In secret court proceedings, the U.S. government is trying to force Facebook to help wiretap Messenger. Facebook has declined, so the Justice Department is asking a judge for an order of contempt. Read the rest
Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies won the Distinguished Paper prize at this year's Usenix Security Conference; its authors, researchers at Belgium's Catholic University in Leuven, revealed a host of devastating, never-seen tracking techniques for identifying web-users who were using privacy tools supplied by browser-vendors and third-party tracking-blocking tools. Read the rest
The Associated Press, working with Princeton University researchers, report that Google services on both Android and iOS devices store the user's location irrespective of location data privacy settings. The company was caught after prompting a graduate student to rate a retail store they had recently visited.
Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”
That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking. ...The privacy issue affects some two billion users of devices that run Google’s Android operating software and hundreds of millions of worldwide iPhone users who rely on Google for maps or search.
There is some elaborate ratmaze of settings you can dig into to actually turn the tracking off, one of which is apparently this "Web and App Activity” panel. Google says it is "being perfectly clear." The AP's interactive map of its researcher being tracked over a three day period shows what is perfectly clear: where you are. Read the rest
This week, I sat down for an hour-long interview with the Yale Privacy Lab's Sean O'Brien (MP3); Sean is a frequent Boing Boing contributor and I was honored that he invited me to be his guest on the very first episode of the Lab's new podcast. Read the rest
A presentation today at Defcon from Drexel computer science prof Rachel Greenstadt and GWU computer sicence prof Aylin Caliskan builds on the pair's earlier work in identifying the authors of software and shows that they can, with a high degree of accuracy, identify the anonymous author of software, whether in source-code or binary form. Read the rest
Comcast Xfininty's login page had an easily found bug that allowed anyone to gain access to the partial Social Security Numbers and partial home addresses of over 26.5 million customers. Read the rest
Facebook wants to "deepen user engagement" with Messenger, and to that end, it's been pitching America's giant banks on joint enterprises where Facebook will get to see all your financial info (especially info on where you're shopping and what you're buying) to help it suck you into using Messenger for longer. Read the rest
Consumer Reports is arguably America's most trusted source of product reviews -- published by Consumers Union, a venerable nonprofit with a deserved reputation for scrupulous care and neutrality -- and for years it has been wrestling with how to address privacy and cybersecurity in modern products (disclosure: I have advised them some on this). Read the rest
Ankle monitors are billed as a humane alternative to incarceration, allowing people who might otherwise be locked up to be reintegrated into the community. Read the rest
SpiderOak is a cloud backup service with a warrant canary: a formal statement that assured users that the company and its operators had never been made to secretly cooperate with the government, law enforcement or other surveilling authority. The canary reportedly disappeared this weekend, then reappeared, along with a statement saying it was being replaced by a "transparency report."
We just released our most recent transparency report, available at https://t.co/c09TN6WC6I. This will replace our #warrantcanary. The final version of the canary is available at https://t.co/VPzkLXDkWh. The transparency report will be updated every six months.
— SpiderOak (@SpiderOak) August 3, 2018
Don't be mad at the company! The canary worked exactly as it was supposed to. Read the rest
Last week, it was revealed by a sharp-eyed Redditor that the information kiosks at a mall in Calgary, Canada, were full of software designed to track the age and sex of anyone that stopped to use it. Pretty damn greasy. Greasier still, the management company that operates the mall, Cadillac Fairview admitted that the software was in use at a number of its other properties. The greasiest bit out of all of it? They shrugged off privacy concerns raised by a number of news outlets as there’s nothing in Alberta’s laws that keeps them from doing it without permission, or warning mall patrons that it’s being done.
Well, that was last week.
From The CBC:
The privacy commissioners of Alberta and Canada are launching investigations into the use of facial recognition technology, without the public's consent, in at least two malls in Calgary.
A notice posted Friday to the Alberta privacy commissioner website says the investigation will look to determine, "what types of personal information are being collected, whether consent for collection or notice of collection is required or would be recommended, for what purposes personal information is collected, whether the data is being shared with other businesses, law enforcement or third parties, and what safeguards or security measures are in place to protect personal information."
It’s said that Alberta’s privacy commissioner opened the investigation, based on the level of public interest surrounding the issue of whether or not it’s cool for property owners to collect biometric information without a visitor’s knowledge or consent. Read the rest
Calgary's Chinook Centre and Market Mall -- operated by Cadillac Fairview -- have been caught running background software that analysed the footage from the CCTVs in the malls' electronic directories to guess at the age and gender of visitors, without consent or notification. Read the rest
The game Civilization VI contained Red Shell, a spyware application that tracks what ads players are looking at, among other things. It's now gone after a new patch -- and other game publishers have been scrambling to do likewise after being caught with their spyglasses up and their pants down.
Read the restDevelopers and publishers behind games including Conan Exiles, The Elder Scrolls Online, Hunt: Showdown, and Total War have vowed to remove Red Shell – or already removed it.
“Whilst Red Shell is only used to measure the effectiveness of our advertising, we can see that players are clearly concerned about it and it will be difficult for us to entirely reassure every player,” said Total War devs Creative Assembly, for example. “So, from the next update we will remove the implementation of Red Shell from those Total War games that use it.”
Other statements were broadly the same: a defence along the lines of “it’s not spyware as bad as you might think but yeah we get you’re skeezed out and we will remove it.”
British Airways was outed by security researcher Mustafa Al-Bassam for telling passengers they couldn't help with delays and other problems unless they posted their personal information publicly to Twitter, in order "to comply with the GDPR." Read the rest
Because Venmo defaults to making all payments public, privacy researcher Hang Do Thi Duc was able to download and analyze 208,000,000 transactions, whose notes and other metadata revealed a wealth of personal, compromising information, including drug deals and breakups. Read the rest
Microsoft on Friday joined a growing number of tech industry voices who want the government to limit the use of facial recognition technology. Read the rest
