ALL BLOG POSTS AND COMMENTS COPYRIGHT (C) 2003-2019 VOX DAY. ALL RIGHTS RESERVED. REPRODUCTION WITHOUT WRITTEN PERMISSION IS EXPRESSLY PROHIBITED.

Tuesday, January 28, 2020

Amazon feeding data to Facebook

The Electronic Frontier Foundation reports that Amazon's Ring automatically sends private user data to Facebook:
Amazon’s Ring smart doorbell surveillance product has been caught sending user data to Facebook and other companies without making Ring users aware their data was being shared. That’s according to an investigation from the Electronic Frontier Foundation (EFF). What’s even more alarming is Ring users are having their data sent to Facebook even if they themselves don’t have Facebook accounts.

The EFF examined Ring’s latest Android app and found that it had four unlisted trackers sending Ring user data back to four websites including branch.io, mixpanel.com, appsflyer.com, and facebook.com. This is despite Ring’s privacy policy, which purports to list all the trackers being used in its software. That privacy policy was last updated over a year and a half ago and doesn’t list three of the four new trackers discovered.

So what data is Ring sending to Facebook and other companies? The EFF says the information includes “the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.”
This really isn't that hard. Don't use smart home technology. It's all spy-on-you-in-your-home technology.

Labels: ,

31 Comments:

Blogger General Grudge January 28, 2020 12:05 PM  

I always found it interesting how all these companies put such an effort into finding out peoples private data. I think there is way more to it than just marketing and advertising. I feel there is even more to it than just cooperation with government agencies. I fear there are secret contracts with shadow government types that use this data to program a new and dangerous form of AI. Something akin to the Mark of the Beast. I feel there is just too much effort and competition for just a little advertising data.

Blogger MagisterLudi January 28, 2020 12:06 PM  

Quelle surprise

Blogger The Depolrable Podunk Ken Ramsey January 28, 2020 12:11 PM  

It's hard to argue that you agreed to the terms of service when you haven't opened an account. But what do I know? Maybe if you install a doorbell you've agreed to everybody's terms of service. Might as well remove the door and let the whole world in!

Blogger Rough Carrigan January 28, 2020 12:30 PM  

Gosh, it's almost as though they're both deep state fronts just naturally working together.

Blogger 🐻Drew🐻 January 28, 2020 12:32 PM  

I'm not very tech savvy, but I'm curious if WiFi connected security cameras are doing the same thing?

Blogger Jed Mask January 28, 2020 12:33 PM  

Hmmm... Yep, yep. Good call Mr. Vox. Thanks again...

~ Bro. Jed

Blogger Ominous Cowherd January 28, 2020 1:14 PM  

🐻Drew🐻 wrote:I'm not very tech savvy, but I'm curious if WiFi connected security cameras are doing the same thing?
In general, I think you have to assume that anything which can phone home, does phone home.

If you have wifi in or near your home, don't have any devices that might have wifi in or near your home - no wifi cameras, no wifi toasters or refrigerators, no nothin'.

Remember that your phone is phoning home with all your data, wifi or not. Don't put anything on your phone that you wouldn't send to Uncle Sam and Uncle Xi, because your phone probably copies them both.

Blogger Warunicorn January 28, 2020 1:37 PM  

I've resisted this long and don't see that ending anytime soon.

"But look at the convenience!" they say. Yeah, at least I won't look like I'm participating in a scene straight out of George Orwell's "1984".

Kindly reminder: "1984" is a great book. Maybe it'll shoot back up to the bestseller list once Trump is elected again. As we all know, SJWs don't know the book is about them, because Rule III: SJWs always project.

Blogger pdwalker January 28, 2020 1:46 PM  

This really isn't that hard. Don't use smart home technology. It's all spy-on-you-in-your-home technology.

i’ll tell this to anyone who asks me about this.

i love tech, but outside of my compromised computers and mobile devices, i will never let any other “smart” device into my home.

yes, i know. my mobile devices are just as bad, but it’s a compromise i have to live with right now.

Blogger Randomatos January 28, 2020 1:59 PM  

That depends on how you configure them. If you leave them on default settings on an internet-connected network, all you've done is give the bored nerds and govs of the world a live-feed of something you find important enough to monitor.

Blogger Mocheirge January 28, 2020 2:26 PM  

One Ring to hear them all
One Ring to see them
One Ring to record them all
And with the NSA store them.

Blogger Nate January 28, 2020 2:45 PM  

we use tons of smart home stuff.. but we also have the equipment and the skill to monitor the traffic and see what is doing what. so far the nest cams and echo branded devices have been well behaved.

