Facebook to banks: give us our users' financial data and we'll let them bank with Facebook

Facebook wants to "deepen user engagement" with Messenger, and to that end, it's been pitching America's giant banks on joint enterprises where Facebook will get to see all your financial info (especially info on where you're shopping and what you're buying) to help it suck you into using Messenger for longer. Read the rest

Consumer Reports now evaluates products' security and privacy

Consumer Reports is arguably America's most trusted source of product reviews -- published by Consumers Union, a venerable nonprofit with a deserved reputation for scrupulous care and neutrality -- and for years it has been wrestling with how to address privacy and cybersecurity in modern products (disclosure: I have advised them some on this). Read the rest

On the cruelty of ankle-monitors

Ankle monitors are billed as a humane alternative to incarceration, allowing people who might otherwise be locked up to be reintegrated into the community. Read the rest

SpiderOak warrant canary to be replaced by 'transparency report'

SpiderOak is a cloud backup service with a warrant canary: a formal statement that assured users that the company and its operators had never been made to secretly cooperate with the government, law enforcement or other surveilling authority. The canary reportedly disappeared this weekend, then reappeared, along with a statement saying it was being replaced by a "transparency report."

Don't be mad at the company! The canary worked exactly as it was supposed to. Read the rest

Canadian government investigating mall's use of biometric surveillance

Last week, it was revealed by a sharp-eyed Redditor that the information kiosks at a mall in Calgary, Canada, were full of software designed to track the age and sex of anyone that stopped to use it. Pretty damn greasy. Greasier still, the management company that operates the mall, Cadillac Fairview admitted that the software was in use at a number of its other properties. The greasiest bit out of all of it? They shrugged off privacy concerns raised by a number of news outlets as there’s nothing in Alberta’s laws that keeps them from doing it without permission, or warning mall patrons that it’s being done.

Well, that was last week.

From The CBC:

The privacy commissioners of Alberta and Canada are launching investigations into the use of facial recognition technology, without the public's consent, in at least two malls in Calgary.

A notice posted Friday to the Alberta privacy commissioner website says the investigation will look to determine, "what types of personal information are being collected, whether consent for collection or notice of collection is required or would be recommended, for what purposes personal information is collected, whether the data is being shared with other businesses, law enforcement or third parties, and what safeguards or security measures are in place to protect personal information."

It’s said that Alberta’s privacy commissioner opened the investigation, based on the level of public interest surrounding the issue of whether or not it’s cool for property owners to collect biometric information without a visitor’s knowledge or consent. Read the rest

Calgary malls caught secretly using facial recognition to characterise shoppers' age and gender

Calgary's Chinook Centre and Market Mall -- operated by Cadillac Fairview -- have been caught running background software that analysed the footage from the CCTVs in the malls' electronic directories to guess at the age and gender of visitors, without consent or notification. Read the rest

Patches remove spyware from Civilization VI, other games

The game Civilization VI contained Red Shell, a spyware application that tracks what ads players are looking at, among other things. It's now gone after a new patch -- and other game publishers have been scrambling to do likewise after being caught with their spyglasses up and their pants down.

Developers and publishers behind games including Conan Exiles, The Elder Scrolls Online, Hunt: Showdown, and Total War have vowed to remove Red Shell – or already removed it.

“Whilst Red Shell is only used to measure the effectiveness of our advertising, we can see that players are clearly concerned about it and it will be difficult for us to entirely reassure every player,” said Total War devs Creative Assembly, for example. “So, from the next update we will remove the implementation of Red Shell from those Total War games that use it.”

Other statements were broadly the same: a defence along the lines of “it’s not spyware as bad as you might think but yeah we get you’re skeezed out and we will remove it.”

