Search Results for “Alex Hern”

April 21, 2020
Alex Hern / Guardian

Alex Hern / Guardian  
UK’s NCSC Launches COVID-19 Scams and Hacks Reporting Service, Asks Public to Forward Dubious Emails

The National Cyber Security Centre (NCSC), an arm of the UK’s top intelligence agency GCHQ is asking members of the public to report suspicious emails they have received amid a wave of scams and hacking attacks that seek to exploit fear of COVID-19 to enrich cybercriminals. The NCSC is asking the public to forward any suspicious emails to, and the NCSC’s automated scanning system will check for scam emails and immediately remove criminal sites. The reporting service comes after the NCSC removed more than 2,000 online scams related to coronavirus in the last month.

August 6, 2019
Alex Hern / Guardian

Alex Hern / Guardian  
Amazon Now Allows Alexa Users to Disable Human Review of Their Voice Recordings, Company Promises Greater Clarity on This Controversial Practice

In a new policy that took effect last Friday, Amazon has given Alexa users the option to disable human review of their voice recordings and committed to greater clarity about its use of the strategy in future but it will not follow Google and Apple in stopping the practice altogether. Users of the company’s voice assistant will be able to disable a setting labeled “help improve Amazon services and develop new features” to stop the reviews.

September 9, 2019
Chips with Everything / The Guardian

Chips with Everything / The Guardian  
Siri, are you listening?

Jordan Erica Webber is joined by Alex Hern, as they look at the scandal that rocked the voice assistant world, and ask whether or not we can trust that voice assistants aren’t eavesdropping on our most private moments

November 16, 2019
Alex Horton / Washington Post

Alex Horton / Washington Post  
Elite Army Intelligence Unit Soldiers Revolted Against Use of Information App They Believe Exposes Their Data, Location to Foreign Adversaries, Others

Army Col. Deitra L. Trotter, the commander of Fort Hood’s 504th Military Intelligence Brigade, ordered soldiers in her intelligence unit with top-secret clearances to download an information app that many fear could expose their actions to foreign adversaries.  The app was developed by Straxis LLC based in Tulsa but with a subsidiary in southern India. The new app designed for the unit could provide weather updates, training changes, and other logistics but also required them to submit substantial amounts of personal data.  The app could also pull GPS location data, photos, contacts, and even rewrite memory cards. Concerns about the app circulated among the security-conscious soldiers on social media, and many deleted it from their devices in protest. Although the use of the app was at one point deemed mandatory, military brass has now downgraded it to “highly encouraged.”

Related: Task and Purpose

Tweets:@AlexHortonTX @TheWTFNation @MollyMcKew @markondefense @privacyproject @KimZetter @hacks4pancakes @shanvav

Task and Purpose: Army intelligence soldiers were forced to download an app that could access all their personal information

@AlexHortonTX: An Army intelligence brigade made soldiers download a general info app. Then soldiers with top secret clearances, who don't even tell some family about their jobs, got a look at the permissions: -photos -GPS data -contacts -SD card data They revolted. …
@TheWTFNation: "Soldiers with top-secret clearances say they were forced to use an app that could endanger them." …
@MollyMcKew: Something about this is very off. Military intelligence unit forced to download app on personal cellphones that siphons huge amounts of data to foreign developer. Who made this decision? Who ordered? /1 … 12 replies149 retweets236 likes Reply 12 Retweet 149 Like 236 Direct message Show this thread
@markondefense: The “Good idea fairy” at work. Army’s 504th MI Brigade app at risk of exposing secrets, soldiers say - The Washington Post …
@privacyproject: "The app’s permissions — which suggested it could pull GPS location data, photos, contacts and even rewrite memory cards — frustrated soldiers who have taken extreme precautions," writes @AlexHortonTX in @WashingtonPost
@KimZetter: “the soldiers — many of whom have jobs in interrogation, human intelligence and counterintelligence — soon noticed that the app’s terms of service said it could collect substantial amounts of personal data and that the developer has a presence overseas.”
@hacks4pancakes: I’m impressed with the level of awareness and critical thinking that lead to this being noted and reported. The military should be proud of the soldiers who spoke up.
@shanvav: "Soldiers in an intelligence unit with top-secret clearances were ordered by their commander to download an information app, triggering fear their secretive work could be harnessed and exploited by adversary governments" important story via @AlexHortonTX …

April 8, 2019
Sandra Laville and Alex Hern / The Guardian

Sandra Laville and Alex Hern / The Guardian  
UK Government Proposes New Laws to Address ‘Online Harms’ That Would Hold Internet Company Executives Personally Liable for Violations

The UK government has proposed new laws that tackle social media companies streaming child abuse, extremism, terrorist attacks and cyberbullying have been welcomed by senior police and children’s charities. In an “Online Harms” white paper the government outlines what it says are tough new laws for internet companies spelling out the appointment of an independent regulator likely to be funded on a levy on Internet companies. The harms for which social media companies could be held personally liable include failure to act to take down child abuse, terrorist acts and revenge pornography, as well as behaviors such as cyberbullying, spreading disinformation and encouraging self-harm.

Related:  The Inquirer, NS Tech, The Sun, The Inquisitr News,, VICE News,, Fortune, The Guardian, Verdict, Cybersecurity Review, Engadget, TIME, ForbesWRAL Tech Wire, Japan TodayAxios, Silicon Republic,, KitGuru, Tech Insider, TechCrunch, ET news,, Fortune, NS Tech,,

The Inquirer : The government has decided it’s time to regulate social media firms
NS Tech: “The online harms white paper is a step in the right direction, but there’s more work to be done”
The Sun: Tech bosses face fines of MILLIONS if they show images of terrorism, child abuse, self-harm or suicide
The Inquisitr News: U.K. Websites To Be Fined For ‘Online Harms,’ According To New Government Plans : UK takes aim at social networks that fail to quash ‘hateful’ content
Bleeping Computer : UK Wants to Hold Companies Liable for Harmful Online Behavior
VICE News: The UK is prepared to go after Silicon Valley bosses if they don’t clean up their platforms Australia Laws Target Social Media Firms with Fines, Prison Over Streaming Content
Fortune: Big Tech Could Be Liable for Content That Isn’t Actually Illegal, If the U.K. Gets Its Way
Verdict: UK to outline social media regulation plans / US Court hears Mar-a-Lago malware breach case / ICO holds Data Protection Conference
Cybersecurity Review : UK Government Publishes Social Media Regulation Plans
Engadget : UK will hold social networks accountable for harmful content
TIME: U.K. Authorities Propose Making Social Media Executives Personally Responsible for Harmful Content
Forbes : UK Proposes Sweeping New Social Media Laws
WRAL Tech Wire: UK mulls direct regulation of social media under ‘duty of care’
Japan Today : UK unveils plans to hold social media bosses liable for harmful content
Axios: U.K. unveils sweeping plan to rein in Big Tech
Silicon Republic: UK plans to hold internet executives liable for harmful content
KitGuru: The UK to implement GDPR-level fines for online content deemed harmful
Tech Insider: Huge fines, criminal sanctions, and bans: Here’s how tech firms could be punished for toxic content under new UK laws
TechCrunch: UK sets out safety-focused plan to regulate Internet firms
ET news: Government lays out proposals to prevent ‘Online Harms’ UK to Hire Digital Safety Tzar
Fortune: Big Tech Could Be Liable for Content That Isn’t Actually Illegal, If the U.K. Gets Its Way
NS Tech: “The online harms white paper is a step in the right direction, but there’s more work to be done”
Gov.UK: Online Harms Paper

July 26, 2019
Alex Hern / The Guardian

Alex Hern / The Guardian  
Apple Contractors Regularly Hear Highly Confidential Siri Recordings, Including Drug Deals and Couples Having Sex, Whistleblower

Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or “grading”, the company’s Siri voice assistant, according to a whistleblower working for the firm who is concerned about the company’s lack of disclosure of these human reviews. Apple’s privacy policies do not explicitly state that a small proportion of Siri recordings are passed on to contractors working for the company around the world. Apple conceded that humans are reviewing Siri audio saying “a small portion of Siri requests are analyzed to improve Siri and dictation. User requests are not associated with the user’s Apple ID. Siri responses are analyzed in secure facilities and all reviewers are under the obligation to adhere to Apple’s strict confidentiality requirements.”

Related: Engadget, Fast Company, 9to5Mac, Tech Insider, Trusted Reviews, MacRumors, Slashdot, TechSpot, Engadget, SlashGear » security, iPhone Hacks

Tweets:@geoffreyfowler @donie

Engadget: Apple contractors frequently hear sensitive info in Siri recordings
Fast Company: Your conversations with Apple’s Siri may not be so confidential
9to5Mac: Apple responds to Guardian report about contractors hearing private conversations while ‘grading’ Siri
Tech Insider: Apple contractors working on Siri ‘regularly’ hear recordings of sex, drug deals, and private medical information, a new report says
Trusted Reviews: Apple’s Siri contractors hear people having sex, says whistleblower
MacRumors: Contractors Working on Siri ‘Regularly’ Hear Recordings of Drug Deals, Private Medical Info and More Claims Apple Employee
Slashdot: Apple Contractors ‘Regularly Hear Confidential Details’ on Siri Recordings, Report Says
TechSpot: Apple QC workers often hear bits of private conversations in Siri recordings
Engadget: Apple contractors frequently hear sensitive info in Siri recordings
SlashGear » security: Whistleblower claims Apple contractors hear ‘sensitive’ Siri recordings
iPhone Hacks: Apple Contractors Regularly Hear Confidential Medical Information, Drug Deals and More While Grading Siri

@geoffreyfowler: The HomePod in my living room activates Siri at the strangest times. But I can't say I've ever seen it activated by a zipper. A good reminder, though, that Apple keeps recordings of every time Siri *thinks* it is being activated -- and you can't stop it.
@donie: Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or “grading”, the company’s Siri voice assistant, the Guardian has learned.

August 20, 2019
Tony Romm / The Washington Post

Tony Romm / The Washington Post  
Facebook Unveils ‘Off-Facebook Activity’ Tool Giving Users Leeway to Limit Data Collected About Them Elsewhere on the Web, New Controls Do Not Allow Users to Delete Data in Full

Facebook unveiled its long-awaited feature, called “Off-Facebook Activity,” which allows users to limit businesses, apps and other groups that collect data about them on the Web and pass that information to the tech giant. The feature does not, however, allow users to delete that information from Facebook in full but instead has been designed to “shed more light” on a form of online tracking that determines some of the ads people see on Facebook. Users now can choose to remove this history from their accounts and turn off some or all of that tracking in the future although these actions merely disconnect information from being identified to a specific user but do not delete it. The new controls also won’t prevent Facebook from reporting back to another business whenever users generally purchase their product after seeing an ad targeted to them. The complexity of the system likely won’t prevent privacy advocates from criticizing the company because company CEO Mark Zuckerberg implied a more robust deletion tool one year ago when he vowed Facebook would develop a “Clear History” tool.

Related: TechCrunch, CNET, The Guardian, The Verge, Buzzfeed News, Wall Street Journal, Facebook, New York Times, BBC News, The Verge, Tech Insider, AP Breaking News, The Sun, Slashdot, Tech Insider, WRAL Tech Wire, Z6 Mag,  New York Times – Business, Neowin, Tech Insider, Sky News, The Next Web, Channel News Asia, SecurityWeek, The Straits Times Tech News,

Tweets:@geoffreyfowler @kashhill @ashk4n @fbnewsroom @zackwhittaker @ruskin147 @tonyromm @gcluley @stevekovach @alexhern

