Privacy

 2016



  Echoes of Concern...

Amazon in court battle to refuse police access to the always on microphone in the home via its Echo device


Link Here 29th December 2016
Amazon Echo - Black Amazon has refused to hand over recordings from an Echo smart speaker to US police investigating a murder in Arkansas. Police issued a warrant to Amazon to turn over recordings and other information associated with the device.

Amazon twice declined to provide the police with the information they requested from the device, although it did provide account information and purchase history.

Although the Echo is known for having always-on microphones to enable its voice-controlled features, the vast majority of the recordings it makes are not saved for longer than the few seconds it takes to determine if a pre-set wake word (usually Alexa ) has been said. Only if that wake word has been heard does the device's full complement of microphones come on and begin transmitting audio to Amazon.

However the police pursuit of the data suggests there is more of interest up for grabs than Amazon is admitting.

Amazon's reluctance to part with user information fits a familiar pattern. Tech companies often see law enforcement requests for data as invasive and damaging to an industry. It is clearly an issue for sales of a home microphone system if it is easy for the authorities to grab recordings.

Other devices have also been good data sources for police investigations.  Wristwatch-style Fitbit activity trackers have cropped up in a few cases eg for checking alibis against sleep patterns or activity.

A smart water meter has also been used in a murder case as evidence of a blood clean up operation,

 

 Offsite Article: Does anyone know what their Facebook address is anyway?...


Link Here 27th December 2016
homeland security logo US authorities introduce policy to ask visitors to reveal their social media accounts

See article from theguardian.com

 

 Update: Opening a new front in the war against internet censorship...

Signal encrypted messaging app acts to counter blocking by internet censors in Egypt and UAE


Link Here 22nd December 2016  full story: Internet Encryption...Encryption, essential for security but givernments don't see it that way
signal app logoSignal, an encrypted messaging apt for mobile devices had its service blocked in Egypt and UAE.

Now Signal have responded by making a new release available to those territories that should make the censors thinks twice before reaching for the block option.

The new Signal release uses a technique known as domain fronting. Many popular services and CDNs, such as Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly, and Akamai can be used to access Signal in ways that look indistinguishable from other uncensored traffic. The idea is that to block the target traffic, the censor would also have to block those entire services. With enough large scale services acting as domain fronts, disabling Signal starts to look like disabling the internet. When users in the two countries send a Signal message, it will look like a normal HTTPS request to www.google.com. To block Signal messages, these countries would also have to block all of google.com.

Update: Cuba and Oman

1st January 2017 See  article from engadget.com

Signal , the messaging app that prides itself on circumventing government censorship, has a few new places where its flagship feature works. Last week it was Egypt, and now users in Cuba and Oman can send messages without fear of them being intercepted and altered by lawmakers.

 

  If you have nothing to hide then you have nothing to fear...

Your online purchases, maybe sex toys or holidays to Pattaya, will now be reported to US state governments


Link Here 16th December 2016
Colorado state sealOnline retailers in America will soon be required by law to disclose to state governments what purchases their customers have made.

The law seems to have been made up in US courts during a long-running legal case based around the jurisdiction of sales tax. An appeals court decision now requires out-of-state retailers to report to the Colorado state government the details of all purchases, including what that purchase was and who bought it.

The US Supreme Court has refused to hear the case so the appeal court decision stands.

Colorado is not the only state pushing the requirement. Vermont will also make the same requirement three months after Colorado starts imposing the law. And other states including Alabama, South Dakota, Tennessee and Wyoming have approved similar rules.

The exec director of the American Catalog Mailers Association (ACMA), Hamilton Davison, is extremely concerned He said:

Consumers, particularly those who buy from catalogs and e-commerce merchants, put considerable trust in the businesses from which they make the most personal of purchases, he noted. This decision undermines this trust by requiring remote sellers to report to state tax collectors on the buying habits of their customers, including health care products, apparel or other sensitive items.

 

  Admiral sunk...

