EFF takes a deep dive into Windows 10's brutal privacy breaches

og-windows10

Microsoft's deceptive hard-sell to gets users to "upgrade" to Windows 10 (the most control-freaky OS to ever come out of Redmond) is made all the more awful by just how much personal, sensitive, compromising data Microsoft exfiltrates from its users' PCs once they make the switch. Read the rest

UK/EU security researchers: tax-free stipend to study privacy and authentication

UCL_Portico_Building

UC London's offering a tax-free stipend for UK/EU students to work on designing and evaluating new approaches for continuous authentication, based on a solid theoretical underpinning so as to give a high degree of confidence that the resulting decisions match expectations and requirements" as well as "ways to preserve user privacy by processing behavioural measurements on the user’s computer such that sensitive information is not sent to the online service." (Image: LordHarris, CC-BY-SA) (Thanks, William!) Read the rest

The Tor Project's social contract: we will not backdoor Tor

Magna_Carta_(British_Library_Cotton_MS_Augustus_II.106)

I first encountered the idea of "social contracts" for software projects in Neal Stephenson's seminal essay In the Beginning Was the Command Line, which endorsed the Debian project on the strength of its social contract: "As far as I know, Debian is the only Linux distribution that has its own constitution." Read the rest

Thai telcoms regulator wants tourists to use location-tracking SIMs

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1155

Thailand’s National Broadcasting and Telecommunications Commission has proposed issuing tracking-chips to all visitors to the country, which would allow the government to monitor the movements of all foreign nationals while in-country, in order to "locate them which will help if there are some tourists who overstay or run away (from police)." Read the rest

DoJ to judges: use Tor to protect your internet connection

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1154

This summer, DoJ Cybercrime Lab director Ovie Carroll presented at a Federal Judicial Seminar in San Diego, attended by over 100 US federal judges, where he recommended that the judges should use Tor -- The Onion Router, subject of much handwringing and serious technological assaults from the US government, but which is also primarily funded by the USG -- to protect their personal information while using their home and work computers. Read the rest

Web companies can track you -- and price-gouge you -- based on your battery life

6997580445_80f70581c8_b

In Online tracking: A 1-million-site measurement and analysis, eminent Princeton security researchers Steven Englehardt and Arvind Narayanan document the use of device battery levels -- accessible both through mobile platform APIs and HTML5 calls -- to track and identify users who are blocking cookies and other methods of tracking. Read the rest

Decision to retain personally identifying information puts Australian census under threat

Without an accurate census, it's virtually impossible to make good national policy, which is why so many countries make census participation mandatory (when former Canadian Prime Minister Stephen "Dumpster Fire" Harper made the long-form census optional, statisticians and policy wonks quailed) -- which is why the Australian government's decision to collect and retain -- for 10 years -- personally identifying information on census participants is such a big deal. Read the rest

Pregnancy-tracking app was riddled with vulnerabilities, exposing extremely sensitive personal information

Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app's designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users' passwords, spy on them, steal their identities, and access extremely intimate data about the millions of women and their partners who use the app. Read the rest

Hacker claims $20K in dark web sales of leaked 'World-Check' terrorism watchlist

Reuters

Ever wonder if it's really a good idea for there to be “terrorism watch lists” created by for-profit businesses, with no accountability to the privacy rights of ordinary citizens like you and me?

The best-known of these, Thomson Reuters' “World-Check,” recently leaked to the so-called dark web. The database is compiled from public sources, and is sold by Thomson Reuters to vetted clients in government, intelligence agencies, banks, law firms, and the like.

Read the rest

UK Royal Society's #1 cybersecurity recommendation: don't backdoor crypto

Royal_Society_entrance (1)

The Royal Society, once presided over by Isaac Newton, is one of Britain's most respected learned institutions: that's why it matters so much that the organisation's new report, "Progress and research in cybersecurity," begins by demanding that government "must commit to preserving the robustness of encryption, including end-to-end encryption, and promoting its widespread use. Encryption is a foundational security technology that is needed to build user trust, improve security standards and fully realise the benefits of digital systems." Read the rest

For the first time, a federal judge has thrown out police surveillance evidence from a "Stingray" device

Stingrays -- the trade name for an "IMSI catcher," a fake cellphone tower that tricks cellphones into emitting their unique ID numbers and sometimes harvests SMSes, calls, and other data -- are the most controversial and secretive law-enforcement tools in modern American policing. Harris, the company that manufactures the devices, swears police departments to silence about their use, a situation that's led to cops lying to judges and even a federal raid on a Florida police department to steal stingray records before they could be introduced in open court. Read the rest

How to kick Pokemon Go out of your Google account

mass-surveillance

A privacy trainwreck: Pokemon Go, the hit augmented reality game that's seeing kids and adults alike scouring the real world looking for monsters to nab, quietly gets "full access" to players' Google accounts. And check out the small print that goes with it. Read the rest

Pokemon Go privacy rules are terrible (just like all your other apps)

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1129

Pokemon Go wants access to your Google account (and thus your email and Google Docs) and its privacy policy is a Kafka-esque nightmare document that lets them collect every single imaginable piece of private information about your life and share it with pretty much anyone they want to, forever. Read the rest

Rebate for IoT thermostat requires that you give permission to your utility to read "all data"

ecobee31_B1.png

Aaron writes, "While filling out this seemingly great rebate for $100 for a recently purchased wifi-enabled thermostat, I happened to read the Terms and Conditions, which includes the fact that I must unwittingly agree to share all my thermostat data with my electric and gas companies (It was odd that they asked for my thermostat's MAC address). Because I have an ecobee3, this includes information on how often I'm in my bedroom, or when I'm home or out!" Read the rest

Peak indifference: privacy as a public health issue

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1129

My latest Locus column, "Peak Indifference", draws a comparison between the history of the "debate" about the harms of smoking (a debate manufactured by disinformation merchants with a stake in the controversy) and the current debate about the harms of surveillance and data-collection, whose proponents say "privacy is dead," while meaning, "I would be richer if your privacy were dead." Read the rest

Leaked FBI documents reveal secret rules for spying on journalists with National Security Letters

nsls
Today, The Intercept published leaked documents that contain the FBI’s secret rules for targeting journalists and sources with National Security Letters (NSLs)—the controversial and unconstitutional warrantless tool the FBI uses to conduct surveillance without any court supervision whatsoever.

Read the rest

Facebook: We did ‘a test’ last year using some people's location data to suggest friends

Photo: Reuters

Facebook recently told Fusion reporter Kashmir Hill that Facebook uses location data to recommend friends. People freaked out. Facebook retracted the statement. Then, the social media giant said what, that's crazy, LOL, no. No, we didn't do that at all. Now, Facebook’s communications team tells Hill the confusion arose “because there was a brief time when the social network used location for friend suggestions,” which involved a small percentage of Facebook users and stopped last year.

Read the rest

More posts