Tag: privacy

California bill 2273 would require websites and apps to verify visitors’ ID

California’s bill CA AB 2273, designed to enact the Age-Appropriate Design Code (AADC) is just one among the bills raising concerns in terms of how they might negatively affect the web going forward.

Like their counterparts in the EU, legislators in California, according to their critics, present online child safety as their only goal – and a stated desire to improve this is hard to argue with, even when arguments are valid – such as that the proposed bills may in fact do nothing to better protect children, while eroding the rights of every internet user.

Among other things, AB 2273 aims to require sites and apps to authenticate the age of all their users before allowing access. Attempts to introduce mandatory age authentication have also cropped up in other jurisdictions before, but have proven controversial, technically difficult to implement, with a high potential to compromise user data collected in this way, and intrusive to people’s privacy.

In California, the situation doesn’t look much different as critics of this bill say that authentication will require site operators and businesses to deal with personal data collection from every user, and worry about using and storing it securely.

We obtained a copy of the bill for you here.

In addition, some kind of government-issued ID – or surrendering biometric data such as that collected through facial recognition – is necessary to prove one’s age in the first place; and this is where forcing sites and services to require this information would effectively mean the end of anonymity online.

Keep reading

How to scrub yourself from the internet, the best that you can

You can’t fully scrub yourself from the internet. A little bit of you will always linger, whether it’s in data-broker databases, on old social media you forgot about or in the back of someone else’s vacation photos on Flickr.

That’s no reason to give up! You can absolutely take steps to protect your privacy by cleaning up things like your Google results. For the best results you’ll need time, money, patience, and to live in a country or state with strong privacy laws.

This week’s Ask Help Desk question is all about the data brokers: “How do I get my information deleted from data aggregators?” asks Jennifer Swindell, from Sagle, Idaho. But first, we’re going to take a step back and start with something a little more public.

Keep reading

Brave Search challenges DuckDuckGo on trackers controversy

Brave CEO Brendan Eich blasted rival privacy-focused browser DuckDuckGo for its Bing and LinkedIn trackers exemption in its Android, macOS, and iOS apps. DuckDuckGo has a contract with Microsoft that exempts the Big Tech from the privacy defenses.

“For non-search tracker blocking (e.g. in our browser), we block most third-party trackers,” DuckDuckGo CEO Gabriel Weinberg explained in May. “Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.”

Eich said the explanation was not genuine because DuckDuckGo also has exceptions that allow Microsoft trackers despite the use of third-party cookie blockers.

“Trackers try to get around cookie blocking by appending identifiers to URL query parameters, to ID you across sites,” Eich explained, adding that DuckDuckGo knows that because it blocks advertisers such as Facebook and Google from circumventing third-party cookie blockers.

Keep reading

How the Federal Government Buys Our Cell Phone Location Data

Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many of the mobile apps on our cell phones track our movements with great precision and frequency. Data brokers harvest our location data from the app developers, and then sell it to these agencies. Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service. This post will draw on recent research and reporting to explain how this surveillance partnership works, why is it alarming, and what can we do about it.

Where does the data come from?

Weather apps, navigation apps, coupon apps, and “family safety” apps often request location access in order to enable key features. But once an app has location access, it typically has free rein to share that access with just about anyone.

That’s where the location data broker industry comes in. Data brokers entice app developers with cash-for-data deals, often paying per user for direct access to their device. Developers can add bits of code called “software development kits,” or SDKs, from location brokers into their apps. Once installed, a broker’s SDK is able to gather data whenever the app itself has access to it: sometimes, that means access to location data whenever the app is open. In other cases, it means “background” access to data whenever the phone is on, even if the app is closed.

Keep reading

‘Privacy’ Search Engine DuckDuckGo Smoked Over Hidden Tracking Agreement With Microsoft

DuckDuckGo, the search engine which claims to offer ‘real privacy’ because it doesn’t track searches or store users’ history, has come under fire after a security researcher discovered that the mobile DuckDuckGo browser app contains a third-party tracker from Microsoft.

Researcher Zach Edwards found that while Google and Facebook’s trackers are blocked, trackers related to bing.com and linkedin.com were also being allowed through.

In response to the revelation, CEO Gabriel Weinberg essentially shrugged – telling BleepingComputer that the company offers “above-and-beyond protection” that other browsers don’t, but that he ‘never promised’ anonymity when browsing.

“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer,” he said.

Keep reading

The EU wants to scan all chat messages, using the guise of combating child abuse

The European Commission, the executive arm of the European Union, has proposed a scanning obligation for messaging providers to combat the spreading of child sexual abuse material (CSAM).

