The law, which prohibits social networks from allowing minors to have accounts without parental consent, may come as welcome news to many families even as it raises privacy concerns.
Tag Archives: Privacy
Meta Manager Was Hacked With Spyware and Wiretapped in Greece
Artemis Seaford, a dual U.S.-Greek national, was targeted with a cyberespionage tool while also under a wiretap by the Greek spy agency in a case that shows the spread of illicit snooping in Europe.
Banning TikTok Should Be Just the Beginning
China poses a broad range of data security risks.
F.T.C. Intensifies Investigation of Twitter’s Privacy Practices
The commission is seeking an interview with Elon Musk, who has made major cuts at the company since acquiring it last year.
Why Is TikTok Being Banned?
Governments have expressed concerns that TikTok, which is owned by the Chinese company ByteDance, may endanger sensitive user data.
India Embraces Digital Payments Over Cash, Even for a 10-Cent Chai
India’s homegrown instant payment system has remade commerce and pulled millions into the formal economy.
Biden Administration Asks Congress to Reauthorize Warrantless Surveillance Law
Facing steeper political headwinds than past cycles, the executive branch is packaging the spying authority known as Section 702 as more than a counterterrorism tool.
Can My Neighbor Point a Video Doorbell at My Apartment Door?
Ubiquitous in many suburban neighborhoods, the devices have been slow to catch on in city apartments, but that is changing as New Yorkers warm to the technology.
ChatGPT is a data privacy nightmare, and we ought to be concerned
ChatGPT has taken the world by storm. Within two months of its release it reached 100 million active users, making it the fastest-growing consumer application ever launched. Users are attracted to the tool’s advanced capabilities—and concerned by its potential to cause disruption in various sectors.
A much less discussed implication is the privacy risks ChatGPT poses to each and every one of us. Just yesterday, Google unveiled its own conversational AI called Bard, and others will surely follow. Technology companies working on AI have well and truly entered an arms race.
The problem is, it’s fueled by our personal data.
Read 21 remaining paragraphs | Comments
Americans Flunked This Test on Online Privacy
Many consumers want control over their personal details. But few understand how online tracking works, says a new report from the University of Pennsylvania.
Paper: Stable Diffusion “memorizes” some images, sparking privacy concerns
Enlarge / An image from Stable Diffusion’s training set compared (left) to a similar Stable Diffusion generation (right) when prompted with “Ann Graham Lotz.” (credit: Carlini et al., 2023)
On Monday, a group of AI researchers from Google, DeepMind, UC Berkeley, Princeton, and ETH Zurich released a paper outlining an adversarial attack that can extract a small percentage of training images from latent diffusion AI image synthesis models like Stable Diffusion. It challenges views that image synthesis models do not memorize their training data and that training data might remain private if not disclosed.
Recently, AI image synthesis models have been the subject of intense ethical debate and even legal action. Proponents and opponents of generative AI tools regularly argue over the privacy and copyright implications of these new technologies. Adding fuel to either side of the argument could dramatically affect potential legal regulation of the technology, and as a result, this latest paper, authored by Nicholas Carlini et al., has perked up ears in AI circles.
However, Carlini’s results are not as clear-cut as they may first appear. Discovering instances of memorization in Stable Diffusion required 175 million image generations for testing and preexisting knowledge of trained images. Researchers only extracted 94 direct matches and 109 perceptual near-matches out of 350,000 high-probability-of-memorization images they tested (a set of known duplicates in the 160 million-image dataset used to train Stable Diffusion), resulting in a roughly 0.03 percent memorization rate in this particular scenario.
Read 7 remaining paragraphs | Comments
A Nationwide Ban on TikTok Won’t Make Us More Secure
A national ban on TikTok would not solve America’s data privacy problems.
FBI Takes Down Hive Criminal Ransomware Group
A cybersecurity expert explains how the FBI’s operation against the ransomware group Hive will impact the rest of this criminal industry
The flight tracker that powered @ElonJet has taken a left turn
Enlarge (credit: SeongJoon Cho/Bloomberg/Getty Images)
A major independent flight tracking platform, which has made enemies of the Saudi royal family and Elon Musk, has been sold to a subsidiary of a private equity firm. And its users are furious.
