WebProNews

Tag: Privacy

  • TikTok Pulling Out of Hong Kong

    TikTok Pulling Out of Hong Kong

    TikTok has announced plans to pull out of Hong Kong in the wake of a new national security law.

    China has been flexing its muscle in Hong Kong, effectively ending the long-standing ‘one country, two systems’ rule. When Britain turned Hong Kong over to Beijing in 1997, its citizens were guaranteed 50 years of autonomy. Despite that, the Chinese government has been trying to exercise more control recently, leading to widespread protests.

    In response, Beijing signed a national security law that gives authorities sweeping powers to punish secession and sedition, as well as search properties and prevent individuals being investigated from leaving the city.

    Tech companies around the world have expressed concern that China may try to use their platforms for censorship or surveillance, by requiring user data to be stored in China. As a result, TikTok is taking action. A spokesperson told Axios that: “In light of recent events, we’ve decided to stop operations of the TikTok app in Hong Kong.”

    The move comes at a time when owner ByteDance is trying to distance TikTok from China. The company operates two similar platforms: TikTok for the world, and a government-approved version in mainland China, called Douyin. Given the allegations that TikTok can’t be trusted to protect user privacy, ByteDance is trying to prove it is not beholden to Beijing.

    The next few weeks will likely be difficult for all of the social media networks as they come to terms with how—or if—they will continue operating in the city.

  • iOS 14 Outs Major Apps For Snooping On Users

    iOS 14 Outs Major Apps For Snooping On Users

    iOS 14 has a number of significant privacy improvements, one of which has been a source of embarrassment for several high-profile apps.

    Privacy was one of the highlights of Apple’s WWDC 2020 Keynote, with the company outlining the steps it is taking to improve the level of privacy it offers customers. One such feature is clipboard monitoring. In short, iOS 14 will alert a user when an app accesses the data currently held in the clipboard. Given that users often copy and paste bank account numbers, credit card numbers, passwords and other sensitive data, this is an excellent new feature.

    Unfortunately for a number of apps, however, they don’t seem to have gotten the memo. In short order, TikTok, LinkedIn and Reddit and several others have all been called out for reading the contents of the iOS clipboard. These apps were all caught accessing the clipboard even when they were not the app involved in the copy and paste function. Basically, once they were opened, they started reading the clipboard’s contents. In the case of TikTok, it appears to have been accessing the clipboard every 1 to 3 keystrokes.

    All three companies have pledged to release an update that will resolve the issue. LinkedIn and Reddit blamed the behavior on bugs, while TikTok said it was a measure designed “to identify repetitive, spammy behavior.” While some users may be willing to give LinkedIn and Reddit a pass, TikTok’s intentional use of the feature does not bode well for a company that is already accused of gross privacy violations.

    Either way, kudos to Apple for helping put an end to this practice. iOS 14 can’t arrive soon enough.

  • California Begins Enforcing New Privacy Law

    California Begins Enforcing New Privacy Law

    Following a six month grace period, California has begun enforcing its new privacy regulation, effective July 1.

    The California Consumer Protection Act (CCPA) was signed into law on January 1. Similar to the EU’s GDPR, the CCPA is a robust set of laws designed to protect individual privacy and give consumers more control over the data companies collect about them. Companies were given a six month grace period before enforcement began, but that grace period ended on June 30.

    The CCPA likely impacts more companies than many realize. It directly applies to companies that do $25 million in annual revenue, companies that derive at least half of their revenue from selling their customers’ data or companies that collect data on at least 50,000 individuals.

    Potential penalties are high enough to ensure compliance. Non-intentional violations could cost as much as $2,500 per incident, while intentional violations could cost as much as $7,500.

    While many companies have struggled to be ready for the new law, privacy advocates have praised it for protecting the interests of consumers.

  • Legislation Would Ban Federal Law Enforcement From Using Facial Recognition

    Legislation Would Ban Federal Law Enforcement From Using Facial Recognition

    Senators Ed Markey and Jeff Merkley have introduced legislation that would ban federal law enforcement agencies from using facial recognition.

    In the wake of several high-profile incidents that have helped spark protests and a renewed focus on racial equality, facial recognition has come under heavy fire. While having some usefulness, facial recognition struggles with bias issues, especially related to race, ethnicity and sex. This doesn’t even begin to address the privacy issues the technology raises. Clearview AI is one company that has increasingly been in the news for blatant abuses of privacy through the use of facial recognition.

    The Facial Recognition and Biometric Technology Moratorium Act, would address these concerns by prohibiting federal law enforcement agencies from using facial recognition tech. In addition, any local or state agencies seeking federal funding would be required to take similar measures.

    “Facial recognition technology doesn’t just pose a grave threat to our privacy, it physically endangers Black Americans and other minority populations in our country,” said Senator Markey. “As we work to dismantle the systematic racism that permeates every part of our society, we can’t ignore the harms that these technologies present. I’ve spent years pushing back against the proliferation of facial recognition surveillance systems because the implications for our civil liberties are chilling and the disproportionate burden on communities of color is unacceptable. In this moment, the only responsible thing to do is to prohibit government and law enforcement from using these surveillance mechanisms. I thank Representatives Jayapal and Pressley and Senator Merkley for working with me on this critical legislation.”

    It’s unknown whether the bill will be able to gain enough support to pass. Should it succeed, however, it could fundamentally alter the privacy debate and have a profound impact on equality.

  • Boston Bans Facial Recognition For Government Use

    Boston Bans Facial Recognition For Government Use

    Boston has joined the growing ranks of US cities that have banned the use of facial recognition by government officials.

    Facial recognition has become one of the most controversial technologies in use. In the wake of George Floyd’s death, organizations have been reevaluating their stand on facial recognition. Companies like Microsoft, IBM and Amazon have changed their policies to exclude selling their facial recognition tech to police.

    Much of this is because of the issues with bias that are prevalent in facial recognition. Despite their best efforts, companies have struggled to keep bias from creeping in on the basis of race, ethnicity and sex.

    These concerns have led cities to take action, banning facial recognition for government agencies. Oakland and San Francisco, California, as well as Cambridge, Massachusetts have already instituted such bans.

    According to Boston.com, “in a unanimous vote Wednesday afternoon, the 13-member body passed an ordinance prohibiting the use of facial recognition technology by Boston police and other city departments, amid evidence that the existing systems misidentify people of color at an exorbitantly high rate.”

    There are some exceptions. Police will still be able to obtain evidence from facial recognition technology, as long as that evidence was gathered by another agency investigating a “specific crime,” and was not at the behest of a Boston city official. Similarly, city officials will not be allowed to use facial recognition provided by third parties.

    Given the current political climate, it’s a safe bet Boston won’t be the last city to take such measures.

  • Senators Introduce Legislation Attacking Encryption

    Senators Introduce Legislation Attacking Encryption

    Another day, another attack on the encryption standards that protect every single person using the internet and computing devices.

    Senators Lindsey Graham, Tom Cotton and Marsha Blackburn introduced the Lawful Access to Encrypted Data Act in a bid “to bolster national security interests and better protect communities.”

    It’s hard to tell whether the authors are trying to attack encryption, or if they simply don’t understand how it works…or both. Either way, the result is the same: This legislation will gut the end-to-end encryption (E2EE) billions of people rely on.

    Case in point:

    “After law enforcement obtains the necessary court authorizations, they should be able to retrieve information to assist in their investigations. Our legislation respects and protects the privacy rights of law-abiding Americans,” says Graham.

    Similarly:

    ”This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet,” said Cotton.

    The announcement specifically states:

    “Encryption is vital to securing user communications, data storage, and financial transactions. Yet increasingly, technology providers are deliberately designing their products and services so that only the user, and not law enforcement, has access to content – even when criminal activity is clearly taking place. This type of ‘warrant-proof’ encryption adds little to the security of the communications of the ordinary user, but it is a serious benefit for those who use the internet for illicit purposes.”

