Tag: privacy

Zoom to provide privacy notifications for video conferences

Article – From the horse’s mouth

Zoom (MacOS) multi-party video conference screenshot

Zoom to introduce privacy disclosure for enhanced functionalities during a video conference

Zoom

Zoom Rolls Out In-Product Privacy Notifications – Zoom Blog

In-Product Privacy Notifications – Zoom Help Center (Detailed Resource)

Previous Coverage on videoconferencing platform security

A call to attention now exists regarding videoconferencing platform security

My Comments

As the COVID-19 coronavirus plague had us homebound and staying indoors, we were making increased use of Zoom and similar multi-party video conference software for work, education and social needs. This included an increased amount of telemedicine taking place where people were engaging with their doctors, psychologists and other specialists using this technology.

Thus increased ubiquity of multi-party videoconferencing raised concerns about data-security, user-privacy and business-confidentiality implications with this technology. This was due to situations like business videoconference platforms being used for personal videoconferencing and vice versa. In some cases it was about videoconferencing platforms not being fit for purpose due to gaping holes in the various platforms’ security and privacy setup along with the difficult user interfaces that some of these platforms offered.

During August 2020, the public data-protection authorities in Australia, Canada, Hong Kong, Gibraltar, Switzerland and the UK called this out as a serious issue through the form of open letters to the various popular videoconferencing platforms. There has been some improvement taking place with some platforms like Zoom implementing end-to-end encryption, Zoom implementing improved meeting-control facilities and some client software for the various platforms offering privacy features like defocusing backgrounds.

Zoom has now answered the call for transparency regarding user privacy by notifying all the participants in a multi-party videoconference about who can save or share content out of the videoconference. This comes in to play with particular features and apps like recording, transcription, polls and Q&A functionality. It will also notify others if someone is running a Zoom enhanced-functionality app that may compromise other users’ privacy.

There is also the issue of alerting users about who the account owner is in relation to these privacy issues. For corporate or education accounts, this would be the business or educational institution who set up the account. But most of us who operate our personal Zoom accounts would have the accounts in our name.

Personally, I would also like to have the option to know about data-sovereignty information for corporate, education or similar accounts. This can be important if Zoom supports on-premises data storage or establishes “data-trustee” relationships with other telco or IT companies and uses this as a means to assure proper user privacy, business confidentiality and data sovereignty. A good example of this could be the European public data cloud that Germany and France are wanting to set up to compute with American and Chinese offerings while supporting European values.

Another issue is how this will come about during a video conference where the user is operating their session full-screen with the typical tile-up view but not using the enhanced-functionality features. Could this be like with Websites that pop up a consent notification disclosing what cookies or similar features are taking place when one uses the Website for the first time or moves to other pages?

It will be delivered as part of the latest updates for Zoom client software across all the platforms. This may also be a feature that will have to come about for other popular videoconferencing platforms like Microsoft Teams or Skype as a way to assure users of their conversation privacy and business confidentiality.

Should we be managing multiple email accounts?

Windows Live Mail client-based email interface

Multiple email accounts may be beneficial to your privacy and work-life balance.

Some of us may find it convenient to handle all of our email through one account. The advantages that are often seen include dealing with one inbox and sending from one account.

But we are increasingly entering a world where we have to deal with multiple email accounts.

Why run multiple email accounts?

One reason this is becoming important is to keep business and private email separate. Here, it may be about preserving a separate business and social persona, or simply to delineate your time between home and work activity. Similarly, the separate email address for business / work email is an advantage in preserving a professional appearance.

As well, the correspondence associated with your personal email address that you maintain yourself isn’t subject to the same kind of legal scrutiny that the correspondence associated with your business email address would be subject to. This is important if your workplace or business is to change hands or is a party to legal action of any sort.

People who have a public-facing business life such as politicians or celebrities will maintain a public-facing email address to maintain an email correspondence consistent with that public-facing role. This is becoming more important where people in the public eye are becoming more vulnerable to “dirt-digging” – the practice of trawling for any information to discredit one’s reputation.

This practice is also becoming important with the emails we “tie” with various social-network presences. Here, we may want to operate a professional-looking persona on the public-facing social-media profiles while keeping a private persona that you have on your personal social-media profiles.

The situation extends to where we have our email address on material that the public have easy access to, whether it’s that notice on the church noticeboard or our entry on that petition.

