How to Use Firefox Private Network to Encrypt Your Web Traffic

Mozilla this week began piloting its own browser-based VPN service, and if you're located in the U.S. you can start testing it for free right away.

Called the Firefox Private Network, the service promises Firefox users a more secure, encrypted path to the web that prevents eavesdroppers from spying on your browsing activity and hides your location from websites and ad trackers.

In that respect, it won't protect any internet traffic outside of your web browser, but it's a good option if you want to use an encrypted connection on the fly when you're using Firefox on a public Wi-Fi network, for example.


As a time-limited beta, the Firefox Private Network is currently free to try, although this does suggest it may become a paid service in the future. You also need to be a U.S. resident logged into your Firefox account using Firefox desktop browser.

If you can fulfill those pre-requisites, you can install the private network by navigating to this page, clicking the blue + Add to Firefox button, then granting permission for the network to be added to the browser.


Click the door hanger icon that appears at the top-right corner of the toolbar, and you'll see a switch that you can use to toggle the VPN on and off. A green tick in the icon indicates the secure network is active and your browsing activity is being encrypted.

Opera browser offers a similar free VPN service that cloaks your web browsing, but with the added benefit that it lets you choose the continent that you want your connection to reside. So if you're looking to access a location-restricted service (Netflix, say) from abroad, you might have better luck using it instead.


This article, "How to Use Firefox Private Network to Encrypt Your Web Traffic" first appeared on MacRumors.com

Discuss this article in our forums

Apple WebKit Team Publishes Website Tracking Prevention Policy

Apple's WebKit team has published a "WebKit Tracking Prevention Policy" that details a range of anti-tracking measures it has developed and the types of tracking practices it believes are harmful to users.


Inspired by Mozilla's anti-tracking policy, the document posted to the WebKit blog provides an insight into the anti-tracking features built into Apple's Safari browser that the team hopes to see in all browsers one day.
This document describes the web tracking practices that WebKit believes, as a matter of policy, should be prevented by default by web browsers. These practices are harmful to users because they infringe on a user's privacy without giving users the ability to identify, understand, consent to, or control them.
Apple introduced Intelligent Tracking Prevention in iOS 11 and in Safari 11 in macOS High Sierra 10.13 and has been working to develop ITP ever since. For example, in February Apple released iOS 12.2 and Safari 12.1 for macOS, both of which included ITP 2.1 featuring enhancements that block cross-site tracking.

The new WebKit policy highlights Apple's continuing efforts to target all forms of cross-site tracking behavior, even if it's in plain view.
WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us.

If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique. For example, limiting the time window for tracking or reducing the available bits of entropy — unique data points that may be used to identify a user or a user’s behavior.
In addition to cross-site tracking, the document outlines several other tracking practices it deems harmful to users, and says WebKit will treat circumvention of its anti-tracking measures "with the same seriousness as exploitation of security vulnerabilities."
If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.
For more on tracking definitions, the unintended impact of anti-tracking measures, and exceptions to the rules, check out the full WebKit Tracking Prevention Policy on the WebKit blog.


This article, "Apple WebKit Team Publishes Website Tracking Prevention Policy" first appeared on MacRumors.com

Discuss this article in our forums

Apple Takes iPhone Privacy Marketing Campaign to Germany

Apple started underlining its privacy stance earlier this year with a billboard marketing campaign that began in Las Vegas and later came to Canada, and this week the company has extended it to Europe.


Brought to our attention by Macerkopf.de, the new billboards in both Hamberg and Berlin play on their location, while emphasizing how much importance Apple attaches to user privacy and data protection.

Draped across the Port of Hamburg is a long banner-style poster with a picture of an iPhone and an accompanying slogan which translates into English as "The gate to the world. Not to your information."


Elsewhere in Hamberg, an iPhone billboard on the side of a property reads, "Betrays as little about Hamburgers as Hamburger."

Meanwhile, in Berlin, a tower block billboard with the same recognizable iPhone image runs with the phrase, "Welcome to the safe sector."


All of the posters in Germany round out with the slogan, "Privacy. This is iPhone."

Apple's Las Vegas billboard, which was put up ahead of CES 2019, played on the well-known tourism saying: "What happens in Vegas, stays in Vegas." The sign read, "What happens on your iPhone, stays on your iPhone."


