The death of tin foil? New anti-facial recognition tech set to launch in 2016

Security, security, security.

I love it, you need it, many people are talking about it. I could talk about it all the time.

But in this day and age there is another important topic coming up on the rails: privacy.

Prior to, but especially since, Edward Snowden came onto the scene, people have become increasingly aware of how their privacy is being invaded, both online and off.

I’m sure you’re all aware of the online issues – the actions of the NSA, GCHQ, et al., have been widely publicised – but what about in real, every day life?

Have you seen the roadside cameras designed to ‘improve safety’ by flinging fines at every speeding motorist? Or the CCTV cameras in your local shopping centre? Do you realise the UK has the most video surveillance per capita anywhere in the world?

If so, you may have already taken precautions. After all, the solution has been around for over a century:

tin foil

But if you’re slow to the party, then a new piece of tech may be of interest.

Designed by the National Institute of Informatics (NII) in Japan, Privacy Visor is for the discerning customer who cares about their civil liberties.

Equipped with special lenses, the £240 visor reflects and absorbs light in a way that thwarts security cameras which would otherwise engage facial recognition tactics to id the wearer.

Due to go on general sale next year, researchers suggest it is effective around 90% of the time.

IT World quotes NII researcher Isao Echizen who thinks the new device is rather nifty:

This is a way to prevent privacy invasion through the many image sensors in smartphones and other devices that can unintentionally photograph people in the background.

Speaking to The Wall Street Journal, Echizen gave a bit more detail as to why he thinks Privacy Visor could be the must-have gadget of next year, explaining how “We are often told not to unveil our personal information to others, but our faces are also a type of an ID. There should be a way to protect that”.

The latest device is a successor to prototypes first mooted back in 2012 which utilised 11 LED lights which could prevent facial recognition tech from identifying that a subject was even a person.

That early iteration ultimately proved to be unwieldy though, not to mention garish, and so the new, far more sylish model was born.

Whether it proves to be popular among privacy advocates or as derided as Google’s antithesis – Glass – remains to be seen.

So, will you be buying a pair for yourself, or perhaps as a present for the man who has to have every new gadget?

Or will you stick with the old tin foil?

Toshiba Working On “Unbreakable” Encryption Tech

Asian tech firm Toshiba Corp, has grand plans for encryption – it wants to make it completely unbreakable.

The ambitious plan, which Toshiba hopes will come to fruition by 2020, will attempt to address the issue of transferring encryption keys securely in a world where even mail carriers could be engaging in espionage.

The key to Toshiba’s system is a quantum-cryptography system that will make use of photons – light particles – that will be deliverable via custom-made fiber optic cable. No internet required.

According to the Wall Street Journal,

Due to the nature of the particles, any interception or wiretapping activities on the cable would change the form of data, making any spying attempts detectable. And the one-time key would be the same size as the encrypted data, meaning there will be no repeated use of the pattern, which would make decoding without the correct key impossible, analysts say.

The company, which is better known for its TVs, laptops and computer components, will test its new quantum-cryptography system for a period of two years. If it proves to be successful, we could expect to see the company take it to market in ten to twenty years which, beyond being a long way into the future, is also a huge pita for anyone looking for an alternative to RSA and ElGamal encryptions.

Currently able to transmit photons at a distance of 100 km without a repeater, Toshiba’s experts will take the system out of its own labs and into Japan’s Tohoku University in August for further testing.

Whether the new system will prove to be the silver bullet we’re all looking for remains to be seen – as Tripwire’s Ken Westin says:

It is great to see new innovations and research focused on better methods of encrypting data, however when I hear “unbreakable encryption” or “100% secure” I immediately think of the Titanic. Making such claims in the world of security, particularly when it involves new technology is getting a bit ahead of ourselves, particularly when it will not be deployed for another decade. A component of security that is often overlooked which is critical to adoption of new security technology is usability and actual adoption of the technology.

