“It has become second nature to connect various apps like Instagram, SocialCam, Angry Birds, CityVille, and Spotify to your Facebook ID. You just click ‘agree’ without even really knowing what you are agreeing to. What you don’t realize is that social apps linked to your Facebook profile can pretty much track your and your friends’ whole life.”
This quote, from Christian Sigl (co-founder of secure.me, which is now part of AVAST), originally appeared in Mashable in September, 2012.
Back then, we wanted to give users a heads-up and create awareness to think twice before sharing personal data with apps – regardless if via smartphone or the Web. Part of the message was that you never know what can happen with your data and in whose hands it could end up in. Today, we know where the data went: The NSA and its British counterpart, GCHQ, have accessed data from Angry Birds and other smartphone and tablet apps, including sensitive information like age, location, education level and sexual orientation. The data accessed was collected directly from phones including geolocation, handset model, handset ID, software version and more – but personal information like sexual orientation, age and education level probably came from social media connect options.
Rovio, the company behind Angry Birds, has reacted and denied that they provide data to the NSA. Instead, they point out that they will rethink relationships with the ad networks they work with. “The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries”, Rovio announced.
Regardless of how this data landed on NSA desks, giving away your customer’s personally identifiable information to a third-party organization is never a good move.
Users couldn’t really have done anything to avoid their data from ending up with the NSA, the only preventative action that could have been taken would have been limiting the amount of personal data that could be collected from social networks. Social network data isn’t meta data, this is information people share voluntarily. So of course, we know today that the NSA can access very sensitive and personal information if they want to – they will find a way if you’re of interest to them. Most of us aren’t though and one thing you can do to limit the amount of data that’s collected is to avoid online oversharing with apps and social networks.
Tuesday, January 28 is Data Privacy Day, an international effort to empower and educate people to protect their privacy and control their digital footprint. Here at AVAST, we will take the whole week to talk about privacy, and how we can make the protection of privacy and data a greater priority in our lives.
Make sure you take the My Privacy IQ quiz to test your knowledge (and maybe win a free license and avast! teddy.)
What is the difference between privacy and security?
While privacy and security overlap in certain ways, they are distinct concepts. Security is defined as “freedom from danger or risk” and “precautions to guard against crime, attack, etc.” You use antivirus software to help protect against a security breach or having your personal data stolen by cybercrooks.
Privacy is “the state of being free from intrusion or disturbance in one’s private life.” This summer, we saw how closely connected these two concepts are when Edward Snowden revealed, through a security breach, how big data companies were complicit with the NSA snooping into normal people’s private lives.
AVAST Software is proud to be a champion of Data Privacy Day, celebrated every year on January 28th. We encourage you to make protecting privacy and data a greater priority. Read on to find out if you are a Privacy Pro!
Find out if you are a Privacy Pro or if you need to learn more to protect your personal information online by taking the My Privacy IQ Quiz. Take the quiz here, by submitting your answers, as a comment to this blog post. The first 5 participants who will answer all questions correctly win avast! SecureLine VPN for Android or iOS or an avast! teddy bear. Alternatively you can enter a quiz at our Facebook here. Quiz ends on Monday, February 3rd
My Privacy IQ quiz
1) Do privacy policies guarantee that your information will be kept private?
An article in German magazine Der Spiegel stated that the NSA is capable of installing backdoors on devices by Juniper Networks (firewall manufacturer), Cisco and Huawei (giant network device manufacturers), and also, Dell. According to the article, a special hacking team intercepted some new computer deliveries to secretly install spyware in these machines. Der Spiegel did not reveal how they got access to this information, although it’s public that they have access to secret information leaked by the former NSA contractor, Edward Snowden.
The magazine has access to secret documents describing a method of direct attack on an end-user device called “interdiction.” If a person was being investigated and bought a new computer, the Tailored Access Operations division (TAO) of the NSA could have access to it. They collect online information using a tool called XKeyscore, like the British journal The Guardian revealed last July. They also are able to redirect the internet traffic to their own servers. Der Spiegel said that this redirection occured with high success (50%) when people were browsing the professional network LinkedIn.
