New EU rules would require chat apps to scan private messages for child abuse

The European Commission has proposed controversial new regulation that would require chat apps like WhatsApp and Facebook Messenger to selectively scan users’ private messages for child sexual abuse material (CSAM) and “grooming” behavior. The proposal is similar to plans mooted by Apple last year but, say critics, much more invasive. After a draft of the Read more about New EU rules would require chat apps to scan private messages for child abuse[…]

Web ad firms scrape email addresses before you press the submit button

Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers. Some of these firms are said to have also inadvertently grabbed passwords from these forms. In a research paper scheduled to appear at the Usenix ’22 security Read more about Web ad firms scrape email addresses before you press the submit button[…]

Indian Government Now Wants VPNs To Collect And Turn Over Personal Data On Users

The government of India still claims to be a democracy, but its decade-long assault on the internet and the rights of its citizens suggests it would rather be an autocracy. The country is already host to one of the largest biometric databases in the world, housing information collected from nearly every one of its 1.2 Read more about Indian Government Now Wants VPNs To Collect And Turn Over Personal Data On Users[…]

Hackers are reportedly using emergency data requests to extort women and minors

In response to fraudulent legal requests, companies like Apple, Google, Meta and Twitter have been tricked into sharing sensitive personal information about some of their customers. We knew that was happening as recently as last month when Bloomberg published a report on hackers using fake emergency data requests to carry out financial fraud. But according Read more about Hackers are reportedly using emergency data requests to extort women and minors[…]

Brave’s De-AMP feature bypasses harmful Google AMP pages

Brave announced a new feature for its browser on Tuesday: De-AMP, which automatically jumps past any page rendered with Google’s Accelerated Mobile Pages framework and instead takes users straight to the original website. “Where possible, De-AMP will rewrite links and URLs to prevent users from visiting AMP pages altogether,” Brave said in a blog post. Read more about Brave’s De-AMP feature bypasses harmful Google AMP pages[…]

Cisco’s Webex phoned home audio telemetry even when muted

Boffins at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones – and that these apps have the ability to access audio data when muted, or actually do so. The research is described in a paper titled, “Are You Really Muted?: A Privacy Analysis of Mute Buttons in Read more about Cisco’s Webex phoned home audio telemetry even when muted[…]

Mega-Popular Muslim Prayer Apps Were Secretly Harvesting Phone Numbers

Google recently booted over a dozen apps from its Play Store—among them Muslim prayer apps with 10 million-plus downloads, a barcode scanner, and a clock—after researchers discovered secret data-harvesting code hidden within them. Creepier still, the clandestine code was engineered by a company linked to a Virginia defense contractor, which paid developers to incorporate its Read more about Mega-Popular Muslim Prayer Apps Were Secretly Harvesting Phone Numbers[…]

EU, US strike preliminary deal to unlock transatlantic data flows – yup, the EU will let the US spy on it’s citizens freely again

Negotiators have been working on an agreement — which allows Europeans’ personal data to flow to the United States — since the EU’s top court struck down the Privacy Shield agreement in July 2020 because of fears that the data was not safe from access by American agencies once transferred across the Atlantic. The EU Read more about EU, US strike preliminary deal to unlock transatlantic data flows – yup, the EU will let the US spy on it’s citizens freely again[…]

Messages, Dialer apps sent text, call info to Google

Google’s Messages and Dialer apps for Android devices have been collecting and sending data to Google without specific notice and consent, and without offering the opportunity to opt-out, potentially in violation of Europe’s data protection law. According to a research paper, “What Data Do The Google Dialer and Messages Apps On Android Send to Google?” Read more about Messages, Dialer apps sent text, call info to Google[…]

HBO hit with class action lawsuit for allegedly sharing subscriber data with Facebook

HBO is facing a class action lawsuit over allegations that it gave subscribers’ viewing history to Facebook without proper permission, Variety has reported. The suit accuses HBO of providing Facebook with customer lists, allowing the social network to match viewing habits with their profiles. It further alleges that HBO knows Facebook can combine the data Read more about HBO hit with class action lawsuit for allegedly sharing subscriber data with Facebook[…]

Italy slaps creepy webscraping facial recognition firm Clearview AI with €20 million fine

Italy’s data privacy watchdog said it will fine the controversial facial recognition firm Clearview AI for breaching EU law. An investigation by Garante, Italy’s data protection authority, found that the company’s database of 10 billion images of faces includes those of Italians and residents in Italy. The New York City-based firm is being fined €20 Read more about Italy slaps creepy webscraping facial recognition firm Clearview AI with €20 million fine[…]

UK Online Safety Bill to require more data to use social media – eg send them your passport

The country’s forthcoming Online Safety Bill will require citizens to hand over even more personal data to largely foreign-headquartered social media platforms, government minister Nadine Dorries has declared. “The vast majority of social networks used in the UK do not require people to share any personal details about themselves – they are able to identify Read more about UK Online Safety Bill to require more data to use social media – eg send them your passport[…]