Not only that, Toshiba also has to contend with domestic competition from NEC Corp. and other non-Japanese firms who are also looking into new types of encryption technology. Add the fact that development of such tech doesn’t come cheaply – the WSJ says Toshiba’s servers cost $81,000 a pop – and technical issues such as heat and vibration caused by far-travelling protons, and it’s hard to see the company’s dream of providing “perfect” encryption to everyone becoming a reality any time soon.

And talking of perfect, there are no guarantees that Toshiba’s system will deliver that promise either with Westin saying:

Even if new technologies are able to completely ensure the encryption of data in transit, this does not ensure that the data is encrypted at rest, so many of the challenges with securing data we see today could still exist. We will see a lot can changes over the next ten years and it’s hard to know how effective newer encryption technologies will be when they are deployed.

But what if a completely unbreakable form of encryption was developed?

How would the various governments of the world react? Do you think they’d be pleased? :-)

Twitter Ye Not – Microblogging Site Blamed For ‘Endangering National Security’

Over the weekend one of the biggest stories surrounded the Sunday Times article about Edward Snowden and how his actions may have placed US and UK spies’ lives in danger. With every source for that article hiding behind the cloak of anonymity, it has been widely trashed by the security community. And probably rightly so.

But what the story did do was detract from something else of interest – a piece in the Telegraph about how one of Britain’s top cops has suggested Twitter could be ‘endangering national security’ by tipping off users who may be under surveillance.

On the back of the news that Twitter blocks two-thirds of the UK government’s requests for information, Sir Hugh Orde, former president of the Association of Chief Police Officers and Northern Ireland chief constable, said the approach of Twitter and other tech firms “needs to be addressed”.

Prime Minister David Cameron, who favours the abolition of encryption, also waded in, suggesting that social media companies have a responsibility to the safety of the British public which could only be honoured by handing over terrorism-related data whenever asked for.

Responding to a report by the government’s independent reviewer of terror laws, which claimed Twitter and others had alerted terror suspects that they were being monitored by the authorities, Orde said:

Clearly this needs to be addressed. It’s a statement of the blindingly obvious that this is endangering national security. Anyone who thinks it’s sensible to compromise investigations is acting in an extremely irresponsible way. It certainly needs to be looked at.

Adding to the wave of condemnation, Professor Anthony Glees, from the University of Buckingham’s Centre for Security and Intelligence Studies, said Twitter’s behaviour was “deeply offensive” and driven by profit:

The implication is that Twitter views itself as neutral in the fight for a decent and safe society. The people who use Twitter will be horrified. It shows the depths to which people who make money out of the lack of regulation on the internet are prepared to go.

So, I guess the question is, just how horrified are you?

Are you horrified that Twitter and other social networks don’t simply hand all of your data over to the authorities whenever they click their fingers?

Maybe you are horrified at the thought of Twitter informing people – who have not been convicted of any crime – that they are being spied upon?

Perhaps you are horrified that two online newspapers have run ‘scary’ stories within days of each other?

Or are you just horrified that the government and other authoritive figures don’t have a grasp on topics such as privacy and how the internet works as they continue to promote “The Snooper’s Charter” as the solution to a problem arguably of their own making?

Privacy And Porn Faux Pas Leaves ‘Earl Grey’ Choking On His Tea

We here at SecurityWatch believe security is important. Very important.

But, as we’ve often said, technical security can often amount to nothing when human nature gets added into the mix.

And yesterday Ars Technica provided a fine example of what we mean.

Those of you with good memories, or an interest in the certain corners of the web, may well remember how the FBI nabbed Megaupload.com off of Kim Dotcom.

The agency subsequently lauded their new acquisition by proudly redirecting fans of the site to another page under their control, complete with a lovely bureau banner.

Megaupload

All good things come to an end though, and that includes the registration of the Megaupload.com domain.

Normally a business owner, or dedicated member of staff, would be highly alert to such a happenstance – after all, most hosts are hardly bashful when it comes to sending reminders out – but, in this case, something went wrong and the domain was put up for auction by GoDaddy.

Enter a British ex-pat adorned with a suitably nationalistic name: Earl Grey.

A self-styled “black hat SEO marketer,” Earl Grey swiped the domain up, presumably hoping to profit from the undoubted popularity and brand awareness it still carries, not to mention traffic.

As senior GoDaddy security architect Scott Gerlach says:

Once the domain is transferred, DNS records don’t move with domain. The new domain holder could have scraped all the DNS records, and then recreated them and monkeyed with the ones he wanted to change. He would have had to recreate all the entries; there are some tools out there that allow you to guess DNS entries and scrape the info. He would have had to know what he was doing to make it happen—it’s not technically easy to do, but doable.

Irrespective of what actually happened – and I don’t think anyone other than Earl Grey and GoDaddy have any answers right now – the Megaupload.com domain ultimately ended up serving “porn, drugs, malware & ad scams,” according to Kim Dotcom.

Imagine if that was your corporate website?

The amount of security in place would be largely irrelevant if someone let the domain name expire and, hence, end up under someone else’s control, wouldn’t it?

But there is a twist in this tale for Earl Grey.

No matter what he may or may not have done with the Megaupload domain he did, in many respects, become a victim himself.

A week after the domain expired the FBI finally realised and contacted GoDaddy. Gerlach explained that:

We got a notice of an ongoing criminal investigation regarding malware distribution, which lead to a Terms of Service violation and domain suspension.

Which basically means that the domain was frozen. I’m not sure whether that means Earl Grey will be entitled to a refund on the purchase price but one thing that’s for sure is that the purchase cost him his privacy.

As many website owners do, he blocked his contact details from appearing via a Whois lookup which is a sensible and advisable course of action to take.

Unfortunately, however, the suspension of the domain also took away his Domains By Proxy coverage, revealing all manner of personal info to anyone who cared to look for it.

Not that we needed such a disaster to befall him to find out that he lives in sunnier climes – Earl Grey likes to tweet you see, often talking about his taste in food, but also occasionally requesting assistance in the form of “an english person to be a cook/maid for a few hours a day in Marbella Center”.

I guess he didn’t value his privacy that much then, even though he does feel quite strongly about it (” I feel like I have been raped by @godaddy over my privacy. I empathize with women and men who have been raped. Violated.”)

So, what can we learn here?

There’s a few lessons, the first of which is that privacy and security issues are more often than not caused by the action/inaction of people rather than shortfalls in technology.

Secondly, if you own a website be on the lookout for domain renewal notices or at least be aware of when your registration expires – it’s no good securing a website if you let it slip out of your control.

Thirdly, are you aware of what your website is serving to visitors? I’ve seen many a derelict site that is packed full of junk and malware and the same can be said for current sites that get attacked – how often are you checking the integrity of yours?

Lastly, what are you doing to ensure your privacy? Are you hiding your contact details from the general web populace? Are members of your team then undermining that by saying too much on social media?

Food for thought, eh?

As The Coalition Government Ends, What Next For Your Privacy?

Phew!

It’s over.

After what seems like months, the election is finally over and done with and we don’t need to worry about politics again for another 5 years.

Or do we?

Well, as the dust begins to settle, some within the heart of British politics have already set their minds toward policy and, irrespective of your allegiances, that means change.

One of the key policies that was mooted last night, long before the result was known, was the Snoopers’ Charter – a plan to increase the British government’s surveillance powers – that had hitherto been thwarted by the Conservative Party’s coalition partners.

Theresa May, the Home Secretary, raised the controversial legislation during an interview with the BBC last night and, now that her party has secured a majority mandate, she seems keen to finally realise her ambition of pushing the Draft Communications Data Bill through The House of Commons.

Should the proposal now secure the support it requires to become law, it will see British internet service providers forced to store massive amounts of data on their customers and to make it available to the government and its security services upon request.

The bill, which was blocked by the Liberal Democrats in 2014, has received a huge amount of criticism from security experts and civil liberties groups alike.

