Seeking to improve its pisspoor customer service rating, UK telecoms giant Vodafone has clarified just how much information it slurps from customer networks. You might want to rename those servers, m’kay?

The updates are rather extensive and were noted by customers after a headsup-type email arrived from the telco.

One offending paragraph gives Vodafone an awful lot of information about what a customer might be running on their own network:

For providing end user support and optimizing your WiFi experience we are collecting information about connected devices (MAC address, Serial Number, user given host names and WiFi connection quality) as well as information about the the WiFi networks (MAC addresses and identifiers, radio statistics).

More accurately, it gives a third party that information. Airties A.S. is the company responsible for hosting information that Vodafone’s support drones might use for diagnostics.

With Vodafone topping the broadband and landline complaint tables, according to the most recent Ofcom data (PDF), the company would naturally want to increase the chances of successfully resolving a customer’s problem. However, there is no way to opt out.

Source: Vodafone: Yes, we slurp data on customers’ network setups, but we do it for their own good • The Register

You probably don’t realize just how many devices in your home or workplace are not only capable of eavesdropping on all your conversations but are specifically designed to. Smartphones, tablets, computers, smartwatches, smart speakers, even voice-activated appliances that have access to smart assistants like Amazon’s Alexa or Google Assistant feature built-in microphones that are constantly monitoring conversations for specific activation words to bring them to life. But accurate voice recognition often requires processing recordings in the cloud on faraway servers, and despite what giant companies keep assuring us, there are obvious and warranted concerns about privacy.

You could simply find yourself a lovely cave deep in the woods and hide out the rest of your days away from technology if you don’t want to be the victim of endless eavesdropping, but this wearable jammer, created by researchers from the University of Chicago, is a (slightly) less drastic alternative. It’s chunky, there’s no denying it, but surrounding an inner core of electronics and batteries are a series of ultrasonic transducers blasting sound waves in all directions. While inaudible to human ears, the ultrasonic signals take advantage of a flaw found in sensitive microphone hardware that results in these signals being captured and interfering with the recordings of lower parts of the audio spectrum where the frequencies of human voices fall.

The results are recordings that are nearly incomprehensible to both human ears and the artificial intelligence-powered voice recognition software that smart assistants and other voice-activated devices rely on.

But why pack the technology into a wearable bracelet instead of creating a stationary device you could set up in the middle of a room for complete privacy? An array of transducers pointing in all directions are needed to properly blanket a room in ultrasonic sound waves, but thanks to science, wherever the signals from two neighboring transducers overlap, they cancel each other out, creating dead zones where microphones could continue to effectively operate.

By incorporating the jamming hardware into a wearable device, the natural and subconscious movements of the wearer’s arms and hands while they speak keep the transducers in motion. This effectively eliminates the risk of dead zones being created long enough to allow entire words or sentences to be detected by a smart device’s microphone. For those who are truly worried about their privacy, the research team has shared their source code for the signal generator as well as 3D models for the bracelet on GitHub for anyone to download and build themselves. You’ll need to supply your own electronics, and if you’re going to all the trouble, you might as well build one for each wrist, all but ensuring there’s never a dead zone in your silencing shield.

Source: This Punk Bracelet Prevents Smart Speakers From Hearing You

This is nice  because Project Alias / Parasite is aimed at a very specific machine, whereas this will protect you wherever you go. It’s just a bit clunky.

The popular Edison email app, which is in the top 100 productivity apps on the Apple app store, scrapes users’ email inboxes and sells products based off that information to clients in the finance, travel, and e-Commerce sectors. The contents of Edison users’ inboxes are of particular interest to companies who can buy the data to make better investment decisions, according to a J.P. Morgan document obtained by Motherboard.

On its website Edison says that it does “process” users’ emails, but some users did not know that when using the Edison app the company scrapes their inbox for profit. Motherboard has also obtained documentation that provides more specifics about how two other popular apps—Cleanfox and Slice—sell products based on users’ emails to corporate clients.

