Tag Archives: Privacy

Is PADU Being Used To Monitor All Your Personal Data?!

Is the government using PADU – the Central Database Hub – to collect and monitor all of your personal data, including your banking information?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : PADU Lets The Government Monitor All Your Data!

People are sharing this message on WhatsApp and social media platforms, which claims or suggests that the new PADU Central Database Hub allows the government to collect and monitor all of your personal data, including your banking information!

Soon for everyone….. Government new method to monitor All Malaysian assets and income.. it’s called PADU.. it links all personal information from your Mycard to your passport to all your officials document’s , including insurance , property & land titles, Electric and water bills to JPJ vechical grant.
All your bank transitions, From PDRM summons including bank loans, credit cards, Business registration and accounts. even your phone SIM card.. In the future a Malaysian can’t even fart, Without the government’s knowledge

Recommended : PADU Central Database Hub : What You Need To Know!

 

Truth : PADU Does Not Let Government Monitor All Your Data

This appears to be yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms, and here are the reasons why…

Fact #1 : PADU Combines Existing Data

Malaysia introduced the PADU Central Database Hub – on Tuesday, 2 January 2024. Developed in just 7 months, PADU is designed to give the government a better way to distribute subsidies, and make other policy decisions going forward.

PADU accomplishes this by combining data from over 400 government agencies, and related organisations, into one central database, hence its name – Pangkalan Data Utama (PADU), or Central Database Hub in English.

The data that PADU stores was always there, just split up into databases owned and managed by different government agencies, and related organisations. All that PADU does is consolidate data from all those different sources into a central database.

Fact #2 : You Are Not Required To Register For PADU

The Malaysian government does not actually require you to register to access PADU. Registering for a PADU account is not mandatory.

In fact, the government has set a deadline limiting public access to PADU. Those who register for a PADU account can check, update, and add information, until 31 March 2024.

Whether you register your account or not, PADU already has your data. The data remains in PADU, even if you refuse to register for an account.

Recommended : How To Appeal Rejected eMADANI Application!

Fact #3 : PADU Has No Access To Banking Data

While PADU is designed to determine whether you qualify for subsidies and other government assistance, there are limits to what the PADU can collect.

Claims that PADU will give the government access to all of your “bank transactions” and data, including “bank loans, credit cards, business registration and accounts”, etc. are false.

That’s because the PADU Central Database Hub is forbidden from collecting banking data by the Banking and Financial Institutions Act 1989 (BAFIA).

Fact #4 : PADU Has No Access To Your SIM Card

Just to be clear – PADU has no access to your SIM card. It only has your mobile phone number.

For more information about the PADU Central Database Hub, please read our FAQ.

Please help us fight fake news – SHARE this article, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Fact Check : New WhatsApp Cyber Crime Rules?!

Did WhatsApp just implement new cyber crime rules to help the government monitor and record your calls and messages?! Find out what the facts really are!

Updated @ 2023-10-08 : Updated after message went viral again.
Originally posted @ 2023-07-03

 

Claim : WhatsApp Has New Cyber Crime Rules!

People are sharing this warning about WhatsApp implementing new cyber crime rules, to help the government monitor and record all calls and messages!

Tʜᴇ ɴᴇᴡ ᴄᴏᴍᴍᴜɴɪᴄᴀᴛɪᴏɴ ʀᴜʟᴇs ғᴏʀ WʜᴀᴛsAᴘᴘ ᴀɴᴅ WʜᴀᴛsAᴘᴘ Cᴀʟʟs (Vᴏɪᴄᴇ ᴀɴᴅ Vɪᴅᴇᴏ Cᴀʟʟs) ᴡɪʟʟ ʙᴇ ɪᴍᴘʟᴇᴍᴇɴᴛᴇᴅ ғʀᴏᴍ ᴛᴏᴍᴏʀʀᴏᴡ: –

Recommended : How To Block Facebook Ads + Pay Scammers!

 

Truth : WhatsApp Does Not Have New Cyber Crime Rules!

And here is why this is nothing more than yet another Internet hoax :

Fact #1 : Only China Can Do This

The only country that has accomplished most of what was shared above is China, but it took them decades to erect the Great Firewall of China.

It’s not just the massive infrastructure that needs to be created, it also requires legislation to be enacted, and considerable manpower and resources to maintain such a system.

That’s why China is leaning heavily on AI and cloud computing capabilities to automatically and quickly censor information it deems “sensitive”.

However, no other country has come close to spending the money and resources on a similar scale, although Russia, Cuba, Vietnam, Zimbabwe and Belarus have imported some surveillance technology from China.

Fact #2 : WhatsApp, Instagram + Facebook Messenger Have End-to-End Encryption

All three Facebook-owned apps now run on the same common platform, which provides end-to-end encryption.

End-to-end encryption protects messages as they travel through the Internet, and specifically prevents anyone (bad guys or your friendly government censor) from snooping into your conversations.

That is also why all three apps are banned in China…

Recommended : Can SIM swap attack empty bank account without warning?!

Fact #3 : Governments Generally Have No Control Over Those Apps

Outside of authoritarian countries like China and Russia, governments generally have little to no control over social media and instant messaging apps. Even then, their control is generally limited to banning access if they don’t get their way.

The ability to keep conversations and messages safe and private is key to the success of instant messaging apps, in particular. So WhatsApp, Telegram and Signal would never allow governments access to user messages or voice calls, never mind record and monitor them for governments!

In fact, by implementing end-to-end encryption, these companies themselves do not have access to your messages and calls.

Fact #4 : WhatsApp Does Not Have Three Check Marks!

WhatsApp messages only have two ticks / check marks to notify users about the status of their messages:

: The message was successfully sent.
: The message was successfully delivered to the recipient’s phone or any of their linked devices.
: The recipient has read your message.

There is no third check mark, as claimed by the viral message.

Fact #5 : Governments Won’t Tip You About Investigations

It is illogical for WhatsApp to inform you when the government is checking your information, or when it has started proceedings against you.

In fact, it doesn’t make sense for any government to inform you by instant messaging check marks! If the government is charging you with a crime, it will send police officers, not check marks on WhatsApp!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > InternetFact Check | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Malaysia To Ban SMS With Personal Details!

Telcos in Malaysia will soon ban SMS messages with personal information, as part of the MCMC’s initiative to prevent scams! Here is what you need to know!

 

Malaysia To Ban SMS With Personal Details!

On Sunday, 2 July 2023, four Malaysian telcos – Maxis, Celcom, Digital and U Mobile will ban SMS messages containing personal information , as part of the MCMC’s initiative to prevent scams.

In addition to the May ban of SMS links, both local and international users will be prevented from sending any SMS message containing:

  • personal details
  • mobile or fixed line phone number
  • banking details like account number
  • MyKad number

All SMS messages containing these forbidden items will not be blocked, but their senders won’t be charged for those blocked messages.

Read more : Malaysian Telcos Ban SMS Links To Prevent Scams!

 

No Ban For SMS With Personal Details Via Short Codes

It should be noted that this ban on SMS messages with personal details do NOT apply to businesses using legitimate Enterprise short codes. They will still be allowed to issue SMS messages with URLs (links), phone numbers, and personal details.

Here are the current Enterprise short codes for Celcom and DIGI, from which you “may” continue to receive SMS messages with hyperlinks (URLs) and personal information.

Telco Enterprise Short Codes
Celcom CelcomDigi / EASYRELOAD
Celcom / CELCOM
2000 / 2901 / 20000 / 78888
28888 / 28882 / 22288 / 28282 / 22888
2001 / 22002 / 22009 / 21888 / 22022 /
22033 / 22162 / 22244 / 22262 / 22990 /
23000 / 23222 / 23777 / 25000 / 25555 /
26664 / 26668 / 26674 / 26680 / 26699 /
27100 / 27200 / 27999 / 28000 / 29888 /
29992 / 29999 / 39131 / 39140 / 39146 /
39170 / 39172 / 39230 / 39231 / 39240 /
39254 / 39258 / 39281 / 39291 / 39442 /
39466 / 39470 / 39471 / 39496 / 39504 /
39505 / 39506 / 39509 / 39513 / 39514 /
39515 / 39518 / 39881 / 39437 / 39132 /
39133 / 39144 / 39162 / 39177 / 39498 /
39502 / 39511 / 39512 / 39495
Digi CelcomDigi / Digi / DigiRewards
200 / 2901 / 2691 / 5001 / 27676
20000 / 21000 / 28879 / 28888 /
28882 / 22288 / 28282 / 22888

Maxis has 5-digit short codes like 1XXXX, 2XXXX, and 6XXXX, but has chosen to block SMS messages containing personal information from their Enterprise short codes:

In order to prevent individuals from becoming online scam scams, the Malaysia Communication and Multimedia Commission (MCMC) has issued a directive to all telcos on 14 February 2023 to block sending and receiving of short messaging service (SMS) from local, international mobile numbers and applications containing below contents:

  • URL link and any clickable link e.g. shorten URL; shorten URL;
  • Request for user’s personal information e.g name, IC number, account number and
  • Mobile and fixed line number

Blockings are being implemented in stages; started from 2 May 2023 for SMS between individuals; the next and last stage is the blocking of SMS containing the above 3 elements from mobile and applications such as Enterprise SMS service and Maxis IoT SIM from 2 July 2023.

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

 

Risky SMS Ban Helpful, But Other Platforms Still A Risk

While this measure is really helpful in reducing scams, the ban is limited to SMS messages. It does not prevent scammers from sending similar scam messages through instant messaging platforms like WhatsApp, Telegram, Facebook Messenger, WeChat, etc.

I should also point out that links are not inherently bad. Links in messages, even SMS messages, are mostly safe.

Perfectly Fine

  • Clicking on a link to read an article / terms and conditions of a promotion
  • Clicking on a link to enrol in a promotion which does not require you to log into any website
  • Clicking on a link to check in for a flight, or get a travel update

However, they can be used to send you to a phishing website which is designed to look like a genuine bank / payment website. Hence, it is critical that you should NEVER log into any website through a link.

NEVER DO THIS

  • Clicking on a link to log into a bank website
  • Clicking on a link to make a purchase or payment
  • Clicking on a link to log into any account / email

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityMobile | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Zendaya reject marriage proposal by Tom Holland?!

Did Zendaya reject a marriage proposal by Tom Holland at an intimate dinner party?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Zendaya Rejected Marriage Proposal By Tom Holland!

People are sharing a Music Mundial article which claims that Zendaya recently rejected a marriage proposal by Tom Holland at an intimate dinner party!

Here is the viral Music Mundial article. Please feel free to skip to the next section for the facts!

Zendaya rejected marriage proposal from Tom Holland

Just a few days ago, UsWeekly reported that popular British actor Tom Holland was formally engaged to talented American actress Zendaya. Of course, the news was received with much love among fans of both artists, who support the relationship with a lot of passion.

Recommended : Did Miley Cyrus Officially Retire From Performing Live?!

 

No Evidence Zendaya Rejected Marriage Proposal By Tom Holland

This is yet another example of celebrity FAKE NEWS created by Music Mundial to generate page views, and here are the reasons why…

Fact #1 : US Weekly Never Said They Were Engaged

Music Mundial claimed that US Weekly reported that Tom Holland was formally engaged to Zendaya, but there does not appear to be any such report.

