recentpopularlog in

dandv : privacy   177

« earlier  
JetBlue | Your Face is Your Boarding Pass: JetBlue Introduces Its First Integrated Biometric Self-Boarding Gate at New York’s John F. Kennedy International Airport
Press release without any explanation whatsoever as to how they gave your face.

"JetBlue (NASDAQ: JBLU), in partnership with U.S. Customs and Border Protection (CBP), today announced the roll-out of its first fully-integrated biometric self-boarding gate at New York’s John F. Kennedy International Airport (JFK). Customers flying to select international destinations from Terminal 5 at New York-JFK can now board even faster with a dual lane biometric self-boarding gate, which uses facial recognition technology to verify travelers with a quick photo capture.

There is no pre-registration required. Customers can simply step up to the camera for a photo match and make their way onto the aircraft."
facial  recognition  biometrics  privacy  surveillance  USA  airline 
4 weeks ago by dandv
Skip the Surveillance By Opting Out of Face Recognition At Airports | Electronic Frontier Foundation
If you’re concerned about creating a slight delay for yourself or other passengers, take note: though CBP has claimed to have a 98% accuracy rating in their pilot programs, the Office of the Inspector General could not verify those numbers, and even a 2% error rate would cause thousands of people to be misidentified every day. Most face recognition technology has significantly lower accuracy ratings than that, so you might actually be speeding things up by skipping the surveillance.

there are actually (at least) three different face recognition checkpoints looming:
* Airlines want to use your face as your boarding pass, saying “it's about convenience.”
* CBP, which is part of the Department of Homeland Security (DHS), wants to use your face to check against DHS and State Department databases when you’re entering or exiting the country;
* the TSA wants to compare your face against your photo identification throughout the airport.
privacy  airline  surveillance  face  recognition 
10 weeks ago by dandv
One Of The Biggest At-Home DNA Testing Companies Is Working With The FBI
under the previously undisclosed cooperation with Family Tree, the FBI has gained access to more than a million DNA profiles from the company, most of which were uploaded before the company’s customers had any knowledge of its relationship with the FBI.
DNA  privacy  FBI 
12 weeks ago by dandv
Jeremy Burge 🐥🧿 on Twitter: "For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that.… https://t.co/lGI1r7HWTm"
Using a phone number to sign up for services has been the single greatest coup for the social media and advertising industries. One unique ID that is used to link your identity across every platform on the internet.

That is why every startup wants your phone number.

Every public WiFi network that asks for a phone number to access it? Shared with advertisers. WhatsApp, Facebook, Instagram? Shared. Phone networks themselves: until last month, sharing your exact location by phone number.

It's shocking that this one number is used for usernames, authentication (2FA), advertising tracking, geolocation and more. And it's the same piece of info you have to give to a random plumber to come and fix the boiler.
privacy  against  Facebook  phone  number  surveillance 
march 2019 by dandv
The Transparent Society | WIRED
Written in 1996, but you can't tell until well least the first half.

We might agitate, demonstrate, legislate. But in rushing to pass so-called privacy laws, we will not succeed in preventing hidden eyes from peering into our lives. The devices will get tinier, more mobile, and more clever. In software form, they will cruise the data highways. The chief effect that "privacy" laws have is to "make the bugs smaller."
privacy  liberty  thought  experiment  longform  essay 
march 2019 by dandv
EFF - Which Internet registries offer the best protection for domain owners?
Recommendations for security against
* trademark/copyright bullies
* overseas speech regulators
* identity theft and marketing
domain  choose  howto  privacy  security  anonymity 
january 2019 by dandv
People start to wake up to the pervasive third-party tracking that comes with 90% of Android apps
Reset your advertising ID regularly – this won’t stop you from being tracked and profiled, but it can nonetheless temporarily limit the invasiveness of your profile. This can be found on most Android devices under, Settings > Google > Ads > Reset Advertising ID.

Limit ad personalization by opting out of ad personalization in the Android settings. This can be found on most Android devices under, Settings > Google > Ads > Opt out of personalized Advertising.

90% of the 959,000 apps from the US and UK Google Play stores that they studied had at least one tracker; 170,000 apps had more than twenty trackers.

Privacy International found that 61% of those 400,000 apps automatically transfer data to Facebook the moment a user opens them. This happens whether or not people have a Facebook account, and regardless of whether they are logged into Facebook or not. In addition, those apps send a unique identifier, the Google advertising ID, to Facebook. This is extremely problematic, because it renders data aggregation and the construction of data profiles much easier.
anonymity  privacy 
january 2019 by dandv
Three Reasons Why the "Nothing to Hide" Argument is Flawed
1. Privacy isn't about hiding; it's about protecting information. "Simply put, everyone wants to keep certain things private and you can easily illustrate that by asking people to let you make all their emails, texts, searches, financial information, medical information, etc. public. Very few people will say yes."

2. 2) Privacy is a fundamental right and you don't need to prove the necessity of fundamental rights to anyone.

