privacy
- www.theverge.com Meta ordered to stop training its AI on Brazilian personal data
This follows a similar pushback against AI training in the EU.
Brazil’s data protection authority (ANPD) has banned Meta from training its artificial intelligence models on Brazilian personal data, citing the “risks of serious damage and difficulty to users.” The decision follows an update to Meta’s privacy policy in May in which the social media giant granted itself permission to use public Facebook, Messenger, and Instagram data from Brazil — including posts, images, and captions — for AI training.
The decision follows a report published by Human Rights Watch last month which found that LAION-5B — one of the largest image-caption datasets used to train AI models — contains personal, identifiable photos of Brazilian children, placing them at risk of deepfakes and other exploitation.
-
Introducing Docs in Proton Drive
proton.me Introducing Docs in Proton Drive – collaborative document editing that’s actually private | ProtonCreate docs and collaborate in real time on documents knowing they are end-to-end encrypted.
- www.404media.co Fiverr Freelancers Offer to Dox Anyone With Powerful U.S. Data Tool
Dozens of Fiverr sellers are advertising access to TLOxp, a potent data surveillance tool sold by credit bureau TransUnion.
-
Privacy/Surveillance Implications of using ISP issued Router?
cross-posted from: https://links.hackliberty.org/post/2005038
I know this is an outrageously bad idea, I don't need convincing. I am just looking for some more information and discussion on what exactly the exposure and surveillance risk is.
I'm asking both for my own education (I am still very green to networking), and to better explain to people in my life if and why they should care.
-
Is it true that traffic can be tracked and logged by ISP through DNS lookups, as these routers are preconfigured to use their internal dns service?
-
If this is changed (like base.dns.mullvad.net), how much does this actually mitigate the risk here?
-
What about when a VPN (mullvad) is also being used at all times? Would it then be "overly paranoid" to fear this untrusted box all the traffic goes through?
I personally take a conservative approach to things like this and assume it's an unacceptable risk, but I don't really understand what the truth is.
Thank you in advance for your time and thoughts.
EDIT: I'm asking about US and US adjacent areas
-
-
"ZeroTracePen" has been advertising across Instagram and Reddit and the posts feel somewhere between scam and malicious
Here is the website if you want to take a look yourself:
https://zerotrace.org/
Social:
https://www.instagram.com/zerotracepen/
You'll need to copy and paste the links, I didn't want to send them any direct traffic.
The ads seem to be targeted at younger and less tech-literate audiences. There are some comments on the posts joking/accusing them of being a honeypot, and the "company" is pretending to not understand.
---
Ignoring all the over the top outfits and video edits, here are some of their claims:
> New Technological Advancement > > Cybersecurity Experts Have Finally Found A Solution To Tor’s Vulnerabilities > > Are You still using Tor Browser and a VPN? STOP! You already know you could expose yourself with one wrong click. Why leave it to chance? > > Cybersecurity experts are redefining what achieving true anonymity really requires.
> Who Is This For? > > Gun Store Owners > Private Investigators > Construction Management > Cybersecurity Audits
> In partnership with > Debian, Tor, Electrum
-
Google’s attempt to kill off child privacy app advertising lawsuit defeated
www.theregister.com Google’s attempt to dismiss child privacy lawsuit defeatedWon't somebody pleeease think of the ... oh, right, they are
A lawsuit accusing Google of breaking America's child privacy laws will proceed to trial as a judge denied the web goliath's motion to throw out the case.
Filed in June last year, the suit alleges Google ignored state child privacy laws in California, Florida, and New York, which prohibit targeted advertising to children under the age of 13 and collecting their data.
Specifically, the suit is going after Google for setting up a program in 2015 called Designed for Families (DFF). That essentially allowed developers to declare their apps were all above board regarding advertising to children and that only appropriate content would be shown. Apps verified as such by the DFF program would be presented to parents in the Google Play store as safe for kids.
-
(title is bad, see comments) | ‘AI is reliant on mass surveillance’ and we should be cautious, warns head of messaging app
YouTube Video
Click to view this content.
