Previously, tourists, travelers and visa holders were warned they may have to hand over their online account names and handles so their public profiles can be studied by border agents and immigration officials.

Now Kelly wants to take that further, by demanding passwords from some visa applicants so g-men can log into Twitter, Facebook, online banking accounts, and so on, and rummage around for any eyebrow-raising non-public posts, messages and transactions. If you refuse, you can’t come in.

“We want to say ‘what kind of sites do you visit and give us your passwords,’ so we can see what they do,” Kelly explained, in response to a question from Representative Clay Higgins (R-LA).

“We want to get on their social media with passwords – what do you do, what do you say. If they don’t want to cooperate then they don’t come in. If they truly want to come to America they’ll cooperate, if not then ‘next in line’.”
[…]
Kelly said this invasive vetting of people’s online personas and accounts could take weeks or months, and that applicants would just have to wait until it was done. Representative Higgins said he agreed, and was anxious for Homeland Security and others to start trawling through people’s social media pages. Higgins said handing over such credentials should be mandatory.

Source: Want to come to the US? Be prepared to hand over your passwords if you’re on Trump’s hit list • The Register

The 4th reich keeps getting scarier.

Phone numbers, browser histories, and social media posts are all examples of the sort of data that could be mined from those entering the US under Trump’s “extreme vetting” policy, Department of Homeland Security secretary John Kelly said today.

As Talking Points Memo reported, Kelly held a press conference this afternoon to discuss the president’s new (and massively unpopular) travel ban. When pressed to explain what the “extreme vetting” part of the order could involve, Kelly answered, “It might be certainly an accounting of what websites they visit.” He stressed, however, that the new rules—whatever form they may take—are still “under development.”

“It might be telephone contact information [and] social media,” he continued. “We have to be convinced that people that come here, there’s a reasonable expectation that we don’t know who they are and what they’re coming here for and what their backgrounds are.”

Source: Trump’s ‘Extreme Vetting’ for US Visitors Could Involve Social Media Posts and Browser Histories

Secret FBI rules allow agents to obtain journalists’ phone records with approval from two internal officials — far less oversight than under normal judicial procedures. The classified rules, obtained by The Intercept and dating from 2013, govern the FBI’s use of national security letters, which allow the bureau to obtain information about journalists’ calls without going to a judge or informing the news organization being targeted.

Source: Secret Rules Make It Pretty Easy for the FBI to Spy on Journalists

NEW YORK — The U.S. government quietly began requesting that select foreign visitors provide their Facebook, Twitter and other social media accounts upon arriving in the country
[…]
Since Tuesday, foreign travelers arriving in the United States on the visa waiver program have been presented with an “optional” request to “enter information associated with your online presence,” a government official confirmed Thursday. The prompt includes a drop-down menu that lists platforms including Facebook, Google+, Instagram, LinkedIn and YouTube, as well as a space for users to input their account names on those sites.
[…]
“There are very few rules about how that information is being collected, maintained [and] disseminated to other agencies, and there are no guidelines about limiting the government’s use of that information,” said Michael W. Macleod-Ball, chief of staff for the American Civil Liberties Union’s Washington office.
“The choice to hand over this information is technically voluntary,” he said. “But the process to enter the U.S. is confusing, and it’s likely that most visitors will fill out the card completely rather than risk additional questions from intimidating, uniformed officers — the same officers who will decide which of your jokes are funny and which ones make you a security risk.”

Opponents also worry that the U.S. change will spark similar moves by other countries.

“Democratic and non-democratic countries — including those without the United States’ due process protections — will now believe they are more warranted in demanding social media information from visitors that could jeopardize visitors’ safety,” said Internet Association general counsel Abigail Slater. ”The nature of the DHS’ requests delves into personal information, creating an information dragnet.”

Source: U.S. government begins asking foreign travelers about social media

The 4th Reich in action again.

Previously, when the NSA passed data it collected through its secretive, advanced, and sometimes illegal methods, an NSA analyst would strip the data that pertained to innocent people, and would only pass on what they deemed necessary. Now, when the NSA shares information with another intelligence agency, it will pass on the raw data, with no redactions. This means that employees and analysts at the 16 other federal intelligence agencies will now see raw, unfiltered data collected by the NSA.

The New York Times neatly summed up the changes: “Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.”
Setup Timeout Error: Setup took longer than 30 seconds to complete.

Patrick Toomey, a staff attorney at the American Civil Liberties national security project, slammed the sharing of raw data between agencies, noting that it’s all collected without a warrant.

Source: Way More People Will Now Have Access to the NSA’s Raw, Unfiltered Data

Microsoft offers two settings – on and almost off – and a dashboard of collected data

Source: New Windows 10 privacy controls: Just a little snooping – or the max

Incredibly MS just won’t listen and even more incredibly, I’m seeing a lot of windows 10 machines 🙁

https://www.theguardian.com/technology/2016/dec/28/amazon-refuses-to-let-police-access-suspects-echo-recordings
Just to remind you, the more smart devices you have, the more they listen to you. It’s just a totalitarian state away from being used against you. 

Now, instead of plugging in an address, you can sync up your contacts and choose a friend’s name. The lucky buddy will receive a request from Uber—via push notification if they’re an Uber user, and via text message if they’re not—to provide their location. If they accept, their location is then transmitted to the driver, and it becomes the user’s destination. In other words, if you often find yourself out on the town but too wasted to figure out where to tell your friends to meet you, this feature was made for you.

Of course, any feature that asks for a location is bound to bring up privacy issues, particularly for people who didn’t even sign up for the app in the first place. Uber, however, is dismissive of these concerns.

“We have an entire privacy team that thinks through these questions,” a spokesperson told Gizmodo.

The spokesperson told us that location requests are “static,” and expire after half an hour. For non-Uber users, the company claims the requests disappear after the allotted time; For Uber users, the app will maintain records of where they went, but not who they sent the request to. The spokesperson added that a user must give his or her location every time.

But given Uber’s previous privacy hijinks, these assurances ring just a tad hollow. Earlier this month, the app rolled out a different update that asked users for permission to track them even when they weren’t using the app. A few days later, it was hit with a lawsuit filed by a former employee who claimed that workers used the app to peep on celebrities and former lovers. The lawsuit was particularly troubling given that Uber claimed several years ago that it had already dealt with the problem.

Source: Uber’s Latest Update Is Even Creepier Than Its Last One

Privacy Badger is a browser extension that automatically blocks hidden third-party trackers that would otherwise follow you around the web and spy on your browsing habits. Privacy Badger now has approximately 900,000 daily users and counting.

Third-party tracking—that is, when advertisers and websites track your browsing activity across the web without your knowledge, control, or consent—is an alarmingly widespread practice in online advertising. Privacy Badger spots and then blocks third-party domains that seem to be tracking your browsing habits (e.g. by setting cookies that could be used for tracking, or by fingerprinting your browser). If the same third-party domain appears to be tracking you on three or more different websites, Privacy Badger will conclude that the third party domain is a tracker and block future connections to it.

Privacy Badger always tells how many third-party domains it has detected and whether or not they seem to be trackers. Further, users have control over how Privacy Badger treats these domains, with options to block a domain entirely, block just cookies, or allow a domain.

Source: The New and Improved Privacy Badger 2.0 Is Here | Electronic Frontier Foundation

Instantly get a list of all your accounts, matched with direct links to delete them

Source: deseat.me

Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.

Source: WiGLE: Wireless Network Mapping

Can be used to find the physical address of someone’s wifi ssid

The app update (it’s 3.222.4, for those keeping track) changes the way Uber collects location data from its users. Previously, Uber only collected location information while a user had the app open – now, Uber asks users to always share their location with the ride-hailing company.

Uber says that, even though it can harvest your location constantly while its app is running in the background on your phone, it won’t use that capability. Instead, Uber claims it just needs a little bit more location data to improve its service, and it has to ask for constant access because of the way device-level permissions are structured.

Specifically, Uber wants access to a rider’s location from the moment she requests a ride until five minutes after the driver drops her off, even if the app is not in the foreground of her phone. Previously, Uber would not collect a rider’s background location during the trip, or her location after drop-off.

Source: Uber begins background collection of rider location data | TechCrunch

They have many excuses as to why, but who knows what the truth is? You have become the product of Uber and having them follow you around is just creepy.

