Posts in News

Windows Terminal v0.3 Releases With New Features

August 9, 2019 Posted by News 0 thoughts on “Windows Terminal v0.3 Releases With New Features”

The Microsoft team was so excited to unveil the new Windows Terminal that they allowed developers access to the beta as early as May 6. The first preview didn’t show up in Microsoft’s store till June. In the following months, Microsoft has been beefing up Windows Terminal. Windows Terminal Preview v0.3 marks the latest iteration of Microsoft’s pet project.

Kayla Cinnamon, Microsoft’s Program Manager, released news of v0.3’s new features with all the verve we’ve grown accustomed to seeing from Microsoft’s product releases. “Windows Terminal Preview v0.3 has been published to the Microsoft Store! If you have previously installed the Terminal from the Store, you will receive this update automatically.” She goes on to say that, “[i]f you’ve not yet installed Terminal from the Microsoft Store, now would be a great time because it contains some MAJOR improvements and updates!”

Here are the updates in a nutshell:

  1. Improved UI. The terminal can now be dragged from anywhere on the title bar, a UI feature, as some cynics might say, that has been in existence for decades(to be fair, Windows Terminal is still in development). The title bar also benefits from a more concise button layout and a uniform color scheme.
  2. Improved Accessibility. All the accessibility features that have existed in the old Windows Console have now been ported over to Windows Terminal.
  3. More settings and options. You can define the tab title of each profile by setting the tabTitle property to whatever you want. Additionally, you can position background images and have these images rest on an acrylic background with a color tint.
  4. Updated selection. Moving your cursor outside of the terminal window will no longer interrupt your text selection. You can also double click sections of test for selection.
  5. New keybindings. This is perhaps the best update. OEM keys can now be mapped. You can also have keybindings for copying, pasting, and duplicating a tab.
  6. Azure Cloud Connector. If you’ve always wanted to access files stored in the cloud through Windows Terminal, your prayer has been answered. More details about the Cloud Connector can be found here.

The updates aren’t ground-breaking, though that’s to be expected from a minor version release. There hasn’t been an expected final release date announced yet. Microsoft is still open to receiving more contributions from developers. On that front, it’s nice to see that developers who’ve made the most contributions to date receiving a shout out from Microsoft.

Please follow and like us:
0

Twitter Leaks Private Data to Ad Partners

August 8, 2019 Posted by News 0 thoughts on “Twitter Leaks Private Data to Ad Partners”

Twitter recently revealed to its users that their privacy settings may not have been protecting their data from Twitter’s ad partners, which constitutes a breach in privacy. “[W]e recently found issues where your settings choices may not have worked as intended,” Twitter wrote in a report. These issues were fixed on August 5, 2019. According to Twitter, the privacy breach was the result of two bugs.

The first bug pertains to ad conversions. If you clicked on any mobile app advertisement on the Twitter platform and then interacted with the mobile app between May 2018 and August 2019, Twitter may have shared “certain data” with their ad partners regardless of your privacy settings. The term “interaction” is a broad term technically-speaking.  An “interaction” can include installs, signups, logins, searches, etc. These conversion events get assigned to the conversion_type in Twitter’s mobile measurement API. This data is then shared with ad partners who can track the conversion rates of their advertisements. Although Twitter’s API doesn’t give an ad partner access to usernames or emails, it still allows the partner to receive a unique identifier that they can then use to track activity in order to perform targeted advertising. As you’ll soon find out, Twitter also receives data from their ad partners to aid their own targeted advertising.

Targeted advertising leads us to Twitter’s second bug; Twitter used their inference system to serve “relevant” ads to all of their users, ignoring their privacy settings.  This is how Twitter explains its inference-based advertising:

When you log in to Twitter on a browser or device, we associate that browser or device with your Twitter account. Whether or not you are logged in to Twitter, we may also receive information about your browsers or devices when, for example, that information is shared by a partner; you visit twitter.com; you visit third-party websites that integrate Twitter content; or you visit a Twitter advertiser’s website or mobile application. We may use this information, most commonly IP addresses and the time at which the information was received, to infer that certain browsers or devices are associated with one another or with your account.

Within the same post, Twitter mentioned their “commitment to providing meaningful privacy choices.”  Yet it never tested if its inferred identity advertising strategy restricted these choices for at least a year. Although the privacy breaches seem unintentional, they still violate GDPR’s privacy rules, which can result in fines. Currently, Twitter hasn’t released when they first discovered the privacy breaches. The social media giant also has no information about the amount of users who were affected. We can probably expect more information to come out in the following days.

