As gadgets and services get smarter, they need more data, and face the hard problem of keeping it safe. Data privacy has become a huge problem for Google, Facebook, Amazon, and any company using artificial intelligence to power its services — and a major sticking point for lawmakers looking to regulate. Here’s all the news on data privacy and how it’s changing tech.
404 Media has been on top of the privacy nightmare of Tea, an app that sought to make dating safer for women by sharing “red flags” but has instead been a leaky source of its users’ personal data. A new investigation by 404’s Emanuel Maiberg goes behind the scenes how the app tried to hijack the Are We Dating the Same Guy? Facebook group to goose its community numbers.
404 Media reports how ICE officials added a random person to a “Mass Text” chat, where they discussed plans to find an individual “seemingly marked for deportation.” The messages exposed sensitive information about ICE’s target, including their criminal record, Social Security Number, and driver’s license number.
The platform announced earlier this month that it will begin to use AI to detect users under 18 and automatically apply restrictions to their account. If it incorrectly identifies someone as underage, YouTube will ask for the user’s government ID, credit card, or a selfie to verify their age.
The new Instagram Maps request to enable location services (feeding Meta valuable ad targeting data from your Android or iPhone) has spawned incredulous reactions, along with claims it’s on by default, despite Adam Mosseri’s denials.
Still, he says, “We’ll get out a few design improvements as quickly as possible.”
A Microsoft workers group says reporting by The Guardian, Local Call, and +972 Magazine “revealed incriminating details about Microsoft’s indispensable role as the technological backbone of Israel’s mass surveillance of Palestinians all over Palestine” with the IDF’s Unit 8200, despite the company’s denials.
...Microsoft and Unit 8200 worked closely to build a Microsoft-powered mass surveillance weapon that “collects and stores recordings of millions of mobile phone calls made each day by Palestinians in Gaza and the West Bank.”
After 404 Media reported that an app meant to help women exchange dating information for safety purposes was breached, TechCrunch reports that a rival app targeted at men has been exposing users’ personal data including government IDs. “The security lapse will likely affect any user who signed up or shared identity documents with the app,” TechCrunch writes about TeaOnHer, adding that the app has about 53,000 users.
The company has introduced Proton Authenticator, an open-source two-factor authentication app that can sync 2FA codes across devices using end-to-end encryption. Though Proton’s password manager already comes with a built-in 2FA feature, Proton says using its standalone Authenticator offers an “extra layer of security” by generating codes in a separate app.
Proton Authentication is available for free on Android, iOS, Windows, macOS, and Linux.
Until now it’s stayed quiet on whether it received the same order to open a backdoor to user data as Apple, but a spokesperson confirmed to TechCrunch that it never did. If it had, Google wouldn’t be allowed to say so.
Apple has pulled iCloud encryption from the UK and appealed its order in the courts. Last week it was reported that the UK is ready to give up the fight following US political pressure.
I appeared on On the Media to discuss our story about the Anime Nazi who allegedly hacks universities. I explain why the identity of the alleged hacker is important, why the Times’ obfuscation of its sources is troubling, and what’s at stake in the Republican war on higher education: upward mobility.
Purportedly searching for illegal cannabis grow houses, the Sacramento Municipal Utilities District (SMUD) has been tipping off police about “high” electricity usage based on smart meter readings.
The EFF is suing, saying it’s flagged Asian customers specifically, as “SMUD analysts deemed one home suspicious because it was ‘4k [kWh], Asian,’ and another suspicious because ‘multiple Asians have reported there,’” while the cops sent accusatory “nastygrams” to suspected homes in only English and Chinese. SMUD also admitted that “high” readings could come from air conditioning, electric vehicles, and even Christmas lights.
21-year-old Mads Mikkelsen (not the famous one) tells Norwegian newspaper Nordlys that he was pulled aside by customs officials at Newark Airport. An agent searched his phone and found (1) a photo of a wooden pipe he had made, and (2) that one meme of JD Vance where he has the giant bald baby head.
Mikkelsen says he was detained, strip searched, and ultimately refused entry into the US. The English language Daily Mail write-up can be found here.
While Meta said ads will be globally introduced to WhatsApp’s updates tab “slowly over the next several months,” the company has now clarified to Ireland’s Data Protection Commission (DCP) that they won’t arrive in the European Union market until 2026. That gives EU privacy regulators time to discuss data-sharing concerns about the ad model.
[politico.eu]
“Court documents unsealed Monday alleged Vance Boelter, 57, used online people search services to find the home addresses of his intended targets. Police found the names of 11 registered data brokers — or companies that gather and sell people’s information, including addresses, emails and phone numbers — in Boelter’s abandoned car after the shootings.”
Ron Wyden is on it; if only the rest of Congress was.
On the list of apparel-related data breaches, Adidas was early to the trend. Then, the Victoria’s Secret website was offline for a few days last week as it dealt with a “security incident.”
Now, Bleeping Computer has two more to add to the list, reporting that Cartier has sent emails to customers informing them that info like name, email address, and country of residence was stolen, and that The North Face has apparently suffered its fourth reported credential stuffing incident since 2020.
[bleepingcomputer.com]
Palantir has received more than $113 million in federal funds since Trump took office and is reportedly discussing potential contracts with the Social Security Administration and the IRS. The ubiquity of Palantir’s tech within federal agencies may help Trump achieve his goal of creating a master database allowing administration officials to access data on nearly anyone in the US.
Employees are “raising questions internally” about Palantir’s contracts, one former engineer said. Some are worried about the implications of collecting so much data on Americans.
[nytimes.com]
