The "replay sessions" captured by surveillance-oriented "analytics" companies like Fullstory allow their customers -- "Walgreens, Zocdoc, Shopify, CareerBuilder, SeatGeek, Wix.com, Digital Ocean, DonorsChoose.org, and more" -- to watch everything you do when you're on their webpages -- every move of the mouse, every keystroke (even keystrokes you delete before submitting), and more, all attached to your real name, stored indefinitely, and shared widely with many, many "partners." Read the rest

If you're still using Facebook (I don't), your data is being used to profile you in seriously creepy ways; the best thing you can do is delete your Facebook account, but second-best is locking down your account, using the deliberately confusing, overly complexified privacy dashboard. Read the rest

Comptroller general of the French Army René Carmille "purposely delayed the process by mishandling the punch cards," changing the programming so that the religion field wouldn't be read from them; Adolfo Kaminsky used his dry-cleaning chemical expertise to remove the red "J" (for Jew) stamps from French passports, and could forge 30 identity documents per hour; the Kasharyiot (female couriers) could pass for Aryans and smuggled "secret documents, weapons, underground newspapers, money, medical supplies, news of German activities, forged identity cards, ammunition — and other Jews — in and out of the ghettos of Poland, Lithuania and parts of Russia"; Walter Süskind and his friends used their positions running the nursery where Dutch Jewish children awaited deportation to camps to smuggle 600 children to safety. Read the rest

This month, University of Washington researchers will present Exploring ADINT: Using Ad Targeting for Surveillance on a Budget — or — How Alice Can Buy Ads to Track Bob at the Workshop on Privacy in the Electronic Society in Dallas; the paper details a novel way that stalkers and other low-level criminals can accomplish state-grade surveillance on the cheap with targeted ad-purchases. Read the rest

Just over a year ago, Yahoo admitted that it had been hacked in 2013, and estimated that 500 million accounts had been compromised (the company blamed state-sponsored actors, and federal prosecutors have indicted two Russian spies for ordering the operation). Now the company has admitted that all three billion of its accounts were affected. Read the rest

The EU's data-protection framework is not without its flaws, but it does allow the public to force companies like Facebook to hand over all the data they hold on you, and that means that Americans can use the law to force Facebook to reveal how the Trump campaign's targeted ads worked. Read the rest

Since late 2016, the Transport for London has been running a pilot scheme, providing wifi to passengers while logging and retaining all the wifi traffic coming in and out of its access points, compiling a massive dossier on every tube-rider who had wifi turned on for their devices, whether or not they ever accessed the wifi service. Read the rest

Equifax sources say that the massive breach of 140,000,000 Americans' personal information was the result of state-sponsored hackers, likely from China, but attribution is hard and inexact. Read the rest

Safari has blocked third-party cookies (used to track your behavior across multiple websites) since 2010, but the ad-tech industry has fired back with a bunch of covert tracking tools that watch you even if you've adopted privacy countermeasures; the latest version of Safari goes one better, deploying machine-learning to selectively block even more tracking technologies, while still preserving useful third-party cookies that help you stay logged in and do useful work across different sites. Read the rest

Point created an obviously fake company with tons of alarm-raising inconsistencies, allocated it $25, and then used their budget to target Facebook users based on race and sexual orientation, a move that, depending on the ad's content, can violate US civil rights law. Read the rest

Once big data systems agglomerate enough data about you to predict whether you are likely to get sick or badly injured, insurers will be able to deny coverage (or charge so much for it that it amounts to the same thing) to anyone who is likely to get sick, forcing everyone who might ever need insurance into medical bankruptcy, and turning Medicaid into a giant "high-risk pool" that taxpayers foot the bill for. Read the rest

In their Defcon 25 presentation, "Dark Data", journalist Svea Eckert and data scientist Andreas Dewes described how easy it was to get a massive trove of "anonymized" browsing habits (collected by browser plugins) and then re-identify the people in the data-set, discovering (among other things), the porn-browsing habits of a German judge and the medication regime of a German MP. Read the rest

Comparitech commissioned a survey of 2,000 people in the US and UK to ask whether they thought "it is legal to install a program on a partner's phone to snoop on their activity?" and whether they would "ever consider adding a program to your child's phone that allows you to listen to their conversations and spy on their messages?" Read the rest

The Australian reports on a leaked memo -- described but not published -- marked "confidential" and created and distributed internally by Facebook that describes how the system's surveillance tools can identify children and teens in "insecure" moments when they "need a boost," explaining that they had identified markers to tell them when a young person was feeling "stressed", "defeated", "overwhelmed", "anxious", "nervous", "stupid", "silly", "useless", and a "failure." Read the rest

Companies in the EU and China have been caught offering to commit fraud to launder sales of mass surveillance weapons to Al Jazeera reporters posing as representatives of autocratic regimes under sanction for gross human rights abuses; these weapons would allow their users to target and round up political dissidents for arbitrary detention, torture and murder. Read the rest

Information security is a race between peak indifference to surveillance and the point of no return for data-collection and retention. Read the rest

"Appflash" will come pre-installed on all Verizon Android handsets; it's a Google search-bar replacement, but instead of feeding telemetry about your searches, handset, apps and activities to Google, it will send them to Verizon. Read the rest