Researchers at Carnegie Mellon have come up with this new IoT Assistant app (available for both iOS and Android) that will supposedly inform you about what Internet-connected smart devices are around you at any point in time, and what kind of information they might be collecting.

“Because of new laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), people need to be informed about what data is collected about them and they need to be given some choices over these processes,” says Professor Norman Sadeh, a CyLab faculty member in Carnegie Mellon’s Institute for Software Research and the principal investigator on the project. “We have built an infrastructure that enables owners of IoT technologies to comply with these laws, and an app that takes advantage of this infrastructure to empower people to find out about and control data collected by these technologies.”

I've downloaded the app myself, and I plan on adding my own smart home devices to their database, just to see what I can find. I don't know how well it will actually work, but I'm certainly intrigued by the idea.

New infrastructure will enhance privacy in today’s Internet of Things [Daniel Tkacik / CyLab, the Carnegie Mellon University Security and Privacy Institute] Read the rest

As Google has enacted a series of high-handed, opaque changes to how Youtube monetizes, upranks and censors videos, Youtubers have found themselves battered by the changes: they built Youtube into a global multi-billion-dollar success story, but they don't get a say in how it's managed. Now, a group of Youtubers have teamed up with Germany's powerful IG Metall trade union to fight back, using Europe's broad privacy laws and Germany's broad labor laws to force the company to come to the negotiating table and give them a say in how the service is run. You can read more about it on the Fairtube campaign site. Read the rest

"Anonymized data" is one of those holy grails, like "healthy ice-cream" or "selectively breakable crypto" -- if "anonymized data" is a thing, then companies can monetize their surveillance dossiers on us by selling them to all comers, without putting us at risk or putting themselves in legal jeopardy (to say nothing of the benefits to science and research of being able to do large-scale data analyses and then publish them along with the underlying data for peer review without posing a risk to the people in the data-set, AKA "release and forget"). Read the rest

After Bloomberg revealed that Amazon secretly sent recordings from Alexa to subcontractors all over the world in order to improve its speech-recognition systems, a whistleblower leaked recordings from Google Home to investigative reporters from VRT, revealing that Google, too, was sending audio clips from its voice assistant technology to pieceworkers through the Crowdsource app. Read the rest

Stalkerware -- spyware sold to people as a means of keeping tabs on their romantic partners, kids, employees, etc -- is a dumpster fire of terrible security (compounded by absentee management), sleazy business practices, and gross marketing targeted at abusive men who want to spy on women. Read the rest

Facebook gave "as many as" 260 contractors at Wipro, Ltd in Hyderabad, India access to users' private messages and private Instagram posts so that the contractors could label them prior to their inclusion in an AI training-data set. Read the rest

If you need to build an app quickly and easily, you might decide to use Facebook's SDK, which has lots of bells and whistles, including easy integration of Facebook ads in your app's UI. Read the rest

Facebook provides a suite of turnkey app-building tools for Android that are widely used among the most popular Google Play apps, with billions of combined installs; naturally, these tools create incredibly data-hungry defaults in the apps that incorporate them, so that even before you do anything with an app, it has already snaffled up a titanic amount of data, tied it into your Google Ad ID (which is recycled by Facebook to join up data from different sources) and sent it to Facebook. Read the rest

The fight against surveillance capitalism and mass state surveillance has reached a tipping point, the peak-indifference moment, when new privacy advocates are self-radicalizing as they witness firsthand the undeniable risks of overcollection, over-retention, and secret manipulation of personal data. Read the rest

Facebook has notified 6.8 million users that, due to a bug, the company allowed its third-party developers to access all the users' photos, including those marked as private. Read the rest

The British government has decreed that adult sites must collect age-verification data on everyone who looks at material rated for 18-and-over viewing; this amounts to a database of the porn-viewing habits of every adult in the UK. Read the rest

MEPs in European Parliament want Facebook to submit to a full audit by European Union bodies to determine whether the U.S. based social media company adequately protects users’ personal data. The demand made in the form of an EU resolution adopted Thursday, October 25, 2018, follows the company's recent breach scandal, in which data belonging to 87 million Facebook users around the world were improperly obtained and misused. Read the rest

The European Union's General Data Protection Regulation is a gnarly hairball of regulation; on the one hand, it makes it virtually impossible to collect mountains of data and buy/sell/trade/mine it to a corporation's heart's content; on the other hand, it imposes a ton of expensive compliance steps on its targets like high-cost record-keeping, and it apportions liability to website operators whose advertisers are out of compliance with the regulation. Read the rest

The UK Conservative Party's annual conference is about to kick off in Birmingham, and the Tories have distributed an app ahead of time to all attendees: senior ministers, government officials, members of the press, party members, and others. Read the rest

British Airways was outed by security researcher Mustafa Al-Bassam for telling passengers they couldn't help with delays and other problems unless they posted their personal information publicly to Twitter, in order "to comply with the GDPR." Read the rest

Surveillance capitalism sucks: it improves the scattershot, low-performance success-rate of untargeted advertising (well below 1 percent) and doubles or triples it (to well below 1 percent!). Read the rest

The European Union is updating its 2001 Copyright Directive, with a key committee vote coming up on June 20 or 21; on GDPR day, a rogue MEP jammed a mass censorship proposal into the draft that is literally the worst idea anyone in Europe ever had about the internet, ever. Read the rest