An Interview With the COO of the Recently Acquired Private Internet Access VPN

Popular VPN Private Internet Access (PIA) was recently acquired by a company called KAPE, now called Private Internet. PIA COO did an interview.

Private Internet is positioned to lead the movement for a private and secure online experience for all. The internet as we now know it is a place where data is harvested and identities do not belong to the users but are traded by privileged few. Private Internet changes that. The new name also reflects the fact that we will now be offering four new privacy products to our product suite.

I’m interested, and wary, of the future of PIA. I’ve seen accusations of KAPE that include malware, but Mr. Sagi does say the app will be open-sourced. Although this quote sounds odd to me: “We’re building an internal roadmap to create a transparent and verifiable infrastructure, in which no one, including ourselves, is permitted access to the servers through which VPN traffic flows.” They had shown in court they can’t produce information regarding user data, so they already shouldn’t be able to access server traffic.

Facebook Thinks California Privacy Law Doesn’t Apply To It

The California Consumer Protection Act (CCPA) goes into effect January 1. Despite it being state-created it’s expected to affect all Americans. Some companies have been following Microsoft’s example and plan to voluntarily apply it to all states. Facebook however, disagrees (to no one’s surprise).

Facebook is taking a different tack for its web tracker, Pixel. Pixel’s name comes from its physical appearance on a website that installs it: literally, one square pixel. But behind that pixel is a code that that installs cookies on your browser, allowing it to track your activity across the internet.

Facebook provides this code to businesses free of charge, and those businesses can then purchase ads based off the information that Pixel collects…According to the Wall Street Journal, Facebook will claim that it doesn’t sell the data that its web trackers collect; it simply provides a service to businesses and websites that install Pixel on their sites. Because of this, it believes its web trackers are exempt from CCPA’s regulations…

Senator Lindsey Graham to ‘Impose His Will’ on Encryption Backdoors

Apple and Facebook representatives met with lawmakers today where senators pushed for the companies to compromise their users’ security by including encryption backdoors. In particular, Sen. Lindsey Graham said:

My advice to you is to get on with it. Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.

“Encryption backdoors for thee, but not for me.”

Google Wants COPPA to Change so it can Keep Collecting Kids’ Data

The Federal Trade Commission is considering a revamp of the Children’s Online Privacy Protection Act (COPPA). Google wants to help them change the rules, and asked the agency to eliminate rules that categorizes anyone watching kids content online as actual kids.

In September, Google agreed to pay US$170 million to the FTC to resolve claims that YouTube violated COPPA by serving targeted advertisements to children under 13…After the FTC settlement, YouTube told creators that they would have to identify when videos are aimed at children under 13. When that happens, YouTube now turns off ads that rely on web browsing behavior and other targeting data, which earn more for YouTube and creators.

Homeland Security Cancels Facial Recognition Plan for Americans

Homeland Security had a plan to expand its use of airport facial recognition to include U.S. citizens. After much outcry the agency will drop that plan, although foreign nationals and visitors will still face mandatory scanning.

A spokesperson for Customs and Border Protection, which filed the proposal, said the agency has “no current plans to require U.S. citizens to provide photographs upon entry and exit from the United States,” and that it “intends to have the planned regulatory action regarding U.S. citizens removed from the unified agenda next time it is published.”

US Among Top 5 Worst Countries for Biometrics Privacy

The United States is one of the worst countries in the world when it comes to the privacy of citizens’ biometrics data.

While there is a handful of state laws that protect state residents’ biometrics (as can be seen in our state privacy study), this does leave many US citizens’ biometrics exposed as there is no federal law in place.

Traffic Cameras Could Soon Tell if you Text and Drive

Australia will soon install a camera system powered by machine learning that is designed to spot mobile phones in cars.

To let drivers adjust, warning letters will be sent to those spotted using phones by the cameras for the first three months. Australia uses a points system for drivers — unrestricted driver’s licenses have 13 points. After the first three months, drivers caught using their phones illegally will lose five points and be issued a $344 fine. During other periods, the penalty could increase to 10 points. If a driver loses all of their points, they could lose their license.

Distracted driving is absolutely a serious problem, but I don’t think more surveillance infrastructure is the answer.

This VPN App Sent User Data to China

According to a report of VPN apps for 2019, downloads of these apps has increased 54%. But people need to be careful which VPN app they use. The most popular app called VPN – Super Unlimited sent user data to China. But it’s privacy policy made no secret of this.

We regularly collect and use information that could identify an individual, in particular about your purchase or use of our products, services, mobile and software applications and websites… We use various technologies to determine [your] location, including IP addresses, GPS, and other sensors.

The VPN apps I wrote about are all safe (or at least I personally believe them to be safe).

