“A useful guide on how to use Apple’s new privacy features in iOS 14. Within that, I included some steps detailing how you can prevent advertisers from tracking you ahead of the planned opt-in feature—which will hopefully become available in an updated version of iOS 14 in 2021.
So for now, in your Settings, go to Privacy > Tracking. Here you can turn off the ability to allow apps to request to track you across apps and websites owned by other companies.”
With Tendenci, your data is as safe as ever. All of our clients are now running on our latest software version T12.0. To stay on the loop and learn how our version bumps work, please visit Tendenci Lifecycle. For our Tendenci Community, please upgrade to our newest and polished version.
Check our Github changelog for updates and cool new features on your Tendenci site.
Stay in the now with news about Tendenci and about our latest software projects. Get inside information on release dates, software features and other happenings. Security is our top priority which is why your email will be kept confidential, and you’ll only receive a message when we have something cool to say. Much love and appreciation to our Tendenci Community. Subscribe to our newsletter at https://www.tendenci.com/forms/newsletter-signup/
All super users / admins on all Tendenci hosted sites will need to reset your passwords today. This can be done at <your site> /accounts/password/reset/
Why? People reuse passwords. You shouldn’t, and you know that, but you probably do. Therefore, in an overabundance of caution given the large number of data breaches on the Internet this year, we are resetting all superuser passwords to a long randomized string unique to each. I’d also like to emphasize that:
We have not had a data breach,
Your site has NOT been hacked to our knowledge (every site has it’s own “silo” meaning your site is isolated from all others in it’s own containers.)
A LOT of other companies have reported breaches and humans tend to reuse passwords.
Security is our top priority. Security is an inconvenience. Security best-practices are far better than the alternative. We apologize for the inconvenience but it is, after all, what we are paid to do.
This decision was made by me, Ed Schipul, the founder and CEO. And it was done without advance notice specifically to prevent bad-actors from knowing about it in advance and sending phishing emails to you. The Internet is unfortunately a rough place right now. Stay safe out there!
In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace, producing highly specialized hacking techniques and toolkits for cyber espionage.
WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims’ phones.
Though the exact number of targeted WhatsApp users is not yet known, WhatsApp engineers did confirm that only a “select number” of users were targeted by the NSO Group spyware using this vulnerability.
Yet while Tendenci does not do cross site tracking or individual tracking, it is possible that YOUR site does if you are using Google Analytics, DoubleClick or any number of third party add-ons and plugins.
It is up to YOU to reauthorize and comply with the data protection policies associated with third party add-ons on your site.
What DOES Tendenci do that might allow you to make a mistake in GDPR compliance?
If used as designed, it would be hard to become out of compliance as every site is in an isolated database and container. Yet there are security functions that log activity on your Tendenci site, that if you were to use it for tracking with AI or sell your data, it could potentially be against the GDPRs regulations. Talk to your attorney about this.
For example PCI best practices require dual logging and analysis of the logs for security reasons. There is no direct identifying data in web logs, but they would obviously include things like the IP address to block DDoS attacks.
These logs are never sold or accessed by anyone but our security team to trouble shoot the application and provide feedback to the administrators. Remember, you have the same user interface and front end functionality that our team does if you host with us. Zero difference. And the logs do not contain any identifying information such as an email or name.
We are NOT lawyers, Thus it is up to YOU to determine how you manage your data. We do not, nor have we ever, sold client data to third parties.