The UK Conservative Party's annual conference is about to kick off in Birmingham, and the Tories have distributed an app ahead of time to all attendees: senior ministers, government officials, members of the press, party members, and others.
The app has a fatal design-flaw: anyone could login as any attendee, provided that you knew that person's email address. As Guardian columnist and Jacobin writer Dawn Foster explained in a tweet, you could effect this login "just with their email address, no emailed security links, and post comments as them."
Once logged in, you could see the user's private mobile phone number, change that person's profile, and, as noted, post comments under their name (the app has been updated to close the vulnerability).
Twitter users are speculating about which UK data-protection laws this violates and what sort of penalties the party may face as a result of the breach.
More trenchantly, this undermines the Conservatives' signature technological promises, including its insistence that a post-Brexit Irish border can be solved with technology, and the plans to make EU citizens register their presence in the UK with an app.
Yesterday Bytedance, the company that acquired the tween-centric app Musica.ly and relaunched it as Tiktok, was been sued by a parents' group for violating the Children's Online Privacy Protection Act by gathering, storing, and selling private information about their children. Today, they settled the case on terms that have not been disclosed.
Reps Anna Eshoo [D-CA] and Zoe Lofgren [D-CA] have introduced HR 4978, the "Online Privacy Act," which is a comprehensive set of federal rules for privacy, interoperability, and protection from algorithmic discrimination and manipulation.
Chrome’s incognito mode is useful if you don’t want your browsing history saved to your account, don’t want websites to access your cookies, or if you want to troubleshoot your browser. But it doesn’t do much to protect your privacy. Your ISP can see what websites you visit, and services like Twitter can figure out […]
In the early days of the web, everyone wanted a .com domain for their site. As a result, all the good ones got snapped up. But .com no longer has the cachet it once did. In fact, many new businesses and individuals are opting for other top-level domain extensions. One of the most memorable is […]
When the SNES launched back in the early 1990s, it changed gaming forever. One of the innovations was a gamepad with four action buttons — something that has remained a constant on controllers ever since. The 8BitDo SN30 Bluetooth Gamepad brings that iconic design up to date, with Bluetooth connectivity and support for multiple platforms. […]
After a long day at work, cooking a meal from scratch can seem like too much trouble. Unfortunately, the alternative is usually something unhealthy. Enter the Mellow Sous Vide Precision Cooker. This compact water bath uses cutting-edge technology to cook meat and veggies at the perfect temperature for exactly the right amount of time. It […]