Given the new distribution of MPs after last night’s election, it seems likely that the bill will now find its way into law though.

Should that prove to be so, it will be interesting to see what the government’s next move is, especially given how David Cameron has previously hinted that re-election would see him seek additional powers.

Back in January, he demonstrated what many would argue was a complete lack of understanding about encryption, as he suggested there should be no form of communication that the security services should not be able to read.

His comments at the time were taken to mean that encryption could be outlawed altogether, or at the very least highly regulated, leading to concerns among British businesses who immediately felt at risk, and security professionals and privacy advocates who collectively shuddered at the though of what it may mean for the average user.

Hopefully any further ideas thought up by politicians, whatever party they may be associated with, will be better thought out, especially given how we heard only yesterday that the US appears to be moving in the opposite direction to the UK as a federal appeals court ruled the NSA’s bulk data collection program to be illegal.

We’ve also seen Germany’s surveillance agency BND caught in cahoots with the NSA – a revelation that led to a massive drop in popularity for Chancellor Angela Merkel.

Where we go next with privacy in the UK is anyone’s guess right now but what is for sure is that we now live in a world where the topic of civil liberties is becoming more widely discussed and understood (unless you’re a politician, or so it seems) which cannot be a bad thing (we like the thought of awareness here).

We live in interesting times. Let’s hope that’s not a curse.

Privacy – by Design?

This is our first blog of 2015 and we’d like to wish all the readers of SecurityWatch a very Happy New Year!

So what are the predictions for cybersecurity issues this year?! More open source software bugs, vulnerabilities in mobile payment systems, IoT attacks…etc. Apart from these issues, there is one global concern which is ongoing and undoubtedly growing – PRIVACY.Privacy Image

Surveillance issues are at the forefront due to rising terrorist activities. Such activities that could be potential threats to a nation or it’s people, compel governments (or as claimed so by them) to keep a close eye on all activity over the wire within their remit.

Not long ago, such operations were conducted covertly. But the NSA and GCHQ revelations by Edward Snowden starting June 2013, were an eye-opener for many. An international survey on Internet security and trust reported that, of ‘23,376 Internet users in 24 countries reported that 60% of Internet users have heard of Edward Snowden, and 39% of those ‘have taken steps to protect their online privacy and security as a result of his revelations’ which is considerable number.

Recently UK’s prime minister announced that, if elected again, he would block chat messengers that support end-to-end encryption (such as WhatsApp, iMessage, Telegram, Cyberdust, etc.), as part of his plans for new surveillance powers announced in the wake of the Charlie Hebdo shootings in Paris. Seems like the onus is now on the citizens to assist the governments by sacrificing their privacy as opposed to the them putting in more resources to tackle terrorist threats.

And it isn’t just the governments ready to put their hands on any kind of personal information available over the wire, there are other actors involved as well. Cyber theft is escalating and information is being sold on the deep web or darknet for financial gain. Moreover, companies monitor user activity more than ever before to keep track of users and their activities to boost sales.

Such growing interest in personal information for malicious purposes compels us to think more and more about protecting our privacy online in the internet era. This Hindi proverb, in my view, explains it well –

“Shaadi laddoo motichoor ka, jo khaaye pachtaye, jo na khaaye pachtaye”

Which means – Marriage is like a delicious tempting sweet, the one who consumes it suffers as well as the one who doesn’t (unless you absolutely hate sweets)! Which is entirely true if we substitute Internet in place of Marriage in this case. Anyone using the internet needs to be cautious and must take proactive measures to protect their privacy if they want to have a good relationship with it!

There are already complaints being lodged and measures being taken to strengthen the privacy regulations in Europe. Among them is the “Right to be Forgotten” Ruling (C-131/12) that states a search engine will have to delete information, along with the links when it receives a specific request from a person affected.

Some users of the internet, especially the younger generation, might relate to privacy as only changing their twitter or Facebook settings to restrict feeds and pictures to contacts.