ADS-B Exchange has made headlines in recent months for, as AFP put it, irking “billionaires and baddies.” But in a Wednesday morning press release, aviation intelligence firm Jetnet announced it had acquired the scrappy open source operation for an undisclosed sum.
Read 24 remaining paragraphs | Comments
Easy to Use, Mobile Payment Apps Are Also Easy to Misuse
While they have taken steps to help prevent mishaps, a new report finds they offer few protections if, for instance, users accidentally send money to the wrong person.
Everyone Wants Your Email Address. Think Twice Before Sharing It.
Your email address has become a digital bread crumb for companies to link your activity across sites. Here’s how you can limit this.
Appliance makers sad that 50% of customers won’t connect smart appliances
Enlarge / This hypothetical dishwasher owner is one of a minority of smart appliance customers getting the full value of their device, including timely reminders to buy more of the company’s recommended dishwasher tabs and cleaning packs. (credit: Dani Serrano/Getty Images)
Appliance makers like Whirlpool and LG just can’t understand. They added Wi-Fi antennae to their latest dishwashers, ovens, and refrigerators and built apps for them—and yet only 50 percent or fewer of their owners have connected them. What gives?
The issue, according to manufacturers quoted in a Wall Street Journal report (subscription usually required), is that customers just don’t know all the things a manufacturer can do if users connect the device that spins their clothes or keeps their food cold—things like “providing manufacturers with data and insights about how customers are using their products” and allowing companies to “send over-the-air updates” and “sell relevant replacement parts or subscription services.”
“The challenge is that a consumer doesn’t see the true value that manufacturers see in terms of how that data can help them in the long run. So they don’t really care for spending time to just connect it,” Henry Kim, US director of LG’s smart device division ThinQ, told the Journal.
Read 8 remaining paragraphs | Comments
Websites selling abortion pills are sharing sensitive data with Google
Enlarge (credit: Joe Raedle/Getty Images)
This story originally appeared on ProPublica.
Online pharmacies that sell abortion pills are sharing sensitive data with Google and other third parties, which may allow law enforcement to prosecute those who use the medications to end their pregnancies, a ProPublica analysis has found.
Using a tool created by the Markup, a nonprofit tech-journalism newsroom, ProPublica ran checks on 11 online pharmacies that sell abortion medication to reveal the web tracking technology they use. Late last year and in early January, ProPublica found web trackers on the sites of at least nine online pharmacies that provide pills by mail: Abortion Ease, BestAbortionPill.com, PrivacyPillRX, PillsOnlineRX, Secure Abortion Pills, AbortionRx, Generic Abortion Pills, Abortion Privacy and Online Abortion Pill Rx.
Read 35 remaining paragraphs | Comments
Gary Hart: The “New Church Committee” Is an Outrage
The new committee seems designed to prevent law enforcement and intelligence agencies from enforcing the law.
Are Quantum Computers about to Break Online Privacy?
A new algorithm is probably not efficient enough to crack current encryption keys—but that’s no reason for complacency, researchers say
A Breach at LastPass Has Password Lessons for Us All
The hacking of the password manager should make us reassess whether to trust companies to store our sensitive data in the cloud.
Meta Fined $414 Million After Ad Practices Ruled Illegal Under EU Law
The decision is one of the most consequential issued under the E.U.’s landmark data-protection law and creates a new business headwind for the social media giant.
Your Memories. Their Cloud.
Google, Apple and Meta offer near-limitless digital basements in which to store photos, videos and important documents, but you should keep a copy of what you hold most dear.
Suit accusing YouTube of tracking children is back on after appeal
Enlarge (credit: Ute Grabowsky/Getty Images)
An appeals court has revived a lawsuit against that accuses Google, YouTube, DreamWorks, and a handful of toymakers of tracking the activity of children under 13 on YouTube. In an opinion released Wednesday, the Ninth US Circuit Court of Appeals ruled that the Children’s Online Privacy Protection Act does not bar lawsuits based on individual state privacy laws.
Passed in 1998 and amended in 2012, COPPA requires websites to obtain parental consent for the collection and dissemination of personally identifiable information of children under the age of 13. COPPA gives the FTC and state attorneys general the ability to investigate and levy fines for violations of the law.
