The ability for companies to follow you from one platform to another — from your phone to your laptop to a physical store — is called cross-device tracking, and for businesses that want to market and sell stuff to you, it is basically the holy grail.

With robust tracking, a company can follow you basically from the moment you wake up and check social media feeds on your phone, through your commute, to work, back through the evening, and once more to your bed at night.
[…]
To get there, the FTC recently held a workshop on Cross-Device tracking, and has now published a report [PDF] highlighting some key facts about this increasingly popular practice.

Source: 5 Things We’ve Learned About How Companies Track You Online And Off – Consumerist

These same organizations also employ the use of social media analytics in order to reach the best target audience. Many of the tracked pieces of information helps them in this regard. More accurate advertising is very beneficial to them for obvious reasons.

1. You don’t need always to be logged in to be tracked.
2. Cross-device tracking can actually improve account security.
3. Companies are not at all transparent about tracking practices.
4. Consumers have very little control.
5. The industry is working on some voluntary self-regulation… sort of.

A U.S. judge has ordered Google to comply with search warrants seeking customer emails stored outside the United States, diverging from a federal appeals court that reached the opposite conclusion in a similar case involving Microsoft Corp (MSFT.O).

U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.

The judge said this was because there was “no meaningful interference” with the account holder’s “possessory interest” in the data sought.

“Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,” Rueter wrote.

Source: Google, unlike Microsoft, must turn over foreign emails: U.S. judge

I guess Rueter finds that invasion of privacy is no meaningful interference.

California electronics maker Vizio will cough up $2.2m after its smart TVs spied on millions of people.

America’s trade watchdog, the FTC, said today the payment will settle a complaint filed by the state of New Jersey accusing Vizio of violating privacy regulations: the biz had collected the viewing habits of 11 million television sets throughout the country without warning or permission.

According to the state attorney general’s federal complaint [PDF], from February 2014 to March 2016, Vizio noted down exactly what its customers were watching and then resold all those records as summaries to third parties – which were mostly advertising companies.

The usage data was not only collected while customers were watching over-the-air or cable TV broadcasts, but also when they were watching DVDs or streaming video from websites and over-the-top services like Netflix.

Vizio harvested surveillance on people and their families so precise, it knew exactly what you were watching, second by second, and even took copies of the watched video, according to prosecutors. Additionally, we’re told, Vizio resold summaries of personal information about its customers it had gathered, including age, marital status, and household income, to advertisers without consent.

Source: Vizio coughs up $2.2m after its smart TVs spied on millions of families • The Register

No mention of the records having to be destroyed though?

Previously, tourists, travelers and visa holders were warned they may have to hand over their online account names and handles so their public profiles can be studied by border agents and immigration officials.

Now Kelly wants to take that further, by demanding passwords from some visa applicants so g-men can log into Twitter, Facebook, online banking accounts, and so on, and rummage around for any eyebrow-raising non-public posts, messages and transactions. If you refuse, you can’t come in.

“We want to say ‘what kind of sites do you visit and give us your passwords,’ so we can see what they do,” Kelly explained, in response to a question from Representative Clay Higgins (R-LA).

“We want to get on their social media with passwords – what do you do, what do you say. If they don’t want to cooperate then they don’t come in. If they truly want to come to America they’ll cooperate, if not then ‘next in line’.”
[…]
Kelly said this invasive vetting of people’s online personas and accounts could take weeks or months, and that applicants would just have to wait until it was done. Representative Higgins said he agreed, and was anxious for Homeland Security and others to start trawling through people’s social media pages. Higgins said handing over such credentials should be mandatory.

Source: Want to come to the US? Be prepared to hand over your passwords if you’re on Trump’s hit list • The Register

The 4th reich keeps getting scarier.

Phone numbers, browser histories, and social media posts are all examples of the sort of data that could be mined from those entering the US under Trump’s “extreme vetting” policy, Department of Homeland Security secretary John Kelly said today.

