privacy

Security Guards use CCTVs to stalk women, zoom on them, capture and save intimate pictures of shoppers in a high end shopping mall in Australia

They are stationed on the CCTV panel to protect the shoppers from untoward risks like terrorist attacks, theft etc. and assist the authorities, instead they are stalking the women shoppers and capturing their images in unwanted poses at the Westfield Sydney Shopping Complex in Australia.

This shocking news was reported by a Australian current affairs TV Show NineMSN. The shows reported how a  group of up to five security guards posted at the CCTV panel to monitor the activities in mall were using surveillance cameras to follow attractive women in the mall, zoom in on them and capture pretty unsavoury  images which the security guards saved in the computers.

The show also reported that the security guards had saved the images in a separate folder with a NSFW name and contained more than 1,500 pictures of women shoppers neatly categorised by their characteristics like blonde, Asian etc.

The CCTV was manned by the personnel supplied by SecureCorp according to the report.

The Westfield Sydney is a high end mall and one of the busiest ones in Australia. It has over 30 security guards watching over the six floors of the shopping complex including the 5 guards mentioned above, to man the CCTV panel.

A former security guard of SecureCorp stated that this has been going on for years and is a common practice. “Zooming in if girls were sitting down with short skirts, they’d zoom in between their legs,” he said, adding that the save images were often taken home and shared by the security guards.

The report has drawn ire from shoppers and online readers alike for both its crudeness and invasion of privacy of shoppers. The management of the shopping mall had demanded an investigation into the issue from SecureCorp.  In turn, SecureCorp has stated that they have initiated an investigation and the employees found guilty of breach of privacy will be adequately penalised.

Australian laws also provide specific legislations for CCTV operations and the security guards involved in the unsavoury image trade may be sentenced to prison time. However what will SecureCorp or the management of Westfield Sydney do if the images of innocent and unaware shoppers captured by the guards spring up on popular image boarding sites like 4Chan, Imgur and Instagram?

Google’s Voice Search Extension (beta) captures your query and some more and relays it back to Google

Privacy Alert, it seems Samsung SmartTV’s are not the only spies lurking in our homes and offices, Google’s voice search features seems to be another culprit.

Google has a voice search feature “OK Google” in Google Search page; Yes, just by enabling “OK Google” and “voicing your search” i.e speaking it aloud, you can easily get it on Google.

This is a hands free feature and can be used for lot more things than only searching which includes getting reminders and also directions. User would need microphone attached to their gadgets. The feature is easily activated on all the smart phones, desktop, laptops.

User just needs to install the Google Voice Search Hotword (Beta) extension. To activate this extension user needs to add the “Google Voice Search”  from the Chrome Web store; this is a free service. Once this gets added to the Google chrome user needs to enable the “OK Google” by going in the settings. Now the microphone starts capturing the sound of the required search and converts this to text and sends it to Google; lo and behold you get the answer to your query. So far so good! but wait there seems to be an privacy issue.

The main hitch here is that microphone would capture a few seconds prior to actual query and send the same to Google. So if this sound contains any personal or sensitive information it will not be able to distinguish and it will send every sound that it captured right from the time the microphone has been activated till the deactivation of microphone.

If user wants a complete hands free then the microphone needs to be activated always. However, it would mean that all the sound that is being generated by the user including private and intimate convos are being captured and sent to Google.

And if user deactivates the microphone then user would still needs to click a button for activating the microphone prior to voicing the search. Hence its still a question as to how feasible would this be because its not yet clear as to how much data will be recorded prior to actual query, in case the microphone is always on “ON” mode.

The “OK Google” feature reminds us of Samsung Smart TV with the feature of Voice instructions wherein the voice command gets converted to text by some device installed within the smart TV and this is sent to third party to decode the text and obey the required command. Same issue occurred here,  sounds other than the instructions would be captured and sent to third party which is actually irrelevant and also may contain any sensitive or personal information. Even disabling the Voice recognition feature would not help as the device was smart enough to recognize the voice command. Besides, detaching the Smart TV from wireless network would mean it lost its original purpose.

Having said that, Google’s new beta feature of “OK Google” with is very useful for a user who has lost his/her hands (amputee) due to some unfortunate reason.  The drawbacks might just fade away because of the advantages this feature has.  However if you are a privacy conscious person, it always takes that extra bit to be very careful.

DroidStealth, an Android App to securely store data with encryption

Security researchers based in the Netherlands have developed an Android App which can store data and hide it by encrypting it thus making it impossible for non users to find it.  Called DroidStealth, the App can be boon to both the good civil society and the cyber criminals.

