MacInTouch Amazon link...

Apple security and privacy

Channels
Apple, Security
That is not true. Safari has had security holes before that permitted JavaScript code to affect the machine, there are likely holes now, and certainly will be more in the future.
Of course there are vulnerabilities, known and likely unknown today. And Pwn2Own has annually shown what is possible, with a heavy focus on Safari and WebKit recently, but that simply results in Apple's scramble to develop patches to prevent such holes from being exploited with an actual threat attack.

Threats are the main focus of anti-malware developers. There is very little that they could do to counter vulnerabilities, especially of the 0-day variety. That responsibility must always fall to the systems and applications developers. I know there has been a lot of talk about AI to counter the unknown for several years now, but progress in that area has been glacial, with little or no payoff.
 


Ric Ford

MacInTouch
Trying to make some sense out of Apple's security systems:
Kirk McElhearn said:
The chain of trust in Apple's devices
A lot of computer security is based on trust. Your devices verify that you are, indeed, an authorized user, through the use of user names and passwords. And your devices trust services and servers, through a series of certificates and "trusted third parties" who work through a cascading system of verification and authentication.

If you use Apple devices, the company has its own chain of trust that allows you to use multiple devices in concert. Each link of this chain is carefully designed to ensure its reliability, and each link also enhances other links in the chain. This can seem complex, but when you break it down into its component parts, it's a lot easier to understand....
 


Ric Ford

MacInTouch
I thought this was interesting....
ZDNet said:
iOS apps could really benefit from the newly proposed Security.plist standard
Earlier this month, security researcher Ivan Rodriguez proposed a new security standard for iOS apps, which he named Security.plist.

The idea is simple. App makers would create a property list file (plist) named security.plist that they would embed inside the root of their iOS apps.

The file would contain all the basic contact details for reporting a security flaw to the app's creator. Security researchers analyzing an app would have an easy way to get in contact with the app's creators.

Rodriguez said the idea for Security.plist came from Security.txt, a similar standard for websites, that was proposed in late 2017.

Security.txt is currently going through an official standardization process at the Internet Engineering Task Force (IETF), but it has been widely adopted already, and companies like Google, GitHub, LinkedIn, and Facebook, all have a security.txt file hosted on their sites, so bug hunters can get in touch with their respective security teams.

#security.txt #security.plist
 




Apple may be forced to make concessions or withdraw from the Russian market. It will be interesting to see if Apple will continue to fight for privacy rights over profits.
US News & World Report said:
Putin Signs Law Making Russian Apps Mandatory on Smartphones, Computers
Russian President Vladimir Putin on Monday signed legislation requiring all smartphones, computers and smart TV sets sold in the country to come pre-installed with Russian software.

The law, which will come into force on July 1 next year, has been met with resistance by some electronics retailers, who say the legislation was adopted without consulting them.

The law has been presented as a way to help Russian IT firms compete with foreign companies and spare consumers from having to download software upon purchasing a new device.

The country's mobile phone market is dominated by foreign companies including Apple, Samsung and Huawei. The legislation signed by Putin said the government would come up with a list of Russian applications that would need to be installed on the different devices.
 



This looked interesting and useful:
Trail of Bits said:
Introducing iVerify, the security toolkit for iPhone users
Today, Trail of Bits launched iVerify, a user-friendly iPhone security toolkit, now available for download in the iOS Apple Store. iVerify makes it easy to manage the security of your accounts and online presence with simple instructional guides. Crucially, it also detects security anomalies on your iPhone or iPad.
 


Ric Ford

MacInTouch
Apple may be forced to make concessions or withdraw from the Russian market. It will be interesting to see if Apple will continue to fight for privacy rights over profits.
And, in perhaps related news...
Reuters News said:
China's facial recognition rollout reaches into mobile phones, shops and homes
China on Sunday put into effect new regulations that require Chinese telecom carriers to scan the faces of users registering new mobile phone services, a move the government says is aimed at cracking down on fraud.

... There has been U.S. blowback over the work Chinese firms like Megvii and SenseTime have played in Beijing’s treatment of Muslim minorities. The United States expanded its trade blacklist in October to include these firms, and others, barring them from buying components from U.S. companies without U.S. government approval.