EU Data Watchdog Calls for Total Ban of Pegasus Spyware

Israeli authorities say it should be probed and U.S. authorities are calling for it to be sanctioned, but EU officials have a different idea for how to handle Pegasus spyware: just ban that shit entirely. That’s the main takeaway from a new memo released by EPDS, the Union’s dedicated data watchdog on Tuesday, noting that Read more about EU Data Watchdog Calls for Total Ban of Pegasus Spyware[…]

Is Microsoft Stealing People’s Bookmarks, passwords, ID / passport numbers without consent?

received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this is Read more about Is Microsoft Stealing People’s Bookmarks, passwords, ID / passport numbers without consent?[…]

Suicide Hotline Collected, Monetized The Data Of Desperate People, Because Of Course It Did

Crisis Text Line, one of the nation’s largest nonprofit support options for the suicidal, is in some hot water. A Politico report last week highlighted how the company has been caught collecting and monetizing the data of callers… to create and market customer service software. More specifically, Crisis Text Line says it “anonymizes” some user Read more about Suicide Hotline Collected, Monetized The Data Of Desperate People, Because Of Course It Did[…]

Google adds new opt out tracking for Workspace Customers

[…] according to a new FAQ posted on Google’s Workplace administrator forum. At the end of that month, the company will be adding a new feature—“Workspace search history”—that can continue to track these customers, even if they, or their admins, turn activity tracking off. The worst part? Unlike Google’s activity trackers that are politely defaulted Read more about Google adds new opt out tracking for Workspace Customers[…]

LG Announces New Ad Targeting Features for TVs – wait, wtf, I bought my TV, not a service!

[… ] there are plenty of cases where you throw down hundreds of dollars for a piece of hardware and then you end up being the product anyway. Case in point: TVs. On Wednesday, the television giant LG announced a new offering to advertisers that promises to be able to reach the company’s millions of Read more about LG Announces New Ad Targeting Features for TVs – wait, wtf, I bought my TV, not a service![…]

How to Download Everything Amazon Knows About You (It’s a Lot)

[…]To be clear, data collection is far from an Amazon-specific problem; it’s pretty much par for the course when it comes to tech companies. Even Apple, a company vocal about user privacy, has faced criticism in the past for recording Siri interactions and sharing them with third-party contractors. The issue with Amazon, however, is the Read more about How to Download Everything Amazon Knows About You (It’s a Lot)[…]

German IT security watchdog: No evidence of censorship function in Xiaomi phones

Germany’s federal cybersecurity watchdog, the BSI, did not find any evidence of censorship functions in mobile phones manufactured by China’s Xiaomi Corp (1810.HK), a spokesperson said on Thursday. Lithuania’s state cybersecurity body had said in September that Xiaomi phones had a built-in ability to detect and censor terms such as “Free Tibet”, “Long live Taiwan Read more about German IT security watchdog: No evidence of censorship function in Xiaomi phones[…]

This App Will Tell Android Users If an AirTag Is Tracking Them

Apple’s AirTags and Find My service can be helpful for finding things you lose—but they also introduce a big privacy problem. While those of us on iOS have had some tools for fighting those issues, Apple left those of us on Android without much to work with. A new Android AirTag finder app finally addresses Read more about This App Will Tell Android Users If an AirTag Is Tracking Them[…]

Banks, ISPs Increasingly Embrace ‘Voice Print’ Authentication Despite Growing Security Risk

While it’s certainly possible to sometimes do biometrics well, a long line of companies frequently… don’t. Voice print authentication is particularly shaky, especially given the rise of inexpensive voice deepfake technology. But, much like the continued use of text-message two-factor authentication (which is increasingly shown to not be secure), it apparently doesn’t matter to a Read more about Banks, ISPs Increasingly Embrace ‘Voice Print’ Authentication Despite Growing Security Risk[…]

Apple Removes All References to Controversial CSAM Scanning Feature – where they would scan all the pictures you took

Apple has quietly nixed all mentions of CSAM from its Child Safety webpage, suggesting its controversial plan to detect child sexual abuse images on iPhones and iPads may hang in the balance following significant criticism of its methods. Apple in August announced a planned suite of new child safety features, including scanning users’ iCloud Photos Read more about Apple Removes All References to Controversial CSAM Scanning Feature – where they would scan all the pictures you took[…]

Report: VPNs Are Often a Mixed Bag for Privacy

[…] Consumer Reports, which recently published a 48-page white paper on VPNs that looks into the privacy and security policies of 16 prominent VPN providers. Researchers initially looked into some 51 different companies but ultimately honed in on the most prominent, high-quality providers. The results are decidedly mixed, with the report highlighting a lot of Read more about Report: VPNs Are Often a Mixed Bag for Privacy[…]

Prisons snoop on inmates’ phone calls with speech-to-text AI

Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls. A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone Read more about Prisons snoop on inmates’ phone calls with speech-to-text AI[…]