The ability for companies to follow you from one platform to another — from your phone to your laptop to a physical store — is called cross-device tracking, and for businesses that want to market and sell stuff to you, it is basically the holy grail.

With robust tracking, a company can follow you basically from the moment you wake up and check social media feeds on your phone, through your commute, to work, back through the evening, and once more to your bed at night.
[…]
To get there, the FTC recently held a workshop on Cross-Device tracking, and has now published a report [PDF] highlighting some key facts about this increasingly popular practice.

Source: 5 Things We’ve Learned About How Companies Track You Online And Off – Consumerist

These same organizations also employ the use of social media analytics in order to reach the best target audience. Many of the tracked pieces of information helps them in this regard. More accurate advertising is very beneficial to them for obvious reasons.

1. You don’t need always to be logged in to be tracked.
2. Cross-device tracking can actually improve account security.
3. Companies are not at all transparent about tracking practices.
4. Consumers have very little control.
5. The industry is working on some voluntary self-regulation… sort of.

A U.S. judge has ordered Google to comply with search warrants seeking customer emails stored outside the United States, diverging from a federal appeals court that reached the opposite conclusion in a similar case involving Microsoft Corp (MSFT.O).

U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.

The judge said this was because there was “no meaningful interference” with the account holder’s “possessory interest” in the data sought.

“Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,” Rueter wrote.

Source: Google, unlike Microsoft, must turn over foreign emails: U.S. judge

I guess Rueter finds that invasion of privacy is no meaningful interference.

California electronics maker Vizio will cough up $2.2m after its smart TVs spied on millions of people.

America’s trade watchdog, the FTC, said today the payment will settle a complaint filed by the state of New Jersey accusing Vizio of violating privacy regulations: the biz had collected the viewing habits of 11 million television sets throughout the country without warning or permission.

According to the state attorney general’s federal complaint [PDF], from February 2014 to March 2016, Vizio noted down exactly what its customers were watching and then resold all those records as summaries to third parties – which were mostly advertising companies.

The usage data was not only collected while customers were watching over-the-air or cable TV broadcasts, but also when they were watching DVDs or streaming video from websites and over-the-top services like Netflix.

Vizio harvested surveillance on people and their families so precise, it knew exactly what you were watching, second by second, and even took copies of the watched video, according to prosecutors. Additionally, we’re told, Vizio resold summaries of personal information about its customers it had gathered, including age, marital status, and household income, to advertisers without consent.

Source: Vizio coughs up $2.2m after its smart TVs spied on millions of families • The Register

No mention of the records having to be destroyed though?

Previously, tourists, travelers and visa holders were warned they may have to hand over their online account names and handles so their public profiles can be studied by border agents and immigration officials.

Now Kelly wants to take that further, by demanding passwords from some visa applicants so g-men can log into Twitter, Facebook, online banking accounts, and so on, and rummage around for any eyebrow-raising non-public posts, messages and transactions. If you refuse, you can’t come in.

“We want to say ‘what kind of sites do you visit and give us your passwords,’ so we can see what they do,” Kelly explained, in response to a question from Representative Clay Higgins (R-LA).

“We want to get on their social media with passwords – what do you do, what do you say. If they don’t want to cooperate then they don’t come in. If they truly want to come to America they’ll cooperate, if not then ‘next in line’.”
[…]
Kelly said this invasive vetting of people’s online personas and accounts could take weeks or months, and that applicants would just have to wait until it was done. Representative Higgins said he agreed, and was anxious for Homeland Security and others to start trawling through people’s social media pages. Higgins said handing over such credentials should be mandatory.

Source: Want to come to the US? Be prepared to hand over your passwords if you’re on Trump’s hit list • The Register

The 4th reich keeps getting scarier.

Phone numbers, browser histories, and social media posts are all examples of the sort of data that could be mined from those entering the US under Trump’s “extreme vetting” policy, Department of Homeland Security secretary John Kelly said today.

As Talking Points Memo reported, Kelly held a press conference this afternoon to discuss the president’s new (and massively unpopular) travel ban. When pressed to explain what the “extreme vetting” part of the order could involve, Kelly answered, “It might be certainly an accounting of what websites they visit.” He stressed, however, that the new rules—whatever form they may take—are still “under development.”

“It might be telephone contact information [and] social media,” he continued. “We have to be convinced that people that come here, there’s a reasonable expectation that we don’t know who they are and what they’re coming here for and what their backgrounds are.”

Source: Trump’s ‘Extreme Vetting’ for US Visitors Could Involve Social Media Posts and Browser Histories

Secret FBI rules allow agents to obtain journalists’ phone records with approval from two internal officials — far less oversight than under normal judicial procedures. The classified rules, obtained by The Intercept and dating from 2013, govern the FBI’s use of national security letters, which allow the bureau to obtain information about journalists’ calls without going to a judge or informing the news organization being targeted.

Source: Secret Rules Make It Pretty Easy for the FBI to Spy on Journalists

NEW YORK — The U.S. government quietly began requesting that select foreign visitors provide their Facebook, Twitter and other social media accounts upon arriving in the country
[…]
Since Tuesday, foreign travelers arriving in the United States on the visa waiver program have been presented with an “optional” request to “enter information associated with your online presence,” a government official confirmed Thursday. The prompt includes a drop-down menu that lists platforms including Facebook, Google+, Instagram, LinkedIn and YouTube, as well as a space for users to input their account names on those sites.
[…]
“There are very few rules about how that information is being collected, maintained [and] disseminated to other agencies, and there are no guidelines about limiting the government’s use of that information,” said Michael W. Macleod-Ball, chief of staff for the American Civil Liberties Union’s Washington office.
“The choice to hand over this information is technically voluntary,” he said. “But the process to enter the U.S. is confusing, and it’s likely that most visitors will fill out the card completely rather than risk additional questions from intimidating, uniformed officers — the same officers who will decide which of your jokes are funny and which ones make you a security risk.”