... The People’s Daily on Saturday called for an investigation, saying one of its reporters had found face data could be found for sale on the Internet, with a package of 5,000 faces costing just 10 yuan ($1.42).

Last week, China’s Internet regulator announced new rules governing the use of deepfake technology, which uses AI to create hyper-realistic videos where a person appears to say or do something they did not.
#security #privacy #AI #facerecognition #surveillance
 


It has been reported that Apple's iPhone 11 Pro continues to collect location information under some circumstances even when the user thinks they have turned off such ability.
Krebs on Security said:
The iPhone 11 Pro’s Location Data Puzzler
One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

The privacy policy available from the iPhone’s Location Services screen says, “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.”
 


It has been reported that Apple's iPhone 11 Pro continues to collect location information under some circumstances even when the user thinks they have turned off such ability.
The article doesn't say that. Note:
The iPhone 11 Pro’s Location Data Puzzler
The device still seeks the user’s location when each app and system service is set to “never” request location information (but with the main Location Data service still turned on).
Location Data service is 'on' here, not off. If the location service is on, then there should be some expectation that it is being used by something. What is being pointed out is there isn't some fine-grained "slider" to every single system usage of Location Manager. It is not that phone will use Location Manager even if you turn it all the way off.

If this is about the Wi-Fi base and cell tower locations, it isn't substantively about the iPhone system's (or 'attached user') location at all. A broadcast tower's location is given away implicitly and indiscriminately as part of its function ("I'm here, possibly use me."). How that is a "privacy" issue for the broadcast location is a huge stretch.

This could be below the iOS system level also – the radios pulling some location data to make an adjustment to better local compliance.

The expectation that there is a fine-grained switch for everything possible isn't particularly [valid]. Again from the article:
Granted, the latest versions of iOS give users far more granular control over the sharing of this data than in the past, especially with respect to third-party apps.
Historically, that control hasn't been there. iOS broadens the scope of controls, but there is no declaration that it's universal. It is also the case that not all of the software/firmware on a iPhone is written by Apple.

If this mystery location access happened with the cellular, wi-if, and bluetooth all turned off, then it would be weird. There are cellular roaming and wi-fi sliders in the system services, but those may not be as coarse-grained as folks presume them to be.
 


Ric Ford

MacInTouch
What is being pointed out is there isn't some fine-grained "slider" to every single system usage of Location Manager. It is not that phone will use Location Manager even if you turn it all the way off.
This is yet another example of Apple hiding things, which is a concern to me in general. As I've mentioned before, Apple also hides processes when you view Settings > Battery to see what's draining your iPhone battery when no apps are running at all and you're not using the iPhone for anything, yet it constantly drains.

As a limited and rare exception, you can at least see "System" space in Settings > General > iPhone Storage.

Better yet, you can also see background/hidden usage broken down in Settings > Cellular > System Services, but there's nothing equivalent for battery drain or Location Services or WiFi usage, all of which I would very much like to see.

In macOS 10.12, at least Activity Monitor will display CPU and energy usage for system processes, as well as visible apps.
 


The Verge said:
Apple explains why the iPhone 11 is requesting location data without permission
Apple has finally clarified a peculiar and unsettling privacy issue with its newer iPhone 11 and iPhone 11 Pro models regarding location tracking. After security expert Brian Krebs revealed earlier this week that the latest iPhones request location data even when a user has toggled the appropriate privacy settings to avoid sharing that information, Apple is now telling TechCrunch that the culprit is its new ultra wideband technology. The company says it will provide a way to disable that in a future update, TechCrunch reports.

“Ultra wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations,” an Apple spokesperson said in a statement to TechCrunch. “iOS uses Location Services to help determine if iPhone is in these prohibited locations in order to disable ultra wideband and comply with regulations... The management of ultra wideband compliance and its use of location data is done entirely on the device and Apple is not collecting user location data.”
At the end of the article, they ask how Apple can let you disable location services for this if it is required by "international regulatory requirements". I assume they will have to disable ultra wideband tech (whatever that actually is) when you disable its ability to use location services.
 


