Press

TikTok Tracked User Data Using Tactic Banned by Google​
August 11, 2020 | Kevin Poulson and Robert McMillan, WSJ

Most major mobile apps collect a range of data on users, practices that privacy advocates have long found alarming but that tech companies defend as providing highly customized experiences and targeted advertising. Data collection varies by company. About 1% of Android apps collect MAC addresses, according to a 2018 study by AppCensus, a mobile-app analysis firm that consults with companies on their privacy practices.

TikTok, WeChat Bans Not Crucial To US Security: Experts
August 7, 2020 | Paul Handley, International Business Times

"WeChat is bad," said Nicholas Weaver, a lecturer in computer security at the University of California in Berkeley. "It uses encrypted links to WeChat's servers in China... but the servers see all messages, so the Chinese government can see any message it wants," he said.

In that sense, thieves involved in ID theft may be better off targeting data brokers like IDI and their customers than the major credit bureaus, said Nicholas Weaver, a researcher at the International Computer Science Institute and lecturer at UC Berkeley.

"I think I’m a savvy, educated user, and the reality is, no, that’s actually not enough," says Vern Paxson, cofounder of the network traffic analysis firm Corelight and a researcher at the University of California, Berkeley, who worked on the study along with Jianjun Chen, a postdoctoral researcher at the International Computer Science Institute, and Jian Jiang, senior director of engineering at Shape Security.

The potential for spear-phishing is significant, says Vern Paxson, a professor at the University of California at Berkeley and one of the researchers investigating the issues.

“Cellular equipment is special, it is specifically designed to be wiretapped and attackers have used this facility to conduct wiretapping attacks,” Nicholas Weaver, a senior staff researcher on computer security at the University of California, Berkeley, told International Business Times in an email.

Google Sued for Allegedly Tracking App Users After They Opt Out
July 15, 2020 | Allen St. John, Consumer Reports

“At its heart, Google is a marketing platform,” says Serge Egelman, chief technical officer for AppCensus, a firm that analyzes technology for privacy and security, and a researcher at the University of California, Berkeley.

What the New iPhone Privacy Features Will Really Do
June 24, 2020 | Thomas Germain, Consumer Reports

Done right, these “privacy nutrition labels” may have an even bigger impact than the actual controls Apple is giving consumers, according to Serge Egelman, a digital security and privacy researcher at the University of California, Berkeley, who studies how apps gather consumer data.

Another Zoom defender is Nicholas Weaver, a researcher at UC Berkeley's International Computer Science Institute and a lecturer at the university. On Thursday, he challenged a critic on Twitter by saying the video conferencing service rightly needed a way to authenticate users (currently, free users need no account).

In an email to The Register, Serge Egelman, director of usable security and privacy at the International Computer Science Institute (ICSI) in Berkeley, California, and CTO of privacy analysis biz AppCensus.io, said he recently came across an ad tech company, AppsFlyer.com, that had implemented its own search box (type ctrl-F to see it) to handle find-in-page searches instead of relying on the built-in browser capability.

Pages