Decision to retain personally identifying information puts Australian census under threat

Without an accurate census, it's virtually impossible to make good national policy, which is why so many countries make census participation mandatory (when former Canadian Prime Minister Stephen "Dumpster Fire" Harper made the long-form census optional, statisticians and policy wonks quailed) -- which is why the Australian government's decision to collect and retain -- for 10 years -- personally identifying information on census participants is such a big deal. Read the rest

Pregnancy-tracking app was riddled with vulnerabilities, exposing extremely sensitive personal information

Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app's designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users' passwords, spy on them, steal their identities, and access extremely intimate data about the millions of women and their partners who use the app. Read the rest

Hacker claims $20K in dark web sales of leaked 'World-Check' terrorism watchlist

Ever wonder if it's really a good idea for there to be “terrorism watch lists” created by for-profit businesses, with no accountability to the privacy rights of ordinary citizens like you and me?

The best-known of these, Thomson Reuters' “World-Check,” recently leaked to the so-called dark web. The database is compiled from public sources, and is sold by Thomson Reuters to vetted clients in government, intelligence agencies, banks, law firms, and the like.

Read the rest

UK Royal Society's #1 cybersecurity recommendation: don't backdoor crypto

The Royal Society, once presided over by Isaac Newton, is one of Britain's most respected learned institutions: that's why it matters so much that the organisation's new report, "Progress and research in cybersecurity," begins by demanding that government "must commit to preserving the robustness of encryption, including end-to-end encryption, and promoting its widespread use. Encryption is a foundational security technology that is needed to build user trust, improve security standards and fully realise the benefits of digital systems." Read the rest

For the first time, a federal judge has thrown out police surveillance evidence from a "Stingray" device

Stingrays -- the trade name for an "IMSI catcher," a fake cellphone tower that tricks cellphones into emitting their unique ID numbers and sometimes harvests SMSes, calls, and other data -- are the most controversial and secretive law-enforcement tools in modern American policing. Harris, the company that manufactures the devices, swears police departments to silence about their use, a situation that's led to cops lying to judges and even a federal raid on a Florida police department to steal stingray records before they could be introduced in open court. Read the rest

How to kick Pokemon Go out of your Google account

A privacy trainwreck: Pokemon Go, the hit augmented reality game that's seeing kids and adults alike scouring the real world looking for monsters to nab, quietly gets "full access" to players' Google accounts. And check out the small print that goes with it. Read the rest

Pokemon Go privacy rules are terrible (just like all your other apps)

Pokemon Go wants access to your Google account (and thus your email and Google Docs) and its privacy policy is a Kafka-esque nightmare document that lets them collect every single imaginable piece of private information about your life and share it with pretty much anyone they want to, forever. Read the rest

Rebate for IoT thermostat requires that you give permission to your utility to read "all data"

Aaron writes, "While filling out this seemingly great rebate for $100 for a recently purchased wifi-enabled thermostat, I happened to read the Terms and Conditions, which includes the fact that I must unwittingly agree to share all my thermostat data with my electric and gas companies (It was odd that they asked for my thermostat's MAC address). Because I have an ecobee3, this includes information on how often I'm in my bedroom, or when I'm home or out!" Read the rest

Peak indifference: privacy as a public health issue

My latest Locus column, "Peak Indifference", draws a comparison between the history of the "debate" about the harms of smoking (a debate manufactured by disinformation merchants with a stake in the controversy) and the current debate about the harms of surveillance and data-collection, whose proponents say "privacy is dead," while meaning, "I would be richer if your privacy were dead." Read the rest

Leaked FBI documents reveal secret rules for spying on journalists with National Security Letters

Today, The Intercept published leaked documents that contain the FBI’s secret rules for targeting journalists and sources with National Security Letters (NSLs)—the controversial and unconstitutional warrantless tool the FBI uses to conduct surveillance without any court supervision whatsoever.

Read the rest

Facebook: We did ‘a test’ last year using some people's location data to suggest friends

Facebook recently told Fusion reporter Kashmir Hill that Facebook uses location data to recommend friends. People freaked out. Facebook retracted the statement. Then, the social media giant said what, that's crazy, LOL, no. No, we didn't do that at all. Now, Facebook’s communications team tells Hill the confusion arose “because there was a brief time when the social network used location for friend suggestions,” which involved a small percentage of Facebook users and stopped last year.

Read the rest

Privacy invasion? Facebook is using your phone's location data to suggest friends

Well, this sounds like potentially a pretty big deal. Facebook is using smartphone location data to recommend new friends to users, which suggests many possible privacy invasions. This is also a technique NSA uses to track surveillance targets.

Read the rest

Rubber fingertips to use with fingerprint-based authentication systems

Mian Wei, a Chinese student at the Rhode Island School of Design, has created an experimental series of fake fingertips with randomly generated fingerprints that work with Apple and Android fingerprint authentication schemes, as well as many others. Read the rest

Snowden publicly condemns Russia's proposed surveillance law

Edward Snowden has taken to Twitter to condemn Russia's proposed "Yarovaya law," which provides prison sentences of 7 years for writing favorably about "extremism" on the Internet, criminalizes failure to report "reliable" information about planned attacks, and requires online providers to retain at least six months' worth of users' communications, 3 years' worth of "metadata" and to provide backdoors to decrypt this material. Read the rest

US Customs and Border Protection wants to ask for your "online presence" at the border

The week, the US CBP published a notice in the Federal Register proposing a change to the Form I-94 Arrival/Departure Record paperwork that visitors to the US fill out when they cross the border, in which they announce plans to ask travellers to "please enter information associated with your online presence." Read the rest

Don't let the government hack your computer. Tell Congress to stop changes to #Rule41.

“The U.S. government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack,” the EFF says. “The changes to Rule 41 would make it easier for them to break into our computers, take data, and engage in remote surveillance.

Read the rest

Russian bill mandates backdoors in all communications apps

A pending "anti-terrorism" bill in the Duma would require all apps to contain backdoors to allow the secret police to spy on the country's messaging, in order to prevent teenagers from being "brainwashed" to "murder police officers." Read the rest

More posts