Keeping Kids’ Data Safe
This story is reminiscent of the toy manufacturer VTech’s breach, only with slightly older children. I’m talking about the teen-monitoring app known as TeenSafe, which was recently discovered to have a vulnerable server, exposing the personal information of thousands of its users. Many of these are, of course, teenagers. The app allows for parents or guardians to monitor their browser history, text messages, apps downloaded, and so on. Data stored on the exposed server included email addresses for both parents and children, as well as the name of the device used, user IDs and passwords.
The number of accounts affected totals around 10,000. Although this may not match in quantity such truly massive breaches as Anthem, Equifax or Yahoo, the involvement of minors should make it just as serious. Especially since TeenSafe sees fit to disable two-factor authentication in order for the app to work. Perhaps worst of all, despite TeenSafe claiming otherwise, the data was not encrypted, but stored in plaintext.
In my opinion this is a fairly egregious violation. Almost as much as Facebook’s alleged policy of collecting browsing behavior data from non-users, but not allowing you to access or clear that information without having a Facebook profile. This was one of the topics addressed—or more precisely, not addressed—during Mark Zuckerberg’s hearing before the European Parliament. It is a matter of some concern since it violates the terms of GDPR, whose arrival is now imminent. Of course, a number of Facebook users (and perhaps of these non-users as well) are also teenagers, which exposes them to risk far beyond what an application like TeenSafe can do. Zuckerberg’s “attempts to justify the surveillance of everyone’s browsing behavior, regardless whether he or she is a Facebook user or not, with security reasons is very unsettling as it reveals that he has no idea of the concept of privacy,” said Jean-Paul Schmetz, managing director at Cliqz.
The rest of the hearing saw similar testimony to Zuckerberg’s recent appearance before Congress: general stuff about the platform’s failure in certain areas pertaining to the Cambridge Analytica scandal, vows to improve, and the like.
If, however, practices like the ones that led to the scandal are not abandoned, these vows will prove empty. And the data of users old and young will continue to be abused, even without their cognizance.