A new lawsuit alleges that Google violates users’ privacy and data security by collecting and using private browsing information. Specifically, the suit states that Google systematically includes search queries in the URL of the search results page, even when the user is using private browsing mode. The researcher said this is an egregious violation of user privacy and demanded action from the Federal Trade Commission. The company has been sued by several groups, including Consumer Watchdog.
The lawsuit states that Google’s practices violate privacy laws and should be stopped. This is a significant step forward for users’ online privacy. The Internet giant’s private browsing option has been around for some time, but the suit claims that Google is violating California law by gathering personal information even when users use “private browsing” mode. The law requires consent before a company can monitor private communications, so the company must get consent before it collects any personal information.
Google’s data-collection practices have also been the subject of other lawsuits. This case is the latest in a series of similar actions. In 2012, the European Union imposed a fine of EUR50 million for violating the GDPR. The plaintiffs argued that Google failed to obtain clear consent from end users and did not make their actions transparent enough. Further, they alleged that Google did not disclose its partners’ elements. Furthermore, a private browsing mode does not offer additional information on a website.
Other lawsuits alleging that Google violates user privacy have not been successful, but the company is still facing a number of other cases regarding its data-collection practices. The suit says that the company collects browsing histories and search queries, even if users’ browsers are in private mode. The lawsuit further claims that Google intentionally deceives consumers by claiming that these actions are necessary for its business. If this lawsuit is successful, it would force Google to pay a huge sum of damages to its users.
The US government is currently suing the company for illegally invading users’ privacy. The suit is also claiming that Google has knowingly collected information about its users. It is unclear exactly how it collects such information. The data is collected when a person uses the search engines in private mode. However, this is not the only violation that Google has been accused of. The data is used to improve the quality of their search experience.
While Google does not explicitly deny that it collects this information, it does not mention that it also gathers information about its users through third-party tracking cookies. As a result, the company is not required to disclose the specific details of the third-party tracking cookies that it collects. The company has no plans to replace these cookies with anything that is less invasive. The phasing out of third-party tracking cookies, however, will not have a negative impact on its advertising business.
Despite the fact that these practices are illegal, a class-action lawsuit filed in the US alleges that Google has violated user privacy by collecting third-party tracking cookies. The class-action claims that the company violates California’s Computer Data Access and Fraud Act by violating privacy laws. In addition to these claims, it has also been cited as a violation of California’s Computer Data Access and Fraud Act.
The suit further alleges that Google’s privacy controls are deceptive, and the company collects information even without consumer consent. In addition, it is a requirement for third-party Android apps use the Firebase SDK, which is a third-party tool to allow advertisers to know the composition of their audience. This enables the company to analyze the content of the audience and use it for advertising purposes. It then uses the information to create hyper-personalized ads.
In a separate suit, the plaintiffs claim that Google has harmed the rights of millions of users by tracking their activities. This lawsuit has not been filed in the US courts, but it is still pending in the US. The Texas Attorney General’s office has previously filed a similar suit against the company, and the lawsuit is based on the company’s failure to follow the law. The company’s privacy policies are the subject of a class-action lawsuit against it, but the proposed settlement has been thrown out because they have been a major violation of user rights.
Outdated smart phones are still useful for making phone calls, and best of all it can be totally free! Skype is the first that comes to mind, then of course there is Facebook and Google Voice which are both 100% free, person-to-person phone calls anywhere in the world. So long as you have wifi access, you don’t need a cell phone plan anymore!
There are all sorts of free web server apps, which are useful for hosting your own website from home without having to pay anything. Of course, you are limited to the resources your old smartphone has, but there is a surprising amount of services you can provide even without a lot of storage, such as a PHP server, a SQL database server, an FTP server, and even an ssh server. This can prove to be very powerful if done right!
Of course you could use your phone for gaming as well as other things, but a lot of apps can begin to clutter your phone up, and you only have so much room and memory. Separating your gaming from your normal everyday use can really help organize your phone usage, and your life.
