Connect with us

Technology

TikTok has been accused of ‘aggressive’ data harvesting. Is your information at risk? | TikTok

Voice Of EU

Published

on

Cybersecurity experts have warned Australian TikTok users that the Chinese government could use the app to harvest personal information, from in-app messages with friends to precise device locations.

The warnings follow a report by Australian-US cybersecurity firm Internet 2.0, which found the most popular social media app of the year collects “excessive” amounts of information from its users.

Here’s what you need to know about TikTok’s data harvesting, and how to keep your information safe.

What’s different about the way TikTok collects data?

TikTok’s data collection methods include the ability to collect user contact lists, access calendars, scan hard drives including external ones and geolocate devices on an hourly basis.

“When the app is in use, it has significantly more permissions than it really needs,” said Robert Potter, co-CEO of Internet 2.0 and one of the editors of the report.

“It grants those permissions by default. When a user doesn’t give it permission … [TikTok] persistently asks.

“If you tell Facebook you don’t want to share something, it won’t ask you again. TikTok is much more aggressive.”

The report labelled the app’s data collection practices “overly intrusive” and questioned their purpose.

“The application can and will run successfully without any of this data being gathered. This leads us to believe that the only reason this information has been gathered is for data harvesting,” it concluded.

Most of the concern in the report focuses on permissions sought on Android devices, because Apple’s iOS significantly limits what information an app can gather. It has a justification system so that if a developer wants access to something it must justify why this is required before it is granted.

“We believe the justification system iOS implements systematically limits a culture of ‘grab what you can’ in data harvesting, “ the report states.

Does TikTok have connections with the Chinese government?

TikTok is owned by the Chinese multinational internet company ByteDance, which is headquartered in Beijing. Founder Zhang Yiming sits at No. 28 on Bloomberg’s billionaires index.

ByteDance has denied a connection to the Chinese government in the past, and called the claim “misinformation” after various leaks suggested it censors material that does not align with Chinese foreign policy aims or mentions the country’s human rights record.

“They are consistent in saying their app doesn’t connect to China, isn’t accessible to Chinese authorities and wouldn’t cooperate with Chinese authorities,” Potter said.

But he said Internet 2.0’s research found “Chinese authorities can actually access device data”. By sending tracked bots to the app, Internet 2.0 “consistently saw … data geolocating back to China”.

Potter has said it wasn’t clear what data was being sent, just that the app was connecting to Chinese servers.

TikTok is owned by ByteDance, which was founded by Zhang Yiming.
TikTok is owned by ByteDance, which was founded by Zhang Yiming. Photograph: Shannon Stapleton/Reuters

This month TikTok Australia admitted its staff in China were able to access Australian data.

“Our security teams minimise the number of people who have access to data and limit it only to people who need that access in order to do their jobs,” Brent Thomas, the company’s Australian director of public policy, wrote in a letter. The letter was in response to questions from Senator James Paterson, the opposition’s cyber security and foreign interference spokesperson. Thomas said Australian data had never been given to the Chinese government.

Are you at risk?

Under China’s national security laws Chinese companies are, upon request from the government, required to share access to data they collect.

“You’re in a different digital ecosystem when you’re on a mainstream Chinese app,” Potter said. And “who you are” may determine the “level of risk” you are taking.

At an individual level, the average user might not be at immediate risk, Potter said. “But if you’re involved in something more sensitive or discussing topics that are sensitive … you’ve become very interesting to them very quickly.”

A dissident in the Chinese diaspora community, or a critic of the Chinese government, might be “extremely concerned about their personal cyber security” on TikTok, Paterson said.

TikTok told a 2020 Senate committee on foreign interference on social media that any request for Australian user data would need to go through a mutual legal assistance treaty process.

Other governments also use their national security laws to gain access to user data from TikTok. TikTok publishes a half-yearly transparency report for data requests from governments.

China is not on the list of countries, but the list reveals Australian governments in the second half of 2021 made 51 requests for data related to 57 user accounts, with TikTok handing over data 41% of the time. The US made 1,306 requests for 1,003 accounts, with data handed over 86% of the time.

How can I keep my data safe?