But I’m not interesting enough…
Ok. You’ll say that you’re not included in the “interesting” people to be investigated by the NSA. What you need to know, quickly, is that there are tons of spyware and behavior monitoring tools being distributed all over the world. Our team detected more than 6 million of them disguised as toolbars for browsers. These nasties monitor everything from your browser habits to your personal information.
Similar to NSA, some “security companies” do this dirty job of monitoring. Did you read about avast! BrowserCleaner yet? You can get rid of spyware toolbars using this tool inside avast! Antivirus products, or you can download the standalone version here. Learn more about it in this blog entry. And, of course, do not forget to alert your friends and family.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Recently an open letter from Bits of Freedom, a group comprised of 24 digital rights organizations and academics, including the Electronic Frontier Foundation (EFF) in the US and Netzpolitik.org in Germany, was sent to security software vendors. AVAST did not receive the letter “officially,” although our company was listed among the vendors.
The purpose of the open letter was request a clarification of our policy on the use of software for the purpose of government-sanctioned surveillance of its citizens. In other words, do we look the other way when governments or law enforcement agencies install malware on private citizens’ personal computers to collect data?
It has become very clear that governments will do anything to gain access to as much information as possible,” says Bits of Freedom’s Ton Siedsma. “Requests like these, coming from law enforcement agencies or secret services, lower the general level of protection of all users of antivirus software. The software isn’t just used by suspects, but by all of us. This is something to be very concerned about, so we have asked the antivirus software vendors for transparency on this matter.
AVAST’s Chief Technology Officer, Ondřej Vlček, responded to their questions:
1. Have you ever detected the use of software by any government (or state actor) for the purpose of surveillance?
Yes, we have had incidences where it became apparent that software our programs detected was in fact surveillance software. Although it’s not always 100% clear who is behind this, in some cases we had reasons to believe that it was distributed by government institutions.
2. Have you ever been approached with a request by a government, requesting that the presence of specific software is not detected, or if detected, not notified to the user of your software? And if so, could you provide information on the legal basis of this request, the specific kind of software you were supposed to allow and the period of time which you were supposed to allow this use?
No. We have never been approached by any government agency, but we also don’t think that this realistically would ever happen. It would be very risky for a government agency to ask antivirus companies to ignore and not detect their malware. They can’t expect that security companies would keep this information to themselves; this would therefore risk the news about their malware getting leaked to the media faster than they can think.
3. Have you ever granted such a request? If so, could you provide the same information as in the point mentioned above and the considerations which led to the decision to comply with the request from the government?
No, we have never granted such a request.
4. Could you clarify how you would respond to such a request in the future?
The security and privacy of our users has been the core of our business for 25 years. Whenever we detect malware, regardless of its origin or type, we always protect our users. This includes malware from governments and official institutions – if we detect the malware, no matter the origin of the creator, we create a solution to protect our users.
PRIVACY. It’s the word of the year from dictionary.com. With reports of the NSA turning the internet into a vast surveillance platform, FBI agents and hackers monitoring citizens through home appliances, web-browser tracking cookies multiplying like rabbits, and information you post to social networking sites yourself, the loss of individual’s online privacy and the extensive access of personal data became a mainstream topic in 2013.
In an interview about security issues with SC Magazine, Vincent Steckler, AVAST’s CEO said that the next aspect of security that needs consideration is privacy. Both consumers and corporates are going to need social media protection capabilities, including checking of links for malware, better control of privacy settings, and control over apps. That goes for tracking in browsers as well.
Abandon all privacy, ye who enter here
Ondřej Vlček, AVAST’s Chief Technology Officer, agrees. “’Do not track in browsers’ doesn’t really work,” he says. “It’s up to the servers whether to adhere to [the HTTP Do Not Tracker header] or not. Most commercial services don’t adhere to it.”
Raise your hand if you use your smartphone to surf the web, compare prices, or buy movie tickets? (That looks like most of us.) Lots of people don’t realize that mobile brands, apps and websites ‘track’ their online movements. Vlček said there are plug-ins that remove things like tracking from ad networks, analytics services or Facebook’s Like buttons without breaking the service. He suggests this approach is an important piece of the puzzle for privacy protection.