    These statements ignore some of the basic facts involved in the encryption debate. Let’s break this down.

    1. All of the above statements place a great deal of emphasis on a warrant. The encryption debate has never been about tech companies’ willingness or unwillingness to abide by a warrant. The issue, plain and simple, is that you cannot have strong encryption that has backdoors. Experts have been warning about the dangers of weakening encryption for years. They’ve done so here, and here, and here, and here, and here, and here and here, as well as countless other places too numerous to list.

      Ultimately, this is not a case where these senators can ‘have their cake and eat it too.’ Either everyone has strong encryption that protects them, or no one does. Even these senators rely on encryption to conduct their business. Signal is widely considered to be the most secure messaging app on the planet, in large part because of the type of encryption this legislation targets. It is so secure that the Senate specifically encourages Senate staff to use Signal.

      Yet this legislation is so dangerous to the very type of encryption that Signal relies on that the company has already warned that, if it passes, Signal will likely stop being available in the US altogether.

      Again, either everyone has strong encryption or no one does…including the senators targeting encryption.

    2. The legislation wrongly asserts that companies fail to cooperate with law enforcement, “even when criminal activity is clearly taking place.” Again, this is not a matter of intentionally failing to cooperate; it is a technical impossibility.

      Companies simply cannot create strong encryption that can simultaneously be accessed at will, either by the company, law enforcement or anyone else. In many cases, such as Apple, companies cooperate as much as they possibly can, but they cannot change the laws of physics.
    3. The assertion that “‘warrant-proof’ encryption adds little to the security of the communications of the ordinary user” ignores how the technology is frequently used by the “ordinary user.” The fact is, E2EE protects private communication, securing text messages, video chats, emails and voice calls, ensuring people can communicate without fear.

      Businesses rely on E2EE on a daily basis to ensure they can freely discuss internal matters without fear of corporate eavesdropping and espionage. Victims of abuse often rely on these services to communicate with loved ones without their abuser being able to find them. Journalists and activists in areas ruled by oppressive regimes rely on E2EE for their very lives.

    The announcement cites several examples where E2EE thwarted attempts by law enforcement. While true, the question remains: How is that different from any other technology?

    One example encryption proponents cite is shredder manufacturers. Do these companies have to create shredders that reconstitute a document just because some bad actors use paper shredders to cover their tracks? Of course not. While some do use shredders to cover illegal activity, the vast majority of individuals use them for perfectly legal reasons.

    The same is true of E2EE. There will always be those who use any technology for illegal, immoral and unethical reasons. The vast majority, however, will use it as it was intended, for perfectly legal activity.

    If passed, however, this new legislation will punish the whole on behalf of the few.

  • WWDC 2020 Part 3: macOS Big Sur

    WWDC 2020 Part 3: macOS Big Sur

    Apple unveiled the next version of macOS, named “Big Sur.” The design of the OS features a number of refinements.

    Apple has repeatedly said it has no intention of merging iOS and macOS, as each has a place in the company’s ecosystem. That doesn’t mean they can’t benefit from each other, however, and it’s apparent that many of the Mac’s new features are inspired by some of the best features of iOS.

    Interface

    Craig Federighi highlighted Apple’s intention of making its various platform feel more cohesive, making it easier for users to move from one device to another.

    macOS Icons
    macOS Icons

    The updated interface includes icons that are more reminiscent of iOS, as well as a more colorful interface and increased transparency.

    Mac Catalyst

    Mac Catalyst receives an upgrade in macOS Big Sur. Catalyst is the compatibility layer that makes it possible to port iOS and iPadOS apps to macOS

    Mac Catalyst
    Mac Catalyst

    Developers will be able to optimize Catalyst apps to take full advantage of the Mac’s resolution. Apps will also have access to menu and keyboard APIs, as well as new controls, such as checkboxes and date pickers.

    The new Maps and Messages are good examples of Catalyst apps.

