Contractors working for Microsoft say they listened to audio captured by Xbox consoles

Update: Justin Reese from Abstractions writes, "policy changes were implemented last night and additional changes were made this morning."

He adds, "The article was also inaccurate from the start by calling the wristbands surveillance devices in the title. They are only used to control access and don't track where users are or have been except in the case where the attendee has given explicit permission in their profiles to share with sponsors and completed a double opt-in by scanning their ID at the sponsor table (the read range is about 2"). Unless we receive a double opt-in, the ids on the wristband are never associated with a user. It is no more a surveillance device than any other conference badge. I'd appreciate a retraction of this inaccuracy and an update regarding our policies."

Reese is correct that the manufacturers design RFID chips to be read from inches; however, that doesn't mean that they can't be read from longer distances (for example, distant, directional antennas can read them at longer distances while they are being energized by a nearby reader). Likewise, the idea that users can't be identified from persistent, anonymous identifiers is incorrect.

It's a pretty good example of how a thin understanding of privacy issues in wireless technologies and statistical analysis can result in selecting authentication systems that expose users to privacy risks.

Sumana Harihareswara (previously) writes, "The Abstractions tech conference (Aug 21-23, in Pittsburgh) doesn't tell attendees this before they buy a ticket, but attendance requires you wear their wristband with an embedded tracking chip -- and that you don't take it off at night or in the shower till the conference ends. Read the rest

Every time I write about the unfolding scandal of Amazon's secret partnerships with hundreds of US police departments who get free merch and access to Ring surveillance doorbell footage in exchange for acting as a guerrilla marketing street-team for Ring, I get an affronted email from Amazon PR, implying that I got it all wrong, but unwilling to enter into detailed discussions of what's actually going on (the PR flacks also usually ask to be quoted officially but anonymously, something I never agree to). Read the rest

Remember Perceptics, the Border Patrol contractor whose facial recognition database was hacked, along with hundreds of gigs' worth of internal files? Read the rest

When airline seatback entertainment systems started to come bundled with little webcams, airlines were quick to disavow their usage, promising that the cameras were only installed for potential future videoconferncing or gaming apps, and not to allow the crew or airline to spy on passengers in their seats. Read the rest

Last week, Motherboard broke a story revealing that Amazon had entered into secret agreements with local law enforcement agencies that had the cops pushing Ring surveillance doorbells to the people they were sworn to protect, in exchange for freebies and access to a system that let them request access to footage recorded by the Amazon's industry-leading internet-of-shit home surveillance tools. Read the rest

Last week, Motherboard reported on a public record request that revealed that Amazon had struck confidential deals with local police forces to get them to promote the company's Internet of Things "Ring" doorbells, and the accompanying "Neighbors" app that produces a kind of private surveillance mesh overlooking nearby public spaces -- under the terms of the deal, cops would be able to see a map noting locations of Ring surveillance cams and request footage from their owners. Read the rest

Amazon quietly struck deals with dozens of local law enforcement agencies across America that gave the police access to a distributed surveillance feed from its Ring "smart doorbell" products in exchange for the cops providing free advertising for the products without revealing their contractual requirement to do so. Read the rest

In 2018, Steve Bannon teamed up with a group called Catholicvote to acquire mobile phone location-tracking data to identify people in Iowa who'd visited a Catholic church and target them with political ads. Read the rest

For years, libraries across America have paid to subscribe to lynda.com for online learning content; four years ago, lynda.com became a division of Linkedin, and this year, the company has informed libraries that they're migrating all lynda.com users to Linkedin Learning, which would be fine, except Linkedin only allows you to access Linkedin Learning if you create and connect a Linkedin profile to the system. Read the rest

Sytech is a private sector contractor to FSB, the Russian spy-agency that is the successor to the KGB; on July 13th, hacking group 0v1ru$ defaced Sytech's site and claimed to have hacked their internal network and stolen their files -- this week, the Russian hacking group Digitalrevolution began to pass these files on to Russian media, claiming to have 7.5TB of data in all, making it the largest breach of any Russian spy agency in history. Read the rest

If you only look at porn with your browser in incognito mode, your browser will not record your porn-viewing history; but the porn sites themselves overwhelmingly embed tracking scripts from Google and Facebook in every page: 93% of 22,484 porn sites analyzed in a New Media & Society paper had some kind of third-party tracker, with Google in the lead, but also including trackers from some of the worst privacy offenders in Silicon Valley, like Oracle. Read the rest

Nacho Analytics sells browsing data from more than 4m users (they advertise "See Anyone’s Analytics Account"), a service it calls "God mode for the internet." The data is harvested by embedding Nacho's spyware (dubbed "Dataspii") in a variety of browser extensions, mostly for Chrome, but also some for Firefox. Read the rest

Evan Greer from Fight for the Future writes, "Facial recognition might be the most invasive and dangerous form of surveillance tech ever invented. While it's been in the headlines lately, most of us still don't know whether it's happening in our area. My organization Fight for the Future has compiled an interactive map that shows everywhere in the US (that we know of) facial recognition being used -- but also where there are local efforts to ban it, like has already happened in San Francisco, Oakland, and Somerville, MA. We've also got a tool kit for local residents who want to get an ordinance or state legislation passed in their area." Read the rest

“For the first time ever, there's a comprehensive map on where local police departments have partnered with Amazon's Ring,” CNet's Alfred Ng writes. Read the rest

“The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives.”

In Social Connectedness in Urban Areas (Sci-Hub mirror), a group of business and public policy researchers from Facebook, NYU and Princeton study anonymized, fine-grained location data from Facebook users who did not disable their location history, and find that the likelihood that New Yorkers will remain friends is well correlated with the ease of commuting between their respective homes on public transit. Read the rest