Blogger Nate January 28, 2020 2:49 PM  

something is going on with amazon and facebook. the facebook portal thing is like a facebook branded echo device. makes me think there are shenanigans afoot

Blogger peacefulposter January 28, 2020 3:05 PM  

Forget Ring. Facebook probably has all the data on everyone who has used Amazon dot com.

Blogger rycamor January 28, 2020 3:16 PM  

And we were assured more than a year ago that all the Ring shenanigans were over. Ring has been a case in point for Zuckerberg's argument that privacy is over, and no one really cares.

Yet Another Intel Vulnurability and once again, we are to the point where 99.99% of mankind responds with a collective yawn. This vulnerability essentially makes almost anything hosted on the Cloud suspect.

Oh wait... maybe the key is in the name: "Intel".

A smart friend of ours reminded me of his 2nd favorite saying today: effect signals intent.

Blogger Unknownsailor January 28, 2020 3:29 PM  

Nate wrote:we use tons of smart home stuff.. but we also have the equipment and the skill to monitor the traffic and see what is doing what. so far the nest cams and echo branded devices have been well behaved.

This should be the norm.

If you cannot set up and run a Pi-Hole, and know on a fundamental basis what that Pi-Hole does, you should not have any IoT/Smart Home devices in your home. You cannot corral a misbehaving device even if you wanted to, because you cannot determine when one is misbehaving in the first place.

Blogger Azure Amaranthine January 28, 2020 3:46 PM  

"I always found it interesting how all these companies put such an effort into finding out peoples private data. I think there is way more to it than just marketing and advertising."

One thing follows another. Marketing and advertising are part of figuring out how to manipulate the input and output of human beings. The more information you get about the workings of human beings, the more effective your manipulations. Privacy? If they can take yours away of course they will, welcome to being the guinea pig if they can make you the guinea pig.

"In general, I think you have to assume that anything which can phone home, does phone home."

They wouldn't add the ability if they didn't intend it to be used. The most conscientious thing you're going to see is the factory default being "automatic phone home enabled". From there you get no option to turn it off, then tamper seals that void the warrantee, then tamper seals that are part of the blatantly illegal terms of use, and designed to destroy the device if opened.... Then you have to have a working one in order to get medical insurance, or a loan, or electrical service.

Blogger Ominous Cowherd January 28, 2020 3:57 PM  

Nate wrote:we use tons of smart home stuff.. but we also have the equipment and the skill to monitor the traffic and see what is doing what.
I have to deal with PLCs and computers and such crap at work. I definitely don't want more of the same at home.

At work it's all air-gapped, so anything which must phone home stops working.

Blogger OneWingedShark January 28, 2020 4:15 PM  

rycamor wrote:Oh wait… maybe the key is in the name: "Intel".
Perhaps they aren't trustworthy; perhaps they are the ones baking vulnerabilities into the chips as some have raised concerns about China-sourced chips.

Blogger Dwayne Thundergrit January 28, 2020 4:35 PM  

My sister got a pacemaker implanted that reports to the hospital regularly and signals her and the hospital if anything is going out of whack. She swears she gets all kinds of junk mail both on line and through the mail since she had it implanted and some of it more detailed than she thinks it should be.

I thought she was just seeing an increase in that stuff due to having gotten a pacemaker implanted but maybe not. This makes me wonder who is handling the data flow for the pacemaker that connects to her regular doctor and the nearest hospital.

Blogger Akulkis January 28, 2020 5:21 PM  

"we use tons of smart home stuff.. but we also have the equipment and the skill to monitor the traffic and see what is doing what. so far the nest cams and echo branded devices have been well behaved."

Make sure nothing is using TOR networking. TOR is specifically designed (by the Navy, for undercover intelligence officer) to make suspicious network traffic look innocuous by not sending/receiving packets from/to .mil IP addresses. Then they released it to the world, so that their traffic wouldn't turn into conviction anyway by being the only traffic sending and receiving TOR protocol packets.

OneWingedShark wrote:rycamor wrote:Oh wait… maybe the key is in the name: "Intel".

Perhaps they aren't trustworthy; perhaps they are the ones baking vulnerabilities into the chips as some have raised concerns about China-sourced chips.


This could very well explain why AMD chips manage to have more throughput for the same clock-speed, and have also generally been in the lead vs Intel in terms of putting more processing cores on one chip (AMD was also the first to put a GPU right on the same die as an x86_64 CPU).

If Intel has been putting spyware (in terms of both extra circuitry, and also extra microcode software) this would explain AMD's ability to get the same performance for less money than any Intel near-equivalent, and more performance for the same money as any Intel near-equivalent.

Blogger rycamor January 28, 2020 5:41 PM  

@Dwayne Thundergrit

The fact is, once the data is collected, from *anywhere*, it can be fed into the social media system. If they have your name and your email, and a phone #, they can match you up to a social media account almost 100% of the time, even if you try to use different emails for different things.