TikTok is now the most downloaded mobile entertainment app in Australia, with 7.38 million users over the age of 18.

If you decide to keep using TikTok, Potter suggests being “specific and granular about the level of permissions shared with the app”.

Set permissions manually via in-app settings and in the device’s settings. Tom Kenyon, a director of Internet 2.0, also urged users to monitor those permissions regularly. “In any update, they can change access to permissions. It’s not set and forget.”

Potter said users should continue to “ignore requests for sharing information”. He also urged young people to avoid using TikTok for “general messaging”.

“If you want to share videos and look at cats, sure, go your hardest. If you’re going to have a conversation with your friends about your sexual orientation, or human rights, I’d be very wary.”

Kenyon said young people just starting their careers should think beyond the short term.

He also urged senior public servants, public officials and members of parliament to “delete TikTok and other social media”. While the data already collected will not disappear from TikTok’s database, deleting the application will stop data collection into the future. If they are wanting to continue activity across platforms, Kenyon suggested “a separate, dedicated phone”.

Should TikTok be banned?

Kenyon said that as it is an “avenue for data to flow to China … I absolutely think [TikTok] should be banned”.

But Potter said he is “very rarely in favour of bans”.

“I am in favour of better regulation.”

Potter said Australia must be clear “that we expect social media companies operating in Australia to respect our norms of privacy and freedom of speech”.

“They need to be clear about how they operate. And if caught lying consistently, we need to have some way of holding those companies to account.

Cyber security minister Clare O’Neil
Cyber security minister Clare O’Neil says she is ‘certainly’ concerned by the data collection practices of some apps. Photograph: Darren England/AAP

The federal minister for home affairs and cyber security, Clare O’Neil, said in a statement that the Australian government “has this report and has been well aware of these issues for some years”.

“Australians need to be mindful … that they are sharing a lot of detailed information about themselves with apps that aren’t properly protecting that information.

“I hope it concerns Australians because it certainly concerns me.”

Australian influencers have vowed to stay on the app despite concerns about Chinese data harvesting.

The Internet 2.0 report will be presented on Monday to a US Senate hearing on TikTok. With 142.2 million users in North America, the US is “obviously the dominant market for this app.”

“I would expect TikTok will come under very hard questions about how the app operates,” Potter said.

What does TikTok say about the report?

TikTok has rejected the Internet 2.0 report as “baseless”.

A TikTok spokesperson said: “The TikTok app is not unique in the amount of information it collects … We collect information that users choose to provide to us and information that helps the app function, operate securely, and improve the user experience.

“The IP address is in Singapore, the network traffic does not leave the region, and it is categorically untrue to imply there is communication with China. The researcher’s conclusions reveal fundamental misunderstandings of how mobile apps work, and by their own admission, they do not have the correct testing environment to confirm their baseless claims.”

With Josh Taylor

Source link

Technology

Let there be ambient light sensing, without data theft • The Register

Voice Of EU

Published

on

Six years after web security and privacy concerns surfaced about ambient light sensors in mobile phones and notebooks, browser boffins have finally implemented defenses.

The W3C, everyone’s favorite web standards body, began formulating an Ambient Light Events API specification back in 2012 to define how web browsers should handle data and events from ambient light sensors (ALS). Section 4 of the draft spec, “Security and privacy considerations,” was blank. It was a more carefree time.

Come 2015, the spec evolved to include acknowledgement of the possibility that ALS might allow data correlation and device fingerprinting, to the detriment of people’s privacy. And it suggested that browser makers might consider event rate limiting as a potential mitigation.

By 2016, it became clear that allowing web code to interact with device light sensors entailed privacy and security risks beyond fingerprinting. Dr Lukasz Olejnik, an independent privacy researcher and consultant, explored the possibilities in a 2016 blog post.

Olejnik cited a number of ways in which ambient light sensor readings might be abused, including data leakage, profiling, behavioral analysis, and various forms of cross-device communication.

He described a few proof-of-concept attacks, devised with the help of security researcher Artur Janc, in a 2017 post and delved into more detail in a 2020 paper [PDF].

