Privacy

Brand owner Anker has finally responded to proof of a major Eufy camera security breach, but its official statement still leaves a great many questions unanswered.

The company has now admitted that it lied to users about all footage and images being stored locally, and never sent to the cloud, after a security researcher proved that this was not true …

One of the ironies of Apple’s long-running battle with the FBI over the agency’s desire for a security backdoor into iPhones is that it could have taken advantage of one which already existed: The fact that iCloud backups of iPhones didn’t use end-to-end encryption. Apple has now finally fixed this with Advanced Data Protection (ADP).

ADP not only closes a privacy hole which should have been closed a long time ago, but will also relieve Apple of the need to engage in any similar legal battles in future …

Apple on Wednesday announced new iCloud security features to strengthen users’ privacy. This includes Advanced Data Protection with end-to-end encryption for all data saved in the cloud, as well as support for physical security keys. In an interview with WSJ’s Joanna Stern, Apple’s SVP of software, Craig Federighi, shared some details about what led the company to introduce such features to iCloud.

Proton Drive, a Dropbox and iCloud rival, has today launched iOS and Android apps for both free and paid cloud storage tiers.

As you’d expect from the company that launched an encrypted email service, Proton Mail, the emphasis is on privacy and security …

The LastPass security breach that occurred back in August did allow attackers to access customer data, says the company. It had previously said that no customer data was compromised.

LastPass owner LogMeIn stresses that customer passwords have not been compromised, as the company uses end-to-end encryption so that only the subscriber has the decryption key …

Elon Musk recently hinted that Twitter encrypted DMs were on the way, using full end-to-end encryption – and code spotted in the iOS app suggests that it will use the same E2E encryption standard as Signal.

Plans for E2E encryption of Twitter direct messages date back to at least 2018, and it appears that the company has resuscitated code written back then …

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.

It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression …

Mozilla has announced an update to its Firefox Relay and VPN security offerings today with the main change making them a more affordable, bundled subscription. For $6.99/month, you can get both the Relay and VPN services from the non-profit to protect your devices.

iOS privacy concerns were raised last week when security researchers appeared to demonstrate that iPhones send the same analytics data to Apple whether you grant or decline permission.

The same researchers have now demonstrated that Apple can – despite assurances to the contrary – link this data back to individual users, as the same ID is used as that for iCloud accounts …

A potentially sensitive US Army iOS app is among thousands of iOS and Android apps to include user-profiling code from a Russian company that pretended to be an American one – raising both privacy and security concerns.

The Centers for Disease Control and Prevention (CDC) also used the code in seven of its apps. Both organizations have now removed the code, but it remains present in thousands of other apps …

A security researcher has discovered that Apple analytics data is collected and sent from iPhones, whether or not users consented during the setup process. The amount of data collected was described by the researcher as “shocking.”

A class action lawsuit has now filed, which says that Apple’s privacy promises are “completely illusory” …

Apple has always stood for privacy as a “human right” while the company has never liked the idea of having advertisements on its platforms. But as the App Store is now getting new ad placements, some people have become concerned about how the company’s policies may change. To add more fuel to the fire, developers have discovered that Apple may keep track of everything you tap while browsing the App Store.

Security researchers have found a surprising method for exposing location data in otherwise secure messaging apps WhatsApp, Signal, and Threema.

While the method sounds imprecise, tests showed that it provided greater than 80% reliability …

A security researcher back in August found a significant flaw in iOS VPN apps, and a second researcher has now demonstrated another major issue.

The first problem was that opening a VPN app should close all existing connections, but didn’t. The second is that many Apple apps send private data outside the VPN tunnel, including Health (above) and Wallet …

A new report reveals that Pegasus spyware was used in Mexico after the president expressly said that the government no longer used the malware.

It was used to capture data from the phones of two journalists specialising in reporting on government corruption, as well as a prominent human rights defender …

One of the important new features in iOS 16 is Safety Check. Designed as a tool for those at risk for domestic abuse or similar situations, Safety Check for iPhone lets users immediately revoke location access others have – including apps – and also walks through a security review.

Brought to you by Mosyle, the only Apple Unified Platform. Mosyle fully integrates 5 different applications on a single Apple-only platform. Businesses can automatically deploy, manage & protect all their Apple devices. Request a FREE account to learn how to put your Apple fleet on auto-pilot at a price point that is hard to believe.

Meta is facing a class action lawsuit after both Facebook and Instagram were found to be using an App Tracking Transparency workaround to track users on the web, even after they were denied permission to do so.

The company is accused not just of breaking Apple’s privacy rules, but also violating both state and federal laws …

An Uber hacker who has gained access to a number of the company’s internal systems, including its Slack channels, claims to have full control of the company’s cloud-based servers and more. This includes the company’s servers on both Amazon Web Services and Google’s GSuite.

Incredibly, the attack appears to have mimicked the one back in 2016, which compromised the personal data of 57 million. This suggests that Uber failed to fix a massive security hole, enabling the same attack to be made six years later …

A report shows the average price of in-app purchase has increased 40% on iOS since last year, and one of the main reasons is Apple’s App Tracking Transparency function that it’s making it more expensive to reach the right users.

Ring doorbell security has been a source of controversy for some time, but the company finally appears to be taking privacy issues seriously. It is now supporting end-to-end encryption of video footage for wireless as well as wired products.

The change will finally address security flaws which have been highlighted as far back as 2019 …