As gadgets and services get smarter, they need more data, and face the hard problem of keeping it safe. Data privacy has become a huge problem for Google, Facebook, Amazon, and any company using artificial intelligence to power its services — and a major sticking point for lawmakers looking to regulate. Here's all the news on data privacy and how it's changing tech.
Kids are big business for brands looking to partner with influencers — and yet, Illinois is the only state in the US where kids appearing in sponcon are entitled to a cut of earnings.
This Cosmopolitan piece illustrates the longterm psychological effects of being a child working on online content. It also shows that our legal system has a lot of catching up to do with influencer culture.
A driver’s insurance rate went up based on a 130-page report detailing his Chevy Bolt’s drives over six months, shared by GM with data broker LexisNexis through the OnStar Smart Driver program, reports The New York Times.
According to the Times, Kia, Subaru, and Mitsubishi also contribute to the LexisNexis data portal, while another company, Verisk partners with Ford, Honda, and Hyundai. Subaru says it only shares odometer data when authorized, while Ford says it will share data for usage-based programs based on a customer’s in-car menu confirmation.
Update March 12th, 2024, 2:42PM ET: Added details on the partnerships and what data is shared.
That’s according to WABetaInfo, which spotted that a new “end-to-end encrypted” indicator that appears briefly at the top of chat threads was under development in late January. Yesterday, the outlet reported that the test is now rolling out to beta testers.
The change is being tested as Meta rolls out third-party chat interoperability in the EU.
The privacy-focused Brave browser launched its AI assistant, Leo, last year on the desktop, and now it’s available for Android, following other mobile AI-connected browsers like Edge and Arc (only on iOS).
Leo promises summaries, transcriptions, translations, coding, and more (while acknowledging that LLMs may “hallucinate” erroneous info). As for privacy, Brave claims, “Inputs are always submitted anonymously through a reverse-proxy and are not retained or used for training.”
The Washington Post describes how law enforcers have gotten companies like Google to hand over data associated with push notifications. Investigators use the code to track down child predators, even through encrypted apps, per the Post, but law enforcement around the world could use the tactic to track down activists and others too.
It also sheds light on why Apple might have chosen to update its law enforcement guidelines late last year to require a court order to provide customers’ push notification data.
[The Washington Post]
State Attorney General Aaron Darnell Ford filed last week to stop Meta from offering end-to-end encryption to children as a matter of “extreme urgency,” claiming E2EE keeps police from protecting kids from predators.
This is just one of a slew of lawsuits filed against social media companies lately. Legal expert Riana Pfefferkorn, who discussed the case in Kim Zetter’s Zero Day blog and on Mastodon, calls it a particularly “bonkers assault on encryption.”
We’ve reached out to Meta and Nevada’s AG for more information.
Alessandro Paluzzi, who discovers a lot of Instagram features before they’re announced, posted an update on something he’d spotted in the app months ago: the ability to see where your friends are on a map. Snap’s Snap Map is similar, as are features built into Android and iOS.
According to the images Paluzzi posted, Friend Map would be opt-in, and location data end-to-end encrypted.
A student at the University of Waterloo in Canada asked that in a post showing a vending machine error message that revealed a facial recognition app had failed.
Student publication mathNEWS found that the machine’s maker, Invenda, advertises that it gathers “estimated ages and genders of every client.” But don’t worry, Invenda told Ars Technica the machines are “fully GDPR compliant.”
The school is reportedly removing the machines.
So said TSA executive director of checkpoint tech Melissa Conley of airports’ use of facial recognition, in a New York Times story today.
70 percent of worldwide airlines may use biometric security by 2026 according to a report cited in the article. Yet the ACLU told the Times the tech still presents surveillance and discrimination concerns. That’s not to mention it could fail to work for tens of thousands of travelers every day.
Although you can currently “Chat Lock” sensitive WhatsApp conversations to put them in a password- or biometrics-protected folder, the same protection doesn’t carry across to other devices you’ve got linked to your account.
