Email Productivity Applications Collect Users’ Personal Information to Sell to Third Parties

There are many email productivity applications that help manage and organize your inbox. While useful, they come at a costly price for your privacy. According to Motherboard’s Joseph Cox, many of these apps can scan through people’s emails and sell their data for profit. Some worth mentioning include Cleanfox, Slice, and Edison. On Edison’s website, the company states that it “accesses and processes” users’ emails, this similar statement used for the apps Cleanfox and Slice.

These types of applications scan people’s personal inboxes for emails that contain information such as package tracking notifications and receipts to record how much people spend as well as what they are purchasing. Once this data is collected, these application companies sell this information to e-commerce and finance companies that have an interest in such trends. However, they sell an anonymous version of the information. 

A spokesperson from Edison told Business Insider that their software “automatically recognizes commercial emails and extracts purchase information,” while disregarding any emails that include personal or work related matters. Slice’s parent company, Rakuten, stated that the reason as to why they collect people’s data is for market research purposes and – contrary to what we may believe – that they do value protecting their users’ privacy. 

Foxintelligence’s CEO Edouard Nattée stated in an email to Business Insider that new users are notified when their data is pulled from “transactional emails”, further stating that the information collected remains anonymous. While anonymized data may seem secure, data breaches that give access to the exact data can help cybercriminals trace information back to its original source. 

California’s New Privacy Law Protects Consumers’ Submitted Data

California residents rejoice – a new law passed for 2020 allows for greater consumer data protection in which one can opt-out of having companies collect and sell their data to third parties. This includes any data collected from social networking websites, consumer goods retailers, banks, etc. 

The new act is called the California Consumer Privacy Act (CCPA) and ultimately protects people from having their data monetized. Under this act, consumers have the right to access copies of any data collected by companies. Those businesses that violate the Act can face State fines or sanctions placed upon them. Enforcement of the Act begins this year in July, and any company that has yet to comply with the change in data collection may not face trouble until then. 

For those companies already in compliance with the new law, consumers can find their data collection opt-out pages typically under the Privacy tab. Recently, a directory of links was created to include these company pages for easy access to opt-out requests –  if in case the page isn’t found straightforwardly on the company site homepage. 

For more information on California’s new Consumer Privacy Act, please visit this page here. The directory of opt-out request pages can be found here.

Uber Uses Software to Remotely Log Out to Preserve Customer Privacy Data

With 78 or more international offices, you might have to consider some possible opposition with government authorities. In 2015, Uber faced a series of investigations in China and various other countries and were looking to secure their information while being investigated. During these police raids, employees knew the drill: immediately log-off and make it nearly impossible for the police to access the information they had a warrant to retrieve, aka proceed with the “unexpected visitor protocol.”

For fear of sounding a little too suspicious, it’s important to know that Uber was trying to protect the privacy and security of their customers, drivers, and employees – especially abroad. After a lot of searching, Uber discovered a software titled, “Ripley,” which was said to be named after Sigourney Weaver’s character in the 1979 sci-fi movie, Alien. This special software is able to remotely disable, lock, or change the password on employees’ computers and smartphones in the event of a breach or police raid. As quoted in an Bloomberg.com article, “The nickname was inspired by a Ripley line in Aliens, after the acid-blooded extraterrestrials easily best a squad of ground troops. ‘Nuke the entire site from orbit. It’s the only way to be sure.’”

According to Bloomberg, the software was used during a raid in Montreal in May 2015. The  idea behind this was for Uber’s team at the San Francisco headquarters to be able to shut down a device if necessary. At this point in time, the Quebec tax authority arrived at the office unannounced with a warrant. Uber’s on-site managers followed the protocol and alerted company headquarters about what was happening. Fortunately, with the use of Ripley, they were able to not reveal anything to the investigators by logging off from all the devices in the Montreal office immediately.

The employees are trained to alert and follow some simple procedures when someone arrives unannounced at its foreign office to protect their data. If the investigators begin to investigate Uber’s machines, they have a list of Do’s and Don’ts that the employees should follow. Do’s include cooperating with the authorities and disclosing requested documents. Don’ts say not volunteer any information, nor “delete, destroy, and hide any document or data.” It’s unclear though if they used this list when using the software Ripley. Although, it is clear that Uber has allowed authorities to leave the building with company laptops plenty of times before. It all depends on the legal privilege of the situation.

Uber said “Like every company with offices around the world, we have security procedures in place to protect corporate and customer data,” an Uber spokeswoman said. “When it comes to government investigations, it’s our policy to cooperate with all valid searches and requests for data.”

Later, Uber started using off-the-shelf software called Prey and another named uLocker. Uber said that these softwares are able to protect the privacy of the drivers, Uber employees, and the passengers. Last March, the New York Times revealed that the company used secretive software called Greyball in some cities where Uber wasn’t yet allowed to operate. The software let the company target certain people, like the police, and showed them a mock-up version of the app that showed no cars available to hide the fact that they were indeed in operation.

According to the article, Uber is now under investigation by the US Department of Justice for its use of Greyball and is facing at least four other inquiries by the US government. As for the software Ripley, uLocker, and Prey being used by the Uber they have mentioned that there is nothing secretive about it. It’s basically the same software someone would use to track down their lost or stolen smartphones. However, an Uber Spokeswoman has mentioned that these softwares are even good for internal use. For instance, if an employee loses their laptop, we can just log them out of the Uber’s System to prevent the information from leaking and having someone else access private user data.

Better Password Protection for Data Privacy Day

Today is Data Privacy Day and we’re celebrating with some do’s and don’ts for better password protection! The most common form of user authentication, passwords protect emails, bank accounts, user profiles and so much more.

In theory it makes sense to choose passwords that are hard to crack and always keep them to ourselves, but in practice, this doesn’t always happen. Here are some password do’s and don’ts.

password-do-s-and-don-ts

Need more specific tips? Here are more ideas for stronger passwords that are also easier to remember:

  1. Use Multiple Languages- Words are easier to remember than random letter groupings, but most hackers use English dictionary words when cracking passwords. Using non-English words can help you remember your password while avoiding common words.
  2. Use A Pattern for Special Characters- Inserting a set of special characters into your password every few letters can help you fulfill the special character requirement, and it’s an easy formulaic way to remember where those characters belong.
  3. Only Use Leet in Phrases- Leetspeak (switching letters in a word for numbers and special characters- for example “hello” becomes “h3110”) is not uncommon among hackers, so this method won’t necessarily help keep a one word password safe. However, using them in a phrase can still be helpful, as it is harder to guess a phrase than a single word.