Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

December 02 2017


EFF Demands Information About Secretive Government Tattoo Recognition Technology

Government Program Is Aimed at Using Body Art to Identify Religions, Nationalities, and Political Beliefs

Washington, D.C. - The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice, the Department of Commerce, and the Department of Homeland Security today, demanding records about the agencies’ work on the federal Tattoo Recognition Technology program.

November 19 2017


Why is this Company Tracking Where You Are on Thanksgiving?

Earlier this week, several publications published a holiday-themed data study about how families that voted for opposite parties spent less time together on Thanksgiving, especially in areas that saw heavy political advertising. The data came from a company called SafeGraph that supplied publications with 17 trillion location markets for 10 million smartphones. A report looks at the bigger picture:

The data wasn't just staggering in sheer quantity. It also appears to be extremely granular. Researchers "used this data to identify individuals' home locations, which they defined as the places people were most often located between the hours of 1 and 4 a.m.," wrote The Washington Post. The researchers also looked at where people were between 1 p.m. and 5 p.m. on Thanksgiving Day in order to see if they spent that time at home or traveled, presumably to be with friends or family. "Even better, the cellphone data shows you exactly when those travelers arrived at a Thanksgiving location and when they left," the Post story says. To be clear: This means SafeGraph is looking at an individual device and tracking where its owner is going throughout their day. A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google's database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are "fully anonymized" and "contain no personally-identifying information." In multiple press releases from SafeGraph's partners, the company's location data is referred to as "anonymized," but in this case they seem to be interpreting the concept of anonymity quite liberally given the specificity of the data.

November 16 2017


EFF Urges DHS to Abandon Social Media Surveillance and Automated “Extreme Vetting” of Immigrants

EFF is urging the Department of Homeland Security (DHS) to end its programs of social media surveillance and automated “extreme vetting” of immigrants. Together, these programs have created a privacy-invading integrated system to harvest, preserve, and data-mine immigrants' social media information, including use of algorithms that sift through posts using vague criteria to help determine who to admit or deport.


The Brutal Fight To Mine Your Data and Sell It To Your Boss

An anonymous reader shares a report from Bloomberg, explaining how Silicon Valley makes billions of dollars peddling personal information, supported by an ecosystem of bit players. Editor Drake Bennett highlights the battle between an upstart called HiQ and LinkedIn, who are fighting for your lucrative professional identity. Here's an excerpt from the report:

A small number of the world's most valuable companies collect, control, parse, and sell billions of dollars' worth of personal information voluntarily surrendered by their users. Google, Facebook, Amazon, and Microsoft -- which bought LinkedIn for $26.2 billion in 2016 -- have in turn spawned dependent economies consisting of advertising and marketing companies, designers, consultants, and app developers. Some operate on the tech giants' platforms; some customize special digital tools; some help people attract more friends and likes and followers. Some, including HiQ, feed off the torrents of information that social networks produce, using software bots to scrape data from profiles. The services of the smaller companies can augment the offerings of the bigger ones, but the power dynamic is deeply asymmetrical, reminiscent of pilot fish picking food from between the teeth of sharks. The terms of that relationship are set by technology, economics, and the vagaries of consumer choice, but also by the law. LinkedIn's May 23 letter to HiQ wasn't the first time the company had taken legal action to prevent the perceived hijacking of its data, and Facebook and Craigslist, among others, have brought similar actions. But even more than its predecessors, this case, because of who's involved and how it's unfolded, has spoken to the thorniest issues surrounding speech and competition on the internet.

EFF’s Street-Level Surveillance Project Dissects Police Technology

Step onto any city street and you may find yourself subject to numerous forms of police surveillance—many imperceptible to the human eye.

A cruiser equipped with automated license plate readers (also known as ALPRs) may have just logged where you parked your car. A cell-site simulator may be capturing your cell-phone data incidentally while detectives track a suspect nearby. That speck in the sky may be a drone capturing video of your commute. Police might use face recognition technology to identify you in security camera footage.


Reposted byin-god-we-trustdarksideofthemoon

November 14 2017


Google Subpoenaed Over Data Privacy, Antitrust in Missouri

Google is facing a new front in its regulatory battles after Missouri's attorney general on Monday launched a broad investigation into whether the company's business practices violate the state's consumer-protection and antitrust laws. From a report:

Attorney General Josh Hawley's office said on Monday that it issued a subpoena to investigate if Google's use of information that it collects about consumers is appropriate and if the company stifles competing websites in search results. Google has largely steered clear of antitrust problems in the U.S. That's not the case in Europe, where the company faces a fine of about $2.7 billion over the display of its shopping ads.

November 11 2017


TSA Plans to Use Face Recognition to Track Americans Through Airports

The “PreCheck” program is billed as a convenient service to allow U.S. travelers to “speed through security” at airports. However, the latest proposal released by the Transportation Security Administration (TSA) reveals the Department of Homeland Security’s greater underlying plan to collect face images and iris scans on a nationwide scale. DHS’s programs will become a massive violation of privacy that could serve as a gateway to the collection of biometric data to identify and track every traveler at every airport and border crossing in the country.


November 06 2017


Who Speaks for The Billions of Victims of Mass Surveillance? Tech Companies Could

Two clocks are ticking for US tech companies in the power centers of the modern world. In Washington, lawmakers are working to reform FISA Section 702 before it expires on December 31st, 2017. Section 702 is the main legal basis for US mass surveillance, including the programs and techniques that scoop up the data transferred by non-US individuals to US servers. Upstream surveillance collects communications as they travel over the Internet backbone, and downstream surveillance (better known as PRISM) collects communications from companies like Google, Facebook, and Yahoo.

Both programs have used Section 702’s vague definitions to justify the wholesale seizure of Internet and telephony traffic: any foreign person located outside the United States could be subjected to surveillance if the government thinks that surveillance would acquire “foreign intelligence information”—which here means information about a foreign power or territory that “relates to [] the national defense or the security [or] the conduct of the foreign affairs of the United States.”


November 01 2017


The New York Times Launches Tor Onion Service To Overcome Censorship, Ensure Privacy

Mark Wilson quotes a report from BetaNews:

The New York Times has announced that it is launching a Tor Onion Service version of its website. The new, more secure way to access the site will open it up to people around the world whose internet connections are blocked or monitored. It also caters to a growing breed of people who are concerned about what their web browsing habit might reveal and who have turned to Tor to protect their privacy. The new service is described as "experimental and under development," and some features of the website -- such as the ability to comment -- do not work. The NYT warns that fine-tuning of performance and features may mean there are periods of downtime, but the long-term aim is to completely replicate the main website as an Onion Service.

October 27 2017

CC-BY-SA 2.0

Flugreisen in die USA: Mit Befragungen ist zu rechnen

Wer sich auf eine Reise in die Vereinigten Staaten begeben und vielleicht auch seinen Computer mitnehmen möchte, muss sich ab Morgen auf neue Einreiseprozeduren gefasst machen. Reuters meldet, dass Reisende von Donnerstag an mehr Zeit einplanen müssen. Grund sind US-seitige „new security guidelines“, also Vorgaben der US-Regierung, die mehr Durchleuchtungen der Passagiere und ihrer elektronischen Geräte sowie mündliche Befragungen erzwingen. Sogenannte „vorgelagerten Einreisekontrollen“ an Flughäfen außerhalb der Vereinigten Staaten werden bereits seit Jahren durchgeführt, mit den neuen Vorschriften allerdings weiter verschärft.


October 25 2017


Privacy Shield: EU-Datenschützer distanzieren sich von der Kommission

Die EU-Kommission hat den transatlantischen "Datenschutzschild" in einem ersten Prüfbericht als "funktionsfähig" bezeichnet. Die EU-Datenschutzbeauftragte monieren, dass die Einschätzung ohne sie erarbeitet worden sei.

October 24 2017


US-Lebensversicherer verkauft Apple Watch für 25 Dollar – bei genügend Training

10 Millionen Versicherte können Apples neue Computer-Uhr nun für 25 Dollar erhalten, wenn sie ihre Fitnessdaten dafür preisgeben. Wer zu wenig trainiert, muss draufzahlen.


EU-Kommission fordert rasche Nachbesserungen beim Privacy Shield

Die EU-Kommission hat eine ambivalente erste Bestandsaufnahme zum transatlantischen "Datenschutzschild" gezogen: Insgesamt funktioniere die Vereinbarung, die US-Regierung müsse aber strenger kontrollieren und eine feste Schiedsstelle einrichten.

October 23 2017


For Under $1,000, Mobile Ads Can Track Your Location

"Researchers were able to use GPS data from an ad network to track a user to their actual location, and trace movements through town," writes phantomfive. Mashable reports:

The idea is straightforward: Associate a series of ads with a specific individual as well as predetermined GPS coordinates. When those ads are served to a smartphone app, you know where that individual has been... It's a surprisingly simple technique, and the researchers say you can pull it off for "$1,000 or less." The relatively low cost means that digitally tracking a target in this manner isn't just for corporations, governments, or criminal enterprises. Rather, the stalker next door can have a go at it as well... Refusing to click on the popups isn't enough, as the person being surveilled doesn't need to do so for this to work -- simply being served the advertisements is all it takes.