The closest thing would be a November 2022 report, in which US Weekly reported that the romance between Zendaya and Tom Holland seemed “serious and permanent”.

They’re both in settling-down mode and are absolutely planning for a real future together.

It is an absurd claim by Music Mundial because it completely contradicts its own story. If Tom Holland was formally engaged to Zendaya, that means Zendaya had already accepted his marriage proposal. That’s what engagement means.

That logical faux pas suggests that the Music Mundial article was possibly generated by AI.

Fact #2 : No Evidence Tom Holland Proposed To Zendaya

Music Mundial offered no evidence that Tom Holland actually proposed to Zendaya at an intimate dinner party, only to get rejected in front of everyone attending the party.

News of such a rejection would have been leaked to the many celebrity websites and blogs out there, and reported on breathlessly. Yet, the only “source” for the claim is Music Mundial?

Did Music Mundial attend that intimate dinner party? Did Music Mundial witness Tom Holland proposing to Zendaya, only to get rejected? No, Music Mundial claimed that “according to reports”. The trouble is – there are no such reports. Every article I’ve seen making this claim lead back to Music Mundial.

Recommended : Jamie Foxx Blind + Paralysed by Vaccine Blood Clot?!

Fact #3 : Tom Holland + Zendaya Want Privacy

Tom Holland and Zendaya are famous for being very private about their relationship. Even though they were rumoured to be a couple when Spider-Man: Homecoming released in 2017, their romance was only confirmed when they were photographed kissing in Venice, in July 2021.

In November 2021, Tom Holland told GQ how they both felt “robbed” of their privacy when their relationship was exposed:

One of the downsides of our fame is that privacy isn’t really in our control anymore, and a moment that you think is between two people that love each other very much is now a moment that is shared with the entire world

I’ve always been really adamant to keep my private life private because I share so much of my life with the world anyway. We sort of felt robbed of our privacy.

Tom Holland also said that he does not want to discuss their relationship without Zendaya. Whatever happens in their relationship, they will announce it together. A true gentleman.

It’s not a conversation that I can have without her, you know, I respect her too much. This isn’t my story. It’s our story. And we’ll talk about what it is when we’re ready to talk about it together.

Fact #4 : This Is Just Music Mundial Fake News

This appears to be nothing more than yet another example of celebrity fake news posted by Music Mundial. Here are examples of Music Mundial fake news that I looked into:

Everything Music Mundial posts should be considered as FAKE NEWS, until proven otherwise.

Please help us fight fake news – SHARE this article, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CelebrityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Approve New Participant block WhatsApp hackers?!

Can the new Approve New Participant feature in WhatsApp block hackers?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Turn On WhatsApp Approve New Participant To Block Hackers!

WhatsApp started introducing a new feature called Approve New Participant, on 11 March 2023.

This new feature was only available to WhatsApp Group administrators, and went pretty much unnoticed by most WhatsApp users, until this claim went viral on WhatsApp and social media platforms:

CYBER SECURITY ALERT
Announcement

Let’s look sharp all admins*
WhatsApp has added a new security feature to prevent hackers from joining Groups.
I Hope Admins will take advantage of this feature.

*Admins* should go to group settings and
‘TURN ON’ Approve New Participant.

This will prevent unauthorized access for hackers.

WHATSAPP ADMINS ALERT!!!

That WhatsApp cybersecurity alert was unsigned, so we have no idea who created it. But once it went viral, WhatsApp users started asking their group administrator to turn it on to block hackers.

But does the new Approve New Participant feature really block hackers from attacking WhatsApp groups?

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

 

Truth : WhatsApp Approve New Participant Does Not Block Hackers!

This is yet another example of FAKE NEWS circulating on WhatsApp, and social media platforms like Facebook and Twitter, and here are the reasons why…

Fact #1 : Approve New Participant Is Not A Cybersecurity Feature

First, let me just point out that Approve New Participant is not a cybersecurity feature. WhatsApp introduced the this feature to help group administrators “grow, moderate, and protect their groups“.

The Approve New Participants setting empowers admins to help grow, moderate, and protect their groups. Turning on the setting in Group Settings requires the admin to review every request to join the group before a participant is allowed to join. This feature enhances privacy and security for all participants in the group.

This feature is designed to protect private groups by preventing people from simply joining them using an invite link.

This is a major security concern for private groups, as it exposes the group chats to people who may not be authorised to view them. However, this is not a concern for open groups, as they are open to one and all.

Fact #2 : Approve New Participant Cannot Block Hackers

When a group turns on Approve New Participant, admin approval is required to join a group. People who attempt to join the group will see a Request to join button, with the message “An admin must approve your request”.

After clicking on Request to join, those who wish to join the group are allowed to share their Reason for the request, or Cancel Request.

Once the group administrators get the request, they can either approve or reject the request. Group administrators can also start a chat with the person to request more information.

All that is great for vetting people who want to join an exclusive WhatsApp group, but this new feature does not block hackers, as the group administrator will not know who is, or is not a hacker. It’s not like those WhatsApp accounts have a “hacker” or “not a hacker” label!

Hackers can use social engineering techniques to trick the group administrators into approving their requests, or they can simply use phishing attacks to take over the WhatsApp accounts of existing group participants!

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Fact #3 : Approve New Participant Is Disabled By Default

Cybersecurity features that are designed to block hackers will always be enabled by default – why would they be optional?

Yet, the new Approve New Participant feature is OPTIONAL in WhatsApp, and is DISABLED by default. That is because this is not a cybersecurity feature designed to block hackers.

Many WhatsApp groups are open for anyone to join, and turning on Approve New Participant would be pointless as group administrators would not know the identity of the people joining their groups.

This is why it is up to the WhatsApp group administrators to determine if it is suitable for them to use the new Approve New Participant feature, or not.

Private groups will want to turn this on, to vet people who request to join. But open groups will want this feature disabled, or their administrators will be overwhelmed with joining requests.

Fact #4 : Group Participants Can Always Be Removed

Here’s another reason why blocking new participants joining automatically does not block hackers – group participants can always be removed.

Let’s say a hacker, or an unauthorised person, gains access to your WhatsApp group. It doesn’t mean he/she can stay in your group forever. Any group administrator can remove that person.

This new feature only helps group administrators pre-vet people who want to join their group, instead of kicking them out after they have already joined.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Pinduoduo App Contains Persistent Spy Malware!

One of China’s most popular apps – Pinduoduo apparently contains a malware that monitors user activities and is difficult to remove!

Take a look at what CNN and multiple cybersecurity researchers have discovered about Pinduoduo!

 

Pinduoduo : What Is It?

Pinduoduo is actually a Chinese online retailer. Think of it as China’s Amazon. While Amazon started as an online bookstore, Pinduoduo started as an online agricultural retailer.

Since then, Pinduoduo has become one of China’s most popular online shopping platform, with its app offering its 750 million users access to cheap products in China, by offering steep discounts on group buying orders.

Despite its meteoric rise, Pinduoduo has not been without its controversies. In 2018, the company was criticised for hosting inferior and imitation products, to which it responded by taking down more than 4 million listing and shutting down 1,128 stores.

In 2019, Pinduoduo was hit by hackers who stole discount coupons worth tens of millions of Yuan. And just last month, Google suspended the Pinduoduo app after discovering that versions offered outside its Play Store contained malware.

The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.

Read more : How To Block Facebook Ads + Pay Scammers!

 

Pinduoduo App Contains Persistent Spy Malware!

Western interest may have been initiated by Google suspending the Pinduoduo app, but cybersecurity experts had already started looking into the app, and what they discovered was very troubling.

Alert First Raised By Chinese Cybersecurity Company

I think we should start by noting that it was a Chinese cybersecurity company called Dark Navy that first raised concerns about malware in the Pinduoduo app in February 2023.

Although Dark Navy did not name Pinduoduo in its report, cybersecurity researchers knew who it was referring to and soon followed up with their own investigations and reports, confirming Dark Navy’s report.

Sophisticated Malware

Half a dozen cybersecurity teams from Asia, Europe and the United States identified sophisticated malware in the Pinduoduo app that were designed to exploit vulnerabilities in the Android operating system used by many smartphones.

The malware allows the Pinduoduo app to bypass Android security features to monitor activities in other apps, check notifications, read private messages, and even change settings. It is also difficult to remove once installed.

Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm, said that:

We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.

Read more : Can SIM Swap empty bank accounts without warning?!

Dedicated Hacking Team To Look For Vulnerabilities

Even more damning, CNN reported that a current employee revealed that Pinduoduo set up a team of about 100 engineers and product managers to look for vulnerabilities in Android smartphones, and find ways to exploit them for profit.

To avoid exposure, the source said that the company targeted users in rural areas and smaller towns, and avoided users in megacities like Beijing and Shanghai.

By collecting expansive data on those users, Pinduoduo was able to create a comprehensive portrait of their habits, interests, and preferences; while improving its machine learning models to personalise push notifications and ads.

Pinduoduo App Gained More Access Than Allowed

Three cybersecurity companies – WithSecure, Check Point Research, and Oversecured conducted independent analysis of version 6.49.0 of the Pinduoduo app that was released in late February 2023, and found code designed to achieve “privilege escalation” – a type of cyberattack that exploits vulnerabilities in the operating system to gain a higher level of access to data that it’s supposed to have.

Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones.

The Pinduoduo app was able to continue running in the background, and prevent itself from being uninstalled. This was apparently done to boost the platform’s statistic for monthly active users.

Pinduoduo App Has Access To User Data Without Consent

Delware-based app security start-up, Oversecured, found that the Pinduoduo app had access to user data like locations, contacts, calendars, notifications, and photo albums, without their consent.

The app was also able to change system settings, and access user social media accounts and chats.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Pinduoduo App Also Snooped On Other Apps

The Pinduoduo app also had the ability to snoop on competing shopping apps, by tracking activity on other shopping apps, and gathering information from them.

Pinduoduo App Able To Secretly Receive Updates

Check Point Research found that Pinduoduo was able to push updates to the app, without first going through an app store review process to detect malicious code.

Pinduoduo App Programmers Attempted To Obscure Malicious Code

Check Point Research also found that some plug-ins used by the Pinduoduo app tried to obscure potentially malicious code by hiding them under legitimate file names, such as Google’s.

Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality.

Pinduoduo Targeted Android Devices

According to Sergey Toshin, founder of Oversecured, Pinduoduo’s malware specifically targeted Android operating systems used by Samsung, HUAWEI, Xiaomi and OPPO.

He also described the app as “the most dangerous malware” ever found in mainstream apps, exploiting about 50 Android system vulnerabilities. Most of these exploits targeted customised OEM code used by smartphone brands to customise their smartphone software.

I’ve never seen anything like this before. It’s like, super expansive.

Recommended : Chinese Netizens Explode Over WPS Office Censorship!

Pinduoduo Removed Exploit + Canned Hacking Team

After cybersecurity researchers started reporting about the app, Pinduoduo released version 6.50.0 on March 5, which removed the exploits they found. Two days later, Pinduoduo disbanded its Android hacking team, according to the same employee.

The hacking team members found themselves locked out of Pinduoduo’s workspace communication app, called Knock, and lost access to files on the company’s internal network, with their privileges revoked.

Most of the team was later transferred to work at Pinduoduo’s sister app, Temu. A core group of about 20 cybersecurity engineers however remain at Pinduoduo.

