Connect with us

Technology

Intel accused of wiretapping because it uses analytics to track keystrokes, mouse movements on its website • The Register

Published

on

Intel is among the growing list of companies being sued for allegedly violating American wiretapping laws by running third-party code to track interactions, such as keystrokes, click events, and cursor movements, on its website.

Last week, a lawsuit [PDF] against the chip maker that was filed in February was removed from a Florida state court and shifted to a federal district court in Orlando.

The plaintiff, Holly Londers, claims she visited Intel’s website approximately a dozen times in the twelve months to January 2021, and during those visits the chip maker “utilized tracking, recording, and/or ‘session replay’ software to contemporaneously intercept [her] use and interaction with the website, including mouse clicks and movements,” and information that she input, pages visited and viewed, and dates and times of visits.

facebook

America’s Supremes give Facebook nothing but heartaches: Top court won’t stop ‘$15bn wiretap’ lawsuit

READ MORE

The lawsuit has been brought under the 2020 Florida Security of Communications Act, which makes it a crime to intentionally intercept another person’s electronic communications without prior consent.

Londers’s complaint does not specify the session replay software involved but The Register understands from a conversation with one of the attorneys involved that it’s believed to be Clicktale, which was acquired in 2019 by Contentsquare, a maker of similar analytics software.

As Jonathan Cherki, founder and CEO of Contentsquare, described the deal at the time, “The combination of Clicktale and Contentsquare heralds an unprecedented goldmine of digital data that enables companies to interpret and predict the impact of any digital element – including user experience, content, price, reviews and product – on visitor behavior.”

Non-profit org The Markup’s Blacklight web inspector warns that the Intel website contains a Clicktale script with “a session recorder, which tracks user mouse movement, clicks, taps, scrolls, or even network activity.” The privacy scanner further notes that no keystroke logging was detected and that it cannot say how the session data is being used.

But other folks can

Session replay software saw increased attention from the privacy community in 2017 when researchers from Princeton’s Center for Information Technology Policy published a study in which they looked at the prevalence of the seven most popular session replay services at the time – Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam – and found their scripts being used on 482 of the Alexa top 50,000 websites.

The following year, session replay scripts were discussed at a US Federal Trade Commission event, FTC PrivCon 2018. During the session [PDF], Gunes Acar, who at the time was a postdoctoral researcher with the Princeton CITP project and is currently with the COSIC research group of KU Leuven, described the privacy risk posed by session replay services.

incognito

Google fails to neutralize lawsuit that complains Chrome’s incognito mode isn’t very private at all

READ MORE

Session replay scripts, Acar said, are no worse than any other analytics scripts until it comes to web input forms. There’s risk, said Acar, that sensitive information like email addresses, credit card numbers, and passwords will get captured by these replay scripts – the Princeton researchers found replay service providers often fail to keep sensitive data safe.

However, the attorney on the Florida case who spoke with The Register said the central issue is whether website visitors gave informed consent. And he voiced optimism that the Florida cases will survive motions to dismiss because Florida’s wiretapping law is a strong consumer protection statute.

Since Cohen v. Casper Sleep (2017) in New York, there have been at least two dozen such wiretapping privacy claims, mostly in California and Florida – both states with applicable privacy statutes. Those who have been sued over this include Banana Republic, Blizzard, CVS, Fandango, Foot Locker, Frontier Airlines, General Motors, Home Depot, Old Navy, Nike, Norton, Ray-Ban, T-Mobile, and WedMD, among others.

The New York case was dismissed in 2018 for failure to properly state a claim [PDF]. But most of the California and Florida cases continue to plod along and may yet make it to trial, or more likely, settlement.

These claims got a boost from the 2020 Ninth Circuit Court of Appeals decision [PDF] that refused to dismiss wiretapping claims against Facebook for tracking people even when they’ve logged out of the social networking service. A week ago, the US Supreme Court declined to hear Facebook’s appeal to undo that decision.

