- Shared Security Podcast
- Posts
- New Episode Alert EP102
New Episode Alert EP102
Is the ToTok app spying on you? 🔥
Weekly Blaze PodcastEpisode 102January 6 2020
New California Data Privacy LawWyze Data LeakToTok Spy App
Happy New Year and Welcome to 2020!
Now that it's the start of a new year, it's always a good time to get ourselves into good habits and one of those habits it to take our digital privacy more seriously this year. And to start this year off right we have a giveaway going on right now where you can win a Silent Pocket Faraday Bag prize package! Visit
for full details on the rules and how to enter. Don't delay as the contest ends on Saturday, January 11th. And while you're entering our contest, be sure to check out
to see their full product line of faraday bags and other products built to protect your privacy. As a special offer for our podcast listeners you can get 15% off your order right now by using discount code "sharedsecurity" at checkout.
Details on the new California data privacy law
A new data privacy law in California officially went into effect as of January 1st. The new law called the California Consumer Privacy Act (or CCPA) is the first privacy law of its kind in the United States which gives California residents certain privacy protections which include
Not only that, the law states that residents have the right to delete any personal data that has already been collected. One of the most significant changes is that companies need to provide a "button" or way to opt-out with the message "Do Not Sell My Personal Information" that needs to be displayed at the bottom of web pages. This is a very good first step for being the first privacy law in the US and many, including myself, hope that this law (while not perfect) is used as a model across other states that may be thinking about creating similar privacy laws.
Now one of the first questions many people have is does this law apply to every business within California? Well the answer depends as it currently only applies to companies that have an annual gross revenue of more than $25 million, businesses that deal with the personal data of 50,000 or more consumers a year, or businesses that generate at least half of their revenue from selling personal data. The good news is that most big companies that fall into these categories are most likely going to extend these privacy protections to individuals across any state since it's much more challenging to have a law apply to just residents of one state only. This is very similar to what we saw with GDPR in Europe as many US companies extended privacy controls to all of their customers, not just those located in Europe. For more details on the CCPA and the privacy ramifications, I highly recommend you give a listen to our recent interview with Rebecca Herold, the "Privacy Professor" who explains more about the impact of this law and her thoughts on what the effect might be on any company that collects personal information and what the future holds for privacy this year.
Wyze leaked personal data of 2.4 million users
Popular smart device company, Wyze, disclosed a massive data leak exposing the personal data of over 2.4 million users. Cybersecurity firm Twelve Security disclosed the breach to Wyze stating that an entire Elasticsearch database was found completely unsecured which contained email address, list of camera's purchased, WiFi SSIDs, and even health information including height, weight, gender, bone density, and more. In addition, authentication tokens for paired Amazon Echo devices were also exposed. If you had created a Wyze account before December 26th of 2019, you have unfortunately become a victim of this data leak. Wyze disclosed details about the incident on their support forum and have also sent an email to those that have been affected.
Now I find two things interesting about this data leak. First,
because they had removed existing security protocols when they needed to use the database, and second, they also blamed the quote "extremely fast growth of Wyse" in which they had initiated a business metrics project so that data was easier to search and query due to the growth of the company. Hmm blaming an employee on a public forum and then blaming the reason to have the data in an unsecured, online, searchable database was due to the growth of the company? Not very good business practices in my opinion but let's hope their management learns a lesson from this incident, and that is, to make the security of their customer data the number one priority.
What is ToTok and is it a spy app?
Have you heard of an app called ToTok? No? Well, neither did I until I saw the news that the app and its creators have been accused of being spies for the United Arab Emirates. Oh, and don't get ToTok confused with TikTok as these are two totally different apps. So what is ToTok? ToTok is a video and text based messaging app similar to WhatsApp. ToTok is actually so popular that it's become one of the most downloaded social apps in the United States but is primarily used in the Middle East. So what's the controversy? Well the
concluded that the ToTok app is used by the UAE to track every conversation, movement, relationship, appointment, and video and image of everyone who installs it on their phones. The firm behind the development of the app, Breej Holding, is being called a front company that has affiliations with a firm called "DarkMatter", which is a UAE based cyber intelligence firm that has many known ties to the UAE government and is currently under investigation by the FBI for possible cyber-crimes. Not only that, the New York Times stated that through the technical analysis of the app they also determined that a company called Pax AI, which is a UAE based data mining firm, is also tied back to guess who, DarkMatter. Based on these allegations, Apple and Google have both removed ToTok from their app stores while
.
One other thing you may find interesting is that while the app says you can send messages securely, it does not use end-to-end encryption like other popular messaging apps like WhatsApp or Signal. Oh, and ToTok is the only free messaging app that actually works in the UAE as WhatsApp and others are either blocked or don't work on the UAE's government controlled Internet service providers.
So the question is, should you use the ToTok app? In my opinion, I wouldn't. Look the UAE is well known for tracking known political dissidents, human rights defenders, journalists, and other critics of their government. And having a free app that gives their own citizens complete freedom to send messages and video's under the guise of a "secure" messaging app is the perfect set up for a mass surveillance program.
DecemberMonthly ShowEpisode 95In episode 95 of our monthly show we're joined by special guest Rebecca Herold, the "Privacy Professor". Rebecca is a well known expert in the privacy and cybersecurity community and gives us an update on what she's been working on, what her thoughts are on the current state of privacy regulations (CCPA, GLBA, etc), and what we may see in 2020 from a privacy perspective. We also talk about Rebecca's favorite books and her encounter with famed author Cliff Stoll who wrote "The Cuckoo's Egg".
Watch this episode on our YouTube Channel!
Top 10 Episodesin 2019We've had a fantastic year bringing you the latest cybersecurity and privacy topics and news. Thank you for being a listener and supporting the show!If you haven't listened to our most downloaded episodes from the year, here's your chance. Click the link below to listen to each episode and share with your friends!
Shared Security is now on GetVokl!
We live stream our monthly show on a new interactive video chat and streaming service called GetVokl!
to get notified when we will be live and to watch previous episodes!
Thank you to our sponsor
Silent Pocket!
Take advantage of this exclusive offer and help support this podcast!
Visit
to shop Silent Pocket's great line of privacy focused products.