Those of us who engage in online dating are having to find that maintaining a separate email address for use with dating apps and Websites gives us greater control over what potential suitors know about us. It may also offer a chance to control when they can contact us while keeping this life private from family or work.

Account types list in the Add Account option including option to add POP3 or IMAP4 accounts

It also applies to businesses and organisations who maintain a public-facing email address that is written on the public-facing material. This keeps a professional appearance and keeps your staff’s business and private email more private. Similarly, you can maintain multiple email address for particular job descriptions or workflow requirements.

Conversely, some of us maintain a separate email address that we give to marketers or online email newsletters as a crude method of spam control. Similarly, separate email addresses are being seen as important as a failover measure should one email server crash or as a security verification means for email services.

How is this achieved?

Who will provide the email inboxes

email settings in Samsung Android email app

Add Account option in email settings on Android (Samsung) email app

Your workplace will give you an email address that is tied to your tenure with that employer. The provision of a tied email address will also apply for most college students or staff who have access to college IT resources. If you run a small business or other organisation with a Web presence and own domain name, your Webhost or domain name provider will offer at least one email inbox under the main domain name you purchased.

Most ISPs or telcos will provide you with at least one email inbox as part of your Internet-service deal. It will be something that is very common with fixed-line Internet service especially from major providers.

Of course, there are the Webmail providers like Outlook.com and Gmail who will provide you at least one email address for free. It also includes the secure email hosts who provide a secure user experience at a premium price.

Now we are seeing the rise of dedicated service providers who provide email inboxes as their main business. Such providers will offer Web-based or standard client-based access to these mailboxes.

What to look for

Samsung Android email app account types

Account types offered by the Samsung Android email app

A feature I consider very important for email accounts is that they support multiple-device access and full “on-the-road” use. Typically it would mean use of a major Webmail host or a host that implements “hosted Exchange” or IMAP4 email protocols. This is important where we use a mobile device or secondary laptop computer to work our emails and want to work our email from anywhere.

You may find that a Webmail interface that allows the operation of multiple accounts from competing services may come in handy if you are using shared computers or public computing facilities.

How do you handle the multiple email inboxes

Different users may manage their email from multiple accounts using one of two paths. One is to use a single interface for all of the email accounts, with the other being to use different interfaces for different accounts.

It may include having all your personal email accounts operated with one interface like a Webmail interface while your work or business email accounts are operated with another interface like a business-optimised email client.

One email interface for all accounts

Most email interfaces, whether Web-based or client-based, will support the operation of multiple email accounts. In this case, using the one interface will underscore the idea of going to one email interface for all of your email activity.

Your email interface will have an option in its account-management settings to add or delete email accounts. Most of the current interfaces will have a “quick-setup” routine for the popular Webmail providers; and will have a setup option for accounts using Microsoft Exchange, POP3 or IMAP4 accounts.

Receiving email

The user experience for reading your email will have separate inboxes for each of the accounts you manage. You may also find that some of the email interfaces like the GMail Web interface may offer a combined-inbox view for all of your email accounts with better interfaces using visual clues to differentiate each account.

Sending email

Should you send an email, you will be asked to choose which account you use to send your email via.

On some email interfaces where you choose the account you are operating at the moment like Windows 10’s Mail app, the account you are operating would be the one you send your email via. Other interfaces may require you to determine which account you send the email from when you click the “Send” button. As well, most of these interfaces may offer a default-account setting for new email, with the option to override this when you compose your new message.

The default behaviour for replying and forwarding would be to use the email service you received the email via for sending the replies or forwarding the email.

Your contacts list

Of course the contact list kept in your email interface will, in most cases, be shared amongst all of the accounts you operate.

Different email interfaces for different accounts

On the other hand, some of us may choose to operate each inbox with its own interface setup. This may be due to an email client not handling multiple inboxes how we want it or simply to delineate the operation of each inbox as a separate task.

This is a simple task with operating each interface with its own account. You will have to copy across contact details you want to use across multiple accounts if you operate them with separate interfaces.

A combination of this situation and the former situation will apply if you choose to operate some accounts with one interface and others with another interface. This is a useful practice for those of us who want that “church and state” separation between business and personal or public and private email activity.

Conclusion

Operating multiple email accounts may come in to play as a measure to protect your privacy and manage our email inbox properly.