However, privacy is more than that.

“Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite.” – Marlon Brando

Privacy is a fundamental human right. This is acknowledged by Article 8 of the European Convention on Human Rights, which provides a right to respect for one’s “private and family life, his home and his correspondence”. The Charter of Fundamental Rights of the European Union and Universal Declaration of Human Rights have similar sections on privacy protection.

However, not every fundamental right that a citizen possesses is set out in a country’s constitution. For example, in Ireland, the Constitution does not specifically state a right to privacy but the courts recognize that the personal rights in the constitution imply the right to privacy.

Privacy is an integral element of democratic societies and this applies to the digital world as well. Digital technologies may be designed to protect privacy. Since the 1980s technologies with embedded privacy features have been proposed. During that time, deploying Privacy Enhancing Technologies (PETs) (e.g. encryption, protocols for anonymous communications, attribute based credentials and private search of databases) was seen as the solution as opposed to embedding of privacy into the design of technology. However, apart from a few exceptions such as encryption, PETs haven’t really become a standard or a widely used component in system design.

Most of us may have heard about the relatively newer concept of Privacy by Design (PbD) which has been around for a few years now. It was developed by the former Information and Privacy Commissioner of Ontario, Dr. Ann Cavoukian, back in the 90’s. Dr. Ann argued that “the future of privacy cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation.”

Privacy by Design is believed to be accomplished by practicing its 7 Foundational Principles which have been have been translated into over 30 languages.

  1. Proactive not Reactive; Preventative not Remedial
  2. Privacy as the Default Setting
  3. Privacy Embedded into Design
  4. Full Functionality – Positive-Sum, not Zero-Sum
  5. End-to-End Security – Full Lifecycle Protection
  6. Visibility and Transparency – Keep it Open
  7. Respect for User Privacy – Keep it User-Centric

Privacy is a challenging subject that covers a number of domains, including law, policy and technology. Some believe that the concept of Privacy by Design is too vague and since it does not focus on the role of the actual data holder, but on that of the system designer, it is not applicable in the privacy law.

Despite the criticism, Privacy by Design has been globally recognized and adopted. The U.S. Federal Trade Commission recognized Privacy by Design in 2012 as one of its three recommended practices for protecting online privacy. In addition, a variation of the concept, known as ‘Data protection by Design’ has been incorporated into the European Commission plans to unify data protection within the European Union with a single law – the General Data Protection Regulation. The variation apparently goes beyond mere technical solutions and addresses organisational procedures and business models as well. However, since the proposal does not explicitly define or give references for definitions of either data protection by design or privacy by design, the precise meaning of these concepts is nebulous.

In an effort to encourage adoption and implementation of privacy by design and, provide guidance on privacy engineering practices, several bodies have taken initiatives.

European Commission

In January 2012 the European Commission proposed a regulation on data protection that will replace the existing Data Protection Directive. The proposal for the new regulation in general associates the requirements for data protection by design and data protection by default with data security and contains specific provisions relevant to Privacy by Design and by Default.

European Union Agency for Network and Information Security (ENISA)

In December 2014, European Union Agency for Network and Information Security (ENISA) published a report to elaborate on how privacy by design can be implemented with the help of engineering methods. According to the ENISA report-

“The principle “Privacy/Data Protection by design” is based on the insight that building in privacy features from the beginning of the design process is preferable over the attempt to adapt a product or service at a later stage. The involvement in the design process supports the consideration of the full life-cycle of the data and its usage.”

The report is intended for data protection authorities, policy makers, regulators, engineers and researchers. It discusses the notion of a privacy design strategy, and how it differs from both a design pattern and a PET. Moreover, the report briefly summarizes the eight privacy design strategies as derived by Hoepman from the legal principles underlying data protection legislation for both data and processes. It also provides a list of privacy implementation techniques.

