3 min read

ICYMI: Aug 3 - Aug 9

ICYMI: Aug 3 - Aug 9

ICYMI is posted every Monday recapping privacy news over the last week from around the web.

Video Calls Are on the Horizon

For the past few weeks, the participants of our beta program have put video calls to the test. Starting next week, all Threema users will be able to make video calls without having to worry about their privacy. Stay tuned!

Great news for one of the best private communications applications out there.

Wickr caught sending metadata to Google and Microsoft servers

Original discussion starts 28:10 and a follow up (very short) discussion episode here.  Basically, Wickr was caught sending metadata to Google and Microsoft servers and when pressed for answers, Wickr stopped replying.  

As of now, if you're looking for a new messenger, Wickr isn't the right choice.  If you're currently using it, the messaging aspects didn't change.  It's still end to end encrypted and you can still register anonymously, so it's not as if the messenger fell apart.  Ultimately, you'll have to decide if it's worth continuing to use knowing they send some metadata to Google and Microsoft and won't provide any answers about it.

If you're looking for a new option, check them out here.

Google accidentally enables Home smart speakers to listen in to everyday house sounds

This is not the first time Google has activated a microphone feature its customers did not know about. In 2019, the company installed hidden microphones in its Nest Secure alarm system, but the addition had been left off the box and the product’s web page because of an “error”.

Google said the addition was “never intended to be a secret“, but users only realised the company could have been potentially listening to users until Google announced an update that would allow it to use Google Assistant.


U.S. Government Contractor Embedded Software in Apps to Track Phones

A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, according to interviews and documents reviewed by The Wall Street Journal.

Anomaly Six LLC a Virginia-based company founded by two U.S. military veterans with a background in intelligence, said in marketing material it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that is embedded directly in some of the apps. An SDK allows the company to obtain the phone’s location if consumers have allowed the app containing the software to access the phone’s GPS coordinates.

This is why we should always disable GPS and location services for any and all applications.

Limiting Location Data Exposure - PDF

Mobile devices store and share device geolocation data by design. This data is essential to device communications and provides features—such as mapping applications—that users consider indispensable. Mobile devices determine location through any combination of Global Positioning System (GPS) and wireless signals (e.g., cellular, wireless (Wi-Fi®), or Bluetooth®(BT)). Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.

Mitigations reduce, but do noteliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance. When location exposure could be detrimental to a mission, users should prioritize mission risk and apply location tracking mitigations to the greatest extent possible. While the guidance in this document may be useful to a wide range of users, itis intended primarily for NSS/DoD system users.

Tips and information from the NSA (National Security Agency) about protecting your location data. Some might be cautious since this is from a US government entity but the tips/information are sound, if not fairly basic.