vpn

Auto Added by WPeMatico

Apple bans Facebook’s Research app that paid users for data

In the wake of TechCrunch’s investigation yesterday, Apple blocked Facebook’s Research VPN app before the social network could voluntarily shut it down. The Research app asked users for root network access to all data passing through their phone in exchange for $20 per month. Apple tells TechCrunch that yesterday evening it revoked the Enterprise Certificate that allows Facebook to distribute the Research app without going through the App Store.

TechCrunch had reported that Facebook was breaking Apple’s policy that the Enterprise system is only for distributing internal corporate apps to employees, not paid external testers. That was actually before Facebook released a statement last night saying that it had shut down the iOS version of the Research program without mentioning that it was forced by Apple to do so.

TechCrunch’s investigation discovered that Facebook has been quietly operated the Research program on iOS and Android since 2016, recently under the name Project Atlas. It recruited 13 to 35 year olds, 5 percent of which were teenagers, with ads on Instagram and Snapchat and paid them a monthly fee plus referral bonuses to install Facebook’s Research app, the included VPN app that routes traffic to Facebook, and to ‘Trust’ the company with root network access to their phone. That lets Facebook pull in a user’s web browsing activity, what apps are on their phone and how they use them, and even decrypt their encrypted traffic. Facebook went so far as to ask users to screenshot and submit their Amazon order history. Facebook uses all this data to track competitors, assess trends, and plan its product roadmap.

Facebook was forced to remove its similar Onavo Protect app in August last year after Apple changed its policies to prohibit the VPN app’s data collection practices. But Facebook never shut down the Research app with the same functionality it was running in parallel. In fact, TechCrunch commissioned security expert Will Strafach to dig into the Facebook Research app, and we found that it featured tons of similar code and references to Onavo Protect. That means Facebook was purposefully disobeying the spirit of Apple’s 2018 privacy policy change while also abusing the Enterprise Certificate program.

Sources tell us that Apple revoking Facebook’s Enterprise Certificate has broken all of the company’s legitimate employee-only apps. Those include pre-launch internal-testing versions of Facebook and Instagram, as well as the employee apps for coordinating office collaboration, commutes, seeing the day’s lunch schedule, and more. That’s causing mayhem at Facebook, disrupting their daily work flow and ability to do product development. We predicted yesterday that Apple could take this drastic step to punish Facebook much harder than just removing its Research app. The disruption will translate into a huge loss of productivity for Facebook’s 33,000 employees.

[Update: Facebook later confirmed to TechCrunch that its internal apps were broken by Apple’s punishment and that it’s in talks with Apple to try to resolve the issue and get their employee tools running again.]

For reference, Facebook’s main iOS app still functions normally. Also, you can’t get paid for installing Onavo Protect on Android, only for the Facebook Research app. And Facebook isn’t the only one violating Apple’s Enterprise Certificate policy, as TechCrunch discovered Google’s Screenwise Meter surveillance app breaks the rules too.

This morning, Apple informed us it had banned Facebook’s Research app yesterday before the social network seemingly pulled it voluntarily. Apple provided us with this strongly worded statement condemning the social network’s behavior:

“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

That comes in direct contradiction to Facebook’s initial response to our investigation. Facebook claimed it was in alignment with Apple’s Enterprise Certificate policy and that the program was no different than a focus group.

Seven hours later, a Facebook spokesperson said it was pulling its Research program from iOS without mentioning that Apple forced it to do so, and issued this statement disputing the characterization of our story:

“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

We refute those accusations by Facebook. As we wrote yesterday night, Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN. A small fraction of the users paid may have been teens, but we stand by the newsworthiness of its choice not to exclude minors from this data collection initiative.

Senator Mark Warner has since called on Facebook CEO Mark Zuckerberg to support legislation requiring individual informed consent for market research initiatives like Facebook Research. Meanwhile, Senator Richard Blumenthal issued a fierce statement that “Wiretapping teens is not research, and it should never be permissible.”

The situation will surely worsen the relationship between Facebook and Apple after years of mounting animosity between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices, and Zuckerberg has countered that it offers products for free for everyone rather than making products few can afford like Apple. Flared tensions could see Facebook receive less promotion in the App Store, fewer integrations into iOS, and more jabs from Cook. Meanwhile, the world sees Facebook as having been caught red-handed threatening user privacy and breaking Apple policy.

Powered by WPeMatico

Facebook pays teens to install VPN that spies on them

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms. Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits, and it has no plans to stop.

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.

We asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.

The strategy shows how far Facebook is willing to go and how much it’s willing to pay to protect its dominance — even at the risk of breaking the rules of Apple’s iOS platform on which it depends. Apple could seek to block Facebook from continuing to distribute its Research app, or even revoke it permission to offer employee-only apps, and the situation could further chill relations between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices. Facebook disobeying iOS policies to slurp up more information could become a new talking point. TechCrunch has spoken to Apple and it’s aware of the issue, but the company did not provide a statement before press time.

“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach tells us. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”

Facebook’s surveillance app

Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using. Internal documents acquired by Charlie Warzel and Ryan Mac of BuzzFeed News reveal that Facebook was able to leverage Onavo to learn that WhatsApp was sending more than twice as many messages per day as Facebook Messenger. Onavo allowed Facebook to spot WhatsApp’s meteoric rise and justify paying $19 billion to buy the chat startup in 2014. WhatsApp has since tripled its user base, demonstrating the power of Onavo’s foresight.

Over the years since, Onavo clued Facebook in to what apps to copy, features to build and flops to avoid. By 2018, Facebook was promoting the Onavo app in a Protect bookmark of the main Facebook app in hopes of scoring more users to snoop on. Facebook also launched the Onavo Bolt app that let you lock apps behind a passcode or fingerprint while it surveils you, but Facebook shut down the app the day it was discovered following privacy criticism. Onavo’s main app remains available on Google Play and has been installed more than 10 million times.

The backlash heated up after security expert Strafach detailed in March how Onavo Protect was reporting to Facebook when a user’s screen was on or off, and its Wi-Fi and cellular data usage in bytes even when the VPN was turned off. In June, Apple updated its developer policies to ban collecting data about usage of other apps or data that’s not necessary for an app to function. Apple proceeded to inform Facebook in August that Onavo Protect violated those data collection policies and that the social network needed to remove it from the App Store, which it did, Deepa Seetharaman of the WSJ reported.

But that didn’t stop Facebook’s data collection.

Project Atlas

TechCrunch recently received a tip that despite Onavo Protect being banished by Apple, Facebook was paying users to sideload a similar VPN app under the Facebook Research moniker from outside of the App Store. We investigated, and learned Facebook was working with three app beta testing services to distribute the Facebook Research app: BetaBound, uTest and Applause. Facebook began distributing the Research VPN app in 2016. It has been referred to as Project Atlas since at least mid-2018, around when backlash to Onavo Protect magnified and Apple instituted its new rules that prohibited Onavo. Facebook didn’t want to stop collecting data on people’s phone usage and so the Research program continued, in disregard for Apple banning Onavo Protect.

Ads (shown below) for the program run by uTest on Instagram and Snapchat sought teens 13-17 years old for a “paid social media research study.” The sign-up page for the Facebook Research program administered by Applause doesn’t mention Facebook, but seeks users “Age: 13-35 (parental consent required for ages 13-17).” If minors try to sign-up, they’re asked to get their parents’ permission with a form that reveal’s Facebook’s involvement and says “There are no known risks associated with the project, however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of apps. You will be compensated by Applause for your child’s participation.” For kids short on cash, the payments could coerce them to sell their privacy to Facebook.

The Applause site explains what data could be collected by the Facebook Research app (emphasis mine):

“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.”

Meanwhile, the BetaBound sign-up page with a URL ending in “Atlas” explains that “For $20 per month (via e-gift cards), you will install an app on your phone and let it run in the background.” It also offers $20 per friend you refer. That site also doesn’t initially mention Facebook, but the instruction manual for installing Facebook Research reveals the company’s involvement.

 

Facebook seems to have purposefully avoided TestFlight, Apple’s official beta testing system, which requires apps to be reviewed by Apple and is limited to 10,000 participants. Instead, the instruction manual reveals that users download the app from r.facebook-program.com and are told to install an Enterprise Developer Certificate and VPN and “Trust” Facebook with root access to their phone plus much of the data it transmits. Apple requires that developers agree to only use this certificate system for distributing internal corporate apps to their own employees. Randomly recruiting testers and paying them a monthly fee appears to violate the spirit of that rule.

Once installed, users just had to keep the VPN running and sending data to Facebook to get paid. The Applause-administered program requested that users screenshot their Amazon orders page. This data could potentially help Facebook tie browsing habits and usage of other apps with purchase preferences and behavior. That information could be harnessed to pinpoint ad targeting and understand which types of users buy what.