Apple has also made privacy-focused iPhone ads that have been aired on various TV markets around the world. The embedded video above is Apple's German privacy ad.

Apple has long said it believes privacy is a "fundamental human right," and as part of that, it aims to minimize its collection of customer data and disassociate it from an individual user when it does. The tech company also has a dedicated privacy website.


This article, "Apple Takes iPhone Privacy Marketing Campaign to Germany" first appeared on MacRumors.com

Discuss this article in our forums

How to Restrict an App’s Location Access in iOS 13

Apple has doubled down on its privacy features in iOS 13, giving iPhone and iPad users a more granular view of how apps access their location information.

On Apple devices, the location services that apps can tap into use GPS, Bluetooth, and crowd-sourced Wi-Fi hotspot and cellular mast locations to determine your approximate location. The good news is that iOS 13 makes you more aware of how often apps are tracking you, as well as their motivation for doing so, and importantly it makes sure you're in control of your data.

If an app grabs your location data, iOS may display a popup notification showing you a map with the data that the app has tracked, as well as the specific reason why the app is tracking you, along with the question "Do you want to continue allowing this?"

Armed with this information, you'll usually be given three options: Allow While Using App, Allow Once, and Don't Allow. The first option limits the app's access to your location data to when the app is actively being used, the second allows it to track your location just this once, while the third disables location tracking completely.


You can expect to see the "Just Once" option appear when you first launch a just-installed app. Otherwise, you can check out how apps on your device are using location services anytime you like by opening the Settings app and tapping through to Privacy -> Location Services.


From here, you can change each app's permissions (Never / Ask Next Time /While Using the App / Always) and you'll also learn the reason why an app wants to access your location, allowing you to enable or disable location services on an ad-hoc basis.

The options you choose will depend on the app in question – some apps may have just cause to track your whereabouts in the background, while others may not. The point is Apple wants you to be in control of this behavior, so you can expect similar periodic notifications about what an app is up to with your location information.

Related Roundups: iOS 13, iPadOS
Tag: privacy

This article, "How to Restrict an App's Location Access in iOS 13" first appeared on MacRumors.com

Discuss this article in our forums

Apple Debuts New Privacy-Focused iPhone Billboards in Canada

Apple has debuted two new billboards in Canada that underline the company's privacy stance, following a similar privacy-focused marketing campaign in Las Vegas during the Consumer Electronics Show back in January.



The new billboards were spotted in Toronto and shared on Twitter by Matt Elliot and Josh McConnell. The first one has been put up right outside of Sidewalk Labs – a Google-owned company – and includes a slogan which reads: "We're in the business of staying out of your business."

The second billboard located in King Street simply reads "Privacy is King."


This year, Apple has been heavily promoting its privacy focus compared to other tech companies like Google. Apple's Las Vegas billboard, put up ahead of CES 2019, played on the well-known tourism saying: "What happens in Vegas, stays in Vegas." The sign read, "What happens on your iPhone, stays on your iPhone." Apple was reminding the tech industry of its heavy emphasis on privacy, with the billboard offering up a link to Apple's dedicated privacy website.

Apple has also made privacy-focused iPhone ads that have been aired on various TV markets globally. For example, one ad starts with the tagline "privacy matters" and then shows a variety of humorous if not slightly awkward situations where people would want their privacy protected in everyday life.

Apple has long said it believes privacy is a "fundamental human right," and as part of that, it aims to minimize its collection of customer data and disassociate it from an individual user when it does.

Tag: privacy

This article, "Apple Debuts New Privacy-Focused iPhone Billboards in Canada" first appeared on MacRumors.com

Discuss this article in our forums

Telegram Messenger Service Suffers Cyberattack Originating From China

The CEO of messaging service Telegram has suggested that a recent cyber attack on the encrypted chat platform was the work of the Chinese government as part of an attempt to disrupt use of the app to coordinate ongoing protests in Hong Kong.

Telegram founder Pavel Durov said the messaging service experienced a "state actor-sized" distributed denial of service (DDoS) attack yesterday and this morning after "garbage requests" flooded its servers and disrupted communications.

DDoS attacks typically work through the use of botnets – often operating on hijacked computers infected with malware – which bombard servers with redundant requests to prevent them from processing legitimate requests.


