Privacy management: Google and Apple

Privacy Management
Web Security And Privacy Class
A. A. 2016 / 2017

25/05/2017Privacy Management Pagina 2
Davide Piccardi
https://www.linkedin.com/in/
davide-piccardi-8b3950105
Daniele Oriana
https://www.linkedin.com/in/
daniele-oriana-08202410a
Davide Mazza
https://it.linkedin.com/in/
davide-mazza-33a9b291

Privacy Management Pagina 325/05/2017
How big
companies treat
your data

•Privacy Management Pagina 4
Google Privacy Policy
Google’s privacy policy explains:
What information they collect and why they collect them.
How they use those information.
The choices they offer, including how to access and update
information.
25/05/2017

Google Privacy Policy: information that they collect
Why?
In order to provide a better service to all users.
An example: Google offers a personalized search called “Search, plus your
world”.
Main idea: you obtain, as
a conseguence of a
search, a result that is
based on your personal
information.
25/05/2017

Google Privacy Policy: informations that they collect
How?
They collect information in the following
ways:
Information that user gives to them: like
personal information that a user provides
through a Google Account in order to use
some services.
After this step, you can create a
publicly visible Google Profile
in order to take full advantage
of the sharing features they
offer.
25/05/2017

Information that they get from the usage of their services: they
collect information about the used service and how a user interacts
with it. This information include:
Device information: they colletct infromation about specific
device’s characteristics.
Log information: it refers to the information stored in the server
log that come from the interaction between a Google service
and the user.
Location information: they may collect and process information
about the user’s actual location.
Unique application number: information that come from the
installation of a Google service on the user’s device.
25/05/2017

Local storage: information that Google stores on your device.
Cookies and similar technologies: used to collect information
that come from the interaction of a user with a Google service
and also to offer services to Google’s partners.
25/05/2017

How Google use these information?
To provide, mantain, protect and improve their services.
Transparency
Google offers, to the users, the possibility to have complete control
over the privacy through a series of operations that are available in
the settings area of the user’s personal account. A better control
over the privacy is obtained also through some Google Chrome
extensions.
An example: a Chrome extension that allows the management of
cookies.
25/05/2017

Information that you
share
When a user shares
informations publicly,
they may be indexable
by search engines.
25/05/2017

Google Privacy Policy: information that they share
Information that Google shares:
With user’s consent: with this consent Google can share personal information
with companies, organizations or individuals outside Google.
With domain administrator: if your Google account is managed for you by a
domain administrator, he/she can use some basic operations such as: change
password, suspend access, view statistics, etc…
For external processing: Google provides personal information to affiliates to
process them for it.
For legal reason: Google shares information with third parties if this disclosure
of sensitive data is reasonably necessary to:
Meet any applicable law
Enforce applicable Term of Service
Detect, prevent or address fraud
Protect against harm to the rights
In addiction Google may share
non-personally identifiable information
with its partners to show trends about the
general use of our service.
25/05/2017

Google Transparency Report
Government removals
Google receives a lot of requests from courts and government agencies
around the world to remove some contents.
How the requests are
processed?
If they satisfy some some
requirements then they are
accepted, otherwise Google
sends them back to the
source asking for more
details.
25/05/2017

How much does Google REALLY know about YOU?
25/05/2017

What is it google?
Google is not
a search company
Google is not a technology
company
Google sells
ADVERTISING
The more they know about you,
the more money they can make
by selling adverts aimed at you
25/05/2017

Knows what
you do online
Knows what
you think
Knows where
you go
Knows who
you talk to
Knows how
you spend
your money
25/05/2017

Google Knows What You Think
What They Know
Your interest and desires
Your needs
Your belifies (politics, religion, spirituality)
How They Know
25/05/2017

Google Knows What You Do Online
What They Know
Where you write
What you watch
What you read
How They Know
25/05/2017

25/05/2017•Privacy Management Pagina 18
Google Knows Where You Go
What They Know
Where you have been
Where you are planning to go
Where you work
Where your regularly hangout
Where you live
Who you are meeting
How They Know