    Safari

    Big Sur has the biggest update to Safari since it was introduced. The company has focused on performance, improving not only its already good JavaScript performance, but page-load performance as well.

    Privacy will take center stage in Big Sur, making it much easier for users to see how websites attempt to track their data.

    Safari Privacy
    Safari Privacy

    Web Extensions API will now make it easier to bring extension for other browsers over to Safari. There will be a new category in the Mac App Store to showcase Safari extensions.

    Extensions will be managed in a way that preserves user privacy. Users will be able to manage what data an extension can access, as well as limitations on how long it can access that data.

    Safari will also feature built-in translation. Safari will detect when it encounters a page that is not the same as the primary language on the computer and display a translate button. Clicking the button will translate the text, and even text off of the screen will dynamically translate as Safari scrolls down.

    Safari Translation
    Safari Translation

    Next is Apple’s biggest announcement of the day: Custom Silicon

  • UK Set to Adopt Apple/Google API For Contact Tracing

    UK Set to Adopt Apple/Google API For Contact Tracing

    The UK has reversed course, adopting Apple and Google’s API for its contact tracing efforts.

    Contact tracing has been touted as one of the main components to successfully combatting the coronavirus pandemic. Efforts to roll out the technology have split along two lines. Some countries have focused on solutions that store data in a centralized, government database, while others have adopted the privacy-focused API that Apple and Google created.

    Initially, the UK went with the centralized approach, but is now going with the API instead.

    “Following rigorous field testing and a trial on the Isle of Wight, we have identified challenges with both our app and the Google/Apple framework,” says the Department of Health and Social Care.

    “This is a problem that many countries around the world, like Singapore, are facing and in many cases only discovering them after whole population roll-out.

    “As a result of our work, we will now be taking forward a solution that brings together the work on our app and the Google/Apple solution. This is an important step, allowing us to develop an app that will bring together the functionality required to carry out contact tracing, but also making it easy to order tests, and access proactive advice and guidance to aid self-isolation.”

    While the press release does not specifically mention privacy, it likely played a role in the overall decision. As a rule, centralized solutions have not been widely adopted by users, who view them with suspicion due to privacy concerns. Apple and Google’s solution, on the other hand, is built around a decentralized, privacy-first approach that many are more comfortable with.

  • Norway Discontinues Contact Tracing App Over Privacy Concerns

    Norway Discontinues Contact Tracing App Over Privacy Concerns

    Norway has decided to halt its coronavirus contact tracing app efforts amid privacy concerns.

    Contact tracing has been touted as one of the key weapons in the war on COVID-19. Countries around the world have opted to use different types of tracing apps, with many basing their efforts on the privacy-focused API developed by Apple and Google. Norway, on the other hand, is not one of those countries, choosing to develop its own app that did not win any marks for privacy.

    With new cases plateaued for the last month, however, it appears that Norway has decided the privacy risks are not worth the minimal benefit the country is currently seeing. Officials have decided to stop collecting data, delete existing data and stop work on the app indefinitely.

    According to the MIT Technology Review, however, not everyone is in agreement. Specifically, the Norwegian Institute of Public Health (NIPH) believes the move is a mistake.

    “With this, we weaken an important part of our preparedness for increased spread of infection, because we lose time in developing and testing the app,” said NIPH director Camilla Stoltenberg. “At the same time, we have a reduced ability to fight the spread of infection that is ongoing. The pandemic is not over. We have no immunity in the population, no vaccine, and no effective treatment. Without the Smittestopp app, we will be less equipped to prevent new outbreaks that may occur locally or nationally.”

    This is just the latest in the privacy tightrope companies and countries alike are trying to walk as they battle the spread of the virus.

  • Amazon Follows IBM, Bans Police Use of Rekognition

    Amazon Follows IBM, Bans Police Use of Rekognition

    Amazon has announced a one-year moratorium on police use of its facial recognition software, Rekognition.

    IBM previously announced it was ending the sale of general purpose facial recognition software in an effort to support civil rights and police reform. Now Amazon is following suit, banning police use of its own facial recognition software for one year.

