Thoughts and tips on information security and privacy in an increasingly digital life

Phishing,Privacy,Security

Tidbits from the week that was: Uber and Unroll.me, Google and Facebook

2 May , 2017, 09.52 Linus Nyman

 

While we – here in Finland at least – spent our week hoping for a May Day celebration without snow, various CEOs spent their week dreaming of a world in which people hadn’t found out quite as much as they did about their company practices. Here are some tidbits from last week’s news.

Uber

Uber has been having a bit of a rough time lately. Their latest Oops we did it again -moment came to us courtesy of Mike Isaac at the New York Times. It turns out Uber had designed their app to recognize users’ phones even after they deleted the app, using something called “fingerprinting”.

As Wired notes, Uber didn’t user fingerprinting to track customers (but rather to help prevent fraud), but the practice of fingerprinting was still an App Store no-no, and against Apple’s rules.

Uber, however, felt that following all of Apple’s rules was soooo last season conformist, and instead used some technical wizardry (well, geoblocking) to keep their fingerprinting hidden from Apple. Which didn’t last, and Uber CEO Travis Kalanick found himself on his way to the principle’s office (by which I mean Apple’s Timothy Cook’s office).

The New York Times article about Uber has a lot of other interesting (though not particularly flattering) stuff about the company and is definitely worth a read. That same article was also the first to reveal an unwelcome tidbit about another company: Unroll.me.

Unroll.me

Among Uber’s business practices was buying information about how many people use their competitor, Lyft. How could they get hold of that information? Yup, Unroll.me.

Unroll.me is a free (“free”) service that promises to help “clean up your inbox” by helping identify what e-mail subscriptions users have and then unsubscribe from unwanted ones.

Unroll.me

Unroll.me

 

What the Unroll.me marketing materials don’t reveal is that the service also – at no extra cost to its users – goes through your inbox to extract information about your buying habits, and then sells that information to third parties. The information is anonymized, but that didn’t stop the issue from raising a (well-deserved) stink among users, who felt they hadn’t been properly informed of the practice.

An Unroll.me co-founder, who no longer works for the company, published a statement in defense of Unroll.me CEO Jojo Hedaya. Which seemed to be along the lines of “The CEO is a really nice guy. And everyone else is doing this, too. So stop being upset.” Which didn’t exactly soothe the masses. Hedaya himself also published a statement to upset users where he – seemingly not the least bit ironically – said that he “can’t stress enough the importance of your privacy.”

So the thing to remember from the news from previous weeks (e.g. vibrators and headphones) remains: if you download an app or use a free service (like Google), assume your data may well be in the cross-hairs.

We conclude this roundup with a story that isn’t about companies gathering data. Well, it’s about companies that gather sh*t-tons of data, but that isn’t what this specific tidbit is about.

Google and Facebook fall for 100 million dollar phishing

Phishing attempts have gotten more and more professional over the years. To the point where now even tech companies seem to have trouble not falling for them. Fortune reported that both Google and Facebook were among the victims of a phishing scam from a few years back. The total scammed? About a hundred million dollars. (Oooops…) The bad guy has since been caught, and the companies report that they have gotten all or most of their money back.

Even if you don’t have a hundred million dollars to lose, remember to be careful of things like phishing, ransomware, and data breaches when out in cyberspace.

 

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *