Time To Clip The Wings Of NSO And Its Pegasus Spyware

from The Observer What’s the most problematic tech company in the world? Facebook? Google? Palantir? Nope. It’s a small, privately held Israeli company called NSO that most people have never heard of. On its website, it describes itself as “a world leader in precision cyberintelligence solutions”. Its software, sold only to “licensed government intelligence and law-enforcement agencies”, naturally, helps them to “lawfully address the most dangerous issues in today’s world. NSO’s technology has helped prevent terrorism, break up criminal operations, find missing people and assist search and rescue teams.” So what is this magical stuff? It’s called Pegasus and it […]

Continue reading

Venmo Gets More Private—but It’s Still Not Fully Safe

from Wired VENMO, THE POPULAR mobile payment service, has redesigned its app. That’s normally news you could safely ignore, but this announcement is worth a closer look. In addition to making some navigational tweaks and adding new purchase protections, the PayPal-owned platform is finally shutting down its global social feed, where the app published transactions from people around the world. It’s an important step toward resolving one of the most prominent privacy issues in the world of apps, but the work isn’t finished yet. Venmo’s global feed has for years been a font of voyeuristic insights into the financial habits […]

Continue reading

Government Surveillance By Data

from NYTs This is the ultimate example of what’s broken in digital life: The locations of people who used apps to pray and hang their shelves wound up in U.S. military databases. Vice’s Motherboard publication this week reported that data on people’s movements collected by seemingly innocuous apps passed through multiple hands before being bought by U.S. defense contractors and military agencies. It’s not clear what the military is doing with the information. This isn’t an isolated case of government authorities buying commercially available databases containing the movements of millions of people. U.S. law enforcement agencies and the Internal Revenue […]

Continue reading

The iOS COVID-19 App Ecosystem Has Become A Privacy Minefield

from ars technica When the notion of enlisting smartphones to help fight the COVID-19 pandemic first surfaced last spring, it sparked a months-long debate: should apps collect location data, which could help with contact tracing but potentially reveal sensitive information? Or should they take a more limited approach, only measuring Bluetooth-based proximity to other phones? Now, a broad survey of hundreds of COVID-19-related apps reveals that the answer is all of the above. And that has made the COVID-19 app ecosystem a kind of wild, sprawling landscape, full of potential privacy pitfalls. Late last month, Jonathan Albright, director of the Digital […]

Continue reading

Study Shows Which Messengers Leak Your Data, Drain Your Battery, And More

from ars technica Link previews are a ubiquitous feature found in just about every chat and messaging app, and with good reason. They make online conversations easier by providing images and text associated with the file that’s being linked. Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line. More about that shortly. First a brief discussion of previews. More here.

Continue reading

New Report on Police Decryption Capabilities

from Schneier on Security There is a new report on police decryption capabilities: specifically, mobile device forensic tools (MDFTs). Short summary: it’s not just the FBI that can do it. This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since […]

Continue reading

Taking Back Our Privacy

from The New Yorker Walking down Abbot Kinney Boulevard, the retail strip in Venice, California, can feel like scrolling through Instagram. One afternoon this July, people sat at outdoor tables beneath drooping strings of fairy lights, sipping cocktails and spearing colorful, modestly dressed salads. The line for Salt & Straw, a venture-funded, “chef-driven” ice-cream shop, stretched up the block, and athleisure-clad twentysomethings photographed themselves eating waffle cones, fabric masks pulled down around their chins like turkey wattles. A month earlier, Abbot Kinney had become a central gathering place for protesters during the mass demonstrations against police brutality and systemic racism. […]

Continue reading

Now You Can Enforce Your Privacy Rights With A Single Browser Tick

from ars technica Anyone who remembers Do Not Track—the initiative that was supposed to allow browser users to reclaim their privacy on the Web—knows it was a failure. Not only did websites ignore it, using it arguably made people less private because it made them stick out. Now, privacy advocates are back with a new specification, and this time they’ve brought the lawyers. Under the hood, the specification, known as Global Privacy Control, works pretty much the same way Do Not Track did. A small HTTP header informs sites that a visitor doesn’t want their data sold. The big difference […]

Continue reading

The Pandemic Is No Excuse to Surveil Students

from The Atlantic In Michigan, a small liberal-arts college is requiring students to install an app called Aura, which tracks their location in real time, before they come to campus. Oakland University, also in Michigan, announced a mandatory wearable that would track symptoms, but, facing a student-led petition, then said it would be optional. The University of Missouri, too, has an app that tracks when students enter and exit classrooms. This practice is spreading: In an attempt to open during the pandemic, many universities and colleges around the country are forcing students to download location-tracking apps, sometimes as a condition […]

Continue reading

Revolutionary Quantum Breakthrough Paves Way For Safer Online Communication

from PHYS.ORG The world is one step closer to having a totally secure internet and an answer to the growing threat of cyber-attacks, thanks to a team of international scientists who have created a unique prototype which could transform how we communicate online. The invention led by the University of Bristol, revealed today in the journal Science Advances, has the potential to serve millions of users, is understood to be the largest-ever quantum network of its kind, and could be used to secure people’s online communication, particularly in these internet-led times accelerated by the COVID-19 pandemic. By deploying a new […]