Most of those requests came from IP addresses originating in China and appeared to be coincided in time with protests in Hong Kong, founder Pavel Durov said in a later Twitter post.

Protesters in the hundreds and thousands have been marching through Hong Kong's streets this week in opposition to a controversial law that would allow people in the city to be extradited to China.

Chinese state media have condemned the protests, which they claim is being motivated by outside forces and risks undermining social stability in the region.

This isn't the first time apps have been blocked in Hong Kong. In 2014, China's cyberspace administration cut access to Instagram during the city's Umbrella Movement, which used umbrellas as a tool of passive resistance to the police's use of pepper spray on protestors who were seeking more transparent elections.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "Telegram Messenger Service Suffers Cyberattack Originating From China" first appeared on MacRumors.com

Discuss this article in our forums

Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages

Apple and other tech giants have joined civil society groups and security experts in condemning proposals from Britain's cybersecurity agency that would enable law enforcement to access end-to-end encrypted messages (via CNBC).

British Government's Communications HQ in Cheltenham, Gloucestershire

In an open letter to the U.K.'s GCHQ (Government Communications Headquarters), 47 signatories including Apple, Google and WhatsApp urged the U.K. eavesdropping agency to ditch plans for its so-called "ghost protocol," which would require encrypted messaging services to direct a message to a third recipient, at the same time as sending it to its intended user.

Ian Levy, the technical director of Britain's National Cyber Security Centre, and Crispin Robinson, GCHQ's head of cryptanalysis, published details of the proposal in November 2018. In the essay, Levy and Robinson claimed the system would enable law enforcement to access the content of encrypted messages without breaking the encryption.

The officials argued it would be "relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," and claimed this would be "no more intrusive than the virtual crocodile clips," which are currently used in wiretaps of non-encrypted chat and call apps.

Signatories of the letter opposing the plan argued that the proposal required two changes to existing communications systems that were a "serious threat" to digital security and fundamental human rights, and would undermine user trust.
"First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.

"Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.

"The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ's ghost proposal completely undermines this trust relationship and the authentication process."
Apple's strong stance against weakened device protections for the sake of law enforcement access was highlighted in the 2016 Apple vs. FBI conflict that saw Apple refuse to create a backdoor access solution to allow the FBI to crack the iPhone 5c owned by San Bernardino shooter Syed Farook.

Responding to the open letter, which was first sent to GCHQ on May 22, the National Cyber Security Centre's Ian Levy told CNBC: "We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion."

"We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible," Levy said.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


This article, "Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages" first appeared on MacRumors.com

Discuss this article in our forums

Apps Are Using Background App Refresh to Send Data to Tracking Companies

When Background App Refresh is enabled, some iOS apps are using the feature to regularly send data to tracking companies, according to a privacy experiment from The Washington Post that explores the relationship between apps and tracking companies.

The Washington Post's Geoffrey Fowler teamed up with privacy firm Disconnect and used specialized software to see what his iPhone was doing and when. And while it's no surprise that apps are using trackers and sharing user data, the frequency with which apps took advantage of background refresh to send data off to tracking companies is surprising, as is some of the data shared.


Fowler found that apps were sending data like phone number, email, location, IP address, and more.
On a recent Monday night, a dozen marketing companies, research firms and other personal data guzzlers got reports from my iPhone. At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with.
Apps that were found passing data along included Microsoft OneDrive, Mint, Nike, Spotify, The Weather Channel, DoorDash, Yelp, Citizen, and even The Washington Post's own iOS app. Citizen shared personally identifiable information that violated its privacy policy (the tracker was later removed), and Yelp was sending data every five minutes, something the company later said was a bug.

During the course of a week of testing, Fowler ran into 5,400 trackers, mostly found within apps, which Disconnect told him would likely send 1.5 gigabytes of data over the course of a month.

Trackers within apps, for those unfamiliar, serve different purposes. Some analyze user behavior to let apps streamline advertising campaigns, combat fraud, or create targeted ads. Delivery app DoorDash, for example, was found using a whopping nine trackers in its apps, sharing data like device name, ad identifier, accelerometer data, delivery address, name, email, and cellular phone carrier.

DoorDash also has trackers from Facebook and Google Ad Services, which means Facebook and DoorDash are notified whenever you're using the DoorDash service. DoorDash is not alone in sending tracking data, nor are the apps listed above - using tracking information is standard practice - but most people aren't aware that it's happening.

