Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases.

The FBI also claims authority to obtain cell-site location information with an NSL, which effectively turns a cell phone into a location tracking device. In court filings, the FBI said that at some point it stopped gathering location data as a matter of policy, but that it could secretly choose to resume the practice under existing authority.

Source: Revealed: What info the FBI can collect with a National Security Letter

That’s a hell of a lot of information they can collect without a court warrant… And they’ve been doing it for 11 years so far!

AdNauseam is a browser extension designed to obfuscate browsing data and protect users from surveillance and tracking by advertising networks. Simultaneously, AdNauseam serves as a means of amplifying users’ discontent with advertising networks that disregard privacy and facilitate bulk surveillance agendas.

Source: ADNAUSEAM – Clicking Ads So You Don’t Have To

Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.

Source: Sneaky Microsoft renamed its data slurper before sticking it back in Windows 10

Identity Mixer is designed to protect users’ privacy by focusing just on the essentials of the proof. Thanks to a set of algorithms based on cryptography work done at IBM Research, the tool allows developers to build apps that can authenticate users’ identities using what’s known as a “zero-knowledge proof” that collects no personal data.

Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. Each transaction a user makes receives a different public key and leaves no privacy “breadcrumbs.”

So, in the streaming service example, users would have both identity and subscription credentials stored in a personal Credential Wallet. To access a movie, they could use that electronic wallet to prove that they’re entitled to watch the selected content without having to expose any other details.

The result, according to IBM, is that users’ privacy is better preserved, and the service provider is spared the need to protect and secure all that extraneous data.

Source: New IBM tech lets apps authenticate you without personal data

Earlier this week the Center for Democracy and Technology (CDT) warned that an Indian firm called SilverPush has technology that allows adverts to ping inaudible commands to smartphones and tablets.

Now someone has reverse-engineered the code and published it for everyone to check.

SilverPush’s software kit can be baked into apps, and is designed to pick up near-ultrasonic sounds embedded in, say, a TV, radio or web browser advert. These signals, in the range of 18kHz to 19.95kHz, are too high pitched for most humans to hear, but can be decoded by software.

An application that uses SilverPush’s code can pick up these messages from the phone or tablet’s builtin microphone, and be directed to send information such as the handheld’s IMEI number, location, operating system version, and potentially the identity of the owner, to the application’s backend servers.

Source: How TV ads silently ping commands to phones: Sneaky SilverPush code reverse-engineered

The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. The calls span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014. Particularly notable within the vast trove of phone records are what appear to be at least 14,000 recor

Source: Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege

The 4th Reich is at it again!

It’s a privacy tool

Source: About me

Under the radar, Verizon, Sprint, and other carriers have partnered with firms including SAP to manage and sell data.

Source: The $24 Billion Data Business That Telcos Don’t Want to Talk About

Secret, anonymous messages aren’t just for the dastardly. Luckily, a little privacy isn’t difficult to get. With some effort and a spare phone, you’ll be whistleblowing, protecting your privacy from harassers, and staying anonymous when selling on Craigslist or looking for dates on Match. Here’s how.

Source: How to Create an Untraceable Messaging Device With an Old Phone

Basically install Hushed to generate disposable phone numbers, cyberghost / hideman for a free VPN service and someone elses WiFi.

Note – there are limitations to this project 🙂

The EU is offering a 3 month grace period before it starts to enforce the death of safe harbour. No data of EU citizens to repressive regimes!

Source: Europe’s top privacy watchdog calls on firms to curb U.S. data transfers

When companies like Ancestry.com and 23andMe first invited people to send in their DNA for genealogy tracing and medical diagnostic tests, privacy advocates warned about the creation of giant genetic databases that might one day be used against participants by law enforcement.

Source: Cops are asking Ancestry.com and 23andMe for their customers’ DNA

So, people are surprised that they are mistakenly used as suspects? And how surprised will they be when they find out that insurance companies have been dipping into these databases to find genetic defects?

We’ve all become used to the idea of ads online — it’s something that has become part and parcel of using the internet — but in Windows? If you’ve updated to build 10565 of Windows 10, you’re in for something of a surprise: the Start menu is now being used to display ads.

Source: Microsoft now uses Windows 10’s Start menu to display ads

It’s not enough that all your search data, browsing habits and file listings are sent to Microsoft, you are now pushed with ads. Please, Microsoft, just release a paid, non-invasive version of Windows 10?

Source: MPs to hold emergency debate over politicians’ communications being spied upon

hahahaha it turns out that they are not exempt from GHCQ spying after all – and now they care!

Source: Positionspapier des ULD zum Safe-Harbor-Urteil des Gerichtshofs der Europäischen Union vom 6. Oktober 2015, C-362/14 – ULD

I know the French were collaborators during WWII, but shouldn’t they have learned their lesson then?!

France wants proposed rules applied to EU citizens as well

Source: Fingerprints, facial scans, EU border data slurp too tasty for French to resist

Such as your name, frequent flyer number and record locator, which allows you to log into the company website and view the rest of your flights…

Source: What’s in a Boarding Pass Barcode? A Lot — Krebs on Security

The EU courts have found that Safe Harbour means that the 4th Reich may not have EU citizens’ data beamed to it, unless the company doing the beaming (eg Facebook) is prepared to safeguard the data from spying by the KGB. I mean Stazi. I mean NSA.

Source: The Court of Justice declares that the Commission’s US Safe Harbour Decision is invalid – cp150117en.pdf

Companies are whining that this will be bad for the EU economy, but I don’t see particularly that Chinese people are much the worse off for not having Facebook, and I’m sure that not having US government spying on the EU and then passing relevant information on to US companies gets rid of quite a significant competitive edge, allowing EU companies to grow a bit more fairly.

We collect non-personal data to make money from our free offerings so we can keep them free, including:

Advertising ID associated with your device.
Browsing and search history, including meta data.
Internet service provider or mobile network you use to connect to our products.
Information regarding other applications you may have on your device and how they are used.

Source: AVG to flog your web browsing, search history from mid-October • The Register

Time to quit using that then!

By 2010, GCHQ stated it was logging “30bn metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion.”GCHQ has since “developed new population scale analytics for multi-petabyte cluster,” which allows “population scale target discovery.”In a vision document for 2013, its aim was to have created “the world’s biggest SIGINT engine to run cyber operations and to enable IA, Effects and SIGINT … [as well as] to perform CNE exfiltration, eAD, beaconry, and geo-location.”

Source: Blighty’s GCHQ stashes away 50+ billion records a day on people. Just let that sink in • The Register

The judges identified two key problems with the law: that it does not provide for independent court or judicial scrutiny to ensure that only data deemed “strictly necessary” is examined; and that there is no definition of what constitutes “serious offences” in relation to which material can be investigated. For legal authority, the judges relied on an earlier decision, known as Digital Rights Ireland, by the European Court of Justice in Luxemburg, which is binding on UK courts.In their challenge, Davis and Watson argued that the law allowed the police and security services to spy on citizens without sufficient privacy safeguards.They said the legislation was incompatible with article eight of the European convention on human rights, the right to respect for private and family life, and articles seven and eight of the EU charter of fundamental rights, respect for private and family life and protection of personal data.The MPs complained that use of communications data was not limited to cases involving serious crime, that individual notices of data retention were kept secret, and that no provision was made for those under obligation of professional confidentiality, in particular lawyers and journalists. Nor, they argued, were there adequate safeguards against communications data leaving the EU.

Source: High court rules data retention and surveillance legislation unlawful | World news | The Guardian

Nice to see that at least EU courts can display sanity from time to time!

Sky News has found evidence that rogue mobile phone towers, which can listen in on people’s calls without their knowledge, are being operated in the UK.IMSI catchers, also known as Stingrays, mimic mobile phone masts and trick phones into logging on.The controversial surveillance technology is used by police agencies worldwide to target the communications of criminals.However, Stingrays also collect the data of all other phones in the area, meaning innocent people’s communications are spied on.

NB this means they can also collect en masse without a warrant…

get it here

MIAMI (AP) — Investigators do not need a search warrant to obtain cellphone tower location records in criminal prosecutions, a federal appeals court ruled Tuesday in a closely-watched case involving the rules for changing technology.

via News from The Associated Press.

Moar grip on your hapless citizens, comrade?