Popular Devices That Spy On You Without Your Permission

Did you know the seven electronic devices listed below are as much a security threat to you as a hacker who can read your emails and access your phone?

The Electronic Privacy Information Center (EPIC) wrote a letter to the Federal Trade Commission (FTC) asking them to look at technology from the likes of Microsoft, Google, Amazon and others, citing the “always on” technology as being “worrisome”.

Yahoo Finance report:

EPIC fears the average consumer isn’t aware that some of these devices are actually spying on them by recording their conversations even when the device seems to be turned off. The privacy implications of these devices, which they believe infringe on individual rights, is profound.

The companies say the devices are only engaged in “conversation” when triggered by a “hotword” or a certain gesture. However, those designs can’t be counted on to always work as planned and could cause accidental recordings.

If you’re worried about your privacy, here’s a list from EPIC that can help you audit your chances of staying anonymous.

Google Chrome

The browser is reportedly able to remotely install code that allows the software to listen to users without their knowledge. The code was originally designed to support Chrome’s new “OK, Google” hotword detection, which activates a computer response when you talk to it. However, some users claim the code was installed and activated on their computers without them giving their permission.

Google responded to these complaints on its Chromium developer boards. “While we do download the hotword module on startup, we do not activate it unless you opt in to hotwording,” the company wrote. Some developers question this claim.

Samsung SmartTV

The Samsung SmartTV has a built-in microphone that is equipped with voice recognition technology that allows users to give verbal commands to the TV. In order for Samsung to convert your speech to text, the voice commands are sent over the Internet to a third-party for interpretation.

However, since the TV is “always on,” the microphone is recording every word you’re saying at all times. Even in its SmartTV privacy policy, Samsung acknowledges that all spoken words, including personal or other sensitive information, are sent unencrypted to the third party.

Nest Cam

This Internet-streaming home security camera is a product of Nest Labs, which is now owned by Google. The camera comes with a microphone and streams video and sound directly to a consumer’s smart phone in real time. With the Nest “Aware” app, Google can record and save up to 30 days of video and audio.

Using the recording, the camera has the ability to alert users when an “unusual sound” is detected. Nest has the capability of distinguishing between unknown or known voices, which is an important security feature. But privacy advocates are fearful because the company does not disclose how the technology works or how much information the company collects.

Canary Connect

Canary Connect is another company that develops Internet-connected home security systems. The security device can store audio and video recordings from inside a user’s home for 90 days and can be set to one of three modes — “armed,” “disarmed” and “privacy.” Unless the device is in “privacy” mode, it will automatically begin to record when triggered by motion.

Users have complained that there isn’t an easy way to determine what mode the device is in. In addition, the interface doesn’t notify consumers when it is switching modes.

Microsoft’s Kinect

Microsoft has installed its “always on” voice and motion recorder, called Kinect, in its Xbox videogame consoles. When users say the word “Xbox,” the Kinect tracks and records the users’ voice and hand gestures in order to follow commands. In order for the device to know when to turn on, the console monitors conversations at all times.

Amazon Echo

Amazon Echo, like other voice-activated computer programs, is triggered awake by the word “Alexa.” The device is constantly listening in on household conversations for the word, which then triggers the system to record and stream the recording to Amazon’s cloud for processing and storage. Amazon has not revealed what data the system collects and if it saves conversations or words said before “Alexa.” In addition, various companies are in the process of incorporating Alexa into their Internet-connected devices. Amazon has not revealed how much information it will have access to once these other companies begin to collect their own data.

Windows 10 : Privacy issues that Lenovo write a few days ago

Lenovo on STARTING TO USE WINDOWS 10.  The manual gives a elaborative tutorial of basic use of Windows 10 and its features.

By downloading Windows 10 you are allowing Microsoft to spy on you

Window 10 has finally arrived on many users PC/Laptops and they must be busy exploring the Microsoft’s latest offering. There are a lot of things users of Windows 10 should be aware of, and one of them is privacy while other is understanding the features of Windows 10.

We had already warned you that Windows 10 Technical Preview, when it was launched, was a keeping track of everything the beta tester did within the operating system. However as it was a TP, Microsoft had a right to know about the behaviour of its operating system through user feedback before the final product launch.

But now, Microsoft has released the final version of Windows 10 and it has come out with a brand new Privacy Policy and Service Agreement which users should carefully read to know about the implications of privacy if they use Windows 10.

The Privacy Policy will go into effect from 1st August and here are a few controversial points which you should know about.

First of all by downloading and installing Windows 10, you give Microsoft very broad power to collect things you do, say and create while using its software. The data collection is quite ambiguous but one thing is certain, Windows 10 will be reporting back many things that you do, to the Microsoft servers back at Redmond.

Data syncing by default

Microsoft will sync settings and data by default with its servers. This includes your browser history, favorites and the websites you currently have open as well as saved app, website and mobile hotspot passwords and Wi-Fi network names and passwords. This is pretty much like how Google Chrome sync works, however, if you are not comfortable with sharing your usage habits you can deactivate it from settings.

