Sensitive data & unwanted uploads into the cloud: Excluding Files or Folders in macOS

Pando
Pando Posts: 1 New Member

It would be nice if this was actually answered. Where are the opt-outs for your algorithms to send my sensitive data to your cloud?

 

NOT ANSWERED: Reminder about your privacy policies and principles - Excluding Files or Folders in macOS

 

==============================================================

 

Hi,

 

for my company (and many others) it is very important, that I do not store data to 3rd party clouds, but with the macOS Version and your privacy policy I cannot ensure that:

 

"Unknown executables can be sent to Security Cloud for scanning. These files will be scanned for malware, and discarded immediately if clean. Suspicious files will be kept for a short period in order to perform a deeper analysis. Any files classified as malware will be stored. Files classified as clean software are promptly deleted. Files received from user devices are passed through our automated analysis systems under strict controls and are never shared with third parties. Interpreted code, like Flash, Silverlight and scripts, may also be handled as executable files."

 

https://www.f-secure.com/en/web/legal/privacy/security-cloud

 

Every script I program is an unkown executable, thus it gets uploaded to your cloud and worse, if you decide it is necessary you share those files:

 

"We will share some of the uploaded data with our subcontractor partners. We only do so if they need it to help us providing these services. Any such shared data is always anonymous."

 

https://www.f-secure.com/en/web/legal/privacy/security-cloud

 

For Windows you have the solution to exclude files and folders:

 

Internet Security 2013/2014:
https://community.f-secure.com/t5/Security-for-PC/How-do-I-exclude-a-file-or/ta-p/15398

Internet Security 2015:
https://community.f-secure.com/t5/Security-for-PC/How-do-I-exclude-a-file-or/ta-p/56363

 

Client Security:
https://help.f-secure.com/product.html#business/client-security/12.00/en/task_13205052E3D44C44BA2491...

 

Policy Manager and PSB Workstation:
https://community.f-secure.com/t5/Management/Excluding-objects-from-Real-Time/ta-p/6601

 

WHY NOT FOR MACOS ?

 

 

To be continued in the post below ...

 

 

---------------------------------------

 

Reminder about your privacy policies and principles

And two related questions coming to my mind:

 

1. Am I at some point informed that you upload the file (and not only a hash) to your cloud? Hence the system is anonymous (at least that is what you say https://www.f-secure.com/en/web/legal/privacy/security-cloud) it has to be in advanced. So a pop-up: "do you want to upload the file for further analysis [YES] [NO]"

 

2. What if the file is encrypted, say a password file, or a encrypted server key, do you try to decrypt the file or is it automatically flagged as clean? Will you hand it over to a 3rd party to decrypt it?

 

EDIT: Because nobody answered so far I want to elaborate on the problem.

 

In your privacy principles you write:

 

1. We respect your right to privacy
First and foremost, we respect your privacy in everything we do. Your trust is important to us. We respect your control of your personal data and digital content, and it's our priority to prevent unauthorized access to it by anyone. Whenever we ask you for information, it is to better serve you: If we don't need it, we won't ask for it.

 

https://www.f-secure.com/en/web/legal/principles

 

 

Well, if you look in Wikipedia

 

Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively.

https://en.wikipedia.org/wiki/Privacy

 

yeh, ahh, no privacy at all at a MAC, there is no way to express myself selectively in the sense described here, the only option I have on a MAC is to say  [x] Use Security Cloud. But your principles go on:

 

3. You decide how much you share with us
To provide you even better services and relevant messages, we collect information about how our applications are found and used. This means that when you're using our services, we track things like which features are used most and which actions trigger error messages. However, if you are uncomfortable with tracking, we completely appreciate that and therefore F-Secure products offer opt-out possibilities from non-critical data collection.

 

Total fail on MAC or can you explain me, where I find that mysterious button to express that on a MAC, and again the least thing I would expect is to have a way to exclude Files and Folders.