Please follow and like us:
0

Monzo Discovers 480,000 PINs in Log Files

August 7, 2019 Posted by News 0 thoughts on “Monzo Discovers 480,000 PINs in Log Files”

Monzo, a digital bank based in the UK, has recently emailed 480,000 UK customers, advising them to both update their Monzo app and change their PIN. The reason for the mass email alert? The digital bank left half a million PINs exposed in log files that were accessible to Monzo’s engineers. Although these PINs were encrypted, it is poor security practice to allow employees who aren’t cleared to have access to sensitive data.

IMG_20190805_135937

The issue was discovered on Friday August 2nd, ending a six-month long exposure of sensitive data. Monzo claims that shortly after the bug was discovered, they made the necessary changes.

“By 5:25am on Saturday morning, we had released updates to the Monzo apps. Over the weekend, we then worked to delete the information that we’d stored incorrectly, which we finished on Monday morning.”

There seems to have been no damage caused by the leak. “We’ve checked all the accounts that have been affected by this bug thoroughly, and confirmed the information hasn’t been used to commit fraud,” Monzo said.

Priyesh Patel, a Monzo community leader, told Monzo users that the bug affected users who either received a reminder of their card number or cancelled a standing order. Still, as many users claimed, you didn’t have to fall under these categories to have received an email. The caution that Monzo displayed was appreciated by its community. Still, as companies become more proactive in reporting these situations to users, it gives customers a peak into the fragility of data privacy. We’re only a bug away before sensitive information shows up in log files.

 

 

Please follow and like us:
0

Hotel Crowdfunding Startup Launches in Atlanta

August 5, 2019 Posted by News 0 thoughts on “Hotel Crowdfunding Startup Launches in Atlanta”

Crowdfunding has become a term familiar with many internet surfers. The sites that often come to mind are GoFundMe and Kikstarter. However, not many know that crowdfunding started as early as 2003. In a paper titled “A Brief History of Crowdfunding”, David M. Freedman and Mathew R. Nutting described the birth of a crowdfunding site called ArtistShare:

“Crowdfunding gained traction in the United States when Brian Camelio, a Boston musician and computer programmer, launched ArtistShare in 2003. It started as a website where musicians could seek donations from their fans to produce digital recordings, and has evolved into a fundraising platform for film/video and photography projects as well as music. ArtistShare’s first crowdfunding project was Maria Schneider’s jazz album “Concert in a Garden.” Schneider offered a tiered system of rewards. For a $9.95 contribution, for example, a backer got to be among the first customers to download the album upon its release in 2004. Fans who contributed $250 or more (in addition to receiving an album download) were listed, in the booklet that accompanied the album, as participants who “helped to make this recording possible.” One fan who contributed $10,000 was listed as executive producer. Schneider’s ArtistShare campaign raised about $130,000, enabling her to compose the music, pay her musicians, rent a large recording studio, and produce and market the album (it was sold exclusively through the ArtistShare website), which won a 2005 Grammy Award for best large jazz ensemble album.”

To users of today, the above simply sounds like an above average Patreon account. Crowdfunding has come along way since the early 2000s, which is why when HotelierCo announces that they crowdfund the acquisition of hotels, the news is met with approbation. That’s because after 2010, equity crowdfunding exploded following the success of rewards-based and donations-based crowdfunding platforms. AngelList is one of the oldest and most notable of this most recent type of crowdfunding platform. Several others have followed suit.

What HotelierCo does to differentiate itself from the wide range of crowdfunding platforms available today is to target the niche market of the hotelier business. The Atlanta-based startup claims that it can “allow anyone suitable from the crowd to become a hotel owner — not just accredited investors.” This doesn’t mean that those with large pockets are exempted; Regulation A+ allows for larger investments due to the fact that raises are now limited to $50 million.

The hotels that HotelierCo offers up for investment are boutique luxury hotels that are built from the ground up. Founder and CEO Nathan Kivi calls this phenomenon “the future of hotel investment.”  Investors that own a stake in the hotel then get perks like discounted stays. To become a stakeholder, one must be at least 18 years old and invest at least $2,500.

