Connect with us

Internet

Google Chrome Update — ‘A Threat To Children, Cybersecurity And Government Snooping’

Published

on

The way we access websites is about to change. As a result, crisis talks have now been scheduled between the U.K. government and the internet industry to discuss the risks. The primary concern is a proposed but as yet unconfirmed update to Google’s popular Chrome web browser, one that would hit many of the techniques used to monitor internet content for both safety and snooping. It isn’t just Google that will change. But the market-leading position of its Chrome browser has focused governmental minds.

These days, almost everyone is familiar with the concept of internet domain names and the fact that memorable, human-readable addresses are translated into machine-readable IP addresses. But most people have likely never heard of DNS over HTTPS or DOH, and so will be unaware of a planned change to how all this works.

However, DOH is now being fast-tracked, and it has agitated U.K. child safety and intelligence agencies enough to convene a crisis meeting on 8 May, citing child safety, cybersecurity and even terrorism as concerns.

DOH will encrypt the addresses of the websites we visit, potentially bypassing local Internet Service Providers (ISPs), and connecting directly to central nameservers that could well be managed by the companies behind the browsers themselves. This means that many of the filtering and protection tools in place today, usually administered by ISPs, would no longer work.

The new approach brings definite security advantages, notwithstanding that we’ll be entrusting Google and its peers with even more data on us. If the addresses of the websites you want to visit can’t be seen, they can’t be filtered or policed. And campaigners claim that this has implications for the fights against terrorism and extremism, as well as for child safety.

Coming at a time when the monitoring of online content has never been more in the news, and when cybersecurity breaches are reported weekly, the clear need to improve online security is driving welcome change. But the unintended consequences of those changes are apparently now a major concern.

All change

The Internet’s Domain Name System (DNS) is one of its greatest strengths and also one of its greatest weaknesses. The internet is easy to use, but that comes with the risk of the manipulation of DNS names, with snooping on open traffic, and, in many parts of the world, with local monitoring and filtering. So it’s little surprise that the Internet Engineering Task Force (IETF) has been working on a revised approach.

As open traffic, your IP address and browsing activities can be profiled and your requests can potentially be intercepted and manipulated. Who you are and what you’re looking at can be monitored. But with more and more of what is done online being encrypted, the very act of accessing specific websites can be encrypted as well. This is what DNS over HTTPS is all about, bypassing locally held DNS nameservers, sending encrypted traffic to a central server instead.

The change would see web browsers (or other central services) handling domain queries, transparently to users, rather than fielding these as open internet traffic through the ISP. More secure and less open to interception, yes, because all of this would be encrypted HTTPS traffic, but it means that you would be serviced from a central location and not by an operator under your country’s legislative control. Think of it as a built-in, always-on VPN.

presentation from BT on the ‘Potential ISP Challenges with DNS over HTTPS’ earlier this month, acknowledged that “DOH could be a game changer in operator/application dynamics” with fast-tracked standards bringing potentially adverse implications on cybersecurity and on safety from online harms. BT cited a reduced ability to derive cybersecurity intelligence from malware activity and DNS insight, significant new attack opportunities for hackers, and the inability to fulfill government mandated regulation or court orders as potential concerns.

Online responses to the ‘crisis’ suggested that this latter point, the impact on government snooping, was much more of a concern for the authorities than any impact on online safety filters.

Crisis meeting scheduled

According to the Sunday Times, a crisis meeting has now been convened for 8 May to bring together the country’s major ISPs, including BT, Virgin, Sky and TalkTalk, with the country’s National Cyber Security Centre (NCSC) to discuss the implications. The primary concern is that it will be impossible for the country’s ISPs to filter out illegal or inappropriate material. This could have implications for terrorism, extremism, child safety and, of course, password-protecting the U.K.’s countrywide porn habits from July 15, as announced last week.

