Tech Letter

Fresh Technology Insights

Category: User Privacy (page 1 of 2)

US Homeland Security Dept has purchased access to at least one database to track the locations of millions of mobile phones and is using the info in immigration and border controls and possibly other secret government surveillance programs

If the headline surprises you, you haven’t been paying attention. This has been going on for years. Ask Snowden.

What I’d like to know is how much tracking is DHS doing outside it’s borders?

US Department of Homeland Security (DHS) acknowledges tracking millions of smartphone users within the USA, despite a Supreme Court order limiting it’s authority to do so. DHS will not state how the data is being used.

Byron Tau and Michelle Hackman, Wall Street Journal »

The Trump administration has bought access to a commercial database that maps the movements of millions of cellphones in America and is using it for immigration and border enforcement, according to people familiar with the matter and documents reviewed by The Wall Street Journal.

The location data is drawn from ordinary cellphone apps, including those for games, weather and e-commerce, for which the user has granted permission to log the phone’s location.

More » Apple Insider

NY Times journalists answer » What’s the worst that could happen to your smartphone data?

NY Times »

None of us really has a choice to participate in tracking or not — the system just serves up location data, usually without us noticing. So for people who do want a bit of privacy — worshipers, young people visiting Planned Parenthood, those visiting a queer space, survivors hiding from an abuser — they no longer have a real choice about their privacy. Because the tracking touches everyone, can we really give up after concluding it’s fine for us? When we participate in this system, we’re tacitly endorsing it.

[…]

Your imagination can run wild with possibilities. It runs from tracking kids to tracking the nation’s top security officials and using the intelligence for some kind of blackmail.

For us, it was talking to one group that was so concerned they didn’t want to be named. We expected them to be worried, but in conversations with them, they were downright scared. When we showed them all the device pings collected in the center of their building during a gathering, they were horrified that people could know exactly who and how many people were in the building and when. The idea that their community members were followed in the data and we could figure out where they all lived — it wasn’t an abstract threat anymore. It was real and personal for them, especially since they felt like a target already.

ToTok is a United Arab Emirates (UAE) spy tool [Updated]

If you have messaging app ToTok on your smartphone, you will probably want to delete it. It is actually a repressive government’s spying tool.

Apple and Google have removed the app from their app stores.

Mark Mazzetti, Nicole Perlroth, and Ronen Bergman, writing in the NY Times (paywall) »

But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.

ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the United States last week, according to app rankings and App Annie, a research firm.

More » Associated Press, Security Boulevard, The Mac Observer, The Register, Wired

There are similar concerns with other apps »

» U.S. Navy bans TikTok from government-issued mobile devices – Reuters

Updated Saturday December 28

» Not surprisingly, UAE denies developing the app as spy tool – SecurityWeek

Colleges are turning students’ phones into surveillance machines, tracking their locations, and grading them on class attendance

Drew Harwell, Washinton Post (paywall) »

When Syracuse University freshmen walk into professor Jeff Rubin’s Introduction to Information Technologies class, seven small Bluetooth beacons hidden around the Grant Auditorium lecture hall connect with an app on their smartphones and boost their “attendance points.

And when they skip class? The SpotterEDU app sees that, too, logging their absence into a campus database that tracks them over time and can sink their grade. It also alerts Rubin, who later contacts students to ask where they’ve been. His 340-person lecture has never been so full.

“They want those points,” he said. “They know I’m watching and acting on it. So, behaviorally, they change.”

Apparently, neither professors or the schools take any issue surveilling and invading the privacy of their students.

Knowing that you are being watched, doesn’t make it more correct.

Short-range phone sensors and campuswide WiFi networks are empowering colleges across the United States to track hundreds of thousands of students more precisely than ever before. Dozens of schools now use such technology to monitor students’ academic performance, analyze their conduct or assess their mental health.

[…]

The students who deviate from those day-to-day campus rhythms are flagged for anomalies, and the company then alerts school officials in case they want to pursue real-world intervention.