Technology can be a veto as in the case of development of a new Android App that is proving to be a blessing to the people in a tyrant nation with censorship problems as well as those who are against the law like the suppliers of drugs and the rebels. These people usually look for methods to escape security checks or investigation from the crime squad and government authorities.

DroidStealth helps to safely hide all the private data which user does not want to be seen by anyone, using the correct PIN access code. The data could be some secret data or sensitive data which is concealed using secret codes and can be even hidden from other applications within the Android phone. The data is further hidden in a very complicated manner so that is will be very difficult for  others to decode it. So this is actually a new method of saving data from other applications within the same phone.

Furthermore, the application has an added benefit that not only can it easily secure the data; it can also be shared between two Android phones using  Bluetooth, WiFi, Android beam. Data is saved into secret code by using the Fast Cryptographic Operations for Android. Due to this complex method of securing the data it is very difficult for the any prying user to capture this data. The Android stealth application very smartly uses the dialer phone number for decoding the data when required and also cannot be seen in the dialed list as this number is directly used by the application to decode hence during general inspection of these rebels the Android Stealth helps them to easily escape the scrutiny.

The application is stored in itinerant (secretive) mode, it can be named in a friendly way due to which it is difficult to make out that is has the secret data stored. Also this application is not found under the normal downloaded app list. It is very user friendly and has many features also like sharing data from one phone to another; from one application to another within  same phone; it provides notification to the user if any of the secret files are left unlocked; it can be kept out of the running process list when not in use; it does not pop up in the recent visited list.

Certain drawbacks of this application would be: coding and decoding of the data is within the app, uninstalling of the app may lead to deletion of all the data, low memory of the phone might lead to force quitting of the application and this might lead to loss of the data. One main drawback is that the App will encrypt the data using Facebook’s Conceal API.

One other major drawback is that if the application is under decode mode by the user and it gets in the hands of investigation then it would be difficult for them to secure the details from officials.

Truly an awesome technology if used in right way can be useful for humanity and if not then can cause disaster.  You can become a part of the DroidStealth community on by joining on their GitHub page here. Since the developers have not released the App on Google Play, you will have to make do with a untrusted APK version of the App. The APK is available as an unaligned version here while the nomadic versions are available throughout the internet.

The Facebook project known as Deep Face can decern the accuracy of the true identity of any picture of you. DeepFace AI system is now powerful enough to spot users in the 400 million photos uploaded to the social network every single day.

Facebook is claiming good intentions with the Deep Face program. Facebook claims that instead of tagging users in embarrassing and incriminating photos without their permission, users will be able to first see the photos they are appearing in and then have the choice to blur out their faces.

The Deep Face program works for strangers’ pictures as well as ones from friends, but users can only see the identities of people they already know.

But with good or bad intentions, Facebook holds all the cards and will still be able to identify you in any picture and hold on to that very valuable personal data. Additionally, other entities who are researching similar technology specifically the government and private companies such as Google may very well have access to this data as well.

The technology behind Deep Face is actually very intriguing. With the ability to read features in a variety of lighting conditions and angles the way human eyes are able to, Deep Face uses an algorithmic technique called “Deep Learning”. By drawing on constants from an existing image data, the program is able to learn to recognize pixel patterns in new faces and become more accurate in identifying people’s faces. The algorithm improves itself, and is able to analyze faces as eyes, mouths, and ears instead of pixels and use that data to guess when the same faces show up in vastly different kinds of pictures..

At the end of the day, has its hands full with convincing people to believe it is not nefarious with its intentions with Deep Face. How they go about this will be interesting and should be watched carefully.

Samsung Smart TV a listening post?

It seems Samsung’s Smart TV is becoming more smarter while watching and listening you, which can be further used to be send to third parties.

Imagine, you are watching TV on your Samsung SmartTV comfortably with your loved ones, enjoying popcorn and private talks with your friends or family not thinking of that your Smart TV is actually trying to be smarter than you and watching and listening you as you are watching it.

Its true, Your Samsung SmartTV is watching and listening you, sending your words to third parties.

What Samsung says is that it is a part of Voice Recognition, Gesture Controls and Facial Recognition technology, collecting and sending your voice data or pictures/ images will help it to further improve the service. The privacy policy posted on Samsung website says thus,

“If you enable Voice Recognition, you can interact with your Smart TV using your voice. To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you. In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.