Facebook scuppers insurance company plan to snoop on peoples Facebook posts


Link Here 3rd November 2016
admiral logoFacebook has thwarted a dastardly plot by Admiral insurance company to try and get its hands on people's social media postings to assess their insurance risk.

Admiral were planning to offer the possibility of discounts on car insurance for those silly enough to sign over their social media data.

Arch personal data guzzlers Facebook have refused to play ball, and has announced it would not allow the app to access people's posts, citing privacy concerns. A Facebook spokesman said:

Protecting the privacy of the people on Facebook is of utmost importance to us. We have clear guidelines that prevent information being obtained from Facebook from being used to make decisions about eligibility.

We have made sure anyone using this app is protected by our guidelines and that no Facebook user data is used to assess their eligibility. Facebook accounts will only be used for login and verification purposes. Our understanding is that Admiral will then ask users who sign up to answer questions which will be used to assess their eligibility.

 

 Update: Revealing a snooping free for all...

ATandT has been snooping on its customers and selling the data to the police without bothering with warrants or even restricting it to serious crime investigations


Link Here 27th October 2016  full story: Morality in Media...Misreable campaigners for censorship
at and t logoAT&T developed a product for spying on all its customers and made millions selling it to warrantless cops

AT&T's secret Hemisphere product is a database of calls and call-records on all its customers, tracking their location, movements, and interactions -- this data was then sold in secret to American police forces for investigating crimes big and small (even Medicare fraud), on the condition that they never reveal the program's existence.

The gag order that came with the data likely incentivized police officers to lie about their investigations at trial -- something we saw happen repeatedly in the case of Stingrays, whose use was also bound by secrecy demands from their manufacturers. Because the data was sold by AT&T and not compelled by government, all of the Hemisphere surveillance was undertaken without a warrant or judicial review (indeed, it's likely judges were never told the true story of where the data being entered into evidence by the police really came from -- again, something that routinely happened before the existence of Stingray surveillance was revealed).

The millions given to AT&T for its customers' data came from the federal government under the granting program that also allowed city and town police forces to buy military equipment for civilian policing needs. Cities paid up to a million dollars a year for access to AT&T's customer records.

A statement of work from 2014 shows how hush-hush AT&T wants to keep Hemisphere:

The Government agency agrees not to use the data as evidence in any judicial or administrative proceedings unless there is no other available and admissible probative evidence.

But those charged with a crime are entitled to know the evidence against them come trial. Adam Schwartz, staff attorney for activist group Electronic Frontier Foundation, said that means AT&T may leave investigators no choice but to construct a false investigative narrative to hide how they use Hemisphere if they plan to prosecute anyone.

EFF is suing the US government to reveal DoJ records on the use of Hemisphere data.

 

 Offsite Article: The U.S. Government Wants to Read Travellers' Tweets Before Letting Them In...


Link Here 23rd October 2016
homeland security logo The Intercept investigates a US move to ask for people's social media addresses on visa waiver forms

See article from theintercept.com

 

 Offsite Article: Unverified benefits...


Link Here 7th September 2016
twitter verified user logo The Verified Internet Puts Sex Workers at Risk. By 'Lux Alptraum'

See article from motherboard.vice.com

 

  Don't use WhatsApp to call your mistress or toy boy...

Lest Facebook use your phone log to suggest them as friends to your partner


Link Here 27th August 2016
whatsapp logoThe UK's data protection agency has announced it is looking into Facebook's plans to use WhatsApp phone numbers and customer data to generate leads and for personalised advertisng on Facebook.

Privacy fears were raised earlier this week when a change in WhatsApp privacy policy revealed it users' phone numbers would be passed to the parent company to inform ads and for providing friend suggestions.

Mirroring the concerns of many Brits, the Information Commissioner's Office (ICO) has said it will monitor how WhatsApp data is shared with the Facebook. Information Commissioner Elizabeth Denham said in a statement :

We've been informed of the changes. Organisations do not need to get prior approval from the ICO to change their approaches, but they do need to stay within data protection laws. We are looking into this.