On September 30th, Facebook introduced changes on the New Graph Search. Currently available only on desktops, it will be rolled out in phases. Since its release in January 2013, Graph Search has gone through a great transformation. Users are now allowed to search for status history, images, check-ins, comments - basically anything. The goal is to provide users with enhanced search options, so they can find interesting information without leaving the social network.
How does Facebook Graph Search work?
The top search bar works similarly to a browser search engine. The exception is that it searches within Facebook itself and requires specific search commands to make your search successful. For example, imagine you are a passionate bowler. You would like to set up a bowling team, however you don’t know any fellow bowlers in your hometown. Now you can log in on Facebook and search using the following search terms:
People who checked in at Bowling Alleys in Los Angeles, California
You will see all your friends who may have gone bowling without your knowledge, as well as other people, you may or may not know, who checked in. You can interact with them and, for example, establish a Facebook Interest group, to finally create your dream bowling team.
Another example: You love to travel and you would like to investigate places you are planning to visit ahead. Search for:
Images taken in Rio de Janeiro, Brazil
to preview all public pictures of the place you want to visit. Moreover you can see the comments, recommendations, and tips from others. A final example:
TV shows my friends who live in Dallas, Texas like Read more…
Don’t talk to strangers.
Look both ways before crossing the road.
These little warnings given to children by moms everywhere are meant to make them aware of their surroundings. Even when we’re grown, we still follow these suggestions. In anticipation of National Cyber Security Awareness Month and the European Cyber Security Month, we asked AVAST users for cyber awareness tips and gave prizes for those we found most valuable and those that others voted for.
During round 3 of our #SecurityTip contest, we asked about safety on social media,
Congratulations to Ajla H. of Bosnia and Herzegovina who wrote the winning tip:
I would recommend my friends to learn how to use privacy and security settings on social networks, because then they can control who sees their posts and control who can contact them. I would also recommend them not to post pictures they wouldn’t want their parents or future employers to see. And my last tip is to keep their personal information to themselves so no one can steal their identity.
Ajla receives a Nexus 7 tablet and a 1-year license for avast! Internet Security. A 1-year license for avast! Internet Security went to five participants also asked their friends to vote for their tip. Congratulations to:
- Guylaine H. from Canada
- Syed A. from Pakistan
- Jeff A. from Costa Rica
- Tanveer A. from Pakistan
- Kelvin I. from Philippines
Thanks to all our Facebook fans who added their security tips each week. These are valuable suggestions for cyber awareness that we will continue to share with others.
During this month, we’ll talk more about cybersecurity with AVAST experts and share tips that you can adopt and share. For all the latest news, fun and contest information, please visit our blog often and follow us on Facebook, Twitter and Google+.
Recently, we have seen many Facebook posts with links leading to applications called Give Hearts, Drink It Up and Daily Horoscope. The applications are very popular – they have over 5 million monthly users – and are managed by the same provider called App Discovery Engine. The posts attracted my attention because they seem to be posted automatically. The entire post consists of the URL which contains quite long text separated with ‘+’. (Later we will see that the text is a horoscope that you see on the page of the application).
To begin investigating these apps I follow the link leading to the Give Hearts application. It redirects me directly to the application. But before I can use it I am asked to grant Give Hearts access to information on my Facebook account like my email or friend lists.
Millions of users access social networks every day in order to share, engage, and look for information as well as entertainment. The transparency of social networks come with a risk and we very often expose ourselves to hackers and scammers that can take advantage of information we share. Social platforms constantly improve security and privacy settings, to deliver a safe experience to the users, but who has time to follow all this news? Well, you can relax and rely on us. AVAST specialists are here to deliver this information in an accessible way.
Last month we prepared a security and privacy update following the most important changes on Facebook, Twitter, and Pinterest. Check what has changed since than to enjoy a secure social media experience!
At the end of August, Facebook chief privacy officer Erin Egan published an official blog post, as a response to rumors and extensive discussion on the company’s Data Use Policy. One of the biggest concerns were related to how Facebook displays our data to its clients advertising on the social network. Currently pages can target us even by our name.
Advertisers may also be able to reach you on Facebook using the information they already have about you (such as email addresses or whether you have visited their websites previously).
#AVASTtip: There is not much space for us users to really influence it, but Facebook is open to user feedback. If you would like to comment or express your opinion, you can do it here .