In addition, Sergey Toshin of Oversecured noted that while the exploits were removed in the new version of Pinduoduo, the underlying code remained and could be reactivated to carry out attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Indonesia Bans Steam, PayPal, Epic Games + More!

Indonesia just banned a number of major websites including Steam, Epic Games, PayPal and Battle.net!

Here is what you need to know!

 

Indonesia Banned Steam, PayPal, Epic Games + More!

On 30 July 2022, Indonesians woke up to the shocking discovery that a number of gaming platforms like Steam, Epic Games, Origin, Ubisoft and Battle.net are now banned!

Not only were gaming platforms banned, Indonesia also banned major websites and digital services like PayPal and Waze.

Indonesian netizens have started sharing tips on how to bypass this sudden ban – by using VPN, or changing their DNS servers, to bypass what appears to be an IP block.

 

Why Indonesia Banned Steam, PayPal, Epic Games, Etc!

There was no official announcement by the Indonesian government, but it is likely that Indonesia banned Steam, PayPal, Epic Games and a bunch of other websites and digital platforms because they failed to register as an Electronics System Provider / Penyelenggara Sistem Elektronik (PSE).

On November 24, 2020, the Indonesian Ministry of Communication and Information Technology (Kominfo) imposed a new regulation calling for all local and international digital services to register with them for cybersecurity and user protection purposes.

Failure to comply with that regulation would subject the digital service to being banned / blocked in Indonesia.

Here is a partial list of major websites, platforms and digital services registered with the Indonesian government, and those that have not been registered, or are known to be blocked.

Those on the unregistered list are likely to be blocked, if not already blocked. Interestingly, Telegram is listed as registered, but is currently inaccessible (blocked) in Indonesia.

Registered Unregistered Blocked
LINE
WhatsApp
TikTok
Google
Google Classroom
Google Drive
Gmail
Google Cloud
YouTube
Amazon AWS
Facebook
Telegram
Twitter
Instagram
Discord
Zoom
Gojek
Spotify
Shopee
Lazada
Traveloka
Netflix
Disney+ Hotstar
Zenius
Mobile Legends
LinkedIn
Roblox
Vidio
FB Messenger
Wikipedia
Deezer
Waze
Brainly
Notion
Pinterest
SoundCloud
PayPal
EA
Nintendo
Ubisoft
Mangaku
MediaFire
GitHub
GitLab
Bitbucket
CloudFlare
MS Azure
Amazon
Reddit
DuckDuckGo
Twitch
IMDb
MS Office
Yahoo
IMDb
Patreon

Epic Games
Steam
Uplay
Battle.net
Origin

On July 15 – just 2 weeks earlier – Kominfo warned that digital service providers will be banned in Indonesia on July 21, 2022 if they refused to register.

The deadline for all PSE registration – both domestic and foreign – was set at July 20, 2022. After that, Kominfo would start banning unregistered apps and services.

At that time, Kominfo reported that many major brands and companies have yet to register with them, like Google (which owns YouTube, Google Drive, Gmail, etc.), Meta (which owns WhatsApp, Instagram and Facebook), Twitter, Netflix, PUBG Mobile and Mobile Legends.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Gaming | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

China Fines Didi Global $1.2 Billion For Violating Laws!

China just fined Didi Global a whopping $1.2 billion for violating its cybersecurity, data security and privacy laws!

 

China Fines Didi Global $1.2 Billion For Violating Laws!

On Thursday, 21 July 2022, the Cyberspace Administration of China (CAC) announced that Didi Global breached the country’s cybersecurity law, data security law, and personal information protection law.

The Chinese cyberspace regulator fined Didi Global 8 billion yuan ($1.2 billion), as well as a personal fine of 1 million yuan ($148,000) each on Chairman and CEO Cheng Wei, as well as President Liu Qing (also known as Jean Liu).

The facts of violations of laws and regulations are clear, the evidence is conclusive, the circumstances are serious, and the nature is vile.

Didi Global responded to the regulator’s announcement with a contrite statement “sincerely” accepting the judgement and penalties :

We sincerely accept this decision, and resolutely obey it. We will strictly follow the penalty decision and the requirements of relevant laws and regulations, conduct comprehensive and in-depth self-examination, and actively cooperate with supervision and complete rectification carefully.

We will take this as a warning and further strengthen the construction of cyberspace security and data security, strengthen the protection of personal information, and earnestly fulfill our social responsibilities. We will serve every passenger, driver and partner well, and realize the safe, healthy and sustainable development of the enterprise.

 

What Did Didi Do To Incur China’s Wrath?

According to an FAQ by the CAC, its investigators started their investigation of Didi in July 2021.

After conducting an extensive investigation, they found that Didi conducted data processing activities that “seriously affected national security”, and refused to comply with “the explicit requirements of regulatory authorities” and conducted “malicious evasion” of regulatory supervision.

They also stated that Didi Global committed 16 violations of China’s laws, including :

  1. Didi illegally collected 11.9639 million screenshots from its users’ mobile phone photo albums.
  2. Didi excessively collected 8.323 billion pieces of its users’ clipboard information, and application list information.
  3. Didi excessively collected 107 million pieces of passenger face recognition information, and 53.5092 million pieces of age group information, 16.3556 million pieces of occupational information, 1.3829 million pieces of family relationship information, and 153 million pieces of taxi address information.
  4. Didi excessively collected passengers’ evaluation of the drivers, when the app is running in the background, and 167 million pieces of precise location (longitude and latitude).
  5. Didi excessively collected 142,900 pieces of driver education information, and 53.976 billion pieces of “intent information”, 1.538 billion pieces of resident city information, and 304 million pieces of non-local business/travel information.
  6. Its users are frequently asked to provide “telephone permissions” while using its services.
  7. Inaccurate and clear description of user personal information processing, including device information.

The CAC noted that Didi started its bad practices in June 2015, and continued even after the Cybersecurity Law was implemented in June 2017, the Data Security Law started in January 2022, and the Personal Information Protection Law was implemented in November 2021.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

FCC Commissioner Asks Apple + Google To Remove TikTok!

FCC Commissioner Brendan Carr just publicly asked Apple and Google to remove TikTok from their app stores!

Here is what you need to know about the renewed heat on TikTok!

 

FCC Commissioner Asks Apple + Google To Remove TikTok!

On June 29, 2022, FCC Commissioner Brendan Carr publicly called on Apple and Google to remove TikTok from their app stores.

This move came after leaked TikTok audio recordings obtained by Buzzfeed News revealed that ByteDance staff in China (and possibly the Chinese government) retained extensive access to data on US citizens.

Read more : TikTok Leak Showed China Repeatedly Accessed Private User Data!

In his public letter to Apple CEO Tim Cook, and Google CEO Sundar Pichai, the FCC Commissioner asked that TikTok be removed for “its pattern of surreptitious data practices”.

It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing’s apparently unchecked access to that sensitive data.

But it is also clear that TikTok’s pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive U.S. user data – just some of which is detailed below – puts it out of compliance  with the policies that both of your companies require every app to adhere to as a condition of remaining available on your app stores.

Therefore, I am requesting that you apply the plain text of your app store policies to TikTok and remove it from your app stores for failure to abide by those terms.

FCC Commissioner Carr also labelled TikTok as a “sophisticated surveillance tool” that is designed to harvest “personal and sensitive data“.

At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data.

Indeed, TikTok collects everything from search and browsing histories to keystroke patterns and biometric identifiers, including faceprints – which researchers have said might be used in unrelated facial recognition technology – and voiceprints.

It collects location data as well as draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard. The list of personal and sensitive data it collects goes on from there.

This should come as no surprise, however. Within its own borders, the PRC has developed some of the most invasive and omnipresent surveillance capabilities in the world to maintain authoritarian control.

Carr ended his letter with an “ultimatum” of sorts – if Apple and Google do not remove TikTok from their app stores, they need to provide “separate responses” to him by July 8, 2022, explaining why TikTok does not contravene their App Store policies.

As of June 30, 2022, TikTok is still available to download in the US app stores of both Apple and Google.

If Apple and Google acts on the FCC Commissioner’s request, TikTok will only be removed from their US app stores. It won’t affect downloads in other countries.

Neither would it prevent users in the US from continuing to use TikTok. They just won’t be able to download it any longer, or update to newer versions.

 

FCC Commissioner Lists History Of TikTok Data Practices!

While the leaked TikTok audio recordings may have precipitated this open letter to Apple and Google, FCC Commissioner Carr pointed to a list of questionable data practices by TikTok in the past.

The list makes for really interesting reading, especially for those who are not up to date on TikTok’s privacy and data security issues :

  • In August 2020, TikTok circumvented a privacy safeguard in Google’s Android operating system to obtain data that allowed it to track users online.
  • In March 2020, researchers discovered that TikTok, through its app in the Apple App Store, was accessing users’ most sensitive data, including passwords, cryptocurrency wallet addresses, and personal messages.
  • In 2021, TikTok agreed to pay $92 million to settle lawsuits alleging that the app “clandestinely vacuumed up and transferred to servers in China (and to other servers accessible from within China) vast quantities of private and personally identifiable user data and content that could be employed to identify, profile, and track the physical and digital location and activities of United States users now and in the future.”
  • In March 2022, a report included current and former TikTok employees stating in interviews that TikTok delegates key decisions to ByteDance officials in Beijing and that an employee was asked to enter sensitive information into a.cn domain, which is the top-level domain operated by the Chinese government’s Ministry of Industry and Information Technology.
  • Earlier, in 2019, TikTok paid $5.7 million to settle Federal Trade Commission allegations that its predecessor app illegally collected personal data on children under the age of 13.
  • India- the world’s largest democracy–has already banned TikTok on national security grounds for stealing and surreptitiously transmitting user data in an unauthorized manner.
  • Multiple U.S. military branches have also banned TikTok from government-issued devices due to national security risks, including the Navy, Army, Air Force, Coast Guard, and Marine Corps.
  • U.S. government officials have also urged troops and their dependents to erase the app from their personal phones.
  • U.S. national security agencies have similarly banned TikTok from official devices citing national security risks, including the Department of Defense, Department of Homeland Security, and the TSA.
  • The RNC and DNC have warned campaigns about using TikTok based on security concerns and the threat of officials in Beijing accessing sensitive data.
  • Citing data security concerns, private U.S. business operations have also banned TikTok from company devices, including Wells Fargo.
  • Once accessed by personnel in Beijing, there is no check on the CCP using the extensive, private, and sensitive data about U.S. users for espionage activities because compliance with the PC’s 2017 National Intelligence law is mandatory in China.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

TikTok Leak : China Repeatedly Accessed Private User Data!

Leaked audio from internal TikTok meetings show that private user data has been repeatedly accessed from China!

Here is what you need to know…

 

Privacy Promise By TikTok : Overseas Data Stored In US + Singapore

For many years now, TikTok has repeatedly assured users that all data collected from users outside of China, stays out of China and is thus, not accessible to anyone in China.

To ensure that the Chinese government has no access to the data, one of the measures they took was to store all data collected overseas in servers located in the United States, with backups in Singapore.

This was explicitly stated in their New Privacy Policy :

We store the information described in the What Information We Collect section in servers located in the United States and Singapore.

