Facebook wants to show advertisers that their ads make you visit their bricks-and-mortar stores and buy their stuff. To do this, they’ll use phones’ location services to track whether people actually walk into the stores after seeing an ad.
Source: Facebook Will Start Tracking Which Stores You Walk Into
Researchers from the University of Washington and the University of California, San Diego did an experiment to see what could be learned from just the information many cars are already recording. The result was that the way people drove was as identifiable as a fingerprint. […] When it was given data from all 16 sensors for the whole drive, the match was made 100 percent of the time. When it was given data from five sensors, three sensors, and even just the brake pedal, the match was made 100 percent of the time.
On just 15 minutes of data and all 16 sensors, the match was made 100 percent of the time. Just the brake pedal was 87 percent accurate.
This research reveals just how much data your car is actually collecting—and that turning over all that data through apps or insurance company dongles may be revealing more about yourself than you realize. Tesla, with its auto-uploading feature, probably knows a lot about its drivers.
Source: You Can Absolutely Be Identified Just By How You Drive
In a study published online Monday in the journal Proceedings of the National Academy of Sciences, Stanford University researchers demonstrated how they used publicly available sources—like Google searches and the paid background-check service Intelius—to identify “the overwhelming majority” of their 823 volunteers based only on their anonymized call and SMS metadata.
Using data collected through a special Android app, the Stanford researchers determined that they could easily identify people based on their call and message logs.
The results cast doubt on claims by senior intelligence officials that telephone and Internet “metadata”—information about communications, but not the content of those communications—should be subjected to a lower privacy threshold because it is less sensitive.
Contrary to those claims, the researchers wrote, “telephone metadata is densely interconnected, susceptible to reidentification, and enables highly sensitive inferences.” Study shows phone metadata is much more sensitive than top spies admit
The NCC, a consumer rights watchdog, is conducting an investigation into 20 apps’ terms and conditions to see if the apps do what their permissions say they do and to monitor data flows. Tinder has already been reported to the Norwegian data protection authority for similar breaches of privacy laws. The NCC’s investigation into Runkeeper discovered that user location data is tracked around the clock and gets transmitted to a third party advertiser in the U.S. called Kiip.me.
Source: Runkeeper is secretly tracking you around the clock and sending your data to advertisers
Users of the Russian imageboard “Dvach” (2chan) have launched a campaign to deanonymize Russian actresses who appear in pornography, utilizing a controversial new service called “FindFace.”
Source: Facial Recognition Service Becomes a Weapon Against Russian Porn Actresses – Global Voices Advocacy
What a bunch of pissants – using a creepy stalker app to then send the contacts of porn actresses porn pictures of their friends. To me it sounds like these guys are so jealous of people having sex whilst they never will, that they’d rather just spoil it for everyone and try to make sure there are no more porn actresses.
In my hands is something dangerous. It is proof that someone moved confidential government data out of Mexico and into the United States. It is a hard drive with 93.4 million downloaded voter registration records— The Mexican voter database.
See the interview with Chris Vickery commenting on this breach:
Before going any further, let’s make one thing very clear. I’m not the one who transmitted the data out of Mexico. Someone else will have to answer for that. However, eight days ago (April 14th), I did discover a publicly accessible database, hosted on an Amazon cloud server, containing these records. There was no password or authentication of any sort required. It was configured purely for public access. Why? I have no clue.
After reporting the situation to the US State Department, DHS, the Mexican Embassy in Washington, the Mexican Instituto Nacional Electoral (INE), and Amazon, the database was finally taken offline April 22nd, 2016.
Under Mexican law, these files are “strictly confidential”, carrying a penalty of up to 12 years in prison for anyone extracting this data from the government for personal gain. We’re talking about names, home addresses, birthdates, a couple of national identification numbers, and a few other bits of info.
Source: BREAKING: Massive Breach of Mexican Voter Data – Blog – MacKeeper™
The new rules include provisions on:
a right to be forgotten, “clear and affirmative consent” to the processing of private data by the person concerned, a right to transfer your data to another service provider, the right to know when your data has been hacked, ensuring that privacy policies are explained in clear and understandable language, and stronger enforcement and fines up to 4% of firms’ total worldwide annual turnover, as a deterrent to breaking the rules.
