Category Archives: Privacy

Skype is storing your file transfers in their cloud now – where and how long?

Skype logo

With the recent changes of Skype moving to a cloud based architecture some of you may be seeing a link when sending file transfers. These transfers used to be peer to peer. Skype has not issued any statement or documentation where or how long these file transfers are stored.

Skype File Transfer URL link

As part of Skype’s move to a cloud-based architecture, pictures sent via chat are now uploaded to the cloud. All of our Skype clients are currently moving to this new cloud-based architecture, and once we complete the rollout, your pictures will show (as normal) inside the conversation. For the moment, to view the picture that your contact sent, all you have to do is click the link and log in.

As Skype declares above, they are storing your files in their cloud and then presenting them to you inline or as a link. I am curious about the architecture behind this and the availability of the images long term. Can the images be found using simple URL replacement? Are they protected with some form of attribute so only those that were in the chat get get access? Or can anyone with the link that can authenticate into Skype get the file or image?

This shift prompted us to move from a Peer-to-Peer (P2P) architecture for calls and messaging to a cloud-based system. It’s the biggest architecture change in the history of Skype, and we’re constantly making improvements so that, no matter where you are or what device you’re using, everything “just works.”

Skype states as the world moves forward they need the cloud to continue instead of peer to peer. While that makes sense for some of the data I cannot see it for the file names and transfers without an option on the user side.  One of the benefits was no server in the middle when sending those files. With the new architecture you will both not have to be online at the same time to send the file, but I imagine this will also affect the maximum transfer size as well. I do not see Skype wanting to store large files.

So questions Skype needs to answer are:

  • Who has long term access?
  • How long are they storing our files?
  • Will there be a new maximum transfer size?
  • If I pass out the link can anyone get to the file that can log in?

What other concerns or questions would you have with the new changes Skype is implementing?

Samba.me launches for SxSW and accesses your contacts

Samba.me logo

Samba.me first entered the iTunes store in February 2014 and are preparing for a SxSW appearance for the first time. A privacy policy for the app worries us. They collect both anonymous and identifiable information.

The Samba.me service is a video sharing platform that records the reaction of the receiver and sends it back to the sender. For example I record a skating video (maximum time is 16 seconds) with a person falling. I send the video to a friend via the Samba.me app. When they watch the video it is simultaneously recording their reaction to the video. This recording is then sent right back to me for viewing.

What was interesting was the access and information it needed when performing these features

How to revoke and block third-party Instagram app access to your account

instagram logo

How do you revoke and block third-party app access to your Instagram account? Here are the steps required. Instagram has numerous third-party applications that people are allowing access to their account by loading them on their devices and via the web.

Everytime you add another application, it prompts you to log in using your Instagram username and password via their authentication API. By doing this, you are then giving certain rights to that application.  Some rights you may give are:

  • Access your basic information (Includes photos, friend lists & profile info)
  • Like photos
  • Comment on photos
  • Follow/Unfollow other users

Keep in mind some of these apps only do the above with your express permission, while others may do it automatically.  You have to pay special attention to what permissions the third-party app is looking for. To start checking what apps have what access and to revoke third-party access you need to access your Instagram account via the web.

Instagram login box

Once logged in, click on your image and name in the upper right and select Edit Profile. You will then get a list of options on the left side that allow everything from changing your password, editing your profile and managing applications.  That is where we are headed.

Coin – the mobile wallet retailers won’t accept

Only Coin logo

Only Coin is getting a lot of press as a mobile credit card and data wallet. I love the idea and will support them, but retailers should not take it yet and here are my reasons why. But, I still say get in now and grab one as this may simplify your life (in the USA that is)

First let me cover why you may want The Coin . Here are sample suggestions of mine:

  • Simplicity of carrying all of your credit and loyalty cards in one place
  • The ability to disable Coin as a whole if it is lost. Imagine losing your wallet now?  You have to call every credit card company and even loyalty programs if you have free credits. With Coin it just stops working and your cards are secure
  • Reduce the ability of copying your card data for manual transactions. Without the physical card to see all the required numbers, poeple that walk away to swipe your card cannot make a copy anymore either

Here are some reasons why I question The Coin  device.

