Crossing the line: is Big Tech taking privacy seriously?
Last Summer, antivirus and security giant Norton, announced plans to add a crypto miner to the Norton Security 360 suite. Whilst initially the crypto miner was only available to a small pool of users, today it is included whenever anybody who downloads the program. There is now a backlash (of sorts) against Norton from users and commentators alike who claim that crypto mining is taking place without user consent. However, it has been clearly pointed out that whilst the crypto miner is indeed installed as part of Norton Security 360, it won’t actually mine without user permission. Indeed, Norton themselves state that a user needs to turn on Norton Crypto on their device which must also meet system requirements to actually run (many won’t be able to do so). So until any user comes forward and can prove that the miner activates without their explicit permission, Norton can’t be accused of ant skullduggery
But it has raised some eyebrows and it also raises some interesting points to reflect upon. Ironically perhaps, why is an industry-leading internet security company potentially exposing it’s users to a whole range of security issues. For example, what happens if a malware app finds a way in and starts sending any profits to a hackers wallet? Not a tall story given the rise in dodgy crypto-malware. And if something like this did befall Norton, imagine the headlines? Security suite provider gives cybercriminals the keys to the safe, or something to that effect.
However, probably the much bigger story here is the fact that a technology heavyweight such as Norton is on the verge of undermining user privacy or at least giving a very good impression of subtly infringing upon user privacy. Is this not a very clear example of how big tech is looking for ways to muscle-in where they don’t belong?
Protecting privacy by encrypting data
In very recent news, we have seen mobile operators seemingly locking horns with Apple, asking regulators to ban Apple’s encryption technology because they feel that it undermines a concept referred to as digital sovereignty - essentially, the ability to have control over your own digital destiny. It reflects a growing concern that too much power lies in the hands of a relatively small number of large tech companies. And in this latest example concerning Apple, the European Commission is being asked to prevent Apple from using “private relay” as it effectively denies operators the ability to manage their networks. Apple’s Private Relay is designed to protect privacy by encrypting data to prevent the tech company and third parties from seeing where the user is browsing.
Apple are no strangers to this type of controversy. When they announced that they would make it mandatory for every single app to disclose the information that they were collecting, what permissions were needed, it was definitely seen as a step in the right direction - users would be able to see exactly what was being tracked by any apps that they downloaded.
However, subsequent research by Simon Migliano uncovered that many of the free VPN Apps actually failed to respect Ad tracking choices by users. His research showed that most of these apps continued to share tracking data with advertisers even when consent from the user was denied. Furthermore, it was revealed that over a third of free VPN apps totally ignore Apple’s previously announced guidelines and actually fail to seek any consent whatsoever. So much for ringing the bell for user privacy then.
To share or not to share?
We must not forget about Facebook. In July 2020, in an update to WhatsApp’s privacy policy, users were given the option of whether they wanted to share their data with Facebook. Not long after, WhatsApp users were given an ultimatum by Facebook / WhatsApp to accept the brand-new privacy policy - not accepting it effectively meant no access to WhatsApp. Understandably, there was considerable resentment to these plans, so much so that WhatsApp eventually postponed these changes - WhatsApp and Facebook needed for damage limitation exercises, to try and assure users that the new changes wouldn’t impact on their privacy. Seemingly, it was too late for many who chose to leave the service for more privacy-centric options.
Some commentators called Norton’s crypto miner move, predatory with many questioning the ethics behind it. And the other examples discussed clearly show that big tech takes a seemingly blasé approach to user privacy. How much longer before tech’s hitherto subtle infringement of privacy adopts a more full-on approach?
Sebastian Schaub is the founder of hide.me VPN and he has been working in the internet security industry for over a decade. He started hide.me VPN to make internet security and privacy accessible to everybody.