It's "an industry-wide issue," according to the researchers, while Mashable labels it "digital surveillance, made available to any and all with money on hand, brought to the masses by your friendly neighborhood Silicon Valley disrupters."
Reposted bydarksideofthemoonpaket

Tracking rechtswidrig, wenn sich die E-Privacy-Verordnung verspätet?

Betreiben Unternehmen Tracking, analysieren also die Besucher ihrer Website auf deren Nutzerverhalten hin, müssen sie derzeit vor allem die Regelungen des TMG beachten. Verläuft alles nach Plan, soll am 25.05.2018 zusammen mit der Einführung der DSGVO auch die E-Privacy-Verordnung anwendbar werden und als sektorspezifische Regelung die nationalen Vorgaben beim Tracking ablösen. Was aber, wenn die Verordnung erst später wirksam wird?



Erste jährliche Prüfung: EU-Kommission winkt Privacy Shield durch

Das EU-US-Privacy-Shield funktioniert einwandfrei. Zu diesem Schluss kam die EU-Kommission bei ihrer ersten jährlichen Prüfung des Datenschutzsystems, wie sie heute in einer Pressemitteilung erklärte. Die zuständige EU-Justizkommissarin Věra Jourová sieht lediglich „Raum für eine verbesserte Implementierung“ und spricht der US-Regierung auf Grundlage der Prüfung einige Empfehlungen aus. Grundsätzlich garantiere das Privacy Shield einen angemessen Schutz personenbezogener Daten von EU-Bürgern, die in die USA übertragen werden.

October 12 2017

CC-BY 2.0 Shane T. McCoy / US Marshals

Crypto Wars, die unendliche Geschichte: „Kein Recht auf absolute Privatsphäre“

Es war nur eine Frage der Zeit, bis die Trump-Regierung einen Anlauf gegen Verschlüsselung startet. Am Dienstag war es dann soweit: Rod Rosenstein, stellvertretender US-Justizminister, forderte in einer Rede Zugang zu verschlüsselten Inhalten. Zu keinem Zeitpunkt hätte es in der Menschheitsgeschichte Techniken gegeben, sagte Rosenstein, um sich der Strafverfolgung zu entziehen. Aber das sei die Welt, die IT-Unternehmen erschafften.

„Milliarden an Kurznachrichten werden jeden Tag über Mainstream-Apps verschickt und empfangen, die standardmäßig Ende-zu-Ende-Verschlüsselung nutzen“, sagte Rosenstein. „Die Hersteller machen dabei etwas, was das Gesetz [herkömmlichen] Telefonieanbietern nicht erlaubt: Sie nehmen sich das Recht heraus, Anordnungen von Gerichten nicht nachzukommen.“ Das mache Ermittlungen schwierig, wenn nicht gar unmöglich.


October 11 2017


Deputy Attorney General Rosenstein’s “Responsible Encryption” Demand is Bad and He Should Feel Bad

Deputy Attorney General Rod Rosenstein delivered a speech on Tuesday about what he calls “responsible encryption” today. It misses the mark, by far.

Rosenstein starts with a fallacy, attempting to convince you that encryption is unprecedented:

Our society has never had a system where evidence of criminal wrongdoing was totally impervious to detection, especially when officers obtain a court-authorized warrant. But that is the world that technology companies are creating.

In fact, we’ve always had (and will always have) a perfectly reliable system whereby criminals can hide their communications with strong security: in-person conversations. Moreover, Rosenstein’s history lesson forgets that, for about 70 years, there was an unpickable lock. In the 1770s, engineer Joseph Bramah created a lock that remained unpickable until 1851. Installed in a safe, the owner could ensure that no one could get inside, or at least not without destroying the contents in the process. 

Billions of instant messages are sent and received each day using mainstream apps employing default end-to-end encryption. The app creators do something that the law does not allow telephone carriers to do: they exempt themselves from complying with court orders.

Here, Rosenstein ignores the fact that Congress exempted those app creators-“electronic messaging services”- from the Computer Assistance for Law Enforcement Act (CALEA).


September 22 2017


Appeals Court Rules Against Warrantless Cell-site Simulator Surveillance

Law enforcement officers in Washington, D.C. violated the Fourth Amendment when they used a cell site simulator to locate a suspect without a warrant, a D.C. appeals court ruled on Thursday. The court thus found that the resulting evidence should have been excluded from trial and overturned the defendant’s convictions.

September 10 2017


TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results

An anonymous reader quotes security researcher Brian Krebs:

The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach -- -- is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.

TechCrunch has concluded that "the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach." One user reports that entering the same information twice produced two different answers. And ZDNet's security editor reports that even if you just enter Test or 123456, "it says your data has been breached." TechCrunch writes:
The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted. It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID.

Meanwhile, one web engineer claims the secret 10-digit "security freeze" PIN being issued by Equifax "is just a timestamp of when you made the freeze."
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!