Did you know your iPhone is tracking you without your consent?

Thanks to the Austrian activist Max Schrems, earlier this week we found out from Business Insider that Apple illegally tracks iPhone users to target them with ads, EU privacy activism group claims in lawsuit. Please read article for full story.

From the article: https://www.forbes.com/sites/kateoflahertyuk/2020/11/16/apple-iphone-tracking-heres-how-to-turn-it-off/?sh=ce7d1c33398a

“A useful guide on how to use Apple’s new privacy features in iOS 14. Within that, I included some steps detailing how you can prevent advertisers from tracking you ahead of the planned opt-in feature—which will hopefully become available in an updated version of iOS 14 in 2021.

So for now, in your Settings, go to Privacy > Tracking. Here you can turn off the ability to allow apps to request to track you across apps and websites owned by other companies.”

In Tendenci there is are no back doors or default accounts. NOT NOW OR EVER. Tendenci takes security and privacy very seriously. You have all of the tools you need to remain GDPR compliant with Tendenci’s open source software. It is entirely your responsibility to use the software responsibly. For example all web sites use cookies. And data does not delete itself. If you haven’t already, please read about GDPR at Tendenci as we share the same values. Privacy is important and it matters.

The Puppy keeps your data safe.

Your Data Is As Safe As Ever

With Tendenci, your data is as safe as ever. All of our clients are now running on our latest software version T12.0. To stay on the loop and learn how our version bumps work, please visit  Tendenci Lifecycle. For our Tendenci Community, please upgrade to our newest and polished version. 

Check our Github changelog for updates and cool new features on your Tendenci site.

Stay in the now with news about Tendenci and about our latest software projects. Get inside information on release dates, software features and other happenings. Security is our top priority which is why your email will be kept confidential, and you’ll only receive a message when we have something cool to say. Much love and appreciation to our Tendenci Community.
Subscribe to our newsletter at https://www.tendenci.com/forms/newsletter-signup/

The puppy keeps your data safe. 

https://github.com/tendenci/tendenci

SuperUsers Reset on Tendenci Sites Today as a Precaution

Norton Data Breach Report

All super users / admins on all Tendenci hosted sites will need to reset your passwords today. This can be done at <your site> /accounts/password/reset/

Why? People reuse passwords. You shouldn’t, and you know that, but you probably do. Therefore, in an overabundance of caution given the large number of data breaches on the Internet this year, we are resetting all superuser passwords to a long randomized string unique to each. I’d also like to emphasize that:

  1. We have not had a data breach,
  2. Your site has NOT been hacked to our knowledge (every site has it’s own “silo” meaning your site is isolated from all others in it’s own containers.)
  3. A LOT of other companies have reported breaches and humans tend to reuse passwords.

A quick visit to https://haveibeenpwned.com/ will show you how pervasive the problem is.

Next step: go to your login page and click “reset password” and pick a unique password hopefully with a space ” ” in it. Tendenci accepts spaces in passwords so USE THEM!

To make passwords easier to remember, use sentences or phrases. For example, “breadandbutteryum”. Some systems will even let you use spaces: “bread and butter yum”.

From: https://www.it.ucsb.edu/password-best-practices

Security is our top priority. Security is an inconvenience. Security best-practices are far better than the alternative. We apologize for the inconvenience but it is, after all, what we are paid to do.

This decision was made by me, Ed Schipul, the founder and CEO. And it was done without advance notice specifically to prevent bad-actors from knowing about it in advance and sending phishing emails to you. The Internet is unfortunately a rough place right now. Stay safe out there!

WhatsApp Zero-Day Vulnerability

WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims’ phones.

Though the exact number of targeted WhatsApp users is not yet known, WhatsApp engineers did confirm that only a “select number” of users were targeted by the NSO Group spyware using this vulnerability.

Read The Hacker News here.

Photo by pixabay.com

Ubuntu 14.04 Reaches Its End Of Life

There is a new Ubuntu LTS release. Ubuntu 14.04 LTS ‘Trusty Tahr’ transitions to Extended Security Maintenance (ESM) today on  April 30th, 2019. Tendenci is now on Ubuntu 18.04

Every Tendenci product has a lifecycle as well.  Read more here.

 A release of Ubuntu is made through several different channels. What you consume will depend on where you are and what your interests happen to be.

The EU GDPR – the General Data Protection Regulation

Control your AMS with Open Source

RSA Conference in San Francisco
GDPR as seen by a vid from the RSA Conference

The European Union’s General Data Protection Regulation starts May 25, 2018. This is mostly an FYI as Tendenci “the Company” does not engage in cross site monitoring. It creeps us out a bit.

Yet while Tendenci does not do cross site tracking or individual tracking, it is possible that YOUR site does if you are using Google Analytics, DoubleClick or any number of third party add-ons and plugins.

It is up to YOU to reauthorize and comply with the data protection policies associated with third party add-ons on your site.

What DOES Tendenci do that might allow you to make a mistake in GDPR compliance?

If used as designed, it would be hard to become out of compliance as every site is in an isolated database and container. Yet there are security functions that log activity on your Tendenci site, that if you were to use it for tracking with AI or sell your data, it could potentially be against the GDPRs regulations. Talk to your attorney about this.

For example PCI best practices require dual logging and analysis of the logs for security reasons. There is no direct identifying data in web logs, but they would obviously include things like the IP address to block DDoS attacks.

These logs are never sold or accessed by anyone but our security team to trouble shoot the application and provide feedback to the administrators. Remember, you have the same user interface and front end functionality that our team does if you host with us. Zero difference. And the logs do not contain any identifying information such as an email or name.

We are NOT lawyers, Thus it is up to YOU to determine how you manage your data. We do not, nor have we ever, sold client data to third parties.