Tag Archives: privacy

Privacy is always better through sepia-tinted glasses

Facebook-Acquires-Instagram

Instagram has done one thing well. And no it’s not turn HD 8MP snaps of man plus dog’s meals in to Polaroid-esque travesties of blurriness, reminiscent of ‘70s snappers. What the photo filter app-maker (or photo-sharing and social-networking service if you sign up to marketing hyperbole) has done though is highlight that there isn’t a total sense of apathy and disinterest in security and privacy amongst the greater public, they just need something to care about – a sepia-toned champion if you will.

As word of a renewed privacy policy swept across Twitter, Tumblr, and Pinterest, the cool kids were up in arms, albeit at the duress of coattail-riding ‘celebrities’ like Kim Kardashian (a more orange than sepia skinned hero granted, but we take what we can get). How can you not own a photo you took on your own phone? There is one school of thought here that rationalises the situation – you own the unaltered photo which you took; but as you’ve over-exposed/scratched/generally ruined it with their app, then the output belongs to Instagram. By their logic, any image manipulation produces a new photo that is the property of the editor. That’s the kind of proprietary nonsense that even Apple’s legal team would turn their noses up at. This isn’t something anyone wants – my HTC has similar filter editing built in, and plenty of HDRs and digital cameras do their own image and balance correction on-device. Whilst we’re on the subject of what you can do ‘on-device’, in what world did Instagram think it was a good idea to not let users take pictures offline? Seriously?

Despite what Instagram, Zuckerberg, or anyone else claims the true intention of the shift was, the subsequent backtrack was unsurprising both in its speed and scope of the policy turnaround. For a company fresh off the back of a $1bn acquisition and enjoying the associated buzz of riding the crest of the Facebook wave, the whole move was a PR disaster and the damage has already been done. If you believe some news outlets, the app has lost half of its daily user base as a result of the debacle, and competitors have stepped up to try and fill the ‘vintage filter’ void.

But is it fair to blame companies like Instagram, YouTube, Facebook, et al for tying to monetise their offerings? After all they host literally petabytes of users’ content. It isn’t just servers that cost, but staff, cooling, and ground rent. And really, what were they going to use those pictures for? Which third parties were they hoping to sell them to? As nice as that shot of a sun-drenched deckchair on Brighton beach is in black and white, it’s not like stock photo repositories are going to be teeming with low-res shots of your shenanigans for sale. Let’s face it, Instagram got jealous of Facebook and LinkedIn with their user content advertising, and got caught up in the ‘we should be doing that too’ mentality that is synonymous with social media… except they forgot to offer an opt-out like those other bastions of user privacy (eventually) did.

So there’s one very important lesson Instagram has given us – users care about privacy and security when they have a vested interest, if it’s something they use out of choice rather than necessity, they are more than ready to get up-in-arms about it. Well actually there are multiple lessons, but if there’s one more fortune cookie of wisdom here… It might be best to explain the purpose of a policy before rolling it out, even if it’s just for awareness, hearts, minds, and warding off mutiny.

Threats Facing Android

In a very recent article on PC World’s website, Eric Geier wrote that 2012 will see a rise in information security threats, aided, in part, by the ubiquity of mobile devices – smartphones, tablets and laptops for example – as well as the growing and sustainable popularity of social networks. Cybercrime is going to become a very pressing issue indeed.

Moreover, a new study by McAfee, suggests that Android is now the number one attacked mobile platform out there.

With that in mind, we thought we’d give some of you professionals working in forensics, governance and compliance, and information security and risk management a lowdown as to some of the major threats – and vulnerabilities – facing devices using Android.

Third party applications are one of the best things about using Android – the open source nature of it allows for widespread innovation and development, providing consumers and businesses alike with a huge variety of choices. Naturally, established names imply a certain level of tacit trust – you’re confident that you’re getting a reliable product – whereas unfamiliar names bring a level of uncertainty – you’ve got nothing to weigh it up against. Because the open source environment is defined by the sheer volume of developers and products out there, it can be a tough maze to navigate through.

Similarly, Google’s own casual mantra, their guiding company philosophy of openness and close collaboration, though commendable brings certain, obvious weaknesses that is, in comparison to say Apple, a major shortfall. Take for example the verification process for applicants wanting to enter the Android market – in the last two years a number of apps, approved and available to users, have come with malware-infections. This is a major area that needs addressing.

Other things to be wary of include privacy settings. Though we may live in an age of ‘over-candidness’, where people reveal odd little titbits on sites like Facebook and Twitter, privacy is still a right worth protecting. However, in some cases, there are transparent weaknesses already built into certain devices. HTC devices, for example, automatically geo-tag photos and Tweets – you actively have to disable this feature. Consequently, other devices alleging localised services could, rather worryingly, sneakily utilise GPS permissions for location tracking. And of course there is the much publicised data collection and exposure on the company’s Sensation and Evo range.

One of the biggest risks is the easy access to a virtual private network (VPN), which many businesses and employees use remotely, providing an easy mobile working environment. Which is great for increased connectivity and in promoting flexible working, but also a route for cybercriminals to infiltrate corporate networks surreptitiously and either introduce corrupt software or thieve important data.

The threats are very real but there are measures in place to help protect Android uses. We’ll be discussing that in our next post. In the meantime for further reading check out the Acumin white paper on Android security: http://www.acumin.co.uk/cm/content/resources/white_papers