personvern

Schibsted innfører betaling for personvern – NRK

https://www.nrk.no/rogaland/kritisk-til-schibsteds-nye-_betal-eller-samtykk_-modell-1.17866076

No krev Schibsted betaling for at du skal sleppe at dataene dine blir brukte til målretta reklame. Datatilsynet fryktar at personvern er i ferd med å bli ei luksusvare.

– Personvern er ein menneskerett som ein ikkje skal betale for, seier direktør i Datatilsynet, Line Coll.

– Personvernforordninga krev at verksemder innhentar samtykke som skal givast frivillig. Datatilsynet set spørsmålsteikn ved om samtykket er reelt sett frivillig dersom alternativet er å betale, held ho fram.

Ho fryktar kva som skjer dersom alle nettstader og appar følgjer etter, og peiker særleg på kva dette har å seie for sårbare grupper.

– Datatilsynet er bekymra for at personvern på internett skal bli reservert for dei rike. Personvernet til andre grupper kan også bli pressa av denne typen løysingar, til dømes barn og unge, eller andre sårbare gruppe som ikkje har høve til å betale eller finne personvernvennlege alternativ, seier Coll.

– Etter vårt syn er denne typen løysingar i strid med krava i personopplysningslova. Dette er også bakgrunnen for at vi tidlegare har klaga inn Metas «Pay or OK»-løysing. Saka ligg framleis til behandling hos det irske datatilsynet, seier Myrstad i Forbrukarrådet.

Sikkerhetshull avslørte Telia-kunders posisjon – NRK

https://www.nrk.no/norge/sikkerhetshull-avslorte-telia-kunders-posisjon-1.17842282

Mobilkunder hos Telia har siden 2023 vært sporbare via mobilen, inkludert sentrale politikere på Stortinget.

NRK har siden testet og innhentet mer dokumentasjon om hvem som er påvirket av feilen.

Undersøkelsene viser at:

  • Privatkunder og bedriftskunder med Telia-abonnement kunne spores, så fremt en av telefonene var tilknyttet bedriftsnettet.
  • Også bedriftskunder med Phonero, en merkevare av Telia, kunne spores.
  • Mobiltelefoner kunne spores selv når de var i utlandet.
  • Den oppringte trengte normalt ikke å ta telefonen for å bli sporet.

Å utnytte feilen involverte ikke noen form for datainnbrudd eller «hacking». Det holdt å lese av informasjon som ble sendt til mobiltelefonen ved et anrop.

Det krever en viss teknisk innsikt å utnytte feilen, men ingen spesialverktøy.

Det avslørte hvilke basestasjoner den oppringte var tilkoblet. I bynære strøk kan man med denne informasjonen anslå en mobilbrukers posisjon til mellom 100 og 200 meters nøyaktighet.

– Det som undersøkelsene viser nå, er at feilen oppsto ved en konfigurasjonsendring vi gjorde i 2023

Swedish PM’s private address revealed by Strava data shared by bodyguards | The Guardian

https://www.theguardian.com/world/2025/jul/08/swedish-pm-safety-strava-data-bodyguards-ulf-kristersson-running-cycling-routes

Data made public by Ulf Kristersson’s security revealed his location, routes and movements over several years

In 2023 a former Russian submarine commander was killed reportedly with the help of his open Strava profile and last year it was revealed bodyguards to several world leaders were sharing confidential information on the app.

In 2017, Strava was accused of giving away the location and staffing of military bases and spy outposts around the world by publishing a map that showed all of its users’ activity.

Apple pulls data protection tool after UK government security row

https://www.bbc.com/news/articles/cgj54eq4vejo

Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data.

Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption.

But earlier this month the UK government asked for the right to see the data, which currently not even Apple can access.

Apple did not comment at the time but has consistently opposed creating a “backdoor” in its encryption service, arguing that if it did so, it would only be a matter of time before bad actors also found a way in.

Now the tech giant has decided it will no longer be possible to activate ADP in the UK.