Cortana

As with the Windows 10 Technical Preview, the Microsoft’s personal virtual assistant, Cortana is a online snooping antennae for Microsoft. Which means it shares everything you do when you use it. However you have allow it to do just that because ironically it cant function in all its glory without collecting such data. Microsoft privacy statement is quite indicative of this fact :

    To enable Cortana to provide personalized experiences and relevant suggestions, Microsoft collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device.

    Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and more.”

Advertising ID :

Windows 10 generates a unique advertising ID for each user on each device. That can be used by developers and ad networks to profile you and serve commercial content. Like data sync, you can turn this off in the Setting menu > Privacy> general > Change privacy option

Disabling all the buttons in the Change privacy options will opt you out from the Microsoft advertising network.

Encryption key are backed up to OneDrive

Another one of those necessary requisites but the one that you should be aware of. When device encryption is turned on, Windows 10 automatically encrypts the drive its installed on and generates a BitLocker recovery key. That’s backed up to your OneDrive account.

You empower Microsoft to disclose your data once you download Windows 10

Read this part carefully. Upon agreeing to the service agreement and privacy policy you basically allow Microsoft to disclose your data to anyone it wishes to. Though realistically that may never happen but this is one controversial aspect of the privacy policy.

    We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.

Learn to Encrypt Your Emails against an invasion of privacy by NSA

Now that we have enough details about how the NSA's Surveillance program, running for a long time against almost each country of this planet. 

Hundreds of top-secret NSA documents provided by whistleblower Edward Snowden already exposed that Spying projects like PRISM and MUSCULAR are tapping directly into Google and Yahoo internal networks to access our Emails. NSA's tactics are even capable to defeat the SSL encryption, so unsecured email can easily be monitored and even altered as it travels through the Internet.

One major point on which all of us are worrying is about the privacy of communication among each other and If you're looking for a little personal privacy in your communications you will need to encrypt your messages.

To avoid privacy breaches; rather I should say to make it more difficult for the NSA or British GCHQ surveillance program to read our communication, we should use PGP encryption (Pretty Good Privacy).

Why we should encrypt our Emails? Each public mail service provider sends information from sender to recipient like a postcard which has a recipient’s address and the content to be conveyed; and is open to the medium used for sending the card. Encryption is an envelope of the content of the document to be sent and leave the recipient’s address open so that it can reach to the destination. So by encrypting your mail, even if any mail service provider is keeping a record of all mails, you need not to worry that your document is being read by third person neither by NSA people.

Encrypting your email may sound daunting, but it's actually quite simple. We are going to use something called GNU Privacy Guard (GnuPG) or Gpg4win (Windows).

 

Installation

Step 1: Download the Gpg4win on windows machine and install it.

Step 2: Go ahead and after successful installation, close the window.

Generating your PGP pair key:

Step 3: Now open Kleopatra tool (A GUI GPG Key Manager) to create a new asymmetric key pair (public & private). Click on File -> New Certificate.

Step 4: In the key generation wizard, click on "Create a personal OpenPGP key pair" and in the next window enter your basic details:

Step 5: In the next window, once review your details and click "Create Key". It will prompt you for entering a passphrase. Set a strong password and confirm it once again in the next window.

Step 6: Within a few seconds (depending on your system speed), Your Key pair will be generated (as shown).

Step 7: You should "Make a backup of your file pair" somewhere safe. You can also export the public key to the public directory by clicking on the Upload Certificate to Directory Service.

Step 8: Once done, the key manager main interface will show your certificate as shown:

Step 9: Select your newly generated certificate -> Right click -> click on Export Certificates to save your Public keys on the desktop.

You will have to exchange your public keys with whom you want to make secure communication via mails. Many people post their public keys to their personal websites. You can send it as attachments to everyone you email, just so they have them.

Once your friends will have your Public keys, they can import it Kleoptra software via 'Import Certification' option from the menu.

Composing an encrypted email:

Step 1: Open Outlook -> Compose a new mail and write the recipient’s address, Subject and your message.

Note: You should already have your email ID configured over Outlook software on windows machine and if your Outlook doesn't have OpenPGP, then you can install 'Outlook Privacy Plugin' to enable it.

Step 2: Under GpgOL menu (as shown), click on 'Encrypt'. The software will automatically import the public keys of the recipient from the Key Manager (only if exists or imported before).

Step 3: If you also want to attach some files to this encrypted email, then under GpgOL menu, click Encrypted File and select the file to be attached and SEND mail.

When you or the recipient will receive the encrypted mail, one should first decrypt it using private keys.

Step 4: Under GpgOL menu, click on 'Decrypt' to convert the email into readable form. To proceed, It will ask for  the secret passphrase entered at the time of creation of key pair.

That's it! Other than Outlook you can also use various desktop email clients (Thunderbird or Postbox) or web mail, that also support PGP encryption. You can import your key pair to other software also in order to manage the same account.