 

And coming to your EULA:

 

https://www.f-secure.com/web/legal/terms/software

 

For the Software to function as intended, you assign F-Secure to do the following where it is necessary for providing the related Services to you.
Security Operations. You authorize F-Secure, on your behalf, to copy suspicious files containing executable code from your Device or from your third party service accounts linked to Software to F-Secure backend systems, so F-Secure can more effectively analyse them for malicious activity.
Conveying Your Files. Where you are causing the content to be backed up, transferred, copied, duplicated, adapted, altered, utilized, synchronized or published through your use of the Software, you acknowledge that F-Secure (and/or F-Secure's operator partner, as applicable)  (COMMENT: Yeah really, I thought uploaded data will not be shared with 3rd parties https://www.f-secure.com/en/web/legal/privacy/security-cloud) may also need to process the same content on your behalf for the Software to function. To that effect; you grant F-Secure (and/or F-Secure's operator partner, where applicable) a license to process the content (COMMENT: a LICENSE to everything I have on my computer, I'm pretty sure that such an EULA clause is against european data protection laws) to the extent necessary to enable us to provide you with applicable content management services. You will retain the control of your content (Nice joke at the end, or is it meant sarcastically, sometimes don't get sarcasm, so).

 

As more I read as more disappointed I become ...

Comments

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    Maybe just as 'up' the topic. For preventing situation from previous topic.

     

    At least, as ask about potential 'excluding'-design under Mac-platform. Because it asked with some other topics too:

    https://community.f-secure.com/t5/F-Secure-SAFE/Bug-report-Safe-for-Mac-Issues/m-p/100871

     

    Not sure - if 'excluding'-option can be helpful with such concern-ask... and possible to discuss this points, but not sure if it can be reasonable (as talk between users).

     

    Thanks!

     

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    F-Secure published blog-article under their Safe'n'Savvy blog (do not open it with Microsoft Edge browser):

     

    https://safeandsavvy.f-secure.com/2017/12/01/everything-you-wanted-to-know-av-afraid-to-ask/

    where they tried to discuss something and explain something.

     

    Maybe anyone who did not receive any replies about such (or related) concern from F-Secure under community (but do want it; and do not find any other options to do this) -> able to try ask them under this blog's comments.

    But except that 'exclude'-design for Mac-platform (or mobile platform?!) is something else.

     

    // and that it's not discussed abilities to provide certain security with this 'sampling' (meanings -> ability to detect 'unknown/unseen' malware which looks good and valid software - or even which used for harm system).

     

    Thanks!

  • Vetraci
    Vetraci Posts: 156 Adventurer

    Hi @Ukko, hi @Pando

     

    F-Secure just announced a great podcast on iTunes with Mikko Hipponen adressing some of your questions. It's very interesting to listen to!

     

    Issue regarding excluding folders/files on MacOS: As far as I know there is still no easy/ convenient way to exclude drives/folders/files from scanning.

     

     

     

  • Ukko
    Ukko Posts: 3,770 Superuser

    @Vetraci wrote:

    F-Secure just announced a great podcast on iTunes with Mikko Hipponen adressing some of your questions. It's very interesting to listen to!

     

    Issue regarding excluding folders/files on MacOS: As far as I know there is still no easy/ convenient way to exclude drives/folders/files from scanning.


    Yes, maybe podcast is also available under their website (which I listened already) with 'no differences between'. I did previous reply based on such meanings (where podcast is linked to blog's article).

     

    But  -> as it was with podcast's speech -> if user is developer (partly concern of this topic) - he is 'power user' - and he should to know how to use settings of software and how to exclude their own workspace. What (based on your and other Mac user's experience) still not possible to do with Mac-platform (by default designed view). :)

    and/or with mobile platforms (?!) - not sure if there can be unwanted uploads into the cloud.

     

    And.. just as clarification.. I'm not really concerned about topic's meanings (except that interesting to know statemens about some of certain points). Because  -> as it was also with podcast's speech -> required to use security software (or any other software) if it is trusted for you.

This discussion has been closed.
Feedback on New Design