The report identifies and highlights some limitations of privacy by design too. The predominant ones are – fragility of privacy properties if two systems are combined or one embedded in the other, absence of a general and intuitive metric that allows comparing two systems with the same or similar functionality with respect to a set of privacy properties, increased complexity and reduced utility of the resulting system and different interpretations of privacy by design.

National Institute of Standards and Technology (NIST)

A similar initiative is underway by NIST as well, called the Privacy Engineering initiative which focuses onproviding standards-based tools and privacy engineering practices to help evaluate the privacy posture of existing systems, enable the creation of new systems that mitigate the risk of privacy harm and, address privacy risks in a measurable way within an organization’s overall risk management process. The organization published a draft last year in April – NIST Privacy Engineering Objectives and Risk Model Discussion in which a definition for Privacy engineering was proposed –

“..a collection of methods to support the mitigation of risks to individuals of loss of self-determination, loss of trust, discrimination and economic loss by providing predictability, manageability, and confidentiality of personal information within information systems.”

However, as per our knowledge, this is not the final accepted definition and a meeting to update the draft will be held in February 2015.

Although the requirement for such initiatives was long due, these standards, regulations and guidelines can only take us so far when it comes to protecting our privacy in times of these technological transformations and rising cyber security threats. Nevertheless, using the right means with the right technology and embedding privacy and data protection in the way we design/build solutions could certainly facilitate the protection of our user identities in this crazy world of the internet

Stay Safe!

Just Given Up Your Eldest Child For Free WiFi? Perhaps I Can Interest You In This Tech Preview?

‘Ello guv’nor, I heard you sold your kid for WiFi. Perhaps I could interest you in another good deal? It’s called tech for privacy and I know you’re gonna luv it.

Having decided to pass on the logical numbering of the next rendition of Windows, Microsoft’s new operating system will be called Windows 10.

In a move many see as an attempt to put the memory of the not-so-popular Windows 8 behind it, the company is all steam ahead as it marches toward the inevitable retail release of its replacement.

In the meantime, however, early adopters can grab a technical preview to see how Redmond has accommodated Start button-loving fans of its arguably much better Windows 7.

Being one of the first people to get your hands on a new operating system may sound pretty cool but that will only be the case if you read the privacy policy first (something you should always do before installing new software).

Why?

Because Microsoft sharing the tech preview with you is a reciprocal agreement which sees your data travel back in the opposite direction.

Specifically, the Windows Insider Programme policy says,

“Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.”

While the sheer volume of collectible data is staggering and far beyond what I for one would be happy to give up if I had a choice, it is standard fare these days, mores the pity.

More disconcerting though are these two following entries:

“We may collect information about your device and applications and use it for purposes such as determining or improving compatibility” and “use voice input features like speech-to-text, we may collect voice information and use it for purposes such as improving speech processing.”

and

“If you open a file, we may collect information about the file, the application used to open the file, and how long it takes any use [of] it for purposes such as improving performance, or [if you] enter text, we may collect typed characters, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features.”

Did that sink in?

If not read it again and you will see that signing up for the Windows 10 preview will see you giving Microsoft permission to both record your voice and, specifically what you say, and to collect everything you type on your keyboard.

In other words, you will be voluntarily installing voice and keyloggers onto any system running this version of Windows.

Ouch!

There is no word on whether the privacy policy will be similarly worded when bundled with the final version and I suspect, and hope, that it won’t – I’d like to think that Microsoft is merely gathering so much data to help it make improvements to the new operating system before its retail release.

But there are no guarantees of anything these days, especially where technology is concerned and, likewise it seems, in the realm of data gathering.

So, my advice, is to research Windows 10 thoroughly upon its general release and to check out its privacy policy in its entirety before letting it anywhere near any of your devices.

Alas, most people will not do so though. After all, the latest tech is often so enticing that people will do the craziest things to get on the bandwagon.

Is It Worth Sacrificing Privacy For A Bit Of Geeky Self-Quackery?

Wearable tech. It’s all the rage don’t you know.