Opponents also worry that the U.S. change will spark similar moves by other countries.

“Democratic and non-democratic countries — including those without the United States’ due process protections — will now believe they are more warranted in demanding social media information from visitors that could jeopardize visitors’ safety,” said Internet Association general counsel Abigail Slater. ”The nature of the DHS’ requests delves into personal information, creating an information dragnet.”

Source: U.S. government begins asking foreign travelers about social media

The 4th Reich in action again.

Previously, when the NSA passed data it collected through its secretive, advanced, and sometimes illegal methods, an NSA analyst would strip the data that pertained to innocent people, and would only pass on what they deemed necessary. Now, when the NSA shares information with another intelligence agency, it will pass on the raw data, with no redactions. This means that employees and analysts at the 16 other federal intelligence agencies will now see raw, unfiltered data collected by the NSA.

The New York Times neatly summed up the changes: “Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.”
Setup Timeout Error: Setup took longer than 30 seconds to complete.

Patrick Toomey, a staff attorney at the American Civil Liberties national security project, slammed the sharing of raw data between agencies, noting that it’s all collected without a warrant.

Source: Way More People Will Now Have Access to the NSA’s Raw, Unfiltered Data

Microsoft offers two settings – on and almost off – and a dashboard of collected data

Source: New Windows 10 privacy controls: Just a little snooping – or the max

Incredibly MS just won’t listen and even more incredibly, I’m seeing a lot of windows 10 machines 🙁

https://www.theguardian.com/technology/2016/dec/28/amazon-refuses-to-let-police-access-suspects-echo-recordings
Just to remind you, the more smart devices you have, the more they listen to you. It’s just a totalitarian state away from being used against you. 

Now, instead of plugging in an address, you can sync up your contacts and choose a friend’s name. The lucky buddy will receive a request from Uber—via push notification if they’re an Uber user, and via text message if they’re not—to provide their location. If they accept, their location is then transmitted to the driver, and it becomes the user’s destination. In other words, if you often find yourself out on the town but too wasted to figure out where to tell your friends to meet you, this feature was made for you.

Of course, any feature that asks for a location is bound to bring up privacy issues, particularly for people who didn’t even sign up for the app in the first place. Uber, however, is dismissive of these concerns.

“We have an entire privacy team that thinks through these questions,” a spokesperson told Gizmodo.

The spokesperson told us that location requests are “static,” and expire after half an hour. For non-Uber users, the company claims the requests disappear after the allotted time; For Uber users, the app will maintain records of where they went, but not who they sent the request to. The spokesperson added that a user must give his or her location every time.

But given Uber’s previous privacy hijinks, these assurances ring just a tad hollow. Earlier this month, the app rolled out a different update that asked users for permission to track them even when they weren’t using the app. A few days later, it was hit with a lawsuit filed by a former employee who claimed that workers used the app to peep on celebrities and former lovers. The lawsuit was particularly troubling given that Uber claimed several years ago that it had already dealt with the problem.

Source: Uber’s Latest Update Is Even Creepier Than Its Last One

Privacy Badger is a browser extension that automatically blocks hidden third-party trackers that would otherwise follow you around the web and spy on your browsing habits. Privacy Badger now has approximately 900,000 daily users and counting.

Third-party tracking—that is, when advertisers and websites track your browsing activity across the web without your knowledge, control, or consent—is an alarmingly widespread practice in online advertising. Privacy Badger spots and then blocks third-party domains that seem to be tracking your browsing habits (e.g. by setting cookies that could be used for tracking, or by fingerprinting your browser). If the same third-party domain appears to be tracking you on three or more different websites, Privacy Badger will conclude that the third party domain is a tracker and block future connections to it.

Privacy Badger always tells how many third-party domains it has detected and whether or not they seem to be trackers. Further, users have control over how Privacy Badger treats these domains, with options to block a domain entirely, block just cookies, or allow a domain.

Source: The New and Improved Privacy Badger 2.0 Is Here | Electronic Frontier Foundation

Instantly get a list of all your accounts, matched with direct links to delete them

Source: deseat.me

Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.

Source: WiGLE: Wireless Network Mapping

Can be used to find the physical address of someone’s wifi ssid

The app update (it’s 3.222.4, for those keeping track) changes the way Uber collects location data from its users. Previously, Uber only collected location information while a user had the app open – now, Uber asks users to always share their location with the ride-hailing company.

Uber says that, even though it can harvest your location constantly while its app is running in the background on your phone, it won’t use that capability. Instead, Uber claims it just needs a little bit more location data to improve its service, and it has to ask for constant access because of the way device-level permissions are structured.

Specifically, Uber wants access to a rider’s location from the moment she requests a ride until five minutes after the driver drops her off, even if the app is not in the foreground of her phone. Previously, Uber would not collect a rider’s background location during the trip, or her location after drop-off.

Source: Uber begins background collection of rider location data | TechCrunch

They have many excuses as to why, but who knows what the truth is? You have become the product of Uber and having them follow you around is just creepy.