While the UK was obsessing with Brexit and its aftermath, parliament quietly passed a contentious snooping law that gives authorities, everyone from police and spies to food regulators, fire officials and tax inspectors, the right to legally look at the internet browsing records of everyone in the country.
[…]
Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list:

Metropolitan police force
City of London police force
Police forces maintained under section 2 of the Police Act 1996
Police Service of Scotland
Police Service of Northern Ireland
British Transport Police
Ministry of Defence Police
Royal Navy Police
Royal Military Police
Royal Air Force Police
Security Service
Secret Intelligence Service
GCHQ
Ministry of Defence
Department of Health
Home Office
Ministry of Justice
National Crime Agency
HM Revenue & Customs
Department for Transport
Department for Work and Pensions
NHS trusts and foundation trusts in England that provide ambulance services
Common Services Agency for the Scottish Health Service
Competition and Markets Authority
Criminal Cases Review Commission
Department for Communities in Northern Ireland
Department for the Economy in Northern Ireland
Department of Justice in Northern Ireland
Financial Conduct Authority
Fire and rescue authorities under the Fire and Rescue Services Act 2004
Food Standards Agency
Food Standards Scotland
Gambling Commission
Gangmasters and Labour Abuse Authority
Health and Safety Executive
Independent Police Complaints Commissioner
Information Commissioner
NHS Business Services Authority
Northern Ireland Ambulance Service Health and Social Care Trust
Northern Ireland Fire and Rescue Service Board
Northern Ireland Health and Social Care Regional Business Services Organisation
Office of Communications
Office of the Police Ombudsman for Northern Ireland
Police Investigations and Review Commissioner
Scottish Ambulance Service Board
Scottish Criminal Cases Review Commission
Serious Fraud Office
Welsh Ambulance Services National Health Service Trust

Source: These Are The 48 Organizations That Now Have Access To Every Brit’s Browsing History

That’s a lot of places to potentially spill a very important dataset! Remember, they only have to break into one of the above places for it all…

Scientists say they can deduce the lifestyle of an individual, down to the kind of grooming products they use, food they eat and medications they take, from chemicals found on the surface of their mobile phone.

Experts say analysis of someone’s phone could be a boon both to healthcare professionals, and the police.

“You can narrow down male versus female; if you then figure out they use sunscreen then you pick out the [people] that tend to be outdoorsy – so all these little clues can sort of narrow down the search space of candidate people for an investigator,” said Pieter Dorrestein, co-author of the research from the University of California, San Diego.

Writing in the Proceedings of the National Academy of Sciences, researchers from the US and Germany describe how they swabbed the mobile phone and right hand of 39 individuals and analysed the samples using the highly sensitive technique of mass spectrometry.

The results revealed that each person had a distinct “signature” set of chemicals on their hands which distinguished them from each other. What’s more, these chemicals partially overlapped with those on their phones, allowing the devices to be distinguished from each other, and matched to their owners.

“If one looks at the hands of an individual they are unique in 99% of the samples investigated. In two cases we could not do that perfectly, but in one of those cases people lived together,” said Dorrestein. “In 69% of the cases we could perfectly match up the chemical profile, the molecular profile, on the phone to the person that it belonged to.”

But, he adds, the promise of the technique lies not in identifying individuals, but in building a profile of the phone’s owner.

Analysis of the chemical traces using a reference database allowed the team to match the chemicals to known substances or their relatives to reveal tell-tale clues from each individual’s life – from whether they use hair-loss treatments to whether they are taking antidepressants.

Some of the chemicals, such as the mosquito repellent DEET, were found more than four months after the product was last used by the phone’s owner.

The approach, the authors say, could be extended to produce a wide-ranging database that could be used by police to predict the lifestyle of an individual based on the specific set of trace chemicals found on their phone, keys or other objects.

Source: Chemical traces on your phone reveal your lifestyle, scientists say | Science | The Guardian

According to Facebook, if you send a message to a company, they then have permission to send you sponsored messages—or as we humans call them, ads. These will be unprompted “highly targeted, in-context” ads. Businesses that already have chat bots set up can start using the new feature immediately.

Source: Facebook Will Let Brands Send You Ads If You’ve Messaged Them Before

It seems to me a good reason to not use Facebook to get in touch with a company

In the case of Nvidia, Telemetry gets installed alongside the driver package. While you may — and should — customize the installation of the Nvidia driver so that only the bits that you require are installed, there is no option to disable the Telemetry components from being installed. These do get installed even if you only install the graphics driver itself in the custom installation dialog.

Source: Disable Nvidia Telemetry tracking on Windows – gHacks Tech News

This starts with version 375.70

Come on, who told these companies it was alright to just suck stuff off your machine without consent? And a EULA isn’t consent!

The page tells you they take privacy seriously, but with that I guess they mean they seriously don’t think you should have any. I guess this is the reason it’s only available for OSX or iphone – only Apple people would be dumb enough to send literally all their data to some company.

Source: Atlas Informatics

Images representing 117 million American adults – almost half the grownups in the country – can be found in the facial recognition databases maintained by US law enforcement agencies, according to a study conducted by the Center on Privacy and Technology at Georgetown Law School.