You should have the right to free speech even if you feel you have nothing important to say right now. You should have the right to assemble even if you feel you have nothing to protest right now. These should be fundamental rights just like the right to privacy.

3. Aggregation - “just four fairly vague pieces of information — the dates and locations of four purchases — are enough to identify 90 percent of the people in a data set recording three months of credit-card transactions by 1.1 million users.”
against  hide  argument  privacy  advocacy 
january 2019 by dandv
Travellers refusing digital search now face $5000 Customs fine | RNZ News
Travellers must give passwords/PIN/fingerprint. Refusal = device gets confiscated.

Smartphones and computers will be searched in flight mode (no cloud), file-by-file, if there's "reasonable suspicion", but customs isn't obligated to tell you what the suspicion is.

"Border officials searched roughly 540 electronic devices at New Zealand airports in 2017."
surveillance  New-Zealand  against  privacy  customs  travel 
december 2018 by dandv
yeriomin/YalpStore: Download apks from Google Play Store
Open source much smaller replacement for Google Play that uses a built-in account to download APKs directly from the Play Store, so you don't need to sign into Google. Supports reviews, auto-updates, black/whitelisting apps for updates, package management.

* must use your own account to download your paid apps
- against the ToS
+ but "Software like Yalp Store, Google Play Crawler and Raccoon has been used for years and it seems to be safe. Never heard of any real cases of accounts being disabled."
Android  privacy  Google-Play-Services  alternative  open-source 
december 2018 by dandv
Eloston/ungoogled-chromium: Google Chromium, sans integration with Google
Bringing back the "Don't" in "Don't be evil"

ungoogled-chromium is Google Chromium, sans integration with Google. It also features some tweaks to enhance privacy, control, and transparency (almost all of which require manual activation or enabling).

ungoogled-chromium retains the default Chromium experience as closely as possible. Unlike other Chromium forks that have their own visions of a web browser, ungoogled-chromium is essentially a drop-in replacement for Chromium.
Chromium  fork  privacy  open-source  against  tracking  surveillance 
december 2018 by dandv
Purism, SPC - Wikipedia
Privacy-oriented laptops and smartphones with hardware kill switches, running entirely FOSS. FSF endorsed PureOS.
laptop  notebook  Android  phone  hardware  privacy  security  awareness 
december 2018 by dandv
Microsoft Windows 10 has a keylogger enabled by default - here's how to disable it : technology
"Send Microsoft info about how I write to help us improve typing and writing in the future"
against  Microsoft  Windows  privacy 
october 2018 by dandv
That Game on Your Phone May Be Tracking What You’re Watching on TV - The New York Times
Alphonso and other tracker apps listen in the background to TV sounds and Shazam what users are watching

"piece of software known as Silverpush onto apps with the goal of using device microphones to listen for audio signals that humans could not hear to log what they watched on TV. This year, Vizio agreed to pay $2.2 million to settle charges that it was collecting and selling viewing data from millions of internet-connected televisions without the knowledge or consent of the sets’ owners."
surveillance  tracking  privacy 
september 2018 by dandv
De-anonymizing the US population based on DOB, gender, and ZIP code
Disclosing one’s gender, ZIP code and full date of birth allows for unique identification of 63% of the US population
anonymity  birthday  privacy 
september 2018 by dandv
Service Meant to Monitor Inmates’ Calls Could Track You, Too - The New York Times
LocationSmart gets the data from carriers, then sells it to 3CInteractive, which sells it to Securus.

"The Justice Department has said its policy is to get warrants for real-time tracking. The Supreme Court has ruled that putting a GPS tracker on a car counts as a search under the Fourth Amendment, but this was because installing the device involved touching a person’s property — something that doesn’t happen when a cellphone is pinged."
surveillance  state  phone  cellphone  privacy  USA 
may 2018 by dandv
What every Browser knows about you
The Google Geolocation API locates you without needing any permissions, and the error is only <50km if you're on a mobile network.

Websites can IP and port scan your local network:
https://github.com/beefproject/beef/wiki/Network-Discovery
https://github.com/joevennix/lan-js
https://security.stackexchange.com/questions/145336/how-can-a-webpage-scan-my-local-internal-network-from-the-internet

OS, CPU and GPU information is available.
browser  data  leak  security  privacy 
january 2018 by dandv
Home Assistant Adopter Beware: Google, Amazon Digital Assistant Patents Reveal Plans for Mass Snooping | Consumer Watchdog
Study at http://www.consumerwatchdog.org/sites/default/files/2017-12/Digital%20Assistants%20and%20Privacy.pdf

[[Amazon filed a patent application for an algorithm that lets the device identify statements of interest— such as “I love skiing,” — enabling the speaker to be surveilled based on their interests and targeted for related advertising.