The article doesn't say that. ... If this is about the Wi-Fi base and cell tower locations, it isn't substantively about the iPhone system's (or 'attached user') location at all. A broadcast tower's location is given away implicitly and indiscriminately as part of its function ("I'm here, possibly use me."). How that is a "privacy" issue for the broadcast location is a huge stretch.
I will stand by what I posted. The connection is between my phone and the cellular tower for my carrier. Why does any of this data need to go back to Apple?

All of this may be working as Apple intended, but there seems to be a misunderstood dichotomy between what Apple says it is doing about our data and security versus what is happening in the real world. For example:
Business Insider said:
A security expert found that Apple's latest iPhone can still track your location data, even if you toggle it off for every app
Some iPhone owners may find this misleading, based on Apple's apparent commitment to privacy. Recent ads for the company refer to all the private information held on a phone, and end by saying "Privacy. That's iPhone." On Apple's privacy page, the company goes even further, describing privacy as a "fundamental human right" and "core value." The company states: "We design Apple products to protect your privacy and give you control over your information. It's not always easy. But that's the kind of innovation we believe in."
That was the point I was emphasizing and the reason for my choice in material to post. The fact that this situation caused Mr. Krebs, a well known security expert, to make note of what was going on should be worth our interest as well. I do not believe there is anything particularly sinister in what the iPhone is doing; however, Apple is not being transparent either. This to me is the bigger problem and one discussed many times in this forum alone, and one worthy of discussion.
This is yet another example of Apple hiding things, which is a concern to me in general. As I've mentioned before, Apple also hides processes when you view Settings > Battery to see what's draining your iPhone battery when no apps are running at all and you're not using the iPhone for anything, yet it constantly drains.
Obfuscation is perhaps another symptom of the lack of transparency at Apple. I would love to see a more robust effort on Apple's part for documentation or instruction on how things should work, though I would not be in a position to stand in judgement over what those policies should be. Perhaps we are asking too much from such devices, and a simpler solution would go a long way to alleviating much of this misunderstanding and confusion. Do we really need a smartphone as complex to use as trying to solve Unified Field Theory?
 


It has been reported that Apple's iPhone 11 Pro continues to collect location information under some circumstances even when the user thinks they have turned off such ability.
Quelle surprise.
Locatify said:
What is the new Apple U1 chip, and why is it important?
As the technology becomes cheaper it’s also being introduced to situations like... delivering analytics (and Ads) in retail stores...
Apple's new "Find My" service creates a worldwide mesh network of Apple devices which can transmit and receive over cellular, WiFi and Bluetooth, communicating position to other Apple gear. The new U1 chips will enable that communication even if "standard" radios are off, and because UWB is so energy-efficient, the OS could be designed to shut those down and just use UWB to extend operating duration.

Apple patented UWB enhancements for iBeacons, enabling communication from mobile devices through Apple proprietary wired stationary transceivers.

Apple's U1 will transmit/receive data at 4x the speed of Bluetooth. It can geolocate to a precision of two inches.

While this will surely enable recovery of misplaced iPhones, it's another technical tool that further reduces privacy.

A couple of articles worth reading, if you're interested:

Wired: The Biggest iPhone News Is a Tiny New Chip Inside It
Computerworld: New tech inside iPhone 11 is the future of everything
 


Ric Ford

MacInTouch
The fact that this situation caused Mr. Krebs, a well known security expert, to make note of what was going on should be worth our interest as well. I do not believe there is anything particularly sinister in what the iPhone is doing; however, Apple is not being transparent either.
And some more about that...
Engadget said:
Apple explains why the iPhone 11 is always checking your location
... The claim lines up with developer Will Strafach's determination that the location activity doesn't leave the iPhone, and suggests that there's no reason to be concerned about the behavior. However, Apple's response is drawing concern. The company initially declined to comment on the location findings, and doesn't clearly tell users that these location checks will still happen. In other words, people had room to speculate about sinister purposes rather than an up-front explanation that might have settled things much sooner.
 


Ric Ford

MacInTouch
It has been reported that Apple's iPhone 11 Pro continues to collect location information under some circumstances even when the user thinks they have turned off such ability.
Here's a follow-up from Brian Krebs, one of the very best security journalists:
Krebs on Security said:
Apple Explains Mysterious iPhone 11 Location Requests — Krebs on Security
KrebsOnSecurity ran a story this week that puzzled over Apple‘s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data. Today, Apple disclosed that this behavior is tied to the inclusion of a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it.