Because DOH is expected to be largely centralized, and (at least initially) managed by the major browsers, this is where Google comes in. Chrome is the U.K.’s most popular browsing application. With DNS queries not being serviced by an ISP’s nameservers, the ISPs would have no way of tracking, filtering or policing browsing. It would invalidate child safety locks and render useless the planned porn filter. For the ISPs, it could also mandate a rethink in the ways content is cached through efficient and cost-effective content delivery networks.

The well-populated databases of dangerous sites held by ISPs would be bypassed. But, it would also make government online snooping much more difficult. According to the Sunday Times, “BT, which has 9m broadband customers, said in a statement that parental controls, the first line of defense for millions of households, could be rendered ‘ineffective’ by the new system. It added that it could ‘hamper our ability to protect customers from online harms’.”

A spokesperson for the U.K.’s Internet Services Providers’ Association, the trade association representing more than 200 ISPs, including BT, Sky and Virgin, told me that “U.K. broadband providers are actively involved at a national and international level in ensuring that encrypted DNS is implemented in a way that does not break existing protections provided to U.K. internet users. If internet browser manufacturers switch on DNS encryption by default, they will put users at serious risk by allowing harmful online content to go unchecked. Internet browser companies must ensure that parental controls and cybersecurity protections offered by broadband companies continue to work and protect users. We would expect internet browsers to provide the same protections, uphold the same standards and follow the same laws as U.K. ISPs currently do.”

No need to panic?

The encryption of DNS name traffic is not the issue. The central management of the system, bypassing local controls, is the issue. There’s no reason that the new ecosystem cannot work in the existing framework. But it won’t start out that way, and it puts significant control in the hands of the device browsers. Theoretically, there could be device- or even application-specific DOH datasets accessed. And any user filtering would need to be at a device level instead of relying on the ISP. These changes need to be fully communicated and documented in how-to guides before being made.

For their part, Google has confirmed that an encrypted version of Chrome is already available but is not yet included as standard. In a statement, the company said that “Google has not made any changes to the default behavior of Chrome.”

Source: https://www.forbes.com/sites/zakdoffman/2019/04/22/crisis-as-changes-to-google-chrome-threaten-child-safety-and-cybersecurity/#7d0977f05704

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Internet

Instagram will give you more control over your third-party apps…in about six months

Published

on

By

Instagram  is slowly rolling out a new feature that will help better protect your personal data from being accessed by your long-discarded, third-party applications — that is, any app you had once authorized to access your Instagram profile over the years. This may include websites you used for printing your Instagram photos, various dating apps or Instagram tools for making collages, finding your top photos and more.

Providing a tool to remove third-party apps’ access to your account is now a fairly commonplace security setting among platform providers. Instagram is late to offer such functionality. TwitterFacebook and Google have had similar functionality in place for years.

And Instagram isn’t hurrying its launch, either.

The company says its new security features will take a whopping six months to reach all users, as it’s designed to be a gradual rollout. For comparison’s sake, most new features tend to roll out in days or sometimes weeks, but rarely as long as half a year.

Revoke access 1

The choice to move slowly is worth calling out here — especially given that Instagram’s parent company Facebook’s massive personal data scandal, Cambridge Analytica, arose because users had connected to a third-party app that improperly collected users’ personal data.

Instagram, arguably, has less of a treasure trove of personal information on hand to tap into, compared with Facebook. But there’s still no need to let some app you used once, many years ago, continue to access information like your Instagram username, your photos, all your captions, timestamps of your posts, permalinks and more. And if you maintain a private account with the intention of only sharing your content with close friends and family, this level of access might make you even more uncomfortable.

While Instagram isn’t clear in its public announcement about its reasoning for such a slow rollout, it’s tied to API changes for developers. The company is giving developers time to move from the Instagram Legacy API Platform to the Facebook Graph API.

As the company explains in a developer announcement, the new API will enable “appropriate consumer use-cases, while protecting user privacy and safety” — including giving users the ability to decide what information they share with apps, then revoke access through the Instagram mobile app. The legacy API platform will be deprecated on March 2, 2020.

It would have made sense for Instagram to communicate to users that the gradual rollout is because it’s giving developers time to get their apps ready for these changes. But because it didn’t mention this, the news of the slow rollout comes across as Instagram not believing such a feature is a priority or important to users.

