Tag: Google

Your phone is tracking your every move

Your phone can reveal all of your physical activities to Google and the apps you use.

The sensors inside it can monitor, understand and disclose your real-world movements, based on what’s happening to the phone itself.

It can tell, for instance, if you’re standing up, or if you’ve just lifted your phone off a desk, or if you’ve started
walking.

An Android permission called “Activity Recognition”, which was discussed on Reddit and highlighted by DuckDuckGo last week, makes it much easier for developers to work out what you’re doing at any one time.

Shazam and SoundHound request the permission, but it isn’t completely clear why.

Though Activity Recognition isn’t new, the reaction to the Reddit and DuckDuckGo posts suggests a lot of users are unaware of it.

“The Activity Recognition API is built on top of the sensors available in a device,” says Google.

“Device sensors provide insights into what users are currently doing. However, with dozens of signals from multiple sensors and slight variations in how people do things, detecting what users are doing is not easy.

“The Activity Recognition API automatically detects activities by periodically reading short bursts of sensor data and processing them using machine learning models.”

Activity Recognition can tell developers when your phone is: in a vehicle, such as a car; on a bicycle; not moving; being tilted, due to its angle “relative to gravity” changing; on a user who’s walking or on a user who’s running.

It can even tell when you’re doing more than one thing at once, such as walking while being on a bus.

The API automatically gives its findings a likelihood rating out of 100. The higher the number, the more confident it is that you’re actually doing what it believes you’re doing.

This information is fed to the apps you’ve granted the Activity Recognition permission to.

“A common use case is that an application wants to monitor activities in the background and perform an action when a specific activity is detected,” says Google.

For instance, an app can automatically start monitoring your heartbeat when you start running, or switch to car mode when you start driving.

Though it can prove useful, it also sounds somewhat creepy.

The fact that Google categorises buries it in the “Other” category of permissions and doesn’t let you deny or disable it doesn’t help matters.

Google keeps a complete list of almost everything you’ve looked at, and what’s more, the company has made it difficult to find out which apps ask for the permission.

Right now, the only way to find out is by checking out each of your apps’ permissions one-by-one, by going to Settings, Apps, tapping an app, hitting the menu button and selecting All Permissions. It’s a slow and laborious process.

If you’re particularly concerned about Activity Recognition, it’s worth going through the effort and uninstalling any of you apps that request the permission, for peace of mind.

What can you do about Activity Recognition?

  • Read app permissions closely when you install a new app
  • Go into settings on your phone and read each existing app’s permissions
  • Delete apps that require Activity Recognition permissions

By Aatif Sulleyman for The Independent 
Image credit: Reuters

Google is warning users that Secure Sockets Layer (SSL) certificates purchased from Symantec, VeriSign, GeoTrust, Thawte, Equifax and RapidSSL are not secure – raising questions for businesses using them.

SSL certificates are small data files that digitally bind a cryptographic key to an organisation’s details. When installed on a Web server, it activates the padlock and the https protocol and allows secure connections from a Web server to a browser.

Browser developers, including Google, have raised questions about the way Symantec issued SSL certificates, and have threatened to stop recognising them, a move that could hurt Symantec’s customers and worry visitors to the Web sites using the affected certificates.

Improper issuances
In March, Google accused Symantec of misusing at least 30 000 such certificates, potentially allowing attackers to masquerade as legitimate Web sites.

The Internet giant expects root certificate authorities like Symantec to validate domain ownership before issuing certificates and to secure their operations and infrastructure against signs of improper issuances as well as auditing logs to review issuance activity.

Google stated Symantec had not met these standards and had allowed outside access to their certificate infrastructure without proper oversight.

Symantec SSL certificates – estimated to make up one in every six SSL certificates currently deployed online – include certificates issued by VeriSign, GeoTrust, Thawte, Equifax and RapidSSL because Symantec bought their certificate authorities and they were subsequently added to the Symantec root.

The search-engine giant indicated last month that it has added a new feature under the “Developer Tools” menu item in the latest version of its Web browser, Google Chrome, alerting users that Symantec, VeriSign, GeoTrust, Thawte, Equifax and RapidSSL SSL certificates issued before 1 June 2016 will be considered distrusted from next March.

The core of the issue surrounding Symantec certificates – the business operates under brand names such as VeriSign, Thawte, Equifac, RapidSSL or GeoTrust – is that Symantec “entrusted several organisations with the ability to issue certificates without the appropriate or necessary oversight,” says Google.