This Tool Shows Which Sites Disguise Third-Party Trackers

Tracking companies have started disguising their third-party trackers as first-party trackers to bypass privacy tools, called CNAME tracking. This tool called TrackingTheTrackers can find them.

This method is called CNAME Cloaking and the disguise is not obvious if one does not know where to look. That’s why we made a free analysis tool that anyone can run on any website. We also wrote an in-depth article about this, you can read it here.

Sounds like a helpful tool. I’ll be keeping an eye on this one. Even Apple does it (But The Mac Observer doesn’t).

Why Teaching Privacy to Your Kids is Important

Siobhan O’Flynn writes about all the ways that companies like Google collect data from kids in violation of the Children’s Online Privacy Protection Act. It starts when schools increasingly turn to Google services in education.

Alphabet Inc. dominates child-directed and child-featured content online through YouTube Kids and has now colonized online educational spaces through Google Docs, G-Suite, Chromebooks and the associated Gmail accounts for children that are required for use. This means that Google’s access to children’s data spans entertainment (YouTube and YouTube Kids), search and purchase histories (via associated parental accounts), and educational sectors.

Startpage News Tab Gives You ‘Unprofiled’ News

Startpage News Tab is a new feature of the search engine that promises to give people news that hasn’t been personalized.

Personally curated feeds, sometimes referred to as a “filter bubble,” are based on an individual’s online behavior constructed by previous search queries, browsing history, social media clicks, IP address, device, and so on…Our goal with Startpage News Tab is to help people break out of that bubble.

Mozilla Unveils 2019 Privacy Not Included Gift Guide

Mozilla announced its third annual 2019 *Privacy Not Included gift guide to highlight gadgets and toys that are secure, and ones that aren’t secure.

This year we found that many of the big tech companies like Apple and Google are doing pretty well at securing their products, and you’ll see that most products in the guide meet our Minimum Security Standards. But don’t let that fool you. Even though devices are secure, we found they are collecting more and more personal information on users, who often don’t have a whole lot of control over that data.

Google doing well at securing its products.

Need the Tor Browser on iOS? Try Onion Browser

Need a Tor browser on iOS? Onion Browser is the only iOS app recommended on the Tor Project’s website. Starting out at the U.S. Naval Research Lab, Tor is a special network that helps people browse the internet with as much privacy as possible. You should note there are a couple of security advisories on its website: WebRTC/Media leaks: Due to iOS limitations, WebRTC and media files leak outside of Tor and are routed over the normal internet. This will reveal your real IP address to sites using these features. (If you are using a VPN, the VPN IP address is revealed instead.) To defend against this, you may set Strict security mode in Host Settings, which will disable Javascript. More information here. OCSP leak: Visiting EV “Green Bar” HTTPS sites may leak information that can be used to reveal the domain name of the website you are visiting. This is handled within iOS and cannot be changed by Onion Browser. There is no known workaround. A detailed report can be found here. App Store: Free

Privacytools.io Delists Startpage Over System1

Privacytools.io delists Startpage from its list of privacy tools and services. Startpage had been taken over by Privacy One Group, which itself is owned by System1. System1 is a targeted advertising company with a business model that seemed—to many—to be in conflict with Startpage’s own privacy-centric model.

Because of the conflicting business model and the unusual way the company reacted, claiming to be fully transparent but being evasive at the same time, we have no choice but to de-list Startpage from our recommendations until it is fully transparent about its new ownership and data processing. Remaining questions include…

Suspicionless Searches of Travelers' Devices Ruled Unconstitutional

A federal court ruled that suspicionless searches of travelers’ phones and laptops is unconstitutional, a win for privacy rights.

The ruling came in a lawsuit, Alasaad v. McAleenan, filed by the American Civil Liberties Union, Electronic Frontier Foundation, and ACLU of Massachusetts, on behalf of 11 travelers whose smartphones and laptops were searched without individualized suspicion at U.S. ports of entry.

504th Military App Could Expose Soldiers’ Data

The 504th military app gives soldiers weather updates, training changes, and other logistics. But its terms of service say it collects a lot of personal data, and if the app was hacked it could potentially expose top-secret information.

The app’s permissions — which suggested it could pull GPS location data, photos, contacts and even rewrite memory cards — frustrated soldiers who have taken extreme precautions they felt were glossed over by Trotter and other senior leaders…The worst-case scenario, he said, was “our cover might be blown.” While the app said permissions could be disabled, the soldiers said there was a failure of confidence it was secure. Senior leaders checked the phones of subordinates to ensure they had the app installed, soldiers in the unit said.

Why it’s especially concerning: “The app developer, Straxis LLC, is based in Tulsa but has a subsidiary in southern India.”

WIN an iPhone 16 Pro Max!