Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
Kaspersky and Cloud Privacy
Message
<blockquote data-quote="MacDefender" data-source="post: 878471" data-attributes="member: 83059"><p>Yeah there's basically two different levels of trust that we're talking about here:</p><p></p><p>The first, the one I wanted to focus on here, they are just doing what you agreed to in the form of a privacy policy or terms and conditions. In this case, as we have learned in this thread, you often are giving your AV vendor permission to upload a lot of information (potentially personally identifiable) in order to help with their cloud based intelligence.</p><p></p><p>The second, is what if the vendor is doing something sneaky they're not even telling you about? That's a valid question, and I am sure this happens all the time, where governments compel companies to do certain things, usually for high value targets where respect for the justice system gets thrown out the window. That I don't have any good advice on -- it's technically possible, and if you distrust the company so much that you think they might do that, then of course, as [USER=79770]@The Cog in the Machine[/USER] said, the wise thing to do is don't use their software at all.</p><p></p><p>But even focusing on the first one, there's some interesting implications, such as:</p><ol> <li data-xf-list-type="ol">If Kaspersky wanted to figure out who MacDefender is, they have all the info they need. They have already collected samples of all of my proof of concept demos. They likely collected the paths that include my username and the Visual Studio directory structure that proves that I own the source code. That's tied to a unique ID that identifies me as the paying license holder. This is what likely happened for the NSA state sponsored malware case, and the ability for them to do this is spelled out clearly in their privacy policy.</li> <li data-xf-list-type="ol">In the USA, if a company owns this kind of records, they are legally required to respond to legal subpoenas for this information. Think of the times that FitBit data got used in murder trials, or Alexa voice recordings got used in court. Similarly, a court subpoena could easily ask "What URLs did MacDefender visit and what apps did he launch on this night?" if it's relevant to a case. As long as the company has a way of retrieving that data, they cannot easily turn down such a request.</li> </ol></blockquote><p></p>
[QUOTE="MacDefender, post: 878471, member: 83059"] Yeah there's basically two different levels of trust that we're talking about here: The first, the one I wanted to focus on here, they are just doing what you agreed to in the form of a privacy policy or terms and conditions. In this case, as we have learned in this thread, you often are giving your AV vendor permission to upload a lot of information (potentially personally identifiable) in order to help with their cloud based intelligence. The second, is what if the vendor is doing something sneaky they're not even telling you about? That's a valid question, and I am sure this happens all the time, where governments compel companies to do certain things, usually for high value targets where respect for the justice system gets thrown out the window. That I don't have any good advice on -- it's technically possible, and if you distrust the company so much that you think they might do that, then of course, as [USER=79770]@The Cog in the Machine[/USER] said, the wise thing to do is don't use their software at all. But even focusing on the first one, there's some interesting implications, such as: [LIST=1] [*]If Kaspersky wanted to figure out who MacDefender is, they have all the info they need. They have already collected samples of all of my proof of concept demos. They likely collected the paths that include my username and the Visual Studio directory structure that proves that I own the source code. That's tied to a unique ID that identifies me as the paying license holder. This is what likely happened for the NSA state sponsored malware case, and the ability for them to do this is spelled out clearly in their privacy policy. [*]In the USA, if a company owns this kind of records, they are legally required to respond to legal subpoenas for this information. Think of the times that FitBit data got used in murder trials, or Alexa voice recordings got used in court. Similarly, a court subpoena could easily ask "What URLs did MacDefender visit and what apps did he launch on this night?" if it's relevant to a case. As long as the company has a way of retrieving that data, they cannot easily turn down such a request. [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
