Now come concerns about privacy when using Face Time – the video chat application, and exactly how much AT&T and Apple know about you. According to an anonymous Apple employee, iOS4 means that if you were hoping to jailbreak your phone to run unauthorized apps, you’ll have to do it every week. Network updates are delivered over the air (OTA), and let both AT&T and Apple know if you’ve tried to unlock your phone. If you have? No customer service for you, and count on being locked out every 1-2 weeks if AT&T isn’t your carrier.

Early iPhone 4 recipients were the guinea pigs to test the updates, and ensure that the rush of users activating the phone didn’t bring down the OTA update system. Guess they’ve learned something from the pre-order debacle.

The issue that may cause users the most concern, however, are the unencrypted updates sent to Apple about who users are talking to and where they are.

“I will let you off with one last bit of information if your gonna write a story on this and that is Facetime, the iPhone 4 to iPhone 4 Wifi video connecting. The issue is with Wifi is that anyone can get on a Wifi Signal and potentially see what the viewers and broadcasters are looking at without them know, now Apple will deny this and say its not our problem you where not on a secure connection, in my mind I think that its all bullshit.

People should be able to have some type of security during those calls. Worst yet is once a person connects to another person on FaceTime it for some reason non of us in the office can figure out, sends us APPLE a message and says those two people are connecting via Facetime and gives out their location to us. So for whatever reason we need that information just blows my mind. As a consumer why would you need to let Apple know that you are connecting with a person via FaceTime, its non of Appleâ€s business.” {Addictive Tips}

Now to play devil’s advocate, there are some valid reasons for monitoring usage of the FaceTime service. It could be to help law enforcement, in the event that the information is needed to track down a criminal, it could be for less noble business purposes of monitoring usage at a geographic level.

But whatever the good reasons, it raises concern over the just plain creepy prospect of Apple spying on your calls. According to the Addictive Tips source, many Apple employees are passing on an upgrade to iOS4 over the concerns.

Then there’s the issue of the oversharers. Location based social networking has safety issues and oversharing on video chat might be cause for concern here as well. Now the Apple employee didn’t say that Apple can actually see or store the content of video chats (and for all of the issues that surround storing that data, we don’t think it’s likely they’d try); but for teens who already send “sexts” (sexually charged text messages and photos), could sex videos be next? While oversharing isn’t limited to the young, and the prospect of dirty video chat likely won’t be either, the unencrypted wi-fi connection means that the person on the other end of your chat may not be the only one to see what you send. {SFGate}

Keep it clean, Big Brother is watching.

Blippy.com, a site that allows users to share their purchases with friends (or the world, if they choose) based on credit card purchases, allowed some credit card numbers to remain visible through a simple Google search. {Mashable}

Image via Mashable.com

Nearly every major search engine – Google, Yahoo and Bing, adhere to a robots.txt file which gives directives to search crawlers on which parts of a website should be indexed or crawled in the first place. While they adhere to these guidelines in most cases, a more secure method for site owners working with sensitive data would be to restrict crawling and indexing of certain information at the server level.

Blippy explains:

“Many months ago when we were first building Blippy, some raw (not cleaned up, but typically harmless) data could be viewed in the HTML source of a Blippy web page. The average user would see nothing, but a determined person could see “raw” line items. Still, this was mostly harmless — stuff like store numbers and such. And it was all removed and fixed quickly.

Enter Googleâ€s cache. Turns out Google indexed some of this HTML, even though it wasnâ€t visible on the Blippy website. And exposed four credit card numbers (but a scary 196 search results).”

Here’s the thing, Blippy is backed by some of Silicon Valley’s biggest investors. Ron Conway (an early Google investor), Philip Kaplan (AdBrite founder), Evan Williams (Twitter co-founder) and Sequoia Capital (the firm that’s funded Google, Apple and countless other tech giants). The company was started by two Stanford Computer Science grads.

Between all those connections, no one understood enough about search engines to prevent sensitive data – even if a small amount, from being included in a public index? Or thought to hire someone familiar with search engine optimization and indexing or security to at least make best practice recommendations?

Doing a site search, and viewing the source code of a web page aren’t exactly cutting edge hacking skills. In most cases, what people will find is harmless – notes on scripts used to give a website certain effects, comments made as changes are being made, etc. But leaving identifiable financial data exposed in non-secure areas – even if not plainly visible, is just plain sloppy.