Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book General > News

Notices

Reply
 
Thread Tools Search this Thread
Old 06-10-2012, 06:08 AM   #46
plib
Guru
plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.plib ought to be getting tired of karma fortunes by now.
 
Posts: 777
Karma: 6356004
Join Date: Jan 2012
Device: Kobo Touch
Quote:
Originally Posted by Andrew H. View Post
I know some people who work with classified information; they're not allowed to bring their phones to the office, much less connect them to the network and use them calendaring or e-mail. (For that matter, their work computers are not connected to the outside world, either.)
I agree. Seriously classified information or locations wouldn't, or shouldn't. The list above was a bit tongue-in-cheek obviously. However there are government and many corporate environments that aren't so restricted and electronic industrial espionage is commonplace. The Chinese have been doing it for years. Chinese IP's even hammer my router on a routine basis.
plib is offline   Reply With Quote
Old 06-10-2012, 06:17 AM   #47
drofgnal
Evangelist
drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.drofgnal ought to be getting tired of karma fortunes by now.
 
Posts: 466
Karma: 1563122
Join Date: Dec 2009
Device: Kindle4NT/iphone/ipad/ipad mini
Its the same with cookies in your computer browser. I see ads sometimes for the exact product whose website I visited. Not a big deal to me.

What I found more alarming was facebook. I connected with an old friend from high school. We exchanged several messages via facebook. She told me about a bavarian vacation her family had taken and behold, I start getting ads in facebook for a bavarian vacation.

I don't care if they use cookies and browsing history to target ads to me, but when the content of private messages is used to target ads, I get a little angry. I've since quite visiting facebook at all.
drofgnal is offline   Reply With Quote
Old 06-10-2012, 06:57 AM   #48
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 883
Karma: 4235574
Join Date: Nov 2007
Device: Hanlin v3, iPad, Kindle 4NT
This particular issue may not be of concern to people handling classified information if the policy in use prohibits mobiles/own devices. However, that doesn't make the concerns any less valid for regular business, government and individuals when the issue is apps/privacy leaks in general and not just this one specific instance.

There's a lot of highly valuable information that can cause a lot of damage on an individual or even national level that isn't classified and would be found used on mobiles. The data may be confidential enough that devices are required to be encrypted to safeguard against loss/theft, but when the apps running on the device itself are pinching the data, it's a problem.

You could argue that people shouldn't download/install apps they don't trust, but that's not really feasible for anyone that wants to actually use their phone. Especially when you consider the "trusted" companies can just as likely be the ones responsible due to the money gains targetted ads bring. There's nothing to say pre-installed apps arn't also up to no good (in terms of privacy leaking, rather than maliciousness)

Re android and the permissions. I agree most don't care/take notice of the warnings, but that's their choice. If I downloaded an app that was only supposed to be used to read content on my device and it wants location/phone/internet access, I'd question why, google it and see if anyone knows what it wants to do. Whether that would turn up useful information is a different matter

That wouldn't have helped in the case of the linked in app though, as you know it needs net access and will check contacts etc in many cases, desired behaviour, but there's no way to know that the data they're sending encompasses more than you're willing to give.

Not sure how that problem can be tackled, there's not really anything that can be done on an OS level, which leaves it up to the platform holders to require a public disclosure of what info is accessed/used/transmitted and a promise to ban any developers who go beyond that that. A burden I'm sure apple don't want and there's going to be the fine line between honest mistakes where apps pull more than needed and claiming it's a mistake when it was really intended.

If I know exactly what data is accessed/transmitte, it's then up to me to decide whether I care enough to look it up and decide to use that app based on that. Majority of people probably won't care, that's fine. Busiesses though could vet (legit) apps that are deemed to access too much information or details they don't want to share.

It won't stop malicious apps that lie deliberatly then try to steal info, but that's not the goal, it's to stop legit apps accessing data that they deem is fine where as the users sometimes deem that as not acceptable. For example, this whole linked in mess, wouldn't have occurred had linkedin declared up front what data their apps transmit back to their servers and the reasons. People could decide to trust linkedin to delete the data as they claim to do, or decide not to use the app. They could make an _informed_ decision.

Last edited by JoeD; 06-10-2012 at 07:17 AM.
JoeD is offline   Reply With Quote
Old 06-10-2012, 01:54 PM   #49
Penforhire
Wizard
Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.Penforhire ought to be getting tired of karma fortunes by now.
 