Google patent outlines ways it could collect information about family members’ interests and activities to infer likely purchases. For example, the application describes how sports camp could be marketed to a 15-year-old boy holding a basketball in the living room. It also describes how Google could infer an interest in the actor Will Smith by combining a users’ browser search history with an image on a user’s t-shirt obtained from a Nest camera in the home. It also describes how it could sell you a TV show by spying on a book on your bedside table.

The fact that a company has applied to patent a concept does not mean that they will implement it. Patents do, however, reflect a company’s ambitions, Consumer Watchdog said, and nothing prevents them from implementing those changes once the devices are in your home. It would not be the first time a company like Google has expanded data collection without obtaining explicit consent from users.

Both Amazon and Google have patented methods for serving ads to users through their smart devices. An Amazon discusses a system of “intelligent sponsorship based on knowledge generated by reference to the human being entity using the system.” A Google patent shows how advertisers could bid to have the company’s digital assistant
feature their products in its voice-based search results.

A methodology for “inferring child mischief” using audio and movement sensors - smart home system that monitors the activity of every member of a household and reports back to a designated “policy holder.”
surveillance  privacy  voice  assistant  Google  Home  Amazon  Echo 
january 2018 by dandv
Washington sues Motel 6 for giving guest information to US
Hotels will rat you out.

"Motel 6 trained its new employees to provide guest lists to agents when they asked for it, without requiring the agents to show a search warrant or probable cause"
surveillance  immigration  discrimination  privacy  breach  personal  data  handover 
january 2018 by dandv
Google collects Android users' locations even when location services are disabled — Quartz
"cell tower addresses were being sent to Google after a change in early 2017 to the Firebase Cloud Messaging service, which is owned by Google and runs on Android phones by default

Even devices that had been reset to factory default settings and apps, with location services disabled, were observed by Quartz sending nearby cell-tower addresses to Google. Devices with a cellular data or WiFi connection appear to send the data to Google each time they come within range of a new cell tower. When Android devices are connected to a WiFi network, they will send the tower addresses to Google even if they don’t have SIM cards installed."
privacy  surveillance  location  against  Google  Android 
november 2017 by dandv
Windows 10 telemetry violates privacy laws – BetaNews
"Microsoft does not clearly inform users about the type of data it uses, and for which purpose. Also, people cannot provide valid consent for the processing of their personal data, because of the approach used by Microsoft. The company does not clearly inform users that it continuously collects personal data about the usage of apps and web surfing behaviour through its web browser Edge, when the default settings are used."
against  Windows  surveillance  privacy 
october 2017 by dandv
UK police arrest man via automatic face recognition tech | Ars Technica UK
[[Back in April, it emerged that South Wales Police planned to scan the faces "of people at strategic locations in and around the city centre"]]
face  recognition  arrest  police  state  privacy  surveillance 
june 2017 by dandv
All color laser printers add forensic tracking dots | Electronic Frontier Foundation
[[(Added 2015) Some of the documents that we previously received through FOIA suggested that all major manufacturers of color laser printers entered a secret agreement with governments to ensure that the output of those printers is forensically traceable.

(Added 2017) REMINDER: IT APPEARS LIKELY THAT ALL RECENT COMMERCIAL COLOR LASER PRINTERS PRINT SOME KIND OF FORENSIC TRACKING CODES, NOT NECESSARILY USING YELLOW DOTS. THIS IS TRUE WHETHER OR NOT THOSE CODES ARE VISIBLE TO THE EYE AND WHETHER OR NOT THE PRINTER MODELS ARE LISTED HERE. THIS ALSO INCLUDES THE PRINTERS THAT ARE LISTED HERE AS NOT PRODUCING YELLOW DOTS.

This list is no longer being updated.]]

How to decode the yellow dots: https://w2.eff.org/Privacy/printers/docucolor/

Project that failed to do anything about them:
http://seeingyellow.com/

Layman story (2017-June):
http://www.bbc.com/future/story/20170607-why-printers-add-secret-tracking-dots
printer  privacy  surveillance  yellow  dots 
june 2017 by dandv
Facebook shadow profiles: a profile of you that you never created.
[[While you may not have listed your cell phone number, if one of your connections used the “Find My Friends” feature and allowed Facebook to scan their contacts, Facebook collected all the other information about you associated with that contact.

Even if you never provided them, Facebook very likely has your alternate email addresses, your phone numbers, and your home address – all helpfully supplied by friends who are trying to find you and connect.

in 2013 Facebook announced they had found a bug that revealed the personal information of 6 million users. The leaked information, of course, included the extra information collected in the ghost profiles

If you’re thinking that by not using Facebook, you’ve avoided all of this – Facebook has been the target of multiple class-action lawsuits alleging the company collects this information about non-users without their consent.]]
awareness  surveillance  against  Facebook  privacy 
june 2017 by dandv
Facebook self-censorship: What happens to the posts you don’t publish?
2013: Facebook logs that you've typed a post even if you didn't send it. Allegedly, they didn't send over the contents, just the metadata.
Facebook  surveillance  privacy 
june 2017 by dandv
HomePod, Echo, Google Home: How secure are your speakers?
"With anonymized IDs, Apple's speakers have a much more compelling argument for not handing over data: They can't find it."

