<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Verdana",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Verdana",sans-serif'>Thanks! I think I can work up enough outrage to do a column on this. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Verdana",sans-serif'><o:p> </o:p></span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'>_______</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'>Evan Schuman</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'><a href="mailto:eschuman@thecontentfirm.com" target="_blank">eschuman@thecontentfirm.com</a></span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'><a href="tel:973-993-8098" target="_blank">973-993-8098</a> (voice)<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'>Computerworld weekly columnist (Column archive: <a href="http://www.thecontentfirm.com/weekly-column-on-computerworld" target="_blank">http://www.thecontentfirm.com/weekly-column-on-computerworld</a>)</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'>Moderator for MIT Sloan Management Review events<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Google Search: <a href="http://lmgtfy.com/?q=Evan+Schuman">http://lmgtfy.com/?q=Evan+Schuman#</a><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'><a href="https://twitter.com/eschuman" target="_blank">https://twitter.com/eschuman</a></span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'><a href="http://www.linkedin.com/in/schumanevan/" target="_blank">www.linkedin.com/in/schumanevan/</a></span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><i><span style='font-size:8.0pt;color:#1F497D'>Member, Internet Press Guild: <a href="http://netpress.org/" target="_blank"><span style='color:#1155CC'>http://netpress.org/</span></a></span></i><o:p></o:p></p></div><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Verdana",sans-serif'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Ipg-smz <ipg-smz-bounces@netpress.org> <b>On Behalf Of </b>Logan Harbaugh<br><b>Sent:</b> Thursday, February 07, 2019 1:43 PM<br><b>To:</b> ipg-smz@netpress.org<br><b>Subject:</b> [Ipg-smz] FW: Privacy expert Paul Bischoff comments on iPhone apps secretly recording your screen<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>For those of you who haven’t already seen this…<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif;color:navy'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Thanks, </span><span style='color:navy'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Logan G. Harbaugh<br><a href="mailto:logan@lharba.com">logan@lharba.com</a></span><span style='color:navy'><br></span><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>530-243-1346</span><span style='color:navy'><br></span><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>1547 Magnolia Ave.</span><span style='color:navy'><br></span><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Redding, CA 96001</span><span style='color:navy'><br></span><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'><a href="http://www.lharba.com/">www.lharba.com</a></span><span style='color:navy'><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> Paula Brici [<a href="mailto:paula@eskenzipr.com">mailto:paula@eskenzipr.com</a>] <br><b>Sent:</b> Thursday, February 7, 2019 10:36 AM<br><b>Subject:</b> Privacy expert Paul Bischoff comments on iPhone apps secretly recording your screen<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Responding to reports that iPhone apps are <span style='color:black;letter-spacing:.15pt'>Many popular iPhone apps–including Abercrombie & Fitch, </span><span style='letter-spacing:.15pt'>Hotels.com<span style='color:black'>, Air Canada, Hollister, Expedia, and Singapore Airlines–are using a technology called “</span></span><a href="https://www.glassboxdigital.com/the-definitive-guide-to-session-replay-recording/"><span style='color:#22458F;letter-spacing:.15pt'>session replay</span></a><span style='color:black;letter-spacing:.15pt'>” from customer experience analytics firm Glassbox to record everything you do on your iPhone when using their app, </span>Paul Bischoff, privacy advocate with <a href="http://www.comparitech.com/">Comparitech.com</a>, said:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>“The use of session replay services in iPhone apps is serious cause for concern for two reasons. The first is that the apps did not get consent to record sessions and take screenshots of users' devices and send them back to the app developers. Many of the apps make no explicit mention of the use of session replay services in their privacy policies. The second is that the data collected and sent to the app developers might not be properly secured. If the app developers do not take measures to properly mask sensitive information in their apps, then unencrypted screenshots containing passwords and credit card information could be accessed or intercepted by attackers.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I think it's ultimately up to Apple to solve this problem. Apple should better vet the apps that use session replay services to ensure they're secure and that they obtain opt-in consent, or session replay services should be banned from the App Store altogether. It's worth mentioning that many apps and websites use A/B testing to figure out what users are clicking on, but this data is usually aggregated and can't be connected to an individual, and they don't take screenshots. So alternatives do exist.”<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks, let me know if you have any questions for Paul.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Paula<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:9.0pt'>Paula Brici<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt'>Eskenzi PR<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt'>+1 949-677-6527<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.0pt'><a href="mailto:paula@eskenzipr.com"><span style='color:#0563C1'>paula@eskenzipr.com</span></a><o:p></o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>