TechCrunch commissioned Strafach to analyze the Facebook Research app and find out where it was sending data. He confirmed that data is routed to “vpn-sjc1.v.facebook-program.com” that is associated with Onavo’s IP address, and that the facebook-program.com domain is registered to Facebook, according to MarkMonitor. The app can update itself without interacting with the App Store, and is linked to the email address PeopleJourney@fb.com. He also discovered that the Enterprise Certificate indicates Facebook renewed it on June 27th, 2018 — weeks after Apple announced its new rules that prohibited the similar Onavo Protect app.

“It is tricky to know what data Facebook is actually saving (without access to their servers). The only information that is knowable here is what access Facebook is capable of based on the code in the app. And it paints a very worrisome picture,” Strafach explains. “They might respond and claim to only actually retain/save very specific limited data, and that could be true, it really boils down to how much you trust Facebook’s word on it. The most charitable narrative of this situation would be that Facebook did not think too hard about the level of access they were granting to themselves . . . which is a startling level of carelessness in itself if that is the case.”

“Flagrant defiance of Apple’s rules”

In response to TechCrunch’s inquiry, a Facebook spokesperson confirmed it’s running the program to learn how people use their phones and other services. The spokesperson told us “Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.”

Facebook’s spokesperson claimed that the Facebook Research app was in line with Apple’s Enterprise Certificate program, but didn’t explain how in the face of evidence to the contrary. They said Facebook first launched its Research app program in 2016. They tried to liken the program to a focus group and said Nielsen and comScore run similar programs, yet neither of those ask people to install a VPN or provide root access. The spokesperson confirmed the Facebook Research program does recruit teens but also other age groups from around the world. They claimed that Onavo and Facebook Research are separate programs, but admitted the same team supports both as an explanation for why their code was so similar.

However, Facebook claim that it doesn’t violate Apple’s Enterprise Certificate policy is directly contradicted by the terms of that policy. Those include that developers “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing”. The policy also states that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers” unless under direct supervision of employees or on company premises. Given Facebook’s customers are using the Enterprise Certificate-powered app without supervision, it appears Facebook is in violation.

Facebook disobeying Apple so directly could hurt their relationship. “The code in this iOS app strongly indicates that it is simply a poorly re-branded build of the banned Onavo app, now using an Enterprise Certificate owned by Facebook in direct violation of Apple’s rules, allowing Facebook to distribute this app without Apple review to as many users as they want,” Strafach tells us. ONV prefixes and mentions of graph.onavo.com, “onavoApp://” and “onavoProtect://” custom URL schemes litter the app. “This is an egregious violation on many fronts, and I hope that Apple will act expeditiously in revoking the signing certificate to render the app inoperable.”

Facebook is particularly interested in what teens do on their phones as the demographic has increasingly abandoned the social network in favor of Snapchat, YouTube and Facebook’s acquisition Instagram. Insights into how popular with teens is Chinese video music app TikTok and meme sharing led Facebook to launch a clone called Lasso and begin developing a meme-browsing feature called LOL, TechCrunch first reported. But Facebook’s desire for data about teens riles critics at a time when the company has been battered in the press. Analysts on tomorrow’s Facebook earnings call should inquire about what other ways the company has to collect competitive intelligence.

Last year when Tim Cook was asked what he’d do in Mark Zuckerberg’s position in the wake of the Cambridge Analytica scandal, he said “I wouldn’t be in this situation . . . The truth is we could make a ton of money if we monetized our customer, if our customer was our product. We’ve elected not to do that.” Zuckerberg told Ezra Klein that he felt Cook’s comment was “extremely glib.”

Now it’s clear that even after Apple’s warnings and the removal of Onavo Protect, Facebook is still aggressively collecting data on its competitors via Apple’s iOS platform. “I have never seen such open and flagrant defiance of Apple’s rules by an App Store developer,” Strafach concluded. If Apple shuts the Research program down, Facebook will either have to invent new ways to surveil our behavior amidst a climate of privacy scrutiny, or be left in the dark.

Additional reporting by Zack Whittaker.

Powered by WPeMatico

AWS launches WorkLink to make accessing mobile intranet sites and web apps easier

If your company uses a VPN and/or a mobile device management service to give you access to its intranet and internal web apps, then you know how annoying those are. AWS today launched a new product, Amazon WorkLink,  that promises to make this process significantly easier.

WorkLink is a fully managed service that, for $5 per month and user, allows IT admins to give employees one-click access to internal sites, no matter whether they run on AWS or not.

