It’s no secret that privacy concerns were an issue since day one Gmail was launched. This was due to Gmail’s practice of scanning emails for personalized ads and marketing messages. Now, the free email service announced it would stop the controversial practice.
Diane Greene, who is the Google Cloud senior vice president, said that from now on, Gmail would follow the same practices as G Suite Gmail. “Consumer Gmail content will not be used or scanned for any ads personalization after this change.”
However, this doesn’t mean that personalized ads and marketing messages are a thing of the past for Gmail: Users will still see them, but they will be based on other data (probably browsing habits and search queries). In essence, ads will be based on user settings, which means that users will be able to change those settings at any time; they will even be able to disable ads personalization.
Although this may seem like great news – after all, not scanning the emails is an improvement for Gmail –Danny Sullivan, who is the founding editor of Search Engine Land, was quick to notice that just because Google won’t be spying on its users’ emails anymore, doesn’t mean the company doesn’t have other means to tailor the ads for its users. And indeed, it does.

Source:
Phys.org (https://phys.org/news/2017-06-google-scanning-gmail-ad.html)

Electronic healthcare services are becoming increasingly more popular every day, and rightfully so – they enable high-quality healthcare services to people who can’t make it to the “real” doctor, to those who live in rural areas, as well as to people who cannot afford medical care. However, despite their positive results, they also have one major downside: they create opportunities for new types of security and privacy threats.
As with all electronic devices, information security and protection of privacy are incredibly important – and healthcare systems should be no exception. If no attention is paid to these aspects, healthcare services can put users at great risks.
Various mobile apps are used in not only developed but in developing countries too, as they increase the access to public health care. They can also improve patients treatment in rural areas, strengthening the link between the whole society and the public health system. It’s obvious why it’s incredibly important to keep researching and investing into these projects; the problem is, many of them fail because of issues related to information security and privacy.
For this reason, according to Leonardo Iwaya, a Ph.D. student in computer science at Karlstad University, “These issues have to be considered from the start if you want to develop digital healthcare systems in which information is properly secured, and privacy is protected.”
So, paying attention to the protection of privacy and data security should be just as important as programming the app itself.

Source:
Karlstad University via ScienceDaily (https://www.sciencedaily.com/releases/2017/06/170615084754.htm)

Computer scientists from the University of Edinburgh have developed a new tool that can identify fake online profiles with relative ease.
The new system consists of computer models that were trained to spot online users who make up information about themselves – catfishes. The model can identify social media users who are dishonest about their gender and age and could, therefore, be useful in ensuring the safety of social networks.
The team built the new tool based on information they gathered from about 5,000 verified public profiles on an adult content website. These verified profiles were used to train the model to estimate the gender and age of a user with high accuracy. The system was able to estimate this based on the users’ style of writing in comments, as well as on their network activity.
Interestingly, the system found that almost 40% of the site’s users lie about their age, and about one-quarter lie about their gender.
The new tool demonstrates the effectiveness of the technology in fishing out dishonest users. The team hopes that this system will lead to safer and more honest world of social networks.

Source:
University of Edinburgh via ScienceDaily (https://www.sciencedaily.com/releases/2017/06/170607123855.htm)

OneLogin, an identity and access management software that provides a single sign-on to multiple websites and cloud applications, has been broken into by hackers on Wednesday.
The company said that the hacker was “able to access database tables containing information about users, apps, and various types of keys. While we encrypt certain sensitive data at rest, at this time, we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data.”
In other words, this is isn’t a simple data breach – it is a serious, scary-looking hack that poses unpleasant and worrisome questions about safe cloud usage.
In a blog post, OneLogin’s chief information security officer, Alvaro Hoyos, said that an unauthorized person(s) gained access to the company’s servers in the U.S. region. He explained that this hacker obtained a set of AWS keys which he used to access the AWS API (application programming interface) through another service provider. According to the blog post, the attack started on May 31, around 2 AM PST.
OneLogin’s investigation is still ongoing and is now aided by law enforcement as well as independent third-party security experts.
It’s worth noting that despite the hack, some security experts say that using password managers is still safer than using the same passwords for multiple websites.

References:
OneLogin Blog (https://www.onelogin.com/blog/may-31-2017-security-incident)
Phys.org (https://phys.org/news/2017-06-hackers-centralized-password-onelogin.html)
Fortune (http://fortune.com/2017/06/02/onelogin-password-security-breach/)

Online privacy can be a tricky thing as it’s easy to get lost in a sea of information. Nowadays, we also have to wonder about who is tracking us, what for, what information will stay in the online space even after we delete it, etc. To help with these issues, Spanish designers developed Thero, a 3D printed prototype of a desktop device that allows users to quickly and easily switch between online privacy options.
According to Roman Torre and Angeles Angulo who developed the new device, Thero is supposed to help people realize the importance of their data and privacy. “Through the physical manipulation of the device we believe that is easier to [experience] … privacy, compared to solutions already available in the market, which are based exclusively on software. Those can be too abstract and tricky for the current medium internet user.”
Thero is easy to use: one can switch between encrypted communication methods simply by turning a dial. And when users switch modes (encrypted/ nonencrypted), they receive a visual reminder on their screen that lets them know how they’re currently protected.
For now, Thero is just a prototype and not for commercial use, but the team is working on developing a better software solution that would allow it to become commercially available.

Reference:
Roman Torre (http://www.romantorre.net/portfolio-item/thero/)
Digital Trends (https://www.digitaltrends.com/cool-tech/thero-desktop-privacy-device/)

In order to stop ransomware and malware scams that are currently all over the world, computer scientists are trying to find out why these attacks are successful in the first place. The research findings will be used to develop the next generation of email filters that will better at identifying and defending against cyber attacks.