You can find out what Cortana has recorded

Article

Harman Invoke Cortana-driven smart speaker press picture courtesy of Harman International

You can also manage your interactions with the Harman-Kardon Invoke speaker here

How to delete your voice data collected by Microsoft when using Cortana on Windows 10 | Windows Central

My Comments

Previously, I posted an article about managing what Amazon Alexa has recorded when you use an Amazon Echo or similar Alexa-compatible device.

Now Microsoft has a similar option for Cortana when you use it with Windows 10. This is also important if you use the Harman-Kardon Invoke smart speaker, the Johnson Controls GLAS smart thermostat as long as they are bound to your Microsoft account.

Windows 10 Settings - Accounts - Manage My Microsoft Account

Manage your Microsoft Account (and Cortana) from Windows 10 Settings

In most instances such as your computer, Cortana may be activated by you clicking on an icon on the Taskbar or pressing a button on a suitably-equipped laptop, keyboard or other peripheral to have her ready to listen. But you may set her up to hear the “Hey Cortana” wake word to listen to you. This may be something that a Cortana-based smart device may require of you for expected functionality when you set it up.

This may be a chance where Cortana may cause problems with picking up unwanted interactions. But you can edit what Cortana has recorded through your interactions with her.

Here, you go in to Settings, then click on Accounts to open the Accounts screen. Click on Your Info to which will show some basic information about the Microsoft Account associated with your computer.

Privacy dashboard on your Microsoft Account management Website

Privacy dashboard on your Microsoft Account management Website

Click on “Manage My Microsoft Account” which will open a Web session in your default browser to manage your Microsoft Account. Or you could go directly to https://account.microsoft.com without needing to go via the Settings menu on your computer. The direct-access method can be important if you have to use another computer like a Mac or Linux box or don’t want to go via the Settings option on your Windows 10 computer.

Microsoft Account Privacy Dashboard - Cortana Interactions highlighted

Click here for your Cortana Voice interaction history

You will be prompted to sign in to your Microsoft Account using your Microsoft Account credentials. Click on the “Privacy” option to manage your privacy settings. Then click on the “Activity History” option and select “Voice” to view your voice interactions with Cortana. Here, you can replay each voice interaction to assess whether they should be deleted. You can delete each interaction one by one by clicking the “Delete” option for that interaction or clear them all by clicking the “Clear activity” option.

Details of your voice interactions with Cortana

Details of your voice interactions with Cortana

Your management of what Cortana has recorded takes place at the Microsoft servers in the same vein to what happens with Alexa. But there will be the disadvantage of Cortana not having access to the false starts in order to use her machine learning to understand your voice better.

These instructions would be useful if you are dealing with a Cortana-powered device that doesn’t use a “push-to-talk” or “microphone-mute” button where you can control when she listens to you.

Keeping hackers away from your Webcam and microphone

Article

Creative Labs LiveCam Connect HD Webcam

Software now exists so you can gain better control over your Webcam

How To Stop Hackers From Spying With Your Webcam | Gizmodo

My Comments

A privacy issue that is being raised regarding the use of cameras and microphones connected to your computer is the fact that malware could be written to turn your computer in to a covert listening device.

Those of us who use a traditional “three-piece” desktop computer and have a physically-separate external Webcam may find this an easier issue because you cam simply disconnect the camera from your computer. But the issue of your Webcam or your computer’s microphone being hacked to spy on you would be of concern for those of us who have the camera or microphone integrated in the computer as with portable or all-in-one equipment, or the monitor which is something that could be offered as a product differentiator by display manufacturers.

The simplest technique that has been advocated to deal with this risk is to attach an opaque sticker or opaque sticky tape over the camera’s lens. Some computer and monitor manufacturers have approached this problem using a panel that slides over the Webcam as a privacy shield. But you wouldn’t be able to control the use of your computer’s integrated microphone unless it had a hardware on-off switch.

Most of the mobile computing platforms require that newly-installed software that wants to use the camera, microphone, GPS device or other phone sensors have to ask permission from the phone’s owner before the software can be installed or use these devices. The Apple iOS App Store even vets software to make sure it is doing the right thing before it is made available through that storefront and this is also becoming so for software sold through the Google Play Android storefront and the Microsoft Store Windows storefront.