From glassholes (not you Neira, you’re cool) to joggers with glorified digital watches, people everywhere are getting excited about the next big thing in what I would describe as self-eroding privacy.

Whilst Google Glass owners may be in short supply, possibly put off by the cost, the number of people owning health and fitness gizmos seems to be on the rise, aided and abetted by other cool-to-have devices such as the newly released iPhone chunky that can help tap into all that data.

In some ways I can see why the ability to monitor fitness metrics could be quite enticing, allowing users to set their own goals and to motivate themselves through self-stretching of targets or via competition with others.

That said however, some performance measurements can lead to disappointment if you start getting into e-competition with other people who may have published their own results online, either intentionally or inadvertently (yes lads, two minutes of moderate exertion is pretty lame, or at least that’s what she said).

And that’s the problem you see – some health, wellness and fitness data should remain private from your family and even the lads or ladies down the pub. And I’m not just talking about the obvious faux pas linked to above either – other data really shouldn’t be common knowledge in my opinion, or at least not so common that it appears on the web.

Comparing heartbeats and other metrics at the gym could be a good thing but sharing such data with a mechanism that is easily scoured and mined by who knows who is not so good is it? I mean, would you want your insurance company to know that you are a 30-year-old with the fitness level of a pensioner? It’s ok, I know it’s not your fault, it’s all that sitting at a desk and the pizzas, well, they’re just too nice. But what would an underwriter think? Higher premiums perhaps? I don’t see why not.

After all, who are you sharing that data with? Do you even know? Has the app developer made it clear during the signup and installation routine? Did you even bother reading all that gumpf when you downloaded it?

Does the app developer have a social networking aspect where you can share and compare data? Who has access to what? Is the data made public such as in the example above where ‘performance’ data appeared in Google search results? Are data-storing websites secure? Does your smartwatch company sell your data to third parties or share it with them?

So many questions, all of which could have a huge impact on your privacy.

And just what benefits are you getting any way?

Is your health improving? Will a wearable make you fitter? Surely self-motivation is key, not technology.

And what does your doctor make of all this data you are producing about your health? Not much, to be honest. In fact a new survey of physicians here in the UK highlights a potential problem with the new army of high-tech health buffs – many are self-diagnosing but they’re not very good at it.

In fact, less than 5% of doctors thought that health apps and websites offered any kind of value as patients start taking it upon themselves to figure out their own health and fitness routines or even research their own perceived medical conditions.

Heaven forbid that someone would take the advice of a watch over their GP but I guess its happening already and will only become more commonplace in the future.

In case you haven’t guessed already, I don’t like wearable tech. It’s too invasive by nature and the data it produces is arguably not secure or private enough by default, nevermind should someone ever decide to target it. And it’s usefulness? For some people such devices could be invaluable in enhancing their training routines but then I would guess such people would probably do ok without it anyway. For everyone else? What do you think?

Facebook’s Exploding Posts: Mission Impossible vs. Robin Of Sherwood

This Facebook post will self-destruct in 5 seconds.

Well, ok, maybe not 5 seconds. But your latest Facebook post could soon be gone in a timescale chosen by you (well, ok, anywhere between 1 hour and a week).

A small number of users spotted the new feature in a Facebook iOS app earlier this week which allows users to set a deletion date at the time they create a new post.

A Facebook spokesperson confirmed the existence of the trial feature, saying:

“We’re running a small pilot of a feature on Facebook for iOS that lets people schedule deletion of their posts in advance.”

Small scale trials of new features are nothing new for the social networking giant which is constantly looking to evolve. Facebook users will be grateful, however, that this one is not as secret as say, testing how users react to positive and negative news, the secret emotion experiment which recently surfaced and did little to enhance the reputation of a company which many fail to equate with privacy protections.

That said, Facebook may be learning what its users want, as evidenced by the recent addition of the ‘privacy dinosaur’ aka the new privacy checkup tool.

So, that means all users will be able to self-destruct all of their postings in the future, wiping them off Facebook’s servers for ever more, right?

