Comcast says it accidentally published the names, phone numbers, and addresses of almost 200,000 of its customers.
privacy
Tracking Company Sensor Tower Used VPN Apps to Collect Data
Tracking company Sensor Tower has been using its VPN apps on iOS and Android to collect data on its millions of users.
Australia Takes Facebook to Court Over Privacy Violations
Australia’s privacy regulator is taking Facebook to court over Cambridge Analytica. It could impose a fine of AUD$1.7 million (US$1.1 million) for every privacy violation.
“Facebook failed to take reasonable steps to protect those individuals’ personal information from unauthorised disclosure,” the Australian commissioner’s office said.
Big companies like Facebook need fines in the billions of dollars for them to start paying attention.
Utah is Now a Surveillance State Thanks to This Company
A surveillance company called Banjo has partnered with Utah state authorities to enable a dystopian panopticon.
The lofty goal of Banjo’s system is to alert law enforcement of crimes as they happen. It claims it does this while somehow stripping all personal data from the system, allowing it to help cops without putting anyone’s privacy at risk. As with other algorithmic crime systems, there is little public oversight or information about how, exactly, the system determines what is worth alerting cops to.
DuckDuckGo Tracker Radar is a Custom Block List
DuckDuckGo Tracker Radar is a new block list created by the company over the past couple years. It’s open source and available on GitHub.
Etsy Gets Updated to Support Sign In with Apple
Etsy didn’t mention it in the app update notes but you can now sign up for an account using Sign In with Apple. So far it looks like this only applies to new accounts, and you won’t be able to convert the account you already have. Reddit maintains a list of all the known apps to support Sign In with Apple.
When You Download Facebook Data, it Doesn’t Show Everything
Facebook isn’t being completely truthful about the data available in its “Download Your Information” feature. Some information is left out.
Privacy International recently tested the feature to download all ‘Ads and Business’ related information (You can accessed it by Clicking on Settings > Your Facebook Information > Download Your Information). This is meant to tell users which advertisers have been targeting them with ads and under which circumstances. We found that information provided is less than accurate. To put it simply, this tool is not what Facebook claims. The list of advertisers is incomplete and changes over time.
As Privacy International points out, this is in violation of GDPR because Facebook doesn’t let you see all of the advertisers that have your data.
Firefox Enables Encrypted DNS by Default
Starting today, Firefox will begin rolling out support for encrypted DNS over HTTPS for U.S.-based users.
We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear.
You can choose between Cloudflare and NextDNS. As I mentioned in my roundup of DNS services, I’ve been using NextDNS for the past couple weeks and I love it.
Google Search Reveals Private WhatsApp Groups
Google indexes links to WhatsApp group invites that may be private, meaning people can find and join them.
Motherboard used a number of specific Google searches to find invite links to WhatsApp groups. Some of the groups appear to not be overly sensitive or for a particular audience. Many of the links on Google lead to groups for sharing porn.
But others appear to be catered to specific groups. Motherboard entered one WhatsApp group chat that described itself as being for NGOs accredited by the United Nations. After joining, Motherboard was able to see a list of all 48 participants and their phone numbers.
This Company Sells Your Credit Card Data
Yodlee is the biggest financial data broker in the U.S., and it routinely sells your credit card data to investment and research firms.
The Yodlee document describes in detail what type of data its clients gain access to, how the company manages that data across its infrastructure, and the specific measures Yodlee takes to try and anonymize its dataset…Once logged into Yodlee’s server, clients download the data as a large text file, rather than interacting with the data in a dashboard or interface that stays solely within Yodlee’s control, according to the document.
ISPs Sue Maine, Saying Privacy Law Violates Their Free Speech
ISPs are suing Maine over a privacy law that will go into effect this July, saying it violates their free speech rights. The law would force them to obtain user consent before collecting and selling their data.
How Jeff Bezos Built a Data Collecting Empire
BBC News published an inside look into “Why Amazon knows so much about you.”
“They happen to sell products, but they are a data company,” says James Thomson, one of the former executives interviewed.
“Each opportunity to interact with a customer is another opportunity to collect data.”
Founder Jeff Bezos frames it in terms of being a “customer obsession”, saying the firm’s first priority is to “figure out what they want, what’s important to them”.
‘Data Protection Act’ Could Create US Data Protection Agency
Sen. Kirsten Gillibrand (D-NY) proposed a bill called the Data Protection Act that would create a federal U.S. data protection agency.
Czech Authorities Investigate Avast Over Data Collection
Investigations are underway to examine Avast’s practice of collecting and selling its users’ browser histories.
Avast, which is based in the Czech Republic, claimed it was stripping away users’ personal details from the collected browser histories as a way to “de-identify” the data, and preserve their customers’ privacy. However, the joint investigation from PCMag and Motherboard found the contrary: The same data can actually be combined with other information to identify the web activities of individual Avast users, including their internet searches. As many as 100 million users had their data collected.
I’m glad there are investigations. As I found out last week, there are likely other companies participating in this data collection practice.