TechCrunch: Facebook unveils new tools to control how websites share your data for ad-targeting
CNET: How to use Facebook’s new privacy tool to control your data
The Guardian: Facebook launches ‘clear history’ tool – but it won’t delete anything
The Verge: Facebook’s Clear History privacy tool finally begins rolling out in three countries
Buzzfeed News: You Can Finally See All Of The Info Facebook Collected About You From Other Websites
Wall Street Journal: Facebook to Let Users Control Their Data From Other Companies
Facebook: Now You Can See and Control the Data That Apps and Websites Share With Facebook
New York Times: Facebook’s New Tool Lets You See Which Apps and Websites Tracked You
BBC News: Facebook to stop stalking you off-site – but only if asked
The Verge: Facebook’s Clear History privacy tool finally begins rolling out in three countries
Tech Insider: Facebook is finally letting users control the info that other websites are sharing with the social network about them (FB)
AP Breaking News: Facebook rolls out tool to block off-Facebook data gathering
The Sun: Facebook launches ‘off-platform activity’ tool to stop it tracking you across the internet – and you can even wipe your history
Slashdot: You Can Finally See All Of The Info Facebook Collected About You From Other Websites
Tech Insider: Advertisers have been grappling for alternatives ahead of Facebook’s ‘clear-history’ tool that could limit one of its most powerful targeting tools
WRAL Tech Wire: New Facebook tools enables users to turn off tracking
Z6 Mag: Control the data you share via ‘Off-Facebook Activity’
New York Times – Business: Facebook’s New Tool Lets You See Which Apps and Websites Tracked You
Neowin: Facebook adds new tool that helps you control its off-site stalking
Tech Insider: Facebook is finally letting users control the info that other websites are sharing with the social network about them (FB)
Sky News: Facebook to let users stop app and website tracking
The Next Web: Facebook lets you (sorta) control what info it gets from other sites
Channel News Asia: Facebook launches tool to let users control data flow
SecurityWeek: Facebook Launches Tool to Let Users Control Data Flow
The Straits Times Tech News: Facebook launches tool to let users control data flow Facebook finally rolls out privacy tool for your browsing history

@geoffreyfowler: Facebook’s long-promised “clear history” tool has arrived, but it is not the data re-set we really needed. @tonyromm has the details here @posttech : What’s missing? Thread -->
@kashhill: In news you can't actually use yet (unless you live in Ireland, S. Korea, or Spain), Facebook is giving you a way to make your Instagram ads way less creepy.
@ashk4n: Facebook just announced their long awaited 'Clear History' tool -- tho it only really lets you 'Disconnect Activity' (and even then its pretty limited) PR release: Fact sheet: Technical writeup:
@fbnewsroom: With Off Facebook Activity, you can see a summary of the info that websites and apps send to help show you relevant ads - you can also disconnect this info from your account. Learn more:
@zackwhittaker: This sounds great! But nowhere in this blog post does it say how we get it.
@ruskin147: My story on Facebook’s new “Off-Facebook Activity” tool which shows you why those shoes are following you around the Internet
@tonyromm: Zuck in 2018 used the word "flush" and other FB execs used the word "delete" but it's not exactly what's happening here, so it will be interesting to see how users and regulators react
@gcluley: Good thread here on Facebook's "Clear History" announcement. Most people won't ever turn off "Off-Facebook activity" of course.. but even if you do, you may be interested to hear what it does (and doesn't) do.
@stevekovach: The best way to clear your Facebook history is to delete Facebook
@alexhern: The clear history tool Mark Zuckerberg announced over a year ago is finally coming (except it won’t actually clear your history from Facebook’s servers)

August 2, 2019
Alex Hern / Guardian

Alex Hern / Guardian  
Apple Suspends Controversial Program That Allows Contractors to Listen to Siri Recordings

Apple has suspended its practice of having human contractors listen to users’ Siri recordings to “grade” them, and will not restart the program until it has conducted a thorough review of the practice following a Guardian report revealing the practice.  Apple also said it is committed to adding the ability for users to opt out of the quality assurance scheme altogether in a future software update. Contractors for Apple who conduct those reviews showed up for work on Friday in Ireland but were told to go home for the weekend. The Guardian broke the news that Apple contractors regularly hear confidential and private information while carrying out the grading process, including in-progress drug deals, medical details and people having sex.

