Category Archives: Privacy

Samba.me launches for SxSW and accesses your contacts

Samba.me logo

Samba.me first entered the iTunes store in February 2014 and are preparing for a SxSW appearance for the first time. A privacy policy for the app worries us. They collect both anonymous and identifiable information.

The Samba.me service is a video sharing platform that records the reaction of the receiver and sends it back to the sender. For example I record a skating video (maximum time is 16 seconds) with a person falling. I send the video to a friend via the Samba.me app. When they watch the video it is simultaneously recording their reaction to the video. This recording is then sent right back to me for viewing.

What was interesting was the access and information it needed when performing these features

How to revoke and block third-party Instagram app access to your account

instagram logo

How do you revoke and block third-party app access to your Instagram account? Here are the steps required. Instagram has numerous third-party applications that people are allowing access to their account by loading them on their devices and via the web.

Everytime you add another application, it prompts you to log in using your Instagram username and password via their authentication API. By doing this, you are then giving certain rights to that application.  Some rights you may give are:

  • Access your basic information (Includes photos, friend lists & profile info)
  • Like photos
  • Comment on photos
  • Follow/Unfollow other users

Keep in mind some of these apps only do the above with your express permission, while others may do it automatically.  You have to pay special attention to what permissions the third-party app is looking for. To start checking what apps have what access and to revoke third-party access you need to access your Instagram account via the web.

Instagram login box

Once logged in, click on your image and name in the upper right and select Edit Profile. You will then get a list of options on the left side that allow everything from changing your password, editing your profile and managing applications.  That is where we are headed.

Coin – the mobile wallet retailers won’t accept

Only Coin logo

Only Coin is getting a lot of press as a mobile credit card and data wallet. I love the idea and will support them, but retailers should not take it yet and here are my reasons why. But, I still say get in now and grab one as this may simplify your life (in the USA that is)

First let me cover why you may want The Coin . Here are sample suggestions of mine:

  • Simplicity of carrying all of your credit and loyalty cards in one place
  • The ability to disable Coin as a whole if it is lost. Imagine losing your wallet now?  You have to call every credit card company and even loyalty programs if you have free credits. With Coin it just stops working and your cards are secure
  • Reduce the ability of copying your card data for manual transactions. Without the physical card to see all the required numbers, poeple that walk away to swipe your card cannot make a copy anymore either

Here are some reasons why I question The Coin  device.

Signature block
The United States lags behind the world but not using chip and pin type credit cards. We, begrudgingly, still use signature blocks. Most merchants ask to see identification when using the card even when a signature is on the card itself. This adds a second layer of security to the possible forgery attempt by also forcing a fake id.

The Coin device itself will not show the credit card number but only the card type, expiration number, last four digits and even the CCV number as per their Q&A on the website.

Holograms
As silly as this sounds credit card companies, and most paper money, have holograms for protection. Coin cannot offer this ability with it’s sleek finish and design. If it could then the hologram system would be even more flawed.

Cardholder picture

Numerous credit cards are now embedding the picture of the card holder on the front as an added identification measure. Usually removing he need to show an additional identification picture (while humorously some still say may I see an id please out of habit and I point to the picture).  They even address this on their own website FAQ:

Q. Can a Coin store my driver’s license or other forms of identification?A. Bottom line is that you should not rely on your Coin as a form of ID the next time you’re in line at the airport or at the club. A Coin can store an ID with a magnetic stripe, however, this will likely not suffice for you to use it out in the world. For example, a Coin cannot show your picture which is usually required with an ID.

Only Coin

Chip and Pin
This step let credit cards act more like debit cards requiring both a digitally encrypted chip that is embedded in the card along with a PIN number that must be entered. As I stated above, the USA sucks at implementing this and even cards that have chips still require signatures. Coin will be unable to create an on the fly programmable and changing chip that would match what credit card companies do. If they could then the chip idea would flawed. They state it is coming later

 future generations of the device will include EMV.

Construction
Coin is making the Coin (lack of better wording escapes me) of the same plastic that credit cards come in. I know this reduces cost but also increases the risk of breakage as some cards do. With the LED screen I presumed this would be a metal type. I am unsure how this plastic relates to the strip for being able to swipe. But that seems to be part of the magic. You could also break this plastic it seems.

Now this whole part confused the heck out of me.  Once the Coin dies I have to replace the entire Coin? There is no way for a slideout battery? I mean seriously? Will they swap it for free and then recycle the Coin by wiping it for me? Or as this reads do I have to buy it again?

Q. How long does a Coin last? Do I recharge it? What happens when my Coin’s battery dies?A. Coins are designed to last for 2 years under normal usage and do not need to be recharged. Once the battery dies you will need to replace your Coin.

Your Coin however is an electronic device so if it is folded or bent at extreme angles it will most likely break.

More Security
This concerned me about leaving the Coin lying around somewhere but it seems with the built in bluetooth capability in Coin (which you do not control, it does it’s own power setting) the card will disable itself.

Q. How secure is Coin?A. Maintaining the integrity of your Coin’s data is critical to your peace of mind. That’s why our servers, mobile apps and the Coin itself use 128-bit or 256-bit encryption for all storage and communication (http and bluetooth). Additionally Coin can alert you in the event that you leave it somewhere, automatically disable certain device functions based on proximity to your phone, or fully deactivate itself based on the amount of time it’s been away from your phone.

I am also unsure where Coin is storing some of the data it uses for adding a card. It seems you need to take a picture of the front and back of the card, then swipe it and answer/enter some more info to add a card.  Are these images saved somewhere with the card details? With the ability to change what card is shown with an ever changing stripe to swipe, how can they guarantee validity and security?

Summary
While I went ahead and invested in Coin (I love the geektoys and showing support), I cannot see a retailer that follows basic security of transactions taking the device for payment right away. You may even get a strange look.  New technology freaks people out.

So jump in with me and order yours in the next ten days at the cheaper pre-order pricing. I will have a full review as usual when it gets in my hands.

Speaking at SxSW 2014 on Social Identity – thank you!

Social Identity in the world

I was recently notified I will be speaking at SxSW 2014 on Social Identity. I just wanted to thank everyone that took a few minutes to click and vote to make it a reality.

For those that need a recap of my topic, here is Social Identity – Public, Personal and Private:

As you use more social networking sites, your social identity becomes a blend of publicly shared and personal information.
Based on the upcoming book, see firsthand how innocuous things you share can be used to gain access to your private data and learn tricks to block those attempts.

We will explore the different levels of information and how to segregate the data. Learn techniques to isolate your private banking, credit card and health information, while still feeling comfortable sharing on public and personal sites.

By splitting how you participate in the online world of social networks, communities and even online finance you build a virtual wall.

We will also discuss the creation of a private and also a fake persona to help strengthen the barrier of your private identity and prevent identity theft.

This Future15 type session will be on overview of the book with the same title being finished (in time for SxSW). I have presented excerpts at other conferences in preparation of the chance to speak at SxSW 2014.

With over 3000 submissions I am honored to take part in not just attending SxSW again, but presenting.