Most people may not realise this, but they also added a caveat right after that, stating that their Corporate Group (in China) may remotely access the data…

When entities in our Corporate Group need information to help us provide the Platform, they remotely access the information pursuant to authorised and secure access controls.

 

TikTok Leak : China Repeatedly Accessed Private User Data!

Buzzfeed News recently received audio recordings from more than eighty (80) internal TikTok meetings, in which employees admitted that engineers in China accessed private user data.

This was despite a TikTok executive’s sworn testimony at an October 2021 US Senate hearing at the same time period, that a “world-renowned, US-based security team” decides who gets access to the private user data.

Instead, the leaked audio revealed that US staff did not have permission or knowledge of how to access the data. Rather, it was their colleagues in China who determined how and who accessed the private user data.

The leaked tapes ultimately show that TikTok may have misled lawmakers, users, and the public by downplaying the fact that their private data is readily accessible by employees in China, and potentially, the Chinese government.

Everything Is Seen In China

Eight different employees stated in nine statements that they had to refer to their colleagues in China to make those decisions.

Everything is seen in China“, said a member of TikTok’s Trust and Safety department in a September 2021 meeting.

In another September 2021 meeting, a TikTok director referred to a Beijing-based engineer as a “Master Admin” who “has access to everything“.

There’s Some Backdoor To Access User Data…

Fourteen of the leaked audio recordings were with, or about, a team of Booz Allen Hamilton consultants that TikTok brought in to investigate how data flows through TikTok and ByteDance’s internal tools.

In September 2021, one Booz Allen Hamilton consultant told colleagues that the tools felt like they had backdoors to access user data :

I feel like with these tools, there’s some backdoor to access user data in almost all of them, which is exhausting.

Oracle Only Providing Storage For Project Texas

TikTok has been working on what they call Project Texas – securely storing overseas data in Oracle cloud servers to comply with CFIUS (Committee on Foreign Investment in the United States).

Project Texas is limited to protecting the private information of US users, like phone numbers and birthdays – details that are not publicly visible, or have been set to private.

Such data will be stored at an Oracle datacenter in Texas – hence the name, and would only be accessible to specific US-based TikTok employees.

However, TikTok’s head of global cyber and data defense made clear that Oracle was only providing the data storage space for Project Texas. Ultimately, TikTok would be setting up the servers, and controlling everything.

It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we’re building our VMs [virtual machines] on top of it.

Unique IDs Not Protected Information

In one of the leaked audio recordings from a January 2022 meeting, TikTok’s head of product and user operations announced with a laugh that the Unique ID (UID) will not be amongst the protected content under the CFIUS agreement.

The conversation continues to evolve. We recently found out that UIDs are things we can have access to, which changes the game a bit.

Other Data Not Stored On Oracle Servers

The problem with Project Texas is that it only addresses US users… and only a small subset of their data.

Everything else – including private user data from non-US countries – will stay in their US and Singapore servers that remain accessible to ByteDance’s Beijing offices.

 

Response By TikTok : 100% US Data Traffic Routed To Oracle

TikTok publicly announced on the same day – June 17, 2022, that it changed the “default storage location of US user data“, and that “100% of US user traffic is being routed to Oracle Cloud Infrastructure“.

Although they “expect” to fully pivot to Oracle cloud servers located in the US, they will continue to use their existing US and Singapore servers for backup, and delete US users’ private data over time.

While this may address some of the privacy concerns for US users, it does not address the other privacy concerns revealed in the leaked audio recordings… or the privacy concerns of non-US users.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Enable + Disable MySJ Trace In MySejahtera Ver. 5.0

Here is our UPDATED video + pictorial guide on how to ENABLE and DISABLE MySJ Trace in MySejahtera!

Updated @ 2022-01-24 : Added a solution for MySJ Trace not working on Android 12 devices.

Updated @ 2022-01-06 : Added two solutions for people who cannot enable MySJ Trace.
Updated @ 2022-01-02 : Added a new method on disabling MySJ Trace, and a new video guide.
Updated @ 2021-12-30 : Added two methods on disabling MySJ Trace, and a new video guide.
Originally posted @ 2021-12-29

 

Why Enable MySJ Trace In MySejahtera?

MySJ Trace is a new MySejahtera feature, which allows for more accurate contact tracing, and removes the need to manually check out from locations.

Once enabled, your phone will use Bluetooth to communicate with other phones that have MySJ Trace enabled, to determine the distance and length of contact. This eliminates the need to manually check-out.

The proximity data it collects allows Malaysia Ministry of Health (KKM) to accurately determine if you are a close contact of a COVID-19 positive person.

Obviously, this feature only works if everyone has MySJ Trace enabled, so please enable it!

Read more : What You Need To Know About The New MySJ Trace Feature!
Read more : MySJ Trace : Answers To Your Frequently Asked Questions!

 

Why Disable MySJ Trace In MySejahtera?

Some people are worried that the government is using MySJ Trace to track their movements, but that’s really not possible.

Others are worried about the battery life that the persistent Bluetooth connection will consume. As it uses Bluetooth Low Energy (BLE) technology, the power consumption is very low.

Even so, the battery consumption is a valid concern for some users, especially those who are using smartphones with very small or ageing batteries.

However, I highly recommend you try MySJ Trace before turning it off and on like that. From my personal experience, it really uses very little power.

Read more : Can The Government Use MySJ Trace To Track You 24/7?

 

How To Enable + Disable MySJ Trace In MySejahtera!

I created this video to show you how to enable and disable MySJ Trace in MySejahtera.

Note : This is the extended version, which includes the method to permanently disable MySJ Trace.

For those who prefer a step-by-step guide with pictures, please skip to the next section.

 

How To Enable MySJ Trace In MySejahtera?

MySJ Trace is (currently) NOT mandatory and is an opt-in feature, so you actually have to manually enable it, if you want to participate.

Step 1 : Update to the MySejahtera version that has MySJ Trace.

Step 2 : Open MySejahtera, and you will see a black MySJ Trace section in the default Check-in screen.

Step 3 : Tap on Setup MySJ Trace to begin the setup process.

Step 4 : Tap on the Start button in the initial explainer screen.

Step 5 : Tap the I agree button to consent to give your “interaction information” for the past 14 days to the Malaysia Ministry of Health for “contact tracing purposes”.

Step 6 : In the App Permissions screen, tap on the Allow button.

Step 7 : First, you will be asked to allow MySejahtera to access your smartphone’s location. Tap on While using the app.

Step 8 : Next, you will be asked to allow MySejahtera to detect your location all the time. Tap on Allow all the time.

Step 9 : Now, you will be asked to enable Bluetooth, if it is not already enabled.

Step 10 : Once all necessary permissions have been enabled, just tap on the Close button.

That’s it! You have now activated MySJ Trace in MySejahtera.

 

What If You Can’t Enable MySJ Trace In MySejahtera?

Quite a few people have reported to us that tapping on the Allow button doesn’t do anything (Step 6). Here are some solutions…

iOS Devices : Manually Turn On Bluetooth

In your iOS device, there are two ways to turn on Bluetooth :

  1. Go to Settings > Bluetooth, and tap on the toggle to turn it on
  2. Pull down the Notification Center, and tap on the Bluetooth icon to turn it on.

After turning on Bluetooth manually, set up MySJ Trace again from Step 3. It should now work.

Android Devices : Manually Turn On Bluetooth + Location

In your Android device, there are two ways to turn on Bluetooth :

  1. Go to Settings > Connections, and tap on the Bluetooth toggle to turn it on
  2. Pull down the notification tray, and tap on the Bluetooth icon to turn it on.

After turning on Bluetooth manually, you should also manually enable Location permission :

Step 1 : Go to Settings > Apps > MySejahtera > Permissions.

Step 2 : Tap on the Location option under the list of Allowed permissions.

Step 3 : Tap on Allow All the time.

After this, set up MySJ Trace again from Step 3. It should now work.

Android 12 Devices : Enable Nearby Devices

MySJ Trace may stop working once your device is upgraded to Android 12.

Here is what you need to do to get MySJ Trace working again with Android 12 devices:

Step 1 : Go to Settings > Apps > MySejahtera > Permissions.

Step 2 : Tap on the Nearby devices option under the list of Not allowed permissions.

Step 3 : Tap on the Allow option.

MySJ Trace will now work without further action!

Read more : Why MySJ Trace Stopped Working With Bluetooth Enabled?

 

How To Disable MySJ Trace In MySejahtera?

Quickly + Temporarily Disable MySJ Trace

MySejahtera does not offer any option to turn off MySJ Trace once you set it up, but if you prefer to turn off MySJ Trace to “protect your privacy“, or to save a little power, there is an easy way to do it.

All you have to do is disable Bluetooth connectivity, and MySJ Trace is immediately disabled. That’s because MySJ Trace relies on Bluetooth to determine your proximity to other users.

You can do that by pulling down the notification tray in your smartphone, and tapping on the active Bluetooth icon to disable it. Alternatively, you can disable it in your device settings.

Once disabled, the MySJ Trace section in the MySejahtera check-in screen will now ask you to setup again. But there is no need to set it up again.

Whenever you want to re-enable MySJ Trace, all you have to do is re-enable Bluetooth, and MySJ Trace will immediately start working again. Essentially, your smartphone’s Bluetooth connectivity now acts as a toggle for MySJ Trace.

Permanently Disable MySJ Trace

For those who want to permanently disable MySJ Trace, without disabling Bluetooth, reinstalling MySejahtera works for both Android and iOS devices. This is the only known solution for iOS devices.

Android devices, on the other hand, have two alternatives – disabling location permission, or clearing app data.

Option A : Disable Location Permission

Here are the steps to disable Location Permission for MySejahtera in your Android device :

Step 1 : Go to Settings > Apps > MySejahtera > Permissions.

Step 2 : Tap on the Location option under the list of Allowed permissions.

Step 3 : Tap on Allow only while using the app or Deny.

That’s it! Once you go out, MySJ Trace will be permanently disabled in MySejahtera.

Credit : I would like to thank Kyle Hudsons for pointing this out to us.

Option B : Clear MySejahtera App Data

Here are the steps to clear the MySejahtera app data in your Android device :

Step 1 : Go to Settings > Apps > MySejahtera > Storage.

Step 2 : Tap on Clear data. You will be warned that this will remove your MySejahtera account information and database.

Please be warned that if you proceed, your MySejahtera account information will be cleared, together with your past contact history.

Your COVID-19 vaccination history and certificate are stored in the cloud and remain safe, but you will need to log into your MySejahtera account again.

So please do NOT proceed unless you remember your MySJ ID and password!

Step 3 : If you are sure, tap on the OK option to clear the MySejahtera data.

Step 4 : Launch MySejahtera, and log into MySejahtera using your MySJ ID (either your mobile number or email address), and your password.

After you log in, you will see that MySJ Trace has been disabled. You will need to setup MySJ Trace (again) to enable it.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Mobile | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MySJ Trace : Frequently Asked Questions + Answers!

The new MySJ Trace feature has raised many questions, and here are the answers to your frequently asked questions!

 

MySJ Trace : Frequently Asked Questions + Answers!

Ever since the MySejahtera team launched the MySJ Trace feature, many questions were raised by people over its security, privacy, and usability.

So with help from Dr. Mahesh Appannan, the Head of Data at the Crisis Preparedness and Response Centre (CPRC) of the Malaysia Ministry of Health (KKM), here are the answers to some of your frequently asked questions about MySJ Trace!