Google Knows Who You Talk To
What They Know
What you talk about
Where you talk about things
Who you have talked to
What you sound like
Which languages you speak
Who you email
How much you email
When you email
What you say in every
email you send (Gmail)
How They Know
25/05/2017

Google Knows How You Spend Your Money
What They Know
Where you shop
When you shop
What you buy
What your financial worth is
How much you spend
How They Know
25/05/2017

Google Knows All
If you use Google chrome, Gmail and
Google Drive, Google has access to pretty
much everything you do online. Google can
scan your file, emails and browsing habits to
serve you appropriate adverts
If you use an Android
phone, they also have your
call logs, messages and
mobile browsing data too
25/05/2017

Google Knows All 2.0
Did you know Google have acquired more the 150 companies over last decade?
Your call logs and browsing data
Your viewing habits and taster
Your images
Your photos
Which adverts you click
Your saved files
Your energy usage
Your location and travel
What you listen to
v
25/05/2017

Age, Sex, Location? Google KNOWS!
25/05/2017

Google stores two type of data
USER-GENERATED CONTENT
Which you control and which is
associated with your account
SERVER LOG DATA
Which is associated with one or more
browser cookie IDs stored on your
computer
Server log data is not visible to you
and is not considered to be personally
identifiable information
Logs contain details of how interact
with Google’s various services,
including: web page requests, query
history, IP address, Cookie IDs, other
metadata
25/05/2017

6 ways to start preventing Google keeping data on you
Do not use any of these applications
Stop worrying and get on with life
Scott McNeally in 1999 (Founder of Sun Microsystems)

The future – What will Google Know?
Where you
travel
What time of
day you travel
Who you
travel him What you do
in the car
What you talk
about the car
Google Car

Everything
you look at
Everything
you talk about
Who you spend
time with
Everywhere
you go
Everything
you do
Google Glass

Everything
your browse
online
Everything
you talk about
online
Everywhere
you buy online
Everything
you watch
online
Google Fiber + Google Aereospace + Loon

Privacy Management Pagina 29
Apple Privacy Policy
25/05/2017

Apple Privacy Policy
Why is privacy policy important ?
It defines how they collect, use, disclose,
transfer, and store users’ information.
25/05/2017
They divides information they collect in two main categories:
Personal Information: data that can be used to identify or contact a
single person.
Non-Personal Information: data in a form that does not, on its own,
permit direct association with any specific individual.

Pagina 31
Apple Privacy Policy: Personal information
What are personal information they collect ?
Name, mailing address, phone number, email address, contact preferences, and
credit card information.
When are these information collected ?
Creation of an Apple ID, purchase a product, download a software update.
Share your content with family and friends using Apple products.
In this case also the shared information about them are collected !
How are these information used ?
Product announcements, software updates, and upcoming events.
Create, develop, operate, deliver, and improve our products, services, content
and advertising.
Loss prevention and anti-fraud purposes.
Auditing, data analysis, and research.
25/05/2017Privacy Management

Apple Privacy Policy: Non-Personal information
What are non-personal information they collect ?
Occupation, language, zip code, area code, unique device identifier, referrer
URL, location, and the time zone.
Customer activities on their website, iCloud services, our iTunes Store, App
Store.
How users use their services, including search queries.
How are these information used ?
Understand customer behavior and improve their products, services, and
advertising.
Provide more useful information to their customers and to understand which
parts of our website, products, and services are of most interest.
Improve the relevancy of results provided by their services. Others.
25/05/2017

Apple Privacy Policy: Location-Based Services
What are we talking about ?
To provide location-based services on Apple
products, they collect, use, and share precise
location data, including the real-time
geographic location of your Apple computer
or device.
Unless you provide consent, this location data
is collected anonymously in a form that does
not personally identify you.
25/05/2017

