Samsung Warns Customers To Think Twice About What They Say Near Smart TVs

image

(ANTIMEDIA)  In a troubling new development in the domestic consumer surveillance debate, an investigation into Samsung Smart TVs has revealed that user voice commands are recorded, stored, and transmitted to a third party. The company evenwarns customers not to discusspersonal or sensitive information within earshot of the device.

This is in stark contrast to previous claims by tech manufacturers, like Playstation, who vehemently deny their devices record personal information, despite evidence to the contrary, including news that hackers can gain access to unencrypted streams of credit card information.

The new Samsung controversy stems from the discovery of a single haunting statement in the company’s “privacy policy,” which states:

“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

This sparked a back and forth between the Daily Beast and Samsung regarding not only consumer privacy but also security concerns. If our conversations are “captured and transmitted,” eavesdropping hackers may be able to use our “personal or other sensitive information” for identity theft or any number of nefarious purposes.

There is also the concern that such information could be turned over to law enforcement or government agencies. With the revelation of the PRISMprogram  by which the NSA collected data from Microsoft, Google, and Facebook — and other such NSA spying programs, neither the government nor the private sector has the benefit of the doubt in claiming tech companies are not conscripted into divulging sensitive consumer info under the auspices of national security.

Michael Price, counsel in the Liberty and National Security Program at the Brennan Center for Justice at the NYU School of Law, stated:

“I do not doubt that this data is important to providing customized content and convenience, but it is also incredibly personal, constitutionally protected information that should not be for sale to advertisers and should require a warrant for law enforcement to access.”

Responding to the controversy, Samsung updated its privacy policy, named its third party partner, and issued the following statement:

“Voice recognition, which allows the user to control the TV using voice commands, is a Samsung Smart TV feature, which can be activated or deactivated by the user. The TV owner can also disconnect the TV from the Wi-Fi network.”

Under still more pressure,Samsung named its third party affiliate, Nuance Communications. In a statement to Anti-Media, Nuance said:

“Samsung is a Nuance customer. The data that Nuance collects is speech data. Nuance respects the privacy of its users in its use of speech data. Our use of such data is for the development and improvement of our voice recognition and natural language understanding technologies. As outlined in our privacy policy, third parties work under contract with Nuance, pursuant to confidentiality agreements, to help Nuance tailor and deliver the speech recognition and natural language service, and to help Nuance develop, tune, enhance, and improve its products and services.

“We do not sell that speech data for marketing or advertising. Nuance does not have a relationship with government agencies to turn over consumer data…..There is no intention to trace these samples to specific people or users.”

Nuance’s Wikipedia pagementions that the company maintains a small division for government and military system development, but that is not confirmed at this time.

Despite protestations from these companies that our voice command data is not being traced to specific users or, worse, stored for use by government or law enforcement agencies, it seems that when it comes to constitutional civil liberties, the end zone keeps getting pushed further and further down the field.

For years, technologists and smart device enthusiasts claimed webcam and voice recording devices did not store our information. While Samsung may be telling the truth about the use of that data, there are countless companies integrating smart technology who may not be using proper encryption methods and may have varying contractual obligations to government or law enforcement.

Is it really safe for us to assume that the now exceedingly evident symbiotic relationship between multinational corporations and government agencies does not still include a revolving door for the sharing of sensitive consumer data?

This article (Samsung Warns Customers To Think Twice About What They Say Near Smart TVs) is free and open source. You have permission to republish this article under a Creative Commonslicense with attribution to Jake Anderson and theAntiMedia.org.Anti-Media Radio airs weeknights at 11pm Eastern/8pm Pacific. If you spot a typo, emailedits@theantimedia.org.

Advertisements

The Best Cloud Storage

image

Access your files anytime, anywhere, and from any device.

I’m a huge fan of using cloud storage and heavily depend on these services to store my files while keeping them secure and easily accessible at any time. I have used just about every different cloud provider that allows users a free account with free storage, which is basically all the major players in the cloud storage field.

I am sharing this information that was gained through research conducted on the best storage providers by Reviews.com. Find the article here.

According to the research, 45 different options (including 26 different apps) for cloud storage services were tested to find the pros and cons and to determine the best all around services.