These answers supplement the original frequently asked questions (FAQ) about the MySJ Trace feature, which you can read in the next section.

Question #1 : Why Does MySJ Lists Interactions Even At Home?

The interactions refers to Bluetooth devices (with MySJ Trace enabled) that your MySejahtera app detected.

MySJ Trace can detect Bluetooth signals from as far as 10 metres away, but can be reduced by barriers (walls, your body, other electronics, etc.)

It will not only detect the smartphones of your family members (with MySJ Trace enabled), but also your neighbours, who can be in the floor above, below, or next to your home.

There is nothing to worry about these “interactions”. It just means you came within 10 metres of people who have MySJ Trace enabled.

Question #2 : Does Interactions Mean Casual / Close Contacts?

No, not all interactions are flagged as casual / close contacts, if you become COVID-19 positive.

The algorithm takes into account the signal strength (RSSI – Received Signal Strength Indicator) that your phone detects, and your exposure time.

The parameters used to classify casual or close contacts are refined over time for maximum accuracy. For example, if the Omicron variant becomes widespread, the exposure time will be shortened, and the distance extended, for someone to be considered a casual / close contact.

Question #3 : Why Do People In The Same Family Have Different Number Of Interactions?

Even if your family goes out together, you may all have different number of interactions, because it depends on a variety of facts :

  • your individual proximity to other people,
  • anything that blocks Bluetooth signals – their bodies, other electronics, electronic keys, etc.
  • whether you are holding the phone, or it is in your pocket, etc.

Question #4 : Does MySJ Trace Transmit My Data With Each Interaction?

No. There is no handshake or exchange of information with each interaction.

MySJ Trace detects the Bluetooth signal of other phones, and logs when that “interaction” occurred, and the signal strength.

It’s like listening to the radio – the broadcaster does not receive anything in return.

Question #5 : Does MySJ Trace Transmit My Data?

No. MySJ Trace stores all of the recorded data in your phone, and does not automatically upload it.

Only if you are COVID-19 positive, are you asked to upload your contact history for the last 14 days, so that people who were your close contact can be notified.

MySJ Trace requires your explicit consent to transmit your data to the Malaysia Ministry of Health (KKM).

Question #6 : How Long Does MySJ Trace Store Data?

MySJ Trace only stores data for the last 14 days, on a First-In, First-Out basis.

All data older than the most recent 14 days are automatically purged.

Question #7 : Why Do You Still Need To Check In Using QR Code?

First – not everyone is using MySJ Trace, so there still needs to be an alternative contact tracing method.

The QR code check-in function also gives KKM data to undertake faster contact tracing, especially involving a major cluster.

Question #8 : What’s The Difference Between MySJ Trace And QR Code Check-In?

MySJ Trace allows for automatic contact tracing, while QR code check-in gives KKM critical data. In addition :

  • MySJ Trace algorithm is based on time and distance (Bluetooth signal strength), while
  • Check-In algorithm is based only on time

Question #9 : Does MySJ Trace Use A Lot Of Battery Power?

MySJ Trace uses Bluetooth Low Energy (BLE), which consumes significantly lower power than standard Bluetooth wireless communications. The impact on battery life is minimal.

Question #10 : Why Does MySJ Trace Not Use Exposure Notification By Google / Apple?

By Google and Apple standards, an Exposure Notification (EN) app must maintain user anonymity, and record proximity data anonymously. It cannot contain Personally Identifiable Information (PII).

The MySejahtera app necessarily contains your identity, vaccination status and certificates, and so on. Therefore, it cannot comply with Google and Apple’s requirements for an Exposure Notification app.

 

MySJ Trace : Official Answers To Frequently Asked Questions

Here are the official answers to the MySJ Trace frequently-asked questions (FAQ):

1. What is MySJ Trace?

MySJ Trace is a contact tracing application developed by the Government of Malaysia.

It adopts a community-driven approach where participating devices exchange proximity information whenever an app detects another device with MySJ Trace app installed.

This application allows the identification of people who were in close proximity to COVID-19 infected individual

2. What is the difference between MySJ Trace and MySejahtera?

MySejahtera & MySJ Trace are used by the Ministry of Health (MOH) to help manage the COVID-19 pandemic in Malaysia.

MySejahtera allows users to perform quick health-self assessment and for the Ministry of Health (MOH) to monitor users’ health condition and take immediate actions in providing treatments.

Meanwhile, MySJ Trace further complements MySejahtera by detecting and tracing the individuals who are in close contact with the COVID-19 positive patients.

Read more : Can The Government Use MySJ Trace To Track You 24/7?

3. Who developed MySJ Trace?

MySJ Trace was developed through a strategic cooperation between government agencies of Malaysia :

  • Ministry of Science, Technology and Innovation (MOSTI)
  • Ministry of Health (KKM)
  • Administrative Modernisation and Management Planning Unit (MAMPU)
  • Malaysian Institute of Microelectronic Systems (MIMOS)

4. Who are the users of MySJ Trace?

All Malaysian citizens and residents of Malaysia.

5. Where can I download MySJ Trace?

Users only need to update the MySejahtera application to the latest version.

6. How does MySJ Trace function?

MySJ Trace enables participating devices to exchange proximity information whenever the app detects another device with the same app installed. Data collected will be stored and processed only by the MOH officers.

When a user is identified to be COVID-19 positive, the user will initiate a process to upload the data from the user’s smartphone to a secured database managed by the MOH.

7. What is contact tracing?

Contact tracing is an identification process of individuals who may have come into close contact with an infected COVID-19 patient.

It enables the MOH to further trace and contact the individuals and organize a follow-up action.

8. If I have been identified as a close contact, how will I be contacted?

The user will receive an SMS, and a notification in the MySejahtera app.

9. What data are collected by MySJ Trace?

Only these data are collected :

  • Unique User ID (UUID) that is created by the MySejahtera app.
  • Operating system version (Android or iOS)
  • Time of contact
  • Received Signal Strength Indicator (RSSI)

10. Are my personal information that is stored in the app safe?

MySejahtera and MySJ Trace are owned and operated entirely by the Malaysian government. The government guarantees that all information collected and used in the app comply with the information security standards of the government of Malaysia.

11. Does MySJ Trace require Internet connectivity after activation?

Yes, Internet connectivity is required when you first update the MySejahtera app, and during the data uploading process.

12. What devices support MySJ Trace?

MySJ Trace is supported by smartphones that use the Android or iOS operating systems :

  • Android : Version 8.0 and above
    – Non-sleep mode must be set, so MySJ Trace will remain active in both foreground and background modes.
  • iOS : Version 10 and above
    – The phone must be active at all times while the app needs to be in the foreground mode.

13. Must Bluetooth be activated at all times?

Yes, Bluetooth must be activated at all times for MySJ Trace to work properly.

14. Will Bluetooth usage cause high battery usage?

Unlike using Bluetooth to stream music or to a wireless headphone continuously, MySJ Trace uses Bluetooth to only transmit its presence periodically. As such, it uses significantly less power.

15. Will the app use significant battery power if MySJ Trace is left running all the time?

MySJ Trace uses Bluetooth Low Energy (BLE) to minimise battery usage. Therefore, the app does not use significant amounts of battery power to collect persistent contact tracing information.

16. Will MySJ Trace Bluetooth usage affect my other Bluetooth accessories?

MySJ Trace does not affect the use or performance of other Bluetooth accessories like wireless speakers, wireless earphones or headphones, or smartwatches.

17. Why must I allow location permission for the Android version?

Android requires location permission to be granted for any app to access Bluetooth features. However, geolocation data will not be collected.

For iOS, only the Bluetooth function needs to be enabled.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Mobile | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Why You Cannot Check-Out Anymore In MySejahtera!

Find out why you cannot Check-Out anymore in MySejahtera, and what you should do about that!

 

No More Check-Out Function In MySejahtera!

At the end of December 2021, MySejahtera introduced a new version with MySJ Trace. They also removed the Check-Out function at the same time.

I pointed this out in three of my MySJ Trace articles, but people continued to ask me why they can no longer check out.

So let me say it again – MySejahtera REMOVED the Check-Out function, and REPLACED it with MySJ Trace.

Once you install MySejahtera version 1.1.3 or newer, it will no longer have the Check-Out function. So you really only have two options :

  1. Enable MySJ Trace for accurate contact tracing
  2. Keep MySJ Trace disabled, and forget about the Check-Out function.

MySJ Trace is currently optional, and you can continue to use MySejahtera to check into locations, without using MySJ Trace. You just cannot check out anymore.

If you opt to keep MySJ Trace disabled, please note that you run the risk of being wrongly identified as a Casual Contact or a Close Contact. To avoid that, I strongly advise you to enable MySJ Trace.

Don’t worry about power consumption – it uses Bluetooth Low Energy, and uses very little power.

Don’t worry about the government tracking you – your proximity data is only submitted with your consent.

Read more : How To Enable + Disable MySJ Trace In MySejahtera!

 

What Went Wrong With MySejahtera Check-Out Function

MySejahtera introduced a Check-Out function in September 2021, allowing you to check-out from locations to improve contact tracing.

Using this Check-Out function lets contact tracers eliminate you as a casual or close contact, by determining when you left a certain location where a COVID-19 positive person was present.

However, it was a tedious manual process, because checking in and out of locations do not happen in a linear fashion. So many people ended up not checking out sometimes, or not at all.

This led some people to be wrongly identified as a Casual Contact, or even a Close Contact, of a COVID-19 positive person.

To avoid that problem, and to improve contact tracing, we need a better solution. And that solution is MySJ Trace, which uses Bluetooth technology to determine your close contacts, how close they were and how long you were in close contact.

So please enable MySJ Trace, and keep it running, at least while you are out in public. It will accurately monitor and record your close contacts, so you can help KKM trace them if you get infected with COVID-19.

It will also prevent you from being misidentified as a casual or close contact of a COVID-19 positive person.

Read more : What You Need To Know About MySJ Trace!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Mobile | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Why You Should NOT Move WhatsApp Chats To Telegram!

Telegram just highlighted the ability to migrate WhatsApp chats to their app, but you really should NOT do that.

Find out why this is a BIG security and privacy risk than just leaving your chats in WhatsApp!

 

Telegram : Moving Chat History From WhatsApp, Line + KakaoTalk

In a recent version 7.4 update for their iOS app, Telegram announced a new feature – the ability to move your chat messages from other apps like WhatsApp, Line and Kakaotalk to their app.

Curiously, that ability has actually been part of WhatsApp since 2018, when they introduced the ability to export chats to email and other apps.

And while this feature is purportedly available only with the iOS version of Telegram Messenger, you can already do that with existing versions of WhatsApp and Telegram.

 

Why You Should NOT Move WhatsApp Chats To Telegram!

You should note that the privacy risks with WhatsApp have been grossly exaggerated by the media and many Internet “experts”.

For one thing – WhatsApp users have been sharing metadata with Facebook since September 2016, a fact initially lost on many media outlets and “experts”.

But we understand the fear – Facebook is a real snoop. Even so, it would be a mistake to migrate from WhatsApp to Telegram.

Let us share with you why you should NOT migrate from WhatsApp to Telegram, and why it is a BIG mistake to migrate your WhatsApp data to Telegram.