This was an interview on ABC (Australian public broadcaster) with Signal Foundation president Meredith Whittaker. It covered some points relevant to the discussions on Signal and encrypted messaging, with a small bit on AI at the end. The original title of the video is bad.
Key points in the video:
- 1:30 - Should platforms be held responsible for [the content]
- 3:15 - (paraphrased) Governments want law enforcement to have access to encrypted communications, why not?
- 4:15 - (paraphrased) What if people are using it for criminal behaviour
- 7:00 - (paraphrased) Random AI section
- staysafeonline.org Data Privacy Is Crucial for the LGBT Community
It is vitally important to consider how compromised online privacy can specifically affect marginalized groups such as the LGBT
- www.patrick-breyer.de Chat control vote postponed: Huge success in defense of digital privacy of correspondence!
Today EU governments will not adopt their position on the EU regulation on “combating child sexual abuse”, the so-called chat control regulation, as planned, which would have heralded the end of private messages and secure encryption. The Belgian Council presidency postponed the vote at short notice
Today EU governments will not adopt their position on the EU regulation on “combating child sexual abuse”, the so-called chat control regulation, as planned, which would have heralded the end of private messages and secure encryption. The Belgian Council presidency postponed the vote at short notice. Once again the chat control proposal fails in Council.
- techcrunch.com Stop playing games with online security, Signal president warns EU lawmakers | TechCrunch
A controversial European Union legislative proposal to scan the private messages of citizens in a bid to detect child sexual abuse material (CSAM) is a
A controversial European Union legislative proposal to scan the private messages of citizens in a bid to detect child sexual abuse material (CSAM) is a risk to the future of web security, Meredith Whittaker warned in a public blog post Monday. She’s the president of the not-for-profit foundation behind the end-to-end encrypted (E2EE) messaging app Signal.
“There is no way to implement such proposals in the context of end-to-end encrypted communications without fundamentally undermining encryption and creating a dangerous vulnerability in core infrastructure that would have global implications well beyond Europe,” she wrote.
The most recent European Council proposal, which was put forward in May under the Belgian presidency, includes a requirement that “providers of interpersonal communications services” (aka messaging apps) install and operate what the draft text describes as “technologies for upload moderation”, per a text published by Netzpolitik.
Last month, Euractiv reported that the revised proposal would require users of E2EE messaging apps to consent to scanning to detect CSAM. Users who did not consent would be prevented from using features that involve the sending of visual content or URLs it also reported — essentially downgrading their messaging experience to basic text and audio.
The EU’s own data protection supervisor has also voiced concern. Last year, it warned that the plan poses a direct threat to democratic values in a free and open society.
Pressure on governments to force E2EE apps to scan private messages, meanwhile, is likely coming from law enforcement.
Back in April European police chiefs put out a joint statement calling for platforms to design security systems in such a way that they can still identify illegal activity and send reports on message content to law enforcement. Their call for “technical solutions” to ensure “lawful access” to encrypted data did not specify how platforms should achieve this sleight of hand
-
Lemmy over Tor Hidden Service (.onion)?
cross-posted from: https://links.hackliberty.org/post/1846370
> Hello all, > > Just wondering if there are any projects involving lemmy and .onion > > I searched and didn't see anything but I figured I'd ask > > If not is there a reason this isn't possible? Or has nobody cared to do it yet? > > When I have to visit r****t I use a libreddit hidden service, and there are quite a few to choose from. Am I correct to think a similar mirror should be about as easy to implement for Lemmy? > > an onion only instance where it never touches the clearnet would be really cool too but it would probably be a ghost town (sadly). > > Love to hear your thoughts > > Thanks
-
Cobwebs Spy Software Locks Onto Protesters: Israeli Social Media Mining Contract with Homeland Security Revealed
unicornriot.ninja Cobwebs Spy Software Locks Onto Protesters: Israeli Social Media Mining Contract with Homeland Security Revealed - UNICORN RIOTAn Israeli spy software tech firm licenses web surveillance tools to law enforcement and intelligence agencies. The software contract shows new details about this sensitive technology DHS has used to spy on activists during the last several years.