After installing WorkLink on their phones, employees can then simply use their favorite browser to surf to an internal website (other solutions often force users to use a sub-par proprietary browser). WorkLink the goes to work, securely requests that site and — and that’s the smart part here — a secure WorkLink container converts the site into an interactive vector graphic and sends it back to the phone. Nothing is stored or cached on the phone and AWS says WorkLink knows nothing about personal device activity either. That also means when a device is lost or stolen, there’s no need to try to wipe it remotely because there’s simply no company data on it.

IT can either use a VPN to connect from an AWS Virtual Private Cloud to on-premise servers or use AWS Direct Connect to bypass a VPN solution. The service works with all SAML 2.0 identity providers (which is the majority of identity services used in the enterprise, including the likes of Okta and Ping Identity) and as a fully managed service, it handles scaling and updates in the background.

“When talking with customers, all of them expressed frustration that their workers don’t have an easy and secure way to access internal content, which means that their employees either waste time or don’t bother trying to access content that would make them more productive,” says Peter Hill, Vice President of Productivity Applications at AWS, in today’s announcement. “With Amazon WorkLink, we’re enabling greater workplace productivity for those outside the corporate firewall in a way that IT administrators and security teams are happy with and employees are willing to use.”

WorkLink will work with both Android and iOS, but for the time being, only the iOS app (iOS 12+) is available. For now, it also only works with Safar, with Chrome support coming in the next few weeks. The service is also only available in Europe and North America for now, with additional regions coming later this year.

For the time being, AWS’s cloud archrivals Google and Microsoft don’t offer any services that are quite comparable with WorkLink. Google offers its Cloud Identity-Aware Proxy as a VPN alternative and as part of its BeyondCorp program, though that has a very different focus, while Microsoft offers a number of more traditional mobile device management solutions.

Powered by WPeMatico

Google Fi now officially supports most Android devices and iPhones

Google is making a major move to expand the availability of its Fi wireless service.

It’s been a few years since Google launched Project Fi with the promise of doing things a bit differently than the large carriers. Because it could switch between the cell networks of multiple providers to give you the best signal, the service only ever officially supported a select number of handsets. You could always trick it by activating the service on a supported phone and then moving your SIM card to another (including an iPhone), but that was never supported.

That’s changing today, though. The company is opening up Fi — and renaming it to Google Fi — and officially expanding device support to most popular Android phones, as well as iPhones. Supported Android phones include devices from Samsung, LG, Motorola and OnePlus. iPhone support is currently in beta, and there are a few extra steps to set it up, but the Fi iOS app should now be available in the App Store.

One thing you might not get with many of the now-supported phones is the full Fi experience, with network switching and access to Google’s enhanced network features, including Google’s VPN network. For that, you’ll still need a Pixel phone, the Moto G6 or any other device that you can buy directly in the Fi store.

Fi on all phones comes with the usual features, like bill protection, free high-speed international roaming and support for group plans.

To sweeten the deal, Google is also launching a somewhat extraordinary promotion today: If you open a new Fi account — or if are an existing user — you can buy any phone in the Fi shop today and get your money back in the form of a travel gift card that you can use for a flight with Delta or Southwest, or lodging with Airbnb and Hotels.com. There’s some fine print, of course (you need to keep your account active for a few months, etc.), but if you were looking at getting Fi anyway, like to travel and want to get a Pixel 3 XL, that’s not a bad deal at all.

The fine print is below:

Travel on Fi with Any Device Purchase Promotion Terms (Google Fi)

Limited time, 24-hour offer applies to any qualifying device purchased from fi.google.com from 11/28/18 12:00 AM PT through 11/28/18 11:59 PM PT, or while supplies last. When you purchase a qualifying device on fi.google.com, you can redeem a travel gift card in the amount you paid for the device, excluding taxes (details below).

To qualify for this promotion, a device must be activated within 15 days of device shipment and remain active for 60 consecutive days within 75 days of device shipment. The device must be activated within the same plan that was used to purchase the device. Activation must be for full service (i.e., activation does not apply to a data-only SIM).

This offer is available for new Google Fi customers as of 11/28/18 12:00 AM PT and existing, active Google Fi customers. If the customer is new to Google Fi, the customer must transfer (port-in) their current personal number over to Google Fi during sign up. The number being transferred must be currently active and have been active with the previous carrier and the customer since 8/28/18 12:00 AM PT.

