Privacy / Security

The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.

Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.

It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Collectively, the companies cover the vast majority of online email, search, video and communications networks.

Bert's idea appears simple:

   What if your computer made a little noise each time it sends data to Google?

So this is what he did. A piece of software dubbed googerteller designed for his Linux computer that emits a scratchy beep when the computer detects information flowing out from his computer to one of Google's computers.

[…]

After announcing the tool in a tweet the video quickly received over a million views. Spurred by this attention Bert decided to develop his tool further and include trackers not only from Google but also Facebook and dozens of other trackers.

The truth is many of the ills of today’s internet have a single thing in common: they are built on a system of corporate surveillance. Multiple companies, large and small, collect data about where we go, what we do, what we read, who we communicate with, and so on. They use this data in multiple ways and, if it suits their business model, may sell it to anyone who wants it—including law enforcement. Addressing this shared reality will better promote human rights and civil liberties, while simultaneously holding space for free expression, creativity, and innovation than many of the issue-specific bills we’ve seen over the past decade.

In other words, whatever online harms you want to alleviate, you can do it better, with a broader impact, if you do privacy first.

Awash in vehicle data, most car manufacturers, or OEMs—original equipment manufacturers—found themselves in an unfamiliar role. “What has given rise to the industry is that most OEMs have recognized that they are better at making cars than they are at processing and handling data,” said Andrew Jackson, research director at PTOLEMUS Consulting Group, which studies the connected vehicle industry.

This created an opening for a new kind of third-party data company, vehicle data hubs, which are at the center of the connected vehicle data market.

[…]

Andrea Amico is founder and CEO of Privacy4Cars, an automotive data privacy company. Amico said of vehicle data hubs, “So, there’s many sources out there. Their business proposition is collect all this data, create massive databases, try to standardize this data as much as possible and then literally sell it. So that’s their business model.”

 As they hyperventilate about TikTok, US politicians are so eager to appear “tough on China” that they’re suggesting we build our very own Great Firewall here at home. There is a small but growing number of countries in the world so authoritarian that they block popular apps and websites entirely. It’s regrettable that so many US lawmakers want to add us to that list.

Several of the proposals wending their way through Congress would grant the federal government unprecedented new powers to control what technology we can use and how we can express ourselves – authority that goes far beyond TikTok. The bipartisan RESTRICT Act (S. 686), for example, would enable the Commerce Department to engage in extraordinary acts of policing, criminalizing a wide range of activities with companies from “hostile” countries and potentially even banning entire apps simply by declaring them a threat to national security. 

[…] 

The law is vague enough that some experts have raised concerns that it could threaten individual internet users with lengthy prison sentences for taking steps to “evade” a ban, like side-loading an app (i.e., bypassing approved app distribution channels such as the Apple store) or using a virtual private network (VPN). 

[…] 

A ban on TikTok wouldn’t even be effective: The Chinese government could purchase much of the same information from data brokers, which are largely unregulated in the US.

The rush to ban TikTok – or force its sale to a US company – is a convenient distraction from what our elected officials should be doing to protect us from government manipulation and commercial surveillance: passing basic data privacy legislation. It’s a matter of common knowledge that Instagram, YouTube, Venmo, Snapchat and most of the other apps on your phone engage in similar data harvesting business practices to TikTok. Some are even worse. `

“I thought it would be really funny if a stranger came over asking to do a poo,” explained Will. They never did, and about a year ago Will moved out.

Recently, Will had a look to see if Big Dumpers was still marked on Google Maps. It was. He was getting monthly emails about the performance of his business with information on how many people had viewed it or clicked to see its phone number.

But looking at the app’s listing for the “business”, Will spotted something that he didn’t find as funny. Like many other businesses, Google Maps showed a “Popular times” graph depicting how popular the location is using information provided by Google users who’ve agreed to let the app access their geolocation data. 9AM on Thursday was a busy time for Big Dumpers, according to Google Maps, but completely empty later in the day. 

What clicked in Will’s mind is that he had inadvertently created a public tracker of when people were in his share house — almost certainly without their knowledge. Will quickly voluntarily “closed” his business on Google but the listing remained up afterwards.

After being informed of the exploit by Crikey, founder of Australian information security company DVULN Jamieson O’Reilly said that his review of Google’s technical material corroborated Will’s understanding of the situation.

“My gut tells me you could list any place as a business then if the residents had opted in to location services you could totally use it to measure someone’s patterns,” he said.

The vulnerabilities, reported Tuesday by researchers from security firm Nozomi, reside in the Bosch Rexroth Handheld Nutrunner NXA015S-36V-B. The cordless device, which wirelessly connects to the local network of organizations that use it, allows engineers to tighten bolts and other mechanical fastenings to precise torque levels that are critical for safety and reliability. When fastenings are too loose, they risk causing the device to overheat and start fires. When too tight, threads can fail and result in torques that are too loose. The Nutrunner provides a torque-level indicator display that’s backed by a certification from the Association of German Engineers and adopted by the automotive industry in 1999. The NEXO-OS, the firmware running on devices, can be controlled using a browser-based management interface.

Nozomi researchers said the device is riddled with 23 vulnerabilities that, in certain cases, can be exploited to install malware. The malware could then be used to disable entire fleets of the devices or to cause them to tighten fastenings too loosely or tightly while the display continues to indicate the critical settings are still properly in place.

A few years ago, I was surprised to find out that my friend Peter Eckersley — a very privacy conscious person who is Technology Projects Director at the EFF — used Gmail. I asked him why he would willingly give Google copies of all his email. Peter pointed out that if all of your friends use Gmail, Google has your email anyway. Any time I email somebody who uses Gmail — and anytime they email me — Google has that email.

Since our conversation, I have often wondered just how much of my email Google really has. This weekend, I wrote a small program to go through all the email I have kept in my personal inbox since April 2004 (when Gmail was started) to find out.

The timeline around a stable channel rollout is worded kind of strangely. The company says: "We expect it will take at least a month to observe and stabilize the changes in pre-stable before expanding the rollout to stable channel Chrome, where it will also gradually roll out over time. The exact timing may vary depending on the data collected, and during this time, we will keep you informed about our progress." It's unclear what "data" Google is concerned with. It's not the end of the world if an extension crashes—it turns off and stops working until the user reboots the extension. Maybe the company is concerned about how many people Google "Firefox" once their ad-blocker stops working.

[…] 

Google's sales pitch for Manifest V3 is that, by limiting extensions, the browser can be lighter on resources, and Google can protect your privacy from extension developers. With more limited tools, you'll be more exposed to the rest of the Internet, though, and a big part of the privacy-invasive Internet is Google. The Electronic Frontier Foundation called Google's description of Manifest V3 "Deceitful and Threatening" and said that it's "doubtful Mv3 will do much for security."