The Register asked Intel and Contentsquare to comment on the wiretapping lawsuit, and both companies declined. ®

Source link

Technology

Big Brother is still watching you and he goes by the name Facebook | John Naughton

Published

on

The security guru Bruce Schneier once famously observed that “surveillance is the business model of the internet”. Like all striking generalisations it was slightly too general: it was strictly true only if by “the internet” you meant the services of a certain number of giant tech companies, notably those of Facebook (including WhatsApp and Instagram), Google (including YouTube), Twitter and Amazon.

The trouble is (and this is what gave Schneier’s aphorism its force) that for a large chunk of networked humanity, especially inhabitants of poorer countries, these walled gardens are indeed what people regard as “the internet”. And that’s no accident. Although Chinese smartphones are pretty cheap everywhere, mobile data tends to be prohibitively expensive in poor countries. So the deal offered by western tech companies is that data charges are low or zero if you access the internet via their apps, but expensive if you venture outside their walled gardens.

Of all the companies, Facebook was the one that first appreciated the potential of this strategy. It offered a way of signing up a billion new users in hitherto underserved parts of the world, thereby reducing the digital divide between the global north and the south. This meant that it could be spun as a philanthropic initiative, initially badged as internet.org and then as Free Basics. The app gave users access to a small selection of websites and services that were stripped of photos and videos and could thus be browsed without paying for mobile data. The rationale was that Free Basics would provide a taster of the internet, which would let people see the value of being connected. Conveniently, though, it also made Facebook the gateway to the internet for these new users. It was the default setting, as it were, in an online world where most people never change defaults and so functioned as a gateway drug for online addiction.

Rather to Facebook’s surprise, Free Basics was not universally welcomed in some of its target territories. The most vocal opposition came in India, the most important market outside of the west, where ungrateful critics perceived it an example of “digital colonialism” and it was eventually blocked by the country’s telecoms regulator on the grounds that it violated the principle of net neutrality by explicitly favouring some kinds of online content while effectively blocking others. Beyond India, however, Free Basics seems to be thriving, being used by “up to 100 million” people in 65 countries, including 28 in Africa.

Last May, Facebook launched a kind of Free Basics 2.0 called Discover. It’s a mobile app that can be used to browse any website using a daily balance of free data from participating mobile network partners. Effectively, it strips out all website content that’s data-intensive (images, video, audio) and displays a pared-down version of the site. “We’re exploring ways to help people stay on the internet more consistently,” explains the Facebook blurb. “Many internet users around the world remain under-connected, regularly dropping off the internet for some period of time when they exhaust their data balance. Discover is designed to help bridge these gaps and keep people connected until they can purchase data again.”

Sounds good, eh? But a recent study by researchers at the University of California, Irvine, on how Discover works in the Philippines (where it has replaced Free Basics) found that not all websites seemed to be stripped for onward viewing. When accessing Facebook through Discover, for example, it wasn’t stripped much – just 4% of images were removed from Instagram, compared with more than 65% of images on other popular sites such as YouTube and e-commerce platform Shopee. The inference was that Discover rendered Facebook’s own services far more functional than those of its competitors. Charged with this, the company blamed a “technical error” that had since been resolved.

Maybe it has, but it might not be wise to trust what Facebook has to say on questions such as this. It’s not that long ago, for example, that it offered its users Onavo Protect, a free virtual private network (VPN) app that would protect their privacy. The company is now being sued by Australia’s competition and consumer commission (ACCC) for using Onavo to allegedly spy on users. “Through Onavo Protect,” said the regulator, “Facebook was collecting and using the very detailed and valuable personal activity data of thousands of Australian consumers for its own commercial purposes, which we believe is completely contrary to the promise of protection, secrecy and privacy that was central to Facebook’s promotion of this app.” Facebook responded that it was “always clear about the information we collect and how it is used”, that it had cooperated with the ACCC’s investigation and that it “will continue to defend” its position in response to the regulator’s filing.

You get the point? Maybe surveillance isn’t the only business model of the internet. Hypocrisy runs it a close second.

What I’ve been reading

Masters and servants
Between Golem and God: The Future of AI is a beautifully structured essay on the 3 Quarks Daily website.

Dressed for all weathers
How clothing and climate change kickstarted agriculture is the thesis of an intriguing Aeon essay by Ian Gilligan, a prehistorian at the University of Sydney.

