Tag: privacy

University of Melbourne Broke Victoria’s Privacy Law by Using Wi-Fi to Monitor Protesters on Campus

The University of Melbourne’s covert surveillance tactics during a campus protest have been declared unlawful, following a ruling by Victoria’s deputy information commissioner that the institution broke the state’s privacy laws.

The decision condemns the university’s quiet use of digital tracking tools against students and staff involved in a pro-Palestine demonstration, raising serious concerns about the growing use of surveillance technologies in academic settings.

We obtained a copy of the decision for you here.

Prompted by media attention earlier this year, the investigation focused on how the university responded to a May protest held inside the Arts West building.

Rather than relying on open dialogue or standard disciplinary processes, university officials resorted to monitoring individuals through the campus Wi-Fi network, matching connection data with student ID photos and security camera recordings.

A total of 22 students were identified through this process, all without prior warning or a clear legal basis. Staff were surveilled as well, with the contents of ten employees’ email accounts examined to uncover involvement in the demonstration. Three of them later received formal warnings.

Although the commissioner’s office accepted that CCTV footage was used within legal boundaries, it found the use of Wi-Fi tracking in disciplinary investigations to be unjustified.

The monitoring of staff emails was also flagged for breaching expected privacy norms.

Keep reading

Michigan Supreme Court Rules Unrestricted Phone Searches Violate Fourth Amendment

The Michigan Supreme Court has drawn a firm line around digital privacy, ruling that police cannot use overly broad warrants to comb through every corner of a person’s phone.

In People v. Carson, the court found that warrants for digital devices must include specific limitations, allowing access only to information directly tied to the suspected crime.

We obtained a copy of the opinion for you here (the opinion starts on page 5).

Michael Carson became the focus of a theft investigation involving money allegedly taken from a neighbor’s safe.

Authorities secured a warrant to search his phone, but the document placed no boundaries on what could be examined.

It permitted access to all data on the device, including messages, photos, contacts, and documents, without any restriction based on time period or relevance. Investigators collected over a thousand pages of information, much of it unrelated to the accusation.

The court ruled that this kind of expansive warrant violates the Fourth Amendment, which requires particularity in describing what police may search and seize.

The justices said allowing law enforcement to browse through an entire phone without justification amounts to an unconstitutional exploratory search.

Smartphones now serve as central hubs for people’s lives, containing everything from health records and banking details to travel histories and intimate conversations.

Searching a device without limits can expose a volume and variety of personal information that far exceeds what a physical search could reveal.

Groups including the Electronic Frontier Foundation, ACLU National, and the ACLU of Michigan intervened in the case, filing a brief that called on the court to adopt strict rules for digital searches.

Keep reading

The Right to Be Left Alone

What if the federal government captures in real time the contents of every telephone call, email and text message and all the fiber-optic data generated by every person and entity in the United States 24/7? What if this mass surveillance was never authorized by any federal law and tramples the Fourth Amendment?

What if this mass surveillance has come about by the secret collusion of presidents and their spies in the National Security Agency and by the federal government forcing the major telephone and computer service providers to cooperate with it? What if the service providers were coerced into giving the feds continuous physical access to their computers and thus to all the data contained in and passing through those computers?

What if President George W. Bush told the NSA that since it is part of the Defense Department and he was the commander in chief of the military, NSA agents could spy on anyone, notwithstanding any court orders or statutes that prohibited it? What if Bush believed that his orders to the military were not constrained by the laws against computer hacking that Congress had written or the interpretations of those laws by federal courts or even by the Constitution?

What if Congress has written laws that all presidents have sworn to uphold and that require a warrant issued by a judge before the NSA can spy on anyone but Bush effectively told the NSA to go through the motions of getting a warrant while spying without warrants on everyone in the U.S. all the time? What if Presidents Barack Obama, Joe Biden and Donald Trump have taken the same position toward the NSA and ordered or permitted the same warrantless and lawless spying?

What if the Constitution requires warrants based on probable cause of criminal behavior before surveillance can be conducted but Congress has written laws reducing that standard to probable cause of communicating with a foreign national? What if a basic principle of constitutional law is that Congress is subject to the Constitution and therefore cannot change its terms or their meanings?

What if the Constitution requires that all warrants particularly describe the place to be searched or the person or thing to be seized? What if the warrants Congress permits the NSA to use violate that requirement by permitting a federal court — the FISA Court — to issue general warrants? What if general warrants do not particularly describe the place to be searched or the person or thing to be seized but rather authorize the bearer to search indiscriminately through service providers’ customer data?

What if the government has no moral, constitutional or legal right to personal information about and from all of us without a valid search warrant consistent with constitutional requirements?

Keep reading

Chrome VPN Extension With 100k Installs Screenshots All Sites Users Visit

FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge on the Chrome Web Store, is exposed by researchers for taking screenshots of users’ screens and exfiltrating them to remote servers.

A Koi Security investigation of the VPN tool reveals that it has been capturing full-page screenshots from users’ browsers, logging sensitive visual data like personal messages, financial dashboards, and private photos, and uploading it to aitd[.]one, a domain registered by the extension’s developer.