As Talking Points Memo reported, Kelly held a press conference this afternoon to discuss the president’s new (and massively unpopular) travel ban. When pressed to explain what the “extreme vetting” part of the order could involve, Kelly answered, “It might be certainly an accounting of what websites they visit.” He stressed, however, that the new rules—whatever form they may take—are still “under development.”

“It might be telephone contact information [and] social media,” he continued. “We have to be convinced that people that come here, there’s a reasonable expectation that we don’t know who they are and what they’re coming here for and what their backgrounds are.”

Source: Trump’s ‘Extreme Vetting’ for US Visitors Could Involve Social Media Posts and Browser Histories

Secret FBI rules allow agents to obtain journalists’ phone records with approval from two internal officials — far less oversight than under normal judicial procedures. The classified rules, obtained by The Intercept and dating from 2013, govern the FBI’s use of national security letters, which allow the bureau to obtain information about journalists’ calls without going to a judge or informing the news organization being targeted.

Source: Secret Rules Make It Pretty Easy for the FBI to Spy on Journalists

NEW YORK — The U.S. government quietly began requesting that select foreign visitors provide their Facebook, Twitter and other social media accounts upon arriving in the country
[…]
Since Tuesday, foreign travelers arriving in the United States on the visa waiver program have been presented with an “optional” request to “enter information associated with your online presence,” a government official confirmed Thursday. The prompt includes a drop-down menu that lists platforms including Facebook, Google+, Instagram, LinkedIn and YouTube, as well as a space for users to input their account names on those sites.
[…]
“There are very few rules about how that information is being collected, maintained [and] disseminated to other agencies, and there are no guidelines about limiting the government’s use of that information,” said Michael W. Macleod-Ball, chief of staff for the American Civil Liberties Union’s Washington office.
“The choice to hand over this information is technically voluntary,” he said. “But the process to enter the U.S. is confusing, and it’s likely that most visitors will fill out the card completely rather than risk additional questions from intimidating, uniformed officers — the same officers who will decide which of your jokes are funny and which ones make you a security risk.”

Opponents also worry that the U.S. change will spark similar moves by other countries.

“Democratic and non-democratic countries — including those without the United States’ due process protections — will now believe they are more warranted in demanding social media information from visitors that could jeopardize visitors’ safety,” said Internet Association general counsel Abigail Slater. ”The nature of the DHS’ requests delves into personal information, creating an information dragnet.”

Source: U.S. government begins asking foreign travelers about social media

The 4th Reich in action again.

Previously, when the NSA passed data it collected through its secretive, advanced, and sometimes illegal methods, an NSA analyst would strip the data that pertained to innocent people, and would only pass on what they deemed necessary. Now, when the NSA shares information with another intelligence agency, it will pass on the raw data, with no redactions. This means that employees and analysts at the 16 other federal intelligence agencies will now see raw, unfiltered data collected by the NSA.

The New York Times neatly summed up the changes: “Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.”
Setup Timeout Error: Setup took longer than 30 seconds to complete.

Patrick Toomey, a staff attorney at the American Civil Liberties national security project, slammed the sharing of raw data between agencies, noting that it’s all collected without a warrant.

Source: Way More People Will Now Have Access to the NSA’s Raw, Unfiltered Data

Microsoft offers two settings – on and almost off – and a dashboard of collected data

Source: New Windows 10 privacy controls: Just a little snooping – or the max

Incredibly MS just won’t listen and even more incredibly, I’m seeing a lot of windows 10 machines 🙁

https://www.theguardian.com/technology/2016/dec/28/amazon-refuses-to-let-police-access-suspects-echo-recordings
Just to remind you, the more smart devices you have, the more they listen to you. It’s just a totalitarian state away from being used against you. 

Now, instead of plugging in an address, you can sync up your contacts and choose a friend’s name. The lucky buddy will receive a request from Uber—via push notification if they’re an Uber user, and via text message if they’re not—to provide their location. If they accept, their location is then transmitted to the driver, and it becomes the user’s destination. In other words, if you often find yourself out on the town but too wasted to figure out where to tell your friends to meet you, this feature was made for you.