On the mend
Monopolists Are Winning the Repair Wars is a terrific blog post by Cory Doctorow on the importance of the “right to repair” our own equipment.

Source link

Continue Reading

Technology

Amazon exec’s husband jailed for two years for insider trading. Yes, with Amazon stock • The Register

Published

on

The husband of an Amazon financial executive was sentenced on Thursday to 26 months behind bars for insider trading of the web giant’s stock.

Viky Bohra, 37, of Bothell, Washington, reaped a profit of $1,428,264 between January 2016 and October 2018 by buying and selling Amazon stock using eleven trading accounts managed by himself and his family.

Bohra was able to pocket these big gains because he got copies of Amazon’s confidential financial figures from his wife, Laksha Bohra, who worked as a senior manager in the mega corp’s tax department. Laksha had access to Amazon’s earnings before the numbers were publicly disclosed and reported to the Securities and Exchange Commission. Her husband “obtained” this secret information, despite her being repeatedly warned to not leak the confidential data, and used it to favorably trade in Amazon stock and options.

“This defendant and his wife were earning hundreds of thousands of dollars in salary and bonuses from their jobs in tech – but he was not content with that – greedily scheming to illegally profit by trading Amazon stock,” Acting US Attorney Tessa Gorman, said in a statement.

“This case should stand as a warning to those who try to game the markets with insider trading: there is a heavy price to pay with a felony conviction and prison sentence.”

The FBI began sniffing around, and the Attorney’s Office for the Western District of Washington filed criminal charges [PDF] against Viky in 2020. He pleaded guilty in November to securities fraud. The prosecution had asked the courts for a 33-month sentence.

Separately, he was also charged by the SEC and told to cough up $2,652,899 in disgorgement, interest, and penalties.

“Mr Bohra knew exactly what he was doing and was driven solely by greed,” Donald Voiret, an FBI Special Agent leading the Seattle Field Office, added. “With his nearly unlimited access and knowledge of securities trading, he undermined public trust in our financial markets.”

Laksha Bohra was suspended from her job in 2018 and resigned shortly after, according to a lawsuit filed by the SEC [PDF], and will not face criminal charges as part of Viky’s agreement to plead guilty. ®

Source link

Continue Reading

Technology

Stripe rolls out new tax compliance tool for merchants

Published

on

Stripe Tax automates much of the calculating and collecting of levies like VAT and sales tax for businesses.

Fintech giant Stripe is rolling out a new product to automate businesses’ tax compliance.

Stripe Tax, which was built at the company’s engineering hub in Dublin, helps businesses to automatically calculate and collect sales taxes, VAT and goods and service taxes where they do business.

The product has been rolled out in 30 countries and all US states. Stripe Tax manages the requirements for tax collecting from jurisdiction to jurisdiction. This ensures merchants are in compliance with local tax rules but without the headache of managing it themselves.

According to a 2020 report from Stripe, two-thirds of businesses say that managing tasks like tax compliance inhibits their growth and takes up time that could otherwise be spent on product development.

The matter of tax has become more complex with the mix of physical and digital goods and sales across borders.

Support Silicon Republic

Non-compliance with taxes, even through accidental oversight, can lead to serious sanctions or interest-laden tax bills for businesses.

Stripe Tax calculates taxes due by determining an end customer’s location and products they’re buying. It adapts as changes to tax regimes come into effect and generates reports for businesses on the levies calculated and collected.

“No one leaps out of bed in the morning excited to deal with taxes,” Stripe co-founder John Collison said. “For most businesses, managing tax compliance is a painful distraction. We simplify everything about calculating and collecting sales taxes, VAT and GST, so our users can focus on building their businesses.”

Large companies, including News UK, have started using the product.

“Directly integrating Stripe Tax into our subscriptions platform will save us countless hours, time that can be better spent elsewhere,” Ruan Odendaal, head of subscriptions platform at NewsUK, said.

Stripe has had a very busy 2021 so far. After raising funding at a $95bn valuation, it has been rolling out more services that go beyond the payments processing the company was originally built on, as well as expanding geographically with a focus on the Middle East.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!