 Apple says it will roll out a new privacy control in the spring to prevent iPhone apps from secretly shadowing people. The delay in its anticipated rollout aims to placate Facebook and other digital services that depend on such data surveillance to help sell ads. Although Apple didn't provide a specific date, the general timetable disclosed Thursday means a long-awaited feature known as App Tracking Transparency will be part of an iPhone software update likely to arrive in late March or some point in April. After delaying the planned September introduction of the safeguard amid a Facebook-led outcry, Apple had previously said it would come out early this year. Apple released the latest update as part of Data Privacy Day, which CEO Tim Cook will salute during a speech scheduled Thursday at a technology conference in Europe. Apple has been holding off to give Facebook and other app makers more time to adjust to a feature that will require iPhone users to give their explicit consent to being tracked. Analysts expect a significant number of users to deny that permission once it requires their assent. Currently, iPhone users are frequently tracked by apps they install unless they take the extra step of going into iPhone settings to prevent it. Facebook stepped up its attacks on Apple’s new privacy control last month in a series of full-page ads in The New York Times, The Wall Street Journal, and other national newspapers. That campaign suggested some free digital services will be hobbled if they can’t compile personal information to customize ads. On Wednesday, CEO Mark Zuckerberg questioned Apple's motives with the changes, saying the iPhone maker “has every incentive” to use its own mobile platform to interfere with rivals to its own messaging app. “Apple may say that they are doing this to help people, but the moves clearly track their competitive interests,” Zuckerberg said. Google, which also relies on personal data to power the internet's biggest ad network, hasn't joined Facebook in its criticism of Apple's forthcoming controls on track. Google profits from being the default search engine on the iPhone, a prized position for which it pays Apple an estimated $9 billion to $12 billion annually. But Google warned in a Wednesday blog post that Apple’s new controls will have a significant impact on ad revenue generated from iPhones in its digital network. Google said a “handful” of its iPhone apps will be affected by the new requirement, but did not identify which ones. “We remain committed to preserving a vibrant and open app ecosystem where people can access a broad range of ad-supported content with confidence that their privacy and choices are respected,” wrote Christophe Combette, group product manager for Google Ads. Follow this and other developments on OUR FORUM.  MeWe, a social media app centered around data privacy, has seen a surge in downloads in recent weeks as Big Tech companies crackdown on user content. The app that calls itself the "anti-Facebook" added 2.5 million new users last week, bringing its total userbase to 16 million -- 50% of which live outside the U.S., MeWe spokesperson David Westreich told Fox Business. "People all over the world are leaving Facebook and Twitter in droves because they are fed up with the relentless privacy violations, surveillance capitalism, political bias, targeting, and newsfeed manipulation by these companies," Westreich said. "MeWe solves these problems." He added that the platform "is the new mainstream social network with all the features people love and no ads, no targeting, no newsfeed manipulation, and no BS." MeWe, which said it surpassed 8 million users in June, ranked No. 7 overall and No. 4 among social media apps by U.S. iPhone downloads on Jan. 10, according to mobile data and analytics provider App Annie. The week prior to that date, MeWe sat outside the top 1,400 apps overall and at No. 66 among social apps, App Annie found. The app on Thursday sat at No. 14 among social media apps on the App Store and No. 13 among all free apps on Google Play after several days of skyrocketing downloads. The app told ZDNet that its users spikes frequently when people are looking for an alternative social media app to Facebook, Twitter, and the like that does not infringe on the privacy of its users. The website's "About" tab says MeWe users have control over their own interaction and privacy settings, and the platform does not sell or share user data with advertisers. "The big technology companies, you know who they are, had reverted to treating [users] as commodities," MeWe's website states. "They somehow mistook people signing up to use their services as a welcome invitation to target, track, spy, and sell our information to advertisers and the government. All in all, it felt pretty creepy." MeWe aims to offer an alternative to those websites by offering "decency, privacy, and respect for social media users." Other social media and communication apps with a focus on privacy have also seen surges in downloads over the last two weeks after the Jan. 6 Capitol riot. Big Tech companies including Facebook, Instagram, Twitter, and YouTube have made a number of policy changes and updates since the riot in an effort to quell violent or conspiratorial rhetoric on their platforms. The policy changes have promoted social apps that do not censor content or emphasize data privacy like Parler, DuckDuckGo, Signal, and Telegram to see spikes in user numbers. Encrypted messaging app Signal, for example, ranked No. 1 among overall and social media apps by U.S. iPhone downloads on Jan. 9 and Jan. 10. The week prior, it ranked No. 927 among overall apps and No. 45 among social apps, according to App Annie. DuckDuckGo, a search engine and Google alternative that does not profit from user data hit No. 1 among overall U.S. iPhone downloads and No. 1 among utility apps on Jan. 10, up from No. 308 and No. 14, respectively, the week before. "These types of shifts in messaging and social networking apps are not unusual," Amir Ghodrati, director of market insights at App Annie, said in a statement. "Due to the nature of social apps and how the primary functionality involves communicating with others, their growth can often move quite quickly, based on current events. We’ve seen growing demand over the last few years for encrypted messaging and apps focused on privacy." Learn more at OUR FORUM.  Attackers hid inside Windows systems by wearing the skins of legit processes. The SolarWinds hackers triggered one of their Cobalt Strike implants in the firm's network through a cunning VBScript that was activated by a routine system process, Microsoft has said. Microsoft's deep dive, published yesterday following SolarWinds' own take on the malware, repeated earlier findings that the hackers went to unusual lengths to disguise their intrusion and avoid detection. Specifically, the compromised DLL file was quietly deployed onto targeted systems by mimicking legitimate file names – and the attackers worked between 8 am and 5 pm to increase the odds of not being spotted. It continued: "Applying this level of permutations for each individual compromised machine is an incredible effort normally not seen with other adversaries and done to prevent full identification of all compromised assets inside a network or effective sharing of threat intel between victims." Much of the infosec commentary around the SolarWinds supply chain attack has reused the tired old clichés of stating the attackers were sophisticated, advanced, cunning, soft, strong, thoroughly absorbent, and so on. In this case, the clichés appear to be true because the attackers "first enumerated remote processes and services running on the target host" and only moved through the target network "after disabling certain security services." Those techniques included editing the Windows registries of target machines to disable autostarting of security processes – and then waiting until the target machine was rebooted before moving in for the kill. "The combination of a complex attack chain and a protracted operation means that defensive solutions need to have comprehensive cross-domain visibility into attacker activity and provide months of historical data with powerful hunting tools to investigate as far back as necessary," Microsoft sighed. The analysis includes indicators of compromise and techniques used by the attackers to skate around SolarWinds's networks but, unusually for infosec research, expresses them in plain English that any averagely skilled IT pro can follow. It's well worth a read. The attackers also used the mildly unusual reflective DLL loading attack technique. A full explanation can be read here, also from Microsoft. Briefly, the technique allows malicious DLL files to be loaded into a process without first having been registered with it – and does so from memory, via a custom loader deployed by the attacker, rather than pulling it from a potentially detectable disk location. Relatedly, custom Cobalt Strike loaders developed by the hackers strongly resembled "legitimate Windows file and directory names, once again demonstrating how the attackers attempted to blend in the environment and hide in plain sight," said MS. The autopsies of the biggest supply chain attack for years will doubtless continue, but one thing's for sure: whichever nation-state was behind it, they really knew what they were doing and really didn't want to be caught in the act. Follow this thread and more on OUR FORUM.
|
Latest Articles
|