Russian Tech Giant Yandex's Data Harvesting Raises Security Concerns (ft.com) 26
Russia's biggest internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country. From a report: The revelation relates to software created by Yandex that permits developers to create apps for devices running Apple's iOS and Google's Android, systems that run the vast majority of the world's smartphones. Yandex collects user data harvested from mobiles, before sending the information to servers in Russia. Researchers have raised concerns the same "metadata" may then be accessed by the Kremlin and used to track people through their mobiles. Researcher Zach Edwards first made the discovery regarding Yandex's code as part of an app auditing campaign for Me2B Alliance, a non-profit. Four independent experts ran tests for the Financial Times to verify his work.
Yandex has acknowledged its software collects "device, network and IP address" information that is stored "both in Finland and in Russia," but it called this data "non-personalised and very limited." It added: "Although theoretically possible, in practice it is extremely hard to identify users based solely on such information collected. Yandex definitely cannot do this." The revelations come at a critical time for Yandex, often referred to as "Russia's Google," which has long attempted to chart an independent path without falling foul of Russian president Vladimir Putin's desire for greater control of the internet. The company said it followed "a very strict" internal process when dealing with governments: "Any requests that fail to comply with all relevant procedural and legal requirements are turned down."
Yandex has acknowledged its software collects "device, network and IP address" information that is stored "both in Finland and in Russia," but it called this data "non-personalised and very limited." It added: "Although theoretically possible, in practice it is extremely hard to identify users based solely on such information collected. Yandex definitely cannot do this." The revelations come at a critical time for Yandex, often referred to as "Russia's Google," which has long attempted to chart an independent path without falling foul of Russian president Vladimir Putin's desire for greater control of the internet. The company said it followed "a very strict" internal process when dealing with governments: "Any requests that fail to comply with all relevant procedural and legal requirements are turned down."
Data Sucking. (Score:2)
I don't want to sound like a Russian shill, but how exactly is this *any* different from what literally every other search engine does? Only replace Russia with US/France/Ireland/Luxembourg and FBI/CIA/Interpol/RIAA..
I mean, I'd be utterly shocked if there's a search engine out there that doesn't do this.
Re: (Score:2)
There's a crapton of articles about privacy concerns about Microsoft products, google, Android devices, facebook, Apple, and their devices, and the likes in Western media. There's laws and regulations, and lawsuits, which the media also reports about.
For example type in "privacy" in
See, that's is one of the common things that make it whataboutism. It doesn't just employ a tu quoque type
Re: (Score:2)
Whataboutism implies that something isn't bad because someone else also does it/does it better/worse.
Non-news is just non-news. What I'm hoping is that the more 'news' shines spotlights on things "Russia Does", the more it also becomes apparent (again, as if Snowden wasn't enough), that a lot of that goes on in our supposedly free democracies as well :P
Sensationalist pieces about the enemy-du-jour just annoy me.
Re: (Score:2)
The implication that something "not any different" is done by "the other" parties already works at implying hypocrisy on the part of "the other" parties, deflecting the criticism back on them being hypocrites.
Besides of that I'm saying that this kind of "hope" is superfluous, because it's already all over the media that we're consuming here.
At this point, you may call people who don't see those
Re: (Score:2)
I don't want to sound like a Russian shill, but how exactly is this *any* different from what literally every other search engine does? Only replace Russia with US/France/Ireland/Luxembourg and FBI/CIA/Interpol/RIAA..
I mean, I'd be utterly shocked if there's a search engine out there that doesn't do this.
Russia has spent the last decade waging an escalating war (both literal and figurative) against freedom and Democracy.
Any data being sent to servers hosted in Russia is data potentially being used to further this war.
There are definite concerns with the data western govs gather from western companies. But I don't imagine that data is being used to locate and murder political dissidents, or to target Ukrainian soldiers defending their country.
Yandex raises concerns? (Score:2)
How about domestic threats? Don't Google, Microsoft or Facebook raise a few more concerns than Yandex?
I'm all for bashing Russia. But when the criticism is that lopsided, it really feels like propaganda. The fact is, you should be a lot more scared of the US big data giants than any Russian ones right now.
Re: (Score:2)
The fact is, you should be a lot more scared of the US big data giants than any Russian ones right now.
Sure, unless you're Ukrainian, in which case data gathered from phones running apps compromised in this way might conceivably be used to murder you right now. Or if you're one of Putin's political opponents, or even just a protestor, in which case same.
I myself am more worried about the US tech giants who are all known to be part of US government spying programs, but there are absolutely people in this world today who should be more concerned about Yandex.
Re: (Score:1)
Russians have an equivalent of a Stinger/Custom Femtocell on top of a MTLB chassis. One of them had a mechanical failure near Kiev during the early days of the campaign, got captured and there are some pretty good pics floating around the net. In addition to that all of their bigger drones carry the same equipment.
You do not need to go to all the way to Yandex servers and fetch info from there if you can hijack the mobile network locally. In fact, you can do much more and you can do it regardl
Re: (Score:2)
Re: (Score:2)
How about domestic threats? Don't Google, Microsoft or Facebook raise a few more concerns than Yandex?
Seeing as Russia has rockets and cruise missiles, the closest domestic threat would be Amazon. Use location services with their new "10-minute" Prime Delivery service at your own risk.
Re: (Score:2)
Agreed. Russia doesn't have jurisdiction over me so idgaf.
Re: (Score:2)
If Google were found blackmailing US politicians, it'd be subject to massive scrutiny and fines
It's not blackmailing them, it's paying them off. That's called lobbying. That particular flavor of corruption is legal in the US - the law being the best law money can buy in the US.
Re: (Score:2)
Well, Google, Microsoft, and Facebook are subject to US law.
Right, that's why they are part of spying programs like PRISM, which collects far and away more data from them than Yandex is collecting.
Re: (Score:2)
Probably the same data in roughly the same amounts, actually :P
Re: (Score:2)
Probably the same data in roughly the same amounts, actually :P
Yandex is accused of gathering metadata. PRISM is actually a program for gathering data. I'm sure Russia has equivalent programs in the nations they control, but that's far and away less territory with less people than what the US is monitoring, which can safely be presumed to include all of Five Eyes [wikipedia.org] just for a start.
Re: (Score:1)
How about domestic threats? Don't Google, Microsoft or Facebook raise a few more concerns than Yandex?
It's really not worth losing sleep over any of them, if you live in the USA. God forbid you might see a targeted ad.
If you live in a country where speaking ill of the leadership could have you waking up dead the next day, yeah - it matters. Here in the USA, the worst that happens is you might get "deplatformed" if you make a big enough TOS violating ass of yourself, and then you just go and start your own website to continue complaining about how your free speech was violated. [eye roll]
hah. hahah. hahahahaha (Score:1)
TURBULENT and TURMOIL.
enough said.
Uh yeah, like Facebook and others? (Score:2)
Forget government and stooges here, Facebook has been doing this longer to provide the old targeted ads scheme and to sell your information. This is no different than what others do with your "consent."
Sauce for the goose is sauce for the gander (Score:2)
Anybody who believes Yandex would drop trou and do whatever it's told by a Russian intelligence agency, but Google and Facebook wouldn't do exactly the same for a US intelligence agency is living in a dream world.
If you believe every social media company in the world would whore you out to any government in the world able to bring influence to bear on them, you're probably close to the truth.