Is Facebook Secretly Accessing Your Camera? This Man Found a Bug

For years there have been anecdotes from people saying that Facebook secretly uses their phone’s microphone and/or camera for targeted advertising. Joshua Maddux tweeted about a bug he found within the Facebook app. By tapping on a profile picture and slowly sliding it down the screen, you can see his rear camera being accessed on the left hand side. He tested it using five iPhones running iOS 13.2.2.

Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet.

Judge Rules Cops can Search Through DNA Database GEDmatch

A judge recently ruled that law enforcement have the ability to search through DNA database GEDmatch, overriding the choice of its over one million users.

In the wake of that attention-grabbing case, GEDmatch changed its policies in May 2018 to make it less easy for police to access their data. Users now have to opt in to having their data made available to police; information they upload is set to private by default. Rogers told the NYT that as of October, less than 15% of current users, 185,000 out of 1.3 million, have opted in to sharing their data with police.

We're Still Waiting for Sign In with Apple to Take Off

Sign In with Apple is a private, convenient way for Apple customers to create accounts with apps and websites. But so far only a smaller number of developers have implemented it. Apple says that if apps include other single sign-on options like Facebook and Google, they have to include Sign In with Apple. April 2020 is the deadline and it can’t come soon enough.

While other companies such as Facebook and Google already offer their own sign in buttons, those options allow app makers to access more of users’ personal information…By comparison, Sign in with Apple only shares your name and an email address with the app maker, and using your real email address is optional.

Facebook Says 100 App Developers Improperly Accessed Data From Groups

In another case of Facebook letting app developers access whatever data they want, 100 of them improperly accessed data from Groups despite Facebook claiming it restricted that access.

Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number that actually did is smaller and decreased over time.

100 app developers you say? Why would 100,000 app developers do such a thing?

Like an Addict Facebook is Chasing Even More of Our Data, Now With Facial Scans

Researcher Jane Manchun Wong found that Facebook is working on facial scans called “facial recognition-based identity verification.” It would ask users to upload a selfie of them looking in different directions before they can access their account.

On that same screen and later in the actual video selfie process, Facebook notes that “no one else will see” the video selfie you submit to them and says the video will be “deleted 30 days after your identity is confirmed.”

Deleted after 30 days. Based on Facebook’s past actions we can safely assume it will do the exact opposite. There’s not much room for giving them the benefit of the doubt.

What to Look For When Reading a Privacy Policy

Yael Grauer wrote a useful guide on what to look for when reading a privacy policy, such as length, updates, and more.

While you shouldn’t feel compelled to read your apps’ and services’ privacy policies word for word—boring!—there are still a few key criteria you should look for while you’re skimming. Yes, skimming; you shouldn’t ignore privacy policies completely, because it’s important to know what’s being done with (or to) your data.

I also use two tools called Polisis and PriBot. These are automated tools that break down a privacy policy for you.

Australia, Please Don't Scan My Face When I Download Porn

The U.K. recently canceled its plans for an age filter on porn websites, but now Australia has taken up the mantle. It wants internet users to verify their identity using facial recognition before viewing pornography.

Writing in a submission to the House of Representatives Standing Committee on Social Policy and Legal Affairs’ inquiry, launched in September, Home Affairs said it could provide a “suite of identity-matching services”.

One example highlighted by the department was the use of the Face Verification Service to prevent a child using their parent’s driver licence to get around any age verification.

At this point, me writing about porn is a running joke now. But stuff like this raises awareness on important privacy issues.

School Surveillance: How Millions of Kids are Spied On

When we hear the word “surveillance” we usually think about the NSA, or perhaps tech companies like Facebook and Google. What we probably don’t think about is school surveillance used to spy on kids.

The new school surveillance technology doesn’t turn off when the school day is over: anything students type in official school email accounts, chats or documents is monitored 24 hours a day, whether students are in their classrooms or their bedrooms.