If you like to play games on your phone, you may want to install your games on your old Windows phone only, especially if you find yourself only gaming on your phone at specific times of the day such as at night before bed or while waiting somewhere during a daily routine.
If you end up not using your Windows Phone as an actual phone anymore because you bought a new one, you don’t need to let it collect dust on the shelf
You can still use it for all sorts of media including ebooks, music and video on long car trips or in bed. Just because you don’t put cell phone service on it doesn’t mean it can’t still be used over wifi.
With the amount of data storage required for our daily lives growing and growing, and currently available technology being almost saturated, we’re in desperate need of a new method of data storage. The standard magnetic hard disk drive (HDD) – like what’s probably in your laptop computer – has reached its limit, holding a maximum of a few terabytes. Standard optical disk technologies, like compact disc (CD), digital video disc (DVD) and Blu-ray disc, are restricted by their two-dimensional nature – they just store data in one plane – and also by a physical law called the diffraction limit, based on the wavelength of light, that constrains our ability to focus light to a very small volume.
And then there’s the lifetime of the memory itself to consider. HDDs, as we’ve all experienced in our personal lives, may last only a few years before things start to behave strangely or just fail outright. DVDs and similar media are advertised as having a storage lifetime of hundreds of years. In practice this may be cut down to a few decades, assuming the disk is not rewritable. Rewritable disks degrade on each rewrite.
Without better solutions, we face financial and technological catastrophes as our current storage media reach their limits. How can we store large amounts of data in a way that’s secure for a long time and can be reused or recycled?
In our lab, we’re experimenting with a perhaps unexpected memory material you may even be wearing on your ring finger right now: diamond. On the atomic level, these crystals are extremely orderly – but sometimes defects arise. We’re exploiting these defects as a possible way to store information in three dimensions.
Focusing on tiny defects
One approach to improving data storage has been to continue in the direction of optical memory, but extend it to multiple dimensions. Instead of writing the data to a surface, write it to a volume; make your bits three-dimensional. The data are still limited by the physical inability to focus light to a very small space, but you now have access to an additional dimension in which to store the data. Some methods also polarize the light, giving you even more dimensions for data storage. However, most of these methods are not rewritable.
Here’s where the diamonds come in.
The orderly structure of a diamond, but with a vacancy and a nitrogen replacing two of the carbon atoms. Zas2000
A diamond is supposed to be a pure well-ordered array of carbon atoms. Under an electron microscope it usually looks like a neatly arranged three-dimensional lattice. But occasionally there is a break in the order and a carbon atom is missing. This is what is known as a vacancy. Even further tainting the diamond, sometimes a nitrogen atom will take the place of a carbon atom. When a vacancy and a nitrogen atom are next to each other, the composite defect is called a nitrogen vacancy, or NV, center. These types of defects are always present to some degree, even in natural diamonds. In large concentrations, NV centers can impart a characteristic red color to the diamond that contains them.
Nitrogen vacancy centers have a tendency to trap electrons, but the electron can also be forced out of the defect by a laser pulse. For many researchers, the defects are interesting only when they’re holding on to electrons. So for them, the fact that the defects can release the electrons, too, is a problem.
But in our lab, we instead look at these nitrogen vacancy centers as a potential benefit. We think of each one as a nanoscopic “bit.” If the defect has an extra electron, the bit is a one. If it doesn’t have an extra electron, the bit is a zero. This electron yes/no, on/off, one/zero property opens the door for turning the NV center’s charge state into the basis for using diamonds as a long-term storage medium.
Starting from a blank ensemble of NV centers in a diamond (1), information can be written (2), erased (3), and rewritten (4). Siddharth Dhomkar and Carlos A. Meriles, CC BY-ND
Turning the defect into a benefit
Previous experiments with this defect have demonstrated some properties that make diamond a good candidate for a memory platform.
