Usually, when passwords and personal information are exposed, it's because someone hacked a company's not-so-secure system. Motorola, however, managed to put people's info at risk without such malfeasance when it failed to wipe the memory of a batch of refurbished Xooms. The tablets in question were sold by Woot.com between October and December of last year, and Moto is claiming that it made the mistake on only small number of slates. Of course, we don't know exactly how many Xooms were shipped with previous owners' data onboard, but we do know that the company is actively attempting to make amends. Moto's offering two years of Experian identification protection services to those whose info was exposed and owners of affected Xooms are getting a little something too. Just send the device back to Motorola on the company's dime -- where it'll be properly reset and sent back to you, along with a $100 American Express gift card for your efforts. Wondering if you're among the unlucky? Hit the PR after the break for more info, and those with Wooted Xooms can plug in their slate's serial number at the source link below to find out for sure.

[Thanks, Scott]

Continue reading Oops! Motorola sold refurbished Xooms without deleting previous owners' data

Oops! Motorola sold refurbished Xooms without deleting previous owners' data originally appeared on Engadget on Fri, 03 Feb 2012 20:52:00 EDT. Please see our terms for use of feeds.

Permalink

Google has gone to great lengths to clarify its revamped privacy policy, but a regulatory body in the European Union thinks the company is moving a little too fast. Today, European regulators formally requested that Google "pause" its rollout, in order to give the EU more time to investigate its forthcoming changes. "Given the wide range of services you offer, and the popularity of these services, changes in your privacy policy may affect many citizens in most or all of the EU member states," the EU's Data Protection Working Party wrote in a letter to Google CEO Larry Page yesterday. "We wish to check the possible consequences for the protection of the personal data of these citizens in a coordinated way." The body didn't specify how much time it would need to investigate, but it stressed that doing so would help to ensure absolute transparency among European users. "[W]e call for a pause in the interests of ensuring that there can be no misunderstanding about Google's commitments to information rights of their users and EU citizens, until we have completed our analysis," the letter reads.

Viviane Reding, Europe's commissioner on data protection, heralded the move as an important step in asserting EU authority over online privacy and regulations, but Google was somewhat taken aback by the request. "We briefed most of the members of the working party in the weeks leading up to our announcement," said company spokesman Al Verney. "None of them expressed substantial concerns at the time, but of course we're happy to speak with any data protection authority that has questions." It's worth noting that Google isn't legally bound to heed the Working Party's request, though we'd expect the company to seek some sort of compromise with Europe's regulators, as it has in the past.

EU regulators ask Google to 'pause' its privacy changes, need more time to investigate originally appeared on Engadget on Fri, 03 Feb 2012 07:46:00 EDT. Please see our terms for use of feeds.

Permalink

The Hawaii state legislature has apparently pulled an about face on a proposed internet tracking bill, amid swelling concerns from civil libertarians and internet service providers alike. First introduced last week, the controversial measure calls for all ISPs to track and record a user's online activity and identity within individual digital dossiers. The law's supporters trumpeted it as a vital step in protecting "victims of crime," but its momentum has all but come to a halt, now that its lead champion has proclaimed its death. In a recent interview with CNET, Democratic Representative John Mizuno (pictured left) confirmed that his bill has been shelved, attributing the decision to the avalanche of critical feedback he's received (see the coverage links, below). "It's generated a lot of national attention," Mizuno explained. "I've taken into consideration the thousands of e-mails (which were often) colorful and passionate, which is absolutely fine... This bill just isn't ready. It needs a lot of work." Unfortunately, this doesn't mean spell an outright death for the law, as Mizuno still believes that keeping a record of browsing history could help authorities hunt down pedophiles and other evil doers. "I think both would be very strong pieces of evidence if there's going to be a criminal proceeding," he argued. Despite our own fundamental misgivings with Mizuno's approach, it's still encouraging to see politicians respond to public outcry so swiftly and, as with the SOPA debacle, appropriately.

Hawaii's online tracking law is all but dead, lead sponsor confirms originally appeared on Engadget on Wed, 01 Feb 2012 15:43:00 EDT. Please see our terms for use of feeds.