Of course, any feature that asks for a location is bound to bring up privacy issues, particularly for people who didn’t even sign up for the app in the first place. Uber, however, is dismissive of these concerns.

“We have an entire privacy team that thinks through these questions,” a spokesperson told Gizmodo.

The spokesperson told us that location requests are “static,” and expire after half an hour. For non-Uber users, the company claims the requests disappear after the allotted time; For Uber users, the app will maintain records of where they went, but not who they sent the request to. The spokesperson added that a user must give his or her location every time.

But given Uber’s previous privacy hijinks, these assurances ring just a tad hollow. Earlier this month, the app rolled out a different update that asked users for permission to track them even when they weren’t using the app. A few days later, it was hit with a lawsuit filed by a former employee who claimed that workers used the app to peep on celebrities and former lovers. The lawsuit was particularly troubling given that Uber claimed several years ago that it had already dealt with the problem.

Source: Uber’s Latest Update Is Even Creepier Than Its Last One

Privacy Badger is a browser extension that automatically blocks hidden third-party trackers that would otherwise follow you around the web and spy on your browsing habits. Privacy Badger now has approximately 900,000 daily users and counting.

Third-party tracking—that is, when advertisers and websites track your browsing activity across the web without your knowledge, control, or consent—is an alarmingly widespread practice in online advertising. Privacy Badger spots and then blocks third-party domains that seem to be tracking your browsing habits (e.g. by setting cookies that could be used for tracking, or by fingerprinting your browser). If the same third-party domain appears to be tracking you on three or more different websites, Privacy Badger will conclude that the third party domain is a tracker and block future connections to it.

Privacy Badger always tells how many third-party domains it has detected and whether or not they seem to be trackers. Further, users have control over how Privacy Badger treats these domains, with options to block a domain entirely, block just cookies, or allow a domain.

Source: The New and Improved Privacy Badger 2.0 Is Here | Electronic Frontier Foundation

Instantly get a list of all your accounts, matched with direct links to delete them

Source: deseat.me

Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.

Source: WiGLE: Wireless Network Mapping

Can be used to find the physical address of someone’s wifi ssid

The app update (it’s 3.222.4, for those keeping track) changes the way Uber collects location data from its users. Previously, Uber only collected location information while a user had the app open – now, Uber asks users to always share their location with the ride-hailing company.

Uber says that, even though it can harvest your location constantly while its app is running in the background on your phone, it won’t use that capability. Instead, Uber claims it just needs a little bit more location data to improve its service, and it has to ask for constant access because of the way device-level permissions are structured.

Specifically, Uber wants access to a rider’s location from the moment she requests a ride until five minutes after the driver drops her off, even if the app is not in the foreground of her phone. Previously, Uber would not collect a rider’s background location during the trip, or her location after drop-off.

Source: Uber begins background collection of rider location data | TechCrunch

They have many excuses as to why, but who knows what the truth is? You have become the product of Uber and having them follow you around is just creepy.

While the UK was obsessing with Brexit and its aftermath, parliament quietly passed a contentious snooping law that gives authorities, everyone from police and spies to food regulators, fire officials and tax inspectors, the right to legally look at the internet browsing records of everyone in the country.
[…]
Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list:

