Microsoft has made OneDrive slightly more annoying for Windows 11 users. Quietly and without any announcement, the company changed Windows 11’s initial setup so that it could turn on the automatic folder backup without asking for it.

Now, those setting up a new Windows computer the way Microsoft wants them to (in other words, connected to the internet and signed into a Microsoft account) will get to their desktops with OneDrive already syncing stuff from folders like Desktop Pictures, Documents, Music, and Videos. Depending on how much is stored there, you might end up with a desktop and other folders filled to the brim with shortcuts to various stuff right after finishing a clean Windows installation.

Automatic folder backup in OneDrive is a very useful feature when used properly and when the user deliberately enables it. However, Microsoft decided that sending a few notification prompts to enable folder backup was not enough, so it just turned the feature on without asking anybody or even letting users know about it, resulting in a flood of Reddit posts about users complaining about what the hell are those green checkmarks next to files and shortcuts on their desktops.

If you do not want your computer to back up everything on your desktop or other folders, here is how to turn the feature off (you can also set up Windows 11 in offline mode):

1. Right-click the OneDrive icon in the tray area, click the settings icon and then press Settings.
2. Go to the “Sync and Backup” tab and click “Manage backup.”
3. Turn off all the folders you do not want to back up in OneDrive and confirm the changes.
4. If you have an older OneDrive version with the classic tabbed interface, go to the Backup tab and click Manage Backup > Stop backup > Stop backup.

Microsoft is no stranger to shady tricks with its software and operating system. Several months ago, we noticed that OneDrive would not let you close it without you explaining the reason first (Microsoft later reverted that stupid change). A similar thing was also spotted in the Edge browser, with Microsoft asking users why they downloaded Chrome.

As a reminder, you can always just uninstall OneDrive and call it a day.

Source: Windows 11 is now automatically enabling OneDrive folder backup without asking permission – Neowin

Automated license plate readers “pose risks to public safety,” argues the EFF, “that may outweigh the crimes they are attempting to address in the first place.” When law enforcement uses automated license plate readers (ALPRs) to document the comings and goings of every driver on the road, regardless of a nexus to a crime, it results in gargantuan databases of sensitive information, and few agencies are equipped, staffed, or trained to harden their systems against quickly evolving cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA), a component of the U.S. Department of Homeland Security, released an advisory last week that should be a wake up call to the thousands of local government agencies around the country that use ALPRs to surveil the travel patterns of their residents by scanning their license plates and “fingerprinting” their vehicles. The bulletin outlines seven vulnerabilities in Motorola Solutions’ Vigilant ALPRs, including missing encryption and insufficiently protected credentials…

Unlike location data a person shares with, say, GPS-based navigation app Waze, ALPRs collect and store this information without consent and there is very little a person can do to have this information purged from these systems… Because drivers don’t have control over ALPR data, the onus for protecting the data lies with the police and sheriffs who operate the surveillance and the vendors that provide the technology. It’s a general tenet of cybersecurity that you should not collect and retain more personal data than you are capable of protecting. Perhaps ironically, a Motorola Solutions cybersecurity specialist wrote an article in Police Chief magazine this month that public safety agencies “are often challenged when it comes to recruiting and retaining experienced cybersecurity personnel,” even though “the potential for harm from external factors is substantial.” That partially explains why, more than 125 law enforcement agencies reported a data breach or cyberattacks between 2012 and 2020, according to research by former EFF intern Madison Vialpando. The Motorola Solutions article claims that ransomware attacks “targeting U.S. public safety organizations increased by 142 percent” in 2023.

Yet, the temptation to “collect it all” continues to overshadow the responsibility to “protect it all.” What makes the latest CISA disclosure even more outrageous is it is at least the third time in the last decade that major security vulnerabilities have been found in ALPRs… If there’s one positive thing we can say about the latest Vigilant vulnerability disclosures, it’s that for once a government agency identified and reported the vulnerabilities before they could do damage… The Michigan Cyber Command center found a total of seven vulnerabilities in Vigilant devices; two of which were medium severity and 5 of which were high severity vulnerabilities…

But a data breach isn’t the only way that ALPR data can be leaked or abused. In 2022, an officer in the Kechi (Kansas) Police Department accessed ALPR data shared with his department by the Wichita Police Department to stalk his wife.
The article concludes that public safety agencies should “collect only the data they need for actual criminal investigations.

“They must never store more data than they adequately protect within their limited resources-or they must keep the public safe from data breaches by not collecting the data at all.”

Source: EFF: New License Plate Reader Vulnerabilties Prove The Tech Itself is a Public Safety Threat

European Union officials have delayed talks over proposed legislation that could lead to messaging services having to scan photos and links to detect possible child sexual abuse material (CSAM). Were the proposal to become law, it may require the likes of WhatsApp, Messenger and Signal to scan all images that users upload — which would essentially force them to break encryption.

For the measure to pass, it would need to have the backing of at least 15 of the member states representing at least 65 percent of the bloc’s entire population. However, countries including Germany, Austria, Poland, the Netherlands and the Czech Republic were expected to abstain from the vote or oppose the plan due to cybersecurity and privacy concerns, Politico reports. If EU members come to an agreement on a joint position, they’ll have to hash out a final version of the law with the European Commission and European Parliament.

The legislation was first proposed in 2022 and it could result in messaging services having to scan all images and links with the aim of detecting CSAM and communications between minors and potential offenders. Under the proposal, users would be informed about the link and image scans in services’ terms and conditions. If they refused, they would be blocked from sharing links and images on those platforms. However, as Politico notes, the draft proposal includes an exemption for “accounts used by the State for national security purposes.”

[…]

Patrick Breyer, a digital rights activist who was a member of the previous European Parliament before this month’s elections, has argued that proponents of the so-called “chat control” plan aimed to take advantage of a power vacuum before the next parliament is constituted. Breyer says that the delay of the vote, prompted in part by campaigners, “should be celebrated,” but warned that “surveillance extremists among the EU governments” could again attempt to advance chat control in the coming days.

Other critics and privacy advocates have slammed the proposal. Signal president Meredith Whittaker said in a statement that “mass scanning of private communications fundamentally undermines encryption,” while Edward Snowden described it as a “terrifying mass surveillance measure.”

[…]

The EU is not the only entity to attempt such a move. In 2021, Apple revealed a plan to scan iCloud Photos for known CSAM. However, it scrapped that controversial effort following criticism from the likes of customers, advocacy groups and researchers.

Source: EU delays decision over scanning encrypted messages for CSAM

Watch out very very carefully  as soon as people start taking your freedoms in the name of “protecting children”.

On Thursday, the EU Council is scheduled to vote on a legislative proposal that would attempt to protect children online by disallowing confidential communication.

The vote had been set for Wednesday but got pushed back [PDF].

Known to detractors as Chat Control, the proposal seeks to prevent the online dissemination of child sexual abuse material (CSAM) by requiring internet service providers to scan digital communication – private chats, emails, social media messages, and photos – for unlawful content.

The proposal [PDF], recognizing the difficulty of explicitly outlawing encryption, calls for “client-side scanning” or “upload moderation” – analyzing content on people’s mobile devices and computers for certain wrongdoing before it gets encrypted and transmitted.

The idea is that algorithms running locally on people’s devices will reliably recognize CSAM (and whatever else is deemed sufficiently awful), block it, and/or report it to authorities. This act of automatically policing and reporting people’s stuff before it’s even had a chance to be securely transferred rather undermines the point of encryption in the first place.

We’ve been here before. Apple announced plans to implement a client-side scanning scheme back in August 2021, only to face withering criticism from the security community and civil society groups. In late 2021, the iGiant essentially abandoned the idea.

Europe’s planned “regulation laying down rules to prevent and combat child sexual abuse” is not the only legislative proposal that contemplates client-side scanning as a way to front-run the application of encryption. The US Earn-It Act imagines something similar.

In the UK, the Online Safety Act of 2023 includes a content scanning requirement, though with the government’s acknowledgement that enforcement isn’t presently feasible. While it does allow telecoms regulator Ofcom to require online platforms to adopt an “accredited technology” to identify unlawful content, there is currently no such technology and it’s unclear how accreditation would work.

With the EU proposal vote approaching, opponents of the plan have renewed their calls to shelve the pre-crime surveillance regime.

In an open letter [PDF] on Monday, Meredith Whittaker, CEO of Signal, which threatened to withdraw its app from the UK if the Online Safety Act disallowed encryption, reiterated why the EU client-side scanning plan is unworkable and dangerous.

“There is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe,” wrote Whittaker.

European countries continue to play rhetorical games. They’ve come back to the table with the same idea under a new label

“Instead of accepting this fundamental mathematical reality, some European countries continue to play rhetorical games.

“They’ve come back to the table with the same idea under a new label. Instead of using the previous term ‘client-side scanning,’ they’ve rebranded and are now calling it ‘upload moderation.’

“Some are claiming that ‘upload moderation’ does not undermine encryption because it happens before your message or video is encrypted. This is untrue.”

The Internet Architecture Board, part of the Internet Engineering Task Force, offered a similar assessment of client-side scanning in December.

Encrypted comms service Threema published its open variation on this theme on Monday, arguing that mass surveillance is incompatible with democracy, is ineffective, and undermines data security.

“Should it pass, the consequences would be devastating: Under the pretext of child protection, EU citizens would no longer be able to communicate in a safe and private manner on the internet,” the biz wrote.

EU citizens would no longer be able to communicate in a safe and private manner on the internet

“The European market’s location advantage would suffer a massive hit due to a substantial decrease in data security. And EU professionals like lawyers, journalists, and physicians could no longer uphold their duty to confidentiality online. All while children wouldn’t be better protected in the least bit.”

Threema said if it isn’t allowed to offer encryption, it will leave the EU.

And on Tuesday, 37 Members of Parliament signed an open letter to the Council of Europe urging legislators to reject Chat Control.

“We explicitly warn that the obligation to systematically scan encrypted communication, whether called ‘upload-moderation’ or ‘client-side scanning,’ would not only break secure end-to-end encryption, but will to a high probability also not withstand the case law of the European Court of Justice,” the MEPs said. “Rather, such an attack would be in complete contrast to the European commitment to secure communication and digital privacy, as well as human rights in the digital space.” ®

Source: Signal, MEPs urge EU Council to drop encryption-eroding law • The Register

Hey, EU, stop spying on us! We are supposed to be the free ones here.

It’s been a rocky couple of months for Sonos — so much so that CEO Patrick Spence now has a canned autoreply for customers emailing him to vent about the redesigned app. But as the company works to right the ship, restore trust, and get the new Sonos Ace headphones off to a strong start, it finds itself in the middle of yet another controversy.

As highlighted by repair technician and consumer privacy advocate Louis Rossmann, Sonos has made a significant change to its privacy policy, at least in the United States, with the removal of one key line. The updated policy no longer contains a sentence that previously said, “Sonos does not and will not sell personal information about our customers.” That pledge is still present in other countries, but it’s nowhere to be found in the updated US policy, which went into effect earlier this month.

Now, some customers, already feeling burned by the new Sonos app’s unsteady performance, are sounding off about what they view as another poor decision from the company’s leadership. For them, it’s been one unforced error after another from a brand they once recommended without hesitation.

[…]

As part of its reworked app platform, Sonos rolled out web-based access for all customer systems — giving the cloud an even bigger role in the company’s architecture. Unfortunately, the web app currently lacks any kind of two-factor authentication, which has also irked users; all it takes is an email address and password to remotely control Sonos devices.

[…]

Source: Sonos draws more customer anger — this time for its privacy policy – The Verge

If I had an “idiocy” tag, I would have used it for these bozo’s.

The Federal Communications Commission has slapped the largest mobile carriers in the US with a collective fine worth $200 million for selling access to their customers’ location information without consent. AT&T was ordered to pay $57 million, while Verizon has to pay $47 million. Meanwhile, Sprint and T-Mobile are facing a penalty with a total amount of $92 million together, since the companies had merged two years ago. The FCC conducted an in-depth investigation into the carriers’ unauthorized disclosure and sale of subscribers’ real-time location data after their activities came to light in 2018.

To sum up the practice in the words of FCC Commissioner Jessica Rosenworcel: The carriers sold “real-time location information to data aggregators, allowing this highly sensitive data to wind up in the hands of bail-bond companies, bounty hunters, and other shady actors.” According to the agency, the scheme started to unravel following public reports that a sheriff in Missouri was tracking numerous individuals by using location information a company called Securus gets from wireless carriers. Securus provides communications services to correctional facilities in the country.

While the carriers eventually ceased their activities, the agency said they continued operating their programs for a year after the practice was revealed and after they promised the FCC that they would stop selling customer location data. Further, they carried on without reasonable safeguards in place to ensure that the legitimate services using their customers’ information, such as roadside assistance and medical emergency services, truly are obtaining users’ consent to track their locations.

Source: FCC fines America’s largest wireless carriers $200 million for selling customer location data

Nintendo sent a Digital Millennium Copyright Act (DMCA) notice for over 8,000 GitHub repositories hosting code from the Yuzu Switch emulator, which the Zelda maker previously described as enabling “piracy at a colossal scale.” The sweeping takedown comes two months after Yuzu’s creators quickly settled a lawsuit with Nintendo and its notoriously trigger-happy legal team for $2.4 million.

GamesIndustry.biz first reported on the DMCA notice, affecting 8,535 GitHub repos. Redacted entities representing Nintendo assert that the Yuzu source code contained in the repos “illegally circumvents Nintendo’s technological protection measures and runs illegal copies of Switch games.”

GitHub wrote on the notice that developers will have time to change their content before it’s disabled. In keeping with its developer-friendly approach and branding, the Microsoft-owned platform also offered legal resources and guidance on submitting DMCA counter-notices.

Nintendo’s legal blitz, perhaps not coincidentally, comes as game emulators are enjoying a resurgence. Last month, Apple loosened its restrictions on retro game players in the App Store (likely in response to regulatory threats), leading to the Delta emulator establishing itself as the de facto choice and reaching the App Store’s top spot. Nintendo may have calculated that emulators’ moment in the sun threatened its bottom line and began by squashing those that most immediately imperiled its income stream.

Sadly, Nintendo’s largely undefended legal assault against emulators ignores a crucial use for them that isn’t about piracy. Game historians see the software as a linchpin of game preservation. Without emulators, Nintendo and other copyright holders could make a part of history obsolete for future generations, as their corresponding hardware will eventually be harder to come by.

[…]

This has royally pissed off PC players, though it’s worth noting that it’s free to make a PSN account. This has led to review bombing on Steam and many promises to abandon the game when the linking becomes a requirement, according to a report by Kotaku. The complaints range from frustration over adding yet another barrier to entry after downloading an 80GB game to fears that the PSN account would likely be hacked. While it is true that Sony was the target of a huge hack that impacted 77 million PSN accounts, that was back in 2011. Obama was still in his first term. Also worth noting? Steam was hacked in 2011, impacting 35 million accounts.

[…]

Source: Helldivers 2 PC players suddenly have to link to a PSN account and they’re not being chill about it

Last month the New York Times’ Kashmir Hill published a major story on how GM collects driver behavior data then sells access (through LexisNexis) to insurance companies, which will then jack up your rates.

The absolute bare minimum you could could expect from the auto industry here is that they’re doing this in a way that’s clear to car owners. But of course they aren’t; they’re burying “consent” deep in the mire of some hundred-page end user agreement nobody reads, usually not related to the car purchase — but the apps consumers use to manage roadside assistance and other features.

Since Kashmir’s story was published, she says she’s been inundated with complaints by consumers about similar behavior. She’s even discovered that she’s one of the folks GM spied on and tattled to insurers about. In a follow up story, she recounts how she and her husband bought a Chevy Bolt, were auto-enrolled in a driver assistance program, then had their data (which they couldn’t access) sold to insurers.

GM’s now facing 10 different federal lawsuits from customers pissed off that they were surreptitiously tracked and then forced to pay significantly more for insurance:

“In 10 federal lawsuits filed in the last month, drivers from across the country say they did not knowingly sign up for Smart Driver but recently learned that G.M. had provided their driving data to LexisNexis. According to one of the complaints, a Florida owner of a 2019 Cadillac CTS-V who drove it around a racetrack for events saw his insurance premium nearly double, an increase of more than $5,000 per year.”

GM (and some apologists) will of course proclaim that this is only fair that reckless drivers pay more, but that’s generally not how it works. Pressured for unlimited quarterly returns, insurance companies will use absolutely anything they find in the data to justify rising rates.

[…]

Automakers — which have long had some of the worst privacy reputations in all of tech — are one of countless industries that lobbied relentlessly for decades to ensure Congress never passed a federal privacy law or regulated dodgy data brokers. And that the FTC — the over-burdened regulator tasked with privacy oversight — lacks the staff, resources, or legal authority to police the problem at any real scale.

