Australia Takes Facebook to Court Over Privacy Violations

Australia’s privacy regulator is taking Facebook to court over Cambridge Analytica. It could impose a fine of AUD$1.7 million (US$1.1 million) for every privacy violation.

“Facebook failed to take reasonable steps to protect those individuals’ personal information from unauthorised disclosure,” the Australian commissioner’s office said.

Big companies like Facebook need fines in the billions of dollars for them to start paying attention.

Utah is Now a Surveillance State Thanks to This Company

A surveillance company called Banjo has partnered with Utah state authorities to enable a dystopian panopticon.

The lofty goal of Banjo’s system is to alert law enforcement of crimes as they happen. It claims it does this while somehow stripping all personal data from the system, allowing it to help cops without putting anyone’s privacy at risk. As with other algorithmic crime systems, there is little public oversight or information about how, exactly, the system determines what is worth alerting cops to.

When You Download Facebook Data, it Doesn’t Show Everything

Facebook isn’t being completely truthful about the data available in its “Download Your Information” feature. Some information is left out.

Privacy International recently tested the feature to download all ‘Ads and Business’ related information (You can accessed it by Clicking on Settings > Your Facebook Information > Download Your Information). This is meant to tell users which advertisers have been targeting them with ads and under which circumstances. We found that information provided is less than accurate. To put it simply, this tool is not what Facebook claims. The list of advertisers is incomplete and changes over time.

As Privacy International points out, this is in violation of GDPR because Facebook doesn’t let you see all of the advertisers that have your data.

Firefox Enables Encrypted DNS by Default

Starting today, Firefox will begin rolling out support for encrypted DNS over HTTPS for U.S.-based users.

We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear.

You can choose between Cloudflare and NextDNS. As I mentioned in my roundup of DNS services, I’ve been using NextDNS for the past couple weeks and I love it.

Google Search Reveals Private WhatsApp Groups

Google indexes links to WhatsApp group invites that may be private, meaning people can find and join them.

Motherboard used a number of specific Google searches to find invite links to WhatsApp groups. Some of the groups appear to not be overly sensitive or for a particular audience. Many of the links on Google lead to groups for sharing porn.

But others appear to be catered to specific groups. Motherboard entered one WhatsApp group chat that described itself as being for NGOs accredited by the United Nations. After joining, Motherboard was able to see a list of all 48 participants and their phone numbers.

This Company Sells Your Credit Card Data

Yodlee is the biggest financial data broker in the U.S., and it routinely sells your credit card data to investment and research firms.

The Yodlee document describes in detail what type of data its clients gain access to, how the company manages that data across its infrastructure, and the specific measures Yodlee takes to try and anonymize its dataset…Once logged into Yodlee’s server, clients download the data as a large text file, rather than interacting with the data in a dashboard or interface that stays solely within Yodlee’s control, according to the document.

How Jeff Bezos Built a Data Collecting Empire

BBC News published an inside look into “Why Amazon knows so much about you.”

“They happen to sell products, but they are a data company,” says James Thomson, one of the former executives interviewed.

“Each opportunity to interact with a customer is another opportunity to collect data.”

Founder Jeff Bezos frames it in terms of being a “customer obsession”, saying the firm’s first priority is to “figure out what they want, what’s important to them”.

Czech Authorities Investigate Avast Over Data Collection

Investigations are underway to examine Avast’s practice of collecting and selling its users’ browser histories.

Avast, which is based in the Czech Republic, claimed it was stripping away users’ personal details from the collected browser histories as a way to “de-identify” the data, and preserve their customers’ privacy. However, the joint investigation from PCMag and Motherboard found the contrary: The same data can actually be combined with other information to identify the web activities of individual Avast users, including their internet searches. As many as 100 million users had their data collected.

I’m glad there are investigations. As I found out last week, there are likely other companies participating in this data collection practice.

Edison Mail Uses Your Emails For Market Research

Popular Apple Mail alternative Edison Mail scans your emails for market research so companies can make “better investment decisions” among other uses.

On its website Edison says that it does “process” users’ emails, but some users did not know that when using the Edison app the company scrapes their inbox for profit. Motherboard has also obtained documentation that provides more specifics about how two other popular apps—Cleanfox and Slice—sell products based on users’ emails to corporate clients.