Koi Security’s forensic analysis showed that the surveillance mechanism is triggered automatically, within seconds of loading any web page. Using Chrome’s privileged chrome.tabs.captureVisibleTab() API, screenshots are silently taken in the background and bundled with metadata including page URLs, tab IDs, and unique user identifiers. This data is then transmitted to the attacker-controlled server aitd.one/brange.php, without user interaction or visible indication.

The spying behavior is powered by a two-stage architecture:

  1. A content script injected into every visited site using matches (http:///, https:///).
  2. A background service worker that listens for an internal captureViewport message and initiates the screenshot capture.

The extension also promotes an “AI Threat Detection” feature which, when clicked, captures another screenshot and sends it to aitd.one/analyze.php. However, the real issue lies in the fact that screenshots are being taken long before users ever interact with this feature, making the user interface a decoy.

Koi Security further explains that the latest version of the extension, v3.1.4, introduced AES-256-GCM encryption with RSA key wrapping to obfuscate the exfiltrated data, making it harder to detect or analyze with network monitoring tools.

Keep reading

Big Tech Could Soon Use Brain Chips To Read Your Innermost Thoughts: Study

A new study out of Stanford University reveals that neural implants, also known as brain-computer interfaces (BCIs), might not just help paralyzed individuals communicate – they could potentially lay bare your innermost thoughts to Big Tech.

Published in the medical journal Cell, the research shows these devices can decode brain signals to produce synthesized speech faster and with less effort.

BCIs work by using tiny electrode arrays to monitor activity in the brain’s motor cortex, the region controlling speech-related muscles. Until now, the tech relied on signals from paralyzed individuals actively trying to speak. The Stanford team, however, discovered that even imagined speech generates similar, though weaker, signals in the motor cortex. With the help of artificial intelligence, they translated those faint signals into words with up to 74% accuracy from a 125,000-word vocabulary.

“We’re recording the signals as they’re attempting to speak and translating those neural signals into the words that they’re trying to say,” said Erin Kunz, a postdoctoral researcher at Stanford’s Neural Prosthetics Translational Laboratory.

But this technological leap has raised red flags among critics who warn of a dystopian future where your private thoughts could be exposed.

Nita Farahany, a Duke University law and philosophy professor and author of The Battle for Your Brain, sounded the alarm telling NPR, “The more we push this research forward, the more transparent our brains become.”

Farahany expressed concern that tech giants like Apple, Google, and Meta could exploit BCIs to access consumers’ minds without consent, urging safeguards like passwords to protect thoughts meant to stay private.

We have to recognize that this new era of brain transparency really is an entirely new frontier for us,” Farahany said.

While the world fixates on artificial intelligence, some of the tech industry’s heaviest hitters are pouring billions into BCIs. Elon Musk, the world’s richest man, has raised $1.2 billion for his Neuralink venture, which is now conducting clinical trials with top institutions like the Barrow Neurological Institute, The Miami Project to Cure Paralysis, and the Cleveland Clinic Abu Dhabi.

Now, another tech titan is entering the fray.

Keep reading

Thousands Of Grok chats Now Searchable On Google

Hundreds of thousands of conversations that users had with Elon Musk’s xAI chatbot Grok are easily accessible through Google Search, reports Forbes.

Whenever a Grok user clicks the “share” button on a conversation with the chatbot, it creates a unique URL that the user can use to share the conversation via email, text, or on social media. According to Forbes, those URLs are being indexed by search engines like Google, Bing, and DuckDuckGo, which in turn lets anyone look up those conversations on the web. 

Users of Meta‘s and OpenAI‘s chatbots were recently affected by a similar problem, and like those cases, the chats leaked by Grok give us a glimpse into users’ less-than-respectable desires — questions about how to hack crypto wallets; dirty chats with an explicit AI persona; and asking for instructions on cooking meth. 

xAI’s rules prohibit the use of its bot to “promote critically harming human life” or developing “bioweapons, chemical weapons, or weapons of mass destruction,” though that obviously hasn’t stopped users from asking Grok for help with such things anyway.

According to conversations made accessible by Google, Grok gave users instructions on making fentanyl, listed various suicide methods, handed out bomb construction tips, and even provided a detailed plan for the assassination of Elon Musk.

xAI did not immediately respond to a request for comment. We’ve also asked when xAI began indexing Grok conversations.

Late last month, ChatGPT users sounded the alarm that their chats were being indexed on Google, which OpenAI described as a “short-lived experiment.” In a post Musk quote-tweeted with the words “Grok ftw,” Grok explained that it had “no such sharing feature” and “prioritize[s] privacy.”

Keep reading

Ninth Circuit Rules ISPs Can’t Be Forced to Unmask Users Under DMCA

The Ninth Circuit has ruled that internet service providers cannot be compelled to unmask users through subpoenas under the DMCA, reinforcing long-standing precedent that these subpoenas were never meant to apply to providers that simply offer access to the internet.

The decision blocks an increasingly common tactic copyright owners use to sidestep due process and extract user identities without judicial oversight.

We obtained a copy of the opinion for you here.

The case came about after a copyright owner targeted 29 Cox Communications subscribers accused of sharing the film Fall (2022) through BitTorrent. Rather than filing a lawsuit or seeking a judge’s permission, the copyright holder went straight to a court clerk to obtain a subpoena.

Although Cox was under no obligation to do so, the company notified the affected subscribers. Only one responded to object, triggering a legal dispute that has now resulted in a firm ruling from the Ninth Circuit.

The dispute is a simple but critical distinction. The DMCA outlines separate protections depending on the type of service provided.

Web hosts fall under Section 512(c) and can receive takedown notices for content they store, while IAPs are covered under Section 512(a), which protects them from liability as long as they are acting as neutral conduits for internet traffic.

Keep reading

JD Vance Stops UK Apple Backdoor Order Threatening Americans’ Privacy

Vice President J.D. Vance played a decisive role in persuading the United Kingdom to drop its demand that Apple provide the government with a “backdoor” into personal user data, according to U.S. officials.

The negotiations followed months of quiet but direct engagement between American and British leaders on the matter, as reported by Fox News.

A U.S. official told Fox News Digital that Vance was “in charge and was personally involved in negotiating a deal, including having direct conversations with the British government.”

The official said Vance worked with U.K. partners to negotiate “a mutually beneficial understanding” that led the British government to withdraw the order.

The agreement, the official added, ensures “each country’s sovereignty while maintaining close cooperation on data sharing.”

The vice president’s background in technology, along with his stated commitment to privacy rights and the U.S.-U.K. alliance, shaped his involvement.

Keep reading

Civil liberties group opposes Garda access to messages

Plans to force encrypted messaging apps like WhatsApp and Signal to give Gardaí access to private conversations would “profoundly undermine” digital security, the Irish Council for Civil Liberties (ICCL) has said.

In a statement issued this week, the group said cybersecurity experts were unanimous that so-called “backdoors” for law enforcement could not be created without also leaving users vulnerable to hackers and malicious actors.

“It is impossible to create ‘backdoor’ access pathways for law enforcement that can’t also be exploited,” the organisation said.

The ICCL added that encryption protects not only personal conversations but also online banking, shopping and wider digital activity.

“We all rely on encryption to safeguard our sensitive personal data when browsing, communicating or doing business online,” it said.

“Forcing companies to break their own encryption would profoundly undermine our digital security, as well as our fundamental rights to privacy and data protection.”

The council cited the position of the United Nations and the European Court of Human Rights in opposing laws that compromise encryption. It also highlighted the recent example of the UK government withdrawing a demand for Apple to install a backdoor into its cloud services, after the company refused.

“Apple stated it had never built – and never would build – backdoor access into any of its encrypted products,” the ICCL noted.

“Instead, Apple disabled its advanced data protection service in the UK and challenged the order in court.”

The group urged Justice Minister Jim O’Callaghan to reconsider his planned legislation, describing the proposals as “neither proportionate nor technically sound.”

It called for “transparent consultation with cybersecurity experts, civil society and technologists before proposing any legislation that could irreversibly damage digital privacy and cybersecurity.”

Last month, O’Callaghan told an audience that Gardaí must have powers to intercept modern communications.

“None of us would like to imagine living in a surveillance State,” he said.

Keep reading

Supreme Court Allows Mississippi Age Verification Law to Take Effect, Advancing Online Digital ID Push

The Supreme Court’s choice to let Mississippi enforce its new age verification law is part of a growing shift toward digital ID requirements across the internet, raising urgent concerns about privacy and censorship.

By declining to block the law while legal challenges continue, the Court has effectively allowed states to begin tying online activity to users’ real-world identities, a move that could reshape how people access information and speak freely online.

We obtained a copy of the ruling for you here.

Mississippi’s HB 1126 requires social media platforms to verify a user’s age before allowing them to create an account. Those under 18 must obtain parental permission. Platforms are also required to restrict access to what the state broadly labels as “harmful” content. For companies to comply, identity checks will be necessary, meaning users may soon need to provide government IDs or other personal documents just to post or view content on public platforms.

The Supreme Court has already allowed a similar Texas law to be enforced.

Justice Brett Kavanaugh, writing separately from the Court’s unsigned order, stated that the law is “likely unconstitutional” and said NetChoice had “likely” shown that enforcement would violate the First Amendment. Still, the Court allowed the law to take effect, saying the trade group had not shown a strong enough risk of harm to justify emergency relief.

NetChoice, which includes companies such as Meta, Google, Amazon, Reddit, and Discord, argues that mandatory age checks for general-purpose platforms violate free speech protections. The group had previously won a ruling to block the law, but that decision was overturned in April by the Fifth Circuit Court of Appeals.

Paul Taske, co-director of the NetChoice Litigation Center, said the ruling was a delay, not a defeat. “Although we’re disappointed with the Court’s decision, Justice Kavanaugh’s concurrence makes clear that NetChoice will ultimately succeed in defending the First Amendment — not just in this case but across all NetChoice’s ID-for-Speech lawsuits,” he said.

Keep reading