The end result is just a parade of scandals. And if Hill were so inclined, she could write a similar story about every tech sector in America, given everything from your smart TV and electricity meter to refrigerator and kids’ toys now monitor your behavior and sell access to those insights to a wide range of dodgy data broker middlemen, all with nothing remotely close to ethics or competent oversight.

And despite the fact that this free for all environment is resulting in no limit of dangerous real-world harms, our Congress has been lobbied into gridlock by a cross-industry coalition of companies with near-unlimited budgets, all desperately hoping that their performative concerns about TikTok will distract everyone from the fact we live in a country too corrupt to pass a real privacy law.

Source: People Are Slowly Realizing Their Auto Insurance Rates Are Skyrocketing Because Their Car Is Covertly Spying On Them | Techdirt

In a 2023 complaint, the FTC accused the doorbell camera and home security provider of allowing its employees and contractors to access customers’ private videos. Ring allegedly used such footage to train algorithms without consent, among other purposes.

Ring was also charged with failing to implement key security protections, which enabled hackers to take control of customers’ accounts, cameras and videos. This led to “egregious violations of users’ privacy,” the FTC noted.

The resulting settlement required Ring to delete content that was found to be unlawfully obtained, establish stronger security protections

[…]

the FTC is sending 117,044 PayPal payments to impacted consumers who had certain types of Ring devices — including indoor cameras — during the timeframes that the regulators allege unauthorized access took place.

[…]

Earlier this year, the California-based company separately announced that it would stop allowing police departments to request doorbell camera footage from users, marking an end to a feature that had drawn criticism from privacy advocates.

Source: Ring customers get $5.6 million in refunds in privacy settlement | AP News

Considering the size of Ring and the size of the customer base, this is a very very light tap on the wrist for delivering poor security and something that spies on everything on the street.

 In this cross-sectional analysis of a nationally representative sample of 100 nonfederal acute care hospitals, 96.0% of hospital websites transmitted user information to third parties, whereas 71.0% of websites included a publicly accessible privacy policy. Of 71 privacy policies, 40 (56.3%) disclosed specific third-party companies receiving user information.

[…]

Of 100 hospital websites, 96 […] transferred user information to third parties. Privacy policies were found on 71 websites […] 70 […] addressed how collected information would be used, 66 […] addressed categories of third-party recipients of user information, and 40 […] named specific third-party companies or services receiving user information.

[…]

In this cross-sectional study of a nationally representative sample of 100 nonfederal acute care hospitals, we found that although 96.0% of hospital websites exposed users to third-party tracking, only 71.0% of websites had an available website privacy policy. Polices averaged more than 2500 words in length and were written at a college reading-level. Given estimates that more than one-half of adults in the US lack literacy proficiency and that the average patient in the US reads at a grade 8 level, the length and complexity of privacy policies likely pose substantial barriers to users’ ability to read and understand them.^27,32

[…]

Only 56.3% of policies (and only 40 hospitals overall) identified specific third-party recipients. Named third-parties tended to be companies familiar to users, such as Google. This lack of detail regarding third-party data recipients may lead users to assume that they are being tracked only by a small number of companies that they know well, when, in fact, hospital websites included in this study transferred user data to a median of 9 domains.

[…]

In addition to presenting risks for users, inadequate privacy policies may pose risks for hospitals. Although hospitals are generally not required under federal law to have a website privacy policy that discloses their methods of collecting and transferring data from website visitors, hospitals that do publish website privacy policies may be subject to enforcement by regulatory authorities like the Federal Trade Commission (FTC).³³ The FTC has taken the position that entities that publish privacy policies must ensure that these policies reflect their actual practices.³⁴ For example, entities that promise they will delete personal information upon request but fail to do so in practice may be in violation of the FTC Act.³⁴

[…]

Source: User Information Sharing and Hospital Website Privacy Policies | Ethics | JAMA Network Open | JAMA Network

In hopes of settling a lawsuit challenging its data collection practices, Google has agreed to destroy web browsing data it collected from users browsing in Chrome’s private modes – which weren’t as private as you might have thought.

The lawsuit [PDF], filed in June, 2020, on behalf of plaintiffs Chasom Brown, Maria Nguyen, and William Byatt, sought to hold Google accountable for making misleading statements about privacy.

[…]

“Despite its representations that users are in control of what information Google will track and collect, Google’s various tracking tools, including Google Analytics and Google Ad Manager, are actually designed to automatically track users when they visit webpages – no matter what settings a user chooses,” the complaint claims. “This is true even when a user browses in ‘private browsing mode.'”

Chrome’s Incognito mode only provides privacy in the client by not keeping a locally stored record of the user’s browsing history. It does not shield website visits from Google.

[…]

During the discovery period from September 2020 through March 2022, Google produced more than 5.8 million pages of documents. Even so, it was sanctioned nearly $1 million in 2022 by Magistrate Judge Susan van Keulen – for concealing details about how it can detect when Chrome users employ Incognito mode.

What the plaintiffs’ legal team found might have been difficult to explain at trial.

“Google employees described Chrome Incognito Mode as ‘misleading,’ ‘effectively a lie,’ a ‘confusing mess,’ a ‘problem of professional ethics and basic honesty,’ and as being ‘bad for users, bad for human rights, bad for democracy,'” according to the declaration [PDF] of Mark C Mao, a partner with the law firm of Boies Schiller Flexner LLP, which represents the plaintiffs.

[…]

On December 26 last year the plaintiffs and Google agreed to settle the case. The plaintiffs’ attorneys have suggested the relief provided by the settlement is worth $5 billion – but nothing will be paid, yet.

The settlement covers two classes of people: one of which excludes those using Incognito mode while logged into their Google Account:

• Class 1: All Chrome browser users with a Google account who accessed a non-Google website containing Google tracking or advertising code using such browser and who were (a) in “Incognito mode” on that browser and (b) were not logged into their Google account on that browser, but whose communications, including identifying information and online browsing history, Google nevertheless intercepted, received, or collected from June 1, 2016 through the present.
• Class 2: All Safari, Edge, and Internet Explorer users with a Google account who accessed a non-Google website containing Google tracking or advertising code using such browser and who were (a) in a “private browsing mode” on that browser and (b) were not logged into their Google account on that browser, but whose communications, including identifying information and online browsing history, Google nevertheless intercepted, received, or collected from June 1, 2016 through the present.

The settlement [PDF] requires that Google: inform users that it collects private browsing data, both in its Privacy Policy and in an Incognito Splash Screen; “must delete and/or remediate billions of data records that reflect class members’ private browsing activities”; block third-party cookies in Incognito mode for the next five years (separately, Google is phasing out third-party cookies this year); and must delete the browser signals that indicate when private browsing mode is active, to prevent future tracking.

[…]

The class of affected people has been estimated to number about 136 million.

 

Source: Google will delete data collected from private browsing • The Register

Privacy First has teamed up with Austrian NOYB (the organisation of privacy activist Max Schrems) to form the new mass claim organisation CUIC founded. CUIC stands for Consumers United in Court, also pronounceable as ‘CU in Court’ (see you in court).

[…]

Millions spied on by virus scanner

CUIC today filed subpoenas against software company Avast that made virus scanners that illegally collected the browsing behaviour of millions of people on computer, tablet or phone, including in the Netherlands. This data was then resold to other companies through an Avast subsidiary for millions of euros. This included data about users’ health, locations visited, political affiliation, religious beliefs, sexual orientation or economic situation. This information was linked to each specific user through unique user IDs. In a press release articulates CUIC president Wilmar Hendriks today as follows: “People thought they were safe with a virus scanner, but its very creator tracked everything they did on their computers. Avast sold this information to third parties for big money. They even advertised the goldmine of data they had captured. Companies like Avast should not be allowed to get away with this. That is why we are bringing this lawsuit. Those who won’t hear should feel.”

Fines

Back in March 2023, the Czech privacy regulator (UOOU) concluded that Avast violated the AVG and fined the company approximately €13.7 million. The US federal consumer authority, the Federal Trade Commission (FTC), also recently ordered Avast to pay USD16.5 million in compensation to users and ordered it to stop selling or making collected data available to third parties, delete that collected data and implement a comprehensive privacy programme.

The lawsuit for which CUIC today sued Avast should lead to compensation for users in the Netherlands

[…]

Source: Mass claim CUIC against virus scanner Avast launched – Privacy First