Related: AppleInsider, iClarified, Mashable, Paul Thurrott –, Tech Insider, Reuters, The Next Web, PhoneArena, ZDNet Security, The Verge, Cult of Mac, MacRumors, Axios, Techradar, BetaNews, Pocket-lint, Slashdot

Tweets:@inafried @gcluley @markwilsonwords

AppleInsider: Apple suspends Siri quality control program, will let users opt out in update
iClarified: Tim Cook Announces Apple Card Will Launch in August
Mashable: Apple suspends program that let humans listen in to Siri conversations
Paul Thurrott – Apple Suspends Siri Grading Program
Tech Insider: Three ways brands can benefit from adopting voice technology (AAPL, AMZN, GOOGL, MSFT)
Reuters: Apple halts Siri response grading program after privacy concerns
The Next Web: Apple and Google suspend monitoring of voice recordings by humans
PhoneArena: With privacy cred under fire, Apple to offer opt-out feature for Siri recordings access
ZDNet Security: Apple, Google: We’ve stopped listening to your private Siri, Assistant chat, for now
The Verge: Apple stops letting contractors listen to Siri voice recordings
Cult of Mac: Apple stops listening to users’ Siri queries
MacRumors: Apple Suspends Program That Lets Employees Listen to Siri Recordings for Quality Control, Opt Out Option Coming
Axios: Apple suspends program in which humans review users’ Siri queries
Techradar: Apple has stopped sending Siri chats to third parties… for now
BetaNews: Privacy: Google stops transcribing Assistant recordings and Apple stops listening to Siri recordings
Pocket-lint: Apple is suspending Siri quality control due to recent privacy concerns
Slashdot: Apple Stops Letting Contractors Listen To Siri Voice Recordings, Will Offer Opt-Out Later

@inafried: Breaking: Apple suspends program in which humans review users' Siri queries (link:…
@gcluley: Apple suspends Siri response grading in response to privacy concerns (link:…
@markwilsonwords: Privacy: Google stops transcribing Assistant recordings and Apple stops listening to Siri recordings

January 10, 2020
Alex Hern / The Guardian

Alex Hern / The Guardian  
Microsoft Program to Transcribe, Vet Audio From Skype, Cortana Ran for Years With No Security Measures, Former Contractor

A Microsoft program to transcribe and vet audio from Skype and Cortana, its voice assistant, ran for years with “no security measures,” according to a former contractor. The contractor said he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company. The recordings were accessed by Microsoft workers through a web app running in Google’s Chrome browser, on their personal laptops, over the Chinese internet. Workers had no help to protect the data, the contractor says.

November 12, 2019
Peter Walker and Alex Hern / The Guardian

Peter Walker and Alex Hern / The Guardian  
UK’s Labour Party Said It Suffered a Short-Lived and Unsuccessful DDoS Attack

The UK’s Labour Party said it suffered a “sophisticated and large-scale cyber-attack” on its digital systems from an unknown source, reportedly a distributed denial of service (DDoS) attack. The attack was a short-lived and unsuccessful effort to take down the Party’s websites. Labour is a customer of Cloudflare, which provides DDoS protection services to a large proportion of the web. The Party has informed GCHQ’s National Cyber Security Centre.

