We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to.
EFF, where are you?
Source: Windows 10 is possibly the worst spyware ever made | Network World
From August 2015
In follow-up answers for Congress, the company said it “only accesses users’ microphone if the user has given our app permission and if they are actively using a specific feature that requires audio (like voice messaging features.)” The Menlo Park, California-based company doesn’t address what happens to the audio afterward.
Source: Facebook (FB) Paid Contractors to Transcribe User Audio Files – Bloomberg
Facebook first started allowing Messenger users to have their audio transcribed in 2015. “We’re always working on ways to make Messenger more useful,” David Marcus, the executive in charge of the service at the time, said in a Facebook post.
According to Spanish newspaper El País, the league told authorities that when its apps detected users were in bars the apps would record audio through phone microphones.
Source: Popular Soccer App Spied on Fans Through Phone Microphone to Catch Bars Pirating Game Streams
Facebook allowed the device companies access to the data of users’ friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users’ friends who believed they had barred any sharing, The New York Times found.
Source: Facebook Gave Device Makers Deep Access to Data on Users and Friends – The New York Times
“On default, Alexa ends the sessions after each duration… we were able to build in a feature that kept the session going [so Alexa would continue listening]. We also wanted to make sure that the user is not prompted and that Alexa is still listening without re-prompts,” Erez Yalon, manager of Application Security Research at Checkmarx, told Threatpost.
But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.
Source: Want to see something crazy? Open this link on your phone with WiFi turned off.
Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user’s device. If we determine that sensitive information has been inadvertently received, we delete the information.
Source: Configure Windows telemetry in your organization (Windows 10)
The tactics Microsoft employed to get users of earlier versions of Windows to upgrade to Windows 10 went from annoying to downright malicious. Some highlights: Microsoft installed an app in users’ system trays advertising the free upgrade to Windows 10. The app couldn’t be easily hidden or removed, but some enterprising users figured out a way. Then, the company kept changing the app and bundling it into various security patches, creating a cat-and-mouse game to uninstall it.
And while users can disable some of these settings, it is not a guarantee that your computer will stop talking to Microsoft’s servers. A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so.
Known as Silverpush, the software is designed to monitor consumers’ television use through the use of “audio beacons” emitted by TVs, which consumers can’t hear but can be detected by the software. The letters note that the software would be capable of producing a detailed log of the television content viewed while a user’s mobile device was turned on for the purpose of targeted advertising and analytics.
Source: FTC Issues Warning Letters to App Developers Using ‘Silverpush’ Code | Federal Trade Commission
When you open an app or look at a browser page, there’s a very fast auction that happens where different advertisers bid to get to show you an ad. Their bid is based on how valuable they think you are, and to decide that, your phone sends them information about you, including, in many cases, an identifying code (that they’ve built a profile around) and your location information, down to your latitude and longitude.
Source: Company Tracks Iowa Caucusgoers by their Cell Phones – Schneier on Security