4 min read

ICYMI: June 29 - July 5

ICYMI: June 29 - July 5

ICYMI is posted every Monday recapping privacy news over the last week from around the web.

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

Technologies that Apple declined to include in Safari because of user fingerprinting concerns include:
Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices.
Web MIDI API  - Allows websites to enumerate, manipulate and access MIDI devices.
Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor.
Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader.
Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes.
Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes
Battery Status API - Allows websites to receive information about the battery status of the hosting device.
Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices.
Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors.
HDCP Policy Check extension for EME - Allows websites to check for HDCP policies, used in media streaming/playback.
Proximity Sensor - Allows websites to retrieve data about the distance between a device and an object, as measured by a proximity sensor.
WebHID - Allows websites to retrieve information about locally connected Human Interface Device (HID) devices.
Serial API - Allows websites to write and read data from serial interfaces, used by devices such as microcontrollers, 3D printers, and othes.
Web USB - Lets websites communicate with devices via USB (Universal Serial Bus).
Geolocation Sensor (background geolocation) - A more modern version of the older Geolocation API that lets websites access geolocation data.
User Idle Detection - Lets website know when a user is idle.
The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform.

Good on them.

LinkedIn and Reddit Are The Latest Apps Found to be Snooping On Your Clipboards

LinkedIn users reported the snitching on social media, which consists of the LinkedIn app copying the contents of users’ clipboards with every keystroke. iOS 14, which is still in beta, notifies users when this happens with a banner alert. Apparently, iOS 14 found that the LinkedIn app was copying clipboard contents for seemingly no reason from multiple devices.
A LinkedIn spokesperson told ZDNET that this was due to a bug in the company’s iOS app and not intended behavior.
Reddit’s snooping was also reported by users using the iOS 14 beta and shared on social media. A Reddit spokesperson told the Verge that it does not store or send the content, adding that it was releasing a fix today.

This isn't a bug.  Code doesn't just copy and/or read clipboard content by accident.  A dev had to create the code, someone had to test and QA it, someone had to approve it, and someone had to release it to the masses.  This could have been prevented at any point in time but wasn't

TikTok and 32 other iOS apps still snoop your sensitive clipboard data

In all, the researchers found the following iOS apps were reading users’ clipboard data every time the app was opened with no clear reason for doing so:
App Name — BundleID
ABC News — com.abcnews.ABCNews
Al Jazeera English — ajenglishiphone
CBC News — ca.cbc.CBCNews
CBS News — com.H443NM7F8H.CBSNews
CNBC — com.nbcuni.cnbc.cnbcrtipad
Fox News — com.foxnews.foxnews
News Break — com.particlenews.newsbreak
New York Times — com.nytimes.NYTimes
NPR — org.npr.nprnews
ntv Nachrichten — de.n-tv.n-tvmobil
Reuters — com.thomsonreuters.Reuters
Russia Today — com.rt.RTNewsEnglish
Stern Nachrichten — de.grunerundjahr.sternneu
The Economist — com.economist.lamarr
The Huffington Post — com.huffingtonpost.HuffingtonPost
The Wall Street Journal — com.dowjones.WSJ.ipad
Vice News — com.vice.news.VICE-News
8 Ball Pool™ — com.miniclip.8ballpoolmult
AMAZE!!! — com.amaze.game
Bejeweled — com.ea.ios.bejeweledskies
Block Puzzle —Game.BlockPuzzle
Classic Bejeweled — com.popcap.ios.Bej3
Classic Bejeweled HD —com.popcap.ios.Bej3HD
FlipTheGun — com.playgendary.flipgun
Fruit Ninja — com.halfbrick.FruitNinjaLite
Golfmasters — com.playgendary.sportmasterstwo
Letter Soup — com.candywriter.apollo7
Love Nikki — com.elex.nikki
My Emma — com.crazylabs.myemma
Plants vs. Zombies™ Heroes — com.ea.ios.pvzheroes
Pooking – Billiards City — com.pool.club.billiards.city
PUBG Mobile — com.tencent.ig
Tomb of the Mask — com.happymagenta.fromcore
Tomb of the Mask: Color — com.happymagenta.totm2
Total Party Kill — com.adventureislands.totalpartykill
Watermarbling — com.hydro.dipping
Social Networking
TikTok — com.zhiliaoapp.musically
ToTalk — totalk.gofeiyu.com
Tok — com.SimpleDate.Tok
Truecaller — com.truesoftware.TrueCallerOther
Viber — com.viber
Weibo — com.sina.weibo
Zoosk — com.zoosk.Zoosk
10% Happier: Meditation —com.changecollective.tenpercenthappier
5-0 Radio Police Scanner — com.smartestapple.50radiofree
Accuweather — com.yourcompany.TestWithCustomTabs
AliExpress Shopping App — com.alibaba.iAliexpress
Bed Bath & Beyond — com.digby.bedbathbeyond
Dazn — com.dazn.theApp
Hotels.com — com.hotels.HotelsNearMe
Hotel Tonight — com.hoteltonight.prod
Overstock — com.overstock.app
Pigment – Adult Coloring Book — com.pixite.pigment
Recolor Coloring Book to Color — com.sumoing.ReColor
Sky Ticket — de.sky.skyonline
The Weather Network — com.theweathernetwork.weathereyeiphone

We name and shame around here.  This isn't anywhere near an exhaustive list either but boy, so weird that so many different companies and devs are experiencing the same "bug".