But code spotted in the WhatsApp’s Android app suggests that could soon change. “We also locked this chat on your linked device,” reads a screenshot of the in-development feature posted by WABetaInfo.
The slyly named “LassPass” has earned five stars on Apple’s App Store with just five reviews in total, noted Bleeping Computer — more evidence on how easily ratings can be manipulated. Apple has since removed the app.
As Sean Hollister wrote back in 2021, fraudulent ratings have poisoned Apple’s app review system.
Ars Technica reports that a federal judge won’t dismiss the case against Kochava. The lawsuit alleges that the app analytics firm lets advertisers track customers’ names, addresses, and specific geolocation information.
Kochava says its sales are legally compliant and it can’t be held responsible for bad-faith actors, even after the FTC used examples from similar cases to demonstrate how easily someone could trace your steps to sensitive venues like abortion clinics or religious halls.
The State Department can restrict visas to individuals linked to the illegal use of commercial spyware, Secretary of State Antony Blinken announced. The new policy covers investors and heads of companies, as well as those acting on behalf of governments that carry out illegal surveillance.
The policy will be applied using the information in an individual’s visa application, a senior official told reporters.
The US has already placed export limits on spyware firms like Pegasus maker NSO, and Candiru.
[United States Department of State]
Wired tells the story of California detectives who tried to use facial recognition to identify a face made with machine learning and crime scene DNA by phenotyping company Parabon NanoLabs. That’s not a good idea, said Parabon’s director of bioinformatics, Ellen Greytak:
“What we are predicting is more like — given this person’s sex and ancestry, will they have wider-set eyes than average,” she says. “There’s no way you can get individual identifications from that.”
On a related note, a Senate Judiciary Committee hearing on AI in criminal investigations is set for Wednesday.
Not only did InMarket Media sell precise location data without asking users for their consent, the data broker didn’t inform the third-party apps using its SDK, the FTC found.
The company’s shopping apps CheckPoints and ListEase requested user location to dole out things like rewards points or reminders — but also secretly used the data for targeted ads.
The regulator recently issued a similar ban on Outlogic.
[Federal Trade Commission]
Chairwoman Jessica Rosenworcel wrote letters to nine major automakers, including GM, Toyota, Ford, and Tesla, to ask what kind of data they collect about their drivers and how they protect their privacy. Rosenworcel sent similar letters to Verizon, AT&T, and T-Mobile, too.
The letters came in response to a report from The New York Times last month, which detailed how a domestic violence survivor was harassed by her abuser using her car’s connected services. “We must do everything we can to help survivors stay safe,” Rosenworcel said. “We need to work with auto and wireless industry leaders to find solutions.”
The company has issued a response to the customers who are now suing it over last year’s breach. In a letter obtained by TechCrunch, the company says the hack “was not a result of 23andMe’s alleged failure to maintain reasonable security measures” and instead had to do with users’ failure to reset their passwords.
23andMe admitted that hackers accessed the information belonging to 6.9 million users last December, but it claims the information obtained “cannot be used for any harm.”
In August, Judge Yvonne Gonzalez Rogers denied Google’s attempt to end a class-action lawsuit filed in 2020 that claims it illegally invaded the privacy of millions by tracking browsing activity even with “incognito mode” activated in Chrome and other browsers.
Now, the February 5th trial date is off, as the parties say they have agreed to a settlement and will present a formal agreement for court approval within the next 60 days.
The company says in its announcement that the app, which uses Nord’s WireGuard-based NordLynx VPN protocol, will let users watch shows they’re following while abroad and prevent ISPs from identifying and throttling streaming content.
NordVPN was initially skeptical that Apple would place limitations on Apple TV’s native VPN support, but later said it was working on an app.
[NordVPN]
The New York Times published an investigative piece on the slave labor behind some of those innocuous-seeming crypto scam texts and calls.
The story focuses on one person who escaped from a compound where he was where he was forced to carry out intricate online romance scams involving crypto. The money earned from these scams is then laundered through other countries, including the US.
A word of warning: This story has descriptions of torture and captivity.
[The New York Times]