Well, before you see Facebook as a means for posting questionable or sensitive content, you may wish to consider the fact that the answer to that question is not clear – it looks like the removal from a user’s timeline will be permanent but I’d be very surprised if Facebook would want to let anything fall off its own servers (we know it keeps a record of anything typed into the status box, regardless of whether the user subsequently decides to publish it or not, for example).

Then of course there is the fact that virtually nothing shared on the web is private ever again anyway – the kids of today ain’t half bright you know and they can take screenshots and everything.

So before you even start contemplating using Facebook’s potential new service, or the Slingshot app, or Snapchat to post something you otherwise may have kept to yourself (or should have) remember that nothing that is published can be unpublished and privacy can sometimes be an illusion. Or, as my boyhood hero Michael Praed would say, “Nothing is forgotten. Nothing is ever forgotten.”

Microsoft Sings We’re Not Gonna Take It, Invites Contempt

“See you in court!”

Aaargggh, no thanks, that sounds like a mighty stressful and bank balance-busting exercise in futility to me.

But then again, I’m not Microsoft so perhaps I’ve got good reason to not want to end up in front of a judge. Not that I’ve done anything wrong of course. Honest. Just ask GCHQ – its minority report division already knows I’m a saint now and will continue to be so in the future too.

Microsoft, however, is so keen to have its say in court that it has invited proceedings upon itself. Kind of.

After US authorities made demands over emails stored on a Microsoft server in Dublin, Ireland, the software giant said no dice and has now taken the unusual step of asking the US government to hold it in contempt of court so that it can accelerate the privacy-based case onto the appeals stage.

The case centres around a series of emails which are said to to be relevant to an investigation into drug trafficking but, despite the potential gravity of that case, Microsoft disagrees with the government view that data held overseas is there to be grabbed, instead suggesting that US jurisdiction should terminate in line with its physical borders.

An outstanding warrant, about which almost nothing is known publicly, has caused Microsoft much consternation with the company promising to appeal any adverse ruling “promptly.” The company objected to the search on many levels, including the fact that it believes an existing precedent applies:

“The U.S. has entered into many bilateral agreements establishing specific procedures for obtaining physical evidence in another country including a recently-updated agreement with Ireland. We think the same procedures should apply in the online world.”

In a blog post, the company also highlights how it is taking the moral high ground in making a stand for privacy and also cites backers such as Apple, Cisco and the EFF.

None of this is to say that Microsoft feels it is above the law though, merely that it believes that government should play by the rules and follow established processes:

“We appreciate the vital importance of public safety, and we believe the government should be able to obtain evidence necessary to investigate a possible crime. We just believe the government should follow the processes it has established for obtaining physical evidence outside the United States.”

Now, after some procedural confusion, US District Judge Loretta Preska has found Microsoft in contempt, allowing the company to proceed with its appeal immediately. Meanwhile Microsoft has come to an agreement with the Department of Justice that allows it to escape punishment for that ruling, though the government said it retains the right to seek sanctions at a later date if it feels it necessary to do so, with the full stipulation saying:

  1. Microsoft has not fully complied with the warrant, and Microsoft does not intend to comply while it in good faith seeks further review of this Court’s July 31 decision rejecting Microsoft’s challenge to the Warrant.
  2. While Microsoft continues to believe that a contempt order is not required to perfect an appeal, it agrees that the entry of an order of contempt would eliminate any jurisdictional issues on appeal. Thus, while reserving its rights to appeal any contempt order and the underlying July 31 ruling, Microsoft concurs with the Government that entry of such an order will avoid delays and facilitate a prompt appeal in this case.
  3. The parties further agree that contempt sanctions need not be imposed at this time. The Government, however, reserves its right to seek sanctions, in addition to the contempt order, in the case of (a) materially changed circumstances in the underlying investigation, or (b) the Second Circuit’s issuance of the mandate in the appeal, if this Court’s order is affirmed and Microsoft continues not to comply with it.