No mention of whether HomePod can answer personal queries like "What's my next appointment" and if so, how it does it while keeping IDs anonymized.
smart  home  speaker  privacy  anonymity  surveillance 
june 2017 by dandv
FATCA, Automatic Information Exchange, and the End of Financial Privacy - Tax Foundation
In 2014, Switzerland became the 52nd country to sign an OECD initiative which will enable automatic exchange of financial account information among the tax authorities of each country. Among other things, that means the end of bank secrecy, a long standing Swiss institution dating back to 1934.

FACTA requires every bank on earth to file with the IRS and submit account information on American citizens, or risk steep penalties and isolation from the world’s financial system. The compliance costs are estimated at about $8 billion a year, while the revenue expected is one-tenth of that, $800 million per year.
USA  worldwide  taxation  IRS  against  privacy 
may 2017 by dandv
A US-born NASA scientist was detained at the border until he unlocked his phone - The Verge
Homeland Security secretary John Kelly said that people visiting the United States may be asked to give up passwords to their social media accounts. "We want to get on their social media, with passwords: What do you do, what do you say?" Kelly told the House Homeland Security Committee. "If they don't want to cooperate then you don't come in."

Seemingly, Bikkannavar’s reentry into the country should not have raised any flags. Not only is he a natural-born US citizen, but he’s also enrolled in Global Entry — a program through CBP that allows individuals who have undergone background checks to have expedited entry into the country. He hasn’t visited the countries listed in the immigration ban and he has worked at JPL — a major center at a US federal agency — for 10 years.

The CBP officer started asking questions about where Bikkannavar was coming from, where he lives, and his title at work. It’s all information the officer should have had since Bikkannavar is enrolled in Global Entry. “I asked a question, ‘Why was I chosen?’ And he wouldn’t tell me,” he says.

“In each incident that I’ve seen, the subjects have been shown a Blue Paper that says CBP has legal authority to search phones at the border, which gives them the impression that they’re obligated to unlock the phone, which isn’t true,” Hassan Shibly, chief executive director of CAIR Florida, told The Verge. “They’re not obligated to unlock the phone.”

“It was not that they were concerned with me bringing something dangerous in, because they didn’t even touch the bags. “You can say, ‘Okay well maybe it’s about making sure I’m not a dangerous person,’ but they have all the information to verify that.”
USA  against  Customs  Border  CBP  privacy  search  seizure  electronic  devices  phone  WTF 
march 2017 by dandv
Uber will pay $20,000 fine in settlement over 'God View' tracking - The Verge
In 2014, one high-up Uber executive was found to have monitored the rider logs and location of a BuzzFeed News reporter without her knowledge.

the aerial "God View" was made available to a wide number of employees
against  Uber  surveillance  location  privacy 
december 2016 by dandv
Bitcoin service ordered to hand over three years of user records to IRS - The Verge
[[The order has also drawn significant criticism from many in the Bitcoin community. “Americans would be shocked if the IRS asked a financial institution in good regulatory standing to turn over the names, addresses and shopping histories of millions of customers just because the IRS thought there might be some tax cheats among them”]]
IRS  Bitcoin  tax  fraud  allegation  Coinbase  records  privacy 
december 2016 by dandv
The IRS Believes All Bitcoin Users are Tax Cheats | Cato @ Liberty
IRS wants from Coinbase:

"All records of account/wallet/vault activity including transaction logs or other records identifying the date, amount, and type of transaction (purchase/sale/exchange), the post transaction balance, the names or other identifiers of counterparties to the transaction; requests or instructions to send or receive bitcoin; and, where counterparties transact through their own Coinbase accounts/wallets/vaults, all available information identifying the users of such accounts and their contact information."

This based on one dickhead suspected of tax evasion: "Equally shocking is the weak foundation for making this demand. In a declaration submitted to the court, an IRS agent recounts having learned of tax evasion on the part of one Bitcoin user and two companies. On this basis, he and the IRS claim “a reasonable basis for believing” that all U.S. Coinbase users “may fail or may have failed to comply” with the internal revenue laws."

Court declaration: http://www.plainsite.org/dockets/download.html?id=240290871&a=4&z=f474e618

Reddit: https://www.reddit.com/r/Bitcoin/comments/5dm4jr/irs_requesting_info_from_coinbase_on_users/
Coinbase  against  IRS  Bitcoin  privacy  USA 
november 2016 by dandv
Passenger name record - Wikipedia
They have all the info on you, they will share it, and "further, CRS-GDS companies maintain web sites that allow almost unrestricted access to PNR data – often, the information is accessible by just the reservation number printed on the ticket."