Search Warrant Reveals Apple Scanning Emails for Child Abuse Images
Andrew wrote that Apple scans uploaded iCloud content for child abuse imagery, and a search warrant reveals it scans emails too.
Edison Mail Uses Your Emails For Market Research
Popular Apple Mail alternative Edison Mail scans your emails for market research so companies can make “better investment decisions” among other uses.
On its website Edison says that it does “process” users’ emails, but some users did not know that when using the Edison app the company scrapes their inbox for profit. Motherboard has also obtained documentation that provides more specifics about how two other popular apps—Cleanfox and Slice—sell products based on users’ emails to corporate clients.
I did write about Edison Mail coming to the Mac last year, and noted that the company calls it “interesting research.”
Not Wanting Surveillance Competition, Facebook Tells Clearview AI to Back Off
Last month, we got word that a company called Clearview AI helped law enforcement with its facial recognition technology. Now, Facebook and Google, which also use facial recognition, told Clearview AI to stop scraping images from each one’s website.
Ton-That argued that his firm’s work is protected by the First Amendment and also that Clearview doesn’t do anything Google doesn’t.
“The way we have built our system is to only take publicly available information and index it that way,” he said.
Ton-That added, “Google can pull in information from all different websites… So if it’s public and it’s out there and could be inside Google search engine, it can be inside ours as well.”
Avast Probably Isn't The Only Antivirus Company Selling User Data
In today’s episode of The Mac Observer‘s Daily Observations podcast, Kelly and I did our Security Friday. We talked about two security articles this week, and answered a reader’s question about antivirus programs. I mentioned that people shouldn’t use Avast since it was revealed they collected and sold user data. Now, in the irony of ironies, I got an email today from someone offering me Trend Micro user data.
We have an updated contact list of Trend Micro Users, which can support your marketing campaigns. The database will have access to complete contact information of Trend Micro Users including Emails, Phone number, Mailing address and other relevant data fields. Please let me know your interest in acquiring the list and I will get back to you with counts and pricing. Also, let me know if you are interested in acquiring similar technology users contact list.
That’s a no from me, fam.
Trump Administration Uses Location Database for Immigration, Border Enforcement
An investigation revealed that the Trump admin bought access to a commercial database that contains location data from millions of Americans.
Wacom Tablets Track Your Open Apps, Sending the Data to Google
Software engineer Robert Heaton discovered that his Wacom tablet was tracking every app he opened and sending that data to Google Analytics.
I suspect that Wacom doesn’t really think that it’s acceptable to record the name of every application I open on my personal laptop. I suspect that this is why their privacy policy doesn’t really admit that this is what that they do. I imagine that if pressed they would argue that the name of every application I open on my personal laptop falls into one of their broad buckets like “aggregate data” or “technical session information”, although it’s not immediately obvious to me which bucket.
Kids Need End-to-End Encryption for Protection Against Corporations
In a report from the Financial Times (paywall), a letter signed by 129 non-profits, think tanks, and academics urge Facebook to reconsider encrypting its apps. They use the “think of the children” argument because encryption could enable more child sexual abuse. But Justin Myles Holmes says we should think of the children and enable end-to-end encryption for them, so their data isn’t used and abused by corporations precisely like Facebook.
If we fail to take action now, we risk a world in which unsavory actors – domestic and foreign – have built rich, comprehensive profiles for every one of our children, following the trajectories of their education, home life, consumer habits, health, and on and on. These profiles will then be used to manipulate their behavior not only as consumers, but as voters and participants in all those corners of society which, in order for freedom and justice to prevail, require instead that these kids mature into functional, free-thinking adults.
Apple’s Commitment to Privacy is Going Down the Drain
Vicki Boykis wrote yesterday about Apple’s privacy, current flaws, and how the company should do better (I agree!)
So, here we are, in 2020, with Apple in a bit of a pickle. It’s becoming so big that it’s not prioritizing security. At the same time, it needs to advertise privacy as a key differentiator as consumer tastes change. And, at the same time, it’s about to get canclled [sic] by the FBI, China, and Russia.
And while it’s thinking over all of these things, it’s royally screwing over the consumer who came in search of a respite from being tracked.
FCC Unsure Whether to Punish Carriers for Selling Location Data
Two years ago we found out that US carriers were selling real-time location data of its customers. The FCC has wrapped up its investigation, and maybe it will punish the carriers…or maybe not. Who knows? Chairman Ajit Pai doesn’t.
Pai’s statement went on: “Accordingly, in the coming days, I intend to circulate to my fellow Commissioners for their consideration one or more Notice(s) of Apparent Liability for Forfeiture in connection with the apparent violation(s). We are unable to provide additional information about any pending enforcement action(s) beyond what is stated in the letter.”
If that seems unusual vague: that “one or more” mobile operators “apparently violated” the law by selling location data, you’re not the only one.
Anonymized Data May Be Less Anonymous Than You Thought
Students at Harvard built a tool to analyze datasets from data breaches. They could identify an individual despite promises of anonymized data from companies.