3 million+ innocent private chats could be handed over to investigators under new EU plans

A leaked document from the European Commission (EC), the executive branch of the European Union (EU), has revealed that the artificial intelligence (AI) it plans to use to mass surveil private chats for “grooming” content is expected to falsely flag content and forward it to EU investigators 10% of the time.

This proposed mass surveillance of online chats has been dubbed “Chat Control” and is being pushed by the EC as a way to combat child sexual abuse material (CSAM). However, in a leaked document that was obtained and published by Netzpolitik, the EC admitted that its proposed surveillance measures would result in a large amount of false flags.

“The accuracy of grooming detection technology is around 90%,” the EC admitted in the document. “This means that 9 out of 10 contents recognized by the system are grooming.”

The leaked document contains the EC’s answers to a series of questions from the German government about the implementation of Chat Control.

Under the current Chat Control plans, private chats, messages, and emails will be automatically scanned by AI for suspicious content. If the AI detects suspicious content, it will be flagged and sent to investigators at a planned EU center. These investigators will view the content, identify false positives, and forward illegal content to EU law enforcement agency Europol and other relevant law enforcement authorities.

Keep reading

Names, addresses of every concealed carry permit holder in California exposed

The names, addresses, and license types of every Concealed Carry Weapons (CCW) permit holder in California were exposed as part of a data breach suffered by the state Department of Justice, according to the Fresno County Sheriff’s Office.

Officials say the California State Sheriff’s Association informed the Fresno County Sheriff’s Office about the data breach, which followed the publication of the state’s 2022 Firearms Dashboard Portal on Monday, KTLA sister station KSEE/KPGE reports. At the time, state officials described it as improving “transparency and information sharing for firearms-related data.”

Sheriff’s Office officials say the information released included the CCW holders’ name, age, address, Criminal Identification Index (CII) number and license type (Standard, Judicial, Reserve and Custodial). The information included every CCW holder in the state.

In response to the information being released, Fresno County officials say the state disabled access to the website hosting the data – but there are concerns that the information was copied and remains in circulation on social media and other parts of the internet. It is unknown how long the information was publicly accessible on the Department of Justice’s website.

Keep reading

California bill 2273 would require websites and apps to verify visitors’ ID

California’s bill CA AB 2273, designed to enact the Age-Appropriate Design Code (AADC) is just one among the bills raising concerns in terms of how they might negatively affect the web going forward.

Like their counterparts in the EU, legislators in California, according to their critics, present online child safety as their only goal – and a stated desire to improve this is hard to argue with, even when arguments are valid – such as that the proposed bills may in fact do nothing to better protect children, while eroding the rights of every internet user.

Among other things, AB 2273 aims to require sites and apps to authenticate the age of all their users before allowing access. Attempts to introduce mandatory age authentication have also cropped up in other jurisdictions before, but have proven controversial, technically difficult to implement, with a high potential to compromise user data collected in this way, and intrusive to people’s privacy.

In California, the situation doesn’t look much different as critics of this bill say that authentication will require site operators and businesses to deal with personal data collection from every user, and worry about using and storing it securely.

We obtained a copy of the bill for you here.

In addition, some kind of government-issued ID – or surrendering biometric data such as that collected through facial recognition – is necessary to prove one’s age in the first place; and this is where forcing sites and services to require this information would effectively mean the end of anonymity online.

Keep reading

How to scrub yourself from the internet, the best that you can

You can’t fully scrub yourself from the internet. A little bit of you will always linger, whether it’s in data-broker databases, on old social media you forgot about or in the back of someone else’s vacation photos on Flickr.

That’s no reason to give up! You can absolutely take steps to protect your privacy by cleaning up things like your Google results. For the best results you’ll need time, money, patience, and to live in a country or state with strong privacy laws.

This week’s Ask Help Desk question is all about the data brokers: “How do I get my information deleted from data aggregators?” asks Jennifer Swindell, from Sagle, Idaho. But first, we’re going to take a step back and start with something a little more public.

Keep reading

Brave Search challenges DuckDuckGo on trackers controversy

Brave CEO Brendan Eich blasted rival privacy-focused browser DuckDuckGo for its Bing and LinkedIn trackers exemption in its Android, macOS, and iOS apps. DuckDuckGo has a contract with Microsoft that exempts the Big Tech from the privacy defenses.

“For non-search tracker blocking (e.g. in our browser), we block most third-party trackers,” DuckDuckGo CEO Gabriel Weinberg explained in May. “Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.”

Eich said the explanation was not genuine because DuckDuckGo also has exceptions that allow Microsoft trackers despite the use of third-party cookie blockers.

“Trackers try to get around cookie blocking by appending identifiers to URL query parameters, to ID you across sites,” Eich explained, adding that DuckDuckGo knows that because it blocks advertisers such as Facebook and Google from circumventing third-party cookie blockers.

Keep reading

How the Federal Government Buys Our Cell Phone Location Data

Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many of the mobile apps on our cell phones track our movements with great precision and frequency. Data brokers harvest our location data from the app developers, and then sell it to these agencies. Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service. This post will draw on recent research and reporting to explain how this surveillance partnership works, why is it alarming, and what can we do about it.

Where does the data come from?

Weather apps, navigation apps, coupon apps, and “family safety” apps often request location access in order to enable key features. But once an app has location access, it typically has free rein to share that access with just about anyone.

That’s where the location data broker industry comes in. Data brokers entice app developers with cash-for-data deals, often paying per user for direct access to their device. Developers can add bits of code called “software development kits,” or SDKs, from location brokers into their apps. Once installed, a broker’s SDK is able to gather data whenever the app itself has access to it: sometimes, that means access to location data whenever the app is open. In other cases, it means “background” access to data whenever the phone is on, even if the app is closed.

Keep reading

‘Privacy’ Search Engine DuckDuckGo Smoked Over Hidden Tracking Agreement With Microsoft

DuckDuckGo, the search engine which claims to offer ‘real privacy’ because it doesn’t track searches or store users’ history, has come under fire after a security researcher discovered that the mobile DuckDuckGo browser app contains a third-party tracker from Microsoft.

Researcher Zach Edwards found that while Google and Facebook’s trackers are blocked, trackers related to bing.com and linkedin.com were also being allowed through.

In response to the revelation, CEO Gabriel Weinberg essentially shrugged – telling BleepingComputer that the company offers “above-and-beyond protection” that other browsers don’t, but that he ‘never promised’ anonymity when browsing.

“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer,” he said.

Keep reading

The EU wants to scan all chat messages, using the guise of combating child abuse

The European Commission, the executive arm of the European Union, has proposed a scanning obligation for messaging providers to combat the spreading of child sexual abuse material (CSAM).

The proposal states that, at the request of a government agency, “Providers of hosting services and providers of interpersonal communication services that have received a detection order shall execute it by installing and operating technologies to detect” CSAM.

We obtained a copy of the proposal for you here.

The document further says that companies should use CSAM detection technology that is reliable, effective and state of the art. The technology should also be “the least intrusive” as it is not supposed to “be able to extract any other information from the relevant communications than the information strictly necessary to detect.”

Keep reading

Delete your personal data from Google

Google now has a new tool allowing anyone to request the removal of their personal data from search results, including contact information.

“The availability of personal contact information online can be jarring,” said Google’s head of global policy in search Michelle Chang. She added that personal data could lead to “unwanted direct contact or even physical harm.”

Google already allowed the removal of personal or financial information from search results if a user could prove it was real danger or a potential threat. Now you can request the removal of your information even if there is no risk.

Keep reading

Mental health and worship apps are found to be some of the most privacy invasive

Apps that deal with some of the most sensitive and personal data, such as that concerning a user’s mental health or religious activities, are said to rank among the worst privacy offenders.

This is the conclusion of a study conducted by the Mozilla Foundation, which singled out mental health and prayer apps as being prone to track and collect data revealing a person’s state of mind, feelings, and thoughts, and then “share” that for-profit via targeted advertising.

Mozilla’s team looked into 32 apps from this category, putting a “privacy not included” label on 29, and publishing the findings in a guide of the same name. 25 of these apps didn’t pass the foundations’ minimum security standards around password quality and handling of security updates.

PTSD Coach, developed by the US The Department of Veterans Affairs, has “strong privacy policies and security practices,” while chatbot Wysa “seems to value users’ privacy.” And the Catholic prayer app Hallow was the only one to “respond in a timely manner” to Mozilla’s emails.

Besides these technical issues, the apps singled out in the report are also said to target “vulnerable users with personalized advertisements” and track and share biometric data.

Keep reading