    Amazon’s statement, in its entirety, reads:

    We’re implementing a one-year moratorium on police use of Amazon’s facial recognition technology. We will continue to allow organizations like Thorn, the International Center for Missing and Exploited Children, and Marinus Analytics to use Amazon Rekognition to help rescue human trafficking victims and reunite missing children with their families.

    We’ve advocated that governments should put in place stronger regulations to govern the ethical use of facial recognition technology, and in recent days, Congress appears ready to take on this challenge. We hope this one-year moratorium might give Congress enough time to implement appropriate rules, and we stand ready to help if requested.

    When IBM announced its decision, we wrote: “In the wake of recent events, however, it’s likely IBM won’t be the only company to take such a stand.”

    Amazon has proved that statement true, and it will likely not be the last company to do so.

  • Signal Now Allows Chat History Transfer on iOS

    Signal Now Allows Chat History Transfer on iOS

    Secure messaging app Signal has added the ability to transfer one’s chat history on iOS devices.

    Signal is a popular messaging app that is widely considered to be the most secure messaging platform available. It is used by Edward Snowden, and even Senate staff are encouraged to use it.

    One glaring issues on iOS has been the inability to transfer your chat history to a new device. Instead, moving to a new device meant leaving behind all your Signal threads (this writer can personally attest to how frustrating it was). Now, however, it seems Signal has finally brought this feature to iOS.

    “Signal iOS now includes a new feature that makes it possible to switch to a brand-new iPhone or iPad while securely transferring Signal information from your existing iOS device,” writes Nora Trapp on Signal’s blog. “As with every new Signal feature, the process is end-to-end encrypted and designed to protect your privacy. Transfers also occur over a local connection (similar to AirDrop), so even large migrations can be completed quickly.”

    The only caveat is the transfer process requires access to the old phone, so it won’t work if it has been sold, lost or stolen. As long as you still have the old phone, however, simply install Signal on the new phone and go through the registration process. After entering your number, the app will ask if you want to transfer your messages from your old device. If you opt to migrate, your old phone will provide a migration prompt, while the new phone will generate a QR code. Scan the QR code on the new phone with the old one and the transfer will begin.

    This is excellent news for Signal fans and eliminates one of the few pain points associated with having the most secure communication possible.

    Image Credit: Signal

  • Messaging App Signal Adds Blur Tool

    Messaging App Signal Adds Blur Tool

    Popular messaging app Signal has added blur tools to help protect the identities and privacy of people in photos.

    Signal is widely to considered to be the most secure messaging platform on the planet. It uses end-to-end encryption and is open-source software. It is so secure that Edward Snowden uses it and the US Senate has urged senators and their aides to use it.

    Now the company is taking the next step, adding blur tools to help protect the identity of people in photos.

    “The latest version of Signal for Android and iOS introduces a new blur feature in the image editor that can help protect the privacy of the people in the photos you share,” writes Moxie Marlinspike, Signal’s creator and CEO. “Now it’s easy to give every face a hiding place, or draw a fuzzy trace over something you want to erase. Simply tap on the new blur tool icon to get started.”

    The new feature relies on the underlying libraries in iOS and Android. As a result, all of the processing is done on-device, ensuring absolute privacy. In the event the underlying libraries don’t detect a face and blur it automatically, the new tool can also be used to manually blur an area with the blur brush.

    This is an excellent upgrade to an already stellar application, and will surely see widespread use.

  • Huawei Losing Ground as Deutsche Telekom and Bell Canada Choose Ericsson

    Huawei Losing Ground as Deutsche Telekom and Bell Canada Choose Ericsson

    Huawei has been shut out of some high-profile 5G contracts, as both Deutsche Telekom and Bell Canada have gone with Ericsson.

    Huawei has faced increasing pressure worldwide as the US has led a campaign to shut the Chinese firm out of the 5G market. Huawei is already banned in the US, and officials have been working to get their allies to follow suit.