It means eventually not all UK customer data stored on iCloud - Apple’s cloud storage service - will be fully encrypted.

Data with standard encryption is accessible by Apple and shareable with law enforcement, if they have a warrant.

Benedict Evans:

Of course, the UK is within its rights to choose one side of the trade-off in the UK - what’s bizarre here is that the UK is apparently demanding that Apple do this globally. The UK, apparently, is trying to tell a US company what products it can provide to customers in Japan, Australia or indeed the USA. Normally it’s only American regulators that assert global juristiction. But what will the UK government say when China reads this story, and orders Apple to hand over UK citizens’ data, given that it’s now unencrypted and the UK has conceded the principle of jurisdiction? [emphasis added]

Nordmenn overvåkes av mobilen: – Pill råttent system – NRK

https://www.nrk.no/norge/nordmenn-overvakes-av-mobilen_-_-pill-rattent-system-1.17208691

Norsk-amerikanske Unacast har blitt utsatt for omfattende datainnbrudd. Nå går Forbrukerrådet i strupen på selskapet.

– Det er fullstendig uansvarlig, sier fagdirektør Finn Myrstad i Forbrukerrådet.

Han snakker om selskaper som lever av å samle inn informasjon om hvor folk har vært, for å bruke det til markedsføring.

Store mengder private data om mobilbrukere over hele verden ble lagt ut på et russisk nettforum. Dataene som hackerne skal ha stjålet, skal være alt fra kundelister til folks lokasjonsdata. De publiserte det de kalte en «smakebit» av informasjonen de stjal.

I disse dataene kan det ligge informasjon om 146.000 nordmenns fysiske plassering.

Det er en trussel i seg selv at kommersielle selskaper sitter på så mye data om mobilbrukere, mener Forbrukerrådet.

– Det er en gigantisk svakhet. Det burde ikke vært lov å samle dem inn.

Forbrukerrådet har bedt om et forbud mot markedsføringen basert på dataene.

– Jeg tenker det ligger noe ansvar på politikerne her, sier Myrstad.

I 2022 anbefalte Personvernkommisjonen i en rapport en utredning av et generelt forbud mot atferdsbasert markedsføring.

Stortinget har bedt om det samme. Men ennå har det ikke dukket opp noen utredning. Langt mindre et lovforslag.

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars | WIRED

https://www.wired.com/story/subaru-location-tracking-vulnerabilities/

Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can.

Most disturbing for Curry, though, was that they found they could also track the Subaru’s location—not merely where it was at the moment but also where it had been for the entire year that his mother had owned it. The map of the car’s whereabouts was so accurate and detailed, Curry says, that he was able to see her doctor visits, the homes of the friends she visited, even which exact parking space his mother parked in every time she went to church.

“You can retrieve at least a year’s worth of location history for the car, where it’s pinged precisely, sometimes multiple times a day,” Curry says. “Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone.”

Curry argues that Subaru’s extensive location tracking is a particularly disturbing demonstration of the car industry’s lack of privacy safeguards around its growing collection of personal data on drivers. “It’s kind of bonkers,” he says. “There’s an expectation that a Google employee isn’t going to be able to just go through your emails in Gmail, but there’s literally a button on Subaru’s admin panel that lets an employee view location history.”

Biggest Privacy Erosion in 10 Years? On Google’s Policy Change Towards Fingerprinting

https://blog.lukaszolejnik.com/biggest-privacy-erosion-in-10-years-on-googles-policy-change-towards-fingerprinting/

Volkswagen leak exposed location data for 800,000 electric cars - The Verge

https://www.theverge.com/2024/12/30/24332181/volkswagen-data-leak-exposed-location-evs

The leak also included the emails, addresses, and phone numbers of drivers in some cases, Der Spiegel reports.

If anything, this leak serves as yet another reminder of the immense amount of data collected by modern-day vehicles, which Mozilla has called a “privacy nightmare.”

U.S. officials urge Americans to use encrypted apps amid cyberattack

https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694

Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers.

The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany - Wired

https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.