After the terms have been satisfied, the customer will receive an email from Google Fi (around 75 – 90 days after device activation) with instructions on how to obtain a gift card from Tango subject to Tango’s terms and conditions. The user can redeem gift card amounts with select travel partners: Airbnb, Delta Airlines, Hotels.com, and Southwest Airlines. Gift cards may also be subject to the terms of the travel partners.

If Fi service is paused for more than 7 days or cancelled within 120 days of activation, the value of the gift card will be charged to your Google Payments account to match the purchased price of the device. Limit one per person. This offer is only available for U.S. residents ages 18 and older, and requires Google Payments and Google Fi accounts. Unless otherwise stated, this offer cannot be combined with other offers. Offer and gift card redemption are not transferable, and are not valid for cash or cash equivalent. Void where prohibited.

Powered by WPeMatico

Google’s Project Fi gets an improved VPN service

Google’s Project Fi wireless service is getting a major update today that introduces an optional always-on VPN service and a smarter way to switch between Wi-Fi and cellular connections.

By default, Fi already uses a VPN service to protect users when they connect to the roughly two million supported Wi-Fi hotspots. Now, Google is expanding this to cellular connections, as well. “When you enable our enhanced network, all of your mobile and Wi-Fi traffic will be encrypted and securely sent through our virtual private network (VPN) on every network you connect to, so you’ll have the peace of mind of knowing that others can’t see your online activity,” the team writes in today’s announcement.

Google notes that the VPN also shields all of your traffic from Google itself and that it isn’t tied to your Google account or phone number.

The VPN is part of what Google calls its “enhanced network” and the second part of this announcement is that this network now also allows for a faster switch between Wi-Fi and mobile networks. When you enable this — and both of these features are currently in beta and only available on Fi-compatible phones that run Android Pie — your phone will automatically detect when your Wi-Fi connection gets weaker and fill in those gaps with cellular data. The company says that in its testing, this new system reduces a user’s time without a working connection by up to 40 percent.

These new features will start rolling out to Fi users later this week. They are off by default, so you’ll have to head to the Fi Network Tools in the Project Fi app and turn them on to get started. One thing to keep in mind here: Google says your data usage will likely increase by about 10 percent when you use the VPN.

Powered by WPeMatico

Google expands its identity management portfolio for businesses and developers

Over the course of the last year, Google has launched a number of services that bring to other companies the same BeyondCorp model for managing access to a company’s apps and data without a VPN that it uses internally. Google’s flagship product for this is Cloud Identity, which is essentially Google’s BeyondCorp, but packaged for other businesses.

Today, at its Cloud Next event in London, it’s expanding this portfolio of Cloud Identity services with three new products and features that enable developers to adopt this way of thinking about identity and access for their own apps and that make it easier for enterprises to adopt Cloud Identity and make it work with their existing solutions.

The highlight of today’s announcements, though, is Cloud Identity for Customers and Partners, which is now in beta. While Cloud Identity is very much meant for employees at a larger company, this new product allows developers to build into their own applications the same kind of identity and access management services.

“Cloud Identity is how we protect our employees and you protect your workforce,” Karthik Lakshminarayanan, Google’s product management director for Cloud Identity, said in a press briefing ahead of the announcement. “But what we’re increasingly finding is that developers are building applications and are also having to deal with identity and access management. So if you’re building an application, you might be thinking about accepting usernames and passwords, or you might be thinking about accepting social media as an authentication mechanism.”

This new service allows developers to build in multiple ways of authenticating the user, including through email and password, Twitter, Facebook, their phones, SAML, OIDC and others. Google then handles all of that authentication work. Google will offer both client-side (web, iOS and Android) and server-side SDKs (with support for Node.ja, Java, Python and other languages).

“They no longer have to worry about getting hacked and their passwords and their user credentials getting compromised,” added Lakshminarayanan, “They can now leave that to Google and the exact same scale that we have, the security that we have, the reliability that we have — that we are using to protect employees in the cloud — can now be used to protect that developer’s applications.”

In addition to Cloud Identity for Customers and Partners, Google is also launching a new feature for the existing Cloud Identity service, which brings support for traditional LDAP-based applications and IT services like VPNs to Cloud Identity. This feature is, in many ways, an acknowledgment that most enterprises can’t simply turn on a new security paradigm like BeyondCorp/Cloud Identity. With support for secure LDAP, these companies can still make it easy for their employees to connect to these legacy applications while still using Cloud Identity.