    Australia and New Zealand have similarly banned Huawei from participation in their 5G networks. The UK initially decided to allow the company to participate in a limited role, although recent events are forcing the British government to reconsider. Canada, on the other hand, has remained largely undecided.

    Bell Canada, however, has decided to exclude Huawei, inking a deal with Ericsson instead.

    “Ericsson plays an important role in enabling Bell’s award-winning LTE network and we’re pleased to grow our partnership into 5G mobile and fixed wireless technology,” said Stephen Howe, Chief Technology Officer, Bell Canada. “5G’s high-capacity and near-instant connections will enable next-generation applications like mobile 4K video and immersive augmented reality, connected vehicles and industrial IoT automation on a massive scale, and our plan is to deliver the benefits of the 5G wireless revolution to cities and rural locations alike.”

    Similarly, Deutsche Telekom has also selected Ericsson for its network in Germany.

    “We listened to Deutsche Telekom and understood their urgency to have 5G-ready infrastructure in order to stay at the forefront of customer service in Germany,” said Arun Bansal, President and Head of Ericsson in Europe and Latin America. “We can run multiple standards on the same baseband hardware and a 5G upgrade will be able to be performed by a simple software download to the radio sites. And, during these deliveries, we will use the experience from our 5G activities around the world to be sure that Deutsche Telekom has the most advanced hardware and software in the industry.”

    These are undoubtedly big losses for Huawei and further isolates the company in its efforts to be a leader in the 5G market.

  • Parachute Introduces Superlock, Prevents Others From Stopping Your Video

    Parachute Introduces Superlock, Prevents Others From Stopping Your Video

    Parachute has introduced a new feature, Superlock, that is designed to stop an unauthorized user from killing your live-streamed video.

    Parachute (then known as Witness) won grand prize at the TechCrunch Disrupt NY 2015 Hackathon. The app was designed as a virtual panic button, and was “initially inspired by a series of events where the outcome hinged on a chance recording by a nearby witness.”

    Now the company has introduced Superlock, adding a new layer of protection, especially in potentially high-risk situations.

    “Superlock is a very powerful add-on that is a game-changer for people who use Parachute in situations where there is risk of their phone being taken away from them by an attacker, police officer or other unauthorized person,” writes Marinos, Parachute CEO. “Superlock locks down Parachute, so someone who manages to get a hold of your phone will not be able to stop Parachute, even if they try to switch off your phone. Superlock keeps your phone locked while also continuing to record and live-stream your video, audio and location undisrupted.”

    The feature will likely gain widespread use, as its release coincides with the wide-scale protests over the death of George Floyd.

  • ACLU Files Lawsuit Against Clearview AI

    ACLU Files Lawsuit Against Clearview AI

    The ACLU has filed a lawsuit in Illinois against facial recognition firm Clearview AI.

    Clearview AI made headlines when it was discovered the firm was scraping millions of websites, including the major social media platforms, to amass a database of billions of photos to pair with its facial recognition software. The company claimed it only made its service available to law enforcement and security personnel, but it was later discovered that was a lie. The company had also let friends and investors use its software for personal interests.

    In addition, Clearview has expanded internationally, including making deals with authoritarian regimes. To make matters even worse, there has been at least one instance where the company appeared to be monitoring law enforcement searches and using that information to dissuade police from talking with the press about Clearview.

    The ACLU has had enough and filed a lawsuit in the state of Illinois. Illinois is the perfect state to file the suit in, as it has strict Biometric Information Privacy Act (BIPA) legislation that has already been successfully used in court.

    In its lawsuit, the ACLU and companies joining it, “are asking the court to order Clearview to delete faceprints gathered from Illinois residents without their consent and cease capturing new faceprints unless they comply with BIPA consent procedures. Until such remedies are implemented, Clearview’s egregious violations of privacy pose a disastrous threat and affront to our rights.”

    Here’s to hoping the ACLU is successful in suing Clearview AI into oblivion.