Apple Privacy Policy: Disclosure to Third Parties
Certain personal information are made available to strategic partners to
provide products and services.
Not shared for their marketing purposes.
Third party companies are obligated to protect your information.
When can they disclosure users’ personal information ?
Law, legal process, litigation, and/or requests from public and
governmental authorities.
National security, law enforcement, or other issues of public importance.
Enforce their terms and conditions or protect our operations or users.
25/05/2017

Apple Government Information Requests
25/05/2017

What are the most frequent request and
how do they respond ?
Device requests: information in relation to
Apple devices, such as an iPhone, iPad, or Mac.
Account requests: information in regard to an
Apple ID account and/or related Apple services
or transactions.
25/05/2017
National security-related requests are not
considered Device Requests or Account
Requests and are reported in a
separate category.

25/05/2017
On devices running iOS 8 and later
versions, your personal data is placed
under the protection of your passcode.
Therefore, Apple will not perform iOS
data extractions in response to
government search warrants because the
files to be extracted are protected by an
encryption key that is tied to the user’s
passcode, which Apple does not possess.

25/05/2017 Pagina 38
Difference between privacy policies
Google gets 90%+ of its revenue from advertisers.
The ad
companies are
Google’s main
customers.
Google must
please the ad
companies.
Advertising
allows to offer
free google
Apple gets 90%+ of its revenue from selling computers and devices.
People are the
Apple’s main
customers.
Apple must
please the
people.
No need to
please ad
companies.
Ad companies want personal information, while people want privacy!
Privacy Management

When the privacy
becomes practical

The #1 Place to see what Google knows about you
myaccount.google.com
/dashboard
This shows everything
Google is tracking about
you, based on your
accounts

Google Dashboard

Ads Settings
https://www.google.com/settings/u/0/ads/authenticated

Google Maps Timeline
https://www.google.it/maps/timeline?pb

Google My Activity
https://myactivity.google.com/myactivity

Google Permissions
https://myaccount.google.com/permissions

Apple VS FBI
25/05/2017

Apple VS FBI: Timeline
December 2, 2015: San Bernardino attack
o Killed 14 people and seriously injured 22.
o Attackers died in a shootout with police.
o Iphone 5C of one attacker recovered but locked with a four-digit
password.
February 9, 2016: FBI “procedure”
FBI unable to unlock recovered phone.
FBI asked the NSA to break into the phone but they couldn’t.
FBI asked Apple to create a new version of iOS (“GovtOS”) to disable
certain security features.
Apple declined due to its policy therefore FBI responded with a court
order issued under the “All Writs Act of 1789”.
25/05/2017

Technical details about FBI order:
o Bypass or disable the auto-erase function.
o Enable to submit passcodes through different interfaces.
o Remove delay between passcode attempts.
February 16, 2016: Apple opposes the order
They don’t want to create a backdoor for security reasons.
No government had ever asked for similar access.
February 19, 2016: U.S. Department of Justice application
Apple could install the software in its own premises.
After the FBI had hacked the phone via remote connection, Apple could
remove and destroy the software.
25/05/2017

March 28, 2016: FBI withdrawal of request
FBI Unlocked the iPhone with the third party's help.
Department of Justice withdrew the case.
25/05/2017
Information about the hack:
o Works only on iPhone models lacking the Touch
ID sensor.
o Costs more than $1.3 million.
o Exploits a zero-day vulnerability to bypass its ten-
try limitation.
o Developed by “Celebrate” (Israeli company) or
“professional hackers”.

Apple VS FBI: Poll
Agree or disagree with Apple’s decision to oppose a court order to
unlock a smartphone that was used by one of the shooters in the San
Bernardino attack?
25/05/2017

Possible evolution of privacy
Conclusions
Strong sensitization about the importance of privacy
Problem: great lack of awareness!
What does the society need?
Each user must be aware about what type of data is giving to the
service and how these data may be treated.

THANK YOU!
The slides are available on: www.slideshare.net

Privacy management: Google and Apple

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Privacy management: Google and Apple

Ähnlich wie Privacy management: Google and Apple (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Privacy management: Google and Apple