Signature block
The United States lags behind the world but not using chip and pin type credit cards. We, begrudgingly, still use signature blocks. Most merchants ask to see identification when using the card even when a signature is on the card itself. This adds a second layer of security to the possible forgery attempt by also forcing a fake id.

The Coin device itself will not show the credit card number but only the card type, expiration number, last four digits and even the CCV number as per their Q&A on the website.

Holograms
As silly as this sounds credit card companies, and most paper money, have holograms for protection. Coin cannot offer this ability with it’s sleek finish and design. If it could then the hologram system would be even more flawed.

Cardholder picture

Numerous credit cards are now embedding the picture of the card holder on the front as an added identification measure. Usually removing he need to show an additional identification picture (while humorously some still say may I see an id please out of habit and I point to the picture).  They even address this on their own website FAQ:

Q. Can a Coin store my driver’s license or other forms of identification?A. Bottom line is that you should not rely on your Coin as a form of ID the next time you’re in line at the airport or at the club. A Coin can store an ID with a magnetic stripe, however, this will likely not suffice for you to use it out in the world. For example, a Coin cannot show your picture which is usually required with an ID.

Only Coin

Chip and Pin
This step let credit cards act more like debit cards requiring both a digitally encrypted chip that is embedded in the card along with a PIN number that must be entered. As I stated above, the USA sucks at implementing this and even cards that have chips still require signatures. Coin will be unable to create an on the fly programmable and changing chip that would match what credit card companies do. If they could then the chip idea would flawed. They state it is coming later

 future generations of the device will include EMV.

Construction
Coin is making the Coin (lack of better wording escapes me) of the same plastic that credit cards come in. I know this reduces cost but also increases the risk of breakage as some cards do. With the LED screen I presumed this would be a metal type. I am unsure how this plastic relates to the strip for being able to swipe. But that seems to be part of the magic. You could also break this plastic it seems.

Now this whole part confused the heck out of me.  Once the Coin dies I have to replace the entire Coin? There is no way for a slideout battery? I mean seriously? Will they swap it for free and then recycle the Coin by wiping it for me? Or as this reads do I have to buy it again?

Q. How long does a Coin last? Do I recharge it? What happens when my Coin’s battery dies?A. Coins are designed to last for 2 years under normal usage and do not need to be recharged. Once the battery dies you will need to replace your Coin.

Your Coin however is an electronic device so if it is folded or bent at extreme angles it will most likely break.

More Security
This concerned me about leaving the Coin lying around somewhere but it seems with the built in bluetooth capability in Coin (which you do not control, it does it’s own power setting) the card will disable itself.

Q. How secure is Coin?A. Maintaining the integrity of your Coin’s data is critical to your peace of mind. That’s why our servers, mobile apps and the Coin itself use 128-bit or 256-bit encryption for all storage and communication (http and bluetooth). Additionally Coin can alert you in the event that you leave it somewhere, automatically disable certain device functions based on proximity to your phone, or fully deactivate itself based on the amount of time it’s been away from your phone.

I am also unsure where Coin is storing some of the data it uses for adding a card. It seems you need to take a picture of the front and back of the card, then swipe it and answer/enter some more info to add a card.  Are these images saved somewhere with the card details? With the ability to change what card is shown with an ever changing stripe to swipe, how can they guarantee validity and security?

Summary
While I went ahead and invested in Coin (I love the geektoys and showing support), I cannot see a retailer that follows basic security of transactions taking the device for payment right away. You may even get a strange look.  New technology freaks people out.

So jump in with me and order yours in the next ten days at the cheaper pre-order pricing. I will have a full review as usual when it gets in my hands.