Please visit the applicable settings menu to delete the stored image. While your image will be stored locally, Samsung may take note of the fact that you have set up the feature and collect information about when and how the feature is used so that we can evaluate the performance of this feature and improve it.”

Samsung has given the users the right to opt out of these feature if he wants total privacy. Samsung allows the user to disable these features at any time, though what is unacceptable is that Samsung did not mention anything on the Privacy practices of the third party associates with which it will be sharing your data.

Also, what matters is that how much knowledge about you is being made available to its third party customer by Samsung.

Did you know about it? We bet you didnt!

Facebook is making users sign up for new privacy policy that allows it to track users everywhere on the Internet

This is really bad news for privacy lovers.  Facebook has just updated its privacy policy which allows Facebook to track you, the Facebook user activity even after you have left Facebook website to surf other pages. And more over you have already agreed to it without realizing it.

Facebooks new policy allows it to gather data about you, from across the internet. This is in addition to the normal data it generally gathers when you post something or add friends to your network.  The new privacy policy has such provisions that, Facebook now pass this information with its subsidiaries like WhatsApp and Instagram.

Readers may not know that Facebook had already announced the new privacy policy last November but it is being implemented from Friday.  You may be surprised as to why Facebook did not notify you, but it so happens that you are deemed to have agreed to the new policy once you log into Facebook.

Facebook management says that the new policy will help it tabulate data which can be used to serve precision adverts to the users and avoid serving unwanted information to them.

The saving grace is that you can opt out for some parts of the new policy by customising privacy settings. You can visit Facebook website settings page here and opt out of advertising that is shown on third party sites or is selected by comparing you with your friends.

If you want to opt out of Facebook tracking your use when you are not on Facebook, you can opt out by visiting individual pages listed in the privacy settings page for respective countries.

Facebook says that users can do so even from their mobile and tablet screens and the settings is will be treated as same across the board.

A TRUSTe report shows that 45 Percent Of Americans Think Online Privacy Is More Important Than National Security

The latest edition of the annual TRUSTe Consumer Confidence Index shows that online privacy is a very important issue for Americans. With a statement of ‘Personal online privacy is not as important as national security’, 45 percent disagreed. With online trust at a three year low, the impact of businesses is significant increase of 77 percent moderating their online behavior over the last 12 months due to privacy concerns.

38 percent of of companies are concerned with sharing personal data with other companies over the 36 percent of companies that worry about online security threats such as the Heartbleed bug while 28 percent are concerned with Government surveillance through programs such as the NSA’s PRISM

Last week, President Obama announced a package of measures in his State of the Union address to enhance consumers’ security and improve privacy online.

The details behind the statistics of TRUSTe 2015 US Consumer Confidence Privacy Index are based on data from two online surveys conducted by Ipsos with around 1,000 US Internet users between November 28 and January 15 and is released to coincide with Data Privacy Day .

With full findings to be presented during the first exclusive Round table event of the TRUSTe Privacy Insight Series in San Francisco CA.

FBI Used Metasploit Hacking Tool in ‘Operation Torpedo’ to unmask pedophiles but in the process unmasked normal Tor users

You may have read a report doing round over internet that the Federal Bureau of Investigation (FBI) of United States used the  favourite application of white hat hackers (and even black hat ones) and security researchers called  Metasploit to unmask pedophiles lurking on the dark web.  FBI used Metasploit in “Operation Tornado” in 2012 to find evidence against the accused, Aaron McGrath, a Nebraska man who was held responsible for hosting the three pedophile websites.

McGrath illegal sites were hosted on onion url and could only be viewed  by using Tor or other anonymising browsers.  Tor anonymiser network is preferred by not only human rights workers, activists, journalists, and whistleblowers but also millions of normal web users who would like to remain anonymous and not have their traffic snooped upon by anybody. FBI conveniently seemed have forgotten this fact that Tor is used by many people who like anonymity as a matter of practice and were in no way connected to McGrath and his cronies. FBI obtained the permission of a federal magistrate to infect all visitors to those websites with malware which in turn exposed the IP addresses of normal Tor users.

According to Wired, this is the first recorded incident in which the FBI has targeted all visitors to a website instead of using code against a particular suspect. Operation Tornado turned out to a successful one for FBI with arrests of over 14 individuals.  FBI had used a proof-of-concept Metasploit Decloaking Engine which is made up of  five different tricks customers could use to break through anonymization systems.  Out the five, FBI used a 35-line Adobe Flash application to initiate a direct connection with users over the web, thereby bypassing Tor and revealing their true IP addresses.

