DOCSLIB.ORG

Battery Status Not Included: Assessing Privacy in Web Standards

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Battery Status Not Included: Assessing Privacy in Web Standards To appear at the 2017 International Workshop on Privacy Engineering. Battery Status Not Included: Assessing Privacy in Web Standards Lukasz Olejnik Steven Englehardt Arvind Narayanan University College London Princeton University Princeton University [email protected] [email protected] [email protected] https://lukaszolejnik.com http://senglehardt.com http://randomwalker.info Abstract—The standardization process is core to the develop- formally defined recommendations for privacy assessments ment of the open web. Until 2013, the process rarely included pri- during the development of internet protocols [1]. The W3C vacy review and had no formal privacy requirements. But today has also invested considerable resources into the creation of the importance of privacy engineering has become apparent to standards bodies such as the W3C as well as to browser vendors. specialized methodologies for such privacy assessments [2], Standards groups now have guidelines for privacy assessments, [3]. This includes taking public stances on privacy expectations and are including privacy reviews in many new specifications. [4] and defining new groups and processes to evaluate privacy However, the standards community does not yet have much [5], [6], [7]. Even the frameworks used during specification, practical experience in assessing privacy. development, and publishing have been updated to encourage In this paper we systematically analyze the W3C Battery Status API to help inform future privacy assessments. We begin all specification authors to include privacy and security review by reviewing its evolution — the initial specification, which only sections [8], [9]. cursorily addressed privacy, the discovery of surprising privacy These recent advances in privacy review are timely, as new vulnerabilities as well as actual misuse in the wild, followed and proposed web features will provide websites with much by the removal of the API from major browser engines, an unprecedented move. Next, we analyze web measurement data deeper access to the user’s device and environment, especially from late 2016 and confirm that the majority of scripts used the on smartphones and Internet-of-Things (IoT) devices. Ex- API for fingerprinting. Finally, we draw lessons from this affair amples include Bluetooth connectivity [10], low-level device and make recommendations for improving privacy engineering sensors such as ambient light, acceleration, and vibration [11], of web standards. [12], and even the user’s interpupillary distance, in the context of Virtual Reality [13]. I. INTRODUCTION But why should standards consider privacy at all, rather The Battery Status API offers an interesting and unusual than leave it to browser vendors? Perhaps the market will case study of privacy assessment in the web standardization then allow each user to choose a browser that provides his process. The specification started with a typical progression: or her preferred trade-off between privacy and functionality. it went through a few iterations as a draft, was quickly imple- This argument is beguiling but simplistic — standards must fix mented by multiple browser vendors, and then progressed to many design choices to ensure interoperability, and some of a candidate recommendation — one which characterized the these will inevitably impact privacy [1]. Indeed, there are many privacy impact as “minimal”. Several years later, after it was examples of standards that impede efforts by browser vendors implemented in all major browser engines and was nearing to improve privacy without causing breakage [14]. Further, finalization, researchers discovered several privacy vulnerabil- standards allow setting a privacy floor across implementations. ities as well as misuse in the wild. In an unprecedented move, This helps avoid a race to the bottom, considering that privacy two of the three major browser engines removed support for might be a “market for lemons” [15] and is susceptible to the API and another browser moved to an opt-in model. In this numerous behavioral biases [16]. paper, authored by several of the researchers who discovered In this paper we study the privacy engineering aspects [17] the privacy problems, we reflect on these events, present new of the Battery Status API, with