Feeds

back to article This tool demands access to YOUR ENTIRE DIGITAL LIFE. Is it from GCHQ? No - it's by IKEA

If the Target hack – along with all its predecessors – taught us anything, it's that the database isn't the vulnerability. It's the data that's the problem. If you're collecting data, you're a target. That means you have to ask yourself, “do I need this?” Yet in spite of frequent demonstrations that a determined attacker will …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Have you learned nothing from the NSA?

You need the haystack to find the needle.

4
2
Silver badge

Nearly... the NSA take on it is that you need every haystack in every farm in every country on the planet. To find a needle that may, or may not, exist in one particular farm. The needle is probably in the sewing kit, on the table.

28
1
Silver badge

They simply don't know in which haystack there might be a needle so they gather all the hay they can possibly get hold of. What's more, they are not even capable to distinguish between a twitch from hay and a sting from a needle.

5
0
Anonymous Coward

They know where some needles are

NSA know where some needles are, and the potential victims whose names are on them, but cannot notify the persons whose names are on , because to do so would alert the outside world that the NSA have been conducting illegal surveillance. (e.g. Boston Marathon bombings)

0
3
Silver badge
Coat

Schrödinger's needle?

The needle is only there when they observe it consciously, before that, the needles' waveform is spread out over all possible haystacks.

Sorry, couldn't resist. Mine is the one with the original manuscript "Towards a Quantum Mechanical Interpretation of Homeopathy" in the pocket

4
0

The IKEA 'Splosh': now available with 4 or 6 drawers in a range of colours

I get all my kitchen design inspiration from the web, as they are frequently the location for video entertainment which highlights the importance of sturdy worktops, robust cupboard handles and wipe-clean surfaces.

16
0
Bronze badge

Re: The IKEA 'Splosh': now available with 4 or 6 drawers in a range of colours

I'll just clean my keyboard - thanks to your comment - and get on with my day.

Cheers

Jon

2
0
Anonymous Coward

Re: The IKEA 'Splosh': now available with 4 or 6 drawers in a range of colours

French polishing eh?

2
0
Anonymous Coward

Re: The IKEA 'Splosh': now available with 4 or 6 drawers in a range of colours

If you knew anything about IKEA's naming policy, you would know they use Nordic names.

So it's IKEA 'Plask' then.

3
0
Bronze badge

Re: The IKEA 'Splosh': now available with 4 or 6 drawers in a range of colours

> I'll just clean my keyboard

Ewww. I see what you did there.

2
0

Re: The IKEA 'Splosh': now available with 4 or 6 drawers in a range of colours

"Ewww. I see what you did there."

I wish I didn't...

2
0
Silver badge

<Quote>However, that doesn't necessary apply to partners.</quote>

This is the phrase that says it all........

3
0

Surely this is all against the Data Protection Act?

I thought that companies were only allowed to collect and store relevant data.

4
0
Anonymous Coward

Presumably only if the data is held in the UK.

2
0

Only if the data being collected is personal data and I would surmise that much of the data potentially collected by the app wouldnt be personal data.

0
0
Bronze badge

Since when the Hell did Windows Application... (I can only assume that this is a Desktop App), need to ask for any Permission(s), at all?! I thought this was something that only Mobes did...

7
1

My thought exactly. If it's a desktop application, there's nothing especially strange about it being able to access all of your files, given that desktop OSes simply don't have the same permission model that mobiles have. Chances are that Chrome just shows that warning on any .exe you download - I don't even see how it could possibly know what permissions the program requires. On Windows, pretty much the only choice is whether to require administrator or not, but even that is not something that can be easily learned without trying to run the app.

3
1
Anonymous Coward

It's a browser plugin? or certainly was last time I used it.

0
1
jai
Silver badge

He says in the article that it was only Chrome browser that picked it up. If you weren't using Chrome, it wouldn't ask for permission.

0
0
Silver badge
Devil

Re "It's a browser plugin? or certainly was last time I used it."

Posting anon because all your data is now out there?

0
1

Presumably (alleged) terrorists will no longer be buying their kitchens at Ikea then.

5
0

So IKEA is closed now? The Security Industrial Complex (borrowed from a comment on Bruce Schneier's blog) thinks we are all possible terrorists based on their collection schemes.

0
0

Likely just means it can read and write files to the local machine. Say to load or save your design. As it also communicates with ikea, the warning is just stating the implications of that access.

Your web browser itself and pretty much any application should have the same warnings.

7
0
Silver badge

Hanlon's razor

"Never attribute to malice that which is adequately explained by stupidity."

They're not accessing or collecting anything. Some dumb programmer just clicked all the permissions.

Interesting though that Google Ads are telling me there's a bulk discount on tinfoil down at Costco...

1
0
Bronze badge

Well if THAT'S the Case, then ...

Why do these damned apps not say, "Access to the app-specific folder created to store contents related to this app. NO OTHER FOLDERw will be looked at..."

Either their language/wording sucks, or they are being very generous to themselves.

1
1
Silver badge
Paris Hilton

Kitchen design: Serious business!

Those sandboxing ideas are NOT WRONG (even if Java on th client makes as hash of it). Where have they gone? Do I need to run the browser in a disposable Virtual Machine?

1
0
Silver badge

Re: Kitchen design: Serious business!

Running a browser in a slim VM might be the safest general approach.

Under Linux there is also the option of having apparmor sandbox the browser and limit reading and writing, though that profile (e.g. firefox) is off by default on Ubuntu. I don't know why that is, probably so users don't see Firefox, etc, crash and burn without warning when they try to save or upload from anywhere other than the Downloads directory.