I did write about Edison Mail coming to the Mac last year, and noted that the company calls it “interesting research.”

Not Wanting Surveillance Competition, Facebook Tells Clearview AI to Back Off

Last month, we got word that a company called Clearview AI helped law enforcement with its facial recognition technology. Now, Facebook and Google, which also use facial recognition, told Clearview AI to stop scraping images from each one’s website.

Ton-That argued that his firm’s work is protected by the First Amendment and also that Clearview doesn’t do anything Google doesn’t.

“The way we have built our system is to only take publicly available information and index it that way,” he said.

Ton-That added, “Google can pull in information from all different websites… So if it’s public and it’s out there and could be inside Google search engine, it can be inside ours as well.”

Avast Probably Isn't The Only Antivirus Company Selling User Data

In today’s episode of The Mac Observer‘s Daily Observations podcast, Kelly and I did our Security Friday. We talked about two security articles this week, and answered a reader’s question about antivirus programs. I mentioned that people shouldn’t use Avast since it was revealed they collected and sold user data. Now, in the irony of ironies, I got an email today from someone offering me Trend Micro user data.

We have an updated contact list of Trend Micro Users, which can support your marketing campaigns. The database will have access to complete contact information of Trend Micro Users including Emails, Phone number, Mailing address and other relevant data fields. Please let me know your interest in acquiring the list and I will get back to you with counts and pricing. Also, let me know if you are interested in acquiring similar technology users contact list.

That’s a no from me, fam.

Wacom Tablets Track Your Open Apps, Sending the Data to Google

Software engineer Robert Heaton discovered that his Wacom tablet was tracking every app he opened and sending that data to Google Analytics.

I suspect that Wacom doesn’t really think that it’s acceptable to record the name of every application I open on my personal laptop. I suspect that this is why their privacy policy doesn’t really admit that this is what that they do. I imagine that if pressed they would argue that the name of every application I open on my personal laptop falls into one of their broad buckets like “aggregate data” or “technical session information”, although it’s not immediately obvious to me which bucket.

Kids Need End-to-End Encryption for Protection Against Corporations

In a report from the Financial Times (paywall), a letter signed by 129 non-profits, think tanks, and academics urge Facebook to reconsider encrypting its apps. They use the “think of the children” argument because encryption could enable more child sexual abuse. But Justin Myles Holmes says we should think of the children and enable end-to-end encryption for them, so their data isn’t used and abused by corporations precisely like Facebook.

If we fail to take action now, we risk a world in which unsavory actors – domestic and foreign – have built rich, comprehensive profiles for every one of our children, following the trajectories of their education, home life, consumer habits, health, and on and on.  These profiles will then be used to manipulate their behavior not only as consumers, but as voters and participants in all those corners of society which, in order for freedom and justice to prevail, require instead that these kids mature into functional, free-thinking adults.

Apple’s Commitment to Privacy is Going Down the Drain

Vicki Boykis wrote yesterday about Apple’s privacy, current flaws, and how the company should do better (I agree!)

So, here we are, in 2020, with Apple in a bit of a pickle. It’s becoming so big that it’s not prioritizing security. At the same time, it needs to advertise privacy as a key differentiator as consumer tastes change. And, at the same time, it’s about to get canclled [sic] by the FBI, China, and Russia.

And while it’s thinking over all of these things, it’s royally screwing over the consumer who came in search of a respite from being tracked.

FCC Unsure Whether to Punish Carriers for Selling Location Data

Two years ago we found out that US carriers were selling real-time location data of its customers. The FCC has wrapped up its investigation, and maybe it will punish the carriers…or maybe not. Who knows? Chairman Ajit Pai doesn’t.

Pai’s statement went on: “Accordingly, in the coming days, I intend to circulate to my fellow Commissioners for their consideration one or more Notice(s) of Apparent Liability for Forfeiture in connection with the apparent violation(s). We are unable to provide additional information about any pending enforcement action(s) beyond what is stated in the letter.”

If that seems unusual vague: that “one or more” mobile operators “apparently violated” the law by selling location data, you’re not the only one.

WIN an iPhone 16 Pro Max!