First, researchers can selectively change the charge state of an individual defect so it either holds an electron or not. We’ve used a green laser pulse to assist in trapping an electron and a high-power red laser pulse to eject an electron from the defect. A low-power red laser pulse can help check if an electron is trapped or not. If left completely in the dark, the defects maintain their charged/discharged status virtually forever.
The NV centers can encode data on various levels. Siddharth Dhomkar and Carlos A. Meriles, CC BY-ND
Our method is still diffraction limited, but is 3-D in the sense that we can charge and discharge the defects at any point inside of the diamond. We also present a sort of fourth dimension. Since the defects are so small and our laser is diffraction limited, we are technically charging and discharging many defects in a single pulse. By varying the duration of the laser pulse in a single region we can control the number of charged NV centers and consequently encode multiple bits of information.
Though one could use natural diamonds for these applications, we use artificially lab-grown diamonds. That way we can efficiently control the concentration of nitrogen vacancy centers in the diamond.
All these improvements add up to about 100 times enhancement in terms of bit density relative to the current DVD technology. That means we can encode all the information from a DVD into a diamond that takes up about one percent of the space.
Past just charge, to spin as well
If we could get beyond the diffraction limit of light, we could improve storage capacities even further. We have one novel proposal on this front.
Nitrogen vacancy centers have also been used in the execution of what is called super-resolution microscopy to image things that are much smaller than the wavelength of light. However, since the super-resolution technique works on the same principles of charging and discharging the defect, it will cause unintentional alteration in the pattern that one wants to encode. Therefore, we won’t be able to use it as it is for memory storage application and we’d need to back up the already written data somehow during a read or write step.
Here we propose the idea of what we call charge-to-spin conversion; we temporarily encode the charge state of the defect in the spin state of the defect’s host nitrogen nucleus. Spin is a fundamental property of any elementary particle; it’s similar to its charge, and can be imagined as having a very tiny magnet permanently attached it.
While the charges are being adjusted to read/write the information as desired, the previously written information is well protected in the nitrogen spin state. Once the charges have encoded, the information can be back converted from the nitrogen spin to the charge state through another mechanism which we call spin-to-charge conversion.
With these advanced protocols, the storage capacity of a diamond would surpass what existing technologies can achieve. This is just a beginning, but these initial results provide us a potential way of storing huge amount of data in a brand new way. We’re looking forward to transform this beautiful quirk of physics into a vastly useful technology.
Two Canadian kids have inadvertently crossed into the U.S. Thursday night while playing Pokémon GO on their cellphones, according to U.S. Customs and Border Protection.
The two teens were spotted and apprehended by local border patrol cops that immediately understood upon meeting them that they were totally unaware of their surroundings and immersed in their game. NBC News reports,
“Both juveniles were so captivated by their Pokémon GO games that they lost track of where they were,” said Border Patrol Public Affairs Officer Michael Rappold.
Concerns about the new game from Nintendo have affected societies worldwide, most notably with the delayed release of the mobile phone app in Japan last week. Most safety concerns revolved around the user not paying enough attention to their surroundings to take care of themselves. Japan’s local governments had released public service fliers to express this concern prior to the release of the game on the day the game was to originally be released. One of the game’s partner companies Niantic said the delay was due to concerns about servers’ ability to handle the load amidst a McDonald’s sponsored release.
The flow of the game depends on users to venture out into real-world locations in search of characters, monsters and battles over real-world locations, almost like gang territory, and has prompted authorities to issue warnings about becoming too distracted by the digital world to pay attention to real-world concerns like crossing the street and avoiding ditches.
The Washington State Patrol said it recorded its first Pokemon-related accident Monday when a 28-year-old driver distracted by the app rear-ended a sedan on State Route 202. No one was hurt. And in Baltimore early Monday, a driver playing the game struck a parked police car, police said. The officers were not in the vehicle and there were no injuries.