0
0
Big Brother

All your computer data for an online tool, or...

Your soul if you dare set foot in the pallet warehouse itself!

0
0
jai
Silver badge

Re: All your computer data for an online tool, or...

but, to be fair, in return for your soul, they will give you meatballs!!

(some even without horsemeat!)

5
0
Joke

Kitchen sink approach to asking permission

6
0
Silver badge
Pint

damn

That was funnier the way I read it the first time:

Sink kitchen approach to asking permission.

I need another drink.

1
0

Cheap

Apparantly they'd like my email address, and offer a bribe of 100 tea lights. Come on, I'm not that cheap.

2
0

Re: Cheap

200 tealights, a hot dog and one of those bags of sml Daim bars?

6
0
Bronze badge

Re: Cheap

You got me with the Daim candy. Especially if it's the older recipe without the coconut oil.

0
0
Anonymous Coward

Looks familiar

As a SQL Server admin I'm tired of seeing third-party applications that ask for an 'sa' level login, but when pushed they can't honestly definitely say exactly WHY. Or the Windows service account that needs to be a local admin, with the same justification: "we always configure it that way".

Lazy and/or time constrained developers!

7
0
Anonymous Coward

Re: Looks familiar

Ugh... We had one software vendor tell us to disable DEP both on client machines AND a server to solve an issue with their software crashing in certain cases. I told them I wasn't turning off a security feature that had (at the time) been around for over 7 years.

Although it was actually pleasing to hear them suggest something other than "reinstall the software", which was their usual fix.

1
0
Anonymous Coward

If you've done nothing wrong, you've got nothing to hide.

2
0
jai
Silver badge

but what is 'wrong' in the eyes of Ikea?

Buying your sofa from DFS? Getting a bedside table from John Lewis?

3
0
Silver badge
Coat

but what is 'wrong' in the eyes of Ikea?

Sleeping three in a single bed?

3
0
Anonymous Coward

You have privacy concerns, yet you use Chrome?

16
0
Bronze badge

You have privacy concerns, yet you use Chrome?

He shoots... He scores!! OUCH!!

6
0
Silver badge

a hosts file is all that's required

To fuck Google's auto-collection...until they build a dns client into their browser. Of course, since I run my own DNS, I can make it autoritative for any domain I choose.

1
1
Anonymous Coward

Key access

But nobody will be able to access your data without the key. Which will be an Allen key missing from the flatpack...

8
0

I was going with:

They can have my data. It's all ones and zeros. Now all they have to do is put it together.

but the missing Allen key is good, too.

0
0
Silver badge
Black Helicopters

NSA, GCHQ, KGB,...IKEA??

Obviously, the patriarchy has fiendishly discovered that the hoi poloi can never unite to demand international brotherhood and justice if they are kept busy looking for the sixth screw that the instructions say are needed to complete assembly!

"Honey!? Did you see another packet of hardware when we unpacked the bookcase?"

4
1

It's not a site

"Moreover, the warning wasn't raised by the kitchen planning tool. The Register only spotted it because Chrome raised the dialog. No such warning appeared when we accessed the same site on Firefox, for example."

The warning is raised because it is trying to install a Chrome Extension. All Chrome Extensions must declare the permissions they wish to use (or optionally use). Lazy developers request them all because they can't be bothered to look at the docs and see which ones are required by the API they are using.

If it tries to install a Firefox Add-on, it will ask if you want to install it. Firefox does not have a permission model for Add-ons. Firefox Add-ons are run as trusted code. It's all JavaScript so if you're a developer you can always download the XPI, unzip it, and see what it does. I know that's not much help to those who are not Firefox Add-on developers. The downside to Chrome is they can put all of their extension code into NaCl so you can't tell what they are doing with the permissions they've requested (well, you could find a disasembler and work it out).

Neither browser by design allows JavaScript from a website to access anything on your computer (there are flaws that do though). In either case you will be warned before you install an Extension/Add-on.

For the record, I am a Add-on/Extension developer and I don't find the entire model of these extensions to be entirely satisfactory. I wish all of the browsers had much better/finer access control, but there will also always be bugs that allow the permissions to fail. If you can't live with the state of things, don't install extensions or get a VBox/VMWare image that you can browse with and always roll back to the last good snapshot.

7
0
Trollface

I always knew IKEA (Information Kommunikation Elektronisk Agentur) was a name for a Swedish Governmental Agency.

4
0
Flame

"It's probable that the developer created the app with the widest possible permissions so it worked easily in the lab, and never went back and changed them to something appropriate for the Internet: I accept that."

lazy lazy lazy lazy lazy lazy lazy lazy lazy lazy lazy lazy lazy lazy lazy !!!!!!

and dangerous

and amateur

The amout of software i've had to carefully recreate the conditions of the develoipers bedroom in order to get it to work! usually bought by govt depts, schools or colleges

also software designed for businesses that seems oblivious to the idea of a "roaming profile", or that the user may not have admin rights

1
0
Silver badge

Well, what else would you expect from a self-taught "developer" in his mother's back bedroom with a pirate copy of Microsoft Visual Studio?

1
0
Anonymous Coward

Malice possible

I'm afraid I've known enough people in the industry to treat seriously the idea that this could be a malicious slurp. "Sure," some greasy manager says, "let's try to grab as much as we can. When we've built a good customer base we'll leverage that and sell out."

It's not evil -- it's just a complete lack of respect and a willingness to throw everybody else under the bus because it's about getting on, innit?

1
0

Page:

This topic is closed for new posts.