The privacy wars have been a disaster and they're about to get a LOT worse


In my latest Locus column, The Privacy Wars Are About to Get A Whole Lot Worse, I describe the history of the privacy wars to date, and the way that the fiction of "notice and consent" has provided cover for a reckless, deadly form of viral surveillance capitalism. Read the rest

How To Be At War Forever

A man fills barrels with rubble to make a barricade to protect shops in the rebel held Douma area of Damascus, Syria Sep. 2, 2016. REUTERS

If you were the government and wanted to maintain a state of perpetual war, how would you go about it? Read the rest

Unprotected database exposes off-grid energy users in Guatemala, South Africa

Two of the leaked identification cards -- on the left, a South African ID, and a Guatemalan ID on the right. (Image: leaked database, via ZDnet)

An unprotected Kingo Solar database with the personal data and photos for thousands of off-the-grid electricity customers was accessible for months, reports Zack Whittaker at ZDnet. “Thousands of remote villagers in Guatemala and South Africa are living off the grid, but their personal information isn't,” he writes.

Read the rest

WhatsApp wooed users with privacy promise, but will soon share data with Facebook

A Facebook logo is displayed on the side of a tour bus in New York, 2015. REUTERS

The mobile messaging app will soon begin sharing with Facebook the phone numbers and analytics data for its more than one billion users.

When messaging app WhatsApp was acquired by Facebook in 2014, WhatsApp co-founder Jan Koum promised the deal wouldn't affect users' privacy.

Read the rest

Baltimore police respond to report they secretly spied on city with aerial surveillance tech from Iraq War


A report out this week from Bloomberg says that since January, 2016, people in the city of Baltimore, Maryland have secretly and periodically been spied on by police using cameras in the sky. Authorities today effectively admitted that the report is accurate.

Read the rest

EFF takes a deep dive into Windows 10's brutal privacy breaches


Microsoft's deceptive hard-sell to gets users to "upgrade" to Windows 10 (the most control-freaky OS to ever come out of Redmond) is made all the more awful by just how much personal, sensitive, compromising data Microsoft exfiltrates from its users' PCs once they make the switch. Read the rest

UK/EU security researchers: tax-free stipend to study privacy and authentication


UC London's offering a tax-free stipend for UK/EU students to work on designing and evaluating new approaches for continuous authentication, based on a solid theoretical underpinning so as to give a high degree of confidence that the resulting decisions match expectations and requirements" as well as "ways to preserve user privacy by processing behavioural measurements on the user’s computer such that sensitive information is not sent to the online service." (Image: LordHarris, CC-BY-SA) (Thanks, William!) Read the rest

The Tor Project's social contract: we will not backdoor Tor


I first encountered the idea of "social contracts" for software projects in Neal Stephenson's seminal essay In the Beginning Was the Command Line, which endorsed the Debian project on the strength of its social contract: "As far as I know, Debian is the only Linux distribution that has its own constitution." Read the rest

Thai telcoms regulator wants tourists to use location-tracking SIMs


Thailand’s National Broadcasting and Telecommunications Commission has proposed issuing tracking-chips to all visitors to the country, which would allow the government to monitor the movements of all foreign nationals while in-country, in order to "locate them which will help if there are some tourists who overstay or run away (from police)." Read the rest

DoJ to judges: use Tor to protect your internet connection


This summer, DoJ Cybercrime Lab director Ovie Carroll presented at a Federal Judicial Seminar in San Diego, attended by over 100 US federal judges, where he recommended that the judges should use Tor -- The Onion Router, subject of much handwringing and serious technological assaults from the US government, but which is also primarily funded by the USG -- to protect their personal information while using their home and work computers. Read the rest

Web companies can track you -- and price-gouge you -- based on your battery life


In Online tracking: A 1-million-site measurement and analysis, eminent Princeton security researchers Steven Englehardt and Arvind Narayanan document the use of device battery levels -- accessible both through mobile platform APIs and HTML5 calls -- to track and identify users who are blocking cookies and other methods of tracking. Read the rest

Decision to retain personally identifying information puts Australian census under threat

Without an accurate census, it's virtually impossible to make good national policy, which is why so many countries make census participation mandatory (when former Canadian Prime Minister Stephen "Dumpster Fire" Harper made the long-form census optional, statisticians and policy wonks quailed) -- which is why the Australian government's decision to collect and retain -- for 10 years -- personally identifying information on census participants is such a big deal. Read the rest

Pregnancy-tracking app was riddled with vulnerabilities, exposing extremely sensitive personal information

Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app's designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users' passwords, spy on them, steal their identities, and access extremely intimate data about the millions of women and their partners who use the app. Read the rest

Hacker claims $20K in dark web sales of leaked 'World-Check' terrorism watchlist


Ever wonder if it's really a good idea for there to be “terrorism watch lists” created by for-profit businesses, with no accountability to the privacy rights of ordinary citizens like you and me?

The best-known of these, Thomson Reuters' “World-Check,” recently leaked to the so-called dark web. The database is compiled from public sources, and is sold by Thomson Reuters to vetted clients in government, intelligence agencies, banks, law firms, and the like.

Read the rest

UK Royal Society's #1 cybersecurity recommendation: don't backdoor crypto

Royal_Society_entrance (1)

The Royal Society, once presided over by Isaac Newton, is one of Britain's most respected learned institutions: that's why it matters so much that the organisation's new report, "Progress and research in cybersecurity," begins by demanding that government "must commit to preserving the robustness of encryption, including end-to-end encryption, and promoting its widespread use. Encryption is a foundational security technology that is needed to build user trust, improve security standards and fully realise the benefits of digital systems." Read the rest

For the first time, a federal judge has thrown out police surveillance evidence from a "Stingray" device

Stingrays -- the trade name for an "IMSI catcher," a fake cellphone tower that tricks cellphones into emitting their unique ID numbers and sometimes harvests SMSes, calls, and other data -- are the most controversial and secretive law-enforcement tools in modern American policing. Harris, the company that manufactures the devices, swears police departments to silence about their use, a situation that's led to cops lying to judges and even a federal raid on a Florida police department to steal stingray records before they could be introduced in open court. Read the rest

How to kick Pokemon Go out of your Google account


A privacy trainwreck: Pokemon Go, the hit augmented reality game that's seeing kids and adults alike scouring the real world looking for monsters to nab, quietly gets "full access" to players' Google accounts. And check out the small print that goes with it. Read the rest

More posts