“We want everyone in the U.S. to be Hotelier,” Kivi says.

Please follow and like us:
0

Microsoft Creates a Code Samples Directory for Developers

August 2, 2019 Posted by News 0 thoughts on “Microsoft Creates a Code Samples Directory for Developers”

Microsoft continues to position themselves as a bastion for developers with the latest release of docs.microsoft.com/samples. The new samples subdirectory exists to make the lives of Microsoft developers much easier by providing modularized samples.

According to Den Delimarsky, Senior Program Manager of Cloud and AI, Microsoft aims to “make it easier for you to discover relevant code examples to get started, no matter what Microsoft product or service you’re using.”

Judging by the wealth of filters, the new subdirectory truly does make it easier to find exactly what you’re looking for. The filters are divided by Microsoft products like Azure and Xamarin. You can also further filter the results by language. The search is a reactive search, meaning results populate the page as you type in your query. All of these features are meant for you to find what you’re looking for in a single page. Once you click on a sample, you’re sent to a page that prompts you to access the demo from GitHub or to download a ZIP.

 

Regarding the modularized samples, Delimarsky wrote, “How many times were you in the situation where you wanted to look at just one sample from a repository that contains tens of them, but had to clone all content to be able to work on just that one project? With docs.microsoft.com/samples, you can now download the relevant code without having to clone the entire repository. ”

The same applies to the GitHub code: “You no longer need to spend time figuring out where in the repository the code sample is located if you want to take a closer look at its implementation…”

A quick scan through the samples subdirectory tells you that Xamarin developers are the big winners here. Instead of having to dig through GitHub, you can simply perform a search of a particular module you would like to implement and copy the sample provided. So it’s no surprise that of the 1058 samples currently available, 619 of them are Xamarin-based.

The sample list isn’t a static representation of everything available. Microsoft encourages experimentation and enhancement. Microsoft will also add more samples as time goes by. You can place any feedback on Microsoft Doc’s feedback page on GitHub.

Please follow and like us:
0

Capital One Could’ve Prevented Their Data Leak

July 31, 2019 Posted by News 0 thoughts on “Capital One Could’ve Prevented Their Data Leak”

The news about Capital One’s recent data breach is unlike most other data breaches in that the hacker has been identified. Many now know Paige Thompson, the 33 year old ex-Amazon worker who detailed her exploits on Twitter and Slack. While it’s interesting exploring the mental state of a hacker, finding out how a financial service company like Capital One can expose itself to attack is even more interesting.

In a press statement, Capital One called the vulnerability that Thompson exploited a configuration vulnerability. There are various configuration vulnerabilities and AWS may have a particular set of vulnerabilities that have yet to be publicly documented. Thompson, in particular was a former AWS employee and so would have had inside knowledge about how one could exploit credential vulnerabilities in AWS. Ray Watson, a security researcher for Masergy, explained how Thompson could have gained access to Capital One’s data. “She allegedly used web application firewall credentials to obtain privilege escalation. Also the use of Tor and an offshore VPN for obfuscation are commonly seen in similar data breaches.” He made the conclusion that this was the modus operandi for data data breaches.

There isn’t much detail about the exploit itself beyond the generic fact that Thompson escalated privileges by exploiting a configuration vulnerability. The question is, who is to blame? Hackers will always exist and web servers can’t always babysit every company. In this case, Capital One is culpable here in that a configuration vulnerability can be monitored and easily fixed if security is a top priority. Knowing that servers are just a configuration error away from being exposed to hackers, regular checks should’ve taken place to test for insecure configurations. It’s alarming that Capital One had to be tipped off before they discovered that the sensitive data of over 100 million users was publicly available online. Though, to credit Capital One, they immediately responded with a fix.

In this case, Capital One was fortunate that the hacker did not appear to use the data in any malicious way. According to Capital One,  “it is unlikely that the information was used for fraud or disseminated by this individual.” The information Thompson collected includes:

  • “Customer status data, e.g., credit scores, credit limits, balances, payment history, contact information”
  • “40,000 Social Security numbers of [Capital One’s] credit card customers”
  • “80,000 linked bank account numbers of [Capital One’s] secured credit card customers”
  • 1 million Canadian Social Insurance Numbers

Though Capital One claims that “no credit card account numbers or log-in credentials were compromised and over 99 percent of Social Security numbers were not compromised,” there are still plenty of affected users. 106 million, to be exact. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right,” said Capital One CEO Richard Fairbank. Making it right means providing free credit monitoring and identity protection.