... It is never my intention to create alarm where none should exist; there are far too many real threats to security and privacy that deserve greater public attention and scrutiny from the news media. However, Apple does itself and its users no favors when it takes weeks to respond (or not, as my colleague Zack Whittaker at TechCrunch discovered) to legitimate privacy concerns, and then does so in a way that only generates more questions.
 


If this mystery location access happened with the cellular, wi-if, and bluetooth all turned off, then itwould be weird.
Yes, it is weird. Always was, too. I was on Easter Island (middle of Pacific Ocean) last year. One village has cell and internet service. Nothing outside of the village. My daughter pulls out her iPhone 8 and asks me how Google Maps can track us as we walk around the island. I look at my iPhone 7 (iOS 10)... see the same thing. I make sure that wifi, bluetooth, data services, location services, etc. are all turned off. Didn't matter. Looking close at the map, I saw that our position error ranged from 0-100 feet. That answered it. We were [located] by GPS alone....
 


The maps.me app is an excellent tool that we used during our seven week long road trip from Cape Town, SA to Nairobi, Kenya during October and part of November this year. Even little dirt spurs were shown on the map as we moved. All done by GPS (all other services turned off in my settings on my iPhone Xs Max (512GB). One can download maps for a lot of the continents.

Even shows your road speed and estimated time of arrival. Arrival time was way off as the speed of advance on the roads was actually quite low to to low speed limits and speed bumps that required nearly a dead stop to go over to not damage tires or suspension.
 


Ric Ford

MacInTouch
The maps.me app is an excellent tool...
I was curious about its provenance... and followed this trail:
  1. site:apps.apple.com maps.me at DuckDuckGo
  2. ‎MAPS.ME – Offline Map & Nav
  3. My.com Press Room
  4. http://press.my.com/media/redactor/CorpBackgrounder.pdf
    (This document looks very strange to me when opened in Affinity Publisher... but it made mention of Mail.Ru in conjunction with maps.me when viewed in Preview, but I couldn't copy the text....)
  5. Mail.Ru - Wikipedia
What could possibly go wrong?
 


Apple's shaky approach to documentation continues.

The notes in Apple's "About the security content of..." documents typically may describe some fixes as being available for macOS High Sierra, macOS Mojave, and macOS Catalina, while other patches will be described as being available for Catalina or perhaps some other macOS release. This seems to suggest that if the description for a fix only mentions Catalina, then only Catalina received that fix, but that suggestion may be incorrect.

For example, today's "About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra" document indicates that a fix for tcpdump is "Available for: macOS Catalina 10.15" and that it fixes 32 CVE issues by updating to tcpdump version 4.9.3 and libpcap version 1.9.1.

While no mention of the tcpdump's availability for High Sierra or Mojave is made, I checked and saw that in today's updates also bumped those releases of macOS from tcpdump 4.9.2 to 4.9.3 and from libpcap 1.8.1 to 1.9.1.

I didn't bother to check other fixes for broader than documented coverage, but given the state of Apple's documentation practices, it's hard to regard Apple's documentation of its own products as definitive.

(Note: I posted a slightly different version of this comment to Howard Oakley's article about today's update on his site.)

#applesecurity #appledocumentation #applequality
 


While musing about security I had the thought to run
dscl . list /Users
and I was absolutely dumbfounded by the vast number of hidden users, i.e. users IDs starting with "_" and others

I only did this because I wanted to check if MacPorts was listed, because I intended to remove it. It showed up as a "regular" users i.e. no "_" but is not listed in Users & Groups.

So how can we verify that they are legit? System Preferences > Users & Groups only shows my admin account, my wife's standard user account and the guest account which is disabled.

Wow! I am stunned!
 