  • Britain Wants to Create 5G Alliance to Counter China

    Britain Wants to Create 5G Alliance to Counter China

    Following ongoing issues with its decision to include Huawei in part of its 5G network, Britain is now interested in creating a 5G alliance to counter China.

    The US has banned Huawei over allegations it serves as part of Beijing’s spying apparatus. US officials have gone on to wage an intense campaign to convince its allies to do the same.

    The US’ closest ally, the UK, attempted to work out a compromise solution wherein Huawei would be allowed to participate in the country’s 5G network in a limited role. That move has caused the US to reevaluate military and intelligence assets in the UK. It’s the US’ latest move, however, to cut off Huawei’s chip supplies that may have forced the UK to reconsider its decision.

    According to the Times of London, British officials may be prepared to go farther, “seeking to forge an alliance of ten democracies to create alternative suppliers of 5G equipment and other technologies to avoid relying on China.

    “New concerns about Huawei, the Chinese telecoms giant, have increased the urgency of the plan after security officials began a review into its involvement in the mobile network upgrade.”

    It’s probably a safe bet the UK will be able to drum up the necessary support for a proposed alliance.

  • Arizona Sues Google For Collecting Location Data After Users Opt Out

    Arizona Sues Google For Collecting Location Data After Users Opt Out

    Arizona Attorney General Mark Brnovich has filed a lawsuit against Google, claiming the search giant collects location data even after users opt out.

    Google has been under increasing scrutiny, both in the US and Europe, over its privacy practices. Arizona is the latest to take the search giant to task, claiming it is illegally collecting information on its users.

    “While Google users are led to believe they can opt-out of location tracking, the company exploits other avenues to invade personal privacy,” said Attorney General Mark Brnovich. “It’s nearly impossible to stop Google from tracking your movements without your knowledge or consent. This is contrary to the Arizona Consumer Fraud Act and even the most innovative companies must operate within the law.”

    The Arizona AG began its investigation in 2018, in the wake of an Associated Press article calling Google out for blatantly lying to its users about when their data was being collected. That report proved that Google continued to track users, despite telling them their location would not be stored if Location History was turned off. Instead, the company simply used one of any number of other methods to continue tracking their customers’ locations.

    In the course of the investigation, Arizona discovered “that Google uses deceptive and unfair practices to collect as much user information as possible and makes it exceedingly difficult for users to understand what’s being done with their data, let alone opt-out.”

    It will be interesting to see how Google responds although, looking at the court filing, it appears the Arizona AG has meticulously built a solid case.

  • Qatar Demonstrates Danger of Contact Tracing Apps

    Qatar Demonstrates Danger of Contact Tracing Apps

    A major security vulnerability left Qatari citizens open to having highly sensitive, personal information stolen.

    Qatar is one of the many countries that has rolled out a contact tracing app. Contact tracing is widely considered to be one of the keys to getting a handle on the coronavirus pandemic. Unfortunately, there is tremendous potential for an app to be abused, or for poor security to open users up to hackers and scammers. For example, North Dakota’s Care19 app was recently discovered to be sharing location data with FourSquare.

    Qatar’s app is now the latest to have an issue, with Amnesty International’s Security Lab discovering a serious vulnerability that “would have allowed cyber attackers to access highly sensitive personal information, including the name, national ID, health status and location data of more than one million users.”

    To make matters worse, the Qatari contact tracing app is mandatory for the country’s citizens, ensuring virtually everyone was at risk. Amnesty International informed the authorities on May 21 of the vulnerability and they released a fix the very next day.

    “While the Qatari authorities were quick to fix this issue, it was a huge security weakness and a fundamental flaw in Qatar’s contact tracing app that malicious attackers could have easily exploited. This vulnerability was especially worrying given use of the EHTERAZ app was made mandatory last Friday,” said Claudio Guarnieri, Head of Amnesty International’s Security Lab.

    “This incident should act as a warning to governments around the world rushing out contact tracing apps that are too often poorly designed and lack privacy safeguards. If technology is to play an effective role in tackling the virus, people need to have confidence that contact tracing apps will protect their privacy and other human rights.”