The proposal states that, at the request of a government agency, “Providers of hosting services and providers of interpersonal communication services that have received a detection order shall execute it by installing and operating technologies to detect” CSAM.

We obtained a copy of the proposal for you here.

The document further says that companies should use CSAM detection technology that is reliable, effective and state of the art. The technology should also be “the least intrusive” as it is not supposed to “be able to extract any other information from the relevant communications than the information strictly necessary to detect.”

Keep reading

Delete your personal data from Google

Google now has a new tool allowing anyone to request the removal of their personal data from search results, including contact information.

“The availability of personal contact information online can be jarring,” said Google’s head of global policy in search Michelle Chang. She added that personal data could lead to “unwanted direct contact or even physical harm.”

Google already allowed the removal of personal or financial information from search results if a user could prove it was real danger or a potential threat. Now you can request the removal of your information even if there is no risk.

Keep reading

Mental health and worship apps are found to be some of the most privacy invasive

Apps that deal with some of the most sensitive and personal data, such as that concerning a user’s mental health or religious activities, are said to rank among the worst privacy offenders.

This is the conclusion of a study conducted by the Mozilla Foundation, which singled out mental health and prayer apps as being prone to track and collect data revealing a person’s state of mind, feelings, and thoughts, and then “share” that for-profit via targeted advertising.

Mozilla’s team looked into 32 apps from this category, putting a “privacy not included” label on 29, and publishing the findings in a guide of the same name. 25 of these apps didn’t pass the foundations’ minimum security standards around password quality and handling of security updates.

PTSD Coach, developed by the US The Department of Veterans Affairs, has “strong privacy policies and security practices,” while chatbot Wysa “seems to value users’ privacy.” And the Catholic prayer app Hallow was the only one to “respond in a timely manner” to Mozilla’s emails.

Besides these technical issues, the apps singled out in the report are also said to target “vulnerable users with personalized advertisements” and track and share biometric data.

Keep reading

Scooping private data doesn’t violate Fourth Amendment if the owner can still access it, court rules

The US Ninth Circuit Court of Appeals appears to have given the government permission to order anyone’s internet account data copied and held without any cause, whenever they want, without providing any justification, according to University of California, Berkeley School of Law professor Orin Kerr’s analysis of a recent Ninth Circuit briefing that affirmed Carsten Igor Rosenow’s conviction and sentencing for sexually exploiting children in the Philippines.

In his appeal to the Ninth Circuit, Rosenow argued that he had a right to privacy in his digital data and that law enforcement requests to preserve his Yahoo! account data, which were submitted without a warrant after a tip from Yahoo!, violated the Fourth Amendment’s protection against unreasonable search and seizure.

But the Ninth Circuit rejected his argument and affirmed his conviction, saying that Yahoo!’s preservation of Rosenow’s records didn’t amount to an unreasonable seizure because the preservation requests didn’t prevent him from accessing his account and Yahoo! didn’t provide the government with access to his data without further legal process:

“A ‘seizure’ of property requires ‘some meaningful interference [by the government,] with an individual’s possessory interests in [his] property.’ Jacobsen, 466 U.S. at 113. Here, the preservation requests themselves, which applied only retrospectively, did not meaningfully interfere with Rosenow’s possessory interests in his digital data because they did not prevent Rosenow from accessing his account. Nor did they provide the government with access to any of Rosenow’s digital information without further legal process.”

The court also claimed that Rosenow had already consented to these preservation requests when he accepted Yahoo!’s terms of service:

“It also is worth noting that Rosenow consented to the ESPs [electronic service providers] honoring preservation requests from law enforcement under the ESPs’ terms of use.”

We obtained a copy of the Ninth Circuit’s briefing for you here.

Keep reading

Chief Advisor of Klaus Schwab and the WEF Boasts: Dreams of Dictators Are Now Possible

“Dictators always dreamt about eliminating privacy, monitoring everyone, knowing everything you do, think, and feel…It is now possible.”

The privacy versus security debate is as old as civilization, historian and writer Yuval Noah Harari said recently at the Athens Democracy Forum, an annual international conference in Greece. “But there is now something new: for the first time in history, it is possible to eliminate privacy completely,” said Harari, chief advisor to the World Economic Forum’s leader, Klaus Schwab. 

“It was not possible before,” said Harari, “It is now possible. A fundamental change has taken place. “Dictators always dreamt about completely eliminating privacy, monitoring everyone all the time, and knowing everything you do, and not just everything you do but everything you think, and everything you feel.”

Keep reading