A webcomic explainer on how the census deals with digital privacy

Journalist's Resource published this great comic by Josh Neufeld, explaining the basic concepts behind differential privacy, the data collection method used to prevent bad actors from de-anonymizing the information gleaned from the 2020 Census.

The original source includes some other great resources on differential privacy, but since the comic itself is made available under a Creative Commons Attribution-NoDerivatives 4.0 International License, we've re-posted it here in full.

 

A brief introduction to differential privacy: A data protection plan for the 2020 census [Josh Neufeld / Journalist's Resource] Read the rest

New app helps you identify IoT devices around you, tells you what data they collect

Researchers at Carnegie Mellon have come up with this new IoT Assistant app (available for both iOS and Android) that will supposedly inform you about what Internet-connected smart devices are around you at any point in time, and what kind of information they might be collecting.

“Because of new laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), people need to be informed about what data is collected about them and they need to be given some choices over these processes,” says Professor Norman Sadeh, a CyLab faculty member in Carnegie Mellon’s Institute for Software Research and the principal investigator on the project. “We have built an infrastructure that enables owners of IoT technologies to comply with these laws, and an app that takes advantage of this infrastructure to empower people to find out about and control data collected by these technologies.”

I've downloaded the app myself, and I plan on adding my own smart home devices to their database, just to see what I can find. I don't know how well it will actually work, but I'm certainly intrigued by the idea.

New infrastructure will enhance privacy in today’s Internet of Things [Daniel Tkacik / CyLab, the Carnegie Mellon University Security and Privacy Institute] Read the rest

Antivirus firm Avast sold user data via 'Jumpshot' to Pepsi, Google, Microsoft — REPORT

UPDATE JAN 29 2020 From Sephora's PR agency:

I caught your recent story on BoingBoing regarding Avast. Wanting to see if it is possible for you to make a correction to the piece? Sephora is not a past, present or potential client. You can find a quote from Sephora below. “Sephora is not a client and has not worked with Avast/Jumpshot.”

The brand name has been redacted from this blog post, which in turn quoted a VICE NEWS article which named the brand as having been associated in some way with Avast.

-- Xeni Jardin, Jan 29 2020

--------

Documents show that the antivirus company Avast has been selling its users' internet browsing data, through a subsidiary named Jumpshot, to clients that include Pepsi, Google, and Microsoft, reports Motherboard. The report is the result of a joint investigation between the VICE News site and PC Mag. Read the rest

Popular UK health websites share sensitive user data with Google, Facebook, dozens more

A number of popular health-related websites in the UK are reported to be actively sharing sensitive user data with dozens of third parties, including Google and Facebook, but also various adtech firms and data brokers. Read the rest

Ant-facial recognition tech at the Hong Kong protests was an art project

There have been some tweets going around about a "wearable face projector" being employed at the ongoing protests in Hong Kong.

It's essentially the same as the scramble suits from Philip K. Dick's A Scanner Darkly—instead of disguising yourself as someone else, it disguises you as everyone else, projecting a constantly shifting visage that drives the facial recognition AI crazy. It certainly makes sense that someone would try to use something like this in Hong Kong, where the mere act of protecting one's identity in public is now punishable by a USD3,200 fine.

Except… it's not from the Hong Kong protests. It's actually an art project by Jing-Cai Liu, an industrial design student at Eindhoven University of Technology in the Netherlands. Liu had come up with the concept of a wearable face projector as an undergrad at the University of the Arts in Utrecht. "In the future, the advertisement could call your name when you walk along the streets," she writes on her website:

Mega databanks and high-resolution cameras in the streets stock hundreds of exabytes a year. But who has access to this data? It is possible that it could have commercial use, hence not only retail companies but also the advertisement industry could be very interested in this data in the coming future. They would hope to gain these personal data and information as much as they can.

[…]

The companies would know your personal interests and may set different retail strategies for you.

Read the rest

FTC fines app TikTok/Musical.ly $5.7 million for child data privacy violations

Today's FTC ruling impacts how the TikTok app works for users under the age of 13.

Amazon sends man 1,700 Alexa voice recordings from a stranger

A man in Germany asked Amazon to send him the audio recordings of his Alexa activities, and Amazon complied with the request, giving him a bonus: a link to 1,700 recordings from a stranger. When he told Amazon about it, Amazon didn't reply, but deleted the files from the link. Too late - the man had already downloaded the audio files. He then shared the files with a German magazine. They listened to the audio recordings of the man and his female companion and were able to figure out who he was and they told him what had happened. After the magazine ran the story, Amazon suddenly became chatty:

“This was an unfortunate case of human error and an isolated incident. We have resolved the issue with the two customers involved and have taken steps to further improve our processes. We were also in touch on a precautionary basis with the relevant regulatory authorities.”

[via Washington Post]

Image: Photocollege using Shutterstock/pianodiaphragm and Cryteria - Own work, CC BY 3.0, Link Read the rest

EU Parliament demands Facebook audit after breach hits 87 million users

MEPs in European Parliament want Facebook to submit to a full audit by European Union bodies to determine whether the U.S. based social media company adequately protects users’ personal data. The demand made in the form of an EU resolution adopted Thursday, October 25, 2018, follows the company's recent breach scandal, in which data belonging to 87 million Facebook users around the world were improperly obtained and misused. Read the rest

Google, Amazon, Twitter, other Big Tech to Congress: New California data privacy rules too tough

Executives from Google, Twitter, AT&T, Amazon, Apple, and other big tech companies told a U.S. Senate panel today they support updating federal law to protect data privacy, but they want Congress to block California's tough new privacy rules. Read the rest