personvern

https://www.washingtonpost.com/technology/2022/01/24/google-location-data-ags-lawsuit/

Attorneys general from D.C. and three states sued Google on Monday, arguing that the search giant deceived consumers to gain access to their location data.

The lawsuits, filed in the District of Columbia, Texas, Washington and Indiana, allege the company made misleading promises about its users’ ability to protect their privacy through Google account settings, dating from at least 2014. The suits seek to stop Google from engaging in these practices and to fine the company.

The complaints also allege the company has deployed “dark patterns,” or design tricks that can subtly influence users’ decisions in ways that are advantageous for a business. The lawsuits say Google has designed its products to repeatedly nudge or pressure people to provide more and more location data, “inadvertently or out of frustration.” The suits allege this violates various state and D.C. consumer protection laws.

https://www.theguardian.com/commentisfree/2021/nov/03/thought-experiment-facebook-betrayal-privacy

Imagine if the postman read your mail and then sold your information to extremists who want to target you

https://www.nrk.no/innlandet/ostre-toten-kommune-far-fire-millioner-i-bot-etter-dataangrepet-mot-kommunen-1.15695776

kommunen har hatt store mangler på grunnleggende sikkerhet.

– Vi ser at det har vært mangler i logging, av tofaktorautorisering, innen sikkerhetskultur og i rutiner for backup.

Tilsynet skriver i vedtaket at de ser særlig alvorlig på at personopplysninger og opplysninger om barn er rammet av angrepet. Begge har krav på et særskilt vern. Dataene er tapt for kommunen og delt i ukjent omfang på det mørke nettet.

https://nrkbeta.no/2021/10/15/ledende-eksperter-advarer-mot-a-skanne-mobiler-for-overgrepsmateriale/

– Introduksjonen av skanning på våre personlige enheter – enheter som lagrer informasjon fra våre gjørelister, tekstmeldinger og bilder – går midt imot enkeltborgeres behov for personvern. Denne formen for masseinnsamling kan føre til omfattende nedkjølingseffekter på ytringsfriheten og faktisk på selve demokratiet, skriver ekspertene i en artikkel publisert på forskningsnettstedet arXiv.

– Vi mener at CSS verken garanterer effektiv kriminalitetsbekjempelse eller forhindrer overvåkning. Faktisk er effekten det motsatte. CSS vil skape alvorlige sikkerhets- og personvernsrisikoer for hele samfunnet, men hjelpen det kan gi politimyndigheter i beste fall er problematisk, skriver de.

– Dette kan utnyttes til sensur og overvåking av brukere. Det er ingen tekniske hindringer som stopper Apple eller noen andre i å bruke det samme verktøyet til å spore alle brukere som uttaler seg kritisk om regimer, har en annen seksualitet eller religion enn hva statslederne godtar, sier han.

https://mjtsai.com/blog/2021/10/15/the-risks-of-client-side-scanning/

https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous

The news highlights the continued risk from the online advertising ecosystem. Some hackers leverage how adverts are delivered to send target devices malware. Data brokers and potentially intelligence agencies can leverage the ecosystem to gather information on devices and by extension people, sometimes including their physical location. The IC taking steps to protect itself from the dangers of the advertising ecosystem shows just how malicious it can be.

https://www.schneier.com/blog/archives/2021/08/zoom-lied-about-end-to-end-encryption.html

Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent.

The proposed settlement would generally give Zoom users $15 or $25 each.

https://www.theguardian.com/world/2021/jul/18/ft-editor-roula-khalaf-among-180-journalists-targeted-nso-spyware

Data leak and forensics suggest NSO’s surveillance tool used against journalists at some of world’s top media companies

A successful Pegasus infection gives NSO customers access to all data stored on the device. An attack on a journalist could expose a reporter’s confidential sources as well as allowing NSO’s government client to read their chat messages, harvest their address book, listen to their calls, track their precise movements and even record their conversations by activating the device’s microphone.

https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus

Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.

Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

https://www.cnbc.com/2021/06/25/tiktok-insiders-say-chinese-parent-bytedance-in-control.html

Former TikTok employees say there is cause for concern when it comes to the popular social media app’s Chinese parent company.

They say ByteDance has access to TikTok’s American user data and is closely involved in the Los Angeles company’s decision-making and product development. 

Some cybersecurity experts worry that the Chinese government could use TikTok to spread propaganda or censorship to American audience, or to exercise influence over users who may come to regret what they posted on the service.