Lately there have been some software solutions written for the Windows and Macintosh platforms that allow you to take back control of the camera and microphone due to the fact that these regular-computer platforms have historically made it easier for users to install software from anywhere. But I would also suggest that you scan the computer for malware and make sure that all of the software on the computer, including the operating system, is up-to-date and patched properly.

One of these solutions is Oversight which has been written for the Macintosh platforms and can detect if software is gaining access to your Mac’s Webcam or microphone. It also can detect of two or more programs are gaining access to the Webcam which is a new tactic for Webcam-based spyware because it can take advantage of people using the Webcam for business and personal videocalls and record these conversations. The user has the ability to allow or block a program’s access to the Webcam or microphone.

For the Windows platform, a similar program called “Who Stalks My Cam” detects events relating to your computer’s Webcam such as software wanting to acquire material from it.  This has the abilities for you to stop a program that is using the Webcam running or to shut down the Webcam process. But there is also the ability to track processes that are running while the computer system is idle because some spyware processes can be set up to come alive when the system isn’t being actively used. The program even allows you to “whitelist” programs that you trust like over-the-top communications programs or video-recording software so that it doesn’t get in their way.

The ability to track usage of attached / connected cameras and microphones or similar hardware like GPS units by software running on your computer will end up becoming part of a typical desktop/endpoint security program’s feature set as people become concerned about the use of these devices by spyware. This is in conjunction with operating systems also hardening access to devices that can be used to spy on their users by implementing software certification, sandboxing, privileged access and similar techniques.

It is definitely another threat vector that we are being concerned about when it comes to data security and personal privacy.

Popular Internet-based communications platforms to be secure

WhatsApp Android screenshot courtesy of WhatsApp

WhatsApp – the pioneer for security-focused online communications for consumers

Some of the popular over-the-top messaging and VoIP platforms are being equipped for personal privacy and security.

This was a feature typically pitched at high-stakes business users but is now being pitched at everyday consumers thanks to the saga occurring in the USA between FBI and Apple where the FBI were wanting the encrypted data held on a suspect’s iPhone.

At the moment, WhatsApp and Viber are offering secure-communications features but this could be rolled out by other messaging/VoIP/videocall platform vendors like Skype, Facebook or Apple. For that matter, WhatsApp have recently made their platform from a subscription-funded platform to a free-to-user platform. They will continue to raise money by offering business-focused WhatsApp communications services.

Platform-wide best-case encryption by default

One of the main features is platform-wide end-to-end encryption which is implemented to “best-case standards” by default.

This means that the data that represents your calls and messages is encrypted by the end devices. Along with that, the user’s public and private keys associated with the encryption algorithm don’t stay on the company’s servers, thus not being at risk of a subpoena or other court order or government mandate. Rather, these are created by the end-user’s device and kept there.

The reference to “best-case” operation in this situation is that if the users are communicating with the latest version of the software that supports newer encryption algorithms, these algorithms are used for the encryption process. This even applies to group conversations where the “best-case” encryption method is implemented if all the correspondents are using the client apps that support that algorithm.

Authentication of contacts and their devices

As part of key exchange between contacts, there is an emphasis on authenticating one’s contacts with some systems like WhatsApp preferring a “face-to-face” method or others like Viber requiring you to read and confirm a password during a call. The former method that WhatsApp implements is for you to scan a QR code

Here, this is about whether you are really talking with the user on their device, in order to circumvent situations like lost or stolen phones, users installing their SIM cards in different devices and “man-in-the-middle” attacks. It was highlighted in Graham Cluley’s blog article about improving your security with WhatsApp.

This will typically be highlighted through the use of an indicator in your contact list that shows if a contact has been authenticated or if they have switched devices.

Concealed text/image conversations

Viber - Hide This Chat

Viber with its ability to conceal a conversation

Viber introduced to their platform the ability for one to conceal a text/image conversation which can come in handy if you are exploiting their functionality to use tablets or regular computers as endpoints for Viber conversations.

Here, you can conceal the conversation so that others cannot see it unless they enter a user-set PIN or password. Situations where this can be necessary could include an innocuous activity like arranging that surprise event through a personal conversation held in a workplace to a traveller who leaves their iPad in their hotel room which can easily be visited by Housekeeping staff.

On the other hand, you could be able to specify whether a text/image chat is to be kept on each other’s devices or to disappear like what has been valued with Snapchat.