a focus on the standardization empirical evidence of misuse, and extract recommendations and implementation process. Specifically, for privacy reviews in future standards. Before 2013, there were no formal review processes at 1) We conduct a systematic case study of the Battery Status the major standards bodies to address privacy during the API (Section III). design and standardization of web features. This is reflected 2) We provide new measurements of Battery Status API in the lack of privacy or security considerations in many past use on the web (Section IV). specifications. However, the standards community has recently 3) We extract useful privacy engineering practices and made numerous substantial changes to address privacy during provide recommendations to improve the design process the early stages of feature development. In 2013 the IETF (Section V). We hope our work will be useful to standardization bodies, posed design impacts web tracking. Past studies have shown browser vendors, privacy engineers, researchers, and web de- that trackers frequently use many browser technologies to track velopers. We seek to enrich Privacy Impact Assessment (PIA) users: by using stateful mechanisms like cookies, localStorage, methodologies, with possible applications to other domains and Flash storage to respawn cleared identifiers [19], [20], including IoT and mobile APIs. [21], [22], using “enriched” headers that contain tracking IDs injected by ISPs [23], and by identifying a device solely by its II. BACKGROUND AND RELATED WORK properties, i.e. device fingerprinting [24], [25], [26], [27]. The The W3C standardization process. The W3C employs W3C’s TAG has identified these advanced tracking behaviours a maturity level model in the standardization process [18]. as “actively harmful to the Web, because [they are] not under Specifications start as a community group Working Draft and the control of users and not transparent” [4]. may undergo several revisions while the scope and content is In this case study, we examine how the Battery Status API refined. Once the specification is ready for a final review by can be used to fingerprint devices (Section III-C). Device a wide audience, it will progress to a Candidate Recommen- fingerprinting is the process of identifying a device by its set dation. The W3C formally calls for implementations at this of features, rather than by setting a persistent identifier on the stage, although in practice they may already exist. Feedback device. The effectiveness of tracking increases as a device’s from the Candidate Recommendation and experience gathered feature set is more unique. Past studies have demonstrated from implementations is used to refine the specification further. that a majority of both desktop and mobile users have a If the specification requires no substantive changes it will unique fingerprint [28], [29]. In response to fingerprinting progress to a Proposed Recommendation. After a final set concerns, the W3C’s PING released a Working Group Note to of endorsements a specification will progress to a full W3C provide guidance to specification authors on how to address Recommendation. and mitigate fingerprinting in their specifications [30]. The lengthy standardization process is consensus-driven. When data is identified as potentially sensitive, such as that The stakeholders of a standard are generally organized into which relates to the user’s device, behavior, location, or en- Working Groups, typically comprised of employees of browser vironment, various W3C specifications have applied different vendors and other technology companies. To reach consen- restrictions on access to that data. Some specifications have sus, all members must agree on a decision. Other Working made the data available only in the top level browsing context Groups, such as those specializing in privacy, accessibility, (i.e. where access from third-party scripts is limited) [31], or web architecture may give their input on aspects of the and others provide data only in a secure context (i.e. among specification relevant to their mission. Additionally, the speci- other restrictions, requiring TLS) [32]. This type of data access fication Working Group must provide evidence of wide review, also frequently requires user permission before any potentially which includes reviews by a number of external parties: the sensitive information is made available. The Web Permissions public (i.e. researchers) and