Last week, Google banned 20 Android apps from its Play Store for their extraction of users’ emails, texts, location, and calls. The apps “rooted” devices with older Android operating systems, meaning they were able to bypass newer security protections. The expelled apps generally advertised as cleanup tech for unwanted files or as backup utilities. It is suspected that the apps were developed by Equus Technologies, a cyber arms company, and had been installed on 100 phones. Google is calling these apps “Lipizzan.” The same day Google announced the banning of these apps, antivirus company Sophos disclosed two Android apps surreptitiously collecting text messages: an app store shortcut and a skin care magazine. These have been downloaded up to 500,000 times.
In protest of the FCC’s plans to scrap net neutrality protections, many non-profits, companies and websites are banding together to host a day of action on July 12, 2017. Among the companies joining in this progressive movement: Amazon, Vimeo, GitHub, Netflix, Etsy, Twitter, and Spotify. What will the day of protest entail?
-a Twitter Brigade, tweeting net neutrality news through July 12
-30-second video bumper for online video content
-website alerts, like the one below (I’m going to try this one on my page!)
The point is to show what the internet would look like without the neutrality of browsing protected.
Without net neutrality, internet service providers will be free to steer you to their selected content, making slow lanes for companies that can’t pay up. A big company could get fast navigation through their website, but it can take more time to load a small non-profit’s page.
Support net neutrality on July 12! Join here.
As of yesterday, 44 states have called foul on providing some of the requested voter data from the state rolls, as requested by Kris Kobach of the Presidential Advisory Commission on Election Integrity. The commission was established to corroborate Trump’s claims of widespread voter fraud in the 2016 election. The data collected from the states will eventually be made public. Kobach has clarified the request of the letter sent to the states, stating that it is asking for what is publicly available in each state. Still, the letter asks for date of birth and last four digits of social security number, as well as elections voted in. 19 states have outwardly criticized the commission’s request. Virginia Governor Terry McAuliffe (D) stated,
“At best this commission was set up as a pretext to validate Donald Trump’s alternative election facts, and at worst is a tool to commit large-scale voter suppression.”
Many state laws prevent the release of the requested data, and public officials are pointing to specious claims of voter fraud with the intent of voter suppression, as well as complete disregard to privacy.
In response, Trump brings up the flawed “something to hide” argument, so often used to flout privacy concerns. Equating privacy with criminality and clandestine activity is the classic way to disregard the benefits of privacy and shame those who resist oppression. Pointing to the “distinction” of a group requesting private data does not mean that group will handle data responsibly. Especially in this case, where the purpose is to link the data with other sources and make it public.
Election officials across the 50 states received a letter this week from Kris Kobach, Kansas Secretary of State and the vice chairman of a White House commission looking into voter fraud. The commission is chaired by Pence and was established by Trump after his claims that 5 million people voted illegally in the election that brought him into office. Requested in the letter: names, addresses, dates of birth, political party, last 4 digits of SSN, and which elections each person voted in in since 2006. For all voters. In the country. Kobach is known for advocating that state voter data be compared to auxiliary sources to pick out non-citizens or people otherwise ineligible to register.
Voter advocacy groups argue that such a comparison process is flawed and will result in legitimate voters being barred from the vote. CA’s Secretary of State, Alex Padilla, responded that he would not provide sensitive voter information to the commission. Democrats are wary of Kobach’s motives in seeking these data, as well as those of the commission, claiming that the lack of transparency is evidence of efforts to suppress votes.
In a state whose largest city recently passed a sweeping privacy regulation, a new bill expanding police surveillance of license plates has passed the state’s House. The objective is to catch uninsured out-of-state motorists driving on RI highways and fine them up to $120. The bill’s sponsor, Robert Jacquard (D-Cranston), says that each license plate scanned by highway cameras will be erased in one minute following review by law enforcement, though many questions remain about the storage and sharing of this location data. Jacquard sees this technology as simply an extension of red-light cameras that already use automatic license plate recognition (ALPR). However, Rhode Island law enforcement would need to access license plate data from every state to make this work. Privacy groups and some auto insurers stand against this bill, with insurers pointing out the difficulty of getting other states to share personal data about their drivers with Rhode Island.
INRIA, the French computer science institute (which has a fantastic privacy research group), has released an online test to show you your web browsing fingerprint. Their Browser Extension and Login-Leak Experiment demonstrates how you can be tracked by the browser extensions you have installed, as well as the sites you remain logged in to. These stale logins can be used to target your online ads, or even serve you higher prices in online shopping.
I failed this test completely – my logins are apparently very unique:
And, I remain logged into way more sites than I thought! eBay and Yahoo? It’s possible that some of these are false login detections, as the group is still working out the kinks.
You can take the test here: https://extensions.inrialpes.fr/
Checkups like these are good reminders of the data we are leaking out without thinking about: where we visit, what we type, and where we click. Little beacons are ready at the collect.
The concept of “dropping in” on someone is already intrusive — and maybe outdated. I mean, when was the last time you showed up at someone’s house unannounced? Or missed the days when you couldn’t see who was calling and just had to answer the phone? Amazon’s new Echo device, the Echo Show, is flanked by a screen allowing for voice-activated video calls, and a new feature called Drop In. Drop In allows anyone you’ve given permission to to drop in on your device and see live footage from your home. All someone has to do is say, “Alexa, drop in on Dara,” and the microphone and camera will start the broadcast. The recipient does not have to answer the call for this to work. The Echo Show will also tell you which of your contacts have been active with their Show devices; conceivably, who is awake or at home. Where you otherwise could decline calls and create the appearance that you are not available, your contacts could see that you are, in fact, ever “available.” Ready for a Drop In?
Source: BuzzFeed News
Last week, the social media application Snapchat released a new location sharing feature: Snap Map. Snaps can be added to the “Our Story” map, which is public, and is intended to show snaps related to world events. Snap locations can also be shared with friends. Location sharing is opt-in, as the app defaults users to “Ghost Mode,” meaning that location is not shared. However, Snapchat gives the impression in its introductory video that location is shared when a user posts a story. In reality, if a user is not in Ghost Mode, location is shared to the map (visible to the users’ friends) each time the app is opened. This results in the routine sharing of users’ home locations. It is inherently risky for those who frequently open Snapchat on the go, thereby leaking breadcrumbs of their daily trajectories.
Some additional details: While only mutual friends can see each other on the Snap Map, Snapchat is clearly collecting all of this data on user locations. The company claims to delete the location data after a short period of time, but does not specify the duration of this time period. If a user does not open the app for 8 hours, the last shared location disappears from the map.
Source: The Verge
Source: CTV News
The European Commission has drafted amendments to the 2002 ePrivacy regulations that would ban the creation of backdoors for reading encrypted communications. This is a win for privacy in light of widespread calls by law enforcement and governments to establish access to end-to-end encrypted (E2EE) messages, most recently by the UK (for Signal and WhatsApp, which use E2EE).
The draft proposal, which would outlaw backdoor encryption, states:
Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.
…when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited…
The proposed amendments are more in line with the new General Data Protection Regulation (GDPR), but will have to pass through the European parliament and European council to go into effect.
Source: The Guardian