Denham said ICO planned to pull back the curtain and ensure both Facebook and WhatsApp were providing users with the requisite transparency.

Plenty of users have objected to the plans, with many choosing to opt out and not to share the details with Facebook.

 

 Offsite Article: Beware of the blimp...


Link Here 11th August 2016
simera The privacy issue at the Olympics no one is talking about

See article from dailydot.com

 

 Update: Woeful disregard for user privacy...

France tells Microsoft to sort out its Windows 10 data grab of users private data


Link Here 21st July 2016  full story: Microsoft Snooping...Microsoft’s Windows 10 is a privacy nightmare
cnil logoNagware makers Microsoft have come under fire from France's National Data Protection Commission (CNIL) over Windows 10 collecting too much data about users.

CNIL has ordered Microsoft to comply with the French Data Protection Act within three months. The company has been ordered to stop collecting excessive data and tracking browsing by users without their consent .

In addition to this, the chair of CNIL has notified Microsoft that it needs to take satisfactory measures to ensure the security and confidentiality of user data . The notice comes after numerous complaints about Windows 10, and a series of investigations by French authorities which revealed a number of failings on Microsoft's part.

The CNIL particularly notes Windows 10's telemetry 'service' which gathers information about the apps users have installed and how long each is used for. The complaint is that these data are not necessary for the operation of the service .

The company is also criticized for its lack of sufficient security -- such as the four-digit PIN used to protect payment information which does not have a limit on the number of guesses that can be made. The CNIL's list of complaints does not end there. It also took exception to the activation of an advertising ID for tailored advertising without user consent, the lack of cookie blocking options, and the fact that data is being transferred out of Europe to the US.

 

  USA proposes to ask all foreign visitors to provide their social media ID...

I don't know about you, but my profiles contains stuff that I'd rather the authorities didn't see.


Link Here 28th June 2016
homeland security logoThe US authorities are set to add questions to immigration arrivals forms asking for IDs used on social media such as Facebook and Twitter. Reports suggest that it is supposedly voluntary to provide such information, but it wouldn't be difficult to drop a few hints, that those not providing such info may not be granted entry, to make it more or less mandatory.

A Notice by the U.S. Customs and Border Protection (CBP) on 06/23/2016 detailed the new question:

CBP Forms I-94 (Arrival/Departure Record) and I-94W (Nonimmigrant Visa Waiver Arrival/Departure Record) are used to document a traveler's admission into the United States. These forms are filled out by aliens and are used to collect information on citizenship, residency, passport, and contact information. The data elements collected on these forms enable the Department of Homeland Security (DHS) to perform its mission related to the screening of alien visitors for potential risks to national security and the determination of admissibility to the United States.

Proposed Changes

DHS proposes to add the following question to ESTA and to Form I-94W:

Please enter information associated with your online presence -- Provider/Platform -- Social media identifier.

It will be an optional data field to request social media identifiers to be used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.

 

 Offsite Article: Bad value for a massive loss of privacy...


Link Here 18th June 2016
logo tesco mobile network - copy Tesco Mobile customers should think twice before viewing ads for a £3 a month discount

See article from openrightsgroup.org

 

 Offsite Article: Bad News...


Link Here 23rd May 2016
ghostery know about website trackers Research shows that news websites are more aggressive trackers than porn sites

See article from motherboard.vice.com

 

  Beware of friend requests...

It could be a creepy council employee wanting to snoop on you


Link Here 13th May 2016  full story: Council Snooping...Concil snooping for trivial reasons
east lothian council logoEast Lothian Council has adopted the policy of using fake Facebook profiles enabling council employees to spy on law-abiding resident.

A new policy has enabled investigating officers at East Lothian Council to use false Facebook identities to befriend targets and? scour social media pages not protected by privacy settings.

The nine-page surveillance through social media policy agreed by officials has been branded beyond creepy by critics who have questioned whether it infringes privacy rights.

