Tag Archive for Privacy

| June 16, 2022
Comments Off on Tim Horton’s Caught Collecting Private Data

Tim Horton’s Caught Collecting Private Data

Tim Horton's Caught Collecting Private DataThe mobile app from coffee shop Tim Horton’s has been collecting vast amounts of users private data without consent. The Canadian federal privacy commission investigation began two years ago after the Financial Post reported on Tim’s contract with Radar Labs Inc. Radar Labs is a third-party U.S. firm that provided enhanced location tracking services for the app.

What Private Data Did Tim Horton’s Collect?

Tim Horton's app collected users' geolocation without their knowledge.Between May 2019 and August 2020 the Tim Horton’s app, which has four million users, collected users’ geolocation without their knowledge. The app collected personal data from users even when the apps was not being used. People who downloaded the Tim Horton’s app had their movements tracked and recorded every few minutes of every day, even when their app was not open.

Radar was able to use the information it collected in the app to identify personal location data. The app could identify a user’s home, place of work and when they visited a competitor of Tim Horton’s. Reports are the app noted when users entered a Starbucks, Second Cup, McDonald’s, Pizza Pizza, A&W, KFC or Subway. The Tim Horton’s app was even able to figure out if users had been traveling. The app generated an “event” every time users entered or left a Tim Horton’s competitor, a major sports venue, or their home or workplace. Canadian Privacy Commissioner Daniel Therrien said in a statement

Tim Horton’s clearly crossed the line by amassing a huge amount of highly sensitive information about its customers

What Happened to Tim’s?

delete the granular data it collected, and any further data derived from itAccording to the report, Tim Horton’s collected granular location data for the purpose of targeted advertising and product promotions. Even though Tim’s never used the information for those purposes. The investigation also found that there were inadequate contractual protections for users’ personal data. Commissioner Therrien commented,

The location tracking ecosystem, where details of our daily lives are treated as a commodity to be exploited to sell us products and services such as a cup of coffee, heightens the risk of mass surveillance

Based on its findings, the OPC ordered Tim Horton’s to delete the granular data it collected, and any further data derived from it and to order all third-party providers to do the same. Tim Horton’s has since complied. Additionally, the company agreed to create a privacy management program for the app and all future apps to prevent another privacy violation. The Office of the Privacy Commissioner noted, there “is a real risk that de-identified geolocation data could be re-identified.

Tim Horton’s has more than 5,100 stores in 13 countries. Most are in Canada, but there are more than 600 in the US, mostly in New York, Michigan, and Ohio.

rb-

Tim Horton’s was caught collecting illegitimate data via its app. It is a safe bet that many more apps are doing much the same with dubious consent. It is essential to always read through a user agreement before consenting. Both Apple and Android offer options on their phones to restrict how their apps track them. A step in the right direction.

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| January 26, 2021
Comments Off on Data Privacy Day 2021

Data Privacy Day 2021

Data Privacy Day 2021Data Privacy Day in the U.S. is January 28, 2021. It is an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection

Why is Data Privacy Day important?

In this era with the rapid advancement in technology, having relevant data is the key to the success of any organization.  Almost every organization is collecting and combining the data in order to put the right content, in front of the right person, at the right time, and on the right platform. 

Why is Data Privacy Day important?The data is collected from the users or customers who submit their personal information trusting the firm will keep the data private. Users provide their personal information to the companies with the trust of receiving a better service and with the trust that their data is private, safe, and secure. But when the goes into the wrong hands and data privacy fails, bad things can happen. Data breaches result in cyber-criminals misusing user information for scams and identity theft. That is why everyone needs to “Own Your Their Data Privacy.” Here are resources to help you “Own Your Data Privacy.”

Update your Privacy Settings

Your purchase history, IP address, location, etc., has value – just like money. (How else does Mark Zuckerberg make his $100 billons?) Make informed data privacy decisions about sharing your data with companies. Consider the amount of personal information you are giving up and weigh it against the benefits you may receive. Use these resources provided by the National CyberSecurity Alliance (NCSA) to update your privacy settings on popular devices and online services.

Keep tabs on your apps

Keep tabs on your appsMany apps ask for access to personal information, like geographic location, contacts list, or photo album, before you can use their services. Be wary of apps that require access to information that is not required or relevant for the services they are offering. Use these tips from the Data Detox Kit, to protect your data privacy. Keep your apps up to date. Delete unused apps on your devices.

Manager your passwords!