Continue reading

Some Shirts Hide You From Cameras—But Will Anyone Wear Them?

from ars technica Right now, you’re more than likely spending the vast majority of your time at home. Someday, however, we will all be able to leave the house once again and emerge, blinking, into society to work, travel, eat, play, and congregate in all of humanity’s many bustling crowds. The world, when we eventually enter it again, is waiting for us with millions of digital eyes—cameras, everywhere, owned by governments and private entities alike. Pretty much every state out there has some entity collecting license plate data from millions of cars—parked or on the road—every day. Meanwhile all kinds […]

Continue reading

Zoombombing Is A Crime, Not A Prank, Prosecutors Warn

from ars technica Coronavirus-related social distancing measures have given a big popularity boost to Zoom, a video conferencing platform that’s known for its ease of use but not necessarily strong security or privacy protections. Internet trolls and other troublemakers have responded with “Zoombombing”: joining Zoom meetings uninvited and disrupting them. Zoombombers have exposed themselves to schoolchildren and shouted racial slurs. In a Friday statement, federal prosecutors in Michigan warned the public that Zoombombing isn’t a harmless prank; it’s a crime. “Hackers are disrupting conferences and online classrooms with pornographic and/or hate images and threatening language,” wrote the US Attorney’s Office […]

Continue reading

Think You Can’t Escape Google? You Haven’t Seen Anything Yet

from Fast Company More than any designer this side of Cupertino, Matias Duarte has made phones easy to use. During his tenure at Google — first overseeing the design of Android — the vice president of design watched Google’s operating system capture more than 85% of the global smartphone market. Duarte has likened his own work in mainstreaming these addictive devices to that of an arms dealer — “I just make the guns! I didn’t make you guys shoot each other!” — but he’s also not slowing down. After pioneering Material Design — a user interface metaphor that’s helped de-uglify […]

Continue reading

Hacker Eva Galperin Has a Plan to Eradicate Stalkerware

from Wired Over the last year, Eva Galperin says she’s learned the signs: the survivors of domestic abuse who come to her describing how their tormentors seem to know everyone they’ve called, texted, and even what they discussed in their most private conversations. How their abusers seem to know where they’ve been and sometimes even turn up at those locations to menace them. How they flaunt photos mysteriously obtained from the victim’s phone, sometimes using them for harassment or blackmail. And how none of the usual remedies to suspected hacking—changing passwords, setting up two-factor authentication—seem to help. The reason those […]

Continue reading

Signal Is Finally Bringing Its Secure Messaging to the Masses

from Wired Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a Midwestern-looking man in his sixties, asked for help. He couldn’t figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal. Marlinspike launched Signal, widely considered the world’s most secure end-to-end encrypted messaging app, nearly five years ago, and today heads the nonprofit Signal Foundation that maintains it. But […]

Continue reading

Facial Recognition Moves Into a New Front: Schools

from NYTs Jim Shultz tried everything he could think of to stop facial recognition technology from entering the public schools in Lockport, a small city 20 miles east of Niagara Falls. He posted about the issue in a Facebook group called Lockportians. He wrote an Op-Ed in The New York Times. He filed a petition with the superintendent of the district, where his daughter is in high school. But a few weeks ago, he lost. The Lockport City School District turned on the technology to monitor who’s on the property at its eight schools, becoming the first known public school […]

Continue reading

We’re Banning Facial Recognition. We’re Missing the Point.

from NYTs Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide banmay follow). In December, San Diego suspended a facial recognition program in advance of a new statewide law, which declared it illegal, coming into effect. Forty major music festivals pledged not to use the technology, and activists are calling for a nationwide ban. Many Democratic presidential candidates support at least a partial ban on the technology. These efforts are well […]

Continue reading

Spot the Surveillance: A VR Experience for Keeping an Eye on Big Brother

from EFF Spot the Surveillance is a virtual reality (VR) experience that teaches people how to identify the various spying technologies that police may deploy in communities. The user is placed in a 360-degree scene in the Western Addition neighborhood of San Francisco, where a young resident is in the middle of a police encounter. By looking up, down, and all around, you must identify a variety of surveillance technologies in the environment, including a body-worn camera, automated license plate readers, a drone, a mobile biometric device, and pan-tilt-zoom cameras. More here.

Continue reading

Nothing Lasts Forever— Not Even On The Internet.

from NYTs Social media is broken. It has poisoned the way we communicate with each other and undermined the democratic process. Many of us just want to get away from it, but we can’t imagine a world without it. Though we talk about reforming and regulating it, “fixing” it, those of us who grew up on the internet know there’s no such thing as a social network that lasts forever. Facebook and Twitter are slowly imploding. And before they’re finally dead, we need to think about what the future will be like after social media so we can prepare for […]

Continue reading