While musing about security I had the thought to run
dscl . list /Users
and I was absolutely dumbfounded by the vast number of hidden users, i.e. users IDs starting with "_" and others. I only did this because I wanted to check if MacPorts was listed, because I intended to remove it. It showed up as a "regular" users i.e. no "_" but is not listed in Users & Groups. So how can we verify that they are legit? System Preferences > Users & Groups only shows my admin account, my wife's standard user account and the guest account which is disabled.
Check out this link, which explains to some degree the issue. Many that you see are hidden OS routines (thank Unix).
StackExchange/Super User said:
 


Not sure what you have been reading, but I and everyone I know who upgraded to High Sierra found it to be much more reliable and stable. Also note that Sierra has been abandoned by Apple and is no longer receiving Security Updates.
Still on macOS Sierra 10.12.6 here. Today SilentKnight installed XProtect 2110 and MRT 1.51, which I think are security updates. Since recently upgrading to Sierra I have been pleased with my MacBook Pro 9,2 as far as stability is concerned. However, I do not do any heavy audio or video processing.
 


Ric Ford

MacInTouch
Ooops...
BleepingComputer said:
Apple to Fix Bug That Bypasses Communication Controls for Kids
Apple rolled out the Communication Limits feature in iOS 13.3 on Tuesday with a bug that allows kids to bypass parental controls that prevent them from talking to anyone that is not in the contacts list.

The miss on Apple's part allows children with an iPhone or an iPad configured with Communication Limits to add a new number to the address book in order to bypass the restriction imposed by the feature.

A few tests carried out by CNBC showed that the option is not working as advertised on devices where contacts are not backed in iCloud but other services, like Google's Gmail.

After setting up Communication Limits on an iPhone updated to iOS 13.3, CNBC found that adding to the address book an unknown number that texted the mobile device is still possible, allowing voice, FaceTime, or text message exchange.
#applequality
 


Still on macOS Sierra 10.12.6 here. Today SilentKnight installed XProtect 2110 and MRT 1.51, which I think are security updates.
Yes, those are certainly security related anti-malware updates and are still being provided to El Capitan and above. What I was referring to was Security Updates to patch vulnerabilities in macOS and Apple applications.
 



Ric Ford

MacInTouch
Ugh...
Elcomsoft said:
BFU Extraction: Forensic Analysis of Locked and Disabled iPhones
In Apple’s world, the content of the iPhone remains securely encrypted until the moment the user taps in their screen lock passcode. The screen lock passcode is absolutely required to generate the encryption key, which in turn is absolutely required to decrypt the iPhone’s file system. In other words, almost everything inside the iPhone remains encrypted until the user unlocks it with their passcode after the phone starts up.

It is the “almost” part of the “everything” that we target in this update. We’ve discovered that certain bits and pieces are available in iOS devices even before the first unlock. In particular, some keychain items containing authentication credentials for email accounts and a number of authentication tokens are available before first unlock. This is by design; these bits and pieces are needed to allow the iPhone to start up correctly before the user punches in the passcode.
 


Ric Ford

MacInTouch
Meanwhile:
Apple said:
Apple Security Bounty
... In order to be eligible for an Apple Security Bounty, the issue must occur on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration and, where relevant, on the latest publicly available hardware. These eligibility rules are meant to protect customers until an update is available, ensure Apple can quickly verify reports and create necessary updates, and properly reward those doing original research. Researchers must:
  • Be the first party to report the issue to Apple Product Security.
  • Provide a clear report, which includes a working exploit (detailed below).
  • Not disclose the issue publicly before Apple releases the security advisory for the report. (Generally, the advisory is released along with the associated update to resolve the issue). See terms and conditions.
Issues that are unknown to Apple and are unique to designated developer betas and public betas, including regressions, can result in a 50% bonus payment. Qualifying issues include:
  • Security issues introduced in certain designated developer beta or public beta releases, as noted on this page when available. Not all developer or public betas are eligible for this additional bonus.
  • Regressions of previously resolved issues, including those with published advisories, that have been reintroduced in a developer beta or public beta release, as noted on this page when available.
 





It strikes me as more than a little... ironic?... to have Apple and Facebook telling us what we "want" for privacy....
It was one of the reasons I felt it worthwhile to post here. Looks like it will be live streamed. There should at least be some commentary of the event afterwards.
 


Ric Ford

MacInTouch
Apple has issued new updates to its invisible anti-malware mechanisms:
Eclectic Light Co. said:
Apple has pushed updates to XProtect and MRT
Apple has pushed two updates today, to the data files used by XProtect, bringing its version number to 2111, dated 7 January 2020, and to its malware removal tool MRT, bringing it to version 1.52, also dated 7 January 2020.