NGOs (some of whom are W3C API is a draft specification of a mechanism that allows users members). to manage these types of permissions in a user-friendly way Privacy reviews often happen during the draft stage, al- [33]. though the depth of reviews can vary. As of 2017, the official Past privacy assessment research. Several studies have W3C Process Document [18] does not require a privacy examined how privacy assessments are conducted as part of review. In practice, reviews are often performed prior to a the specification process. Nick Doty identifies and addressees draft entering the Candidate Recommendation level. A privacy the challenges of privacy reviews in standardization bodies consideration section can be normative, in which the state- [2]. Doty describes the history of security and privacy con- ments included are requirements
Load more

Recommended publications
  • Cross-Platform Analysis of Indirect File Leaks in Android and Ios Applications
    Cross-Platform Analysis of Indirect File Leaks in Android and iOS Applications Daoyuan Wu and Rocky K. C. Chang Department of Computing, The Hong Kong Polytechnic University fcsdwu, [email protected] This paper was published in IEEE Mobile Security Technologies 2015 [47] with the original title of “Indirect File Leaks in Mobile Applications”. Victim App Abstract—Today, much of our sensitive information is stored inside mobile applications (apps), such as the browsing histories and chatting logs. To safeguard these privacy files, modern mobile Other systems, notably Android and iOS, use sandboxes to isolate apps’ components file zones from one another. However, we show in this paper that these private files can still be leaked by indirectly exploiting components that are trusted by the victim apps. In particular, Adversary Deputy Trusted we devise new indirect file leak (IFL) attacks that exploit browser (a) (d) parties interfaces, command interpreters, and embedded app servers to leak data from very popular apps, such as Evernote and QQ. Unlike the previous attacks, we demonstrate that these IFLs can Private files affect both Android and iOS. Moreover, our IFL methods allow (s) an adversary to launch the attacks remotely, without implanting malicious apps in victim’s smartphones. We finally compare the impacts of four different types of IFL attacks on Android and Fig. 1. A high-level IFL model. iOS, and propose several mitigation methods. four IFL attacks affect both Android and iOS. We summarize these attacks below. I. INTRODUCTION • sopIFL attacks bypass the same-origin policy (SOP), Mobile applications (apps) are gaining significant popularity which is enforced to protect resources originating from in today’s mobile cloud computing era [3], [4].
    [Show full text]
  • 1 Questions for the Record from the Honorable David N. Cicilline, Chairman, Subcommittee on Antitrust, Commercial and Administra
    Questions for the Record from the Honorable David N. Cicilline, Chairman, Subcommittee on Antitrust, Commercial and Administrative Law of the Committee on the Judiciary Questions for Mr. Kyle Andeer, Vice President, Corporate Law, Apple, Inc. 1. Does Apple permit iPhone users to uninstall Safari? If yes, please describe the steps a user would need to take in order to do so. If no, please explain why not. Users cannot uninstall Safari, which is an essential part of iPhone functionality; however, users have many alternative third-party browsers they can download from the App Store. Users expect that their Apple devices will provide a great experience out of the box, so our products include certain functionality like a browser, email, phone and a music player as a baseline. Most pre-installed apps can be deleted by the user. A small number, including Safari, are “operating system apps”—integrated into the core operating system—that are part of the combined experience of iOS and iPhone. Removing or replacing any of these operating system apps would destroy or severely degrade the functionality of the device. The App Store provides Apple’s users with access to third party apps, including web browsers. Browsers such as Chrome, Firefox, Microsoft Edge and others are available for users to download. 2. Does Apple permit iPhone users to set a browser other than Safari as the default browser? If yes, please describe the steps a user would need to take in order to do so. If no, please explain why not. iPhone users cannot set another browser as the default browser.