Human rights lawyers and civil liberties groups have blasted the move, describing it as a sign that powers normally only used by police were spreading into other areas.

Daniel Nesbitt, research director of Big Brother Watch, said the council needs to say why these tactics are necessary, why they think they are proportionate and what safeguards will be in place.  He added:

For years now councils have been criticised for using heavy-handed snooping tactics, and a nine-page document simply isn't good enough.

Jason Rose, who stood for the Greens in the East Lothian constituency in last year's Westminster elections said the? policy was beyond creepy :

I cannot believe our councillors have agreed this policy. It speaks volumes that a council which is so poor at communicating with the public and does not make its meetings available to view online agrees a covert surveillance policy in such a secretive way.

 

 Offsite Article: Facebook Moments facial-recognition app launches in Europe...


Link Here 11th May 2016  full story: Facebook Privacy...Facebook criticised for discouraging privacy
facebook moments And rather sidesteps privacy concerns

See article from bbc.com

 

 Offsite Article: Your husband has just purchased a massage at Lisa's Happy Endings Parlour...


Link Here 24th April 2016
Facebook logo Facebook is inevitably planning to join the list of companies providing payment services. But do you really want the likes of Facebook to know what you spend your money on?

See article from independent.co.uk

 

 Offsite Article: Passed...


Link Here 13th March 2016
private+internet+access logo VPN Provider's No-Logging Claims Tested in FBI Case

See article from torrentfreak.com

 

 Offsite Article: Is your smartphone listening to you?...


Link Here 7th March 2016
blackout pocket Numerous reports of the likes of Facebook snooping on people by turning on their microphones without permission

See article from bbc.com

 

 Update: German court clicks the new Facebook dislike button...

German court fines facebook 100,000 euro over failure to implement a court order about privacy terms and conditions


Link Here 2nd March 2016  full story: Facebook Privacy...Facebook criticised for discouraging privacy
Facebook logo Facebook has been fined 100,000 euros in Germany after failing to follow orders regarding clearer privacy terms and conditions for users.

The regional court of Berlin ruled that the company did not sufficiently alter the working of an intellectual property clause in its terms and conditions, despite being told to do so following a complaint filing by the Federation of German Consumer Organizations. The entity's head, Klaus Mueller, said that Facebook keeps attempting to evade customer laws in Germany as well as in the entire continent.

In March 2012, a German court originally ruled that the company's terms and conditions were vague on the extent to which it could go with users' data and intellectual property, implying Facebook could license its users' photos and videos to third parties for business reasons. However, the authorities' primary issue was Facebook's compliance with the US government to provide data for its mass surveillance programs. After Edward Snowden's revelations on the US government's spying programs and how the tech industry complies, the issue has gained more gravity.

While Facebook complied with the ruling four years ago, the Berlin court now concludes that it merely changed the wording of the clause in question without changing the message that it conveyed. Meanwhile, the company defended itself saying that it had complied with the original ruling and was issued the fine because it couldn't implement the changes quickly enough.

 

  Is your browser safe against tracking?...

EFF checks out your browser and add-ons for protection against tracking


Link Here 22nd January 2016
panopticlick logo The Electronic Frontier Foundation (EFF) has launched version 2.0 of its tracking and fingerprinting detection tool, Panopticlick .

This version brings new tests to our existing tool, such as canvas and touch-capability fingerprinting, updating its ability to uniquely identify browsers with current techniques.

In addition, it adds a brand new suite of tests that detect how well your browser and extensions are protecting you from:

  1. tracking by ads;
  2. from tracking by invisible beacons; and also
  3. whether they encourage compliance with the Do Not Track policy , which EFF and a coalition of allies launched earlier this year.

We've also redesigned the site look and feel, including friendlier layout on mobile devices. If your browser lacks protections, Panopticlick 2.0 will recommend installing tools that are available on your platform, such as Privacy Badger , Disconnect or AdBlock , in order to get better protections as you navigate the Web.