Google is planning to develop and build its very own smartphone before the end of the year, according to sources speaking to the Telegraph, in a move which is designed to help take back control of its mobile operating system Android from manufacturers like Samsung and Huawei. According to the report, Google is already in talks… Continue reading →
When was the last time you opened your laptop midconversation or brought your desktop computer to the dinner table? Ridiculous, right? But if you are like a large number of Americans, you have done both with your smartphone.
Less than a decade after the introduction of the first iPhone, more people reach for their smartphones first thing in the morning than reach for coffee, a toothbrush or even the partner lying next to them in bed. During the day, with a smartphone in our pocket, we can check our email while spending time with our children just as easily as we can text a friend while at work. And regardless of what we are doing, many of us are bombarded by notifications of new messages, social media posts, breaking news, app updates and more.
Anecdotal evidence suggests that this pervasiveness of smartphones is making us increasingly distracted and hyperactive. These presumed symptoms of constant digital stimulation also happen to characterize a well-known neurodevelopmental disorder: Attention Deficit Hyperactivity Disorder, or ADHD. Could the pinging and dinging of our smartphones be afflicting even those of us not suffering from ADHD with some of that condition’s symptoms? As a behavioral scientist, I set out to test this idea in a well-controlled experiment.
Studying digital interruption
My colleagues and I recruited 221 millennials – students at the University of British Columbia – to participate in a two-week study. Importantly, these participants were recruited from the university’s general participant pool, rather than from a population of students diagnosed with ADHD.
During the first week, we asked half the participants to minimize phone interruptions by activating the “do-not-disturb” settings and keeping their phones out of sight and far from reach. We instructed the other half to keep their phone alerts on and their phones nearby whenever possible.
In the second week, we reversed the instructions: Participants who had used their phones’ “do-not-disturb” settings switched on phone alerts, and vice versa. The order in which we gave the instructions to each participant was randomly determined by a flip of a coin. This study design ensured that everything was kept constant, except for how frequently people were interrupted by their phones. We confirmed that people felt more interrupted by their phones when they had their phone alerts on, as opposed to having them off.
Measuring inattentiveness and hyperactivity
We measured inattentiveness and hyperactivity by asking participants to identify how frequently they had experienced 18 symptoms of ADHD over each of the two weeks. These items were based on the criteria for diagnosing ADHD in adults as specified by the American Psychiatric Association’s Diagnostic and Statistical Manual (DSM-V).
The inattentiveness questions covered a wide range of potential problems, such as making careless mistakes, forgetting to pay a bill and having difficulty sustaining attention or listening to others. The hyperactivity questions were similarly broad, assessing things like fidgeting, feeling restless, excessive talking and interrupting others.
The results were clear: more frequent phone interruptions made people less attentive and more hyperactive.
Because ADHD is a neurodevelopmental disorder with complex neurological and developmental causes, these findings in no way suggest that smartphones can cause ADHD. And our research certainly does not show that reducing phone interruptions can treat ADHD. But our findings do have implications for all of us who feel interrupted by our phones.
Smartphone ubiquity poses risks
These findings should concern us. Smartphones are the fastest-selling electronic gadget in history – in the 22 seconds it took to type this sentence, 1,000 smartphones were shipped to their new owners. Even if one of those 1,000 users became more likely to make a careless mistake, ignore a friend in the middle of a conversation or space out during a meeting, smartphones could be harming the productivity, relationships and well-being of millions.
As with all disorders, symptoms of ADHD form a continuum from the normal to the pathological. Our findings suggest that our incessant digital stimulation is contributing to an increasingly problematic deficit of attention in modern society. So consider silencing your phone – even when you are not in the movie theater. Your brain will thank you.
The Justice Department has managed to unlock an iPhone 5c used by the gunman Syed Rizwan Farook, who with his wife killed 14 people in San Bernardino, California, last December. The high-profile case has pitted federal law enforcement agencies against Apple, which fought a legal order to work around its passcode security feature to give law enforcement access to the phone’s data. The FBI said it relied on a third party to crack the phone’s encrypted data, raising questions about iPhone security and whether federal agencies should disclose their method.