Not all data collection is bad, such as when it's anonymized and stored for a limited period of time, but some trackers are collecting specific user information and don't provide clear information on how long that data is stored nor who it's shared with.

As Fowler points out, there is no way to know which apps are using trackers and when that data is being sent from your iPhone, nor does Apple have tools in place that give iPhone users a way to see which apps are using trackers and for what purpose. Apple was contacted for comment, but provided a standardized privacy response.
"At Apple we do a great deal to help users keep their data private," the company says in a statement. "Apple hardware and software are designed to provide advanced security and privacy at every level of the system."

"For the data and services that apps create on their own, our App Store Guidelines require developers to have clearly posted privacy policies and to ask users for permission to collect data before doing so. When we learn that apps have not followed our Guidelines in these areas, we either make apps change their practice or keep those apps from being on the store," Apple says.
Fowler suggests Apple could require apps to label when they're using third-party trackers, while privacy company Disconnect suggests greater privacy controls in iOS to give users more control over their data.

iOS users concerned about the data apps are sending, especially at night and without user knowledge, can turn off Background App Refresh in the Settings app and can use a VPN like Disconnect's Privacy Pro to limit the data apps are able to send to third-party sources.


This article, "Apps Are Using Background App Refresh to Send Data to Tracking Companies" first appeared on MacRumors.com

Discuss this article in our forums

Craig Federighi Responds to Google’s Subtle ‘Luxury Good’ Dig About Apple Products and Privacy

In a recent op-ed for The New York Times, Google CEO Sundar Pichai said that "privacy cannot be a luxury good offered only to people who can afford to buy premium products and services," a comment that some viewed as a dig at Apple.

Craig Federighi at WWDC 2018

Apple's software engineering chief Craig Federighi has unsurprisingly disagreed with that position in an interview with The Independent, noting that Apple aspires to offer great product experiences that "everyone should have," while cautioning that the values and business models of other companies "don't change overnight."
"I don't buy into the luxury good dig," says Federighi, giving the impression he was genuinely surprised by the public attack.

"On the one hand gratifying that other companies in space over the last few months, seemed to be making a lot of positive noises about caring about privacy. I think it's a deeper issue than then, what a couple of months and a couple of press releases would make. I think you've got to look fundamentally at company cultures and values and business model. And those don't change overnight.

"But we certainly seek to both set a great example for the world to show what's possible to raise people's expectations about what they should expect the products, whether they get them from us or from other people. And of course, we love, ultimately, to sell Apple products to everyone we possibly could certainly not just a luxury, we think a great product experience is something everyone should have. So we aspire to develop those."
Federighi emphasizes Apple's commitment to privacy throughout the interview, noting that the company aims to collect as little data as possible. When it does collect data, Apple uses technologies like Differential Privacy to ensure that the data cannot be associated with any individual user.

Federighi also refutes criticism about Apple's products and services being worse off because of its pro-privacy position:
"I think we're pretty proud that we are able to deliver the best experiences, we think in the industry without creating this false trade off that to get a good experience, you need to give up your privacy," says Federighi. "And so we challenge ourselves to do that sometimes that's extra work. But that's worth it."
As an example of Apple's privacy efforts, the article provides a look inside Apple's "top secret testing facilities" where its Secure Enclave chips for devices like the iPhone, iPad, Mac, and Apple Watch are said to be "stress tested" based on "extreme scenarios" like ice-cold -40ºF or blazing-hot 230ºF temperatures.

One of Apple's chip-testing labs (Brooks Kraft/Apple via The Independent)

Within these testing facilities near Apple Park is said to be "a huge room" with "highly advanced machines" that heat, cool, push, shock, and abuse chips before they make their way inside Apple devices, but no further details were shared.

The lengthy interview goes on to discuss Apple's dispute with the FBI over its refusal to unlock an iPhone used by the shooter in the 2015 San Bernardino attack, as well as Apple's decision to store iCloud data in China on servers overseen by GCBD, a company with close ties to the Chinese government.


This article, "Craig Federighi Responds to Google's Subtle 'Luxury Good' Dig About Apple Products and Privacy" first appeared on MacRumors.com

Discuss this article in our forums