Archive for the ‘Privacy’ Category

Military intelligence buys location data instead of getting warrants, memo shows

January 22nd, 2021
If your phone knows where you are, the feds can, too.

Enlarge / If your phone knows where you are, the feds can, too. (credit: Luis Alvarez | Getty Images)

The Defense Intelligence Agency, which provides military intelligence to the Department of Defense, confirmed in a memo that it purchases "commercially available" smartphone location data to gather information that would otherwise require use of a search warrant.

The DIA "currently provides funding to another agency that purchases commercially available geolocation metadata aggregated from smartphones," the agency wrote in a memo (PDF) to Sen. Ron Wyden (D-Ore.), first obtained by the New York Times.

The Supreme Court held in its 2018 Carpenter v. United States ruling that the government needs an actual search warrant to collect an individual's cell-site location data. "When the Government tracks the location of a cell phone it achieves near perfect surveillance, as if it had attached an ankle monitor to the phone’s user," Chief Justice John Roberts wrote for the majority in his opinion. "The retrospective quality of the data here gives police access to a category of information otherwise unknowable."

Read 4 remaining paragraphs | Comments

Posted in data privacy, Fourth Amendment, location data, military intelligence, Policy, Privacy, Search Warrants | Comments (0)

Home alarm tech backdoored security cameras to spy on customers having sex

January 22nd, 2021
Home alarm tech backdoored security cameras to spy on customers having sex

Enlarge (credit: Getty Images / Aurich Lawson)

A home security technician has admitted he repeatedly broke into cameras he installed and viewed customers engaging in sex and other intimate acts.

Telesforo Aviles, a 35-year-old former employee of home and small office security company ADT, said that over a five-year period, he accessed the cameras of roughly 200 customer accounts on more than 9,600 occasions—all without the permission or knowledge of customers. He said he took note of homes with women he found attractive and then viewed their cameras for sexual gratification. He said he watched nude women and couples as they had sex.

Aviles made the admissions Thursday in US District Court for the District of Northern Texas, where he pleaded guilty to one count of computer fraud and one count of invasive visual recording. He faces a maximum of five years in prison.

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, peeping tom, Policy, Privacy, Security Cameras, Tech | Comments (0)

A Site Published Every Face From Parler’s Capitol Riot Videos

January 20th, 2021
Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6.

Posted in Privacy, security, Security / Privacy | Comments (0)

Facebook will pay more than $300 each to 1.6M Illinois users in settlement

January 15th, 2021
You see Facebook, Facebook sees you...

Enlarge / You see Facebook, Facebook sees you... (credit: Chris Jackson | Getty Images)

Millions of Facebook users in Illinois will be receiving about $340 each as Facebook settles a case alleging it broke state law when it collected facial recognition data on users without their consent. The judge hearing the case in federal court in California approved the final settlement on Thursday, six years after legal proceedings began.

"This is money that's coming directly out of Facebook's own pocket," US District Judge James Donato said, according to the Chicago Tribune. "The violations here did not extract a penny from the pockets of the victims. But this is real money that Facebook is paying to compensate them for the tangible privacy harms that they suffered."

Three different Illinois residents filed suit against Facebook in 2015 and claimed that the service's "tag suggestions" feature, which uses facial recognition to suggest other users to tag in photos, violated their rights under the Illinois Biometric Information Privacy Act (BIPA). The suits were eventually rolled together into a single class-action complaint and transferred to federal court in California.

Read 6 remaining paragraphs | Comments

Posted in biometric data, biometric information privacy act, Facebook, Illinois, lawsuits, personal data, Policy, Privacy, Settlements | Comments (0)

How Law Enforcement Gets Around Your Smartphone’s Encryption

January 13th, 2021
New research has dug into the openings that iOS and Android security provide for anyone with the right tools.

Posted in Privacy, security, Security / Privacy | Comments (0)

WhatsApp Has Shared Your Data With Facebook for Years

January 8th, 2021
A pop-up notification has alerted the messaging app's users to a practice that's been in place since 2016.

Posted in Privacy, security, Security / Privacy | Comments (0)

WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app

January 6th, 2021
In this photo illustration a Whatsapp logo seen displayed on

Enlarge (credit: Getty Images)

WhatsApp, the Facebook-owned messenger that claims to have privacy coded into its DNA, is giving its 2 billion plus users an ultimatum: agree to share their personal data with the social network or delete their accounts.

The requirement is being delivered through an in-app alert directing users to agree to sweeping changes in the WhatsApp terms of service. Those who don’t accept the revamped privacy policy by February 8 will no longer be able to use the app.

Share and share alike

Shortly after Facebook acquired WhatsApp for $19 billion in 2014, its developers built state-of-the-art end-to-end encryption into the messaging app. The move was seen as a victory for privacy advocates because it used the Signal Protocol, an open source encryption scheme whose source code has been reviewed and audited by scores of independent security experts.

Read 10 remaining paragraphs | Comments

Posted in encryption, Facebook, Policy, Privacy, Signal, Tech, Whatsapp | Comments (0)

App makers explore desperate measures to dodge Apple privacy rules

January 6th, 2021
Social media applications are seen on an iPhone in this photo illustration in Warsaw, Poland on December 17, 2020. Facebook has disabled several features on it's Messenger app to comply with new data usage rules currently being put in place in the EU as aprt of the ePrivacy Directive. (Photo illustration by Jaap Arriens/NurPhoto via Getty Images)

Enlarge / Social media applications are seen on an iPhone in this photo illustration in Warsaw, Poland on December 17, 2020. Facebook has disabled several features on it's Messenger app to comply with new data usage rules currently being put in place in the EU as aprt of the ePrivacy Directive. (Photo illustration by Jaap Arriens/NurPhoto via Getty Images) (credit: Getty Images)

App developers are exploring surreptitious new forms of user tracking to evade Apple’s new privacy rules, which threaten to upend the mobile advertising industry in the coming months.

Early in 2021, an iPhone update will prevent apps from using advertising identifiers known as IDFA without obtaining each user’s explicit consent for targeting. Developers expect more than two-thirds of users will block tracking when they see a pop-up appear within their apps.

Some app makers say they plan to use invasive tracking techniques such as “device fingerprinting” to work around the new restrictions—even though doing so risks getting them thrown off the App Store if they are caught.

Read 13 remaining paragraphs | Comments

Posted in apple, apps, Policy, Privacy, Tech, tracking | Comments (0)

Telegram feature exposes your precise address to hackers

January 5th, 2021
Map pin flat on green cityscape and Huangpu River

Enlarge (credit: Getty Images)

If you’re using an Android device—or in some cases an iPhone—the Telegram messenger app makes it easy for hackers to find your precise location when you enable a feature that allows users who are geographically close to you to connect. The researcher who discovered the disclosure vulnerability and privately reported it to Telegram developers said they have no plans to fix it.

The problem stems from a feature called People Nearby. By default, it’s turned off. When users enable it, their geographic distance is shown to other people who have it turned on and are in (or are spoofing) the same geographic region. When People Nearby is used as designed, it’s a useful feature with few if any privacy concerns. After all, a notification that someone is 1 kilometer or 600 meters away still leaves stalkers guessing where, precisely, you are.

Stalking made simple

Independent researcher Ahmed Hassan, however, has shown how the feature can be abused to divulge exactly where you are. Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, messengers, Policy, Privacy, Tech, Telegram | Comments (0)