Several states across the US have laws similar to COPPA on the books. The revived lawsuit cites laws in California, Colorado, Indiana, and Massachusetts to argue that Hasbro, DreamWorks, Mattel, and the Cartoon Network illegally lured children to their YouTube channels in order to target them with ads.
Read 4 remaining paragraphs | Comments
Jack Dorsey and the Dangers of Privacy At All Costs
The debate about dilemmas posed by the text messaging system.
Meta to pay $725 million to settle Cambridge Analytica lawsuit
Enlarge / A laptop showing the Facebook logo is held alongside a Cambridge Analytica sign at the entrance to the building housing the offices of Cambridge Analytica, in central London on March 21, 2018. – Facebook expressed outrage over the misuse of its data as Cambridge Analytica, the British firm at the centre of a major scandal rocking the social media giant, suspended its chief executive. (Photo by Daniel LEAL / AFP) (Photo by DANIEL LEAL/AFP via Getty Images) (credit: Daniel Leal / Getty Images)
Meta, the parent company of Facebook, will pay $725 million to settle a class-action lawsuit filed in 2018. The lawsuit came in the wake of Facebook’s revelation that it had improperly shared data on 87 million users with Cambridge Analytica, a British political consultancy tied to former President Donald Trump’s election campaign.
Cambridge Analytica got its access Facebook user data via an app developed by a third party. While only around 270,000 Facebook account-holders used the “This is Your Digital Life” app, the app’s permissions allowed it access to data on those users’ friends. The end result was a dataset covering 87 million users that the developer than passed on to Cambridge Analytica, in contravention of Facebook’s terms of service. The vast majority of those in the dataset had not given the consultancy firm permission to access their data.
The unauthorized data sharing came to light in 2018, when reporters from the New York Times and The Observer informed Facebook that Cambridge Analytica still had copies of the data, even though the UK-based firm had promised the social network back in 2015 that the data would be deleted.
Read 4 remaining paragraphs | Comments
Release of Trump Tax Returns Could Herald New Era for Taxpayer Privacy
Revealing private documents risks a tit for tat with Republicans set to retake control of the House of Representatives.
Epic Games, Creator of Fortnite, to Pay $520 Million Over Children’s Privacy
The creator of popular games like Fortnite and Rocket League violated children’s privacy and duped millions of users into unwanted purchases, federal regulators said.
Twitter Reinstates Suspended Accounts of Several Journalists
The brief bans, which came after Elon Musk had suggested the journalists were violating Twitter’s rules on personal privacy, had alarmed free-speech advocates.
Apple adds end-to-end encryption to iCloud device backups and more
-
The advanced data protection panel in iOS [credit: Apple ]
End-to-end encryption is coming to most of iCloud with a new optional feature called Advanced Data Protection, according to Apple’s announcement on Wednesday.
Previously, 14 data categories within iCloud were protected. This new feature brings that count to 23, including photos, notes, voice memos, reminders, Safari bookmarks, and iCloud backups of the contents of your devices. Not everything is encrypted in this way, though. Critically, calendar and mail are untouched here. Apple says they are not covered “because of the need to interoperate with the global email, contacts, and calendar systems.”
US-based participants in the Apple Beta Software Program can start using Advanced Data Protection today, and it will roll out to more Americans by year’s end. If you’re outside the US, you’ll have to wait until sometime in 2023, Apple says.
Read 3 remaining paragraphs | Comments
Indiana Sues TikTok for Security and Child Safety Violations
The lawsuits are the first by an American state against TikTok, which is owned by the Chinese company ByteDance, in a sign of mounting legal pressure.
Inside the Face-Off Between Russia and a Small Internet Access Firm
The cat-and-mouse experience of Proton, a Swiss company, shows what it’s like to be targeted by Russian censors — and what it takes to fight back.
Proton Calendar rounds out security-focused Big Tech alternative on iOS
Enlarge / Proton Calendar’s iOS app aims to offer most of the same niceties as other calendar apps, but with more peace of mind about your data. (credit: Proton)
Proton Calendar, which claims to be the “world’s only” calendar using end-to-end encryption and cryptographic verification, has arrived on iOS, giving those seeking a more secure work suite an alternative to Google, Apple, and the like.
Proton Calendar is pitched as offering encryption for all event details, as well as “high-performance elliptic curve cryptography (ECC Curve25519)” to lock it. The web app version of Proton Calendar is open source, with the code for mobile apps to come next, Proton says. Proton also notes that it never finds out who you’ve invited to an event, and it allows for inviting people outside the Proton ecosystem, letting people “cryptographically verify that it was you who invited them.”
Andy Yen, CEO of Proton, said in an interview with Wired in May that calendars are an “extremely sensitive” record of your life and that protecting them is essential. Encryption protects your calendar data from government requests, data leaks, or “a change in business model of your cloud provider.”
Read 5 remaining paragraphs | Comments
Eufy’s “No clouds” cameras upload facial thumbnails to AWS
Enlarge / Anker’s cameras store their footage on a local base. Thumbnail images of faces, however, were uploaded to cloud servers. (credit: Eufy)
Eufy, a smart home brand of tech accessory firm Anker, had become popular among some privacy-minded security camera buyers. Its doorbell camera and other devices proudly proclaimed having “No Clouds or Costs,” and that “no one has access to your data but you.”
That’s why security consultant and researcher Paul Moore’s string of tweets and videos, demonstrating that Eufy cameras were uploading name-tagged thumbnail images to cloud servers to alert owners’ phones, likely unencrypted, stung smart home and security enthusiasts so hard this week.
Moore, based in the UK, started asking Eufy rhetorical questions about its practices on Twitter starting November 21. “Why is my ‘local storage” #doorbellDual storing every face, without encryption, to your servers? Why can I stream my camera without #authentication?!” Moore also posted lines from “source code & API responses” that suggested a very weak AES key was being used to encrypt video footage.
Read 9 remaining paragraphs | Comments
Thinking about taking your computer to the repair shop? Be very afraid
Enlarge (credit: Getty Images)
If you’ve ever worried about the privacy of your sensitive data when seeking a computer or phone repair, a new study suggests you have good reason. It found that privacy violations occurred at least 50 percent of the time, not surprisingly with female customers bearing the brunt.
Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device. Devices belonging to females were more likely to be snooped on, and that snooping tended to seek more sensitive data, including both sexually revealing and non-sexual pictures, documents, and financial information.
Blown away
“We were blown away by the results,” Hassan Khan, one of the researchers, said in an interview. Especially concerning, he said, was the copying of data, which happened during repairs for one from a male customer and the other from a female. “We thought they would just look at [the data] at most.”
Read 14 remaining paragraphs | Comments
Resignations Roil Twitter as Elon Musk Tries Persuading Some Workers to Stay
Mr. Musk, Twitter’s new owner, had given employees a Thursday deadline to decide whether to leave or stay “to build a breakthrough Twitter 2.0.”
Children’s Groups Want F.T.C. to Ban ‘Unfair’ Online Manipulation of Kids
Children’s privacy and health experts pressed regulators to prohibit video games and social networks from using attention-hacking techniques on youngsters.
DuckDuckGo’s Android anti-tracking tool offers stronger third-party protections
Enlarge / DuckDuckGo says its App Tracking Protection automatically blocks many kinds of known trackers, while Apple’s App Tracking Transparency only blocks IDFA (Identifier for Adverstisers) and asks developers to block others. (credit: DuckDuckGo)
Privacy-focused search site DuckDuckGo has added yet another way to prevent more of your data from going to advertisers, opening its App Tracking Protection for Android to beta testers.
DuckDuckGo is positioning App Tracking Protection as something like Apple’s App Tracking Transparency for iOS devices, but “even more powerful.” Enabling the service in the DuckDuckGo app for Android (under the “More from DuckDuckGo” section) installs a local VPN service on your phone, which can then start automatically blocking trackers on DDG’s public blocklist. DuckDuckGo says this happens “without sending app data to DuckDuckGo or other remote servers.”
Read 5 remaining paragraphs | Comments
What You Need to Know About Iran’s Surveillance Tech
Scientific American tech editor Sophie Bushwick explains how Iran is using surveillance tech against vulnerable citizens.
[The above text is a transcript of this podcast.]
Security Cameras Make Us Feel Safe, but Are They Worth the Invasion?
Internet cameras like Amazon’s Ring come at a high cost to our privacy.
New Mac app wants to record everything you do—so you can “rewind” it later
Enlarge / Rewind reportedly lets you search your Mac’s usage history for what you’ve seen, said, or heard. (credit: Rewind AI)
Yesterday, a company called Rewind AI announced a self-titled software product for Macs with Apple Silicon that reportedly keeps a highly compressed, searchable record of everything you do locally on your Mac and lets you “rewind” time to see it later. If you forget something you’ve “seen, said, or heard,” Rewind wants to help you find it easily.
Rewind AI claims its product stores all recording data locally on your machine and does not require cloud integration. Among its promises, Rewind will reportedly let you rewind Zoom meetings and pull information from them in a searchable form.
In a video demo on Rewind.AI’s site, the app opens when a user presses Command+Shift+Space. The search bar suggests typing “anything you’ve seen, said, or heard.” It also shows a timeline at the bottom of the screen that represents previous actions in apps.
Read 12 remaining paragraphs | Comments
Google can now remove your identifying search results, if they’re the right kind
Enlarge / Google’s personal information removal tool is available to more people lately, allowing you to at least attempt to have your physical or email address, phone number, or other identifying information removed from search results.
Google has been pushing out a tool for removing personally identifiable information—or doxxing content—from its search results. It’s a notable step for a firm that has long resisted individual moderation of search content, outside of broadly harmful or copyright-violating material. But whether it works for you or not depends on many factors.
As with almost all Google features and products, you may not immediately have access to Google’s new removal process. If you do, though, you should be able to click the three dots next to a web search result (while signed in), or in a Google mobile app, to pull up “About this result.” Among the options you can click at the bottom of a pop-up are “Remove result.” Take note, though, that this button is much more intent than immediate action—Google suggests a response time of “a few days.”
Google’s blog post about this tool, updated in late September, notes that “Starting early next year,” you can request regular alerts for when your personal identifying information (PII) appears in new search results, allowing for quicker reporting and potential removal.
Read 12 remaining paragraphs | Comments
Why Am I Seeing That Political Ad? Check Your ‘Trump Resistance’ Score.
To help campaigns target ads, voter-profiling firms score millions of Americans on issues like guns, vaccines and QAnon.
How Iran Is Using the Protests to Block More Open Internet Access
The Iranian government is taking advantage of Internet shutdowns to push citizens onto a local intranet that is vulnerable to surveillance and censorship
Who in the World Is Still Answering Pollsters’ Phone Calls?
Response rates suggest the “death of telephone polling” is getting closer.
British Ruling Pins Blame on Social Media for Teenager’s Suicide
The internet, according to the ruling, “affected her mental health in a negative way and contributed to her death in a more than minimal way.”
Apps can pose bigger security, privacy threat based on where you download them
Enlarge (credit: https://www.gettyimages.com/detail/news-photo/blinkee-city-rental-scooter-is-seen-in-warsaw-poland-on-news-photo/1031626648)
Google and Apple have removed hundreds of apps from their app stores at the request of governments around the world, creating regional disparities in access to mobile apps at a time when many economies are becoming increasingly dependent on them.
The mobile phone giants have removed over 200 Chinese apps, including widely downloaded apps like TikTok, at the Indian government’s request in recent years. Similarly, the companies removed LinkedIn, an essential app for professional networking, from Russian app stores at the Russian government’s request.
However, access to apps is just one concern. Developers also regionalize apps, meaning they produce different versions for different countries. This raises the question of whether these apps differ in their security and privacy capabilities based on region.
Read 15 remaining paragraphs | Comments
TikTok May Face $29 Million Fine for Failing to Protect Children’s Privacy
British regulators have sent a warning notice to the company, the first major case under new rules in Britain that protect minors online.
LinkedIn Ran Social Experiments On 20 Million Users Over Five Years
A study that looked back at those tests found that relatively weak social connections were more helpful in finding jobs than stronger social ties.
Where Online Hate Speech Can Bring the Police to Your Door
Battling far-right extremism, Germany has gone further than any other Western democracy to prosecute individuals for what they say online, testing the limits of free speech on the internet.