Tag: privacy

VPNs Vanish from Brazil’s App Store as Internet Freedom Faces Unprecedented Clampdown

In Brazil, a significant upheaval in digital privacy and access to information is unfolding, as a notable number of reputable VPN services—including NordVPN, ExpressVPN, Surfshark, and VyprVPN—have vanished from the local iOS App Store. This move is widely believed to comply with Brazilian authorities’ secret directives, reflecting a concerning trend towards online censorship.

This development is particularly alarming in light of the recent decision X made to shutdown its operations in the country. X terminated its operations after a protracted legal confrontation with Brazilian officials, who had accused the platform of insufficient efforts to combat disinformation, specifically its failure to block accounts spreading false information and hate speech. Despite the shutdown, X’s app is still accessible in Brazil.

Keep reading

Red Alert! Virtually All Of Our Personal Information, Including Social Security Numbers, Has Been Stolen And Posted Online By Hackers

Most Americans don’t even realize that virtually all of their personal information has been stolen and posted online for free.  The personal records of 2.9 billion people were stolen from a major data broker known as National Public Data earlier this year, and this month almost of the information that was stolen was posted online for anyone to freely take.  We are talking about names, addresses, phone numbers, employment histories, birth dates and Social Security numbers.  This is one of the most egregious privacy violations in the history of the world, but hardly anyone knows what has happened.  So please share this article as widely as you possibly can.

USA Today is reporting that the original theft of this data occurred “in or around April 2024″…

An enormous amount of Social Security numbers and other sensitive information for millions of people could be in the hands of a hacking group after a data breach and may have been released on an online marketplace, The Los Angeles Times reported this week.

The hacking group USDoD claimed it had allegedly stolen personal records of 2.9 billion people from National Public Data, according to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, reported by Bloomberg Law. The breach was believed to have happened in or around April 2024, according to the lawsuit.

The company that this data was stolen from is a Florida-based background check company known as National Public Data.  The following is what Wikipedia has to say about this particular firm…

Jerico Pictures, Inc., doing business as National Public Data[1][2] is a data broker company that performs employee background checks. Their primary service is collecting information from public data sources, including criminal records, addresses, and employment history, and offering that information for sale.

Of course there are hordes of other data brokers out there these days.

They collect vast troves of information on as many people as they possibly can, and then they monetize that information in various ways.

Equifax, Epsilon and Acxiom are the three largest data brokers in existence today.  Each one of them brings in more than 2 billion dollars of revenue annually.

As you can see, collecting and selling our personal information is very big business.

Keep reading

California Appeals Court Limits Privacy Rights of Online Messages

A legal battle, seen as a major privacy rights issue, came down to the extent to which the Stored Communications Act (SCA) protects user data, and is now headed to the Supreme Court of California.

This comes after the California Court of Appeal ruled in the Snap, Inc. v. Superior Court case that the majority of remotely stored messages are not covered by the Act’s law designed to prevent unlawful access to stored communications – Section 2702.

The CSA is there to stop platforms that provide online communications and storage from sharing contents of users’ online accounts (messages, emails, photos…). There are some exceptions in the legislation itself, e.g., unless the government obtains a warrant, that sets the bar relatively high.

But now, it looks like Big Tech’s “standard” business model – exploiting user data for massive profits – is coming back to haunt those users in yet another way.

Namely, the California Court of Appeal has found that if providers of that stored user data already have access to it, in order to monetize this content, then that content is effectively already disclosed and CSA has no business trying to protect it.

We obtained a copy of the opinion for you here.

And if this ruling stands, then tech companies can be asked to turn over user data without a warrant – a subpoena, the civil variety included – could potentially suffice.

Keep reading

Senate Passes Kids’ “Safety” Bills Despite Privacy, Digital ID, and Censorship Concerns

Two bills combined – the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) – have passed in the US Senate in a 91-3 vote, and will now be considered by the House.

Criticism of the bills focuses mainly on the likelihood that, if and when they become law, they will help expand online digital ID verification, as well as around issues like censorship (removal and blocking of content).