“The attack we devised was a side-channel leak, conceptually very simple, taking advantage of the optical properties of human skin and its reflective properties,” Olejnik explained in his paper.

“Skin reflectance only accounts for the 4-7 percent emitted light but modern display screens emit light with significant luminance. We exploited these facts of nature to craft an attack that reasoned about the website content via information encoded in the light level and conveyed via the user skin, back to the browsing context tracking the light sensor readings.”

It was this technique that enabled the proof-of-concept attacks like stealing web history through inferences made from CSS changes and stealing cross origin resources, such as images or the contents of iframes.

Snail-like speed

Browser vendors responded in various ways. In May 2018, with the release of Firefox 60, Mozilla moved access to the W3C proximity and ambient light APIs behind flags, and applied further limitations in subsequent Firefox releases.

Apple simply declined to implement the API in WebKit, along with a number of other capabilities. Both Apple and Mozilla currently oppose a proposal for a generic sensor API.

Google took what Olejnik described his paper as a “more nuanced” approach, limiting the precision of sensor data.

But those working on the W3C specification and on the browsers implementing the spec recognized that such privacy protections should be formalized, to increase the likelihood the API will be widely adopted and used.

So they voted to make the imprecision of ALS data normative (standard for browsers) and to require the camera access permission as part of the ALS spec.

Those changes finally landed in the ALS spec this week. As a result, Google and perhaps other browser makers may choose to make the ALS API available by default rather than hiding it behind a flag or ignoring it entirely. ®



Source link

Continue Reading

Technology

4 supports that can help employees outside of work

Voice Of EU

Published

on

Everyone has different situations to deal with outside of the workplace. But that doesn’t mean the workplace can’t be a source of support.

Employers and governments alike are often striving to make workplaces better for everyone, whether it’s workplace wellbeing programmes or gender pay gap reporting.

However, life is about more than just the hours that are spent in work, and how an employer supports those other life challenges can be a major help.

Family-friendly benefits

Several companies have been launching new benefits and policies that help families and those trying to have children.

Job site Indeed announced a new ‘family forming’ benefit package earlier this year, which is designed to provide employees with family planning and fertility-related assistance.

The programme includes access to virtual care and a network of providers who can guide employees through their family-forming journey.

Vodafone Ireland introduced a new fertility and pregnancy policy in February 2022 that includes extended leave for pregnancy loss, fertility treatment and surrogacy.

And as of the beginning of 2022, Pinterest employees around the world started receiving a host of new parental benefits, including a minimum of 20 weeks’ parental leave, monetary assistance of up to $10,000 or local equivalent for adoptive parents, and four weeks of paid leave to employees who experience a loss through miscarriage at any point in a pregnancy.

Helping those experiencing domestic abuse

There are also ways to support employees going through a difficult time. Bank of Ireland introduced a domestic abuse leave policy earlier this year, which provides a range of supports to colleagues who may be experiencing domestic abuse.

Under the policy, the bank will provide both financial and non-financial support to colleagues, such as paid leave and flexibility with the work environment or schedule.

In emergency situations where an employee needs to immediately leave an abusive partner, the bank will help through paid emergency hotel accommodation or a salary advance.

In partnership with Women’s Aid, the company is also rolling out training to colleagues to help recognise the symptoms of abuse and provide guidance on how to take appropriate action.

Commenting on the policy, Women’s Aid CEO Sarah Benson said employers who implement policies and procedures for employees subjected to domestic abuse can help reduce the risk of survivors giving up work and increase “feelings of solidarity and support at a time when they may feel completely isolated and alone”.

A menopause policy

In 2021, Vodafone created a policy to support workers after a survey it commissioned revealed that nearly two-thirds of women who experienced menopause symptoms said it impacted them at work. A third of those who had symptoms also said they hid this at work. Half of those surveyed felt there is a stigma around talking about menopause, which is something Vodafone is seeking to combat through education for all staff.

Speaking to SiliconRepublic.com last year, Vodafone Ireland CEO Anne O’Leary said the company would roll out a training and awareness programme to all employees globally, including a toolkit to improve their understanding of menopause and provide guidance on how to support employees, colleagues and family members.