Related: BBC News, Computing, The Register, Reuters, THE INQUIRER, Thomas Brewster – Forbes, ComputerWeekly: IT security, AP Breaking NewsEvening Standard, Gizmodo, The New European – Latest news, Daily Mail,, Business Insider, Sky News, IT Pro, ZDNet Security,  ITV News, POLITICO EU, Infosecurity Magazine, Techradar

Tweets:@jc_stubbs @GossiTheDog @MabbSec @dannyjpalmer @gcluley @nickeardleybbc @ruskin147 @GossiTheDog @GossiTheDog @gcluley @GossiTheDog @GossiTheDog @jc_stubbs

BBC News: General election 2019: ‘Cyber-attack’ on Labour Party digital platforms
Computing: Labour Party targeted in DDoS attack
The Register: ‘Sophisticated’ cyber attack on UK Labour Party platforms was probably just a DDoS, says official
Reuters: Cyber attack on Labour Party was short-lived attempt to take down websites – source
THE INQUIRER: Labour Party targeted by ‘large-scale’ cyber attack
Thomas Brewster – Forbes: UK’s Labour Party ‘Hit By Large Cyberattack’ A Month Before Election
ComputerWeekly: IT security: ‘Robust’ security foils cyber attack on Labour Party
AP Breaking News: The Latest: UK Labour Party hit by large-scale cyberattack
Evening Standard: Labour cyber attack: Party experiences 'sophisticated and large scale attack' on digital platforms
Gizmodo: UK Labour Party Hit With ‘Sophisticated and Large Scale’ Cyber Attack During Election Campaign
The New European – Latest news: Labour hit by ‘sophisticated’ cyber attack on its digital platforms
Daily Mail: Labour is hit with ‘sophisticated and large scale cyber attack’ UK Labour Party says it has experienced a ‘large scale cyber attack’ on its digital platforms
Business Insider: The Labour Party has suffered a ‘sophisticated and large-scale cyber-attack’ ahead of the general election
Sky News: Labour hit by ‘sophisticated, large-scale cyber attack’
IT Pro: Labour Party targeted by ‘large scale’ cyber attack
ZDNet Security: Large-scale cyber attack hits Labour Party systems
ITV News: Labour Party confirms ‘sophisticated and large scale cyber attack’ on digital platforms
POLITICO EU: Labour Party targeted by cyber attack
Infosecurity Magazine: UK Labour Party Hit By “Sophisticated” and “Large-Scale” Cyber-Attack
Techradar: Labour Party hit by major cyberattack

@jc_stubbs: So the "sophisticated and large scale" cyber attack on @UKLabour was a short-lived DDOS attempt, picked up by Cloudflare. Per a source: “It was ... nothing more than what you would expect to see on a regular basis." “It looked like someone bored in their bedroom with a botnet.”
@GossiTheDog: This was a denial of service attack. Labour use Cloudflare who soaked it up. It was not sophisticated.
@MabbSec: A spokesperson for the party said the attack, which occurred just weeks ahead of the General Election on 12 December, had been foiled by the party's "robust security systems". AKA, @Cloudflare halted the attack.
@dannyjpalmer: We go live to the Labour Party in the aftermath of a cyber attack.
@gcluley: The UK's Labour Party says there has been a "sophisticated and large-scale cyber-attack" on its digital platforms … #GeneralElection2019
@nickeardleybbc: Labour spokesman: “Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed. We have reported the matter to the National Cyber Security Centre.”
@ruskin147: One Labour source tells me their staff have detected “tens of millions of attacks - mostly originating from Russia and Brazil”
@GossiTheDog: Looks like is down. Copycats?
@GossiTheDog: I don’t think people realise how prolific these services are, google Booter. Many accept PayPal, you just stick in a website address. Many have Cloudflare origin resolvers too.
@gcluley: The Labour website right now...
@GossiTheDog: If anybody from Labour tech follows me, get somebody to go into Cloudflare - Firewall - add a rule like below to filter any request outside UK to JS Challenge. Also enable rate limiting globally but set a high limit before challenge. Also you might want to lock down origin IP.
@GossiTheDog: They just did this, traffic outside UK is blocked now and site is back.
@jc_stubbs: According to documents seen by @Reuters and a person with knowledge of the matter: UK Labour Party is currently undergoing second DDoS attack Second attack began around 1320 GMT and peaked about an hour later Both attacks judged to be "very unsophisticated"