[[In more recent times, many governments now require the airline to provide further information included to assist investigators tracing criminals or terrorists. These include:

* Passengers' gender
* Passport details - nationality, number, and date of expiry
* Date and place of birth
* Redress number, (if previously given to the passenger by the US authorities).
* All available payment/billing information.]]

This data is shared between the European Union, USA, Canada and Australia (at least).
travel  surveillance  flight  privacy  PNR  awareness 
november 2016 by dandv
The FCC just passed sweeping new rules to protect your online privacy - The Washington Post
“This was probably the best day we've had on Internet privacy — commercial Internet privacy — maybe ever,” said Jeffrey Chester, executive director of the Center for Digital Democracy.

Ordinary consumers are unlikely to see an immediate impact from the FCC ruling

The new rules, which could face a legal challenge from affected companies, require Internet providers to obtain their customers’ explicit consent before using or sharing sensitive data with third parties, such as marketing firms. That could mean dialogue boxes, new websites with updated privacy policies or other means of interaction with companies, which may offer discounts or other incentives to customers who voluntarily consent to online tracking.

The FCC vote also restricts trading in health data, financial information, Social Security numbers and the content of emails and other digital messages. The rules force service providers to tell consumers what data they collect and why, as well as to take steps to notify customers of data breaches.
privacy  USA  carrier  ISP 
october 2016 by dandv
Pinboard.in developer talks about surveillance and tech
[[This summer I took a long train ride from Vienna to Warsaw.

It struck me as I looked out window for hour after hour that everything I was seeing—every car, house, road, signpost, even every telegraph pole—had been built after 1990. I'd been visiting Poland regularly since I was a kid, but the magnitude of the country's transformation hadn't really sunk in before. And I felt proud.

In spite of all the fraud, misgovernment, incompetence, and general Polishness of the post-communist transition, despite all our hardships and failures, in twenty years we had made the country look like Europe. The material basis of people's lives was incomparably better than it had been before.


I'd like to ask, how many of you have been to San Francisco (about a quarter of the audience raises their hands).

How many of you were shocked by the homelessness and poverty you saw there? (most of the hands stay up.)

For the rest of you, if you visit San Francisco, this is something you're likely to find unsettling. You'll see people living in the streets, many of them mentally ill, yelling and cursing at imaginary foes. You'll find every public space designed to make it difficult and uncomfortable to sit down or sleep, and that people sit down and sleep anyway. You'll see human excrement on the sidewalks, and a homeless encampment across from the city hall. You'll find you can walk for miles and not come across a public toilet or water fountain.

If you stay in the city for any length of time, you'll start to notice other things. Lines outside every food pantry and employment office. Racially segregated neighborhoods where poverty gets hidden away, even in the richest parts of Silicon Valley. A city bureaucracy where everything is still done on paper, slowly. A stream of constant petty crime by the destitute. Public schools that no one sends their kids to if they can find an alternative. Fundraisers for notionally public services.

You can't even get a decent Internet connection in San Francisco.

The tech industry is not responsible for any of these problems. But it's revealing that through forty years of unimaginable growth, and eleven years of the greatest boom times we've ever seen, we've done nothing to fix them. I say without exaggeration that the Loma Prieta earthquake in 1989 did more for San Francisco than Google, Facebook, Twitter, and all the rest of the tech companies that have put down roots in the city since.

Despite being at the center of the technology revolution, the Bay Area has somehow failed to capture its benefits.]]

[[Ubiquitous surveillance and the sales techniques it made possible increased revenue by fifteen, twenty, even thirty percent.

Depending on estimates, ad fraud consumes from 10-50% of your ad budget. In some documented cases, over 90% of the ad traffic being monitored was non-human.

So those profits to advertisers from mass surveillance—the fifteen to thirty percent boost in sales I mentioned—are an illusion.

Advertisers end up right back where they started,still not knowing which half of their advertising budget is being wasted. Except in the process they've destroyed our privacy.

The winners in this game are the ones running the casino: big advertising networks, surveillance companies, and the whole brand-new industry known as "adtech".

The losers are small publishers and small advertisers. Universal click fraud drives down the value of all advertising, making it harder for niche publishers to make ends meet. And it ensures that any advertiser who doesn't invest heavily in countermeasures and tracking will get eaten alive.

But the biggest losers are you and me.

Advertising-related surveillance has destroyed our privacy and made the web a much more dangerous place for everyone. The practice of serving unvetted third-party content chosen at the last minute, with no human oversight, creates ideal conditions for malware to spread. The need for robots that can emulate human web users drives a market for hacked home computers.

The European cookie law is a beautiful example of regulatory disaster. If I want to visit a site in the EU, I need to click through what's basically a modal dialog that asks me if I want to use cookies. If I don't agree, the site may be borderline unusable.

the only way European sites remember that you don't want to use cookies is... by setting a cookie. People who are serious about not being tracked end up harassed with every page load.