The latest version of Google Chrome – the world’s most popular browser – called version 62 is scheduled to go live between 22 and 28 October. According to Net Market Share, Chrome dominates the browser market with a 59.61% market share.

The next big upgrade, called Chrome 66, is expected mid-April 2018 and visitors to Web sites using Symantec certificates issued before 1 June 2016 will receive warnings that the sites are “untrusted”.
Google has also indicated that Chrome 70 – estimated for roll-out in October 2018 – will distrust any certificate issued by Symantec’s old infrastructure, including those sold after 1 June 2016.

DigiCert deal
Following the impasse, Symantec has since entered an agreement with identity and encryption solutions provider DigiCert, which will acquire Symantec’s Web site security and related public key infrastructure solutions.
Under the terms of the agreement, Symantec will receive approximately $950 million in upfront cash proceeds and approximately a 30% stake in the common stock equity of the DigiCert business at the closing of the transaction.
However, Lauren Collier, SSL sales manager at cyber security firm LAWtrust, says while DigiCert – which is buying Symantec’s certificate authority business – is promising to issue replacement certificates from December this year, businesses should think carefully about how to proceed.

“One of the important parts of the SSL ecosystem is trust. If a certificate authority neglects to properly verify the legal existence and identity of an entity before issuing SSL certificates for domains, as Symantec has been accused of doing, this breaks the chain of trust,” she says.

Serious concern
For Jon Tullett, IDC’s research manager for IT services for Africa, SSL certificates are absolutely fundamental to modern Internet security. “They’re far from perfect – as this incident shows – but they are used to secure a tremendous amount of online activity.”

He explains that when a browser like Chrome removes a certificate, users will get a warning before they visit a site which uses that certificate to validate its identity.

“Google’s Chrome team has indicated serious concerns with a large number of the certificates in question, prompting this action, so it’s likely quite a number of sites and services may be affected – many thousands, potentially,” says Tullett.

Meanwhile, Manuel Corregedor, COO of information security company Telspace Systems, says digital certificates allow for the communication between the user’s machine and the Web site (server) to be encrypted.
“This makes it difficult for an attacker to intercept communications between the user’s computer and/or to masquerade as the authentic Web site.”

He notes organisations will have to replace their certificates or face potential reputational or financial harm.
“However, this is easier said than done especially for organisations that make use of certificates on devices or terminals that are hard to get to. In such cases, organisations will find it very difficult to update the certificates before the imposed deadline by Google,” says Corregedor.

By Admire Moyo for ITWeb

Google goes down

Google scrambled to fix an issue which caused its search engine, YouTube, Gmail and Drive to crash on Tuesday night.

The tech giant posted updates to say issues on each of its products have been resolved on the G Suite Status Dashboard.

“We apologise for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better,” the company said as an update to each of the affected products.

Gmail, YouTube, Drive, Google Maps and other services were reported to have experienced issues around the world.

South Africans also experienced problems, with 176 issues reported on the local DownDetector from 18:00 on Tuesday evening.

Other DownDetectors from around the world reported issues from around the same time.

Google said all services have since been restored, but had not indicated what had caused the problem in the first place.

By Kyle Venktess for Fin24

Google Chrome to block video ads

Google has developed a tool that lets you permanently mute Web sites that automatically play videos with sound.

It’s an extremely irritating problem, and the new option will be welcomed by the majority of internet users.

Videos – often ads – that play with sound can be distracting, especially if you’re trying to watch or listen to something at the time.

To turn one off, you usually need to stop what you’re doing, figure out which background tab it’s playing from and then scroll down the page to actually find it.

Google is only experimenting with the feature right now, according to Chromium evangelist François Beaufort, so it’s not currently available to Chrome users.

“This will give you more control about which website is allowed to throw sound at you automatically,” he said in a Google+ post.

You can, however, try it out in Chrome Canary, an experimental and unstable version of the browser.

By Aatif Sulleyman for The Independent 

The “Google Effect”, which is the impact on our memory of being able to find information online, has extended to include important personal information and mobile devices. A new study by Kaspersky Lab reveals that the majority of connected consumers across Europe can’t recall critical phone numbers from memory, including those of their children (53%), children’s schools (90%) and place of work (51%). Around a third could not remember their partner’s number – yet just four in 10 have forgotten their home phone numbers from when they were aged 10 to 15.

Continue reading

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top