Permalink

As you may remember, roughly a week ago Google issued a major overhaul of its privacy policies -- condensing some 60 scattered terms of service into a single document covering a vast majority of its internet empire. Of course, this raised concern, confusion and led to stories circulating the web about the inherent danger of the revised TOS. Truth be told, most of the wild-eyed fear mongering was done by those who either had not read or had not understood what the simplified policies mean (though, we hardly fault them for being suspicious). Google is looking to allay those fears however, and has released the full text of a letter written to congress clarifying the new TOS. The important information here is presented on the Google Public Policy Blog as bullet points and that is what's not changing. Users will still be able to search without signing in, opt out of targeted ads, export their data and maintain fine-grained control over their private data. Oh and Google will never, we repeat never, sell your information to advertisers. Hit up the source link if you're still in need of more details.

Google clarifies what isn't changing with new privacy policy originally appeared on Engadget on Tue, 31 Jan 2012 09:19:00 EDT. Please see our terms for use of feeds.

Permalink

The world's teenage population can pontificate from a new digital platform, now that Google+ has decided to open its doors to high schoolers. Google+ VP Bradley Horowitz made the announcement yesterday, confirming that anyone old enough to own a Google account can now join the social network. In most countries, that applies to anyone older than 13 (previously, Google+ had been restricted to the 18-and-over crowd). This expansion also introduces a new set of privacy controls for younger users, who will be warned every time they try to publish a public post, and can only be contacted by those in their immediate circles. If a teen joins a Hangout, moreover, he or she will only be able to receive audio and video from those in his or her circles. Find more at the link below.

With new privacy controls onboard, Google+ opens up to teens originally appeared on Engadget on Fri, 27 Jan 2012 09:41:00 EDT. Please see our terms for use of feeds.

Permalink

There may be some trouble brewing in paradise, thanks to a seemingly draconian law currently under consideration in Hawaii's state legislature. If passed, H.B. 2288 would require all ISPs within the state to track and store information on their customers, including details on every website they visit, as well as their own names and addresses. The measure, introduced on Friday, also calls for this information to be recorded on each customer's digital file and stored for a full two years. Perhaps most troubling is the fact that the bill includes virtually no restrictions on how ISPs can use (read: "sell") this information, nor does it specify whether law enforcement authorities would need a court order to obtain a user's dossier from an ISP. And, because it applies to any firm that "provides access to the Internet," the law could conceivably be expanded to include not just service providers, but internet cafes, hotels or other businesses.

Democratic Representative John Mizuno is the lead sponsor of the bill, though his support already seems to be waning. Not long after H.B. 2288 was introduced, Republican Representative Kymberly Pine told CNET that she would be withdrawing her support for it, adding that her intent was not to track Hawaiian web surfing, but to simply protect "victims of crime." "We do not want to know where everyone goes on the Internet," Pine explained. "That's not our interest. We just want the ability for law enforcement to be able to capture the activities of crime." Pine went on to acknowledge that the proposal has come under fire from many civil libertarians and internet companies within the state, and that the measure will likely be revised. In retrospect, she said, the concept of storing personal information "was a little broad," and Hawaii's lawmakers "deserved" the criticism they received during today's hearing.

Hawaii's proposed online tracking law comes under fire from ISPs, civil libertarians originally appeared on Engadget on Fri, 27 Jan 2012 08:15:00 EDT. Please see our terms for use of feeds.

Permalink

Wouldn't it be absolutely splendid if you could hand your phone over to a friend (or complete stranger) without fear of them mucking up your system or digging into your personal bits? Yes, we'd absolutely love to see guest accounts become standard issue on all handsets, but until that day arrives, a new application called SwitchMe will work in a pinch. Word of caution, this app requires root privileges, which may deter many folks.

Rather than allowing multiple sessions to run simultaneously, as you'd expect on a desktop computer, SwitchMe lets users easily jump between different installations of Android -- they exist separately and don't talk to each other. Naturally, this also allows hobbyists to easily jump between their favorite ROMs, and gives developers clean sandboxes for app testing. The first hit is free, but if you want to manage more than two installations, you'll need to buy the unlock key for $1.98. Still, those who find the SwitchMe useful should consider tossing the developer a few bones.

Update: As a commenter pointed out, multiple ROMs are not supported at this time. The developer has verified this, stating that any content inside /system cannot be changed. Bummer.