- www.theverge.com Sonos draws more customer anger — this time for its privacy policy
One very important sentence has disappeared.
- arstechnica.com One of the major sellers of detailed driver behavioral data is shutting down
Selling "hard braking event" data seems less lucrative after public outcry.
cross-posted from: https://lemm.ee/post/34636917
- arstechnica.com “Simulation of keyboard activity” leads to firing of Wells Fargo employees
With worker surveillance on the rise, vendors sell devices to fake keyboard and mouse movement.
Last month, Wells Fargo terminated over a dozen bank employees following an investigation into claims of faking work activity on their computers, according to a Bloomberg report.
A Financial Industry Regulatory Authority (FINRA) search conducted by Ars confirmed that the fired members of the firm's wealth and investment management division were "discharged after review of allegations involving simulation of keyboard activity creating impression of active work."
A rise in remote work during the COVID-19 pandemic accelerated the adoption of remote worker surveillance techniques, especially those using software installed on machines that keeps track of activity and reports back to corporate management. It's worth noting that the Bloomberg report says the FINRA filing does not specify whether the fired Wells Fargo employees were simulating activity at home or in an office.
We do not know exactly what technique(s) the fired employees used to simulate keyboard activity, but several options exist for would-be work-shirkers. Those options include software that simulates keyboard presses (like AutoHotkey) and physical devices sold on Amazon for around $30–$60 that use a motor or solenoid and a small arm to push a real keyboard at random intervals.
- www.404media.co Cops Released a Car’s Travel History to a Total Stranger
In a rare instance of too much transparency, an Ohio police department released the precise movements of a particular vehicle in response to a public records request, showing just how invasive license plate reading technology can be.
- www.techradar.com EU anti-encryption crusaders seek to turn your digital devices into spyware
Not even the most secure VPN could help protect your privacy
A few days after EU citizens were called to vote on their next parliamentary representatives, we just have a rough idea of what the upcoming political squad will look like. What is certain, however, is that anti-encryption sentiments are still thriving across the Union.
We already reported the revised proposal to halt the spread of online child sexual abuse material (CSAM) that wants your permission to scan your WhatsApp messages. Now, a leaked 42-point plan puts forward new recommendations on how companies must handle people's online activities, including data retention, access, and interception of all digital services.
The goal is simple: make the digital devices we use every day, from smartphones and smart homes to IoT devices and even cars, legally and technically monitorable at all times by law enforcement bodies.
According to Jan Jonsson, CEO at Mullvad—one of the best VPNs around with a privacy-first mandate—all encrypted traffic will no longer be private and secure if the legislation passes. "A VPN won’t help either," he told me. "It would mean total surveillance and that Europe's inhabitants carry state spyware in their pockets."
- www.thurrott.com Google is Working on a Recall Feature for ChromeOS
In an interview this week, a Google vice president said that the firm was considering adding a feature like Microsoft Recall to ChromeOS.
-
I asked Food Basics if they're using facial recognition
I wanted to know if my local Food Basics store is tracking me.
I looked at the privacy policy on foodbasics.ca and not finding any mention of this, but wanting to be sure, I emailed their Privacy Officer.
This is the email I sent:
>Hello, > >I shop at the food basics store at [Address] in [City], > >I would like to know if you use facial recognition or identification technology in the store? And if so, for what purpose, and if the information is stored for how long? > >Thank you, >[Me]
Here is the response I got:
! >Hello, > >I confirm that Metro does not use facial recognition technology or any other technology that allows the identification of individual at the Food Basics stores. > >Best regards >Eliane >Legal Counsel
Just want to share to encourage everyone to learn about and exercise your consumer privacy rights.
- threema.ch Online Privacy: An Endangered Species
Last week, cybersecurity expert Bruce Schneier published an interesting blog post in which he (together with co-author Barath Raghavan) argues that online privacy is continuing to decline for the same reason overfishing occurred in the last century – due to the “Shifting Baseline Syndrome.” The pres...
- www.theregister.com Meta to give EU users an opt out for AI data training
What's German for 'thank goodness for actually useful privacy regulations'?