Source: Data protection reform – Parliament approves new rules fit for the digital era
So we get simpler EULAs that no one will read either… But it’s nice to have control over your own data and the right to know when your data has been breeched. Not that you can do much with that knowledge, but ok.
Hotjar is a new and easy way to truly understand your web and mobile site visitors.
I’ve been seeing this on more and more sites recently. They state that the service is cheap (but no pricing to be found) and I’m very curious if they keep your data and link it to you as a person on multiple tracked sites?
Clearista products were designed with medical applications in mind before they became beauty products. The idea was that removing the product got you access to traces or biological markers that give an insight into the health of a person. They also cover blemishes and dark spots on the skin. So the CIA is interested, as DNA is one of the markers they can pick up. They use their vehicle In-Q-Tel (IQT) to fund Skincential Sciences, which produces Clearista (among other products)
Source: CIA’s Venture Capital Arm Is Funding Skin Care Products That Collect DNA
3. Ownership. IFTTT shall own all right, title, and interest (and all related moral rights and intellectual property rights) in and to the Developer Tool, Service, and Content
12. Patent License. Licensee hereby grants IFTTT a nonexclusive, sublicensable, perpetual, fully-paid, worldwide license to fully exercise and exploit all patent rights with respect to improvements or extensions created by or for Licensee to the API
And many more things that really are not too acceptable.
See this blog post
My heroic and lazy stand against ifttt
Do you work for a big company? Have you been having back pain? Your company probably knows about it already thanks to high-tech healthcare companies that it hired. Welcome to our brave new world of big data.
Source: Companies Are Using Big Data to Discourage Employees From Having Costly Surgery
They are using this to improve the health of their employess. Good. But also to track who is trying to get pregnant. Bad. Health information is very private for a reason. Having your employer look at it is very very bad and can lead to discrimination based on your medical history.
Pentagon: DRTBox can usually nab phone’s crypto session keys in under a second.
Source: City cops in Disneyland’s backyard have had “stingray on steroids” for years
Military grade Dirtboxes have been flying for the police without requiring a warrant for years. The 4th Reich irrepresive surveillance machine strikes again – Anaheim won’t be the only police force using this stuff.
Without trust, Microsoft thinks, nobody is going to use any cloud services, and the Snowden revelations put the trustworthiness of all technology suppliers in the spotlight. So when a warrant arrived at Microsoft’s Dublin data centre one day in 2013, a not uncommon occurrence for a cloud host, Microsoft was ready to kick back.
What Microsoft has done is refuse to comply, putting itself voluntarily in contempt of court. At issue is a piece of legislation called the 1986 Stored Communications Act, and the software firm is challenging two key things about it. Firstly, that the act covers private data that happens to be stored on your behalf by a third party (in this case Microsoft). Microsoft argues that the personal data is not its own, much as a UGC hosted YouTube argues that it doesn’t own material that is “stored at users’ direction”
[…]
“These are the private communications of our customers. They’re not ours. We don’t have access to them. We don’t want access to them,” he told an audience this week. “That’s a very different position to saying that any data stored with a cloud provider is a business record of that cloud provider, that can then be turned over to the government. That is a very dangerous precedent.”And an interview with The Register clarified that point further: “By design we tell customers it is yours, we’re not going to access your data.”
Source: Microsoft legal eagle explains why the Irish Warrant Fight covers your back
Per 1 januari is de naam van het College bescherming persoonsgegevens (CBP) veranderd in Autoriteit Persoonsgegevens. Voortaan kan de Autoriteit Persoonsgegevens boetes opleggen en zijn organisaties verplicht ernstige datalekken direct te melden aan de toezichthouder. Onvoldoende zorgvuldige omgang met persoonsgegevens levert voortaan dus zowel een boete als reputatieschade op. De maximale boete is 820.000 euro.
Source: Nieuwe taken voor Autoriteit Persoonsgegevens – Emerce
NSA under President Obama targeted Israeli Prime Minister Benjamin Netanyahu and his top aides for surveillance. In the process, the agency ended up eavesdropping on “the contents of some of their private conversations with U.S. lawmakers and American-Jewish groups” about how to sabotage the Iran Deal. All sorts of people who spent many years cheering for and defending the NSA and its programs of mass surveillance are suddenly indignant now that they know the eavesdropping included them and their American
Oh dear, so you’re all for spying on people unless it’s suddenly yourself?
This might seem like a slightly strange statistic for Microsoft to keep track of, but the company knows how long, collectively, Windows 10 has been running on computers around the world. To have reached this figure (11 billion hours in December, apparently) Microsoft must have been logging individuals’ usage times
Source: Why is Microsoft monitoring how long you use Windows 10?
When a user installs AVG AntiVirus, a Chrome extension called “AVG Web TuneUp” with extension id chfdnecihphmhljaaejmgoiahnihplgn is force-installed. I can see from the webstore statistics it has nearly 9 million active Chrome users.
the attached exploit steals cookies from avg.com. It also exposes browsing history and other personal data to the internet, I wouldn’t be surprised if it’s possible to turn this into arbitrary code execution.
One of the excellent features of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key – which can be used to unlock your encrypted disk – to Microsoft’s servers, probably without your knowledge and without an option to opt-out.
[…]
As Green puts it, “Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.”
Source: Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key
Under the original CISA legislation, companies would share their users’ information with federal government departments once it had been anonymized. The government could then analyze it for online threats, while the companies received legal immunity from prosecution for breaking existing privacy agreements.
But as the bill was amended, the privacy parts of the proposed law have been stripped away. Now companies don’t have to anonymize data before handing it over. In addition, the government can use it for surveillance and for activities outside cybercrime. And in addition, companies don’t have to report security failings even if they spot them.
Source: Congress strips out privacy protections from CISA ‘security’ bill
IAB Europe maakt zich grote zorgen over de nieuwe geharmoniseerde privacywetten die in 2018 van kracht worden in Europa. Ook Apple, Google, Microsoft en Nederland ICT zien economische hindernissen ontstaan.
Source: IAB: ‘Nieuwe privacywet maakt online branche kreupel’ – Emerce
Ted Cruz’s presidential campaign is using psychological data based on research spanning tens of millions of Facebook users, harvested largely without their permission, to boost his surging White House run and gain an edge over Donald Trump and other Republican rivals, the Guardian can reveal.
A little-known data company (Cambridge Analytica), now embedded within Cruz’s campaign and indirectly financed by his primary billionaire benefactor, paid researchers at Cambridge University to gather detailed psychological profiles about the US electorate using a massive pool of mainly unwitting US Facebook users built with an online survey.
Watch the Guardian’s sit-down interview with Ted Cruz: ‘Minorities suffer when police are vilified’As part of an aggressive new voter-targeting operation, Cambridge Analytica – financially supported by reclusive hedge fund magnate and leading Republican donor Robert Mercer – is now using so-called “psychographic profiles” of US citizens in order to help win Cruz votes, despite earlier concerns and red flags from potential survey-takers.
Source: Ted Cruz campaign using firm that harvested data on millions of unwitting Facebook users
Privacy International battle exposes ‘bulk’ warrants
Documents released by GCHQ to the Investigatory Powers Tribunal suggest the agency may be allowed to hack multiple computers in the UK under single “thematic” or “class” warrants.
Responding to complaints brought by Privacy International and seven global internet and communication service providers, the British spy agency told the tribunal it was applying for bulk hacking warrants from secretaries of state and then deciding internally whether it was necessary and proportionate to hack the individuals targeted.
Source: GCHQ can hack your systems at will – thanks to ‘soft touch’ oversight
Russia’s legal framework around the mass surveillance was found to be unfit because it did not limit the circumstances in which public authorities were allowed to conduct their surveillance activities, nor were there any limits on the duration of those activities.
Additionally, there was insufficient supervision of the interception and a lack of “procedures for authorising interception as well as for storing and destroying the intercepted data”.
Source: Russia’s blanket phone spying busted Europe’s human rights laws
British programmer and writer John Graham-Cumming has spotted something interesting in the opening protocol of any HTTP/2 connection: an array of explicitly formatted code which spells the word PRISM, in an apparent reference to the NSA’s primary program for mass-surveillance of the internet, as disclosed by Edward Snowden in 2013.
The HTTP/2 client connection begins its work with a 24-octet sequence which unravels to PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n. Anyone who has ever tried to make a line wrap in web server output will discount the returns and line breaks (such as ‘\r’ and ‘\n’) and see the word ‘PRISM’ stripped away from the code which it is sitting inside.
Source: Anti-NSA Easter egg in HTTP/2, it seems