    Hopefully governments around the world will take note of Qatar’s example and work hard to protect their citizens’ privacy.

  • Companies Vow to Fight Warrantless Browser Data Access

    Companies Vow to Fight Warrantless Browser Data Access

    Following the defeat of a Senate amendment that would have banned warrantless browser data access, a coalition of companies are taking the fight to the House.

    Mozilla, Engine, Reddit, Inc., Reform Government Surveillance, Twitter, i2Coalition and Patreon all signed a letter addressed to four of the US House of Representatives members. In the letter, they state the following:

    “We urge you to explicitly prohibit the warrantless collection of internet search and browsing history when you consider the USA FREEDOM Reauthorization Act (H.R. 6172) next week. As leading internet businesses and organizations, we believe privacy and security are essential to our economy, our businesses, and the continued growth of the free and open internet. By clearly reaffirming these protections, Congress can help preserve user trust and facilitate the continued use of the internet as a powerful contributing force for our recovery.”

    The companies highlight that Senators Ron Wyden and Steve Daines introduced an amendment in the Senate to ban the warrantless collection of browser data when the USA PATRIOT Act was renewed. That amendment had supermajority support in the Senate, as well as wide bipartisan support, but failed because several senators failed to show up for the vote.

    The companies point out in their letter that web browsing data “can provide a detailed portrait of our private lives. It may reveal medical conditions, religious beliefs, and personal relationships, and it should be protected by effective legal safeguards.”

    While Mozilla does not collect that data, the companies strongly believe there needs to be legislations specifically prohibiting its use without a warrant. Moves like this are one of the reasons Mozilla continues to be one of the strongest voices in the fight for privacy.

  • TikTok Accused of Violating Child Privacy—Again

    TikTok Accused of Violating Child Privacy—Again

    TikTok is in hot water yet again, with consumer groups accusing the social media company of violating child privacy.

    The Center for Digital Democracy and the Campaign for a Commercial Free Childhood are leading a coalition of some 20 children’s and consumer groups that have filed a complaint with the Federal Trade Commission (FTC), accusing TikTok of violating a previous agreement with the FTC.

    In 2019 TikTok was fined $5.7 million for violating child privacy. As The New York Times reports, TikTok agreed to a number of changes designed to better protect the privacy of children.

    According to the NYT, “as part of the settlement, the video-sharing app agreed to obtain a parent’s permission before collecting their child’s personal information. It also agreed to delete personal information, including videos, of any children identified as younger than 13 and to remove videos and other personal details of users whose ages were unknown.”

    In spite of the agreement, it appears that TikTok has not followed through on its promise. This is just the latest issue the social media app has dealt with, as it has faced ongoing scrutiny over security and privacy concerns, with the Pentagon and some government agencies banning the app from employees’ devices.

    If the FTC finds that TikTok has reneged on its agreement, the company’s problems will only go from bad to worse.

  • Google Accused of Tracking EU Users

    Google Accused of Tracking EU Users

    Austrian privacy advocate Max Schrems has levied a complaint against Google, accusing the search giant of tracking users and passing the info to advertisers.

    Google has been mired in privacy and antitrust issues in the EU, generally considered to be the most privacy and consumer-focused part of the world. EU regulators have repeatedly hit Google with billions of dollars in fines, in 2017, ’18 and ’19.

    Now Bloomberg is reporting that Schrems campaign group Noyb has accused Google of using a unique ID to track Android users without the proper opt-in consent.

    “Google does not collect valid ‘opt-in’ consent before generating the tracking ID, but seems to generate these IDs without user consent,” according to the group.

    “Android does not allow deleting the tracking ID. It only allows users to generate a new tracking ID to replace the existing tracking ID. This neither deletes the data that was collected before, nor stops tracking going forward.”

    If the claim has merit, the EU’s GDPR laws allow for fines up to “4% of a company’s global annual sales.” If Google is found guilty, the result could be one of its biggest fines yet.