The Washington Post rounds up 15 privacy defaults that no one in their right mind would want to leave as-is, and provides direct links to change 'em (hilariously and predictably, Verizon/Oath/Yahoo's privacy settings dashboard times out when you try to load it) -- once you're done with that, go back and follow his links to unfuck the privacy defaults for Google, Apple, Amazon, Microsoft and #DeleteFacebook. (via Reddit) Read the rest

Facebook opened up access to friends' data through its API in a bid to attract developers to its platform, but in 2015, it incurred those developers' wrath when it pulled the rug out from under them, killing the API calls that allowed apps to mine their users' friends' data. Read the rest

A former executive from the data-mining dark operator Cambridge Analytica 'visited Julian Assange in February last year and told friends it was to discuss what happened during the US election,' the Guardian reported today.

Brittany Kaiser worked as a director there until not long ago, and is reported “to have channelled cryptocurrency payments and donations to WikiLeaks.”

Excerpt:

Assange issued a statement saying that he had turned down the Cambridge Analytica offer. Alexander Nix, the company’s chief executive, told Westminster MPs the same in February, during an appearance at the Commons digital, culture, media and sport (DCMS) select committee. Nix said he found a contact for WikiLeaks’ speaking agency on the internet and sent Assange an email.

But visitor logs from the Ecuador embassy obtained by the Guardian and Focus Ecuador appear to show that Brittany Kaiser, a senior executive at Cambridge Analytica until earlier this year, visited Assange on 17 February 2017. Information passed to the DCMS committee in the UK and the Senate judiciary committee in the US states that the meeting was “a retrospective to discuss the US election”.

Kaiser is also alleged to have said that she had funnelled money to WikiLeaks in the form of cryptocurrency. She called the organisation her “favourite charity”. The reports passed to investigators say that money was given to her by third parties in the form of “gifts and payments”.

After the afore-quoted story was published, there was all-new news in London today.

Former Cambridge Analytica CEO Alexander Nix. Read the rest

Despite Mark Zuckerberg's internal war on transparency, the Facebook data abuse reveals just keep on coming. Read the rest

From 2007 onward, Facebook created dozens of data-sharing arrangements with mobile phone vendors that let them raid your friends' personal information as well as your own, in arrangements that are still ongoing today, years after Facebook publicly announced that it had closed off this kind of data-mining by its partners. Read the rest

The UK consumer review magazine Which? (equivalent to America's Consumer Reports) has published a special investigation into the ways that Internet of Things smart devices are spying on Britons at farcical levels, with the recommendation that people avoid smart devices where possible, to feed false data to smart devices you do own, and to turn off data-collection settings in devices' confusing, deeply hidden control panels. Read the rest

It's been nearly three weeks since the publication of Efail, a critical set of attacks against PGP/GPG-encrypted emails that was so hard to mitigate that EFF's recommendation was to stop using it for mail altogether until a solution could be worked out. Read the rest

Have you tried turning it off and on again?

The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest

Dolan Darker (YouTube) welcomes the world to the web of 2018.

Because of #GDPR, USA Today decided to run a separate version of their website for EU users, which has all the tracking scripts and ads removed. The site seemed very fast, so I did a performance audit. How fast the internet could be without all the junk! 🙄 5.2MB → 500KB pic.twitter.com/xwSqqsQR3s

— Marcel Freinbichler (@fr3ino) May 26, 2018

Read the rest

May 25 is Towel Day, when fans of The Hitchhiker's Guide to the Galaxy jokingly adorn a towel and praise the household item as if it prepares the owner for any sticky situation. Author Douglas Adams was a master of these tongue-in-cheek references to our modern existence, helping the reader (and listener) feel as if they might one day walk across their livingroom and into a silly, star-spanning adventure.

Social rating site Klout saw where society was heading with influencer marketing, but like many bad ideas that were a little ahead of their time, Klout will not live on to see the devastation they helped usher in. Read the rest

Last week, the New York Times revealed that an obscure company called Securus was providing realtime location tracking to law enforcement, without checking the supposed "warrants" provided by cops, and that their system had been abused by a crooked sheriff to track his targets, including a judge (days later, a hacker showed that Securus's security was terrible, and their service would be trivial to hack and abuse). Read the rest

Securus is the widely abused location-tracking tool that exploits a loophole in privacy law to allow police to extract realtime and historical cellphone location data without a warrant or any accountability. Read the rest

Nurses picketed The Priscilla Chan and Mark Zuckerberg San Francisco General Hospital And Trauma Center (AKA "Zuckerberg San Francisco General Hospital") and covered up Zuckerberg's name on the hospital sign, citing concerns that patients would not trust a hospital that was associated with someone with such a long rap-sheet for privacy violations. Read the rest

Ride-sharing services Uber and Lyft have now both stated that they will no longer force victims of sexual assault into non-binding arbitration, as has been the practice of both firms until today. Read the rest

Jag Talon''s Embed Bud is a single-serving site (made with Glitch) that generates less invasive YouTube embed snippets to use on the web. It's a simple trick that adds the encrypted-media attribute to the http iframe so you don't have to. Suggestion: it could also add modestbranding and showinfo (to remove logos and telltale overlays), rel=0 (to remove next-up recommendations based on user history), and start=15s (because the only thing that ever happens in the first 15 seconds of a YouTube video is logos, music and "hey guys") Read the rest

A group of researchers have published a paper and associated website describing a clever attack on encrypted email that potentially allows an attacker to read encrypted emails sent in the past as well as current and future emails; EFF has recommended switching off PGP-based email encryption for now, to prevent attackers from tricking your email client into decrypting old emails and sending them to adversaries. Read the rest