A universal right to download will give users a clear idea of how much information is being collected about their behavior. Study after study shows that people underestimate the degree of surveillance they're under.]]
privacy  mass  surveillance  against  technology  Silicon  Valley  adtech  European  cookie  law  San  Francisco  poverty 
august 2016 by dandv
Windows 10 Is Watching: Should You Be Worried?
Meanwhile, Windows 10 isn’t flawless. It may offer novel features and improved security, but it’s also laden with privacy issues, will strain your bandwidth with large updates, can auto-remove apps, is said to be spying on its users, and finds ever new ways of serving ads.

There are still instances where toggling the toggles does nothing. Turning Cortana off and typing in the search box prompts a request to Bing.com for a ‘threshold.appcache’ file. Even when Live Tiles are disabled and removed from the Start menu, Windows 10 still asks for periodic updates from MSN.com. Similarly, data is occasionally sent to a Microsoft server used for OneDrive storage, even after the service is completely switched off.

More:
* http://www.makeuseof.com/tag/windows-10-watching-worried/
* http://www.makeuseof.com/tag/everything-need-know-windows-10s-privacy-issues/
against  Windows  10  privacy  spyware  surveillance 
june 2016 by dandv
How the US government blackmails companies to hand over user data
"Yahoo was faced with daily fines of $250,000 per day, which would **double each month**. By month five, Yahoo would have faced fines upwards of the entire U.S. national debt, and then some.

Because of the secretive nature of the FISA Court, we may never know if Apple has been, or will be in the future, forced to comply with a seemingly immoral or technologically impossible task.

Apple may have power and might, and more of the public on its side than any party in politics ever will, but the government has the power to bring that all crashing down by levying unreasonable and far-reaching financial sanctions."
USA  surveillance  state  backdoor  law  fines  blackmail  privacy 
january 2016 by dandv
I noticed some disturbing privacy defaults in Windows 10
Besides the egregious defaults that send everything you type to Microsoft, read the license contract as well:

<<
"We share your personal data with your consent [...]" (this means you HAVE GIVEN consent - ask any lawyer)
"[...]we share personal data among Microsoft-controlled affiliates and subsidiaries. We also share personal data with vendors or agents working on our behalf[...]"
"[...]we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders)[...]"

"Personal Data We Collect"
[...]
"Name and contact data. We collect your first and last name, email address, postal address, phone number, and other similar contact data."

"[...] the content of your documents, photos, music or video [...] the content of your communications sent or received [...]

subject line and body of an email,
text or other content of an instant message,
audio and video recording of a video message, and
audio recording and transcript of a voice message you receive or a text message you dictate"

"Contacts and relationships"

"Credentials. We collect passwords, password hints, and similar security information"

Note that it does not says that it collect the passwords you provide to Microsoft. It just says "passwords". ANY password.

"[...] (GPS) data, as well as data identifying nearby cell towers and Wi-Fi hotspots, [...] location derived from your IP address [...] a city or postal code level."

"[...]age, gender, country and preferred language[...]"

"Interests and favorites. [...] such as the teams you follow [...] the stocks you track [...] In addition to those you explicitly provide, [...] may also be inferred or derived from other data we collect. "

THE STOCKS YOU TRACK. That would be absolutely illegal without a contract.
ASIDE THE INFO YOU EXPLICITLY PROVIDE. That means that Microsoft gets the right to survey you by any means, aside Windows 10.
It does not need to survey you only trought a computer, phone, or website running Windows 10, it can survey you trough any way.

There is no opt out.
>>
against  Windows  10  privacy  surveillance 
august 2015 by dandv
90% of iOS, Android apps exhibited at least one risky behavior | Appthority
Summer 214. Direct PDF at https://www.appthority.com/app-reputation-report/report/AppReputationReportSummer14.pdf

99% of top free apps exhibited 1+ risky behavior

82% of free Android and 50% of free iOS apps allow location tracking
smartphone  iPhone  Android  mobile  app  privacy  data  leak 
november 2014 by dandv
How To Be Efficient: Dan Ariely’s 6 New Secrets To Managing Your Time14
Via Quiet: The Power of Introverts in a World That Can’t Stop Talking:

"…top performers overwhelmingly worked for companies that gave their workers the most privacy, personal space, control over their physical environments, and freedom from interruption."
quiet  office  privacy  productivity  efficiency  performance  work  workspace  interruptions 
october 2014 by dandv
Data brokers won’t even tell the government how it uses, sells your data
Datalogix claimed to the committee that it has data on “almost every US household,” while Acxiom’s databases cover 700 million people worldwide. Types of data collected include consumer purchase and transaction information, available methods of payment, types of cars consumers buy, health conditions, and social media usage. Equifax specified that it knew such specific details as whether people have bought a particular kind of shampoo or soft drink in the last six months, how many whiskey drinks a person has had in the last month, or how many miles they’ve traveled in the last four weeks.
data  brokers  advertising  privacy  invasion  awareness 
october 2014 by dandv
Copy machines STORE an image of everything copied on a standard hard drive. Then they're sold for parts.
$300 buys you a used copy machine from some warehouse, with tens of thousands of copied documents on it, many sensitive (driver licenses, SSN cards, health records). Forensic software to read the hard drives is freely available online.