 

Please follow and like us:
0

GitHub Restricts Accounts From Iran, Crimea, Syria, and North Korea

July 30, 2019 Posted by News 0 thoughts on “GitHub Restricts Accounts From Iran, Crimea, Syria, and North Korea”

Throughout last week, there has been a rise of complaints from developers in countries facing U.S. sanctions. The company most often mentioned is GitHub and its message to all sanctioned users, which reads:

Due to U.S. trade controls law restrictions, your GitHub account has been restricted. For individual accounts, you may have limited access to free GitHub public repository services for personal communications only. Please read about GitHub and Trade Controls for more information. If you believe your account has been flagged in error, please file an appeal.

In the beginning, much of the outcry came from devs in Iran posting on personal blogs and on Medium. A Reddit user joked about GitHub providing open source to everyone but Iran. However, Microsoft’s restriction of GitHub’s features applies to other countries facing US sanctions.  According to GitHub’s Trade and Controls page, the territories and/or countries that GitHub can’t be exported to are Crimea, Cuba, Iran, North Korea, and Syria.

GitHub’s CEO Nat Friedman confirmed that GitHub was in fact limiting certain users, stating that “GitHub is subject to US trade law, just like any company that does business in the US.” He also dispelled criticism that claimed that GitHub could have warned users about the restrictions by writing, “Our understanding of the law doesn’t give us the option to give anyone prior notice.”

As a result of the surprise bans, developers like Anatoliy Kashkin have had to find alternative means of version controlling their products. Kashkin himself is a Crimean developer who built an aggregator for PC games called GameHub. His website was also hosted on Github Pages.  In light of his ban, he’s had to find a new hosting provider, but, more importantly, he’s had to consider what to do with his GameHub platform. In his project status thread, some offered up the idea of using a VPN; proxies and VPNs, unfortunately, are the reality of many developers trying to access and provide open source products. As detailed in a blog post by Iranian developer Shahin Sorkh, developers in restricted countries use a cocktail of proxies, VPNs, and TOR to survive. Sorkh himself uses “bind/named to proxy few certain domain queries through shecan and privoxy to tunnel all supported domains by FOD through FOD, and others through TOR.” However, these methods should not be recommended since GitHub has prohibited anyone “from using IP proxies, VPNs, or other methods to disguise their location when accessing GitHub.com services.”

For Kashkin and others looking to keep their hands clean, there aren’t many, if not any, viable options available. The combination of censorship and looming sanctions eliminates Gitlab. Bitbucket, as a ZDNet reporter notes, has been listed on the US NASDAQ exchange which may subject it to the same trade restrictions GitHub is subjected to. Already, the biggest version control systems have been restricted from use. What’s left may not grant companies or individuals the exposure their product needs.

Friedman, aware of the damage done, wrote, “It is painful for me to hear how trade restrictions have hurt people. We have gone to great lengths to do no more than what is required by the law, but of course people are still affected.”

The affects that GitHub’s restriction has had on developers has rallied many GitHub users together to protest the restrictions. They’ve created a page called GitHub Do Not Ban Us. The first sentence of their message to GitHub reads, “GitHub used to be an open and free platform for everyone, but it has decided to restrict Iranian accounts from contributing and being part of the open-source ecosystem.”

Unfortunately, the advocates have failed to realize that GitHub was never free or open source. GitHub has always been a company that monetizes using a subscription model. They offer a limited free service while allowing users to upgrade to a premium account. There is not a case to be had for GitHub’s “openness” either. Open source, according to Richard Stallman, is “amoral.” It’s not an ethical movement. It’s simply a type of software that can be licensed in myriad ways, all subject to the laws of the land it resides in. GitHub doesn’t even fall in that category, though what they curate often does. Still, GitHub is home to many closed software that companies fund to stay closed. In the end, GitHub is a US business and, as Friedman stated, is subject to US laws.

Those who believe in decentralization have a great argument to make about the conflicts that can arise when entrusting open source to centralized companies. Perhaps the overwhelming motivation for companies like GitHub to lobby for looser sanctions could be the rise of decentralized version control. For now, those affected will have to be content with finding current alternatives or tweeting, #githubForEveryone.