“As much as Google loves the cloud, a mantra that Google has is ‘let’s meet customers where they are.’ We know that customers are embracing the cloud, but we also know that they have a massive, massive footprint of traditional applications,” Lakshminarayanan explained. He noted that most enterprises today run two solutions: one that provides access to their on-premise applications and another that provides the same services for their cloud applications. Cloud Identity now natively supports access to many of these legacy applications, including Aruba Networks (HPE), Itopia, JAMF, Jenkins (Cloudbees), OpenVPN, Papercut, pfSense (Netgate), Puppet, Sophos and Splunk. Indeed, as Google notes, virtually any application that supports LDAP over SSL can work with this new service.

Finally, the third new feature Google is launching today is context-aware access for those enterprises that already use its Cloud Identity-Aware Proxy (yes, those names are all a mouthful). The idea here is to help enterprises provide access to cloud resources based on the identity of the user and the context of the request — all without using a VPN. That’s pretty much the promise of BeyondCorp in a nutshell, and this implementation, which is now in beta, allows businesses to manage access based on the user’s identity and a device’s location and its security status, for example. Using this new service, IT managers could restrict access to one of their apps to users in a specific country, for example.

 

Powered by WPeMatico

AnchorFree, maker of Hotspot Shield, raises $295 million in new funding

AnchorFree, a maker of a popular virtual private networking app, has raised $295 million in a new round of funding, the company announced Wednesday.

The Redwood City, Calif.-based app maker’s flagship app Hotspot Shield ranks as one of the most popular VPN apps on the market. The app, based on a freemium model, allows users across the world tunnel their internet connections through AnchorFree’s servers, which masks users’ browsing histories from their internet providers and allows those under oppressive regimes evade state-level censorship.

The app has 650 million users in 190 countries, the company said, and also has a business-focused offering.

The funding was led by WndrCo, a holding company focusing on consumer tech businesses, in addition to Accel Partners, 8VC, SignalFire, and Green Bay Ventures, among others.

“The WndrCo team brings deep operational experience in launching and scaling global tech products, and we look forward to working closely with them in pursuit of our mission to provide secure access to the world’s information for every person on the planet,” said AnchorFree’s chief executive David Gorodyansky in remarks.

The news was first reported by The New York Times.

Powered by WPeMatico

Wickr teams up with Psiphon to ensure your packets arrive safely no matter where you are

Encrypted collaboration app Wickr has added a feather to its cap with a partnership with Psiphon, provider of smart VPN tools. Wickr will use Psiphon’s tech to guarantee your packets get where they need to go regardless of whether you’re at home, at a cafe with bad Wi-Fi or at a cafe with bad Wi-Fi in China.

The idea is that the user shouldn’t have to be auditing their own connection to be sure their apps will work properly. That can be a matter of safety, such as a poorly secured access point; connectivity, such as one where certain ports or apps are inoperable; or censorship, like requesting data from a service banned in the country you’re visiting.

Wickr already encrypts all your traffic, so there are no worries on that account, but if the connection you’re using were to block video calls or certain traffic patterns, there’s not much the company can do about that.

Psiphon, however, is in the business of circumventing deliberate or accidental blockages with a suite of tools that analyze the network and attempt to find a way to patch you through. Whether that’s anonymizing your traffic, bouncing it off non-blocked servers, doing automatic port forwarding or some other method, the idea is the packets get through one way or another.

There’s a cost in latency and throughput, of course, but while that may matter for online gaming or video streaming, it’s far less important for something like uploading an image, chatting with colleagues and the other functions Wickr provides. At all events you can turn the feature on or off at will.

There will be a monetary cost too, of course, in the form of premiums added to paid plans. Enterprise customers will be the first to receive the Psiphon-powered traffic handling, today in fact, and the feature will then trickle its way down to other paid users and free users over the next few weeks.

Powered by WPeMatico

Cloudflare Access aims to replace corporate VPNs

 If you’re part of a big company, chances are that there are resources that are only available via the internal network, or whatever your company calls it. The usual way to access these from outside company property is a VPN, but VPNs are a clumsy solution — one companies like Google and Amazon are leaving behind. Now Cloudflare wants you to do the same and use its new Access… Read More

Powered by WPeMatico

Cloudflare expands into mobile performance with Neumob acquisition

 Cloudflare made a significant acquisition today when it acquired mobile VPN startup, Neumob. The purchase gives Cloudflare a mobile performance tool it was lacking, and a road to its first direct to consumer product. The company did not reveal the purchase price.
Neumob, which had raised close to $11 million, was founded in 2015 to give users a faster mobile VPN experience that purports to… Read More

Powered by WPeMatico