In Ireland, Vodafone employees are able to avail of leave for sickness and medical treatment, flexible working hours and additional care through the company’s employee assistance programme when going through the menopause.

Support hub for migrants

There are also initiatives to help people get their foot on the employment ladder.

Earlier this year, Tánaiste Leo Varadkar, TD launched a new service with education and employment supports for refugees, asylum-seekers and migrants.

The Pathways to Progress platform is part of the Open Doors Initiative supporting marginalised groups to access further education, employment and entrepreneurship in Ireland.

As part of the initiative, member company Siro offered a paid 12-week internship programme for six people who are refugees. The internships include job preparation, interview skills and access to the company’s online learning portals.

Open Doors Initiative CEO Jeanne McDonagh said the chance to land a meaningful job or establish a new business is key to people’s integration into Ireland, no matter what route they took to get here.

“Some are refugees, some are living in direct provision, some will have their status newly regularised, and others will come directly for work,” she said. “Our new service aims to support all migrants in finding a decent job as they prepare to enter the Irish workforce, and to support employers as they seek to build an inclusive culture in their workplaces.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

The final Fifa: after 30 years, the football sim plans to go out with a bang | Games

Voice Of EU

Published

on

Earlier this year, at the famed La Romareda stadium in Zaragoza, Spain, EA Sports organised two football matches, one each for male and female pro players. During these competitive 90-minute fixtures, all participants, including subs and officials, wore advanced Xsens motion capture suits that recorded their every movement, shot, tackle and celebration. Involving more than 70 people it was, according to gameplay producer Sam Rivera, the largest number of players ever motion-captured in a single session.

Every year, the developers of Fifa tell us that their key aim is authenticity. This year, Fifa 23 – the final product of EA Sports and Fifa’s 30-year partnership – is about making key moments more intelligible, detailed and dramatic, zooming in ever closer to the action at pitch level. That grand Zaragoza mo-cap session provided 10m frames of animation – twice as much match capture as Fifa 22 – allowing for more than 6,000 authentic player animations, a wealth of which are female-specific.

Fifa 23 - Vini Jr v Lores.
Fifa 23 – Vini Jr v Lores. Photograph: Electronic Arts

That data has also been fed through Hypermotion 2, EA Sports’ machine learning engine, which uses the mo-cap data to create new, highly authentic animations on the fly, seamlessly filling in the gaps between mo-cap moments. This should mean smoother, more controllable movement on the ball. “Dribbling is getting more responsive,” says Rivera. “The personality of the players really shines through. We got the feedback in Fifa 22 that dribbling felt slidey; players were skating sometimes when turning. With the new system, they’re a lot more grounded, turning feels good, and the steps in between every single dribble touch are created by the algorithm. This means every step matches the path, creating better visuals.”

The designers are also enhancing dribbling’s defensive counter-action: jockeying. The machine learning system has been trained to detect which player is between the advancing player and the goal, and then governs their movements. They’ll usually approach the attacker from an angle rather than face-to-face, letting them tackle effectively. “They even put their hands behind their backs when they’re inside the box,” enthuses Rivera.

Players will accelerate differently, too: controlled, lengthy or explosive. This means a player such as Erling Haaland or Vinícius Júnior will burst away at speed, but will then slow more quickly, while someone with lengthy acceleration such as Virgil van Dijk won’t be quite as quick off the mark, but will gain speed. The idea is to break up the predictability of one-on-ones: it’ll no longer be quite as clear who’ll get to a loose ball first, or who will outrun an opponent down the wing.

Another new feature is the power shot: when players hit both bumpers while pressing the shoot button, the game brings up power and positioning options for a controlled, pinpoint strike. “It’s a risk v reward system,” says gameplay design director, Kantcho Doskov. “You can try it at any time, but if there’s a defender nearby, they’re going to tackle you. You really have to carve out that space, and even when you do, you have to aim precisely. Aiming at the top corner of the goal takes a bit of skill! When I try power shots, most of the time I don’t score, but it’s fun to test the keeper. And sometimes, just because the shot is so powerful, he’s forced to parry the goal back to my striker, who taps it in.”