That figure is expected to grow as facial recognition technology becomes more capable and more commonplace. Yet such systems have very little oversight.
[…]
“Transparency makes a lot of the problems we’ve noticed easier to detect,” said Frankle.

Some of these problems include: the disproportionate representation of African Americans in US law enforcement databases; the potentially chilling effect of facial recognition on free speech; lack of reliable information on the accuracy of facial recognition systems; and unsettled questions about the circumstances under which facial recognition might violate Fourth Amendment protections against unreasonable searches.
[…]
At the same time, the utility of the technology remains open to question. Where public data about the efficacy of facial recognition searches exists, it’s not particularly compelling. “Of the FBI’s 36,420 searches of state license photo and mug shot databases, only 210 (0.6 per cent) yielded likely candidates for further investigations,” the study says. “Overall, 8,590 (4 per cent) of the FBI’s 214,920 searches yielded likely matches.”

What’s more, reliable metrics for the accuracy of facial recognition systems are scarce. For example, FaceFirst, facial recognition vendor, advertises “an identification rate above 95 per cent.” The CPT study claims this is misleading and cites a 2015 contract with the San Diego Association of Governments that disclaims any specific success rate: “FaceFirst makes no representations or warranties as to the accuracy and reliability of the product in the performance of its facial recognition capabilities.”
[…]
The study cites a facial recognition test conducted with real-time video in Mainz, Germany, from 2006 to 2007, where accuracy was 60 per cent during the day and 10 to 20 per cent at night.
[…]
“Face recognition can and should be used to respond to serious crimes and public emergencies,” the study concludes. “It should not be used to scan the face of any person, at any time, for any crime.”

Source: Meanwhile, in America: Half of adults’ faces are in police databases

Investigators in Lancaster, Calif., were granted a search warrant last May with a scope that allowed them to force anyone inside the premises at the time of search to open up their phones via fingerprint recognition, Forbes reported Sunday.The government argued that this did not violate the citizens’ Fifth Amendment protection against self incrimination because no actual passcode was handed over to authorities. Forbes was able to confirm with the residents of the building that the warrant was served, but the residents did not give any more details about whether their phones were successfully accessed by the investigators.”I was frankly a bit shocked,” said Andrew Crocker, a staff attorney at the Electronic Frontier Foundation (EFF), when he learned about the scope of search warrant. “As far as I know, this warrant application was unprecedented.”Crocker said that it’s both the fingerprint lock method and the wide reach of the warrant that are so surprising. Search warrants are typically required to be narrow and clear in scope, but this one was extended to include any phone that happens to be on the property, and all of the private data that that entails. He also described requiring phones to be unlocked via fingerprint, which does not technically count as handing over a self-incriminating password, as a “clever end-run” around constitutional rights.

Source: Using search warrants to get into fingerprint-locked phones

The mysterious Investigatory Powers Tribunal, which oversees Blighty’s snoops, has ruled that the bulk collection of personal data — conducted by GCHQ and MI5 between 1998 and 2015 — was illegal.

Responding to a claim brought by Privacy International, the 70-page judgment handed down this morning [PDF] found that the spooks’ surveillance activities had been taking place without adequate safeguards or supervision for over a decade; and as such were in breach of Article 8 of the European Convention on Human Rights.

[…]

There are huge risks associated with the use of bulk communications data. It facilitates the almost instantaneous cataloguing of entire populations’ personal data. It is unacceptable that it is only through litigation by a charity that we have learnt the extent of these powers and how they are used.

The public and Parliament deserve an explanation as to why everyone’s data was collected for over a decade without oversight in place and confirmation that unlawfully obtained personal data will be destroyed.

Source: Court finds GCHQ and MI5 engaged in illegal bulk data collection

One win for transparency. Will the UK gov care? Doubt it.

The Breast and Cosmetic Implant Registry (BCIR) is intended to prevent a repeat of faulty Poly Implant Prothèse (PIP) silicone breast implants scandal in 2010, in which fraudulently manufactured silicone gel implants affected thousands of women.

Its establishment is in response to recommendation 21 in Sir Bruce Keogh’s Review of the Regulation of Cosmetic interventions, which called for a cosmetic implant registry “to provide better monitoring of patient outcomes and device safety”.

[…]

The registry is expected to record more than 20,000 cases of implant surgery annually. Reporting of data will be done by the provider, via an online portal.

Source: New UK National silicone database will help avoid boobs

This makes no sense whatsoever to me, but for the life of me I can’t understand what other purpose the UK has in collecting such a specific set of surgery data.