Israeli spyware firm NSO Group 're-acquired' by founders

The NSO Group is an Israeli firm that has long marketed itself as a "cyber warfare" company, selling mobile surveillance technology to governments that include notoriously corrupt human rights abusers. One of these is Mexico, where NSO spyware played a key role in targeting teachers and journalists, and missing students.

On Thursday, NSO Group announced it has been “re-acquired” by its founders. Read the rest

Was that huge 2017 Equifax data breach part of a nation-state spy scheme?

That massive Equifax data breach on September 7, 2017, shocked everyone, but a year and a half later, where the data of all those 143 million Equifax users ended up is still a mystery. Read the rest

New York City's new rideshare regs put Big Brother in backseat, give GPS tracking a whole new meaning

Whether you love them or hate them, rideshares like Uber and Lyft have become a daily part of life for millions of New Yorkers. These app-based services make it easy to pay for your ride, but while the privacy cost isn’t always as clear, it’s about to get a lot larger. These apps have tracked our movements since they launched, but as of this month, the Taxi and Limousine Commission (TLC) started tracking us too. Read the rest

Vast majority of Americans and Europeans believe ad-targeting and feed customization are immoral

An RSA survey of 6,000 US and EU adults found that only a minority (48%) believes there is any ethical way to use personal data (that figure rises to 60% when considering US respondents alone); 57% believe that data-breaches are the fault of companies for gathering and retaining data, not the hackers who release it; only 17% believe that ad customization is moral; and only 24% believe that newsfeed customization is moral. Read the rest

Gay dating app Jack'd stored users' private images and data on unsecured AWS server

The gay dating app Jack'd, which has more than a million downloads in the Play store, stored images that users marked 'private' and posted in 1:1 chat sessions *on an unsecured AWS server.* Read the rest

Germany orders Facebook to stop collecting some personal data without consent

Regulators in Germany ruled that Facebook must cut the data it gathers about people who aren't using its app or website or get their consent. Facebook says it intends to appeal the ruling.

The watchdog has carried out a probe into the social network following concerns that members were unaware of the extent of the firm's activities. It covered data gathered from third-party sources as well as via Facebook's other apps, including Instagram.

The US firm has said it will appeal. Specifically, the FCO has ruled that:

• Facebook's various services can continue to collect data, but they cannot combine it with the user's main Facebook account unless the member gives their voluntary consent • collecting data from third-party websites and assigning it to a Facebook user's account is likewise only allowed if that member has given the firm permission

Facebook hitches a ride into browser sessions through like buttons, sharing widgets, ads and other non-obvious page elements. Like certain Google services, it's essentially unavoidable without installing browsers plugins to control them. Read the rest

After more than a year of inaction,one of those privacy-leaking kids' smart watches has been recalled in Europe

It's been a year and a half since the Norwegian Consumer Council commissioned a security audit of kids' "smart watches" that revealed that anyone on the internet could track the wearers, talk to them through their watches, and listen in on them; a year later, Pen Test Partners revealed that the watches were still leaking sensitive information, a situation that hadn't changed as of last week. Read the rest

Toronto cops can frequently get your public transit history without a warrant

Metrolinx, the provincial agency that supplies the Presto cards used to pay for public transit rides in Toronto, has continued to hand over riders' travel history to Toronto-area cops without asking for a warrant. Read the rest

18 months on, kids' smart watches are STILL a privacy & security dumpster-fire, and a gift to stalkers everywhere

In late 2017, the Norwegian Consumer Council published its audit of kids' smart-watches, reporting that the leading brands allowed strangers to follow your kids around and listen in on their conversations; a year later, Pen Test Partners followed up to see if anything had changed (it hadn't). Read the rest

Apple was slow to act on FaceTime bug report, which came from mother of 14 year old who found it

Go get a developer account and send us a formal bug report, Apple reportedly told them.

New privacy hires at WhatsApp: Nate Cardozo (EFF), Robyn Greene (Open Technology Institute)

This bodes well for WhatsApp users. Read the rest

Australia may have just backdoored your mobile phone

A really bad new law in Australia gives police the right to force companies like Apple to 'backdoor', or create encryption circumvention alternatives, in all their products. The issue has been controversial in the U.S. for a long time, and spiked in 2016 after the mass shooting in San Bernardino. Read the rest

The Nazis and your privacy

The nonprofit organization to which I belong recently put the personal data of around 410,000 people on the internet, connected to interactive street maps of where they lived. The data includes their full names, date and place of birth, known residential address, and often includes their professions and arrest records, sometimes even information about mental or physical handicaps. It also lists whether any of their grandparents were Jewish. Read the rest

Firefox is finally fixing its broken screenshot tool

Firefox's screenshot tool has a lot going for it, but after two days of trying to use it I gave up and went back to using Ksnapshot (now Spectacle) for the near-constant screenshotting I do, all day long: that's because when you hit "save" in Firefox's screenshot UI, it didn't save it to your hard-drive, rather, it uploaded it to a Mozilla server, which, in addition to being time-consuming and stupid, was also a potential huge privacy risk (if, for example, you were screenshotting a sensitive document to retain for later). Read the rest

Most Facebook users don't know their interests are tracked for ad targeting, Pew study finds

Most Facebook users have no idea how the company tracks and profiles everything they do to target ads, a new Pew Research study confirms. Read the rest

How to protect yourself from email tracking

The Electronic Frontier Foundation's Sydney Li and Bennett Cyphers explain how to stop people tracking you through email. Read-receipt beacons and other trickery abounds.

...third-party email tracking technologies will try to share and correlate your email address across different emails that you open, and even across different websites that you visit, further shaping your invisible online profile. And since people often access their email from different devices, email address leaks allow trackers (and often network observers) to correlate your identity across devices.

It doesn’t have to be that way.

The nutshell: it's not enough to block remote images in the client anymore. But you're probably not even doing that. For many, many of you, here's the first step:

Read the rest

Whistleblower: Amazon Ring stores your doorbell and home video feeds unencrypted and grants broad "unfettered" access to them

Sources "familiar with Ring's practices" have told The Intercept that the company -- a division of Amazon that makes streaming cameras designed to be mounted inside and outside your home -- stores the video feeds from its customers' homes in unencrypted format and allows staff around the world to have essentially unfettered access to these videos. Read the rest

More posts