New York Times: The Police Can Probably Break Into Your Phone. “At least 2,000 law enforcement agencies have tools to get into encrypted smartphones, according to new research, and they are using them far more than previously known.”
privacy
The Daily Swig: New Zealand launches data breach notification tool
The Daily Swig: New Zealand launches data breach notification tool. “New Zealand’s privacy commissioner has launched a new tool to help organizations based in the country determine whether a data breach needs to be reported or not. The tool, called NotifyUs, will enable data handlers to check whether it is mandatory to report a breach under new rules.”
When you tell Chrome to wipe private data about you, it spares two websites from the purge: Google.com, YouTube (The Register)
The Register: When you tell Chrome to wipe private data about you, it spares two websites from the purge: Google.com, YouTube. “Programmer Jeff Johnson noticed the unusual behavior, and this month documented the issue with screenshots. In his assessment of the situation, he noted that if you set up Chrome, on desktop at least, to automatically delete all cookies and so-called site data when you quit the browser, it deletes it all as expected – except your site data for Google.com and YouTube.com.” Google says this is a bug that will be fixed.
New Yorker: Taking Back Our Privacy
New Yorker: Taking Back Our Privacy. “Since Signal was released, it has evolved from a niche tool, touted by the privacy-minded and the paranoid, into a mainstream product recommended by the Wall Street Journal. Activists use Signal to coördinate protests, lovers to conduct affairs, workers to unionize, finance professionals to exchange sensitive information, drug dealers to contact customers, journalists to communicate with sources.”
MIT Technology Review: Live facial recognition is tracking kids suspected of being criminals
MIT Technology Review: Live facial recognition is tracking kids suspected of being criminals. “In a national database in Argentina, tens of thousands of entries detail the names, birthdays, and national IDs of people suspected of crimes. The database, known as the Consulta Nacional de Rebeldías y Capturas (National Register of Fugitives and Arrests), or CONARC, began in 2009 as a part of an effort to improve law enforcement for serious crimes. But there are several things off about CONARC. For one, it’s a plain-text spreadsheet file without password protection, which can be readily found via Google Search and downloaded by anyone.”
BBC: EU investigates Instagram over handling of children’s data
BBC: EU investigates Instagram over handling of children’s data. “Instagram is being investigated by Ireland’s Data Protection Commissioner (DPC) over its handling of children’s personal data on the platform. The social media app’s owner Facebook could face a large fine if Instagram is found to have broken privacy laws.”
Columbia Journal of Transnational Law: Facebook’s Response to the Irish Data Protection Commission Falls Flat
Columbia Journal of Transnational Law: Facebook’s Response to the Irish Data Protection Commission Falls Flat. “As of the date of this writing, the DPC has not yet released the draft decision it anticipated would be complete within 21 days of the FIL Response Letter. While FIL’s arguments in the FIL Response Letter are rather tenuous, it looks like Ireland has become Facebook’s battleground to save its business across the European Union. It will not give up without a protracted fight.”
CNET: Google is giving data to police based on search keywords, court docs show
CNET: Google is giving data to police based on search keywords, court docs show. “There are few things as revealing as a person’s search history, and police typically need a warrant on a known suspect to demand that sensitive information. But a recently unsealed court document found that investigators can request such data in reverse order by asking Google to disclose everyone who searched a keyword rather than for information on a known suspect.”
The Daily Swig: GHunt OSINT tool sniffs out Google users’ account information using just their email address
The Daily Swig: GHunt OSINT tool sniffs out Google users’ account information using just their email address . “GHunt lets individuals, or security experts, analyze a target’s Google ‘footprint’ based just on an email. The open source intelligence, or OSINT, tool can extract the account owner’s name and Google ID, YouTube channel, and active Google services, including Photos and Maps. GHunt can also reveal public photos, phone model, make, firmware and installed software, and potentially, the user’s physical location.”
The Spinoff: University of Auckland secretly tracked students’ social media activity for months
The Spinoff: University of Auckland secretly tracked students’ social media activity for months. “Documents released under the Official Information Act show that the University of Auckland has been tracking students on social media for several months. The university appears to have used this information to gain an insight into how students were reacting to online learning, and how students would react to new information from the university. The documents also suggest a university employee may have anonymously posted on student media sites more than once to stimulate discussion and provide information.”
CNN: Microsoft takes down massive hacking operation that could have affected the election
CNN: Microsoft takes down massive hacking operation that could have affected the election. “Microsoft has disrupted a massive hacking operation that it said could have indirectly affected election infrastructure if allowed to continue. The company said Monday it took down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware.”
ZDNet: Barnes & Noble confirms cyberattack, suspected customer data breach
ZDNet: Barnes & Noble confirms cyberattack, suspected customer data breach. “Barnes & Noble has confirmed a cyberattack impacting Nook services and potentially exposing customer data.”
Techdirt: FBI Sent A Special Task Force To Portland To ‘Exploit’ Phones Taken From Protesters
Techdirt: FBI Sent A Special Task Force To Portland To ‘Exploit’ Phones Taken From Protesters . “The Fly Teams have been in existence since shortly after the 9/11 attacks in 2001. But until now, they’ve mainly been foreign-focused — either operating in other countries or targeting foreign terrorists. This breaks some new ground in a disturbing way: counterterrorist activity targeting US citizens, some of which have engaged in nothing more than exercising their First Amendment rights.”
Fast Company: DuckDuckGo, EFF, and others just launched privacy settings for the whole internet
Fast Company: DuckDuckGo, EFF, and others just launched privacy settings for the whole internet. “A group of tech companies, publishers, and activist groups including the Electronic Frontier Foundation, Mozilla, and DuckDuckGo are backing a new standard to let internet users set their privacy settings for the entire web.”
Engadget: Prison video visitation system exposed calls between inmates and lawyers
Engadget: Prison video visitation system exposed calls between inmates and lawyers. “Prison video visitation systems are sometimes the only way family and lawyers can talk to inmates, particularly during the COVID-19 pandemic, but the security of those systems recently suffered a major lapse. Researcher Bob Diachenko told TechCrunch that video visitation provider HomeWAV left a database dashboard publicly accessible without a password since April, exposing ‘thousands’ of calls between inmates and their attorneys. Anyone could read call logs and transcripts.”