Features that could surface in the name of security

As other online-communications platforms jump on to the secure-communications bandwagon, there could be the rise of different features or variations on the above features.

For example, a communications-platform client could implement client-level user authentication where the software can be set up to require the user to log in to the client to start a conversation. Or the primary communications device like the smartphone has to be near a secondary communications client like a laptop before the user can run the software. This feature may be considered of importance with tablets and regular computers likely to be used by other users.

To some extent, an operating system that implements multiple-user operation could allow an online-communications client to switch user profiles and phone numbers so it works totally personally to the user.

There could be the ability for a user to mandate device-level authentication or encryption before a conversation takes place with a contact. This could allow for one to be sure they are talking to the right correspondent.

Other methods of verifying contacts and devices could surface such as the use of NFC “touch-and-go” or Bluetooth data exchange as a way of authenticating users’ devices. The software could also exploit other hardware or software “secure elements” like Trusted Platform Modules as an alternative to SIM cards for Wi-Fi-only tablets or regular computers.

This could even extend to such things as “trusted networks” or “trusted locations” where your caller can know that you are talking privately, based on factors like wireless-network parameters or proximity to particular Bluetooth devices.

Conclusion

What is now happening is that secure online conversations, once a feature that was enjoyed by big business and government, is now becoming available to every individual in the street for free. This allows them to have online conversations without being eavesdropped upon.

France fields an online storage service that is a privacy-focused European alternative

Article (French language / Langue Française)

RKube : le cloud français | Ere Numerique

From the horse’s mouth

RKube

Product Page

My Comments

Map of Europe By User:mjchael by using preliminary work of maix¿? [CC-BY-SA-2.5 (http://creativecommons.org/licenses/by-sa/2.5)], via Wikimedia Commons

An online cloud storage that the Europeans call their own

The increased discontent in Europe about the NSA  spying on European citizens’ Internet activity has seen less trust in Internet services that are either hosted on American soil or chartered in the USA. This has also been augmented by recent activities where the German government “battened down the hatches” and even gave a CIA station chief located there the “royal order of the boot”.

As well, the French and Swiss worked on their own volume-wide disk encryption software such as VeraCrypt.

Similarly, the European Union recently won a European court case to assure EU citizens the “right to be forgotten” by major US-based search engines while an Austrian-based class action was launched against Facebook on privacy grounds.

Now the French have launched their own “cloud-driven” online storage as a competitor to the US-based online storage services like Dropbox, Box.com, OneDrive and Google Drive. Here, this operator have their servers on French soil and are totally subject to the rule of law in France. They also focus their offers around user privacy according to European norms. They even have the ability for you to create your own security key and implement secure anonymous file transfers.

Flag of France

Totally hosted on French soil

Like most of the online storage services, they offer client-side software for Windows, Macintosh OS X, iOS and Android while offering a simplified Web user experience for those of us who come in from Web browsers.

RKube will offer users a free 5Gb account or access to up to 500Gb for up to €49.90 / month.

But I also wonder who else in Continental Europe will run with online file storage or similar services in response to the loss of faith in American services by Europeans. It also extends to other services like search engines or social networks. Similarly, it could be interesting to know whether people who live outside Europe but are concerned about the privacy or confidentiality of their data could end up purchasing space on these services rather than the American services.

Europe being rattled by NSA issues looks towards doing business with its own companies

Article

Germany dumps Verizon for Deutsche Telekom over NSA spying | The Register

Previous Coverage on this topic

The French Have Fielded Another Alternative To TrueCrypt

My Comments

Map of Europe By User:mjchael by using preliminary work of maix¿? [CC-BY-SA-2.5 (http://creativecommons.org/licenses/by-sa/2.5)], via Wikimedia CommonsThe fallout from the NSA spying issues has effectively put Europe on notice. Previously, with the cessation of development for the TrueCrypt,encryption engine, the French and Swiss have worked on their own forks of that engine to keep it alive and to European values.

Now the German government have dumped Verizon Germany and shifted their general communications-technology business from Verizon Germany to Deutsche Telekom, although they implement the latter for their classified-communications needs. This is a country who was bitten twice by the menace of “big government” through the Third Reich and the West-Germany/East-Germany split and fell victim to Angela Merkel, their Chancellor, being spied on by the NSA.

As well, the European Union litigated for European citizens to have the “right to be forgotten” by enforcing Google to obliterate search details on a individual European citizen at their whim. There is even talk of allowing European-Union citizens to litigate in US courts against American-based companies who violate European privacy norms.

