KXAN: Almost 2 million Texans affected by Texas Department of Insurance data breach. “The department said the personal information of 1.8 million workers who have filed compensation claims — including Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries — was accessible online to members of the public from March 2019 to January 2022.”
Sky News: Google sued for using the NHS data of 1.6 million Britons ‘without their knowledge or consent’. “Google is being sued over its use of confidential medical records belonging to 1.6 million individuals in the UK. The company’s artificial intelligence arm, DeepMind, received the data in 2015 from the Royal Free NHS Trust in London for the purpose of testing a smartphone app called Streams.”
Ars Technica: Some top 100,000 websites collect everything you type—before you hit submit. “Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a user is visiting a site while in the European Union and visiting a site from the United States. They found that 1,844 websites gathered an EU user’s email address without their consent, and a staggering 2,950 logged a US user’s email in some form. Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior.”
MIT News: Technique protects privacy when making online recommendations. “Algorithms recommend products while we shop online or suggest songs we might like as we listen to music on streaming apps. These algorithms work by using personal information like our past purchases and browsing history to generate tailored recommendations. The sensitive nature of such data makes preserving privacy extremely important, but existing methods for solving this problem rely on heavy cryptographic tools requiring enormous amounts of computation and bandwidth. MIT researchers may have a better solution.”
Gizmodo: Twitter’s New Privacy Policy Is a Video Game That Sucks. “Twitter unveiled a game designed to help users get a handle on the platform’s privacy policies on Tuesday. It’s both cheery and deeply confusing.”
Bleeping Computer: Hackers stole data undetected from US, European orgs since 2019. “The Chinese hacking group known as ‘Winnti’ has been stealthily stealing intellectual property assets like patents, copyrights, trademarks, and other corporate data – all while remaining undetected by researchers and targets since 2019. Winnti, also tracked as APT41, is an advanced and elusive cyber-espionage group that is believed to be backed by the Chinese state and operates on behalf of its national interests.”
The Verge: Google Assistant’s automatic password updater gets wider rollout. “A Google Assistant feature designed to automate the time-consuming process of changing your passwords after a breach appears to be getting a wider rollout. That’s according to a tweet from leaker Max Weinbach and a report from Android Police.”
CNET: Clearview AI to Stop Selling Facial Recognition Database to Private Companies. “Facial recognition company Clearview AI will no longer sell its facial recognition database to most private companies or individuals in the US. The change comes as part of a settlement, filed Monday in federal court in Illinois, with the American Civil Liberties Union.”
WIRED: What to Do If You Can’t Log In to Your Google Account. “The web is filled with advice and shortcuts on what to do in this situation, from tapping your password manager to turning off two-factor authentication (not recommended!). Rather than use Google’s most popular tool, Search, for the answer, we decided to ask the company directly what happens when users can’t get in and what steps they should take to recover their account. Guemmy Kim, director of account safety and security at Google, guided us through our questions.”
Ars Technica: Russia hammered by pro-Ukrainian hackers following invasion. “For years, Dmitriy Sergeyevich Badin sat atop the FBI’s most-wanted list. The Russian government-backed hacker has been suspected of cyberattacks on Germany’s Bundestag and the 2016 Olympics, held in Rio de Janeiro. A few weeks into Russia’s invasion of Ukraine, his own personal information—including his email and Facebook accounts and passwords, mobile phone number, and even passport details—was leaked online.”
Engadget: Grindr location data was reportedly for sale for at least three years (updated). “Grindr’s past willingness to share sensitive data may have been more problematic than previously thought. The Wall Street Journal understands precise Grindr user location data was collected from the online ad network MoPub (once owned by Twitter) and put on sale through its partner company UberMedia (now UM) since ‘at least’ 2017.”
Ars Technica: Apple, Google, and Microsoft want to kill the password with “Passkey” standard. “The standard is being called either a ‘multi-device FIDO credential’ or just a ‘passkey.’ Instead of a long string of characters, this new scheme would have the app or website you’re logging in to push a request to your phone for authentication. From there, you’d need to unlock the phone, authenticate with some kind of pin or biometric, and then you’re on your way.”
Brookings Institution: How to tackle the data collection behind China’s AI ambitions. “Although we have some insight into Chinese A.I. funding generally—see, for example, a recent report from the Center for Security and Emerging Technology on the People’s Liberation Army’s AI investments—we know far less about China’s strategy for data collection and acquisition. Given China’s interest in integrating cutting-edge AI into its intelligence and military enterprise, that oversight represents a profound vulnerability for U.S. national security. Policymakers in the White House and Congress should thus focus on restricting the largely unregulated data market not only to protect Americans’ privacy but also to deny China a strategic asset in developing their AI programs.”
The Hill: Probe slams Minneapolis police over racism, fake social media accounts. “A newly released probe found that the Minneapolis Police Department (MPD) engaged in race-based policing, failed to hold officers accountable for wrongdoing, and improperly used social media accounts to target Black people and Black organizations.”
The Register: Study: How Amazon uses Echo smart speaker conversations to target ads. “Amazon and third-party services have been using smart speaker interaction data for ad targeting, in violation of privacy commitments, according to researchers at four US universities. Academics at the University of Washington, University of California-Davis, University of California-Irvine, and Northeastern University claim ‘Amazon processes voice data to infer user interests and uses it to serve targeted ads on-platform (Echo devices) as well as off-platform (web).’”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.