ICYMI is posted every Monday recapping privacy news over the last week from around the web.
TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found.
The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn’t disclosed to TikTok users. TikTok ended the practice in November, the Journal’s testing showed.
[...] TikTok collected MAC addresses for at least 15 months, ending with an update released Nov. 18 of last year, as ByteDance was falling under intense scrutiny in Washington, the Journal’s testing showed.
TikTok bundled the MAC address with other device data and sent it to ByteDance when the app was first installed and opened on a new device. That bundle also included the device’s advertising ID, a 32-digit number intended to allow advertisers to track consumer behavior while giving the user some measure of anonymity and control over their information.
MAC addresses can't be reset or changed and the only way to get a new one is to get an entirely new phone or device. This isn't new behavior, however, as many apps collect this kind of data. Not just the big players like Google, Facebook, and Twitter (who do collect this kind of information) but smaller, no name apps as well.
Independent security researcher Saugat Pokharel found that when he downloaded his data from Instagram, a feature it launched in 2018 to comply with new European data rules, his downloaded data contained photos and private messages with other users that he had previously deleted.
[...] But Pokharel found that his ostensibly deleted data from more than a year ago was still stored on Instagram’s servers, and could be downloaded using the company’s data download tool.
Ain't that the darnedest thing. Another "bug"
Since video calls contain personally identifiable information of the purest form, they are particularly worthy of protection. As is to be expected, Threema’s video calls are designed from the ground up with security and privacy in mind. Not only the transmitted data but also signaling is fully end-to-end encrypted, and before a call is accepted, no data is transmitted.
When it comes to metadata, video calls also meet Threema’s rigorous standard. In order to ensure full end-to-end encryption of all metadata (including real-time metadata, such as camera orientation), our team had to make corrections to the widely used base technology “WebRTC.” This security improvement will be incorporated into the WebRTC project, meaning that countless other communication services benefit from our patch in the future.
Technical details concerning the security aspects of Threema’s video calls are documented in the Cryptography Whitepaper.
With this addition, Threema is tough to beat when looking for a fully featured communication app
2020 highlighted the need for face-to-face communication, and our alpha version of video calls is now available on both Android and iOS. You can start a video call from your contact's profile page, and switch video on or off at any time during voice calls. Like all other video content on Telegram, video calls support picture-in-picture mode, allowing you to scroll through chats and multitask while maintaining eye contact.
All video calls are protected with end-to-end encryption. To confirm your connection, compare the four emoji shown on-screen for you and your chat partner – if they match, your call is 100% secured by time-tested encryption also used in Telegram's Secret Chats and Voice Calls. You can find more details on this page.
And some good news for Telegram users
Technology that tracks consumer behaviour will be integrated with thousands of billboards and bus shelters around Europe next month as the world’s second-biggest outdoor advertising group bets on its digital rehabilitation post-coronavirus.
[...] Asked what insights are possible, he said: “We would be able to see — and remember, this is very well anonymised — we can follow your movement to a store. We can follow what you purchase. And yes, we can look at your viewing habits that evening if you pass an ad for a Netflix show.”
Want to join the discussion? Check out this post, and others, over at the CupWire subreddit and leave a comment.