Fact #1 : Telegram Is LESS Secure Than WhatsApp

WhatsApp fully implemented end-to-end encryption across all of their apps and network since 5 April 2016.

End-to-end encryption prevents WhatsApp or Facebook from reading your messages. Only the sender and receiver(s) can read them.

WhatsApp shares a considerable amount of data and metadata that Facebook can use to identify and track your movements and activities. But not the content of your messages.

Telegram, on the other hand, has STILL NOT implemented end-to-end encryption for all messages by default.

Instead, they still insist on offering end-to-end encryption only when you create a Secret Chat.

This leaves the bulk of your messages completely readable by Telegram and anyone who intercepts those messages as they travel from your device through the Internet to the recipient.

The very presence of Secret Chats between certain people is itself metadata that can help oppressive regimes identify their enemies or whistleblowers.

Fact #2 : Your Data Is Stored In Telegram Cloud Servers

All WhatsApp data is stored only in your registered device. WhatsApp also does not retain messages in their servers after they are delivered, and will only store files (like photos and videos) and undelivered messages for 30 days.

It’s the opposite with Telegram – all of your data – messages, photos, videos, documents – is stored in their cloud servers. Even though they are encrypted in storage, Telegram holds the encryption keys, NOT YOU.

This ability has its advantages like convenient access across multiple devices, but it also makes Telegram less secure.

Telegram has access to your encrypted files, including the ability to decrypt them for authorities that legally compels them to do so.

Fact #3 : Moving Your Messages + Media To Telegram Exposes Them

While your chats and media remain within your WhatsApp app, they are encrypted and not available to anyone but yourself (and the recipients).

Migrating your chat messages and media to Telegram would involve sending them unencrypted to Telegram’s servers.

This exposes your hitherto secure chats and media to a man-in-the-middle attack – allowing a third party to snoop or grab a copy of the data as it travels unencrypted to the Telegram servers.

Fact #4 : Facebook Already Has Your Metadata

As we pointed out earlier, WhatsApp has been sharing our metadata with Facebook since September 2016.

So moving your existing chats out of WhatsApp won’t limit or reduce your exposure. That horse has long bolted from the stable.

Moving your chat history and files to Telegram will just offer a new attack surface for cybercriminals and oppressive regimes.

Fact #5 : Facebook Will Still Have Your Data If You Still Use Facebook!

Here is the other thing that people don’t realise – migrating from WhatsApp to another messaging app is pointless if you do not also stop using Facebook.

As long as you still use Facebook, they will still have access to a consideration amount of metadata. Losing your WhatsApp metadata just gives them less metadata.

After all, Facebook can track your movements and activity even if you are NOT on Facebook! This is what they call Off-Facebook Activity.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Hello? WhatsApp Is Already Sharing Data With Facebook!

People are worried that a new WhatsApp privacy policy update will force them to share data with Facebook.

Well, here’s the real surprise – don’t you know that WhatsApp is already doing that?

Find out what’s going on, and what WhatsApp is really changing…

 

New WhatsApp Privacy Policy : Share Data With Facebook?

Many of you may have woken up to this pop-up on WhatsApp, alerting you to a change in its terms and privacy policy, which takes effect on 8 February 2021.

While you can delay the decision by clicking NOT NOW, you have to accept the new terms and privacy policy, to continue using WhatsApp.

Otherwise, the alert subtly suggests, you should “delete your account”.

 

Hello? WhatsApp Is Already Sharing Data With Facebook!

Many WhatsApp users are shocked by this new development, and pondering about whether they should jump to Telegram or some other instant messenger.

What’s more egregious though is that many websites are “warning” their readers about this new, shocking development.

The fact of the matter is – WhatsApp has been sharing data with Facebook for years!

In The Beginning : Private Communication Assured

After Facebook bought WhatsApp for a cool US$19 billion, Jan Koum set the record straight on 17 March 2014 :

Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don’t have to give us your name and we don’t ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that.

2016 : WhatsApp Starts Sharing Data With Facebook

In August 2016, WhatsApp announced that they would start sharing data with Facebook, after rolling out end-to-end encryption.

[B]y coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you’ve never heard of.

At that time, WhatsApp offered existing users a special one-time only option to opt-out of the data sharing, but only if they did it within 30 days.

If you are an existing user, you can choose not to have your WhatsApp account information shared with Facebook to improve your Facebook ads and products experiences. Existing users who accept our updated Terms and Privacy Policy will have an additional 30 days to make this choice by going to Settings > Account.

If you did not opt-out within 30 days back in August 2016, your data would be shared with Facebook.

This opt-out option was NOT provided to new WhatsApp users who registered on or after 25 August 2016.

After 24 September 2016 : WhatsApp Has Been Sharing Data With Facebook

With the singular exception of existing users who managed to opt-out by 24 September 2016, the data of every other WhatsApp user has been shared with Facebook.

8 February 2021 Onwards : More Information Is Shared

What will really change from 8 February 2021 onwards is the additional information that WhatsApp will share with Facebook :

  • Status Information. You may provide us your status if you choose to include one on your account. Learn how to use status on Android, iPhone, or KaiOS.
  • Transactions And Payments Data. If you use our payments services, or use our Services meant for purchases or other financial transactions, we process additional information about you, including payment account and transaction information. Payment account and transaction information includes information needed to complete the transaction (for example, information about your payment method, shipping details and transaction amount). If you use our payments services available in your country or territory, our privacy practices are described in the applicable payments privacy policy.
  • Location Information. We collect and use precise location information from your device with your permission when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or locations others have shared with you. There are certain settings relating to location-related information which you can find in your device settings or the in-app settings, such as location sharing. Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country). We also use your location information for diagnostics and troubleshooting purposes.
  • User Reports. Just as you can report other users, other users or third parties may also choose to report to us your interactions and your messages with them or others on our Services; for example, to report possible violations of our Terms or policies. When a report is made, we collect information on both the reporting user and reported user.
  • Businesses On WhatsApp. Businesses you interact with using our Services may provide us with information about their interactions with you. We require each of these businesses to act in accordance with applicable law when providing any information to us.When you message with a business on WhatsApp, keep in mind that the content you share may be visible to several people in that business. In addition, some businesses might be working with third-party service providers (which may include Facebook) to help manage their communications with their customers. For example, a business may give such third-party service provider access to its communications to send, store, read, manage, or otherwise process them for the business. To understand how a business processes your information, including how it might share your information with third parties or Facebook, you should review that business’ privacy policy or contact the business directly.

 

Opted Out In 2016? It Is Still Honoured!

WhatsApp will apparently continue to honour the decision of those who opted-out of data sharing in August 2016.

For those who opted out, you can agree to the new policy, and your data will still NOT be shared with Facebook.

To check if you opted-out in August 2016, you will need to check in your WhatsApp account – Settings > Account > Request Account Info.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Fact Check : Fat Bidin Claims On MySejahtera Snooping!

Wan Azlee, who goes by Fat Bidin, claims that MySejahtera is mining private information from our phones.

Find out what he discovered, and what the FACTS really are!

Updated @ 2020-12-03 : Added MySejahtera version history for more context.

Updated @ 2020-12-01 : Added more information, including how to disable permissions in Android and iOS for the paranoid.

Originally posted @ 2020-11-30

 

Fat Bidin : MySejahtera Is Mining Information From Our Phones!

In Episode 41 of Fat Bidin Knows Everything, Wan Azlee claimed (between mouthfuls of oats) that MySejahtera is mining a wealth of private information from our phones.

His evidence? A report by the Exodus Privacy website, stating that MySejahtera has 6 trackers and 24 permissions.

He went through the 24 permissions and made these concerning observations about MySejahtera :

  • it can take control of your phone and pair it with your Bluetooth devices
  • directly call phone numbers
  • find accounts on your phone
  • read your contacts in your phone
  • read the contents of your SD card
  • modify or delete the contents of your SD card
  • prevent your phone from sleeping
  • modify your contacts

Phwoarrrr…. shocking, isn’t it? Wan Azlee / Fat Bidin then asks the Malaysia Ministry of Health to be transparent and tell us what’s going on.

Well, let’s take a closer look at his claims…

 

Fat Bidin On MySejahtera Is Mining Our Information : A Fact Check

Wan Azlee is very articulate, but Fat Bidin honestly doesn’t quite know everything… and here’s why.

Fact #1 : That MySejahtera Version Was From April 2020

Fat Bidin posted his video on 24 November 2020, and we noticed that he was checking an old version of MySejahtera – version 1.0.10, that was posted way back in April 2020.

For the record, there has been FOURTEEN UPDATES since that version :

  • 1.0.11 : 23 April 2020
  • 1.0.12 : 28 April 2020
  • 1.0.13 : 3 May 2020
  • 1.0.15 : 4 May 2020
  • 1.0.16 : 13 May 2020
  • 1.0.17 : 23 May 2020
  • 1.0.18 : 30 May 2020
  • 1.0.19 : 3 June 2020
  • 1.0.20 : 28 June 2020
  • 1.0.21 : 30 June 2020
  • 1.0.22 : 21 July 2020
  • 1.0.23 : 29 July 2020
  • 1.0.24 : 11 August 2020
  • 1.0.25 : 5 November 2020

The latest version of MySejahtera – version 1.0.25 –  was released on 5 November 2020 – 19 days before Wan Azlee posted his video.

Why on Earth would he focus on a 6 month-old version of the app, when there is a much newer version?

Fact #2 : Exodus Posted Their Latest MySejahtera Report On 20 November 2020

Exodus posted their latest report on the latest version of MySejahtera (version 1.0.25) on 20 November 2020 at 10:47 am (as you can see in this screenshot).

That was 4 days before Wan Azlee posted his video, so why didn’t he use this new report instead?

Fact #3 : MySejahtera Has 1 Tracker + 14 Permissions According To Exodus

According to the November 20 Exodus report, MySejahtera has 1 tracker – Google Firebase Analytics, and 14 permissions, of which the highlighted ones were :

  • ACCESS_COARSE_LOCATION : access approximate location (network-based)
  • ACCESS_FINE_LOCATION : access precise location (GPS and network-based)
  • CALL_PHONE : directly call phone numbers
  • CAMERA : take pictures and videos
  • READ_EXTERNAL_STORAGE : read the contents of your SD card
  • WRITE_EXTERNAL_STORAGE : modify or delete the contents of your SD card

We immediately noticed that several controversial permissions are no longer in it :

  • GET_ACCOUNTS : find accounts on the device
  • READ_CONTACTS : read your contacts
  • WRITE_CONTACTS : modify your contacts

So if you are worried that MySejahtera is reading your contacts or modifying them, just UPDATE it to the latest version 1.0.25!

Fact #4 : Actual Permissions Are Fewer

When we checked MySejahtera 1.0.25 as installed in our phone, we found that it actually asked for and used only 11 permissions, instead of 14 as reported by Exodus.

The report also offered a bit more context about those permissions. For instance, location data is only made available when you are actively using the app.

That’s because the location data is used by MySejahtera for its Hotspot Tracker and Locate Health Screening Facility features.

In your phone, you can tap on them for more information on what they allow the app to do.

Fact #5 : Apps Need To Read, Modify + Delete Their Own Data

The permission to read, modify and delete content on our phone may seem ridiculous, but it is a necessity for most apps.

Unless the apps is merely a container for a website or web service, it needs to store data, and modify or delete it when necessary.