According to a survey by SHARP, only 60% of Americans don't know that copiers store images on hard drives. Really? I had no idea (why store images when you just duplicate print copies onto paper immediately?), and I'm a security minded IT professional.

2010: https://bucks.blogs.nytimes.com/2010/05/20/the-identity-theft-threat-from-copiers/
video  copier  copy  machine  security  risk  data  leak  store  image  privacy  awareness  printer 
october 2014 by dandv
Replicant developers find and close Samsung Galaxy backdoor — Free Software Foundation — working together for free software
Clear proof that the Samsung Galaxy baseband software controlling its modem can access the phone's storage and read/write/delete data upon remote command.

Samsung, of course, denied.

The developer responded to Dan Rosenberg's claims denying the backdoor at http://code.paulk.fr/article18/the-samsung-galaxy-back-door-was-bullshit-really

Proof at http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor

Another Replicant developer debunked the claims at http://www.xda-developers.com/android/samsung-backdoor-may-not-be-as-wide-open-as-initially-thought/#comment-1283815535

No Galaxy S5 ROMs have bothered to implement Replicant's patched library. http://forum.xda-developers.com/galaxy-s5/unified-development/closing-samsung-galaxy-backdoor-t2881428
backdoor  Samsung  Android  surveillance  against  evil  privacy  security 
september 2014 by dandv
Microsoft ordered to hand over overseas email, throwing EU privacy rights in the fire | ZDNet
US law can apply anywhere in the world, so long as a technology company has control over foreign data, a court rules.
privacy  USA  international  Europe  jurisdiction  surveillance 
august 2014 by dandv
[2.2+][ROOT][1.3.3-Beta1] AFWall+ IPTables Firewall [7 July 2014] - XDA Forum
Apparently THE open-source Android firewall, after DroidWall was killed by Avast
open  source  Android  firewall  security  privacy 
july 2014 by dandv
Reset The Net - Privacy Pack
Links to ChatSecure, TextSecure, RedPhone, Adium Pidgin, Tor, Cryptocat
privacy  security  software  Android  Windows  Mac  Linux 
july 2014 by dandv
Undox.Me
How to issue DMCA notices to get your images offline
remove  personal  information  online  privacy 
may 2014 by dandv
geolocation - How does Google calculate my location on a desktop? - Stack Overflow
Google Chrome can triangulate your computer within meters based simply on the names of the Wi-Fi routers around you that your wireless card sees. No GPS needed.

Google has a vested interest in gathering location data of all devices, in order to provide traffic info: http://googleblog.blogspot.com/2009/08/bright-side-of-sitting-in-traffic.html
Google  location  privacy  geolocation  surveillance  browser  WiFi 
january 2014 by dandv
Disabled Woman Denied Entrance To US Due To Private Medical Records - Slashdot
"In 2012, Canadian Ellen Richardson was hospitalized for clinical depression. This past Monday she tried to board a plane to New York for a $6,000 Caribbean cruise. DHS denied her entry, citing supposedly private medical records listing her hospitalization. From the story: '“I was turned away, I was told, because I had a hospitalization in the summer of 2012 for clinical depression,’’ said Richardson, who is a paraplegic and set up her cruise in collaboration with a March of Dimes group of about 12 others.'"

http://www.thestar.com/news/gta/2013/11/28/disabled_woman_denied_entry_to_us_after_agent_cites_supposedly_private_medical_details.html
medical  records  privacy  Canada  USA  surveillance  state 
december 2013 by dandv
Chronology of Data Breaches | Privacy Rights Clearinghouse
Searching for some names of companies affected by breaches listed on the first page, doesn't return anything.
data  breach  privacy 
september 2013 by dandv
T-Mobile doesn't really need your Social Security Number
They claim they need it to run credit checks and other BS. Just get a prepaid account.
USA  mobile  operator  privacy  surveillance  state  T-Mobile 
september 2013 by dandv
Howto: Using Ostel for Encrypted Phone Calls on your Android
Setup is more involved than for Redhpone. Unclear if the other party needs the same app.
Android  secure  phone  call  privacy 
august 2013 by dandv
TorMail may be a honeypot
It's just Recube riding on Tor. No guarantees of security. Rumors that it's run by Russian intelligence agencies.
privacy  email  anonymity  Tormail  against 
july 2013 by dandv
Never Give Stores Your ZIP Code. Here's Why - Forbes
[[Because along with other information, the ZIP code may provide the final clue to figuring out your address, phone number and past purchasing details, if a sales clerk sees your name while swiping your credit card.