Posts: 2,106
Karma: 7067396
Join Date: Nov 2007
Location: Southern California
Device: Kindle PW, PRS-650, iPhone 4, iPad 4
Why you think there is nothing that can be done on an OS level?

Make the device default to anonymized browing and all-hidden device ID's. That is within the power of a non-jailbroken OS. If you want them to go the extra mile they can provide VPN service by default. Siri has to be more of a big deal (expense) to provide than a simple anonymizing VPN.

Let us opt-in if we want the benefit of cookies, targeted ads, speedier VPN bypass or whatever.
Penforhire is offline   Reply With Quote
Old 06-10-2012, 02:08 PM   #50
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 883
Karma: 4235574
Join Date: Nov 2007
Device: Hanlin v3, iPad, Kindle 4NT
Quote:
Originally Posted by Penforhire View Post
Why you think there is nothing that can be done on an OS level?

Make the device default to anonymized browing and all-hidden device ID's. That is within the power of a non-jailbroken OS. If you want them to go the extra mile they can provide VPN service by default. Siri has to be more of a big deal (expense) to provide than a simple anonymizing VPN.

Let us opt-in if we want the benefit of cookies, targeted ads, speedier VPN bypass or whatever.
What I mean by there not being an OS level solution is that apps will require a certain level of access to user data. Whilst the OS can have security in place to ensure apps do not gain access to various functions without your permission e.g contact list, calendar, location services, phone/mic/camera, at some point you use apps that do require some access. Once granted, the OS does not know how much access the app is making, what it's doing with that info (whilst it could track that, it couldn't really know if that usage is inline with the permission you've granted)

Sure, really really fine grained permissions could be added, but it would never cover all cases.

The only feasible solution imo is that if an app needs access to any of your data, that access is made clear by the app maker along with what data and how it's used.

I'm not saying it's technically impossible. I just don't think it's feasible for the OS to handle it to the extent that would be needed. High level protection can and in some cases already is provided for things like contact access, location services but the problem is when apps have a legitimate need for limited access and then go beyond what the user expected or store/use the information for reasons the user wasn't made aware of.
JoeD is offline   Reply With Quote
Old 06-12-2012, 12:48 PM   #51
murraypaul
Interested Bystander
murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.murraypaul ought to be getting tired of karma fortunes by now.
 
Posts: 3,224
Karma: 10210627
Join Date: Jun 2008
Device: Sony PRS505, Nook Color(CM7), iPad3
Looks like Apple is adding more fine-grained access control by application to things like contacts, similar to how access to location services is already controlled:

http://appadvice.com/appnn/2012/06/a...s-app-in-ios-6
murraypaul is offline   Reply With Quote
Old 06-12-2012, 01:39 PM   #52
JoeD
Guru
JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.JoeD ought to be getting tired of karma fortunes by now.
 
Posts: 883
Karma: 4235574
Join Date: Nov 2007
Device: Hanlin v3, iPad, Kindle 4NT
Quote:
Originally Posted by murraypaul View Post
Looks like Apple is adding more fine-grained access control by application to things like contacts, similar to how access to location services is already controlled:

http://appadvice.com/appnn/2012/06/a...s-app-in-ios-6
Yep, a welcomed change that will at least allow you to recognise apps that are trying to access data they have no business touching.

I doubt it would have helped avoid the linkedin issue though, since people would have granted contact access thinking it's only sending name/email for matching purposes whilst it was transfering everything behind the scenes.

I do wonder why they didn't pre-process the contact info on the iphone and only send hashes of names/emails back to their servers. That way any email address/contact who is not a member of linked-in would not have their details exposed to linked in, yet those hashes could be compared against their current member list to find matches. Not that it's perfect nor secure by any means.

If they wanted to do it properly though they'd implement some form of secure computation such as garbled circuits. Considering they didn't hash/salt their password db though, security wasn't their highest priority :P

Last edited by JoeD; 06-12-2012 at 01:42 PM.
JoeD is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to get to Content Server on OS X 10.7.2 using iPad 2 iOS 5.0.1 cdg Apple Devices 0 11-15-2011 03:25 PM
Original iPad with iOS 4.3? sachinwalia Apple Devices 59 06-18-2011 09:16 AM
iOS 4.0.2 (iPhone) 3.22(iPad) updates now available kjk Apple Devices 5 08-12-2010 10:21 PM
iPhone iPhone 3GS upgrade to ios 4 -> No 3G Data nikkie Apple Devices 11 06-26-2010 02:29 PM


All times are GMT -4. The time now is 09:04 AM.


MobileRead.com is a privately owned, operated and funded community.