But what if the device had been running Android? Would the same technical and legal drama have played out?
We are Android users and researchers, and the first thing we did when the FBI-Apple dispute hit popular media was read Android’s Full Disk Encryption documentation.
We attempted to replicate what the FBI had wanted to do on an Android phone and found some useful results. Beyond the fact the Android ecosystem involves more companies, we discovered some technical differences, including a way to remotely update and therefore unlock encryption keys, something the FBI was not able to do for the iPhone 5c on its own.
The easy ways in
Data encryption on smartphones involves a key that the phone creates by combining 1) a user’s unlock code, if any (often a four- to six-digit passcode), and 2) a long, complicated number specific to the individual device being used. Attackers can try to crack either the key directly – which is very hard – or combinations of the passcode and device-specific number, which is hidden and roughly equally difficult to guess.
Decoding this strong encryption can be very difficult. But sometimes getting access to encrypted data from a phone doesn’t involve any code-breaking at all. Here’s how:
A custom app could be installed on a target phone to extract information. In March 2011, Google remotely installed a program that cleaned up phones infected by malicious software. It is unclear if Android still allows this.
Many applications use Android’s Backup API. The information that is backed up, and thereby accessible from the backup site directly, depends on which applications are installed on the phone.
Some phones have fingerprint readers, which can be unlocked with an image of the phone owner’s fingerprint.
Some people have modified their phones’ operating systems to give them “root” privileges – access to the device’s data beyond what is allowed during normal operations – and potentially weakening security.
But if these options are not available, code-breaking is the remaining way in. In what is called a “brute force” attack, a phone can be unlocked by trying every possible encryption key (i.e., all character combinations possible) until the right one is reached and the device (or data) unlocks.
Starting the attack
A very abstract representation of the derivation of the encryption keys on Android. William Enck and Adwait Nadkarni, CC BY-ND
There are two types of brute-force attacks: offline and online. In some ways an offline attack is easier – by copying the data off the device and onto a more powerful computer, specialized software and other techniques can be used to try all different passcode combinations.
But offline attacks can also be much harder, because they require either trying every single possible encryption key, or figuring out the user’s passcode and the device-specific key (the unique ID on Apple, and the hardware-bound key on newer versions of Android).
To try every potential solution to a fairly standard 128-bit AES key means trying all 100 undecillion (1038) potential solutions – enough to take a supercomputer more than a billion billion years.
Guessing the passcode could be relatively quick: for a six-digit PIN with only numbers, that’s just a million options. If letters and special symbols like “$” and “#” are allowed, there would be more options, but still only in the hundreds of billions. However, guessing the device-specific key would likely be just as hard as guessing the encryption key.
Considering an online attack
That leaves the online attack, which happens directly on the phone. With the device-specific key readily available to the operating system, this reduces the task to the much smaller burden of trying only all potential passcodes.
However, the phone itself can be configured to resist online attacks. For example, the phone can insert a time delay between a failed passcode guess and allowing another attempt, or even delete the data after a certain number of failed attempts.
Apple’s iOS has both of these capabilities, automatically introducing increasingly long delays after each failure, and, at a user’s option, wiping the device after 10 passcode failures.
Attacking an Android phone
What happens when one tries to crack into a locked Android phone? Different manufacturers set up their Android devices differently; Nexus phones run Google’s standard Android configuration. We used a Nexus 4 device running stock Android 5.1.1 and full disk encryption enabled.
Android adds 30-second delays after every five failed attempts; snapshot of the 40th attempt. William Enck and Adwait Nadkarni, CC BY-ND
We started with a phone that was already running but had a locked screen. Android allows PINs, passwords and pattern-based locking, in which a user must connect a series of dots in the correct sequence to unlock the phone; we conducted this test with each type. We had manually assigned the actual passcode on the phone, but our unlocking attempts were randomly generated.