Metropolitan police force
City of London police force
Police forces maintained under section 2 of the Police Act 1996
Police Service of Scotland
Police Service of Northern Ireland
British Transport Police
Ministry of Defence Police
Royal Navy Police
Royal Military Police
Royal Air Force Police
Security Service
Secret Intelligence Service
GCHQ
Ministry of Defence
Department of Health
Home Office
Ministry of Justice
National Crime Agency
HM Revenue & Customs
Department for Transport
Department for Work and Pensions
NHS trusts and foundation trusts in England that provide ambulance services
Common Services Agency for the Scottish Health Service
Competition and Markets Authority
Criminal Cases Review Commission
Department for Communities in Northern Ireland
Department for the Economy in Northern Ireland
Department of Justice in Northern Ireland
Financial Conduct Authority
Fire and rescue authorities under the Fire and Rescue Services Act 2004
Food Standards Agency
Food Standards Scotland
Gambling Commission
Gangmasters and Labour Abuse Authority
Health and Safety Executive
Independent Police Complaints Commissioner
Information Commissioner
NHS Business Services Authority
Northern Ireland Ambulance Service Health and Social Care Trust
Northern Ireland Fire and Rescue Service Board
Northern Ireland Health and Social Care Regional Business Services Organisation
Office of Communications
Office of the Police Ombudsman for Northern Ireland
Police Investigations and Review Commissioner
Scottish Ambulance Service Board
Scottish Criminal Cases Review Commission
Serious Fraud Office
Welsh Ambulance Services National Health Service Trust

Source: These Are The 48 Organizations That Now Have Access To Every Brit’s Browsing History

That’s a lot of places to potentially spill a very important dataset! Remember, they only have to break into one of the above places for it all…

Scientists say they can deduce the lifestyle of an individual, down to the kind of grooming products they use, food they eat and medications they take, from chemicals found on the surface of their mobile phone.

Experts say analysis of someone’s phone could be a boon both to healthcare professionals, and the police.

“You can narrow down male versus female; if you then figure out they use sunscreen then you pick out the [people] that tend to be outdoorsy – so all these little clues can sort of narrow down the search space of candidate people for an investigator,” said Pieter Dorrestein, co-author of the research from the University of California, San Diego.

Writing in the Proceedings of the National Academy of Sciences, researchers from the US and Germany describe how they swabbed the mobile phone and right hand of 39 individuals and analysed the samples using the highly sensitive technique of mass spectrometry.

The results revealed that each person had a distinct “signature” set of chemicals on their hands which distinguished them from each other. What’s more, these chemicals partially overlapped with those on their phones, allowing the devices to be distinguished from each other, and matched to their owners.

“If one looks at the hands of an individual they are unique in 99% of the samples investigated. In two cases we could not do that perfectly, but in one of those cases people lived together,” said Dorrestein. “In 69% of the cases we could perfectly match up the chemical profile, the molecular profile, on the phone to the person that it belonged to.”

But, he adds, the promise of the technique lies not in identifying individuals, but in building a profile of the phone’s owner.

Analysis of the chemical traces using a reference database allowed the team to match the chemicals to known substances or their relatives to reveal tell-tale clues from each individual’s life – from whether they use hair-loss treatments to whether they are taking antidepressants.

Some of the chemicals, such as the mosquito repellent DEET, were found more than four months after the product was last used by the phone’s owner.

The approach, the authors say, could be extended to produce a wide-ranging database that could be used by police to predict the lifestyle of an individual based on the specific set of trace chemicals found on their phone, keys or other objects.

Source: Chemical traces on your phone reveal your lifestyle, scientists say | Science | The Guardian

According to Facebook, if you send a message to a company, they then have permission to send you sponsored messages—or as we humans call them, ads. These will be unprompted “highly targeted, in-context” ads. Businesses that already have chat bots set up can start using the new feature immediately.

Source: Facebook Will Let Brands Send You Ads If You’ve Messaged Them Before

It seems to me a good reason to not use Facebook to get in touch with a company

In the case of Nvidia, Telemetry gets installed alongside the driver package. While you may — and should — customize the installation of the Nvidia driver so that only the bits that you require are installed, there is no option to disable the Telemetry components from being installed. These do get installed even if you only install the graphics driver itself in the custom installation dialog.

Source: Disable Nvidia Telemetry tracking on Windows – gHacks Tech News

This starts with version 375.70

Come on, who told these companies it was alright to just suck stuff off your machine without consent? And a EULA isn’t consent!

The page tells you they take privacy seriously, but with that I guess they mean they seriously don’t think you should have any. I guess this is the reason it’s only available for OSX or iphone – only Apple people would be dumb enough to send literally all their data to some company.

Source: Atlas Informatics