You don’t need to be overwhelmed by all your log-ins and passwords. Use a password manager to keep your data private and track your strong passwords. Add an extra layer of protection by activating Two-Factor Authentication (2FA) whenever it is available. With 2FA, even if a cybercriminal steals your password, they won’t be able to access your account.

Take action!

  • Make sure your computer is free from known viruses, spyware, and discover if your computer is vulnerable to cyber-attacks. Use these Free Security Check-Up resources from NCSA to protect your data privacy.
  • Check your online safety know-how with a privacy and security quiz. Get started with the National Privacy Test and Google Phishing Quiz. To measure how good you are at protecting your privacy.
  • Join the National Cyber Security Alliance – and LinkedIn on January 28, 9 a.m. for the signature video conference event Data Privacy in an Era of Change. It gathers data privacy experts from industry, government, academia, and non-profit for keynotes, panels, and discussions on current topics in data privacy – Register here.
  • Show your support for Data Privacy Day by using one of the International Association of Privacy Professionals’ official Data Privacy Day virtual backgrounds for video collaborations.

rb-

Data Privacy Day reminds us of the value of our data and the rights for data transparency. It is the day that tells us to re-evaluate and identify the flaws in how we have been collecting, sharing, and using the data. The day persuades us to find a way to patch the loopholes so that our valuable data do not get tampered with malicious malware, misused, or lost.

 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| November 27, 2020
Comments Off on Does that Doggy E-Toy Protect Privacy?

Does that Doggy E-Toy Protect Privacy?

Does that Doggy E-Toy Protect Privacy?Thanks to COVID it is the virtual silly season. No more jamming into malls it is online shopping now. Half of shoppers spend some of their money on pet treats and other supplies this holiday season. If your virtual gift list includes presents for your four-legged buddy – be careful, there are some puppy toys out there that can compromise your privacy while Fido is entertained. Mozilla’s “Privacy Not Included” project analyzed the security of pooch-gifts, and the results are not good for your privacy.

Internet of ThingsAll of these technologies can become part of the Internet of Things (IoT). IoT technology interconnects them. For example, IoT connects the camera in your living room with the smartphone on your desk, allowing you to monitor your pet while you’re at work. IoT enables the collection and interconnectivity of data, which is extremely important when considering your safety and privacy.

Dogness iPet Robot – This doggy toy costs $299.00 and has all the bells and whistles to keep Fido entertained. It moves and chases your pooch. It has an HD video camera with night vision to record your pup, two-way audio to talk to your doggo, a laser to chase, and the ability to toss treats to your buddy with the click of a button in the app. The iPet Robot connects over Wi-Fi so your home network better be secure – otherwise, somebody could take over the rolling spybot and catch your pooch – or you – in a compromising position.

Dogness iPet RobotThe Dogness iPet Robot also comes with Mozilla’s “*Privacy Not Included” warning. The bot can roll around your house with a night vision camera and microphone while connected to Wi-Fi. Mozilla says that both the Dogness device and app can snoop on you. The researchers report the device doesn’t encrypt your data. Dogness doesn’t state what information is collected from the robot, or what they do with it. Dogness uses artificial intelligence, but the reviewers could not determine how the firm uses AI.

If that is not scary enough, in March 2020, it was reported that Dogness left its Amazon ElasticSearch server exposed, containing the usernames, emails, clear-text passwords, and session cookies of its users. The unprotected information has led to the complete exposure of its production SQL database and application source code and the complete takeover and control of its pet feeding devices and associated accounts.

Mozilla could not determine if the Dogness iPet Robot meets its Minimum Security Standards.

Cheerble WickedboneCheerble Wickedbone Interactive Gaming Toy For DogsThis $78.99 interactive bone is next on the naughty list. You can control this interactive bone through an app on your phone that connects through Bluetooth. From the app you can make the bone roll around and change colors. When you get bored, a 20-minute interactive mode can entertain your pup without you.

The app requires access to your phone’s GPS location data—why? That’s a good question. Additionally, the reviews could not determine if the firm encrypted your data, required strong passwords, or used AI to make decisions about you. And like most IoT devices, it doesn’t seem to have a way to manage security vulnerabilities. Mozilla says this pet toy does not meet its Minimum Security Standards for these reasons.

Fitbark GPSFitbark– I first wrote about Fitbark back in 2013. The Fitbark GPS costs $99.95 + subscription + the costs of Verizon’s LTE-M cellular network coverage. It is a bone-shaped tracking device that goes on your dog’s collar and will track her just about anywhere in the U.S. It also connects to Wi-Fi.