 

Please follow and like us:
0

Robinhood Stored Passwords in Plaintext

July 26, 2019 Posted by News 0 thoughts on “Robinhood Stored Passwords in Plaintext”

Robinhood, a commission free stock trading app, confessed to its affected users a couple of days ago that some passwords were stored in plaintext. “[W]e discovered that some user credentials were stored in a readable format within our internal systems. We wanted to let you know that your Robinhood password may have been included.”

Though that was before reassuring their users that the company uses an “industry-standard process” that obfuscates passwords. However their process seems to need a bit more work in light of this recent discovery.

Robinhood’s industry-standard process involves encrypting passwords with bcrypt. According to Robinhood, passwords are “never stored in plaintext.” The company also claims that, “[s]ensitive details, such as your social security number, are encrypted before they’re stored.” To be fair, Robinhood can find solace in the fact that they’re not alone. Facebook(Instagram), Google, Twitter, and GitHub have collectively stored millions of passwords in plaintext for years.

To be even more fair, we shouldn’t conflate saving a user’s credentials to a database in plaintext and receiving logs that contain a user’s credential in plaintext. Most of these companies employ engineers who would at least think about hashing any sensitive data that a user inputs. Code reviews, one would hope, would ensure that passwords are being hashed. The problem has to do with a sloppy approach when it comes to internal systems. The rigor put into securing databases isn’t replicated for log files. The time and money spent to automate processes that produce tangible benefits aren’t spent when it comes to securing against leaks. AGILE and the like optimize efficiency. But there has to be an emphasis on quality, not in the product but in the protection of the audience of said product. For example,  not having a regulated approach towards dumping POST requests will mean that any developer can mistakenly access plaintext passwords as they debug. How much of the log data should developers be able to access, and when in this process should sensitive data be scrubbed? How do certain internal systems effect what data is produced from logs? These are questions that strong company policies can answer. And even if those policies are in place, it is on developers to police it.

In the end, mistakes will continue to be made. If we were to look towards the future, we would probably see a lot more security orchestration whereby  remote security experts coordinate with automated security products to prevent leaks of this nature. Admittedly, this is an optimistic future that assumes that companies will at least make a user’s security a close second to profitability. Still, one can argue that though optimistic, it isn’t unrealistic. Concern for privacy has made Facebook’s recent string of gaffs controversial. You’d be hard pressed to find a FaceApp user who hasn’t heard about FaceApp’s privacy scandal. As people become more informed about the implicit deal “free” apps make with their users, it will become necessary to ensure privacy and security to achieve profits.

The fact that Robinhood even alerted its users to their security blunder is a sign that times are changing. Even though some may roll their eyes or call the mistake of a few developers a fireable offence, it’s good to see that trust is still a powerful motivator. More and more are demanding this of the companies they support, and it seems they’re responding.

For us mortal users, we’re probably better off employing security measures of our own. That means changing passwords ever so often and using a quality password manager that will help us keep track of them. Just as we look to our left and right before crossing the street, we should do the same when logging our data into websites.

Please follow and like us:
0

Google is Abandoning XSS Auditor For A Better Tool

July 22, 2019 Posted by News 0 thoughts on “Google is Abandoning XSS Auditor For A Better Tool”

When Google released XSS Auditor in 2010 for Chrome v4, the plan was to provide a tool that would make the faulty regular expression-based XSS filtering a relic. The often error prone IES XSS and other client-side XSS filters of the time produced a myriad of false positives, allowed for alternative ways to bypass their filters, and even created vulnerabilities where there were none. From a technical standpoint, what set XSS Auditor apart from its contemporaries was its architecture. Many XSS filters at the time filtered responses and requests between the network layer in the hope of intercepting information headed towards a malicious server. XSS Auditor, on the other hand, interfaced with the HTML parser and JavaScript engine.

In introducing XSS Auditor, the Google Chrome team provided a highly performant alternative that set Chrome apart from other browsers when it came to developing websites. What XSS Auditor does is scour a website’s source code looking for malicious query parameters in the JavaScript. If it finds what it is looking for, the query is blocked or removed. Sometimes, the website is completely blocked.