Tech companies are also working with schools to monitor students’ web searches and internet usage, and, in some cases, to track what they are writing on public social media accounts.

Firefox 70 Brings Enhanced Tracking Protection Today

Mozilla released Firefox 70 today and one of the new features is Enhanced Tracking Protection turned on by default on all platforms.

More privacy protections from Enhanced Tracking Protection:

Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection.

The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise.

iOS 13.2 Will Let You Delete Your Siri Audio History

The latest Apple betas like iOS 13.2 have a feature that lets you delete your Siri audio history in settings.

In addition to offering an explicit opt-in, Apple has promised that only employees, and not contractors, will be involved in reviewing the audio clips. However, this doesn’t stop the automated text transcriptions of your Siri requests from being transmitted to Apple, irrespective of whether you opt-in or -out, although they will pseudonymized and dissociated from your Apple ID. What’s more, these transcripts could be reviewed by employees and contractors.

I’m glad that Apple is adding this feature, and given its privacy stance I’m surprised it’s a feature we don’t already have.

Your Kids' Photos Power Surveillance Technology

The New York Times has a nice feature out today about how a mother found photos of her kids in a machine learning database.

None of them could have foreseen that 14 years later, those images would reside in an unprecedentedly huge facial-recognition database called MegaFace. Containing the likenesses of nearly 700,000 individuals, it has been downloaded by dozens of companies to train a new generation of face-identification algorithms, used to track protesters, surveil terrorists, spot problem gamblers and spy on the public at large. The average age of the people in the database, its creators have said, is 16.

I can’t imagine the gross feeling you get when you see your kids in a database like this.

Private Social Network MeWe Reaches 6 Million Members

Private social network MeWe has reached six million members in 2019 and was named the Best Entrepreneurial Company for this year.

MeWe expects over 100 million members by the end of 2020, having achieved 405% growth in 2018 and growing twice as fast on a daily basis in 2019. 60% of MeWe’s traffic is international and 35% of members are active—exceeding industry standards.

I’ll be honest, I haven’t used MeWe since I reviewed it. But I’ll gladly promote alternatives to Facebook, especially if privacy is the number one focus.

DuckDuckGo Survey Shows People Taking Action on Privacy

A recent survey (n=1,114) by DuckDuckGo found that 79.2% of U.S. adults had taken privacy measures in the past year, like adjusting privacy settings on social media or just using social media less.

43.1% (± 2.9) removed personal information or posts that they didn’t want the network or others to see.

35.0% (± 2.8)made their profile completely private.

34.8% (± 2.8) stopped adding location tags to their posts.

38.2% (± 2.8) changed which data they allow the network to collect and share about them.

I think it’s great to see more people paying attention to their privacy. For most people, privacy is something that you don’t notice often until you start losing it.

How Motorola Helps Enable Government Surveillance

Since 2017 Motorola Solutions has invested US$1.7 billion to support or buy companies that build police body cameras, train the cameras with facial recognition, find suspects in videos, and track vehicle movement via license plates.

The company provided a statement that described its plan to add artificial intelligence products, including object detection and “unusual motion detection,” to a package it sells to public safety agencies. The systems can help flag a potential trespasser or the appearance of smoke, the company said. The company emphasized that the new tools are not meant to make automatic policing decisions but to help officers decide how to act.

Apple, Amazon, and the Quest for Device Location

This article is a great example of false equivalence. By including both Apple and Amazon and writing about each company’s efforts with location technology, the reader is led to believe that we have to worry about both companies. But of course, that isn’t true. Apple has much better privacy practices, while Amazon barely knows the word.

It could be that with the privacy-focused techlash of recent years, both are treading carefully in the launch stages. Just look at how Amazon’s acquisition of mesh networking company eero was received earlier this year or the widespread interest in Huawei’s level of involvement with 5G networks. Location tracking in particular is currently the focus of much more granular controls in iOS 13 and Android 10 than ever before.