Read the rest

British Airways won't let you check in while ad-blocking, insists that passengers post personal info to Twitter "for GDPR compliance"

British Airways was outed by security researcher Mustafa Al-Bassam for telling passengers they couldn't help with delays and other problems unless they posted their personal information publicly to Twitter, in order "to comply with the GDPR." Read the rest

Venmo's "public by default" transactions reveal drug deals, breakups, more

Because Venmo defaults to making all payments public, privacy researcher Hang Do Thi Duc was able to download and analyze 208,000,000 transactions, whose notes and other metadata revealed a wealth of personal, compromising information, including drug deals and breakups. Read the rest

Microsoft asks Congress to regulate facial recognition technology

Microsoft on Friday joined a growing number of tech industry voices who want the government to limit the use of facial recognition technology. Read the rest

Facebook allowed third party marketers to download names of people in private groups

A private Facebook group for women who are carriers of the BRCA breast cancer gene discovered that marketers were able to harvest their names and personal information because of a Facebook privacy loophole. Read the rest

Mark Zuckerberg and his empire of oily rags

Surveillance capitalism sucks: it improves the scattershot, low-performance success-rate of untargeted advertising (well below 1 percent) and doubles or triples it (to well below 1 percent!). Read the rest

EFF has released STARTTLS Everywhere: free tools to encrypt email between mail servers

When you send someone else an email, your mail server connects to their mail server to transmit the message, and spy agencies have made a surveillance banquet out of these transactions, harvesting emails by the billions. Read the rest

Supreme Court: no government location tracking without a warrant

The Supreme Court has ruled in the closely watched Carpenter v. United States case, which questioned the constitutionality of warrantless location surveillance, a widespread practice among US law enforcement and surveillance agencies. Read the rest

Here are 15 privacy settings you should change from defaults, from Linkedin to cellphones to smart TVs

The Washington Post rounds up 15 privacy defaults that no one in their right mind would want to leave as-is, and provides direct links to change 'em (hilariously and predictably, Verizon/Oath/Yahoo's privacy settings dashboard times out when you try to load it) -- once you're done with that, go back and follow his links to unfuck the privacy defaults for Google, Apple, Amazon, Microsoft and #DeleteFacebook. (via Reddit) Read the rest

Facebook only pretended to shut down access to friends' data in 2015, quietly continued access for its favored partners

Facebook opened up access to friends' data through its API in a bid to attract developers to its platform, but in 2015, it incurred those developers' wrath when it pulled the rug out from under them, killing the API calls that allowed apps to mine their users' friends' data. Read the rest

Cambridge Analytica: Director 'met Assange to discuss U.S. election', channelled $ to WikiLeaks

A former executive from the data-mining dark operator Cambridge Analytica 'visited Julian Assange in February last year and told friends it was to discuss what happened during the US election,' the Guardian reported today.

Brittany Kaiser worked as a director there until not long ago, and is reported “to have channelled cryptocurrency payments and donations to WikiLeaks.”

Excerpt:

Assange issued a statement saying that he had turned down the Cambridge Analytica offer. Alexander Nix, the company’s chief executive, told Westminster MPs the same in February, during an appearance at the Commons digital, culture, media and sport (DCMS) select committee. Nix said he found a contact for WikiLeaks’ speaking agency on the internet and sent Assange an email.

But visitor logs from the Ecuador embassy obtained by the Guardian and Focus Ecuador appear to show that Brittany Kaiser, a senior executive at Cambridge Analytica until earlier this year, visited Assange on 17 February 2017. Information passed to the DCMS committee in the UK and the Senate judiciary committee in the US states that the meeting was “a retrospective to discuss the US election”.

Kaiser is also alleged to have said that she had funnelled money to WikiLeaks in the form of cryptocurrency. She called the organisation her “favourite charity”. The reports passed to investigators say that money was given to her by third parties in the form of “gifts and payments”.

After the afore-quoted story was published, there was all-new news in London today.

Alexander Nix appeared as scheduled before the DCMS committee for the second time at 3pm on Wednesday (today), where he was questioned by lawmakers on Cambridge Analytica’s relationship with WikiLeaks and the disinformation campaign by Russia to elect Donald Trump. Read the rest

More posts