Fact #6 : Access To External / SD Card Is Necessary

Most developers will also ask for the permission to read, modify and delete content to the (micro) SD card, because of Adoptable Storage.

Adoptable Storage is a feature that lets smartphones use external storage (like a microSD card) as if it is part of their internal storage.

When a microSD card is used this way, apps like MySejahtera can be installed on it. Therefore, it would require permission to read, modify and delete its own data on the external storage card.

Fact #7 : Android Restricts Data Snooping

Apps that have access to read / modify / write external storage are allowed to access files from other apps. However, this is limited to only these three media collections :

  • MediaStore.Images
  • MediaStore.Video
  • MediaStore.Audio

MySejahtera, or any other app with similar permissions, cannot read / modify / delete data outside of those three media storage locations.

Fact #8 : MySejahtera Has A Privacy Policy

Like all other Android and iOS apps, MySejahtera has a privacy policy, where it is stated clearly that

MySejahtera is owned and operated by the Government of Malaysia. It is administrated by the Ministry of Health (MOH) and assisted by the National Security Council (NSC) and the Malaysian Administrative Modernisation and Management Planning Unit (MAMPU). The Government assures that the collection of your personal information is align with Personal Data Protection Act 2010 (Act 709).

The app will not record user’s Personal Data except with the permission and voluntarily provided by the user. Information collected are used for monitoring and enforcement purposes by Government authorities in dealing with the COVID-19 pandemic. This information is not shared with other organizations for other purposes unless specifically stated.

Fact #9 : You Are Protected By PDPA 2010 (Act 709)

We are all protected by the Personal Data Protection Act 2010 (Act 709).

Anyone who is caught sharing our personal data without permission is be liable to a fine not exceeding three hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.

Fact #10 : You Can Disable Permissions

You can view and disable any permission that worries you :

Android

  1. Go to Settings > Apps >  MySejahtera > Permissions.
  2. Tap on the permission you don’t want, and select Deny.

Apple iOS

  1. Go to Settings > MySejahtera.
  2. Disable the permissions you don’t want.

But note that doing this will likely break some features in MySejahtera.

Fact #11 : Many Other Apps Are Worse For Your Privacy

When it comes to privacy, we have bigger fishes to fry. Take a look at how many trackers and permissions these four popular apps require.

They make MySejahtera look absolutely privacy-conscious!

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Warning : Using A Camera Cover Can Damage Your MacBook!

After years of letting third-party companies sell camera covers, Apple just issued a warning that using a camera cover can damage your MacBook laptop!

Find out what’s going on, and why using a camera cover may be critical for your privacy, but can damage your MacBook!

 

Warning : Using A Camera Cover Can Damage Your MacBook!

In a new technical advisory, Apple warns that closing your MacBook laptop with a camera cover attached could physically damage the display, due to the limited clearance between the display and the chassis.

In addition, installing a camera cover can block the ambient light sensor located next to the camera. This will prevent features like automatic brightness and True Tone from working properly.

If you close your Mac notebook with a camera cover installed, you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances.

Covering the built-in camera might also interfere with the ambient light sensor and prevent features like automatic brightness and technical advisory from working.

Instead of using a camera cover, Apple recommends relying on the camera indicator light to tell you when it is actively recording you.

This is a VERY BAD idea, which we will elaborate in this article : Apple Is Wrong. You Need To Cover Your Mac Camera!

 

What If You MUST Use A Camera Cover?

If your organisation or work requires you to use a camera cover, Apple issued these recommendations :

  • Make sure the camera cover is not thicker than 0.1 mm.
  • Avoid using a camera cover that leaves adhesive residue.
  • If you install a camera cover that is thicker than 0.1 mm, remove the camera cover before closing your computer.

For Americans and anyone else still stuck with Imperial measurements, 0.1 mm = 0.00393 inch.

This example of an ultra-thin camera cover designed for the MacBook is 8X too thick, according to Apple.

It is physically impossible to create a camera cover that thin. In other words, Apple is telling you yet again NOT to use an actual camera cover!

Instead, try using a tiny piece of sticky note. It is not only thin, it is also soft. Just make sure it covers only the camera, and not the ambient light sensor.

 

Recommended Reading

Go Back To > Computer | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


TikTok Caught Spying What We Type In Other Apps!

TikTok was caught spying on what we type in other apps, not once, but TWICE… so far.

Find out what’s going on, and what you should do about it!

 

TikTok : What Is It?

TikTok is a Chinese social networking service built around short video clips. Developed and owned by ByteDance which is based in Beijing, it is very popular amongst young people and even children.

This has led to numerous controversies as TikTok proved slow or reluctant to remove dangerous or racist videos :

 

TikTok Caught Spying What We Type In Other Apps… TWICE!

Beyond their obvious desire to grow their service at the expense of the danger to real people, there have been cybersecurity and privacy concerns about TikTok.

In a space of just four months, TikTok has been caught spying on what we type in OTHER APPS… not once, but TWICE. Take a look at this video expose…

TikTok Caught Spying On What We Type : First Time

Let’s start in March 2020, when Talal Has Bakry and Tommy Mysk exposed how they found that TikTok was spying on what we typed in other apps through the pasteboard / clipboard.

In the video above, you can see how TikTok immediately asked to read all text stored in the pasteboard, whenever it is launched.

The pasteboard contains everything you copied earlier – messages from other people, quotes from an article, or far more sensitive stuff like your password or account number.

And because of Apple’s universal clipboard feature, this means everything you copy on your Mac or iPad will be available on your iPhone, and therefore TikTok.

To be clear, TikTok was just one of the many apps that they found to be spying on what we type. Here were the apps they confirmed were spying on the pasteboard / clipboard.

News Games Social Other
ABC News
Al Jazeera English
CBS News
CNBC
Fox News
News Break
New York Times
NPR
itv Nachrichten
Reuters
Russia Today
Stern Nachrichten
The Economist
The Huffington Post
The Wall Street Journal
VICE News
8 Ball Pool
AMAZE!!!
Bejeweled
Block Puzzle
Classic Bejeweled
Classic Bejeweled HD
Flip The Gun
Fruit Ninja
Golfmasters
Letter Soup
Love Nikki
My Emma
Plants vs. Zombies Heroes
Pooking – Billiards City
PUBG Mobile
Tomb of the Mask
Tomb of the Mask: Color
Total Party Kill
Watermarbling
TikTok
ToTalk
Tok
Truecaller
Viber
Weibo
Zoosk
10% Happier: Meditation
5-0 Radio Police Scanner
Accuweather
AliExpress Shopping
Bed Bath & Beyond
Dazn
Hotels.com
Hotel Tonight
Overstock
Pigment – Adult Coloring Book
Recolor Coloring Book to Color
Sky Ticket
The Weather Network

At that time, TikTok told Zak Doffman that it was Google Ads that was snooping into the pasteboard / clipboard.

The clipboard access issues showed up due to third-party SDKs, in our case an older version Google Ads SDK. We are in the processes of updating so that the third-party SDK will no longer have access.

They claimed it was because TikTok was using an older Google Ads SDK, which they have since replaced with a newer version.

TikTok Caught Spying On What We Type : Second Time

BFast forward to June, and the release of iOS 14 beta. The new clipboard warning feature in iOS 14 appears to have caught TikTok spying on the pasteboard / clipboard once again.

In the dramatic video shared by Jeremy Burge – the 1:35 point in our video above – he shows TikTok grabbing the contents of his iPhone’s clipboard every 1-3 keystrokes, as he typed in Instagram!

Okay so TikTok is grabbing the contents of my clipboard every 1-3 keystrokes. iOS 14 is snitching on it with the new paste notification
— Jeremy Burge (@jeremyburge) June 24, 2020

This is even more egregious than the first time they spied on the pasteboard / clipboard! Instead of just looking at what you copied into the clipboard earlier, TikTok is literally reading what you are typing in a different app!

TikTok claimed that this issue was “triggered by a feature designed to identify repetitive, spammy behaviour“, and that they have already submitted an updated app without this “anti-spam feature“.

 

TikTok Caught Spying : What Should YOU Do?

If you are not a frequent TikTok user, the answer is simple – UNINSTALL TikTok.

If you really like TikTok, you should immediately update to the latest version, which ByteDance claims will no longer read your clipboard because it has both an updated Google Ads SDK, as well as their anti-spam feature removed.

Either way, if you are concerned about privacy issues with TikTok, you should write to privacy@tiktok.com and express your deep concerns about not letting them read what you are typing, whether it is in their app or other apps.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | Cybersecurity Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Fine For Scratching Nose A Wake-Up Call On AI Surveillance!

The recent case of a Chinese driver getting fine for scratching his face is a funny example of current AI surveillance technology. Yet it is also a wake-up call on the dangers of pervasive AI surveillance by the state.

 

Fined For Scratching Nose By AI Surveillance System!

A Jinan resident, Mr. Liu, was driving his car in the eastern Shandong province, when he raised his hand to touch his face. Most of us unconsciously do that 2 to 5 times per minute!

Unbeknownst to him, one of the many AI surveillance cameras in the city noticed his action, and issued him a fine of 50 yuan* and 2 demerit points for “driving while holding a phone“.

* Approximately $7.25 / £5.70 / €6.50 / RM 30

The Jinan AI surveillance system also sent him this screenshot of his traffic violation, as captured at 7:20 AM on 20 May 2019.

Just like many automated systems (looking at you, Facebook and Google!), there was no way to dispute the charge. Mr. Liu tried to sort out the situation over the phone, but “no one would help him“.

He only got justice by appealing to the court of public opinion on Sina Weibo, where his post went viral. Only then did the Jinan traffic police department take notice and investigate his complaint.

Two days later, they cancelled his ticket after confirming that he was only touching his face, and not actually using a phone while driving.

 

AI Surveillance In Chinese Cities

China has been working hard at developing smart cities, as part of their social engineering efforts to quell political dissent and encourage Chinese citizens to “behave properly”.

There are already over 170 million surveillance cameras across China, with a projected 400 million surveillance cameras installed by next year. And they are all controlled by AI surveillance systems.

Such extensive surveillance coverage has allowed the Chinese government to detect crimes and punish their citizens for them. It also feeds the new Social Credit System – a national reputation system that assess the economic and social reputation of every Chinese citizen and business.

However, such pervasive surveillance has led to serious privacy implications for the Chinese citizenry. Anyone who wants to understand the power, allure and dangers of AI surveillance should watch the TV series, Person of Interest.

 

The Dangers Of AI Surveillance

While AI surveillance technology is now quite incredible, this case has exposed its vulnerabilities and limitations.

  1. Human oversight is still necessary, because AI surveillance is not accurate enough to detect false positives.
  2. It may be tempting to make the AI surveillance system the judge, jury and executioner, but such systems need to implement the principle of “guilty beyond a reasonable doubt“, and that means ignoring anything that is not close to a 99.9% match.
  3. There should be an appeal system in place. It took a viral social media post to alert the Jinan traffic police department to the mistake.
  4. There is also the question of personal data security. Can the government securely store the data, without unsanctioned or illegal access? How long should they store the information before they are deleted?

 

Alibaba Cloud + The Malaysia City Brain

Alibaba Cloud is one of the chief architects of Chinese smart city initiative and AI surveillance capabilities with their ET City Brain that runs on their Tianchi Platform.

