Sensitive data & unwanted uploads into the cloud: Excluding Files or Folders in macOS
It would be nice if this was actually answered. Where are the opt-outs for your algorithms to send my sensitive data to your cloud?
"Unknown executables can be sent to Security Cloud for scanning. These files will be scanned for malware, and discarded immediately if clean. Suspicious files will be kept for a short period in order to perform a deeper analysis. Any files classified as malware will be stored. Files classified as clean software are promptly deleted. Files received from user devices are passed through our automated analysis systems under strict controls and are never shared with third parties. Interpreted code, like Flash, Silverlight and scripts, may also be handled as executable files."
Every script I program is an unkown executable, thus it gets uploaded to your cloud and worse, if you decide it is necessary you share those files:
"We will share some of the uploaded data with our subcontractor partners. We only do so if they need it to help us providing these services. Any such shared data is always anonymous."
For Windows you have the solution to exclude files and folders:
Internet Security 2013/2014:
Internet Security 2015:
Policy Manager and PSB Workstation:
WHY NOT FOR MACOS ?
To be continued in the post below ...
And two related questions coming to my mind:
1. Am I at some point informed that you upload the file (and not only a hash) to your cloud? Hence the system is anonymous (at least that is what you say https://www.f-secure.com/en/web/legal/privacy/security-cloud) it has to be in advanced. So a pop-up: "do you want to upload the file for further analysis [YES] [NO]"
2. What if the file is encrypted, say a password file, or a encrypted server key, do you try to decrypt the file or is it automatically flagged as clean? Will you hand it over to a 3rd party to decrypt it?
EDIT: Because nobody answered so far I want to elaborate on the problem.
In your privacy principles you write:
1. We respect your right to privacy
First and foremost, we respect your privacy in everything we do. Your trust is important to us. We respect your control of your personal data and digital content, and it's our priority to prevent unauthorized access to it by anyone. Whenever we ask you for information, it is to better serve you: If we don't need it, we won't ask for it.
Well, if you look in Wikipedia
Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively.
yeh, ahh, no privacy at all at a MAC, there is no way to express myself selectively in the sense described here, the only option I have on a MAC is to say [x] Use Security Cloud. But your principles go on:
3. You decide how much you share with us
To provide you even better services and relevant messages, we collect information about how our applications are found and used. This means that when you're using our services, we track things like which features are used most and which actions trigger error messages. However, if you are uncomfortable with tracking, we completely appreciate that and therefore F-Secure products offer opt-out possibilities from non-critical data collection.
Total fail on MAC or can you explain me, where I find that mysterious button to express that on a MAC, and again the least thing I would expect is to have a way to exclude Files and Folders.
And coming to your EULA:
For the Software to function as intended, you assign F-Secure to do the following where it is necessary for providing the related Services to you.
Security Operations. You authorize F-Secure, on your behalf, to copy suspicious files containing executable code from your Device or from your third party service accounts linked to Software to F-Secure backend systems, so F-Secure can more effectively analyse them for malicious activity.
Conveying Your Files. Where you are causing the content to be backed up, transferred, copied, duplicated, adapted, altered, utilized, synchronized or published through your use of the Software, you acknowledge that F-Secure (and/or F-Secure's operator partner, as applicable) (COMMENT: Yeah really, I thought uploaded data will not be shared with 3rd parties https://www.f-secure.com/en/web/legal/privacy/security-cloud) may also need to process the same content on your behalf for the Software to function. To that effect; you grant F-Secure (and/or F-Secure's operator partner, where applicable) a license to process the content (COMMENT: a LICENSE to everything I have on my computer, I'm pretty sure that such an EULA clause is against european data protection laws) to the extent necessary to enable us to provide you with applicable content management services. You will retain the control of your content (Nice joke at the end, or is it meant sarcastically, sometimes don't get sarcasm, so).
As more I read as more disappointed I become ...