Could this mean that one or more European-based companies or consortiums establish search-engines, online-storage services, online-advertising networks, social networks or similar services making sure that this service conforms to and represents European values? Similarly, could people, companies and organisations around the world, like the SBS in Australia, who fear the kind of spying in the US while supporting and underscoring European values end up deserting American companies and start doing business with European businesses when it comes to their information and communications technology needs?

CEBit 2012

Introduction

The CEBit 2012 IT show in Hannover, Germany is one of may technology trade shows covering the European area where there is a strong crossover between product classes. It was positioned at work-based computing but is competing with Mobile World Congress in Barcelona, Spain (smartphones), Internationaler Funkaustellung in Berlin, Gernamy (consumer electronics) and Photokina in Cologne, Germany (digital imaging) as a European showcase platform for consumer and small-business information technology.

It has carried through the overall key trend of work-home computing and the always-mobile business life. This is more so with the emphasis on portable computing equipment and equipment to service the data cloud.

Key issues and trends in computing

Privacy and security in the online age

A key issue that has been raised through this year’s CEBIT show in Hannover is how US-based companies are limiting data privacy in the eyes of Europeans. Regular readers of HomeNetworking01.info may have seen articles being published about this issue, especially an industry interview that I did with Alastair MacGibbon and Brahman Thyagalingham, concerning the responsibility of service providers if something goes awry with the data in their care.

This was brought about through the recent privacy and security changes at Google as well as an increase of data being held “in the cloud”. There was also an underscoring of the improtance of trust concerning data in the Internet Age.

Technological trends

PCs and laptops

These “regular” computers have not been forgotten about even though there is a lot of interest in the tablets and smartphones. It has been led about through the imminent release by Microsoft of Windows 8 which is available as a consumer-preview version at the time of writing. One feature pitched about this operating system is that it was intended to bridge home and work computing lifestyles with mechanisms like Windows To Go “boot-from-USB” setups.

As well, there was the imminent release of the Ivy Bridge chipset and processor families by Intel with these offing graphics that are just close to “gaming quality” but with economical power consumption. There was a “Super SSD” drive also being premiered which had 512Gb of solid-state storage in a 2.5” housing for the current generation of portable computers.

This year has seen more of the Ultrabooks being released by the various manufacturers and in different variants.

An example of this was Acer showing their new range of equipment with the Timeline Ultra M3. This was a so-called “15-inch Ultrabook” which had an optical drive and NVIDIA GeForce discrete graphics, with variants available with a hard disk or solid-state-drive only for their secondary storage.

Acer had also premiered their V3 lineup of 14”, 15” and 17” budget-friendly laptops with the 17” variant having a Blu-Ray optical drive. They also premiered the V5 11”, 14” and 15” slim mainstream laptops with the 14” and 15” varieties being equipped with discrete graphics as an option.

Toshiba also fielded a variant of the Portege Z830-120 Ultrabook with WiDi Wi-Fi-driven display link technology and was promising a “brown-goods” LCD TV with WiDi display functionality. I would say that this function may appear in a higher-end LCD chassis which serves a particular run of high-end lounge-room sets.

Of course, there would be some computers that are positioned as “bridge” units between the regular laptop and the tablet, typically being equipped with a touchscreen and a keyboard at least. Examples of these would include ASUS “Transformer” variants with detachable keyboards or “swivel-head” convertible laptops. These could be based on either an ARM RISC microarchitecture or the classic Intel microarchitecture with them running Windows or Android. They would be pitched at those of us who like the touchscreen tablet experience but also want to use a proper keyboard to create content.

Smartphones and Tablets

The smartphone and tablet scene at this fair has been affected by two issues. One is Apple releasing their third-generation iPad with the higher-resolution “Retina” display and A5x graphics subsystem concurrently with this show, setting the cat among the pigeons. Of course, the patent fights are still on with Apple over tablet-computer design with some of the lawsuits still not resolved.

The other is that a lot of the smartphones and tablets destined for Europe were premiered at the previous Mobile World Congress in Barcelona, Spain. But there were a lot of the tablets being exhibited in Hannover.