But then there’s the optics of it all »

Carter said he doesn’t like to say the students are being “tracked,” because of its potentially negative connotations; he prefers the term “monitored” instead. “It’s about building that relationship,” he said, so students “know you care about them.”

The US wants to collect DNA from immigrant detainees for a federal criminal database

Nicole Narea, writing for Vox »

The Trump administration plans to vastly expand a program to collect DNA information from migrants in detention and enter it in a database designed to identify criminal suspects, under an upcoming rule from the Department of Justice.

Administration officials say the DNA tests are necessary to determine whether adult migrants and the children they travel with are genetically proven to be a family. They also say the testing is needed to enforce a 2005 law requiring DNA samples be taken from people in federal custody.

More » NY Times, The Verge, Gizmodo, Axios

New US online privacy legislation unlikely this year

Reuters writes »

A U.S. online privacy bill is not likely to come before Congress this year, three sources said, as lawmakers disagree over issues like whether the bill should preempt state rules, forcing companies to deal with much stricter legislation in California that goes into effect on Jan. 1.

Read more »

Amazon’s favourite new word is ‘Privacy,’ but do they know what it means?

Amazon today rolled out a marathon of products at its fall 2019 devices event. Privacy was mentioned throughout the presentation. Amazon is acutely aware that a large segment of consumers are troubled by Amazon’s personal invasions and lack of transparency.

Dell Cameron at Gizmodo writes »

Today, so-called “privacy” policies are little more than legal disclosures vaguely articulating the numerous ways in which companies, like Amazon, intend to track their customers and gather their personal information

If privacy is dead, we can thank Amazon (among plenty of other companies, of course) for helping arrange its demise.

and »

An in-depth investigation by Bloomberg in April revealed that thousands of human beings were listening to recordings of Alexa users in an attempt to improve its performance. Naturally, the company hid this from everyone, burying the language about it deep in its service terms—which, let’s be honest, no has the time to read.

The company fessed up but also attempted to downplay the invasion…

and »

Privacy advocates have basically given up on Amazon, believing that its promises about protecting its customers are too little and too late. Evan Greer, deputy director of digital rights group Fight for the Future, said in a statement that the company simply cannot be trusted.

“Amazon claims ‘customers control their data’ yet they had plans for 911 calls to trigger all Ring cameras in the surrounding neighborhood to wake up and start recording,” she said. “This is what Amazon does. They make empty statements to sell their products and then continue to build a for-profit, surveillance dragnet without oversight and accountability.”

Read the whole article at Gizmodo »

Top European court rules ‘Right to be forgotten’ does not apply outside Europe

This is a victory for free speech and the free press outside of Europe, but not for privacy.

Leo Kelion at the BBC writes »

The EU’s top court has ruled that Google does not have to apply the right to be forgotten globally.

It means the firm only needs to remove links from its search results in Europe – and not elsewhere – after receiving an appropriate request.

More at The Guardian, ZDNet, CNET, NYTimes, Thurrott, Axios, TechCrunch

Fitness app that revealed secret military bases highlights bigger privacy issues

Selena Larson, CNN:

Many apps also sell personal data to third-party companies. This practice is common, though the general public is often unaware of their app’s policies regarding data brokering. These types of sales are legal if disclosed, but users might not see the disclosures in lengthy privacy statements.

The U.S. Central Command told CNN on Monday it is looking into refining its smartphone and wearable device policies following the Strava revelations.

White House cybersecurity coordinator Rob Joyce tweeted on Monday that the Strava heat map highlights the risks of big data analytics.

Less than 10% of Gmail users enable two-factor authentication

Iain Thomson, The Register:

In a presentation at Usenix’s Enigma 2018 security conference in California, Google software engineer Grzegorz Milka today revealed that, right now, less than 10 per cent of active Google accounts use two-step authentication to lock down their services. He also said only about 12 per cent of Americans have a password manager to protect their accounts, according to a 2016 Pew study.

« Older posts

© 2020 Tech Letter

Theme by Anders NorenUp ↑