... A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan, Sierra, High Sierra, Mojave and Catalina, available from their product page.
 


Ric Ford

MacInTouch
It seems that your iPhone can get Apple Pay charges without you even knowing it...
New York Post said:
Apple Pay glitch saddles NYC straphangers with accidental charges
Dozens of straphangers have been slugged with bogus charges by the MTA’s new fare readers — simply by walking past them.

The OMNY tap-and-go fare readers have been taking a $2.75 charge from people who have enabled a passcode-skipping Apply Pay service — which allows straphangers to enter the subway with a swipe of their iPhone at the turnstile — even while trying to use a regular MetroCard.

#applepay
 



Ric Ford

MacInTouch
An Ars Technica article describes the implications of "Checkra1n", a major new iOS "jailbreak":
And now you can get it on Windows, too, as Ra1nUSB.
ValueWalk said:
Ra1nUSB is Checkra1n alternative for Windows: How to use it - ValueWalk
Checkra1n is one of the best jailbreaks that we have seen so far. It is easy to use, supports the latest OS and is almost unpatchable. However, it suffers from one major drawback – it still does not support Windows. So, those who don’t have a Mac can’t use the Checkra1n jailbreak. However, there is one Checkra1n alternative for Windows that can be used, called Ra1nUSB.

Ra1nUSB can jailbreak iOS 12.3 through iOS 13.3 and works on both Intel and AMD-based systems. Moreover, it supports all iPhones from iPhone 5S through iPhone X. Before we detail the steps to use this Checkra1n alternative for Windows to jailbreak your iPhone, let’s go over the things that you will need first.

#jailbreak #applesecurity #iphones #Ra1nUSB #Checkra1n
 


Ric Ford

MacInTouch
... There's no doubt that dedicated AI chip features are coming to all our devices. Users may get some benefits, but I do have to wonder if they won't mostly end up being used as Apple does, to gather data about you and your use of the device, process it on the device, then phone the highly processed shorthand version home?
Certainly not to condone, in any way, horrible, illegal abuses, but it's clear now that Apple is scanning everyone's images in iCloud using AI...
Ubergizmo said:
Apple Is Now Scanning Uploaded iCloud Photos To Check For Child Abuse
... It is unclear if other companies perform similar scans to photos uploaded to their cloud, but this is something that Apple themselves have announced. While this is no doubt a good thing, it does highlight how items stored in the cloud might not be as private as you might think.

#applesecurity #appleprivacy
 


Ric Ford

MacInTouch
Meanwhile, here's the flip side of Apple security/privacy, symbolized by FBI demands and companies selling iPhone cracking technology to governments etc.
Forbes said:
U.S. Launches Fresh Assault On Apple’s ‘Warrant-Proof Encryption’
he U.S. government has launched fresh attempts to try to stop Apple and other tech companies locking up user data with encryption.

On Monday, NBC reported that the FBI had written a letter to Apple, asking it to help unlock two iPhones belonging to the Saudi aviation student Mohammed Saeed Alshamrani, who is alleged to have killed three people at a Naval Air Station in Pensacola, Florida, before being shot and killed by police in December. It risks reviving a battle with Apple that started with the case of a terrorist shooting in San Bernardino in 2015. Apple declined to help the government unlock the iPhone of the shooter in that case, leading to a protracted legal battle that ended when an unknown third party managed to retrieve information from the device.
 


Ubergizmo said:
Apple Is Now Scanning Uploaded iCloud Photos To Check For Child Abuse
...it does highlight how items stored in the cloud might not be as private as you might think.
Anyone who thinks anything stored in any cloud is (somehow?) "private" is living in a dreamworld. We have accepted the trade-off between privacy and convenience. Sometimes I tell myself that, at least, there's so much more interesting and useful data in the cloud than my own... that I needn't worry much about privacy.

I think I'm more worried about "security" of my data than about its privacy. But the NYT recently published a very interesting and revealing series called "The Privacy Project."
 


Amazon disclaimer:
"As an Amazon Associate I earn from qualifying purchases."

Latest posts