To look at the characteristics of phishing emails, the research team used publicly available emails from Hillary Clinton and Sarah Palin. They used natural language generation (replicates human language patterns) to create fake phishing emails from real emails. Then, they planted certain signals like repetitive sentences, fake names, and incoherent flow into these emails, and used them for the test group.

The participants, 34 of them, were given eight Clinton and eight Palin emails, four of which were fake and four of which were real. They were then asked to identify which emails were real and explain their reasoning. Here are some of the most important results of the study:

• Using more complex grammar fooled 74% of participants;
• Only 50% of the participants noticed/mentioned the fake names;
• Only six participants could show the full header of an email;
• Education, experience and gender made no difference in the ability to detect the deceptive emails.

What these results do is offer ideas on how to improve IT training and email filters. Until they are actually developed though, here is what you can do to protect yourself against fake emails:

• Always look closely at the sender of the email and the full header;
• Hover a mouse over any potential fake, broken links in the body of the email;
• Think how long it has been since you had contact with the sender;
• Consider the context of the email itself.

Source:

University of Houston via ScienceDaily (https://www.sciencedaily.com/releases/2017/05/170516153932.htm)

WhatsApp is already known as the “safe” app because of its end-to-end encryption, but now the company has decided to become even safer by adding new security features to its iCloud backpack. With this addition, even WhatsApp iCloud backups will become encrypted.

Why does encryption even matter? To put it simply, because with it, your messages are safe; without it, it’s a risky business. For example, in the past, WhatsApp was under fire thanks to certain governments that demanded access to user data. The company resisted, putting user privacy as their number one priority. This resulted in WhatsApp being blocked several times in Brazil, simply because they refused to share user data.

Now, with encryption to iCloud backups added, WhatsApp has become even safer. This development should ensure that users’ private messages remain private no matter what. This is a truly important step, considering we’re living at times when governments have no problem demanding access to user data.

With encryption becoming a growing concern among users, it doesn’t hurt that WhatsApp continues to try to make communication safer. This move should, therefore, put many of us at (at least some) ease.

Source:

Digital Trends (https://www.digitaltrends.com/mobile/whatsapp-icloud-backups-encryption/)

Classical communications, such as those over email or phone, are vulnerable to eavesdroppers as today’s data encryption is based on the factorization of large integers, which is an easily solvable operation on a quantum computer. Considering the fact that large quantum computers are only five years away from commercial exploitability (according to Google), this is a dangerous situation to be in.

The good news is, there is a solution, and it lies in quantum key distribution (QKD).

QKD uses particles to allow two remote parties to produce a shared random secret key, which is known only to those two parties. This secret key enables the encryption and decryption of messages, and it is super-safe thanks to the principle that it’s based on – the uncertainty principle. Based on this concept, secure quantum networks are being built on a large scale in many countries (with China leading the way), so it’s important to understand the ultimate limits of QKD.

Now, in an article published in Nature Communications, scientists explain they have managed to establish the boundaries of quantum secure communications through the most important communication lines, including optical fibres.

Professor Stefano Pirandola of the University’s Department of Computer Science explained that this is a breakthrough development as it establishes the ultimate performance that none of the point-to-point protocol of QKD can surpass.

Source:

Phys.org (https://phys.org/news/2017-04-boundaries-quantum.html)

Cloud storage providers like Gmail and Dropbox may soon get a major upgrade that will enable them to better manage their users’ content, giving them more storage capacity, but with the same level of security.

For cloud storage providers to protect an ever-increasing amount of private data, they have to encrypt that information so that no one – including the service provider itself – can read it. The issue with this is that cloud storage services end up having an exceptionally hard time efficiently managing that large amount of data and providing users with better storage capacity.

Research from 2010 has suggested that up to 75 percent of all produced data is actually duplicated. Recently, owners of an open source “deduplication” solution suggested that reducing that duplicated data could clear up to 95% of storage space. The problem is, for cloud storage services to remove (“deduplicate”) data, they need to be able to recognize it without violating users’ privacy.

Now, a team of researchers at A*STAR Data Storage Institute in Singapore has managed to develop a system called HEDup that allows cloud storage providers to recognize data without sacrificing clients’ security.

The new system works by using a separate key server that assigns a secure key to the data that will be encrypted and then uploaded for storage. Because duplicate data will have the same key (can only be accessed for encryption and decryption purposes by data owners), the cloud storage provider can then use homomorphic encryption to determine – without actually reading the data – whether the information is a duplicate.

Source:

ScienceDaily (https://www.sciencedaily.com/releases/2017/04/170429212501.htm)

A new study conducted by computer science researchers at Karlstad University shows few people actually know how their personal information is being collected, used, shared and accessed. But with new EU General Data Protection Regulation (GDPR) coming next year, there will be higher demands on the possibility for users to access their own personal data.

Next year, we can expect the new EU GDPR to be applied, which will bring the possibility for users to access their own data. Basically, all net-based services that store personal information will be required to provide the possibility for users to access and download their own data. Although that is good news for users, it’s not enough. Just downloading personal data is not helpful for most people because they need to be able to visualize that information in a proper way in order to truly understand it.

That’s why Farzaneh Karegar, a doctoral student in computer science, and her colleagues decided to develop a tool – Data Track – that could help people download and visualize their personal data.

With Data Track, people will be able to download and visualize their own personal information from service providers such as Google and Facebook. They will also be able to change data saved remotely on the Internet simply by downloading and editing it and then uploading it again.

Source:

Karlstad University via ScienceDaily (https://www.sciencedaily.com/releases/2017/04/170404124415.htm)