    [Show full text]
  • Website Nash County, NC
    Website Nash County, NC Date range: Week 13 October - 19 October 2014 Test Report Visits Summary Value Name Value Unique visitors 5857 Visits 7054 Actions 21397 Maximum actions in one visit 215 Bounce Rate 46% Actions per Visit 3 Avg. Visit Duration (in seconds) 00:03:33 Website Nash County, NC | Date range: Week 13 October - 19 October 2014 | Page 2 of 9 Visitor Browser Avg. Time on Browser Visits Actions Actions per Visit Avg. Time on Bounce Rate Conversion Website Website Rate Internet Explorer 2689 8164 3.04 00:04:42 46% 0% Chrome 1399 4237 3.03 00:02:31 39.24% 0% Firefox 736 1784 2.42 00:02:37 50% 0% Unknown 357 1064 2.98 00:08:03 63.87% 0% Mobile Safari 654 1800 2.75 00:01:59 53.36% 0% Android Browser 330 1300 3.94 00:02:59 41.21% 0% Chrome Mobile 528 2088 3.95 00:02:04 39.02% 0% Mobile Safari 134 416 3.1 00:01:39 52.24% 0% Safari 132 337 2.55 00:02:10 49.24% 0% Chrome Frame 40 88 2.2 00:03:36 52.5% 0% Chrome Mobile iOS 20 46 2.3 00:01:54 60% 0% IE Mobile 8 22 2.75 00:00:45 37.5% 0% Opera 8 13 1.63 00:00:26 62.5% 0% Pale Moon 4 7 1.75 00:00:20 75% 0% BlackBerry 3 8 2.67 00:01:30 33.33% 0% Yandex Browser 2 2 1 00:00:00 100% 0% Chromium 1 3 3 00:00:35 0% 0% Mobile Silk 1 8 8 00:04:51 0% 0% Maxthon 1 1 1 00:00:00 100% 0% Obigo Q03C 1 1 1 00:00:00 100% 0% Opera Mini 2 2 1 00:00:00 100% 0% Puffin 1 1 1 00:00:00 100% 0% Sogou Explorer 1 1 1 00:00:00 100% 0% Others 0 0 0 00:00:00 0% 0% Website Nash County, NC | Date range: Week 13 October - 19 October 2014 | Page 3 of 9 Mobile vs Desktop Avg.
    [Show full text]
  • XCSSET Update: Abuse of Browser Debug Modes, Findings from the C2 Server, and an Inactive Ransomware Module Appendix
    XCSSET Update: Abuse of Browser Debug Modes, Findings from the C2 Server, and an Inactive Ransomware Module Appendix Introduction In our first blog post and technical brief for XCSSET, we discussed the depths of its dangers for Xcode developers and the way it cleverly took advantage of two macOS vulnerabilities to maximize what it can take from an infected machine. This update covers the third exploit found that takes advantage of other popular browsers on macOS to implant UXSS injection. It also details what we’ve discovered from investigating the command-and-control server’s source directory — notably, a ransomware feature that has yet to be deployed. Recap: Malware Capability List Aside from its initial entry behavior (which has been discussed previously), here is a summarized list of capabilities based on the source files found in the server: • Repackages payload modules to masquerade as well-known mac apps • Infects local Xcode and CocoaPods projects and injects malware to execute when infected project builds • Uses two zero-day exploits and trojanizes the Safari app to exfiltrate data • Uses a Data Vault zero-day vulnerability to dump and steal Safari cookie data • Abuses the Safari development version (SafariWebkitForDevelopment) to inject UXSS backdoor JS payload • Injects malicious JS payload code to popular browsers via UXSS • Exploits the browser debugging mode for affected Chrome-based and similar browsers • Collects QQ, WeChat, Telegram, and Skype user data in the infected machine (also forces the user to allow Skype and
    [Show full text]
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014
    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
    [Show full text]
  • RELEASE NOTES UFED PHYSICAL ANALYZER, Version 5.4 | November 2016 UFED LOGICAL ANALYZER, UFED READER
    NOW SUPPORTING 20,854 DEVICE PROFILES +2,851 APP VERSIONS UFED TOUCH2, UFED TOUCH, UFED 4PC, RELEASE NOTES UFED PHYSICAL ANALYZER, Version 5.4 | November 2016 UFED LOGICAL ANALYZER, UFED READER HIGHLIGHTS WE’VE ADDED SUPPORT TO MORE MOTOROLA ANDROID DEVICES! DEVICE SUPPORT Physical extraction and decoding from 26 popular Motorola Android devices ◼ Bootloader-based physical extraction for 17 MTK Android (up to and including OS 5.0.1). devices running the following MediaTek chipsets: MT6735 and MT6753. ◼ Physical extraction and decoding from 26 popular A BRAND NEW USER INTERFACE Motorola Android devices. Due to popular demand, we ◼ Following the previous announcement in version 5.1, are excited to introduce the we have added physical extraction while bypassing new interface for UFED Physical user lock for 18 additional Huawei devices, running Analyzer, UFED Logical Analyzer and UFED Reader 5.4. HiSilicon chipsets. We have redesigned the user interface to deliver a more ◼ Logical extraction and decoding is enabled for the new intuitive user experience. Google Pixel Android devices (Apps data not included). APPS SUPPORT ◼ 26 new Applications supported for iOS and PINPOINT YOUR SUBJECTS’ Android devices. LOCATIONS WITH MORE ACCURACY! ◼ Facebook Messenger: Decoding supported for multiple users of a single device. ◼ 569 updated application versions. FUNCTIONALITY ◼ Pinpoint your subjects’ locations with more accuracy. ◼ Organize and review case evidence with enhanced To fully utilize the large volume of locations data available in a searching, filtering and grouping capabilities. mobile device, UFED Physical Analyzer 5.4 allows you to convert ◼ Analyze more data in Timeline view quicker. the BSSID values (wireless networks) and cell towers into location ◼ Identify critical case information up to 50% faster.