It was able to arrest McGrath and his cronies for hosting illegal websites but in the process it also exposed hundreds of Tor user IPs which were in now way connected with illegal websites. Ethically exploiting a flash script to expose hundreds of Tor users who prefer anonymity, to pin few individuals seems unjustified.

After the Wired report, many users took strong objection to the FBI strong arm tactics of infecting hundreds of Tor users to hunt for few real criminals.  One of the sites which has many such comments is Schneier where many users commented against the FBI’s illegal snooping on Tor users though many supported FBI given that the purpose was to hunt down pedophiles.  Some of the select comments are reproduced below.

Tim • December 17, 2014 8:10 AM
The article mentions multiple times how Tor is important because it’s used by human rights workers, activists, journalists, and whistleblowers… but fails to mention that it’s also used by normal people who wish to not have their traffic snooped. Given that you’ve argued that privacy is not about hiding things (https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html), it surprises me that you would share an article that seems to accept that privacy is only about hiding.

Bob S. • December 17, 2014 8:58 AM
What I got from the article is the government is doing warrantless, illegal to civilians, hacking and cracking of TOR to gather evidence for the enemy du jour which would cause anyone else to get sent to prison for a long time.

As an aside, who would have known cracking TOR was as easy as using an open source probe app? Wow, the credibility of TOR developers sure seems in question then. (Or, maybe not.)

Well, since the Intelligence Authorization Act Passed allowing NSA et all to “collect it all” by act of Congress, we are all suspected enemies of the state so I guess we should just sit around until they come get us for some as yet un-promulgated crime. (Or, not)

Daniel • December 17, 2014 1:06 PM
@ Tim, @Bob S.

I see both sides of this. The contrast the article sets up is between “pedophiles” on one hand and “human rights journalists” on the other hand. I agree with Tim that this is a false dichotomy and one that we all should be worried about; repeat an assumption long enough and people become conditioned to accepting it as true. However, I also agree with Bob S that the point of the article is about how the FBI exploits Tor and this too is worth people’s attention.

@jggimi

Yes, but that isn’t the real point of the article either. The real point is in the last paragraph. If one is a Tor user who needs Tor for high security purposes (regardless of whether those purposes are viewed as good or bad by society) the question then becomes whether or not one thinks he can win an arms race against the FBI or any other government security agency? Too many people get hung up on the whole “pedo” issue overlooking two critical facts: (1) if the FBI can do it any skilled organization can and (2) what they FBI can do to pedos they can do to anyone else they happen to dislike or want information from.

Gweihir • December 17, 2014 5:58 PM
This shows two things

1) TOR still works and is very hard to compromise.

2) The user can always break security by doing stupid things, often things the user has been warned explicitly not to do. (For the 2013 attack, that was browsing with an old version.)

All in all, not a surprise. What is also not a surprise is that the FBI resorts to things than in any working legal system are reserved for intelligence agencies and are criminal to use for LEO except when they have a specific warrant for specific targets. One of the characteristics of a totalitarian system is that the law is applied only against citizens, but has become irrelevant for law enforcement. Is is then used not as a tool of “justice” (which it basically never was, but it is a nice cover story), but as a weapon against the population.

Nick P • December 17, 2014 8:40 PM
@ HomerJ

That’s actually what I proposed. I had two different models. The centralized model meant you weren’t anonymous to the service provider (eg Anonymizer). They just used strong mechanisms to make you anonymous to everyone else. If a warrant is provided, they give over the data. Their own activities and systems are independently audited by mutually suspicious parties. Any accesses also generate audit logs that can be checked later on.

I also proposed a decentralized model with features akin to a discussion board or stackoverflow. The content is hosted on something akin to hidden services with an identifier. The police can suggest they be deanonymized. The users, a number of appointed people, or some other such social structure can all vote on whether to deanonymize the link. If they vote, the protocol will do so. Otherwise, it won’t. This is still pretty close to Tor, might even use most of its protocol, allows some lawful intercept, and reduces risk of censorship. It also discourages use of network for such content.

Honestly, I think the best thing would be for academics interested in anonymity schemes to put some effort into stuff like this. There’s going to be a constant battle between authorities and privacy lovers over anonymity technology. It will be much easier to swing courts toward privacy by default if we have a believable way to ID and/or eject crooks. It’s worth putting research into.