Last year, Alibaba Cloud announced their collaboration with the Malaysia Digital Economy Corporation (MDEC) to introduce the Malaysia City Brain.

The first phase of the Malaysia City Brain will kickstart with 382 AI traffic cameras at 281 traffic light junctions in Kuala Lumpur.

Although the Malaysian government is ostensibly implementing the Malaysia City Brain to “optimise the flow of vehicles and timing of traffic signals“, it is really a short step to the Chinese model of population and crime surveillance.

 

Recommended Reading

Go Back To > Cybersecurity| Enterprise | AutomotiveTech ARP

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


FB Messenger, Instagram + WhatsApp Integration Clarified!

Since the story broke about the Facebook Messenger, Instagram and WhatsApp integration plan, the world exploded in a mixture of shock, apoplexy, and righteous indignation.

Take a DEEP BREATH and CALM DOWN. Let us tell you exactly what the FB Messenger + Instagram + WhatsApp integration plan is really about, and what it really means for Facebook and all of us…

 

The FB Messenger + Instagram + WhatsApp Integration Plan Clarified!

What Is Going On?

The New York Times broke the story on 25 January 2019, that Facebook CEO Mark Zuckerberg is working to integrate the messaging services that power Facebook Messenger, Instagram and WhatsApp.

Essentially, he wants all three platforms to use the same messaging platform or protocol to communicate.

Are The Three Apps Being Merged?

NO.

Some reports (looking at your, Forbes and BBC!) have claimed that WhatsApp is merging with Facebook Messenger and Instagram, or that WhatsApp and Instagram will be integrated with Facebook Messenger. That is NOT TRUE.

Facebook is not going to combine all three apps into a single mega-app – the one app to rule them all. WhatsApp, Instagram and Facebook Messenger will continue to be separate apps.

What Exactly Has Changed?

NOTHING at the moment. This FB Messenger + Instagram + WhatsApp integration project is scheduled to be completed by the end of 2019, or early 2020.

Until the new unified messaging protocol is complete and implemented in all three apps, nothing will change. At the moment, all three apps continue to use their existing messaging protocols.

What We Know About The Messenger + Instagram + WhatsApp Integration Plan So Far

Let’s enumerate what we know about the FB Messenger + Instagram + WhatsApp integration plan :

  1. All three apps will still function independently
  2. All three apps will use the same messaging protocol
  3. The new unified messaging protocol will support end-to-end encryption

Why Does Facebook Want To Do This?

Migrating all three apps to a unified messaging protocol or platform has some real advantages for Facebook :

  • far less work is needed to maintain a single platform or set of protocols, than three different platforms or sets of protocols
  • it will extend the reach of their three apps, helping to “encourage” users of one app to use the other two apps.
  • it will make it easier for them to harvest more information, to create more accurate user profiles.
  • it should make it easier to introduce or extend new features into all three apps, e.g. time-limited Stories.

Is This Good Or Bad For Users?

There are some potential advantages for users…

  • users of any one of those three apps will be able to communicate with each other, without installing the other apps.
  • users of any one of those three apps will be able to share data (photos, videos, files, etc.) with each other, without installing the other apps.
  • it will introduce end-to-end encryption to Instagram, which does not yet support it.
  • potentially, it could mean end-to-end encryption will be enabled by default for Facebook Messenger (which currently only supports end-to-end encryption if you turn on Secret Conversations).
  • it could promote greater accountability and transparency, with a reduction in fake accounts and profiles.

On the other hand, the tighter integration has some serious potential ramifications…

  • it will be harder to obfuscate or separate your profile in one app, from your profiles in the other two apps.
  • any bug or vulnerability in the unified messaging protocol will affect all three apps.
  • any successful attack will cause far greater damage, with far more data lost or stolen.
  • it does not address serious privacy concerns – even if end-to-end encryption is enabled by default for all three apps in the new unified messaging protocol, the metadata isn’t.
  • it may make it more difficult for users to consider alternative apps or services.
  • abusing one app (intentional or otherwise) could get you banned or blocked on all three apps.

How Serious Are These Concerns?

The New York Times reported that Mark Zuckerberg’s “championing” of the FB Messenger + Instagram + WhatsApp integration plan led to “internal strife” over privacy concerns. How bad?

Apparently, it led to the founders of both Instagram (Kevin System and Mike Krieger) and WhatsApp (Jan Koum and Brian Acton) leaving Facebook. Dozens of WhatsApp employees also clashed with Mark Zuckerberg over this integration plan.

But Don’t Panic Just Yet…

There is no need to be one of those headless chickens running around, screaming that the world has ended or is about to end. The WhatsApp Messenger you have come to rely on has not changed, or will change for many more months to come.

The project is still in its infancy. Facebook is internally planning to complete the project by the end of 2019, and probably early 2020. There is still the better part of the year to consider alternative messaging apps out there.

 

Recommended Reading

[adrotate group=”2″]

Go Back To >  Software | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Facebook Privacy Tools Are Now Easier To Find. Yay?

Facebook has been doing a belated job of closing the barn door after the horses have bolted out and rampaged through the village. Now they officially announced that Facebook privacy tools are “easier to find”. Yay for transparency?

Read the official Facebook press release on making privacy tools easier to find… and tell us what you think!

 

Facebook Privacy Tools Now Easier To Find

By Erin Egan, VP and Chief Privacy Officer, Policy and Ashlie Beringer, VP and Deputy General Counsel

Last week showed how much more work we need to do to enforce our policies and help people understand how Facebook works and the choices they have over their data. We’ve heard loud and clear that privacy settings and other important tools are too hard to find and that we must do more to keep people informed.

So in addition to Mark Zuckerberg’s announcements last week – cracking down on abuse of the Facebook platform, strengthening our policies, and making it easier for people to revoke apps’ ability to use your data – we’re taking additional steps in the coming weeks to put people more in control of their privacy.

Most of these updates have been in the works for some time, but the events of the past several days underscore their importance.

Making Data Settings and Tools Easier to Find

Controls that are easier to find and use. We’ve redesigned our entire settings menu on mobile devices from top to bottom to make things easier to find. Instead of having settings spread across nearly 20 different screens, they’re now accessible from a single place. We’ve also cleaned up outdated settings so it’s clear what information can and can’t be shared with apps.

New Privacy Shortcuts menu. People have also told us that information about privacy, security, and ads should be much easier to find. The new Privacy Shortcuts is a menu where you can control your data in just a few taps, with clearer explanations of how our controls work. The experience is now clearer, more visual, and easy-to-find. From here you can:

  • Make your account more secure: You can add more layers of protection to your account, like two-factor authentication. If you turn this on and someone tries to log into your account from a device we don’t recogni​se, you’ll be asked to confirm whether it was you.
  • Control your personal information: You can review what you’ve shared and delete it if you want to. This includes posts you’ve shared or reacted to, friend requests you’ve sent, and things you’ve searched for on Facebook.
  • Control the ads you see: You can manage the information we use to show you ads. Ad preferences explains how ads work and the options you have.
  • Manage who sees your posts and profile information: You own what you share on Facebook, and you can manage things like who sees your posts and the information you choose to include on your profile.

Tools to find, download and delete your Facebook data.

It’s one thing to have a policy explaining what data we collect and use, but it’s even more useful when people see and manage their own information. Some people want to delete things they’ve shared in the past, while others are just curious about the information Facebook has.

So we’re introducing Access Your Information – a secure way for people to access and manage their information, such as posts, reactions, comments, and things you’ve searched for. You can go here to delete anything from your timeline or profile that you no longer want on Facebook.

We’re also making it easier to download the data you’ve shared with Facebook – it’s your data, after all. You can download a secure copy and even move it to another service. This includes photos you’ve uploaded, contacts you’ve added to your account, posts on your timeline, and more.

The Road Ahead

[adrotate group=”2″]

It’s also our responsibility to tell you how we collect and use your data in language that’s detailed, but also easy to understand. In the coming weeks, we’ll be proposing updates to Facebook’s terms of service that include our commitments to people.

We’ll also update our data policy to better spell out what data we collect and how we use it. These updates are about transparency – not about gaining new rights to collect, use, or share data.

We’ve worked with regulators, legislators and privacy experts on these tools and updates. We’ll have more to share in the coming weeks, including updates on the measures Mark shared last week.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Study : People Will Sacrifice Personal Photos For Just 10 Euros!

20 April 2017 – While people claim to value their personal photos more than any other form of data stored on their digital devices, they are happy to sell them for little money, research by Kaspersky Lab shows. A survey has shown that for 49% of people, private and personal photos of themselves are the most precious data they have on their devices, followed by photos of their children and spouses.

The thought of losing these precious memories is considered more distressing for them than the prospect of a car accident, breaking up with a partner, or a quarrel with a friend or family member. However, when confronted with the decision to delete this data for money, people nevertheless gave their digital data – such as photos – away for as little as 10.37 Euros.

 

Yes, People Will Sacrifice Personal Photos For Just 10 Euros!

When asked, people say that digital memories have a special place in their hearts, perhaps because these memories are considered to be irreplaceable. Over two-fifths, for example, say they wouldn’t be able to replace photos and videos of their travels (45%), their children (44%) or themselves (40%).

The survey shows that the thought of losing these personal photos is considered very distressing by most people. In fact, this latest study from Kaspersky Lab indicates that people often value their devices and photos even more than their partners, friends and pets.

Kaspersky Lab asked people how distressed they would be in a number of different scenarios, including the illness of a family member, a breakup with a partner, a car accident, the loss of their digital photos, contacts, and more. Across the globe, the illness of a family member ranked in first place as the most distressing incident that they could experience. The loss or theft of a device, and the loss of digital photos, ranked second and third in multiple regions across the globe leaving car accidents, a break up with a partner, a bad day at work, quarrels with family members and friends, and even in some cases, a pet’s illness, lower in the ranks of distressing incidents.

However, an experiment conducted for Kaspersky Lab by media psychologists at the University of Wuerzburg also showed researchers a contradictory result: despite them claiming to love for their data, people are also ready to sell it for surprisingly little money.

The participants of the experiment were asked to place a monetary value on the data stored on their smartphones – including photos of family and friends, contact information and personal documents. Surprisingly, the values people placed on their data were significantly lower than expected, considering the distress they said they would experience if they were to lose that data. People tended to put more money against their financial and payment details (an average 13.33EUR) than other forms of data. Contact information was considered to be worth 11.89EUR on average and general photos were valued at only 10.37EUR on average.

[adrotate banner=”4″]

Furthermore, the experiment showed that it is people’s most precious memories which they are most likely to exchange for money. When participants were offered payment (based on the sums above) for the deletion of their data (no data was actually deleted), it was the photos of family and friends, personal documents and photos of the participants themselves that were the data categories most often approved for deletion.

“The experiment showed us interesting and reflective results: while people believe that they understand the value of their data, the emotional value isn’t reflected in their everyday actions. On the one hand, people seem to be aware of the types of data that are more important to them– they believe their digital memories, such as photos, are extremely distressing to lose. On the other hand, people have a low awareness of the value of their data, and are putting little monetary value against their data as a result. They know it’s emotionally important, but they are not able to appreciate its value yet. They would need someone to actively remind them of what their data is worth before they share it, or allow someone to delete it.” – said Andrei Mochola, Head of Consumer Business at Kaspersky Lab.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!