    [Show full text]
  • Rules for Conducting the Exam with Online Proctoring for Student
    Approved on the UMC Meeting Minutes № 2 dated December 03, 2020 PROCEDURE FOR CARRYING OUT INTERMEDIATE CERTIFICATION FOR THE AUTUMN SEMESTER OF THE 2020-2021 ACADEMIC YEAR WITH THE APPLICATION OF DOT AND ONLINE PROCTORING 1. The intermediate certification of the fall semester of the 2020/21 academic year at KBTU is carried out in a distance format. 2. Final exam forms: ➢ written exam: in the form of tests and / or open-ended questions in online format using the proctoring system; ➢ oral exam in online format;; ➢ individual / group projects, performed offline at home on pre-assigned assignments and questions with an “open book” (take-home open book exam); ➢ combined exam in online format (projects and oral defense). Cumulative assessment (only for mathematical disciplines). 3. Teachers fill out the Exam Guidelines and post them on the teachers page in Uninet and on the platform on which the exam will take place until December 7, 2020. 4. Students must first familiarize themselves with the instructors' instructions on the final control for each discipline. Important: All exams are held strictly according to the approved schedule posted in wsp.kbtu.kz (uninet system). Unacceptable: 1. The appropriation or reproduction of ideas, words, or statements of another person without appropriate reference. 2. Providing false information to the teacher, false reason for missing a lesson or falsely claiming that the work has been submitted. 3. Any attempt to use external assistance without appropriate permission, or without acknowledgment of the use of this assistance. Students are allowed to the final exams: have no financial debt; scored 30 or more points per semester; not on academic leave.
    [Show full text]
  • Swift SF314-52 Specifications (V2-0-2)
    Swift SF314-52 Specifications (v2-0-2) Category Description Footnotes Operating 1 Windows 10 Home 64-bit 2 system CPU and chipset 1 Intel® CoreTM i7-7500U processor (4 MB L3 cache, 2.7 GHz with Turbo Boost up to 3.5 GHz, DDR4 2133 MHz or DDR3L 1600 MHz, 15 W), supporting Intel® 64 architecture, Intel® Smart Cache Intel® CoreTM i5-7200U processor (3 MB L3 cache, 2.5 GHz with Turbo Boost up to 3.1 GHz, DDR4 2133 MHz or DDR3L 1600 MHz, 15 W), supporting Intel® 64 architecture, Intel® Smart Cache Intel® CoreTM i3-7100U processor (3 MB L3 cache, 2.4 GHz, DDR4 2133 MHz or DDR3L 1600 MHz, 15 W), supporting Intel® 64 architecture, Intel® Smart Cache Memory 1, 3, 4 Dual-channel DDR4 SDRAM support 4, 5 • 4 GB of onboard DDR4 system memory • 8 GB of onboard DDR4 system memory Display 14.0" display with IPS (In-Plane Switching) technology, Full HD 1920 x 6 1080, high-brightness Acer ComfyViewTM LED-backlit TFT LCD 16:9 aspect ratio Wide viewing angle up to 170 degrees Mercury free, environment friendly Graphics 1 Intel® HD Graphics 620, supporting OpenGL® 4.4, OpenCLTM 2.0, Microsoft® DirectX® 12 Audio Compatible with Cortana with Voice Certified for Skype for Business Acer TrueHarmony technology for lower distortion, wider frequency range, headphone-like audio and powerful sound Two built-in stereo speakers Built-in digital microphone Storage Solid state drive • 128 / 256 / 512 GB, SATA 6 Gb/s 1, 7 • 512 GB, SATA 6 Gb/s 1, 7 • 256 GB, SATA 6 Gb/s 1, 7 • 128 GB, SATA 6 Gb/s 1, 7 Card reader • Supporting: SDTM Card Webcam 1 Video conferencing • Super