Key features that were being put up included near-field communications which enabled “tap-and-go” payment and data transfer for these devices, larger screens for this device class, LTE wireless-broadband and DLNA implementation. As well, the Android devices are being released with quad-core processors, keyboard docks, glasses-free 3D, full HD graphics and other more attractive features.

As for LTE 4G wireless broadband, an increasing number of European mobile carriers are rolling out LTE networks through their market areas and are launching phones, tablets and modems that work with this technology.

Conclusion

What it sounds like is that the CEBit show is underpinning a mobile cloud-driven computing environment which is to support “regular” and mobile usage classes.

The recent Telstra security breaches–how were they handled?

Through this last year, there has been an increasing number of incidents where customers of high-profile companies have had their identifying data compromised. One of these incidents that put everyone in the IT world “on notice”, especially those involved in consuner-facing IT like ISPs or online services, was the Sony PlayStation Network / Qriocity break-in by LulzSec / Anonymous.

Close to that, I had attended a presentation and interview concerning the security of public computing services hosted by Alastair MacGibbon and Brahman Thiyagalingham from SAI Global, the report which you can see here.

The BigPond incident

Over the last weekend, Telstra had suffered a security breach that compromised the user details of some of their BigPond Internet-service customer base. This was through a customer-service search Webpage being exposed to the public Internet rather than Telstra’s own customer-service network.

The privacy compromise was discovered on Friday 9 December 2011 (AEDT) and mentioned on the Whirlpool forum site. It was in the form of an in-house “bundles” search page exposed to the Web with the database containing usernames, passwords and fully-qualified email addresses of a large number of the customer base at risk.

Telstra’s response

But Telstra had responded very quickly by locking down the BigPond customer email servers and Web-based self-service front-ends while they investigated the security compromise. The customers whose data was exposed had their passwords reset with them being required to call the BigPond telephone support hotline as part of the process.

As I do maintain an email account through this service for a long time, I had taken steps to change the password on this account. This was even though I wasn’t one of the customers that was subject to the aforementioned mandatory password reset.

Telstra also maintained a live channel of communication to its customers through their own Web sites, through updates to the main media channels and through an always-running Twitter feed. Once the email system was open for business, a follow-up email broadcast was sent to all BigPond customers about what happened.

My comments on how this was handled

Like the Sony PlayStation incident, this incident was one that affected a high-profile long-established brand which, like other incumbent telecommunications-service providers, was in a position where the brand has a bittersweet connotation. Here the brand is associated with a portfolio of highly-established high-quality stable telecommunications services but has had negative associations with poor customer service and expensive telecommunications services.

What I saw of this was that after the Sony incident and similar incidents against other key brands, the IT divisions for Telstra haven’t taken any chances with the data representing their customer base. They had quickly locked down the affected services and forced the necessary password-reset procedures in order to reduce further risks to the customers; as well as keeping customers and the public in the loop through their media, Web and Social-Web channels.

The Telstra incident also emphasised the fact that the risks can come from within an affected organisation, whether through acts of carelessness or, at worst, deliberate treacherous behaviour by staff. As I have said in the previously-mentioned interview and conference article, there needs to be data protection legislation and procedures in place in Australia so that a proper response can occur when these kinds of incidents occur.

Facebook Tip: Sending a private message or “does the message need to be on your Wall or your Facebook Friend’s Wall for all to see”

Through my use of Facebook, I have seen some other users post messages intended for a particular recipient on that recipient’s Wall. Some of the messages are meant to be particularly confidential between the sender and the recipient. There is a way of sending a 1-to-1 message privately between Facebook Friends. What you do is either to go the the Friend’s profile and click on the “Send <Friend’s name> a message” option under their picture; or click on the “Inbox” option and select “Compose New Message”. In the “To” box, type in the Friend’s name or e-mail address – this is made quicker through the use of “auto-complete” data entry based on your Friend list.

When you send your message, the recipient will get a notification of a “new message” with a number beside the Inbox header. As well, if the recipient has it so configured, the recipient’s Facebook account will send the message to their e-mail address.

I have written a short note about this in my Status Update on Facebook so all my Facebook Friends are reminded of this issue, but have updated my Status Update with another Facebook topic. I am sorry that this will appear again on Facebook because I have set up this blog to be simulcast on my Wall and this kind if information may be of use for those who follow this blog through other channels.

The same issue will appear with other social-networking Websites like Twitter or MySpace and you will have to know how to send a 1-to-1 message to a particular member of the site.