[Thanks, Alan]

SwitchMe brings makeshift guest account to Android root users originally appeared on Engadget on Thu, 26 Jan 2012 21:27:00 EDT. Please see our terms for use of feeds.

Permalink

There's an alarming rumor circulating that suggests that UK network O2 forwards your phone number to any website visited on a smartphone. Lewis Peckover built a site that displays the header data sent to sites you visit, finding a network-specific field called "x-up-calling-line-id" which displayed his number. Angry users who tested the site have flooded the company's official Twitter, which is currently responding with:

"Security is our top most priority, we're investigating this at the moment & will come back with more info as soon as we can."

The Next Web confirmed that Orange, T-Mobile and Vodafone numbers are unaffected by the issue, but GiffGaff and Tesco Mobile (both MVNOs that operate on the same network) do. TNW's sources say it's most likely an internal testing setup, while Mr. Peckover suggests it's because the network transparently proxies HTTP traffic, using the number as a UID.

Update: We received confirmation from O2, who said that it was "investigating with internal teams and it's our top priority." Slashgear and Think Broadband were unable to replicate the problem, but in our tests (pictured) it was sharing our data with the site.

Update 2: Consumer magazine Which? contacted UK privacy watchdog, the Information Commissioner's Office which offered the following:

"Keeping people's personal information secure is a fundamental principle that sits at the heart of the Data Protection Act and the Privacy and Electronic Communications Regulations. When people visit a website via their mobile phone they would not expect their number to be made available to that website.

We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed."

We'll let you draw your own conclusions from that one, but it's not shaping up to be a good day for the company (or its users).

Update 3: Our tests have stopped working now, as it looks like the network is hurriedly trying to close the hole, but we've had no official word that it's over just yet.

Update 4: O2 has issued a full statement and Q&A which we've embedded after the jump. Long story short, it's fixed the issue -- caused by accidental routine maintenance. 3G / WAP users will have shared your number with any site you visited since January 10th. The network has promised it will co-operate fully with the ICO and has reported itself to Ofcom.

Continue reading O2 data breach potentially shares your cellphone number with the world (Updated)

O2 data breach potentially shares your cellphone number with the world (Updated) originally appeared on Engadget on Wed, 25 Jan 2012 10:50:00 EDT. Please see our terms for use of feeds.

Permalink

As SOPA's aftershocks continue to ripple across the US, a slightly different brand of techno-political drama is unfolding over in Europe, where the European Commission today announced a new set of online privacy regulations. The new legislation, unveiled this morning, was crafted with the intent of giving consumers more control over their online data, and places more pressure upon private companies to protect user information. According to Reuters, offending firms could be fined at rates of up to two percent of their yearly turnover. The laws, designed to overhaul the 1995 Data Protection Directive, will also make it easier for users to access their data, giving them the power to demand that their personal information be deleted, as long as there are no "legitimate reasons" for a company to store it. Companies, meanwhile, will be required to inform authorities of a data breach as soon as possible, "if feasible, within 24 hours."

Though the rules have raised some concerns among web companies, EC privacy commissioner Viviane Reding wasted no time in heralding them as the foundation of a safer and more prosperous digital environment. "The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data," Reding explained. "A strong, clear and uniform legal framework at EU level will help to unleash the potential of the digital single market and foster economic growth, innovation and job creation." If approved by the European Parliament and all EU member states, the laws would probably go into effect toward the end of 2013.

European Commission unveils new online privacy rules, aims to protect consumer data originally appeared on Engadget on Wed, 25 Jan 2012 07:30:00 EDT. Please see our terms for use of feeds.

Permalink

You're you, right? Of course you are. If you have an Account, Google knows that too and now, with an updated and streamlined Google Terms of Service, you're even more you than ever before. The company is consolidating most of its more than 70 separate privacy documents into a single Privacy Policy that is so important it gets capitalized. The biggest change? If you have a Google Account, your information will now be shared across the company's many services. Scary? Don't fear -- the company is taking this time to re-iterate its pledge to never sell your personal information, never share it externally and to continue to support the Data Liberation Front. Viva transparency.

Continue reading Google updates ToS, shares your data across its services (video)

Google updates ToS, shares your data across its services (video) originally appeared on Engadget on Tue, 24 Jan 2012 18:27:00 EDT. Please see our terms for use of feeds.

Permalink