Trinity Mount Ministries

Showing posts with label computer. Show all posts
Showing posts with label computer. Show all posts

Tuesday, September 21, 2021

The Dark Side of Apple’s New Child Safety Features

 


by Siddharth Parmar

Quote card courtesy of Opinion. In early August, Apple announced some new child safety features, slated to arrive in the upcoming updates to iOS, macOS and iPadOS. The first change is that the Messages app warns minors (and their parents) of sexually explicit images and gives parents the option to be alerted if a child views or sends such an image. The second involves Siri and Search being tweaked to intervene when someone makes queries related to Child Sexual Abuse Material (CSAM) . The last, and most major, introduces automatic on-device matching of photos (stored inside iCloud Photos) against a database of known CSAM content. If the system discovers enough flagged pictures, a report will be sent to a moderator for evaluation. If the moderator confirms the assessment, Apple will decrypt the photos and share them with the relevant authorities. 

 These new features were announced with the stated intent of protecting children from sexual predators, and they do sound like measures with great intentions behind them. But the changes have been met with considerable backlash and feelings of betrayal.

Of the three features, the changes to Siri and Search have been generally uncontroversial. The others, however, have seen massive opposition, ranging from discontent about the tweak to the Messages app to outrage about the CSAM scanning. So much so that Apple was forced to delay (but not stop) the implementation of these features.  

It may still be unclear to you why there even is opposition or why I’m asking you to be scared.

Even if well-intended, these new features are a massive invasion of privacy and have the potential to inflict serious damage. Coming from Apple, a company that prides itself on taking customer privacy seriously (extending even into their advertisement’s music choices), this is a huge disappointment.

The largest change is the monitoring of peoples’ Photos app. Some might be tempted to think the detection process itself is novel and problematic. This emotion is a natural spillover from tech’s well-documented issues with image scanning and detection. For example, studies show facial recognition software from IBM, Amazon and Microsoft have all underperformed for people of color and women. Recognition software is only as good as its training dataset. Train it on a homogenous dataset, and it will struggle with diversity when used.  

These are valid concerns, but they are not the whole picture. While it is not common knowledge, it is commonplace for major cloud service providers to scan for CSAMs hosted on their platform. This occurs with the help of a database of known CSAM content maintained by the National Center for Missing and Exploited Children and a few checks to prevent false reports. 

If this is an established procedure with checks in place to avoid false flagging, why is there backlash at all? The answer lies in where Apple is conducting these scans.  

Traditionally, all of this happens on a company’s servers which cannot see the contents of end-to-end encrypted data. Apple’s purported scanning will occur on-device, with an option to decrypt photos if need be. That’s very dangerous since end-to-end encryption doesn’t hide information from the device itself, which could lead to a potential backdoor for cyberattacks.  

Speaking of cyberattacks, Apple only recently came out with a security patch to protect iPhones from spyware attacks, which could turn on the camera and microphone on-demand and read messages and other local data, all without any visible sign. Apple, like any other tech giant, is only a few steps ahead of attackers at any given time (and perhaps a few steps behind as well in some cases). 

This leads to other issues. Countries could put pressure on Apple to report photos it finds objectionable, such as photos of protests or dissenters. Will Apple always be able to say no?

Even if Apple does manage to resist these demands, many companies sell software exploits that give access to devices to governments. These are all scary scenarios. So while the cause for Apple’s new software updates may be noble, the risks are too high to be considered safe.  







Thursday, August 6, 2015

Windows 10 wipes your child safety settings if you upgrade from 7 or 8:


Are you a Windows 10 converts responsible for young computer users? Be on your guard. Child-friendly Family Features from Windows 7 and 8 won’t be recognized or accepted in the new operating system.

Rather, children using Windows 10 PCs are seen as standard users; no dedicated child-user account exists.

That means any existing age-related website controls, app and game restrictions, PC time limits, plus your ability to view recent activity, won’t work on Windows 10.

