-
12 votes
-
Popular iPhone and iPad apps snooping on the pasteboard
6 votes -
Sharing photos has the potential to reveal a lot of personal information, even if you're careful with removing metadata
9 votes -
Sweden fines Google $8 million for right-to-be-forgotten violations – a failure to comply with Europe's GDPR after they failed to adequately remove search results
11 votes -
Secret-sharing app Whisper left hundreds of millions of users’ intimate messages, locations, and other data exposed publicly on the web
9 votes -
Google tracked his bike ride past a burglarized home. That made him a suspect.
18 votes -
EARN IT act is a direct attack on end-to-end encryption
25 votes -
Facebook files lawsuit against Namecheap
9 votes -
switching.software: Ethical, easy-to-use and privacy-conscious alternatives to well-known software
18 votes -
The case for limiting your browser extensions
9 votes -
Hidden third party telemetry found in Nokia 6.2, 7.2 smartphones
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it...
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it here.
Original article below:
I have recently purchased Nokia 6.2 and wanted to check if it sends any data somewhere, considering what happened with previous models
First, I noticed approx. daily connection to
dapi.hmdglobal.net
This is a Google Cloud that could belong to a company behind Nokia - HMD Global.
But the Privacy policy in my phone only speaks of "activation" process, not of daily diagnostics data.
So I used developer tools to remove the following packages (warning: this may break your device, I am not responsible for any consequences)com.hmdglobal.enterprise.api com.qualcomm.qti.qms.service.telemetry com.qualcomm.qti.qmmi com.qualcomm.qti.qdma
Before removing them, I used APK Extractor to save APK files just in case it breaks my phone and I may be able to attempt reinstall. This part comes into play later.
The first was my blind guess about what exactly connects todapi.hmdglobal.net
The next 3 I found mentioned in various forums for other devices as "safe to remove", however, I have not seen any telemetry sent to Qualcomm or anywhere else, except what I mention next.After removing these packages, I noticed that there are some remaining unknown connections my device attempts several times per day.
They are all done in same order, one right after the other:www.pppefa.com www.ppmxfa.com www.forcis.claro.com.co
After some investigation, I found that the first two domains point to some Microsoft Cloud servers rented in US.
The last one most probably belongs to Colombian telecom company, and this is where it becomes interesting.
After many hours of fruitless removing of different apps in my attempt so stop it, I suddenly remembered something.
When I used APK Extractor previously, there was an empty first line with some generic icon where an app icon should have been.
I went there again and indeed, this is a hidden system app, that you can not see in the list of all apps in Settings, normally. But it turns out, you can see it in Data usage (after it successfully sends some data using your mobile connection).
The name of the app is deliberately left empty to hide it, but if you click it in Data usage, you can see that this app isco.sitic.pp
, which can receive SMS, can make calls, and has access to internet.
As with all Android apps, you can reverse read the name to guess what it is.
Turns out, http://sitic.com.co is a Colombian company, who "are leaders in innovation and create mobile and WEB applications for new products and services." (credit goes to Google Translate)screenshot of the app with permissions
In other words, this app is a 3rd party telemetry, hidden from user, not mentioned in the Privacy policy, that has access to SMS.
This looks very bad and I really hope this is a malware injected by factory and not something knowingly distributed by Nokia, HMD Global, the EU company.After removing the
co.sitic.pp
app, requests to Microsoft Cloud and Columbia stopped.
I was later pointed to a German forum, where (I believe) it was first found in a Nokia 7.2 device.
So, we have it confirmed in 2 devices in 2 different countries.On German forum they contacted Nokia (I assume support) but got tired exchanging emails for weeks without any result.
On 02/03/2020 I have requested an official reply from Nokia and HMD Global via press.services@nokia.com and press@hmdglobal.com and waiting for reply.
Since I am not a journalist, I may never get one.TLDR: 3rd party telemetry is found in Nokia 6.2 and 7.2 devices, is hidden from user, has access to SMS, and sends data to Microsoft Cloud in US and a server in Columbia.
It is probably supplied by SITIC S.A.S., a Colombian company, and looks more like a malware than a telemetry.28 votes -
Firefox has started enabling DNS-over-HTTPS by default for all US-based users
33 votes -
Changing e-mail and cleaning up my Internet presence
I'm trying to clean up my internet presence and move away from at least Facebook and Google. I've come a long way with deleting my Facebook and it's now basically an empty shell for messaging....
I'm trying to clean up my internet presence and move away from at least Facebook and Google. I've come a long way with deleting my Facebook and it's now basically an empty shell for messaging. I've installed Signal and will start the grooming process with my friends and family now. If you have some solid arguments for the change regular ol' folks can understand please share them with me because as we all know "privacy" just isn't enough.
Next phase is the big one...Google or basically G-mail.
1. Is there any way to get an complete overview of where you've used your e-mail for a service online?
2. What e-mail would you recommend?
2a. I'm OK with paying a bit for overall quality, security and equally important UX!
2b. I don't use any other relevant Google products like Drive etc. It's just regular e-mail and sign in credentials for other services I basically need3. I use a Mac, iPhone and iCloud. Is iCloud a problem? IF this needs to change it HAS to be an "easy" switch and not like setting up a server for myself. Because it won't happen and I'm not skilled enough.