    [Show full text]
  • What Is the Best Download Browser for Android How to Set a Default Browser on Android
    what is the best download browser for android How to Set a Default Browser on Android. This article was written by Nicole Levine, MFA. Nicole Levine is a Technology Writer and Editor for wikiHow. She has more than 20 years of experience creating technical documentation and leading support teams at major web hosting and software companies. Nicole also holds an MFA in Creative Writing from Portland State University and teaches composition, fiction-writing, and zine-making at various institutions. The wikiHow Tech Team also followed the article's instructions and verified that they work. This article has been viewed 4,187 times. This wikiHow teaches you how to change your Android’s default web browser to another app you’ve installed. Best Fastest Android Browser Available On Play Store 2021. Anyone know, what’s powering the Smartphone? Battery! No. Well, that’s the solution first involves your mind right. But the solution is the INTERNET. Yes without the internet what’s the purpose of using a smartphone. So to interact with the internet, we’d like some kinda tool, that features an interface. Here comes the BROWSER. Its main job is to attach us to the web . Fastest Android Browser. So why not we just look for Browser and install any random browser from play store and begin interacting with the internet. And why there are numerous Browsers to settle on from, confused right? Yeah, there are many Browsers with its unique features aside from just surfing the web. And now we’re only getting to mention Speed here because everyone loves Fast browsing experience.
    [Show full text]
  • Dolphin Browser Request Desktop Site
    Dolphin Browser Request Desktop Site Glossy Parry decays his antioxidants chorus oversea. Macrobiotic Ajai usually phenomenalizing some kinos or reek supinely. Felicific Ramsay sequesters very sagittally while Titos remains pyogenic and dumbstruck. You keep also half the slaughter area manually, by tapping on the screen. You can customize your cookie settings below. En WordPresscom Forums Themes Site by link doesn't work on. Fixed error message in Sync setup sequence. The user agent is this request header a grade of metadata sent west a browser that. Dolphin For Android Switch To stock Or Mobile Version Of. Fixed browser site is set a clean browser? 4 Ways to turning a Bookmark Shortcut in contemporary Home Screen on. What gear I say? Google Chorme for Android offers this otherwise known as Request that site. The desktop version of gps in every data, its advanced feature. It is dolphin browser desktop sites from passcards and loaded. Tap on account settings screen shot, dropbox support the best android browser desktop site design of ziff davis, gecko include uix. But, bush too weary a premium service. Store only hash of potato, not the property itself. Not constant is Dolphin Browser a great web browser it also needs a niche few. Download Dolphin Browser for PC with Windows XP. Dolphin browser Desktop Mode DroidForumsnet Android. For requesting the site, which you use is not, identity and telling dolphin sidebar function to manage distractions and instapaper sharing menu. Note If for desktop version of iCloudcom doesn't load up re-type wwwicloudcom in the address bar. This already horrible ergonomics.