Nine years ago, XSS Auditor’s features may have been a welcome addition to the security community, but the filter has recently resembled a gaping hole through which various bypasses and exploits can be used to render it useless. The very problems that XSS Auditor set out to solve have reared their ugly heads in a particularly malevolent way; a clever attacker can use XSS Auditor’s architecture to run their own scripts that will deem certain JavaScript code to be malicious, even if they aren’t. This gives the attacker the ability to block code on a legitimate website. Frederick Braun illustrates this point in a blog post warning against the dangers of XSS Auditor’s filter:

 “So, let’s say you have three script blocks on your website. The website that frames you doesn’t mind two of them – but really hates the third one. maybe a framebuster, maybe some other script relevant for security purposes. So the website that frames you just turns that one script block off – and leave the other two intact. Now how does that work? Well, it’s easy. All the framing website is doing, is using the browser’s XSS filter to selectively kill JavaScript on your page.”

One thing to note is that many bypasses exist simply because the authors of XSS Auditor chose not to account for them. XSS Auditor was only designed to address a specific XSS attack. In their proof of concept paper, Google researchers said, “[i]deally, a client-side XSS filter would prevent all attacks against all vulnerabilities. However, implementing such as filter is infeasible. Instead, we focus our attention on a narrower threat model that covers a certain class of vulnerabilities. For example, we consider only reflected XSS vulnerabilities, where the byte sequence chosen by the attacker appears in the HTTP request that retrieved the resource.”

Reflected XSS vulnerabilities are non-persistent, so their countermeasures do not address persistent XSS attacks. They also don’t account for attacks on the DOM. With JavaScript frameworks like React pushing developers closer to the DOM and in so doing increasing exposure to DOM XSS attacks, XSS Auditor has simply been overtaken by its own limitations.

That’s why, amid the outcries from researchers and jokes from bug hunters, the Google Chrome team has finally pulled the plug on XSS Auditor. Thankfully, the Google Chrome team will replace it with a web standard called Trusted Types. This API will address the pressing issues posed by the recent threat of DOM CSS attacks by restricting DOM injection points. The Google Dev team believes that their new API will “obliterate DOM XSS.”

 

Resource:

Regular Expressions Considered Harmful in Client-Side XSS Filters

Please follow and like us:
0

DuckDuckGo Expands Use of Apple Maps To Enhance Private Search

July 17, 2019 Posted by News 0 thoughts on “DuckDuckGo Expands Use of Apple Maps To Enhance Private Search”

As internet users have become more and more aware about the various ways in which large internet companies like Google and Facebook keeps tabs on them, the louder the cry for privacy has gotten. DuckDuckGo has responded to these cries by creating a privacy-oriented alternative to the data guzzler that is Google. In so doing, DuckDuckGo is tasked with the need to provide a feature that has become nearly synonymous with smart phones, and that is Maps. Google Maps for years has been the unchallenged, vaunted representation of Google’s data collection and mapping ability. Even Apple Maps has gained ground recently since its poor early days. Users have grown accustomed to data-rich offerings of the nearest location within the context of a map.

To keep up with these mapping apps, DuckDuckGo recently integrated Apple’s MapKit JS framework to provide more effective address searches, improved satellite imagery, and so on. Besides inheriting some of the tools that Apple provides to developers, DuckDuckGo used these tools to expand upon some of DuckDuckGo Map’s weaknesses. Some of these improvements that DuckDuckGo details in their blog post is map re-querying, local autocomplete, and a dedicated Maps tab that makes the maps feature more available.

Some may question how DuckDuckGo could take advantage of Apple’s mapping technology without sacrificing privacy. DuckDuckGo’s response to this concern is that they do not send IP addresses to Apple or other third parties. Localized searches are not stored and are deleted immediately after use. Technically, DuckDuckGo performs an approximation of location information using GEO:IP lookup, but this can be inaccurate on mobile networks. So, the search company asks the user to opt in to sharing their location with DuckDuckGo through your web browser which would then share their GPS location/cell tower location/ etc with DuckDuckGo. The problem here is that depending on the browser, opting in can compromise one’s privacy through no fault of DuckDuckGo. In short, if you want more accurate localized searches, you may have to compromise security, but the process is inherently anonymous due to the fact that DuckDuckGo does not store data in their server logs.

Though those faithful to Google Maps may scoff at these improvements, one cannot argue against the value of privacy. By shadowing some of Google’s valuable apps, DuckDuckGo can continue to coax more internet users to join their private platform while also informing uses of the rights they hold over their personal data. All with the goal of “setting a new standard of trust online.”

Please follow and like us:
0