Yes there are supposedly laws to prevent this leakage across the system, but the simple technical fact is that it is ridiculously easy to spread data around these days. It's about like expecting the drug laws to work.

And this is without taking into account the literally thousands of hacks and vulnerabilities discovered every day (not to mention the ones not discovered). It is pretty much not safe to assume that your data is safe. You must assume from the get-go that your private information will be out there, except for that information that you have literally not shared anywhere.

Blogger rycamor January 28, 2020 5:45 PM  

Akulkis wrote:
If Intel has been putting spyware (in terms of both extra circuitry, and also extra microcode software) this would explain AMD's ability to get the same performance for less money than any Intel near-equivalent, and more performance for the same money as any Intel near-equivalent.


AMD took the long road. This is why their performance lagged behind Intel for a long time. But, while Intel was getting fat, greedy and complacent, AMD kept on working at.

However, I would not at all be surprised if Intel has been selling vulnerabilities off to various bidders. With the latest discovered ones, we are probably down to hacks paid for by Somali warlords or Guatemalan drug traffickers.

Blogger Rex Leroy King January 28, 2020 5:55 PM  

Rex Leroy's Second Law: Effect signals intent.

Blogger Meng Greenleaf January 28, 2020 9:03 PM  

I think we've all had this experience?.

I don't have a Facebook, I don't have any Amazon products in my home. I do use WhatsApp, Line and WeChat. I have an Android phone. I normally connect to a VPN. I usually use Brave. I regularly open Chrome in incognito.

I'd say I'm typical.

I'm visiting a friends house for dinner. He's an IT manager and I assume he probably understands the systems, but he doesn't use VPN. When I mentioned I always use VPN his response was why? Hiding something? I said yes, me 😄 We chatted a bit about his pool. He said he stopped using it even though he has kids age 7 and 8 because it's a pain to keep clean.

Immediately I was blasted with pool cleaning products. It was insane. Machinery, chemicals, nets. Ads flashed across my home PC, my phone, everywhere. I went to eBay or Amazon and had pool supplies ads all over the place. Gmail, my work laptop in Chrome, everywhere. It went on for about a week.

I mentioned this to the IT friend and he said it was a coincidence and I'm paranoid.

LOL?!

Could it be a coincidence that immediately after leaving his home I was inundated with pool supply ads? Maybe. Probably not.

Blogger Servant January 28, 2020 11:33 PM  

If you install the eye of sauron on your door I'm thinking you are retarded.

While looking into making a phone that doesn't spy on me, I discovered the purism phone. Hard wired switches, claim safe os. I won't get it, as I'm dropping smart phone completely ideally, but seemed interesting.

Blogger Lightning Hands January 29, 2020 9:16 AM  

As the article points out, the data is sent by the app, not the hardware.

Hardware can be locked out from internet access but phone OSs unless rooted will send that information full steam.

Blogger Boomer55 January 30, 2020 11:53 AM  

I don't like to think this, but it's probably the truth. What Russia and China do "at the front desk" is what the US does "in the back basement behind the blast doors."

Blogger Christopher January 31, 2020 2:07 PM  

Is it just me, or is spell check more annoying lately? On a bunch of different types of pages? Is it possible there's some collusion going on where they are trying to encourage us to use voice commands and in that way open up more pathways to collect data? I feel like there's more annoying spell checking on the front end recently as opposed to where they run-the-search but also ask 'did you mean this other thing?'

Blogger Peter Lacey February 02, 2020 9:32 PM  

Like all tech. its good, its the use that's the problem. Those offended should be demanding that Ring provides an Opt Out and disable these data forwarding arrangements.

Blogger Akulkis February 03, 2020 7:07 PM  

Would you actually trust an Opt Out selection provided on a Ring device to actually shut off the eavesdropping data?

Knowing these types, choosing the Opt Out would would set a time, and until it expires, the "share telemetry data and imaging with 5 known-to-violate-privacy corporations" behavior would cease (so when the evaluaters at various sites test it... they would see no unauthorized traffic while looking for such packets with Wireshark and similar software.

Anywhere from a day to a week later, the timer expires, and the data starts getting sent again.

I don't trust these companies or their products in the slightest.

Raspberry Pi hardware is cheap, and a Raspberry Pi Zero is around $5, and can has the processing power to handle 2 cameras (both USB *OR* 1 USB and 1 dedicated RPi camera slot), and runs on practically nothing with regard to electricity.

Post a Comment

Rules of the blog
Please do not comment as "Anonymous". Comments by "Anonymous" will be spammed.

<< Home

Newer Posts Older Posts