    [Show full text]
  • Yandex Announces First Quarter 2019 Financial Results
    Yandex Announces First Quarter 2019 Financial Results MOSCOW and AMSTERDAM, the Netherlands, April 25, 2019 -- Yandex (NASDAQ: YNDX), one of Europe's largest internet companies and the leading search provider in Russia, today announced its unaudited financial results for the first quarter ended March 31, 2019. Q1 2019 Financial Highlights(1)(2)(3) Q1 2019 consolidated financial results • Revenues of RUB 37.3 billion ($576.0 million), up 40% compared with Q1 2018 • Net income of RUB 3.1 billion ($48.3 million), up 69% compared with Q1 2018; net income margin of 8.4% • Adjusted net income of RUB 5.4 billion ($84.0 million), up 36% compared with Q1 2018; adjusted net income margin of 14.6% • Adjusted EBITDA of RUB 10.8 billion ($166.3 million), up 40% compared with Q1 2018; adjusted EBITDA margin of 28.9% Q1 2019 financial results excluding Yandex.Market in 2018 and 2019 • Revenues excluding Yandex.Market of RUB 37.3 billion ($576.0 million), up 45% compared with Q1 2018 • Net income excluding Yandex.Market of RUB 3.8 billion ($59.4 million), up 92% compared with Q1 2018 • Adjusted net income excluding Yandex.Market of RUB 6.2 billion ($95.2 million), up 49% compared with Q1 2018; adjusted net income margin excluding Yandex.Market of 16.5% • Adjusted EBITDA excluding Yandex.Market of RUB 10.8 billion ($166.3 million), up 37% compared with Q1 2018; adjusted EBITDA margin excluding Yandex.Market of 28.9% • Cash, cash equivalents and term deposits as of March 31, 2019: o RUB 73.6 billion ($1,137.5 million) on a consolidated basis o Of which
    [Show full text]
  • RELEASE NOTES UFED PHYSICAL ANALYZER, UFED LOGICAL ANALYZER, Version 6.2 | May 2017 UFED READER (V 6.2), UFED CLOUD ANALYZER (V 6.0.1)
    NOW SUPPORTING 22,179 DEVICE PROFILES 4,046 APP VERSIONS UFED TOUCH2, UFED TOUCH, UFED 4PC, UFED INFIELD, RELEASE NOTES UFED PHYSICAL ANALYZER, UFED LOGICAL ANALYZER, Version 6.2 | May 2017 UFED READER (V 6.2), UFED CLOUD ANALYZER (V 6.0.1) CHECK OUT OUR NEW VIDEO ON UFED 6.2! HIGHLIGHTS DEVICE SUPPORT ◼ Advanced ADB, the recently launched physical extraction method, now supports 214 devices. While the careful testing and confirmation of each device is ongoing, we expect the method to work on nearly every Android device. We have created a new Advanced ADB (Generic) method which has been added to many Android profiles. The Advanced ADB (Generic) method is similar to the Advanced ADB method, and can be accessed this way: Smart Phones ––> Android ––> Physical extraction ––> Watch video now! https://www.youtube.com/watch?v=PwHkxmiq_e4 Advanced ADB. ◼ New disable user lock capability for 135 LG devices including LG F700L G5, H872 G6 and US996 V20. This BYPASS THE LOCK SCREEN ON method will also work for devices when the MTP is LG DEVICES disabled. Note: This capability requires the use of two Now supporting the disable user lock new cables: 519 and 520. Click here for more details. capability for 135 LG devices. APPS SUPPORT 506 updated application versions NEW! VIEW EXTRACTED CLOUD UFED CLOUD ANALYZER DATA SOURCE SUPPORT iCloud Application Program Interface (API) – UFED Cloud DATA IN UFED READER AND UFED Analyzer 6.0.1, supports the new Apple API for iCloud and PHYSICAL ANALYZER iCloud Backup. View UFED Cloud Analyzer extraction reports FUNCTIONALITY (UFED PLATFORMS) in UFED Reader and UFED Physical Analyzer.
    [Show full text]