know! I remember being really shocked when a colleague once told me that he had for years been providing incorrect information when shops required a post code, telephone number or address. However when you think about it, they usually only want it for marketing purposes and once they have it … do you have ownership of it anymore? Can you be sure they haven’t sold it on? Of course, it’s much better to just refuse to provide the information in the first place and I’m really not advocating dumping unwanted communications on some poor imaginary soul in Thornhill – but … ??? Similarly your date of birth is perhaps the single most important piece of personal information that you hold. Don’t give that away easily.

3) Have more than one email account. Keep one private for friends and family. Use the other(s) when asked for online. At the very least this will reduce the amount of spam (unwanted messages) you receive; at best this may stop your online identity being stolen (someone posing as you) and your email being hacked (broken into). Some email providers (certainly Yahoo! and Google) allow you easily to setup disposable email addresses on your account. [Psst – researching this has been useful for me too! I didn’t know how to do this with gmail until I wrote this post.]

4) Be very careful in the links you follow. Phishing is a very disturbing and distressing presence on the internet. You’re drawn into clicking on a link on a webpage and from there … the consequences are many. Be realistic … do you have an unknown relative in Georgia? Should you be sending online gifts to Africa  – how do they know your email address anyway (see 3 above)? Is it likely that the Revenue, Insurance Company, Bank would approach you online offering to give you money. Be very aware. Be very careful!

As I said before, this is really only a gloss over the subject. Boring it may be, but essential it most certainly is. The following links are generally authoritative, mainly UK-focussed and worth more than a glance.

Advice from elsewhere:
The Guardian – Eight ways to protect your privacy online
McAfee (Internet Security specialists) – 10 tips to stay safe online
Get the facts” from the Metropolitan Police
Get Safe Online – a very authoritative and useful UK organisation
Age UK has some useful advice too for Internet Security and
Microsoft have a couple of useful pages on What you need to know about your information the Internet, and how to Protect your Privacy on the Internet.

[Some of these links may not work anymore due to the age of the post!!!]