I would very much appreciate your input :)
EDIT: Thank you all for your thorough comments!
22 votes -
To rein in traffic-snarling new mobility modes, LA needed digital savvy. Then came a privacy uproar, a murky cast of consultants, and a legal crusade by Uber.
3 votes -
In smart apartments, is tenants’ privacy for rent?
13 votes -
Why Amazon knows so much about you
18 votes -
Prompted by Brexit, Google will move UK users' data out of Irish jurisdiction so they are no longer covered by EU privacy rules
21 votes -
I spoke out against sexual harassment at Uber. The aftermath was more terrifying than anything I faced before
16 votes -
I got a Ring doorbell camera. It scared the hell out of me.
11 votes -
The story of how Saudia Arabia influenced two well-liked Twitter employees to access thousands of users' private information and pass it to the Saudi Royal Family
10 votes -
Dis.cool is creating profiles of Discord users who have never signed up for their service and they are refusing to delete them.
22 votes -
Amazon Ring updates device security and privacy, including adding mandatory two-factor auth—but continues ignoring larger concerns
9 votes -
The Waterfox browser has been acquired by System1, the company that purchased a majority stake of Startpage in September 2019
12 votes -
Security researchers partner with Chrome to take down over 500 browser extensions in a fraud network affecting 1.7 million users
12 votes -
Watching you watch: The tracking system of over-the-top TV streaming devices
10 votes -
An algorithm was taken to court – and it lost (which is great news for the welfare state)
7 votes -
Four Chinese military personnel charged for Equifax hack
10 votes -
California’s new privacy law is off to a rocky start
12 votes -
Add-on support was just merged into Firefox Preview
@aissn: Add-on support was just merged into Firefox Preview. Thanks @gabrielluong https://t.co/cXOCB00tKk
23 votes -
Google sends a unique Chrome browser identifier through Chrome when you visit their websites
14 votes -
How Twitter's default settings enabled a security researcher to discover phone numbers for over seventeen million accounts
10 votes -
Surveillance on UK council websites - A study of private companies’ data collection on council websites across the United Kingdom
8 votes -
What to know before you buy or install an Amazon Ring camera
8 votes -
How ads follow you around the internet
8 votes -
Data
12 votes -
Avast announces that they are shutting down Jumpshot, their subsidiary that's been collecting and selling user data to marketing clients
11 votes -
The EARN IT Act: How to ban end-to-end encryption without actually banning it
16 votes -
Facebook’s Clear History tool is now available to everyone
15 votes -
Facebook to pay $550 million to settle a class-action lawsuit over its use of facial recognition technology in Illinois
9 votes -
Scroll: A subscription service partnered with major websites that removes ads and many trackers, and pays sites based on your usage
24 votes -
Jumpshot, a subsidiary of antivirus company Avast, is selling users' web browsing data to many of the world's biggest companies
30 votes -
Ring's doorbell app for Android sends sensitive user data to multiple analytics and marketing companies
10 votes -
Google researchers find serious privacy risks in Safari’s anti-tracking protections
9 votes -
Apple dropped plan for encrypting backups after FBI complained
21 votes -
The secretive company that might end privacy as we know it
23 votes -
App tracking alert in iOS 13 has dramatically cut location data flow to ad industry
21 votes -
Fifty countries ranked by how they’re collecting biometric data and what they’re doing with it
11 votes -
Are there any personalized recommendation engines/sites that you trust?
In the 2000s I used to use a service called last.fm (originally called Audioscrobbler) that would track the music I listened to and give me recommendations based on that. It was able to give me...
In the 2000s I used to use a service called last.fm (originally called Audioscrobbler) that would track the music I listened to and give me recommendations based on that. It was able to give me some really great personalized suggestions, but that came at the expense of me handing over significant amounts of personal data.
In prioritizing privacy, I feel like I've stepped away from a lot of the big recommendation engines because they're tied to data-hungry companies I am in the process of disengaging with (e.g. Goodreads is owned by Amazon). I can still find stuff I like, but it's often the result of manual searching that turns up popular recommendations that work for me, rather than less well-known or acutely relevant things. last.fm was good at giving me less "obvious" recommendations and would find music I was unlikely to find on my own. I want that, but for all of my media: books, movies, etc.
There's a second concern in that I also feel like I can't trust platforms like Netflix, who seem to prioritize their content over that of other studios. Their recommendations feel weighted in their favor, not mine.
What I want is an impartial recommendation engine that gives me high quality personalized suggestions without a huge privacy cost.1 Is this a pipe dream, or are there examples of this kind of thing out there?
1. I don't mind handing over some of my specific interest data in order to get good recommendations for myself and help a site's algorithms cater to others, as I get that's how these things work. I just don't like the idea of my interests being even more data for a company that already has thousands of intimate data points on me.
18 votes -
The last tracker was just removed from Basecamp.com
16 votes -
Release of over 100,000 leaked documents from Cambridge Analytica has started, showing the company's work in sixty-eight countries
14 votes