We can continue arguing whether what FBI did was right or wrong in exposing Tor users but FBI continued to use the information from this infection to crack Tor on many other  occasions. In 2013, the FBI launched a similar malware attack against Freedom Hosting, which maintains the servers for a number of well-known Tor websites.  In Freedom Hosting operation, FBI even succeeded in revealing visitors MAC addresses in addition to the IP addresses.

Another of FBI successful operations in recent times is Operation Onymous which helped it shut down Silk Road 2.0 and other illegal Tor websites like  Topix and Cloud 9 and arrest 17 people including  Blake Benthal, the owner and operator of Silk Road 2.0.

What is your opinion about FBI using wholesale malware injection process to find a few criminals, do comment and let us know.

Update: Flash script was used to decloak visitors, not an exploit, as pointed out by Metasploit Founder HD Moore

https://twitter.com/hdmoore/status/545636708591468544

Gods View Tool at work, Uber’s Android app caught reporting data back without permission.

Uber’s Android App is reporting your entire personal data including your present location back to the men behind the Uber terminals at base.  Security researcher GironSec has researched the Uber’s Android app apart and discovered that it’s sending a whole lot of personal data back to Uber.  The data which is being reported includes your call logs, the type Apps your smartphone /tablet has installed and your SMS and MMS logs.  The Ubers Gods View Tool also can identify whether your phone is vulnerable to certain malware, whether your phone is rooted and is reporting the same back to base.  All this is being done when Uber doesnt have your explicit permission to do so. 

GironSec has illustrated how Uber is reporting all this user confidential data back to the base.  He has decompiled the code of the Uber Android app and found it to be collecting and sending the following information back to Uber:

Accounts log (Email)
App Activity (Name, PackageName, Process Number of activity, Processed id)
App Data Usage (Cache size, code size, data size, name, package name)
App Install (installed at, name, package name, unknown sources enabled, version code, version name)
Battery (health, level, plugged, present, scale, status, technology, temperature, voltage)
Device Info (board, brand, build version, cell number, device, device type, display, fingerprint, ip, mac address, manufacturer, model, os platform, product, sdk code, total disk space, unknown sources enabled)
GPS (accuracy, altitude, latitude, longitude, provider, speed)
MMS (from number, mms at, mmss type, service number, to number)
NetData (bytes received, bytes sent, connection type, interface type)
PhoneCall (call duration, called at, from number, phone call type, to number)
SMS (from number, service number, sms at, sms type, to number)
TelephonyInfo (cell tower id, cell tower latitude, cell tower longitude, imei, iso country code, local area code, meid, mobile country code, mobile network code, network name, network type, phone type, sim serial number, sim state, subscriber id)
WifiConnection (bssid, ip, linkspeed, macaddr, networkid, rssi, ssid)
WifiNeighbors (bssid, capabilities, frequency, level, ssid)
Root Check (root staus code, root status reason code, root version, sig file version)
Malware Info (algorithm confidence, app list, found malware, malware sdk version, package list, reason code, service list, sigfile version)

GironSec’s research concludes that it uses following permissions with your permission

<uses-permission android:name=”android.permission.ACCESS_COARSE_LOCATION”>
</uses-permission>
<uses-permission android:name=”android.permission.ACCESS_FINE_LOCATION”>
</uses-permission>
<uses-permission android:name=”android.permission.ACCESS_NETWORK_STATE”>
</uses-permission>
<uses-permission android:name=”android.permission.ACCESS_WIFI_STATE”>
</uses-permission>
<uses-permission android:name=”android.permission.CALL_PHONE”>
</uses-permission>
<uses-permission android:name=”android.permission.CAMERA”>
</uses-permission>
<uses-permission android:name=”android.permission.GET_ACCOUNTS”>
</uses-permission>
<uses-permission android:name=”android.permission.INTERNET”>
</uses-permission>
<uses-permission android:name=”android.permission.MANAGE_ACCOUNTS”>
</uses-permission>
<uses-permission android:name=”android.permission.READ_CONTACTS”>
</uses-permission>
<uses-permission android:name=”android.permission.READ_PHONE_STATE”>
</uses-permission>
<uses-permission android:name=”android.permission.USE_CREDENTIALS”>
</uses-permission>
<uses-permission android:name=”android.permission.VIBRATE”>
</uses-permission>
<uses-permission android:name=”android.permission.WRITE_SETTINGS”>
</uses-permission>
<uses-permission android:name=”android.permission.WRITE_EXTERNAL_STORAGE”>
</uses-permission>
<uses-permission android:name=”com.google.android.providers.gsf.permission.READ_GSERVICES”>
</uses-permission>
<permission android:name=”com.ubercab.permission.C2D_MESSAGE” android:protectionLevel=”0x00000002″>
</permission>
<permission android:name=”com.ubercab.permission.NOTIFY_ACTION” android:protectionLevel=”0x00000002″>
</permission>
<uses-permission android:name=”com.ubercab.permission.C2D_MESSAGE”>
</uses-permission>
<uses-permission android:name=”com.google.android.c2dm.permission.RECEIVE”>
</uses-permission>
<uses-permission android:name=”android.permission.WAKE_LOCK”>
</uses-permission>