Related: The 2024 Digital ID and Online Age Verification Agenda

The effort to make KOSA and COPA 2.0 happen was spearheaded by a parent group that was pushing lawmakers and tech companies’ executives to move in this direction, and their main demand was to enact new rules that would prevent cyberbullying and other harms.

And now the main sponsors, senators Richard Blumenthal, a Democrat, and Republican Marsha Blackburn are trying to dispel these concerns, suggesting these are not “speech bills” and do not (directly) impose age verification.

Further defending the bills, they say that the legislation does not mandate that internet platforms start collecting even more user data, and reject the notion it is invasive of people’s privacy.

But the problem is that although technically true, this interpretation of the bills’ impact is ultimately incorrect, as some of their provisions do encourage censorship, facilitate the introduction of digital ID for age verification, and leave the door open for mass collection of online users’ data – under specific circumstances – and end ending anonymity online.

The bills are hailed by supporters as “landmark” legislation that is the first to focus on protecting children on the internet in the last 20 years, with some lawmakers in the Senate, like majority leader, Democrat Chuck Schumer, describing the result of the vote as “a momentous day.”

Keep reading

Texas Attorney General Ken Paxton Sues General Motors for Illegally Harvesting and Selling Drivers’ Private Data to Corporate Giants, Including Insurance Companies

Texas Attorney General Ken Paxton has filed a lawsuit against General Motors (GM), alleging that the automotive giant engaged in deceptive and unlawful business practices by collecting and selling private driving data from over 1.5 million Texans without their knowledge or consent.

This lawsuit follows Paxton’s announcement in June 2024 that he had launched an investigation into several car manufacturers suspected of improperly harvesting vast amounts of data directly from vehicles.

The findings have been alarming, revealing a disturbing trend among companies leveraging invasive technologies to exploit unsuspecting consumers.

“Our investigation revealed that General Motors has engaged in egregious business practices that violated Texans’ privacy and broke the law. We will hold them accountable,” said Attorney General Paxton. “Companies are using invasive technology to violate the rights of our citizens in unthinkable ways.”

The crux of the lawsuit centers around GM’s use of technology installed in most vehicles manufactured since 2015. This technology allegedly collects, records, analyzes, and transmits detailed driving data every time a driver uses their vehicle, according to the press release.

Shockingly, GM sold this sensitive information to various third parties, including insurance companies, who used it to generate “Driving Scores” aimed at influencing insurance premiums.

“A customer’s Driving Score was based on a series of “factors” developed by General Motors that were supposedly indicative of “bad” driving behavior and included behavior such as (1) unique identifiers of a trip; (2) trip mileage; (3) hard braking and acceleration events; (4) speed events over 80 miles per hour; and (5) other behavior tracked by OnStar Vehicle Diagnostics (“OVD”). Under the Verisk Agreement, GM provided Verisk with the Driving Data necessary to determine whether a customer exhibited any “bad” driving behaviors,” according to the lawsuit.

This sensitive information includes location tracking, driving habits, personal communications within the vehicle’s system, customer ID, name, and home address.

Keep reading

Massive leak of US personal information shows up on hacking forum, including almost 2.7 billion records

Nearly 2.7 billion personal information records for people in the United States have been posted to a popular hacking forum, exposing names, addresses, and even Social Security numbers. The data allegedly comes from a company that collects and sells the data for legitimate use, but was stolen and put up for sale in April 2024.

Originally, a threat actor known as USDoD claimed to have stolen the information from National Public Data. National Public Data scrapes the information from public sources, uses it to compile individual profiles, and then sells those portfolios. The company serves private investigators as well as entities needing to conduct background checks and obtain criminal records.

When USDoD first obtained the data, it offered to sell it for $3.5 million. The hacker claimed it contained 2.9 billion records and consisted of personal information for every person in Canada, the United Kingdom, and the United States. In the past, USDoD has been linked to another database breach, trying to sell InfraGard’s user database for $50,000 in December 2023.

On Aug. 6, a user going by the alias Fenice posted what’s believed to be the most complete version of the stolen National Public Data information for free on the Breached hacking forum. Fenice says, however, that the data breach was actually done by a different hacker than USDoD, one known as SXUL.