The best cloud storage providers:

Dropbox

image
Dropbox

Best For:       Lightweight Users

Free Storage Space:     2GB

Cheapest Premium Option:     $9.99 for 1TB

File-Size Limit:     Varies

Server Location:    United States

iOS App User Rating:      3.5

Android App User Rating:     4.4

Windows App User Rating:     3.5

Google Drive

image
Google Drive

Best For:       Teams and Collaboration

Free Storage Space:      15GB

Cheapest Premium Option:       $1.99 for 100GB

File-Size Limit:         5TB

Server Location:       Worldwide

iOS App User Rating:       4.5

Android App User Rating:        4.3

Windows App User Rating:      3.9

OneDrive

image
OneDrive

Best For:       Devoted Windows Users

Free Storage Space:       15GB

Cheapest Premium Option:       $1.99 for 100GB

File-Size Limit:         10GB

Server Location:         Worldwide

iOS App User Rating:         4

Android App User Rating:        4.4

Windows App User Rating:     4.2

Box

image
Box

Best For:         Enterprise Solutions

Free Storage Space:        10GB

Cheapest Premium Option:       $10 for 100GB

File-Size Limit:       Varies

Server Location:         Worldwide

iOS App User Rating:        4

Android App User Rating:        4.2

Windows App User Rating:      4.4

The following is from the research done by Reviews.com

How We Found the Best Cloud Storage

We started by compiling a list of 45 different cloud-based software solutions and then we hit the books (well, the internet, that is). We read reviews from the top technology blogs, dissected user guides, toyed with a bunch of settings, and narrowed our list down to our top four recommendations using these five criteria:

1. We removed services that are focused primarily on media- and OS-level backups.

17 disqualified

Of the active users we surveyed, 53 percent primarily use cloud storage for media and file sharing, so our best picks had to be well-rounded, and not focused on automated, system-level backups.

2. We removed services that are just for business and have no personal option.

21 disqualified

Enterprise cloud solutions are technical, and include a plethora of features that most people either don’t need, or would find confusing, such as task management and user comments.

3. We cut all services without extensive support for OS X, Windows, Android, and iOS.

24 disqualified

A huge benefit of cloud storage is that it bridges the gap between operating systems. We only passed services that support all of the most common desktop and mobile operating systems.

4. We cut any cloud storage services that did not offer a freemium version.

33 disqualified

Offering a freemium version is obviously a great way for companies to win new users, but it’s also part of being the best cloud storage service. Not everyone is a power user, after all. And why pay when you don’t have to?

5. We cut any contenders that didn’t have an average of 3.5 stars or higher from the App Store, Google Play Store, and Windows Store.

41 disqualified

If there’s one thing that should be indicative of cloud storage, it’s mobility. Filtering out low-rated mobile apps was a great way to find out which companies really catered to their users. Of course, app scores change with every update and release, but as of our latest update all of our top contenders had high marks.

For more information and the full breakdown of the research conducted by Reviews.com please follow the link below.

Research provided by Reviews.com

90 Percent of All SSL VPN Use Insecure or Outdated Encryption

image

Information security firm High-Tech Bridge has conducted a study of SSL VPNs (Virtual Private Networks) and discovered that nine out of ten such servers don’t provide the security they should be offering, mainly because they are using insecure or outdated encryption.

An SSL VPN is different from a classic IPSec VPN because it can be used inside a standard Web browser without needing to install specific software on the client-side.

SSL VPNs are installed on servers, and clients connect to the VPN via their browsers alone. This connection between the user’s browser and the VPN server is encrypted with the SSL or TLS protocol.

Three-quarters of all SSL VPNs use untrusted certificates

Researchers from High-Tech Bridge say they analyzed 10,436 randomly selected SSL VPN servers and they found that most of them are extremely insecure.

They claim that 77% of all SSL VPNs use SSLv3 or SSLv2 to encrypt traffic. Both of these two versions of the SSL protocol are considered insecure today. These protocols are so insecure that international and national security standards, such as the PCI DSS and NIST SP 800-52 guidelines, have even gone as far as to prohibit their usage.

Regardless of their SSL version, 76% of all SSL VPN servers also used untrusted SSL certificates. These are SSL certificates that the server has not confirmed, and that attackers can mimic and thus launch MitM (Man-in-the-Middle) attacks on unsuspecting users.

High-Tech Bridge experts say that most of these untrusted certificates are because many SSL VPNs come with default pre-installed certificates that are rarely updated.

Some VPNs still use MD5 to sign certificates

Additionally, researchers also note that 74% of certificates are signed with SHA-1 signatures, and 5% with MD5 hashes, both considered outdated.

41% of all SSL VPNs also used insecure 1024 key lengths for their RSA certificates, even if, for the past years, any RSA key length below 2048 was considered to be highly insecure.

Even worse, one in ten SSL VPNs is still vulnerable to the two-year-old Heartbleed vulnerability, despite patches being available.

Out of all the tested SSL VPNs, researchers say that only 3% followed PCI DSS requirements. None managed to comply with NIST (National Institute of Standards and Technology) guidelines.

High-Tech Bridge is also providing a free tool that can tell users if their SSL VPN or HTTPS website is actually doing a good job of protecting them.

For the original story follow this link to Softpedia for more information.