Adults must now create a completely new set of family settings through a long-winded procedure in Windows 10 that requires the child’s participation.

Microsoft had explained the new controls, here, but the details will be lost on many millions following Microsoft’s advice to run Windows 10 on existing PCs.

Even those getting early builds of Windows 10 got caught out. Those unaware their old settings won’t work now risk exposing children on Windows 10 to porn, violence and other online dangers once they’ve upgraded.

A Microsoft spokesperson pointed out you should receive – when you upgrade – a Check Family Safety tip with a link to how to create fresh settings.

But Reg reader Paul Dove, who conducted an experimental upgrade, has blasted Microsoft for putting children at risk with Windows 10. Dove also criticised Microsoft’s process for creating a new child’s account in the OS.

That process involves sending the child or children in your family in invitation via email that they must then accept. Dove, however, reckoned the savvy young user is able to turn off the new security settings in Windows 10.

He was able to change the new child account to a local account and effectively remove protections simply by clicking on the Windows 10 start button, then on the name at the top, and then on Change Account Settings.

“Microsoft should be ashamed of itself,” Dove told The Reg. “Not making sure that this was fixed before releasing Windows 10 it has put many children at risk."

"I might not have realized that after upgrading Windows 7 to Windows 10 the Family Safety needs to be re-done," he added.

Dove recommended three steps Microsoft should now take to help Windows 10 converts.
These are: checking for previous use of Windows Live Family Safety and to automatically disable children's accounts until the Windows 10 machine has been properly set up; scrapping the whole invitations process for set-up via a PC administrator; and offering a wizard that guides people through the set-up.

Defending Windows 10 and Microsoft, a spokesperson told us: “We will continue to roll out new Windows 10 Family features over time. We designed Windows 10 as a service, and we’ll keep listening to our customers. If there are ways to make improvements, we will do so.”


 http://www.TrinityMount.Info

Thursday, August 9, 2012

FBI - New Internet Scam:





New Internet Scam

‘Ransomware’ Locks Computers, Demands Payment
08/09/12
There is a new “drive-by” virus on the Internet, and it often carries a fake message—and fine—purportedly from the FBI.
“We’re getting inundated with complaints,” said Donna Gregory of the Internet Crime Complaint Center (IC3), referring to the virus known as Reveton ransomware, which is designed to extort money from its victims.
Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.
The bogus message goes on to say that the user’s Internet address was identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been associated with child pornography sites or other illegal online activity. To unlock their machines, users are required to pay a fine using a prepaid money card service.
“Some people have actually paid the so-called fine,” said the IC3’s Gregory, who oversees a team of cyber crime subject matter experts. (The IC3 was established in 2000 as a partnership between the FBI and the National White Collar Crime Center. It gives victims an easy way to report cyber crimes and provides law enforcement and regulatory agencies with a central referral system for complaints.)
“While browsing the Internet a window popped up with no way to close it,” one Reveton victim recently wrote to the IC3. “The window was labeled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age porn viewing, or computer-use negligence. It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. Instructions were given on how to load the card and make the payment. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen.”
The Reveton virus, used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses—first came to the attention of the FBI in 2011. The IC3 issued a warning on its website in May 2012. Since that time, the virus has become more widespread in the United States and internationally. Some variants of Reveton can even turn on computer webcams and display the victim’s picture on the frozen screen.
“We are getting dozens of complaints every day,” Gregory said, noting that there is no easy fix if your computer becomes infected. “Unlike other viruses,” she explained, “Reveton freezes your computer and stops it in its tracks. And the average user will not be able to easily remove the malware.”
The IC3 suggests the following if you become a victim of the Reveton virus:
  • Do not pay any money or provide any personal information.
  • Contact a computer professional to remove Reveton and Citadel from your computer.
  • Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
  • File a complaint and look for updates about the Reveton virus on the IC3 website.
Resources