“There are no private lives. This a most important aspect of modern life. One of the biggest transformations we have seen in our society is the diminution of the sphere of the private. We must reasonably now all regard the fact that there are no secrets and nothing is private. Everything is public.”
Philip K. Dick
Tag: privacy
Why Facebook May Have Your Medical Records
By now, most people are aware that if they “like” a certain page on Facebook, it gives the social media giant information about them.
“Like” a page about a particular disease, for instance, and marketers may begin to target you with related products and services.
Facebook may be collecting sensitive health data in far more insidious ways as well, however, including tracking you when you’re on hospital websites and even when you’re in a personal, password-protected health information portal like MyChart.
It does this via pixels, which may be installed without your knowledge on websites you visit. They can collect information about you as you browse the web, even if you don’t have a Facebook account.
Feds Accessing Location Data from Millions of People Through Private Brokers
Big Brother is tracking your location with the help of private data brokers.
According to a recent report by the Electronic Frontier Foundation (EFF), data brokers harvest location data from mobile apps and then sell it to government agencies including state and local law enforcement, ICE, the FBI, the Department of Homeland Security and the Department of Defense.
Many of the apps on a mobile device track and record location data. These include navigation apps, social media apps, and weather apps, among many others. According to EFF, once a user gives an app permission to access location data, it typically has “free rein” to share it with just about anybody. Government agencies take advantage of these loose standards to purchase troves of location data relating to millions of individuals from data brokers.
“Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service.”
There is a tangled web of companies buying and selling data in this multi-billion-dollar industry. According to the EFF report, it’s virtually impossible to determine which apps share data. But apparently, a lot of them do. Data broker Venntel, a subsidiary of Gravy Analytics, claims to collect location data from over 80,000 apps.
3 million+ innocent private chats could be handed over to investigators under new EU plans
A leaked document from the European Commission (EC), the executive branch of the European Union (EU), has revealed that the artificial intelligence (AI) it plans to use to mass surveil private chats for “grooming” content is expected to falsely flag content and forward it to EU investigators 10% of the time.
This proposed mass surveillance of online chats has been dubbed “Chat Control” and is being pushed by the EC as a way to combat child sexual abuse material (CSAM). However, in a leaked document that was obtained and published by Netzpolitik, the EC admitted that its proposed surveillance measures would result in a large amount of false flags.
“The accuracy of grooming detection technology is around 90%,” the EC admitted in the document. “This means that 9 out of 10 contents recognized by the system are grooming.”
The leaked document contains the EC’s answers to a series of questions from the German government about the implementation of Chat Control.
Under the current Chat Control plans, private chats, messages, and emails will be automatically scanned by AI for suspicious content. If the AI detects suspicious content, it will be flagged and sent to investigators at a planned EU center. These investigators will view the content, identify false positives, and forward illegal content to EU law enforcement agency Europol and other relevant law enforcement authorities.
Names, addresses of every concealed carry permit holder in California exposed
The names, addresses, and license types of every Concealed Carry Weapons (CCW) permit holder in California were exposed as part of a data breach suffered by the state Department of Justice, according to the Fresno County Sheriff’s Office.
Officials say the California State Sheriff’s Association informed the Fresno County Sheriff’s Office about the data breach, which followed the publication of the state’s 2022 Firearms Dashboard Portal on Monday, KTLA sister station KSEE/KPGE reports. At the time, state officials described it as improving “transparency and information sharing for firearms-related data.”
Sheriff’s Office officials say the information released included the CCW holders’ name, age, address, Criminal Identification Index (CII) number and license type (Standard, Judicial, Reserve and Custodial). The information included every CCW holder in the state.
In response to the information being released, Fresno County officials say the state disabled access to the website hosting the data – but there are concerns that the information was copied and remains in circulation on social media and other parts of the internet. It is unknown how long the information was publicly accessible on the Department of Justice’s website.
California bill 2273 would require websites and apps to verify visitors’ ID
California’s bill CA AB 2273, designed to enact the Age-Appropriate Design Code (AADC) is just one among the bills raising concerns in terms of how they might negatively affect the web going forward.