After five failed passcode attempts, Android imposed a 30-second delay before allowing another try. Unlike the iPhone, the delays did not get longer with subsequent failures; over 40 attempts, we encountered only a 30-second delay after every five failures. The phone kept count of how many successive attempts had failed, but did wipe the data. (Android phones from other manufacturers may insert increasing delays similar to iOS.)
These delays impose a significant time penalty on an attacker. Brute-forcing a six-digit PIN (one million combinations) could incur a worst-case delay of just more than 69 days. If the passcode were six characters, even using only lowercase letters, the worst-case delay would be more than 58 years.
When we repeated the attack on a phone that had been turned off and was just starting up, we were asked to reboot the device after 10 failed attempts. After 20 failed attempts and two reboots, Android started a countdown of the failed attempts that would trigger a device wipe. We continued our attack, and at the 30th attempt – as warned on the screen and in the Android documentation – the device performed a “factory reset,” wiping all user data.
Just one attempt remaining before the device wipes its data. William Enck and Adwait Nadkarni, CC BY-ND
In contrast to offline attacks, there is a difference between Android and iOS for online brute force attacks. In iOS, both the lock screen and boot process can wipe the user data after a fixed number of failed attempts, but only if the user explicitly enables this. In Android, the boot process always wipes the user data after a fixed number of failed attempts. However, our Nexus 4 device did not allow us to set a limit for lock screen failures. That said, both Android and iOS have options for remote management, which, if enabled, can wipe data after a certain number of failed attempts.
Using special tools
The iPhone 5c in the San Bernardino case is owned by the employer of one of the shooters, and has mobile device management (MDM) software installed that lets the company track it and perform other functions on the phone by remote control. Such an MDM app is usually installed as a “Device Administrator” application on an Android phone, and set up using the “Apple Configurator” tool for iOS.
Our test MDM successfully resets the password. Then, the scrypt key derivation function (KDF) is used to generate the new key encryption key (KEK). William Enck and Adwait Nadkarni, CC BY-ND
We built our own MDM application for our Android phone, and verified that the passcode can be reset without the user’s explicit consent; this also updated the phone’s encryption keys. We could then use the new passcode to unlock the phone from the lock screen and at boot time. (For this attack to work remotely, the phone must be on and have Internet connectivity, and the MDM application must already be programmed to reset the passcode on command from a remote MDM server.)
Figuring out where to get additional help
If an attacker needed help from a phone manufacturer or software company, Android presents a more diverse landscape.
Generally, operating system software is signed with a digital code that proves it is genuine, and which the phone requires before actually installing it. Only the company with the correct digital code can create an update to the operating system software – which might include a “back door” or other entry point for an attacker who had secured the company’s assistance. For any iPhone, that’s Apple. But many companies build and sell Android phones.
Google, the primary developer of the Android operating system, signs the updates for its flagship Nexus devices. Samsung signs for its devices. Cellular carriers (such as AT&T or Verizon) may also sign. And many users install a custom version of Android (such as Cyanogenmod). The company or companies that sign the software would be the ones the FBI needed to persuade – or compel – to write software allowing a way in.
Comparing iOS and Android
Overall, devices running the most recent versions of iOS and Android are comparably protected against offline attacks, when configured correctly by both the phone manufacturer and the end user. Older versions may be more vulnerable; one system could be cracked in less than 10 seconds. Additionally, configuration and software flaws by phone manufacturers may also compromise security of both Android and iOS devices.
But we found differences for online attacks, based on user and remote management configuration: Android has a more secure default for online attacks at start-up, but our Nexus 4 did not allow the user to set a maximum number of failed attempts from the lock screen (other devices may vary). Devices running iOS have both of these capabilities, but a user must enable them manually in advance.
Android security may also be weakened by remote control software, depending on the software used. Though the FBI was unable to gain access to the iPhone 5c by resetting the password this way, we were successful with a similar attack on our Android device.
