Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy

Russian Tech Giant Yandex's Data Harvesting Raises Security Concerns (ft.com) 26

Russia's biggest internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country. From a report: The revelation relates to software created by Yandex that permits developers to create apps for devices running Apple's iOS and Google's Android, systems that run the vast majority of the world's smartphones. Yandex collects user data harvested from mobiles, before sending the information to servers in Russia. Researchers have raised concerns the same "metadata" may then be accessed by the Kremlin and used to track people through their mobiles. Researcher Zach Edwards first made the discovery regarding Yandex's code as part of an app auditing campaign for Me2B Alliance, a non-profit. Four independent experts ran tests for the Financial Times to verify his work.

Yandex has acknowledged its software collects "device, network and IP address" information that is stored "both in Finland and in Russia," but it called this data "non-personalised and very limited." It added: "Although theoretically possible, in practice it is extremely hard to identify users based solely on such information collected. Yandex definitely cannot do this." The revelations come at a critical time for Yandex, often referred to as "Russia's Google," which has long attempted to chart an independent path without falling foul of Russian president Vladimir Putin's desire for greater control of the internet. The company said it followed "a very strict" internal process when dealing with governments: "Any requests that fail to comply with all relevant procedural and legal requirements are turned down."

This discussion has been archived. No new comments can be posted.

Russian Tech Giant Yandex's Data Harvesting Raises Security Concerns

Comments Filter:
  • I don't want to sound like a Russian shill, but how exactly is this *any* different from what literally every other search engine does? Only replace Russia with US/France/Ireland/Luxembourg and FBI/CIA/Interpol/RIAA..

    I mean, I'd be utterly shocked if there's a search engine out there that doesn't do this.

    • by fazig ( 2909523 )
      Who's making the claim that this is "*any* different"?
      There's a crapton of articles about privacy concerns about Microsoft products, google, Android devices, facebook, Apple, and their devices, and the likes in Western media. There's laws and regulations, and lawsuits, which the media also reports about.
      For example type in "privacy" in /. own search and you'll get: https://slashdot.org/index2.pl... [slashdot.org]

      See, that's is one of the common things that make it whataboutism. It doesn't just employ a tu quoque type
      • by splutty ( 43475 )

        Whataboutism implies that something isn't bad because someone else also does it/does it better/worse.

        Non-news is just non-news. What I'm hoping is that the more 'news' shines spotlights on things "Russia Does", the more it also becomes apparent (again, as if Snowden wasn't enough), that a lot of that goes on in our supposedly free democracies as well :P

        Sensationalist pieces about the enemy-du-jour just annoy me.

        • by fazig ( 2909523 )
          Whataboutims in general is about relativism with the main goal to show that you're not worse in your actions.
          The implication that something "not any different" is done by "the other" parties already works at implying hypocrisy on the part of "the other" parties, deflecting the criticism back on them being hypocrites.


          Besides of that I'm saying that this kind of "hope" is superfluous, because it's already all over the media that we're consuming here.
          At this point, you may call people who don't see those
    • I don't want to sound like a Russian shill, but how exactly is this *any* different from what literally every other search engine does? Only replace Russia with US/France/Ireland/Luxembourg and FBI/CIA/Interpol/RIAA..

      I mean, I'd be utterly shocked if there's a search engine out there that doesn't do this.

      Russia has spent the last decade waging an escalating war (both literal and figurative) against freedom and Democracy.

      Any data being sent to servers hosted in Russia is data potentially being used to further this war.

      There are definite concerns with the data western govs gather from western companies. But I don't imagine that data is being used to locate and murder political dissidents, or to target Ukrainian soldiers defending their country.

  • How about domestic threats? Don't Google, Microsoft or Facebook raise a few more concerns than Yandex?

    I'm all for bashing Russia. But when the criticism is that lopsided, it really feels like propaganda. The fact is, you should be a lot more scared of the US big data giants than any Russian ones right now.

    • The fact is, you should be a lot more scared of the US big data giants than any Russian ones right now.

      Sure, unless you're Ukrainian, in which case data gathered from phones running apps compromised in this way might conceivably be used to murder you right now. Or if you're one of Putin's political opponents, or even just a protestor, in which case same.

      I myself am more worried about the US tech giants who are all known to be part of US government spying programs, but there are absolutely people in this world today who should be more concerned about Yandex.

      • Oh bollocks.

        Russians have an equivalent of a Stinger/Custom Femtocell on top of a MTLB chassis. One of them had a mechanical failure near Kiev during the early days of the campaign, got captured and there are some pretty good pics floating around the net. In addition to that all of their bigger drones carry the same equipment.

        You do not need to go to all the way to Yandex servers and fetch info from there if you can hijack the mobile network locally. In fact, you can do much more and you can do it regardl

        • In fact, both versions (land and drone) are integrated to the newer fire control systems on the Acacia, MSTA and the Pion and give direct coordinates to fire control. That was shown on one of the weapon expos - UAE IIRC.
    • How about domestic threats? Don't Google, Microsoft or Facebook raise a few more concerns than Yandex?

      Seeing as Russia has rockets and cruise missiles, the closest domestic threat would be Amazon. Use location services with their new "10-minute" Prime Delivery service at your own risk.

    • Agreed. Russia doesn't have jurisdiction over me so idgaf.

    • How about domestic threats? Don't Google, Microsoft or Facebook raise a few more concerns than Yandex?

      It's really not worth losing sleep over any of them, if you live in the USA. God forbid you might see a targeted ad.

      If you live in a country where speaking ill of the leadership could have you waking up dead the next day, yeah - it matters. Here in the USA, the worst that happens is you might get "deplatformed" if you make a big enough TOS violating ass of yourself, and then you just go and start your own website to continue complaining about how your free speech was violated. [eye roll]

  • TURBULENT and TURMOIL.

    enough said.

  • Forget government and stooges here, Facebook has been doing this longer to provide the old targeted ads scheme and to sell your information. This is no different than what others do with your "consent."

  • Anybody who believes Yandex would drop trou and do whatever it's told by a Russian intelligence agency, but Google and Facebook wouldn't do exactly the same for a US intelligence agency is living in a dream world.

    If you believe every social media company in the world would whore you out to any government in the world able to bring influence to bear on them, you're probably close to the truth.

After all is said and done, a hell of a lot more is said than done.

Working...