Like their counterparts in the EU, legislators in California, according to their critics, present online child safety as their only goal – and a stated desire to improve this is hard to argue with, even when arguments are valid – such as that the proposed bills may in fact do nothing to better protect children, while eroding the rights of every internet user.
Among other things, AB 2273 aims to require sites and apps to authenticate the age of all their users before allowing access. Attempts to introduce mandatory age authentication have also cropped up in other jurisdictions before, but have proven controversial, technically difficult to implement, with a high potential to compromise user data collected in this way, and intrusive to people’s privacy.
In California, the situation doesn’t look much different as critics of this bill say that authentication will require site operators and businesses to deal with personal data collection from every user, and worry about using and storing it securely.
We obtained a copy of the bill for you here.
In addition, some kind of government-issued ID – or surrendering biometric data such as that collected through facial recognition – is necessary to prove one’s age in the first place; and this is where forcing sites and services to require this information would effectively mean the end of anonymity online.
How to scrub yourself from the internet, the best that you can
You can’t fully scrub yourself from the internet. A little bit of you will always linger, whether it’s in data-broker databases, on old social media you forgot about or in the back of someone else’s vacation photos on Flickr.
That’s no reason to give up! You can absolutely take steps to protect your privacy by cleaning up things like your Google results. For the best results you’ll need time, money, patience, and to live in a country or state with strong privacy laws.
This week’s Ask Help Desk question is all about the data brokers: “How do I get my information deleted from data aggregators?” asks Jennifer Swindell, from Sagle, Idaho. But first, we’re going to take a step back and start with something a little more public.
Brave Search challenges DuckDuckGo on trackers controversy
Brave CEO Brendan Eich blasted rival privacy-focused browser DuckDuckGo for its Bing and LinkedIn trackers exemption in its Android, macOS, and iOS apps. DuckDuckGo has a contract with Microsoft that exempts the Big Tech from the privacy defenses.
“For non-search tracker blocking (e.g. in our browser), we block most third-party trackers,” DuckDuckGo CEO Gabriel Weinberg explained in May. “Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.”
Eich said the explanation was not genuine because DuckDuckGo also has exceptions that allow Microsoft trackers despite the use of third-party cookie blockers.
“Trackers try to get around cookie blocking by appending identifiers to URL query parameters, to ID you across sites,” Eich explained, adding that DuckDuckGo knows that because it blocks advertisers such as Facebook and Google from circumventing third-party cookie blockers.
How the Federal Government Buys Our Cell Phone Location Data
Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many of the mobile apps on our cell phones track our movements with great precision and frequency. Data brokers harvest our location data from the app developers, and then sell it to these agencies. Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service. This post will draw on recent research and reporting to explain how this surveillance partnership works, why is it alarming, and what can we do about it.
Where does the data come from?
Weather apps, navigation apps, coupon apps, and “family safety” apps often request location access in order to enable key features. But once an app has location access, it typically has free rein to share that access with just about anyone.
That’s where the location data broker industry comes in. Data brokers entice app developers with cash-for-data deals, often paying per user for direct access to their device. Developers can add bits of code called “software development kits,” or SDKs, from location brokers into their apps. Once installed, a broker’s SDK is able to gather data whenever the app itself has access to it: sometimes, that means access to location data whenever the app is open. In other cases, it means “background” access to data whenever the phone is on, even if the app is closed.
‘Privacy’ Search Engine DuckDuckGo Smoked Over Hidden Tracking Agreement With Microsoft
DuckDuckGo, the search engine which claims to offer ‘real privacy’ because it doesn’t track searches or store users’ history, has come under fire after a security researcher discovered that the mobile DuckDuckGo browser app contains a third-party tracker from Microsoft.
Researcher Zach Edwards found that while Google and Facebook’s trackers are blocked, trackers related to bing.com and linkedin.com were also being allowed through.
In response to the revelation, CEO Gabriel Weinberg essentially shrugged – telling BleepingComputer that the company offers “above-and-beyond protection” that other browsers don’t, but that he ‘never promised’ anonymity when browsing.
“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer,” he said.
Hellbound and Down 
You must be logged in to post a comment.