Login

Register

Login

Register

#cybersecurity | #hackerspace |

Busted: Wacom Secretly Tracks How You Use Your Apps


Wacom drawing tablets track how you use programs on your Mac or PC. And the company continuously uploads the data to Google Analytics.

Without informed consent. That’s right: A glorified mouse driver sends sensitive data to Google, without you knowing.

Except now you do know. In today’s SB Blogwatch, we castigate and remediate.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: ST:TOS noises.


Naughty Pen People

What’s the craic, Catalin? Mister Cimpanu reports—“Wacom drawing tablets track every app you open”:

 Wacom’s official driver comes with a vague privacy policy that if accepted will begin tracking the apps a user opens. … All the data is collected using a Google Analytics account.

The good news is that accepting the Wacom driver’s privacy policy is not compulsory. Wacom users can decline. … Further, users who already installed the driver can opt out.

A Wacom spokesperson could not be reached for comment despite multiple attempts.

And Christian Zibreg adds—“Wacom graphics tablets … log every Mac app you open”:

 Wacom’s drawing tablets track the name of apps you open on your Mac along with the time and a string that could be used to identify you. … The problem is, this is all done without user consent.

While we expect to eventually hear an apology or some kind or a reasonable explanation from Wacom, this won’t change the fact that this … is unacceptable. The right way to do this would be to present the user with a prompt asking for their explicit permission.

This is yet another reminder that our digital lives are spied upon, with vast amount of data collected without our knowledge. It’s been proven over and over again that even benign data like apps you launch on your device can be paired with other sources to track or identify us.

Who discovered this heinous privacy fail? Robert Heaton did:

 I have a Wacom drawing tablet. … As part of installing its drivers I was asked to accept Wacom’s privacy policy. … “Why does a device that is essentially a mouse need a privacy policy?” I wondered.

The document was short and clear, although … it wasn’t entirely open about its more dubious intentions. [And it attempted] to look like the kind of compulsory agreement that must be accepted in order to unlock the product behind it.

To see what type of data Wacom was exfiltrating … I needed to snoop on the traffic that their driver was sending to Google. [So] I needed to persuade Wacom to send [the] traffic through Burp Suite.

I suspect that Wacom doesn’t really think that it’s acceptable to record the name of every application I open on my personal laptop. I suspect that this is why their privacy policy doesn’t really admit that this is what that they do.

Since Wacom’s privacy policy makes no mention of their intention to record the name of every application I open on my personal laptop, I’d argue that it doesn’t even give them the technical-fig-leaf right to do so. … I do understand that product developers like to have usage data in order to monitor and improve their offerings, [but] this doesn’t give them the right to take it.

**** you. … A device that is essentially a mouse has no legitimate reasons to make HTTP requests of any sort.

Would Wacom get away with it with GDPR? AmiMoJo says no: [You’re fired—Ed.]

 I just tried installing the Wacom driver. It presented the privacy policy which seems to [not] mention data collection.

It notices that you are in the EU and disables data collection, or at least I hope it does. It certainly doesn’t ask permission.

Coke or Pepsi? SasparillaFizz is effervescent with disappointment:

 Disappointing to see some weenie in the Wacom exec suite decided they should do this. … Should be opt-in only (doubt anyone would choose “let it tell Wacom every application I launch and when on my PC/Mac”).

Can this be fixed? BjornSM stalks deer:

 Elementary, my dear Watson. Tell LittleSnitch to not allow Wacom to connect with Google Analytics.

Problem solved.

Or nehumanuscrede offers this:

 If you’re running Windows 10, here’s how you opt out:
Start -> Wacom Tablet -> Wacom Desktop Center -> More (right side of window) -> Privacy Settings
From here it’s a simple matter to turn off the “Participate in the Wacom Experience Program.”

Wait. Pause. javiercero1 wonders if anyone really cares:

 In a world of iPads and MS Surface, Wacom is in legacy mode.

Meanwhile, a slightly sweary rldp calls it, “Wrong, Misleading, Fake News”:

 ****ty bundled software is ****ty bundled software. And ****ty bundled software does what ****ty bundled software does.

And Finally:

Don’t cross the streams

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Christelle Prieur (Pixabay)





Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW