Tech Letter

Fresh Technology Insights

Category: Privacy 🔒 (page 1 of 6)

Research suggests the new Brave browser gets the highest privacy ratings » Chrome, Firefox and Safari fall short, others worst

Dan Goodin, Ars Technica »

The study found the default Brave settings provided the most privacy, with no collection of identifiers allowing the tracking of IP addresses over time and no sharing of the details of webpages visited with backend servers. […]

Australia sues Facebook for breaching the privacy of over 300K Australians in the Cambridge Analytica scandal

Facebook could face millions of dollars in fines over allegedly breaching the privacy of over 300,000 Australian citizens caught up in the Cambridge Analytica scandal.

Josh Taylor, The Guardian »

The Australian information commissioner Angelene Falk has alleged Facebook committed serious and repeated interferences with privacy in contravention of Australian privacy law because data collected by Facebook was passed onto the This is Your Digital Life app by Cambridge Analytica for political profiling, which was not what it was collected for.

Data included people’s names, dates of birth, email addresses, city location, friends list, page likes and Facebook messages for those who had granted the app access to the messages.
Guardian Today: the headlines, the analysis, the debate – sent direct to you
Read more

“We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed,” Falk said.

“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.”

More » Office of the Australian Information Commissioner, Reuters, News.com.au, Seeking Alpha

Have I Been Pwned holds more records than the population of Earth

The popular security website Have I Been Pwned (HIBP) “is a database of usernames or email addresses that have been exposed in data breaches. At the time of writing, it contains 9,543,096,417 records, which happens to be more than the population of Earth, showing the extent of such breaches.”

More » The Register

UK government’s MI5 spies want “exceptional access” to your encrypted communications

Dan Sabbagh, The Guardian »

MI5’s director general has called on technology companies to find a way to allow spy agencies “exceptional access” to encrypted messages, amid fears they cannot otherwise access such communications.

Sir Andrew Parker is understood to be particularly concerned about Facebook, which announced plans to introduce powerful end-to-end encryption last March across all the social media firm’s services.

In an ITV interview to be broadcast on Thursday, Sir Andrew Parker says he has found it “increasingly mystifying” that intelligence agencies like his are not able to easily read secret messages of terror suspects they are monitoring.

Apple and TikTok have each decline to testify – for a second time – at congressional hearings probing technology industry ties to the Chinese central government

Simple question » What are they trying to hide?

Tony Romm, Washington Post »

Republican Sen. Josh Hawley (Mo.), one of TikTok’s leading critics, had invited the two tech firms to appear at a March 4 session, his office confirmed Monday. Both previously had declined to testify at a hearing last year on the same issue.

TikTok confirmed Monday that it told Hawley it would dispatch a top aide to appear at an unspecified later date, just not next week, citing a recent raft of new hires at senior ranks of the company. Apple did not respond to a request for comment about its expected absence.

[…]

With TikTok, meanwhile, Hawley and other lawmakers have been sharply critical of its Chinese-based parent company, ByteDance. Despite its repeated assurances, TikTok has struggled to convince lawmakers that the app is operating independently from Beijing, which heavily censors online content.

Chinese companies are legally not allowed to be independent of their government. So it’s not unreasonable to be concerned. And both Apple and TikTok should be forthcoming and honest.

Researchers at Mysk show how any and all apps on your iOS devices have free and unrestricted access to everything that goes onto the clipboard

Developers at Mysk created a simple app with the sole purpose of displaying information gleaned from the clipboard, without user knowledge or consent.

When users copy images onto their clipboard, for example, the app can immediately read the content, including metadata that often includes the location of where the photo was taken.

The video demo below goes onto show that even the installed widgets can silently collect all data copied to the clipboard, without user knowledge.

Here’s a detailed explanation.

EU Commission recommends staff use the Signal messaging app

The EU and other world governments have suffered high profile data breaches, often because they were using insecure commercial apps, or apps that were handling data in ways that were not obvious or stated.

Signal is a true end-to-end messaging app that has been verified by security experts around the world. Journalist and activists dealing in sensitive areas where their lives are often at stake, depend on Signal.

Laurens Cerulus, Pro Publica »

The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.

The instruction appeared on internal messaging boards in early February, notifying employees that “Signal has been selected as the recommended application for public instant messaging.”

[…]

Privacy experts consider that Signal’s security is superior to other apps’. “We can’t read your messages or see your calls,” its website reads, “and no one else can either.”

The Signal App is available free on several platforms (iOS, Android, etc) through the official web site.

Now that UK is no longer part of the EU, Google plans to move UK user data and accounts out of EU and into the US where data protection is weaker

Another consequence of Brexit.

Joseph Menn, Reuters »

The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement.

The change was described to Reuters by three people familiar with its plans. Google intends to require its British users to acknowledge new terms of service including the new jurisdiction.

Ireland, where Google and other U.S. tech companies have their European headquarters, is staying in the EU, which has one of the world’s most aggressive data protection rules, the General Data Protection Regulation.

More » The Register

New bill would establish a US Data Protection Agency

It might startle you to learn how little privacy protection is available to Americans.

Issie Lapowsky, Protocol »

The so-called Data Protection Act of 2020 would create the country’s first data protection agency to oversee how privacy laws in America are enforced and guide Congress on the development of those laws. The agency would be empowered to impose penalties on companies that violate people’s privacy, taken them to court, field consumer complaints, and launch investigations.

[…]

The agency would enforce current privacy laws and any future laws Congress passes and have rule-making authority to determine how those laws are carried out. Specifically, the agency would be able to conduct impact assessments on companies deploying “high-risk practices” with regard to data. That includes companies using data to profile people on a large scale. The bill also gives the agency the power to regulate consumer scoring in sensitive areas like housing, employment and education.

The agency would have subpoena power and the ability to take companies to court over violations of federal privacy law. It would also closely monitor large companies — both in terms of revenue and in terms of the amount of data they collect — and ask for reports from these companies, to ensure they’re complying with the law. Meanwhile, the agency would be tasked with guiding Congress on emerging technologies and representing the United States in international deals regarding privacy.

Personal information belonging to 144,000 Canadians breached at federal departments and agencies over the past two years

Catharine Tunney, CBC »

Federal departments or agencies have mishandled personal information belonging to 144,000 Canadians over the past two years, according to new figures tabled in the House of Commons — and not everyone who was swept up in a privacy breach was told about it.

The new figures were included in the federal government’s answer to an order paper question filed by Conservative MP Dean Allison late last month. The nearly 800-page response didn’t offer an explanation for the errors, which range in seriousness from minor hiccups to serious breaches involving sensitive personal information.

[…]

The Canada Revenue Agency leads the pack in breaches, with more than 3,005 separate incidents affecting close to 60,000 Canadians between Jan. 1, 2018 and Dec. 10, 2019.

The department blames the breaches on misdirected mail, security incidents and employee misconduct.

Even the keepers of Canada’s official secrets aren’t immune. The Canadian Security Intelligence Service, the Communications Security Establishment and the RCMP all reported missteps as well.

The Department of National Defence said most of its 170 breaches, which affected more than 2,000 people, were due to inappropriate access to, or use or disclosure of, personal information.

« Older posts

© 2020 Tech Letter

Theme by Anders NorenUp ↑