The Fitbark monitors your dog’s activity, sleep habits, scratching habits, and stress 24/7. You can link it to your FitBit, Google Fit, or Apple HealthKit apps and you can stress about your doggo’s health too.

Mozilla reports that Fitbark tracks your dog’s movements and whereabouts with Bluetooth, Wi-Fi, and GPS. With all that tracking, an attacker could keep tabs on you or your pup. The app does collect personal data, including name, email, phone number, address, date of birth, profile photo, dog’s health, and biometric data.

Felik Pet CompanionThe Felik Pet Companion—This mouse-shaped bot costs $129.00. It has a camera and artificial intelligence that tracks your pet, learns from their movements, and reacts to how they hunt so it can simulate real prey. Felik connects to the Wi-Fi in your house and has an app where you can schedule play throughout the day.

Mozilla says the firm seems to take privacy and security seriously. They built security and privacy-aware features into the dog toy, like the ability to toggle Wi-Fi on and off with a physical button, an indicator light when the camera is streaming, and even an on-device firewall.

Since it has a camera and a microphone, it could be sued to snoop on you. The app tracks your location. The product uses AI to analyze your personal data to make decisions about you. However, users can request an explanation about any decisions taken as a result of automated decision-making by contacting Felix.

rb-

The Felik Pet Companion is the only online dog-toy that I would allow in my home.  

The Mozilla *Privacy Not Included buyer’s guide investigates the privacy and security of connected toys, gadgets, and smart home products. They flag products they think consumers should think twice about before buying. Mozilla looks at how well they can confirm a product meets a Minimum Security Standard.

 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| October 26, 2020
Comments Off on Work From Anywhere Movement

Work From Anywhere Movement

Work From Anywhere MovementChanges in the workforce are beginning to emerge as we suffer through 6 months of the COVID-19 pandemic. Matt Mullenweg, CEO of Automattic, the parent company of WordPress and Tumblr blogged, “This might be a chance for a great reset in terms of how we work.Slack co-founder and CEO Stewart Butterfield told the BBCWe all know that work will never be the same, even if we don’t yet know all the ways in which it will be different.” Recent reports from Owl Labs and staffing firm Robert Half put numbers to what many have sensed – the nature of work has changed to work from anywhere.

Work from anywhere benefits

The Owl Labs State of Remote Work report and Robert Half 2021 Salary Guide (PDF) looked at work from anywhere. The reports found unexpected benefits and challenges. Employee expectations have shifted as 69% of full-time workers in the U.S. are working from home during the COVID-19 pandemic. The change in the nature of work has benefits for employees and employers.

Employees are seeing economic and personal benefits from the change in the nature of work. Owl Labs reports that workers are saving almost $479.20 per month on additional expenses related to work. That is nearly $6,000.00 a year savings. U.S. Federal Highway Administration reports that U.S. road traffic fell by more than 25% during the lockdowns. Traffic levels dell to the lowest level since 1995. As a result, Owl Labs found that the average WFM employee saving 40 minutes per day on the daily commute. That totals to over three workdays per month which can be dedicated to personal objectives.

Work-life balance

Remote work has mental health and work-life balance benefits, too.

  • work-life balance77% of respondents told Owl Labs that having the option to work from home would make them happier.
  • 77% report that working remotely would make them better able to manage work-life balance.
  • 72% of all survey respondents agreed that the ability to work remotely would make them less stressed

In 2013 old-school Yahoo CEO Marissa Mayer, claimed, “Speed and quality are often sacrificed when we work from home.” She was wrong. Employers are also gaining benefits from the new work from anywhere. 20% of employees told Owl Labs they worked more hours per week during the pandemic – for the same pay.

working more hours per week during the pandemicDuring COVID, the average work from anywhere employees worked an extra 26 hours each month. Which is nearly an extra day every week. Despite claims to the contrary from old-school managers, worker productivity has improved. 75% of people working from home report they are the same or more productive during COVID-19. In 2020, people are using video meetings 50% more than pre-COVID-19.

Being able to work remotely some of the time also makes the employers more attractive to staff. Respondents told the researchers that with remote work:  

  • 80% would feel like their employer cares,
  • 74% would be less likely to leave their employer,
  • 59% would be more likely to choose one employer over another in their next job if they offered remote work.

look for another role that allowed remote workIf working from anywhere was no longer an option after COVID-19, almost 70% of respondents would be less happy. Almost half would look for another role that allowed remote work. Robert Half found that 60% of workers want to work for an organization that values its staff during unpredictable times.