Source: How Big Companies Spy on Your Emails – VICE

Based on the findings, more than 20 consumer and civil society organisations in Europe and from different parts of the world are urging their authorities to investigate the practices of the online advertising industry.

The report uncovers how every time we use apps, hundreds of shadowy entities are receiving personal data about our interests, habits, and behaviour. This information is used to profile consumers, which can be used for targeted advertising, but may also lead to discrimination, manipulation and exploitation.

– These practices are out of control and in breach of European data protection legislation. The extent of tracking makes it impossible for us to make informed choices about how our personal data is collected, shared and used, says Finn Myrstad, director of digital policy in the Norwegian Consumer Council.

The Norwegian Consumer Council is now filing formal complaints against Grindr, a dating app for gay, bi, trans, and queer people and companies that were receiving personal data through the app;  Twitter`s MoPub, AT&T’s AppNexus, OpenX, AdColony and Smaato. The complaints are directed to the Norwegian Data Protection Authority for breaches of the General Data Protection Regulation.

[…]

Every time you open an app like Grindr advertisement networks get your GPS location, device identifiers and even the fact that you use a gay dating app. This is an insane violation of users’ EU privacy rights, says Max Schrems, founder of the European privacy non-profit NGO noyb.

The harmful effects of profiling

Many actors in the online advertising industry collect information about us from a variety of places, including web browsing, connected devices, and social media. When combined, this data provides a complex picture of individuals, revealing what we do in our daily lives, our secret desires, and our most vulnerable moments.

–  This massive commercial surveillance is systematically at odds with our fundamental rights  and can be used to discriminate, manipulate and exploit us. The widespread tracking also has the potential to seriously degrade consumer trust in digital services, says Myrstad.

– Furthermore, in a recent Amnesty International report, Amnesty showed how these data-driven business models are a serious threat to human rights such as freedom of opinion and expression, freedom of thought, and the right to equality and non-discrimination.

[…]

– The situation is completely out of control. In order to shift the significant power imbalance between consumers and third party companies, the current practices of extensive tracking and profiling have to end, says Myrstad.

– There are very few actions consumers can take to limit or prevent the massive tracking and data sharing that is happening all across the internet. Authorities must take active enforcement measures to protect consumers against the illegal exploitation of personal data.

Source: New study: The advertising industry is systematically breaking the law : Forbrukerrådet

On Tuesday, the Czech data protection authority announced an investigation into antivirus company Avast, which was harvesting the browsing history of over 100 million users and then selling products based on that data to a slew of different companies including Google, Microsoft, and Home Depot. The move comes after a joint Motherboard and PCMag investigation uncovered details of the data collection through a series of leaked documents.

“On the basis of the information revealed describing the practices of Avast Software s.r.o., which was supposed to sell data on the activities of anti-virus users through its ‘Jumpshot division’ the Office initiated a preliminary investigation of the case,” a statement from the Czech national data protection authority on its website reads. Under the European General Protection Regulation (GDPR) and national laws, the Czech Republic, like other EU states, has a data protection authority to enforce things like mishandling of personal data. With GDPR, companies can be fined for data abuses.

“At the moment we are collecting information on the whole case. There is a suspicion of a serious and extensive breach of the protection of users’ personal data. Based on the findings, further steps will be taken and general public will be informed in due time,“ added Ms Ivana Janů, President of the Czech Office for Personal Data Protection, in the statement. Avast is a Czech company.

Motherboard and PCMag’s investigation found that the data sold included Avast users’ Google searches and Google Maps lookups, particular YouTube videos, and people visiting specific porn videos. The data was anonymized, but multiple experts said it could be possible to unmask the identity of users, especially when that data, sold by Avast’s subsidiary Jumpshot, was combined with other data that its clients may possess.

Days after the investigation, Avast bought back a 35 percent stake in Jumpshot worth $61 million, and shuttered Jumpshot. Avast’s valuation fell by a quarter, will incur costs between $15 and $25 million, and the closure Jumpshot will cut annual revenues by around $36 million and underlying profits by $7 million, The Times reported.

Source: Data Protection Authority Investigates Avast for Selling Users’ Browsing History – VICE