From the above you can notice that a taxi provider like Uber is taking the Big Brother talk rather seriously.  It is left to your imagination as to what a taxi hiring service can do with this kind of data. Some mere mortals are suggesting it might be an anti-fraud measure to help Uber detect and combat fake accounts set up by its competitors.  However sanity prevails and the fact remains  that UBER is collecting personal data without your explicit permission which constitutes to infringing your basic right.  In United States the law stipulates that collecting data without appropriate permission constitutes malware and compromises users’ personal data.

Techworm had already reported about Uber being panned for its VPs sadistic comments of it setting aside $1 million to research team to expose the personal lives of media critics and their families. This was supposed to be done with the same tool that Uber is using now, the God’s View Tool.  You can read about the same here. It seems Uber’s Gods View tool is doing much more than hounding journos and anti-uber camp.

GironSec has torn apart the Uber Android App but he has not published much about Uber’s iPhone App.  It remains to be seen whether the Uber iPhone users privacy is also being breached in the same way as Android App.  Given the seriousness of the issue it also remains to be seen whether Google will pull the Uber App down from Google Play citing serious privacy infringement clauses.  Remember, Google has a conflict of interest in Uber’s case as it has a US$258 million dollar stake in Uber.

Gods View Tool eh?

Beware if you have Data Compression Proxy enabled in new Chrome for Android and iOS devices, Google is watching you!

Google quietly revealed the new Data Compression Proxy features of its new Chrome App for Android smartphones and tablets and Chrome App for iPhone, iPad and iPod Touch.  What the pages listing the new features say is that the Data Compression Proxy can significantly reduce cellular data usage by using proxy servers hosted at Google to optimize website content. This feature has been shown to reduce the size of web pages by 50%.

What the features dont say is that your entire day to day web session can be seen /stored or noted by some third party before reaching you.  If you have enabled the Data Compression Proxy feature in your smartphone or tablet and are trying to read Techworm.net, the data will first pass through Google servers before reaching you. That means data about your session with Techworm will be stored/saved/noted somewhere.  Not that this is done for the first time, Opera has been doing it for ages, in fact Opera’s USP and popularity is based on this technique.  But then you dont use Opera for your private communications or posting/seeing/sharing confidential and eyes only information.

Thankfully unlike others who often provide such snooping techniques by default, Google has given the Android smartphone and iPhone /iPAd / iPod Touch users the choice of opting in or out of the service. The use of the compression proxy does not require you to have a Google account. If you want to start the service, you have to open Chrome, go to Settings, go to Bandwidth Management and enable the Reduce data usage option to start this feature.

If you few lucky ones who have Android 5.0 lollipop devices, you have to go to Settings > Developer Options > Reduce WebView network usage.

This is how it works :

Banking transactions and incognito browsing sessions excluded

The Data Compression Proxy feature does not work with HTTPS or Secure pages and all banking transactions are carried over HTTPS websites so they will not be affected.  Google has also said that surfing in Incognito Mode on Chrome (Private Browsing) will also bypass the Data Compression Proxy feature as of now.

Privacy questions

When this feature is enabled, all your web surfing history and data will pass through Google servers before reaching you.  It should be noted that though Google does not snoop on user’s web surfing data without users explicit permission, the law enforcement agencies like the NSA can demand such data through a warrant.  Further, each and every data passing through Google servers is going to leave behind breadcrumbs or metadata which can be accessed by a third party if a hack attack occurs as it did recently in Dropbox’s case.

For the protection of your internet data being leaked when you use the internet on your Android phone the one effective way is to use and additional security software like using the best VPN for Android, which hides your internet activities by creating an encrypted tunnel and route your data through this tunnel which keeps it protected and away from snoopers, hackers, and other cyber attackers.

Conclusion

Thought this feature is quite good for normal surfing, opening incognito browsing tabs everytime you need to have a private untapped and non snooped web session will be quite a headache for the user. If you are a privacy oriented user, it is suggested that you disable this feature.