80% of full-time workers told Owl Labs they expect to work from anywhere at least three times per week after the lockdown. Robert Half also found that 74% of employees want to work remotely more frequently following the pandemic.

Increase surveillance

Of course, this is not all puppy dogs and rainbows. Employers may increase surveillance of WFH staff. Firms uncomfortable with the work from anywhere movement can turn to software track employees. Productivity monitoring is available from Aware, ActivTrakTime Doctor, or TeramindPwC has developed a facial recognition tool that logs when employees are away from their computer screens while working from home.

increased surveillance of WFH staffThe Guardian reports that interest in Teramind’s product has tripled during the pandemic. When Teramind’s “agent” is downloaded to employees’ computers, they can measure employee time spent on different windows. It can playback or live-stream a view of an employee’s screen and record their every keystroke. It can also raise a flag if certain predetermined words are typed. Eli Sutton, the firm’s head of operations told the paper that 70% of Teramind’s clients are concerned about productivity. He said, “Teramind is an extra set of eyes to make sure distractions aren’t causing issues.

Forty-three percent of survey respondents told Owl Labs that if their employer started monitoring their WFH activity as a way to track productivity they would be unhappy or leave.

rb-

Having an expanded remote workforce alters the dynamics of work. Employees will no longer be bound by geography to find the best opportunity. Employers can expand their pool of candidates. The work from anywhere movement will also raise tensions between old-school managers who are about control and their remote employee’s privacy.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| October 10, 2020
Comments Off on Smart Backpacks

Smart Backpacks

Smart BackpacksI first wrote about Google’s Project Jacquard which weaves conductive threads to create touch-responsive clothing in 2015. Since then COVID has changed the world. As a result of the pandemic, Gartner found that 88% of businesses mandated or encouraged all their employees to work from home as COVID-19 spread and 97% of the firms canceled all work-related travel.

Despite the growth in WFH, Google’s Project Jacquard has announced its latest innovation: two new smart backpacks developed with luggage maker Samsonite. Unlike the previous Jacquard backpack co-created with Yves Saint Lauren with a stupid $995 price tag, The Samsonite version has prices low enough for normal people to actually consider buying one.

The new Google Jacquard “Konnect-i Slim” smart backpack begins at $199.99. The slightly larger “Konnect-i Standard” will run you $219.99. Both available are through Samsonite’s webshop. Both are also water-repellent, and they have the same materials and feature list.

Besides smart backpacks, Google has partnered with Levi to make the Trucker jacket with Jacquard and Adidas to create the GMR insoles that use Jacquard.

Connect the smart backpacks

Jacquard controlsTo connect the smartbackpack to your iOS or Android phone, you’ll have to stuff a thumb-sized dongle into the backpack’s strap. According to Engadget, the module syncs with your phone via Bluetooth. The functionality seems pretty limited. Through the Jacquard app, you can define what brushing up and down or double-tapping the strap does. You can skip or pause your music, ask Assistant a question or drop pins to remember places you’ve been, or take a selfie. An LED on the strap will light up to alert you to notifications.

Jacquard relies on a small Micro-USB-charged Bluetooth puck which contains most of the electronic components. Google reduced the physical footprint from a large USB drive to something roughly the size of an SD card. It’s charged using magnetic pins, and data transfer is possible with a microUSB connector. The removable Jacquard Tag lasts up to two weeks on a charge and is separately rechargeable. The Jacquard Tag module still needs to be removed before washing.

The Samsonite Jacquard backpacks require an internet connection, a compatible Android or iOS phone, the Jacquard app, and a Google account for access to Jacquard features. For Android, you need a supported phone running Android 6.0.1 or newer. For iOS, you need an iPhone 6 or newer running iOS 11 or newer.  Data usage fees may apply. 

rb-

Ambient computingAs a product still don’t get it – as wearable tech – it seems to me that the $200 iWatch can do more than the backpacks. But as another way to invade our lives and steal our data – it makes sense.

Google told CNet it could add gestures on top of voice into Google Assistant – “… as a new direction for Google’s AI … Bringing these nonverbal cues into the conversation with technology is a key opportunity …” 

Combining AI with Google’s security and privacy problems makes me uneasy. In this uber-google world, will they give us the best result or the one that is paid for? 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »