Facebook offering "vulnerable teens" to advertisers shows it is willing to be used as a weapon

Facebook was caught offering advertisers a direct line to psychologically vulnerable teens. Nitasha Tiku writes that this exposes the deeper danger of its insight into our lives: it's not the data that's the problem, it's how it could be "weaponized in ways those users cannot see, and would never knowingly allow."

The company had offered advertisers the opportunity to target 6.4 million younger users, some only 14 years old, during moments of psychological vulnerability, such as when they felt “worthless,” “insecure,” “stressed,” “defeated,” “anxious,” and like a “failure.” ...

If the users in question weren’t teenagers—or if the emotion wasn’t insecurity—Facebook’s public statement might have been sufficient; the uproar from privacy advocates may have been duly noted, then promptly forgotten.

Instead, as Kathryn Montgomery, a professor at American University and the director of the school’s communications studies division—who is married to Chester—tells WIRED, The Australian’s report served as “a flashpoint that enables you to glimpse Facebook’s inner workings, which in many ways is about monetization of moods.”

As Tiku points out: "It’s not a dystopian nightmare. It’s just a few clicks away from the status quo."

The fences you put up are meaningless if Facebook owns the land.

Read the rest

Thunderbird finds a new home

Thunderbird is one of the last robust email clients, a must-have for people who don't want to use webmail or leave their mail on a server, waiting to be hacked and dumped -- but for years, it has been on deathwatch, as the Mozilla Foundation looked for another organization to take it over. Read the rest

Survey: nearly half think it may be legal to install spyware on a family member's devices

Comparitech commissioned a survey of 2,000 people in the US and UK to ask whether they thought "it is legal to install a program on a partner's phone to snoop on their activity?" and whether they would "ever consider adding a program to your child's phone that allows you to listen to their conversations and spy on their messages?" Read the rest

235 apps attempt to secretly track users with ultrasonic audio

Ultrasonic beacons (previously, previously) let advertisers build an idea of when and where you use your devices: the sound plays in an ad on one device, and is heard by other devices. This way, they can associate two gadgets with a single user, precisely geolocate devices without aGPS, or even build graphs of real-world social networks. The threat was considered more academic than some, but more than 200 Android apps were found in the wild using the technique.

In research sponsored by the German government [PDF], a team of researchers conducted extensive tests across the EU to better understand how widespread this practice is in the real world.

Their results revealed Shopkick ultrasonic beacons at 4 of 35 stores in two European cities. The situation isn't that worrisome, as users have to open an app with the Shopkick SDK for the beacon to be picked up.

In the real world, this isn't an issue, as store owners, advertisers, or product manufactures could incentivize users to open various apps as a way to get discounts.

From the paper:

While in April 2015 only six instances were known, we have been able to identify 39 further instances in a dataset of about 1,3 million applications in December 2015, and until now, a total of 234 samples containing SilverPush has been discovered. We conclude that even if the tracking through TV content is not actively used yet, the monitoring functionality is already deployed in mobile applications and might become a serious privacy threat in the near future

Apparently it's not very effective—consumer speakers and mics aren't designed with ultrasonic use in mind and the authors say noise, audio compression and other factors "significantly affects the feasibility" of the technology—but the intent is clearly there on the part of advertisers and appmakers to make a stab at it. Read the rest

India's controversial national ID scheme leaks fraud-friendly data for 130,000,000 people

Aadhaar kicked off in 2009, linking each Indian resident's biometric data and sensitive personally identifying information to a unique 12-digit number. Read the rest

The NSA no longer claims the right to read your email in case you're talking about foreigners

For more than a decade, the Electronic Frontier Foundation has been suing the NSA over its extraordinarily broad interpretation of its powers under Section 702 of the FISA Amendments Act -- a law that the NSA says gives it the power to spy on Americans any time they mention a foreigner. Read the rest

What happens legally if you shoot someone's drone out of the sky?