How does this work? In one of their brochures, direct marketing services company Harte-Hanks describes the GeoCapture service they offer retail businesses as follows: “Users simply capture name from the credit card swipe and request a customer’s ZIP code during the transaction. GeoCapture matches the collected information to a comprehensive consumer database to return an address.”  In a promotional brochure (http://www.harte-hanks.com/pdf/Data%20Services%20and%20Solution%20brochure%20100108.pdf), they claim accuracy rates as high as 100%.

Fair Isaac Corp., a company best known for its FICO credit scores, also offers a similar service which they say can boost direct marketing efforts by as much as 400%. “FICO Contact Builder helps you overcome the common challenges of gathering contact information from shoppers—such as complicating or jeopardizing the sales process by asking for an address or phone number, or complying with regulations,” it says. “It requires minimal customer information captured at point-of-sale, just customer name or telephone number and the customer or store ZIP code.”]]
awareness  privacy  ZIP  code  refuse 
july 2013 by dandv
How To Opt Out of Receiving Facebook Ads Based on Your Real-Life Shopping Activity | Electronic Frontier Foundation
"Facebook has announced that it’s teaming up with four of the world’s largest corporate data brokers to “enhance” the ad experience for users. Datalogix, Epsilon, Acxiom, and BlueKai obtain information gathered about users through online means (such as through cookies when users surf the web) as well as through offline means (such as through loyalty cards at supermarkets and product warranty cards)1."
Facebook  user  tracking  snooping  targeted  advertising  opt-out  privacy 
july 2013 by dandv
The Definitive Guide For Securing Chrome - InsanityBit
Settings, extensions and obscure settings like disabling hyperlink audit pings.
Chrome  web  browsing  security  privacy 
june 2013 by dandv
Perfect Forward Secrecy can block the NSA from secure web pages, but no one uses it | Computerworld Blogs
Only Google and Bloomberg use Perfect Forward Secrecy for their HTTPS connections. Without that, captured traffic can be decrypted later using the private key (which companies have probably handed to the NSA).

"With Perfect Forward Secrecy, anyone possessing the private key and a wiretap of Internet activity can decrypt nothing."

"Suppose, for example, the NSA was recording all HTTPS encrypted traffic to/from joeswebsite.com in January. Then, in February, they learned the private key for joeswebsite.com. Almost always, that lets them decrypt everything from January, February, March and beyond.

It is as if every HTTPS session to joeswebsite.com were encrypted with the exact same password. That's not actually what happens, but in terms of spying on joeswebsite.com, it might as well be."

But still, if an intercepter has the private *while* recording traffic, of course they can decrypt it.
perfect  forward  secrecy  encryption  privacy 
june 2013 by dandv
Think your Skype messages get end-to-end encryption? Think again | Ars Technica
Proof by Ars that Microsoft Servers accessed a URL sent via Skype IM.

"In short, the decentralization that had been one of Skype's hallmarks was replaced with a much more centralized network."
Skype  encryption  debunk  read  plaintext  IM  message  privacy  surveillance 
june 2013 by dandv
Why Metadata Matters | Electronic Frontier Foundation
Examples of how phone call metadata can tell a lot an individual, without having to listen in to the call.

Worse, it can tell the wrong thing, if the call is for someone else or mistaken (the article doesn't go into this).

[[
* They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don't know what you talked about.
* They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
* They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don't know what was discussed.
]]
metadata  collection  surveillance  privacy  against 
june 2013 by dandv
recommendations on books / essays that discuss philosophical and practical tradeoffs on freedom (of information, or perhaps just in general) vs. security?
something a little more nuanced than useless Ben Franklin quotes about "those who sacrifice freedom for security deserve neither." Something that talks intelligently about tradeoffs rather than drawing black-and-white dichotomies, and how these issues intertwine with the incentives / evolution of government systems.

A:
* http://www.schneier.com/
* http://www.freedomhouse.org/issues/internet-freedom
* http://www.amazon.com/Future-Imperfect-Technology-Freedom-Uncertain/dp/1107601657
* http://www.amazon.com/Rights-Risk-Limits-Liberty-America/dp/0307594866
* http://www.amazon.com/The-Puzzle-Palace-Intelligence-Organization/dp/0140067485
privacy  surveillance  freedom  liberty  tradeoff 
june 2013 by dandv
Boundless Informant - Wikipedia, the free encyclopedia
The big data software used to analyze information captured by the NSA via PRISM and others.

3 billion pieces of information in March 2013, *from U.S. systems*. Powered by FOSS. -- http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining
USA  privacy  surveillance  data  mining  awareness  1984 
june 2013 by dandv
Iowa City to ban red-light cameras, drones, and license plate readers too | Ars Technica
http://stopbigbrother.org/ initiative to become municipal bill banning the use of red light camera, automatic vehicle license plate recognition, and drones for enforcing parking and traffic violations. An officer needs to be present at the scene.
Iowa  City  privacy  law  bill  cool  ban  surveillance  drone  automatic  license  recognition  plate  red  light  camera 
june 2013 by dandv
« earlier      
per page:    204080120160

Copy this bookmark:





to read