Elsewhere, EA is telling us to expect redesigned set-pieces, with aiming on the right analogue stick, aided by a preview projection line – and defenders can now lie behind the wall to block low shots. And impact physics have been improved, so a player’s foot might be knocked sideways by a ball travelling at velocity, affecting their touch. The virtual grass now has individual blades, and the surface degrades as the match goes on: sliding tackles and knee-slide celebrations will tear up the turf, leaving scars that remain for the whole game. “At the moment, it’s purely visual,” says senior art director, Fab Muoio.” But we’ve had discussions about whether or not it will impact play and that’s something we’ll think about in the future.”

Fifa 23 - Signal Iduna Park.
Fifa 23 – Signal Iduna Park. Photograph: Electronic Arts

Muoio talks a lot about drawing inspiration from modern TV broadcast aesthetics. “Just look at the real-world use of drone cameras,” he says. ”I saw some footage from the Etihad of a drone shot going all the way through the concourse and the stadium. It looks amazing, like CG.

“We also reworked our out-of-play cameras to make them look a lot nicer when you have a corner kick, throw-in or goal kick: we’ve adjusted the depth of field and the composition, just to have the player pop a little bit more from the background. It looks more in line with what you see in modern broadcast football, with that heavy depth of field.”

An early beta demo shows all of these new details in action. Playing as Manchester City, you see the fast, insightful runs of Jack Grealish and Kevin De Bruyne and the amazing shot-stopping capabilities of Ederson. Attempting a power shot with Real Madrid’s Marco Asensio gives you a real sense of his strength and accuracy. There’s also a beautiful moment of animation fluidity when Borussia Dortmund’s Marco Reus turns and volleys in a crowded box, arching the ball into the top left corner. A couple of hours of play show up more diversity of movement and interaction between players, and although the pace is similar to Fifa 22, it feels like there are a few more milliseconds available to line up ambitious passes.

EA Sports has some big changes coming to Career mode, including interactive match highlights, which let you play the key moments from important matches instead of the whole game, making for a snappier, more dramatic narrative. There are announcements to come about the ever-popular but also hugely controversial Ultimate Team mode. EA has stated that it will not be abandoning the “loot box”-style random player packs that underpin the mode, even though several countries have either banned or are considering bans on them. Whatever EA does to improve this part of the game, including making it easier to progress without purchasing packs, the ethical quandary of the loot box will cast a long shadow over the entire game.

Work is progressing, too, on EA Sports’ post-Fifa future, which will arrive in 2024 as the awkwardly-titled EA Sports FC. It’s clear that Fifa itself is going to struggle to commission a new football sim that will get anywhere close to EA’s game in quality and detail. The development team views Fifa 23 as a good indication of where things are heading. “You can see by the amount of content this year: we want more, we want to continue going big,” says Rivera. “We’re excited about 2024 and what’s coming. There are a lot of opportunities. Responsiveness, visuals, authenticity – are what will take us there.”

He’ll only give up one specific detail: the use of machine learning animation, currently confined to very specific areas of the game, is likely to expand as EA moves into the next era of its simulation. There is a dedicated AI coding team at EA’s Vancouver studio that have been working on this tech for several years, and if this year’s implementations go down well, we might soon see the end of scripted animations. “I can’t talk about the details of where it’s going because these are huge future features, but the potential that we’re seeing is crazy,” says Rivera. “We can see how machine learning can take over animation in the future.”

It still feels kind of surreal that this is the end for Fifa as we know it. A game that began on the Mega Drive with its blocky, stylised sprites and electronically simulated crowd noises, now features lifelike motion captures taken from genuine matches, and an intelligent animation system that mimics the behaviours of real-life players. Fifa has been loved and loathed; it has seen off one great rival – the Pro Evolution Soccer series – and will soon compete against whatever licensed products Fifa can pitch against it. In embracing the women’s game, it’s doing the right thing at the right moment, while at the same time, its insistence on retaining the loot box lottery of Ultimate Team will ensure that controversy as well as fandom will follow it into the future. But that, after all, is football.

Keith Stuart attended a press trip to Electronic Arts in Vancouver with other journalists. His travel and accommodation expenses were met by Electronic Arts.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!