Probably not much, as Brad Jones learned over Easter when a neighbor allegedly blasted his DJI Phantom. Even if his prime suspect confessed, there's not much precedent for prosecutions. Read the rest

EFF study: ed-tech is spying on America's kids and not telling them about it

The Electronic Frontier Foundation surveyed hundreds of American kids, teachers and parents about privacy and the "ed-tech" sector, which is filling America's classrooms with Chromebooks and cloud services and mobile devices that ingest kids' data wholesale without any meaningful privacy or data retention policies. Read the rest

How to protect your privacy at a protest

Micah Lee and The Intercept put together this video with “tips on how to prepare your phone before you go to a protest and on how to safely communicate with your friends.”

Read the rest

Japan secretly funneled hundreds of millions to the NSA, breaking its own laws

The Intercept publishes a previously-unseen set of Snowden docs detailing more than $500,000,000 worth of secret payments by the Japanese government to the NSA, in exchange for access to the NSA's specialized surveillance capabilities, in likely contravention of Japanese privacy law (the secrecy of the program means that the legality was never debated, so no one is sure whether it broke the law). Read the rest

Lawsuit claims Bose tracks what you listen to then sells the data

According to a lawsuit filed Tuesday in Chigago, Bose uses software to track the music and other audio listened to on its wireless headphones, violating the privacy of its users and selling the information.

The complaint filed on Tuesday by Kyle Zak in federal court in Chicago seeks an injunction to stop Bose's "wholesale disregard" for the privacy of customers who download its free Bose Connect app from Apple Inc or Google Play stores to their smartphones.

"People should be uncomfortable with it," Christopher Dore, a lawyer representing Zak, said in an interview. "People put headphones on their head because they think it's private, but they can be giving out information they don't want to share."

The headphones alone aren't the problem, apparently, but an optional app bundled with them. Savvy users may know that such things are often sleazy marketing wheezes, but that hardly excuses it. Read the rest

Lawsuit alleges Bose's headphone app exfiltrates your listening habits to creepy data-miners

Bose's $350 wireless headphones need an app to "get the most" out of them, and this app monitors everything you listen to -- the names of the podcasts, the music, videos, etc -- and sends them to Bose without your permission, according to a lawsuit filed this week in Chicago by Kyle Zak. Read the rest

Vast majority of Americans reject mass surveillance to thwart terrorist attacks

75% surveyed by Ipsos/Reuters said, "they would not let investigators tap into their Internet activity to help the U.S. combat domestic terrorism"(up from 67% in 2013). Read the rest

Activists vow to make ISP privacy sellout a "major issue" in the 2018 elections

The Republican Congressjerks who passed legislation allowing your ISP to spy on your online activity and sell the data from it without your permission will be firmly reminded of their calumny in the 2018 election cycle, as the Center for Media Justice and its privacy allies plan "street-level tactics" to hold them accountable for their sellout. Read the rest

Trump administration wants to force visitors to US to reveal social media passwords and answer questions about political beliefs

The latest crayon-scrawled, unconstitutional, sure-to-be-challenged plan from the Trump White House for America's borders would require visitors to the US to reveal their social media passwords so CBP officers could read their private messages and look at their friends lists; they will also have to answer questions about their political beliefs -- the plan would cover visitors from all over, including countries in the US Visa Waiver program. Read the rest

Bipartisan bill would end warrantless border searches of US persons' data

Under the Protecting Data at the Border Act, devices "belonging to or in the possession of a United States person" (a citizen or Green Card holder) could no longer be searched at the border without a warrant. Agents would no longer be able to deny US persons entry or exit on the basis of a refusal to allow such a search (but they could seize the equipment). Read the rest

Camera-equipped sex toy manufacturer ignores multiple warnings about horrible, gaping security vulnerability

The uniquely horribly named Svakom Siime Eye is an Internet of Things sex-toy with a wireless camera that allows you to stream video of the insides of your orifices as they are penetrated by it; researchers at the UK's Pen Test Partners discovered that once you login to it via the wifi network (default password "88888888"), you can root it and control it from anywhere in the world. Read the rest

More posts