This isn’t the first time the data from this leak has been released, but previous posts have only included partial copies of the data. These included different numbers of records and sometimes different data. Fenice has offered the most complete version of the National Public Data information and has provided it for free.

Keep reading

Illinois changes biometric privacy law to help corporations avoid big payouts

Illinois has changed its Biometric Information Privacy Act (BIPA) to dramatically limit the financial penalties faced by companies that illegally obtain or sell biometric identifiers such as eye scans, face scans, fingerprints, and voiceprints.

The 2008 law required companies to obtain written consent for the collection or use of biometric data and allowed victims to sue for damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation. But an amendment enacted on Friday states that multiple violations related to a single person’s biometric data will be counted as only one violation.

The amendment, approved by the Illinois Legislature in May and signed by Gov. J.B. Pritzker on August 2, provides “that a private entity that more than once collects or discloses a person’s biometric identifier or biometric information from the same person in violation of the Act has committed a single violation for which the aggrieved person is entitled to, at most, one recovery.”

As Reuters reports, the “changes to the law effectively overturn a 2023 Illinois Supreme Court ruling that said companies could be held liable for each time they misused a person’s private information and not only the first time.” That ruling came in a proposed class action brought against the White Castle restaurant chain by an employee.

Keep reading

Utility company’s proposal to rat out hidden marijuana operations to police raises privacy concerns

Operators of illegal marijuana grow enterprises hidden inside rural homes in Maine don’t have to worry much about prying neighbors. But their staggering electric bills may give rise to a new snitch.

An electric utility made an unusual proposal to help law enforcement target these illicit operations, which are being investigated for ties to transnational crime. Critics, however, worry the move would violate customers’ privacy.

More than a dozen states that legalized marijuana have seen a spike in illegal marijuana grow operations that utilize massive amounts of electricity. And Maine’s Versant Power has been receiving subpoenas — sometimes for 50 locations at a time — from law enforcement, said Arrian Myrick-Stockdell, corporate counsel. It’d be far more efficient, he suggested to utility regulators, to flip the script and allow electric utilities to report their suspicions to law enforcement.

“Versant has a very high success rate in being able to identify these locations, but we have no ability to communicate with law enforcement proactively,” Myrick-Stockdell told commissioners.

Keep reading

Customs Officers Need a Warrant to Search Your Cellphone at JFK

Judge Nina Morrison of the US District Court for the Eastern District of New York (Brooklyn, Queens, Staten Island, and Long Island) has ruled that police, including officers of U.S. Customs and Border Protection (CBP), need a warrant to search your cellphone at JFK International Airport, even when you are entering or leaving the US.

This ruling is certainly a positive development. It’s a break with a line of judicial decisions that have made US borders and international airports a Fourth Amendment-free zone, even for US citizens. It’s likely to influence other judges and other courts, even though — as a ruling from a District Court rather than an appellate court — it doesn’t set a precedent that’s binding even on other judges in the same Federal judicial district.

But there are important issues that weren’t addressed in this case, and important things you need to know to exercise your rights at JFK or other airports — even if judges in future cases in the same or other judicial districts are persuaded by the ruling in this case.

Keep reading

‘Really Chilling’: Five Countries to Test European Vaccination Card

Five European Union (EU) countries in September will pilot the newly developed European Vaccination Card (EVC), which “aims to empower individuals by consolidating all their vaccination data in one easily accessible location.

The pilot program marks a step toward the continent-wide rollout of the card, according to Vaccines Today.

Belgium, GermanyGreece, Latvia and Portugal will test the new card in a variety of formats, including printed cards, mailed copies and digital versions for smartphones.

The program aims to “pave the way for other countries by harmonising vaccine terminology, developing a common syntax, ensuring adaptability across different healthcare settings, and refining EVC implementation plans,” Vaccines Today reported.

The plans will be made public in 2026, “extending the EVC system beyond the pilot phases and enabling broad adoption across all EU Member States.”

Keep reading