Meta will start training its AI models using everyone's social media posts though European Union users can opt out, a luxury the rest of the world won't enjoy. The AI training rules kick in worldwide on June 26.
Meta has so far not included its European userbase in its AI training data, presumably to avoid legal conflict with the continent's privacy regulations. Now it's pushing ahead with that despite complaints.
As training AI from user data is doubtlessly going to be contentious in Europe, Meta has attempted to cover itself in two ways. Firstly, when it says "public content," Meta means posts, comments, photos, and other content posted on its social media platforms by users over the age of 18. Private messages are, apparently, strictly verboten from the training data.
*******
I don't have a FB or Instagram account, I only use Whatsapp because it's work related.
- www.wired.com Inside China’s Massive Surveillance Operation
In northwest China, the government is cracking down on the minority Muslim Uyghur population, keeping them under constant surveillance and throwing more than a million people into concentration camps.
The woman remembers the first time she got a smartphone.
It was 2011, and she was living in Hotan, an oasis town in Xinjiang, in northwest China. The 30-year-old, Nurjamal Atawula, loved to take pictures of her children and exchange strings of emoji with her husband while he was out. In 2013, Atawula downloaded WeChat, the Chinese social messaging app. Not long after, rumors circulated among her friends: The government could track your location through your phone. At first, she didn’t believe them.
In early 2016, police started making routine checks on Atawula’s home. Her husband was regularly called to the police station. The police informed him they were suspicious of his WeChat activity. Atawula’s children began to cower in fear at the sight of a police officer.
- www.eff.org Win for Free Speech! Australia Drops Global Takedown Order Case
No single country should be able to restrict speech across the entire internet. That's why EFF celebrates the news that Australia's eSafety Commissioner is dropping its legal effort to have content on X taken down across the globe. This development comes just days after EFF and FIRE were granted off...
- github.com GitHub - tyrtles/Unlike-Everything-on-Facebook: A simple browser script to unlike everything on Facebook.
A simple browser script to unlike everything on Facebook. - tyrtles/Unlike-Everything-on-Facebook
- www.cnbc.com United Airlines starts serving passengers personalized ads on seat-back screens
United's Kinective Media is the latest example of how airlines have adopted new revenue streams such as cobranded cards.
- www.nytimes.com Is Your Driving Being Secretly Scored?
The insurance industry, hungry for insights into how people drive, has turned to automakers and smartphone apps like Life360.
- www.jwz.org XScreenSaver: Google Store Privacy Policy
XScreenSaver is a collection of free screen savers for X11, Linux, macOS, iOS and Android.
- thebulletin.org How AI surveillance threatens democracy everywhere
The spread of AI-powered surveillance systems has empowered governments seeking greater control with tools that entrench non-democracy.
- lifehacker.com How to Quit Google, According to a Privacy Expert
Quitting Google isn't just a technical process—it's a massive project. Here's some advice on how to tackle it.
- www.404media.co Google Leak Reveals Thousands of Privacy Incidents
An internal Google database obtained by 404 Media shows Google recording childrens' voices, saving license plates from Street View, and many other self-reported incidents, large and small.
- www.ksat.com Texas Attorney General investigates reports of car manufacturers selling secretly collected driver data
Texas Attorney General Ken Paxton is investigating multiple car manufacturing companies after reports that they have secretly collected driver data and sold it to third parties.
-
Pakistan - Firewall being installed to rein in social media
www.thenews.com.pk Firewall being installed to rein in social mediaISLAMABAD: A national firewall is being installed on different internet service providers to rein in social media; the filters will block unwanted content from reaching a wider audience, The News...
- www.theverge.com Windows won’t take screenshots of everything you do after all — unless you opt in
Microsoft promises changes to Recall after security concerns.
- www.eff.org EFF Covers Secrets in Your Data on NOVA
It’s the weekend. You decide you want to do something fun with your family—maybe go to a local festival or park. So, you start searching on your favorite social media app to see what other people are doing. Soon after, you get ads on other platforms about the activities you were just looking at....