If you have the new security setting, you’ll find it under “Settings” in the Instagram app. It will be under “Security,” then “Apps and Websites.” From this screen, you can tap “Remove” on any apps you don’t want connected to your Instagram account.

Related to this, Instagram says it’s also introducing an updated authorization screen that will detail all the information an app is requesting when you go to authorize it to connect to your Instagram account. If you think it’s over-reaching, you can just choose “Cancel” instead of “Authorize.”

Authorize Access

If you don’t have the new features now, just wait until sometime in 2020, I guess.

Source: https://techcrunch.com/2019/10/16/instagram-will-give-you-more-control-over-your-third-party-apps-in-about-six-months/

Continue Reading

Internet

Microsoft’s Your Phone app now supports Android call syncing on Windows

Published

on

By

One big reason iPhone users stay within Apple’s ecosystem is that all of its devices communicate with one another. Microsoft’s Your Phone app helps bring similar connectivity between Android and Windows devices. And with its latest update, it’s better than ever.

Android users can now sync their phone calls with their Windows computers. Right now, the feature is open to the Windows Insider community, but it should be available to everyone else soon.

This new functionality allows users to answer, initiate, and decline Android phone calls from their computers. The app can also send a custom text to declined callers or send them directly to voicemail. Users can even transfer calls between their computers and smartphones on the fly.

To take advantage of this, users must be running Android 7 or newer, Windows 10 PC build 18362.356 or later, and both devices need Bluetooth support. The feature has some bugs as of right now, but Microsoft should fix them soon.

Blog site Thurrott also noticed Microsoft released the ability to inline reply to notifications a few months ago using the Your Phone app. This was a critical feature missing at the app’s launch.

With Android call syncing and inline replies on Windows, users are one step closer to Apple-level device communication (although we’re still pretty far away from that). And now that Microsoft recently announced an upcoming Android device, we expect the Your Phone app will greatly improve over the next year.

Source: https://www.androidauthority.com/windows-android-call-syncing-1039039/

Continue Reading

Internet

Instagram Gets Dark Mode Support on Android and iOS, Removes Following Tab for All Users

Published

on

By

Instagram is introducing a series of new, welcome changes to its Android and iOS apps this week. The Facebook-owned app now finally supports dark mode on both Android and iOS. The company has been testing the feature for a while and it’s now rolling out to all users. Besides this, Instagram is also removing the Following tab from its Activity feed that lets users browse through others’ Instagram activity. Lastly, Instagram is also adding a new security feature that helps you avoid phishing scams.

The new dark mode feature in Instagram works on both Android and iOS apps. You’ll need to switch to the system-wide dark mode setting on your smartphone to use this feature. You’ll need an iOS device running iOS 13 and an Android device running Android 10. But in case your Android phone runs a custom skin that supports dark mode, it’ll trigger Instagram’s dark mode too.

You’ll also need to update the Instagram app to the latest version on your Android or iOS smartphone. There’s no way to toggle the dark mode feature on or off within the app.

Besides the new dark mode, Instagram is also removing the Following tab in its Activity feed. The tab featured a user’s friend activity on Instagram. The Facebook-owned company had started removing the feature for select users starting August, but will now remove it for everyone by this week, the company confirmed to Buzzfeed News.

Instagram’s head of product, Vishal Shah told Buzzfeed News that the app’s users weren’t always aware of the fact their activity was accessible to their friends. The tab will now focus on a user’s own activity instead. The Following tab was introduced back in 2011 to let users discover new content before the Explore tab was introduced.

Meanwhile, Instagram is also trying to help users avoid phishing scams. The company is adding a new security feature that adds a list of official email addresses from companies, letting users cross-check if an email they have received is from the relevant company or a malicious user.

Source: https://gadgets.ndtv.com/apps/news/instagram-dark-mode-support-android-ios-following-tab-activity-feed-removal-anti-phishing-2113485

Continue Reading
Advertisement

Trending

%d bloggers like this: