After facing criticism over the app’s recent decision to prohibit sexually explicit content starting in October, OnlyFans CEO Tim Stokely pointed the finger at banks for the policy change.
In an interview with the Financial Times published Tuesday, Stokely singled out a handful of banks for “unfair” treatment, saying they made it “difficult to pay our creators.”
Samsung already makes it extremely difficult to have root access without tripping the security flags, and now the Korean OEM has introduced yet another roadblock for aftermarket development. In its latest move, Samsung disables the cameras on the Galaxy Z Fold 3 after you unlock the bootloader.
Knox is the security suite on Samsung devices, and any modifications to the device will trip it, void your warranty, and disable Samsung Pay permanently. Now, losing all the Knox-related security features is one thing, but having to deal with a broken camera is a trade-off that many will be unwilling to make. But that’s exactly what you’ll have to deal with if you wish to unlock the bootloader on the Galaxy Z Fold 3.
According to XDA Senior Members 白い熊 and ianmacd, the final confirmation screen during the bootloader unlock process on the Galaxy Z Fold 3 mentions that the operation will cause the camera to be disabled. Upon booting up with an unlocked bootloader, the stock camera app indeed fails to operate, and all camera-related functions cease to function, meaning that you can’t use facial recognition either. Anything that uses any of the cameras will time out after a while and give errors or just remain dark, including third-party camera apps.
Thanks to XDA Senior Member ianmacd for the images!
It is not clear why Samsung chose the way on which Sony walked in the past, but the actual problem lies in the fact that many will probably overlook the warning and unlock the bootloader without knowing about this new restriction. Re-locking the bootloader does make the camera work again, which indicates that it’s more of a software-level obstacle. With root access, it could be possible to detect and modify the responsible parameters sent by the bootloader to the OS to bypass this restriction. However, according to ianmacd, Magisk in its default state isn’t enough to circumvent the barrier.
[…] The new “Personal Information Protection Law of the People’s Republic of China” comes into effect on November 1st, 2021, and comprises eight chapters and 74 articles
[…]
The Cyberspace Administration of China (CAC) said, as translated from Mandarin using automated tools:
On the basis of relevant laws, the law further refines and perfects the principles and personal information processing rules to be followed in the protection of personal information, clarifies the boundaries of rights and obligations in personal information processing activities, and improves the work systems and mechanisms for personal information protection.
The document outlines standardized data-handling processes, defines rules on big data and large-scale operations, regulates those processing data, addresses data that flows across borders, and outlines legal enforcement of its provisions. It also clarifies that state agencies are not immune from these measures.
The CAC asserts that consenting to collection of data is at the core of China’s laws and the new legislation requires continual up-to-date fully informed advance consent of the individual. Parties gathering data cannot require excessive information nor refuse products or services if the individual disapproves. The individual whose data is collected can withdraw consent, and death doesn’t end the information collector’s responsibilities or the individual’s rights – it only passes down the right to control the data to the deceased subject’s family.
Information processors must also take “necessary measures to ensure the security of the personal information processed” and are required to set up compliance management systems and internal audits.
To collect sensitive data, like biometrics, religious beliefs, and medical, health and financial accounts, information needs to be necessary, for a specific purpose and protected. Prior to collection, there must be an impact assessment, and the individual should be informed of the collected data’s necessity and impact on personal rights.
Interestingly, the law seeks to prevent companies from using big data to prey on consumers – for example setting transaction prices – or mislead or defraud consumers based on individual characteristics or habits. Furthermore, large-scale network platforms must establish compliance systems, publicly self-report their efforts, and outsource data-protective measures.
And if data flows across borders, the data collectors must establish a specialized agency in China or appoint a representative to be responsible. Organizations are required to offer clarity on how data is protected and its security assessed.
Storing data overseas does not exempt a person or company from compliance to any of the Personal Information Protection Laws.
In the end, supervision and law enforcement falls to the Cyberspace Administration and relevant departments of the State Council.
It looks like China has had a good look at the EU Cybersecurity Act and enhanced on that. All this looks very good and of course even better that they mandate the Chinese governmental agencies to also follow this, but is it true? With all the governmental AI systems, cameras and facial recognition systems tracking ethnic minorities (such as the Uyghurs) and setting good behaviour scores, how will these be affected? Somehow I doubt they will dismantle the pervasive surveillance apparatus they have. So even if the laws sound excellent, the proof is in the pudding.
The problem with harvesting reams of sensitive data is that it presents a very tempting target for malicious hackers, enemy governments, and other wrongdoers. That hasn’t prevented anyone from collecting and storing all of this data, secure only in the knowledge this security will ultimately be breached.
The devices, known as HIIDE, for Handheld Interagency Identity Detection Equipment, were seized last week during the Taliban’s offensive, according to a Joint Special Operations Command official and three former U.S. military personnel, all of whom worried that sensitive data they contain could be used by the Taliban. HIIDE devices contain identifying biometric data such as iris scans and fingerprints, as well as biographical information, and are used to access large centralized databases. It’s unclear how much of the U.S. military’s biometric database on the Afghan population has been compromised.
At first, it might seem that this will only allow the Taliban to high-five each other for making the US government’s shit list. But it wasn’t just used to track terrorists. It was used to track allies.
While billed by the U.S. military as a means of tracking terrorists and other insurgents, biometric data on Afghans who assisted the U.S. was also widely collected and used in identification cards, sources said.
Distributed Denial of Secrets is a journalist 501(c)(3) non-profit devoted to enabling the free transmission of data in the public interest.
We aim to avoid political, corporate or personal leanings, to act as a beacon of available information. As a transparency collective, we don’t support any cause, idea or message beyond ensuring that information is available to those who need it most—the people.
Online researchers say they have found flaws in Apple’s new child abuse detection tool that could allow bad actors to target iOS users. However, Apple has denied these claims, arguing that it has intentionally built safeguards against such exploitation.
It’s just the latest bump in the road for the rollout of the company’s new features, which have been roundly criticized by privacy and civil liberties advocates since they were initially announced two weeks ago. Many critics view the updates—which are built to scour iPhones and other iOS products for signs of child sexual abuse material (CSAM)—as a slippery slope towards broader surveillance.
The most recent criticism centers around allegations that Apple’s “NeuralHash” technology—which scans for the bad images—can be exploited and tricked to potentially target users. This started because online researchers dug up and subsequently shared code for NeuralHash as a way to better understand it. One Github user, AsuharietYgvar, claims to have reverse-engineered the scanning tech’s algorithm and published the code to his page. Ygvar wrote in a Reddit post that the algorithm was basically available in iOS 14.3 as obfuscated code and that he had taken the code and rebuilt it in a Python script to assemble a clearer picture of how it worked.
Problematically, within a couple of hours, another researcher said they were able to use the posted code to trick the system into misidentifying an image, creating what is called a “hash collision.”
[…]
However, “hash collisions” involve a situation in which two totally different images produce the same “hash” or signature. In the context of Apple’s new tools, this has the potential to create a false-positive, potentially implicating an innocent person for having child porn, critics claim. The false-positive could be accidental or intentionally triggered by a malicious actor.
[…]
ost alarmingly, researchers noted that it could be easily co-opted by a government or other powerful entity, which might repurpose its surveillance tech to look for other kinds of content. “Our system could easily be repurposed for surveillance and censorship,” writes Mayer and his research partner, Anunay Kulshrestha, in an op-ed in the Washington Post. “The design wasn’t restricted to a specific category of content; a service could simply swap in any content-matching data base, and the person using that service would be none the wiser.”
The researchers were “so disturbed” by their findings that they subsequently declared the system dangerous, and warned that it shouldn’t be adopted by a company or organization until more research could be done to curtail the potential dangers it presented. However, not long afterward, Apple announced its plans to roll out a nearly identical system to over 1.5 billion devices in an effort to scan for CSAM. The op-ed ultimately notes that Apple is “gambling with security, privacy and free speech worldwide” by implementing a similar system in such a hasty, slapdash way.
[…]
pple’s decision to launch such an invasive technology so swiftly and unthinkingly is a major liability for consumers. The fact that Apple says it has built safety nets around this feature is not comforting at all, he added.
“You can always build safety nets underneath a broken system,” said Green, noting that it doesn’t ultimately fix the problem. “I have a lot of issues with this [new system]. I don’t think it’s something that we should be jumping into—this idea that local files on your device will be scanned.” Green further affirmed the idea that Apple had rushed this experimental system into production, comparing it to an untested airplane whose engines are held together via duct tape. “It’s like Apple has decided we’re all going to go on this airplane and we’re going to fly. Don’t worry [they say], the airplane has parachutes,” he said.
In a new blog post for the International Monetary Fund, four researchers presented their findings from a working paper that examines the current relationship between finance and tech as well as its potential future. Gazing into their crystal ball, the researchers see the possibility of using the data from your browsing, search, and purchase history to create a more accurate mechanism for determining the credit rating of an individual or business. They believe that this approach could result in greater lending to borrowers who would potentially be denied by traditional financial institutions. At its heart, the paper is trying to wrestle with the dawning notion that the institutional banking system is facing a serious threat from tech companies like Google, Facebook, and Apple. The researchers identify two key areas in which this is true: Tech companies have greater access to soft-information, and messaging platforms can take the place of the physical locations that banks rely on for meeting with customers.
The concept of using your web history to inform credit ratings is framed around the notion that lenders rely on hard-data that might obscure the worthiness of a borrower or paint an unnecessarily dire picture during hard times. Citing soft-data points like “the type of browser and hardware used to access the internet, the history of online searches and purchases” that could be incorporated into evaluating a borrower, the researchers believe that when a lender has a more intimate relationship with the potential client’s history, they might be more willing to cut them some slack. […] But how would all this data be incorporated into credit ratings? Machine learning, of course. It’s black boxes all the way down. The researchers acknowledge that there will be privacy and policy concerns related to incorporating this kind of soft-data into credit analysis. And they do little to explain how this might work in practice.
Photos that are sent in messaging apps like WhatsApp or Telegram aren’t scanned by Apple. Still, if you don’t want Apple to do this scanning at all, your only option is to disable iCloud Photos. To do that, open the “Settings” app on your iPhone or iPad, go to the “Photos” section, and disable the “iCloud Photos” feature. From the popup, choose the “Download Photos & Videos” option to download the photos from your iCloud Photos library.
Screenshot: Khamosh Pathak
You can also use the iCloud website to download all photos to your computer. Your iPhone will now stop uploading new photos to iCloud, and Apple won’t scan any of your photos now.
Looking for an alternative? There really isn’t one. All major cloud-backup providers have the same scanning feature, it’s just that they do it completely in the cloud (while Apple uses a mix of on-device and cloud scanning). If you don’t want this kind of photo scanning, use local backups, NAS, or a backup service that is completely end-to-end encrypted.
Zoom has agreed to pay $85 million to settle claims that it lied about offering end-to-end encryption and gave user data to Facebook and Google without the consent of users. The settlement between Zoom and the filers of a class-action lawsuit also covers security problems that led to rampant “Zoombombings.”
The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California. It came nine months after Zoom agreed to security improvements and a “prohibition on privacy and security misrepresentations” in a settlement with the Federal Trade Commission, but the FTC settlement didn’t include compensation for users.
As we wrote in November, the FTC said that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers. In reality, “Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom’s ‘Connecter’ product (which are hosted on a customer’s own servers), because Zoom’s servers—including some located in China—maintain the cryptographic keys that would allow Zoom to access the content of its customers’ Zoom Meetings,” the FTC said. In real end-to-end encryption, only the users themselves have access to the keys needed to decrypt content.
Receiving a publishing deal from an indie publisher can be a turning point for an independent developer. But when one-man team Jakefriend was approached with an offer to invest half a million Canadian dollars into his hand-drawn action-adventure game Scrabdackle, he discovered the contract’s terms could see him signing himself into a lifetime of debt, losing all rights to his game, and even paying for it to be completed by others out of his own money.
In a lengthy thread on Twitter, indie developer Jakefriend explained the reasons he had turned down the half-million publishing deal for his Kickstarter-funded project, Scrabdackle. Already having raised CA$44,552 from crowdfunding, the investment could have seen his game released in multiple languages, with full QA testing, and launched simultaneously on PC and Switch. He just had to sign a contract including clauses that could leave him financially responsible for the game’s completion, while receiving no revenue at all, should he breach its terms.
“I turned down a pretty big publishing contract today for about half a million in total investment,” begins Jake’s thread. Without identifying the publisher, he continues, “They genuinely wanted to work with me, but couldn’t see what was exploitative about the terms. I’m not under an NDA, wanna talk about it?”
Over the following 24 tweets, the developer lays out the key issues with the contract, most especially focusing on the proposed revenue share. While the unnamed publisher would eventually offer a 50:50 split of revenues (albeit minus up to 10% for other sundry costs, including—very weirdly—international sales taxes), this wouldn’t happen until 50% of the marketing spend (approximately CA$200,000/US$159,000) and the entirety of his development funds (CA$65,000 Jake confirms to me via Discord) was recouped by sales. That works out to about 24,000 copies of the game, before which its developer would receive precisely 0% of revenue.
Even then, Scrabdackle’s lone developer explains, the contract made clear there would be no payments until a further 30 days after the end of the next quarter, with a further clause that allowed yet another three month delay beyond that. All this with no legal requirement to show him their financial records.
Should Jake want to challenge the sales data for the game, he’d be required to call for an audit, which he’d have to pay for whether there were issues or not. And should it turn out that there were discrepancies, there’d be no financial penalty for the publisher, merely the requirement to pay the missing amount—which he would have to hope would be enough to cover paying for the audit in the first place.
Another section of the contract explained that should there be disagreement about the direction of the game, the publisher could overrule and bring in a third-party developer to make the changes Jake would not, at Jake’s personal expense. With no spending limit on that figure.
But perhaps most surprising was a section declaring that should the developer be found in breach of the contract—something Jake explains is too ambiguously defined—then they would lose all rights to their game, receive no revenue from its sales, have to repay all the money they received, and pay for all further development costs to see the game completed. And here again there was no upper limit on what those costs could be.
It might seem obvious that no one should ever sign a contract containing clauses just so ridiculous. To be liable—at the publisher’s whim—for unlimited costs to complete a game while also required to pay back all funds (likely already spent), for no income from the game’s sales… Who would ever agree to such a thing? Well, as Jake tells me via Discord, an awful lot of independent developers, desperate for some financial support to finish their project. The contract described in his tweets might sound egregious, but the reality is that most of them offer some kind of awful term(s) for indie game devs.
“My close indie dev friends discuss what we’re able to of contracts frequently,” he says, “and the only thing surprising to them about mine is that it hit all the typical red flags instead of typically most of them. We’re all extremely fatigued and disheartened by how mundane an unjust contract offer is. It’s unfair and it’s tiring.”
Jake makes it clear that he doesn’t believe the people who contacted him were being maliciously predatory, but rather they were simply too used to the shitty terms. “I felt genuinely no sense of wanting to give me a bad deal with the scouts and producers I was speaking to, but I have to assume they are aware of the problems and are just used to that being the norm as well.”
Since posting the thread, Jake tells me he’s heard from a lot of other developers who described the terms to which he objected as, “sadly all-too-familiar.” At one point creator of The Witness, Jonathan Blow, replied to the thread saying, “I can guess who the publisher is because I have seen equivalent contracts.” Except Jake’s fairly certain he’d be wrong.
“The problem is so widespread,” Jake explains, “that when you describe the worst of terms, everyone thinks they know who it is and everyone has a different guess.
While putting this piece together, I reached out to boutique indie publisher Mike Rose of No More Robots, to see if he had seen anything similar, and indeed who he thought the publisher might be. “Honestly, it could be anyone,” he replied via Discord. “What [Jake] described is very much the norm. All of the big publishers you like, his description is all of their contracts.”
This is very much a point that Jake wants to make clear. In fact, it’s why he didn’t identify the publisher in his thread. Rather than to spare their blushes, or harm his future opportunities, Jake explains that he did it to ensure his experience couldn’t be taken advantage of by other indie publishers. “I don’t want to let others with equally bad practices off the hook,” he tells me. “As soon as I say ‘It was SoAndSo Publishing’, everyone else can say, ‘Wow, can’t believe it, glad we’re not like that,’ and have deniability.”
I also reached out to a few of the larger indie publishers, listing the main points of contention in Jake’s thread, to see if they had any comments. The only company that replied by the time of publication was Devolver. I was told,
“Publishing contracts have dozens of variables involved and a developer should rightfully decline points and clauses that make them feel uncomfortable or taken advantage of in what should be an equitable relationship with their partner—publisher, investor, or otherwise. Rev share and recoupment in particular should be weighed on factors like investment, risk, and opportunity for both parties and ultimately land on something where everyone feels like they are receiving a fair shake on what was put forth on the project. While I have not seen the full contract and context, most of the bullet points you placed here aren’t standard practice for our team.”
Where does this leave Jake and the future of Scrabdackle? “The Kickstarter funds only barely pay my costs for the next 10 months,” he tells Kotaku. “So there’s no Switch port or marketing budget to speak of. Nonetheless, I feel more motivated than ever going it alone.”
I asked if he would still consider a more reasonable publishing deal at this point. “This was a hobby project that only became something more when popular demand from an incredible and large community rallied for me to build a crowdfunding campaign…A publisher can offer a lot to an indie project, and a good deal is the difference between gamedev being a year-long stint or a long-term career for me, but that’s not worth the pound of flesh I was asked for.”
Hamburg’s state government has been formally warned against using Zoom over data protection concerns.
The German state’s data protection agency (DPA) took the step of issuing a public warning yesterday, writing in a press release that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR) since user data is transferred to the U.S. for processing.
The DPA’s concern follows a landmark ruling (Schrems II) by Europe’s top court last summer which invalidated a flagship data transfer arrangement between the EU and the U.S. (Privacy Shield), finding U.S. surveillance law to be incompatible with EU privacy rights.
The fallout from Schrems II has been slow to manifest — beyond an instant blanket of legal uncertainty. However, a number of European DPAs are now investigating the use of U.S.-based digital services because of the data transfer issue, in some instances publicly warning against the use of mainstream U.S. tools like Facebook and Zoom because user data cannot be adequately safeguarded when it’s taken over the pond.
German agencies are among the most proactive in this respect. But the EU’s data protection supervisor is also investigating the bloc’s use of cloud services from U.S. giants Amazon and Microsoft over the same data transfer concern.
[…]
The agency asserts that use of Zoom by the public body does not comply with the GDPR’s requirement for a valid legal basis for processing personal data, writing: “The documents submitted by the Senate Chancellery on the use of Zoom show that [GDPR] standards are not being adhered to.”
The DPA initiated a formal procedure earlier, via a hearing, on June 17, 2021, but says the Senate Chancellory failed to stop using the videoconferencing tool. Nor did it provide any additional documents or arguments to demonstrate compliance usage. Hence, the DPA taking the step of a formal warning, under Article 58 (2) (a) of the GDPR.
Most Spotify users are likely aware the streaming service tracks their listening activity, search history, playlists, and the songs they like or skip—that’s all part of helping the algorithm figure out what you like, right? However, some users may be less OK with how much other data Spotify and its partners are logging.
Street address, country, and other GPS location data
Login info
Billing info
Website cookies
IP address
Facebook user ID, login information, likes, and other data.
Device information like accelerometer or gyroscope data, operating system, model, browser, and even some data from other devices on your wifi network.
This information helps Spotify tailor song and artist recommendations to your tastes and is used to improve the in-app user experience, sure. However, the company also uses it to attract advertising partners, who can create personalized ads based on your information. And that doesn’t even touch on the third-party cross-site trackers that are eagerly eyeing your Spotify activity too.
Treating people and their data like a consumable resource is scummy, but it’s common practice for most companies and websites these days, and the common response from the general public is typically a shrug (never mind that a survey of US adults revealed we place a high value on our personal data). However, it’s still a security risk. As we’ve seen repeatedly over the years, all it takes is one poorly-secured server or an unusually skilled hacker to compromise the personal data that companies like Spotify hold onto.
And to top things off, almost all of your Spotify profile’s information is public by default—so anyone else with a Spotify account can easily look you up unless you go out of your way to change your settings.
Luckily, you can limit some of the data Spotify and connected third-party apps collect, and can review the personal information the app has stored. Spotify doesn’t offer that many data privacy options, and many of them are spread out across its web, desktop, and mobile apps, but we’ll show you where to find them all and which ones you should enable for the most private Spotify listening experience possible. You know, relatively.
How to change your Spotify account’s privacy settings
The web player is where to start if you want to tune up your Spotify privacy. Almost all of Spotify’s data privacy settings are found on there, rather than in the mobile or desktop apps.
We’ll start by cutting down on how much personal data you share with Spotify.
Click your user icon then go to Account > Edit profile.
Remove or edit any personal info that you’re able to.
Uncheck “Share my registration data with Spotify’s content providers for marketing purposes.”
Click “Save Changes.”
Screenshot: Brendan Hesse
Next, let’s limit how Spotify uses your personal data for advertising.
Go to Account > Privacy settings.
Turn off “Process my personal data for tailored ads.” Note that you’ll still get just as many ads—and Spotify will still track you—but your personal data will no longer be used to deliver you targeted ads.
Turn off “Process my Facebook data.” This will stop Spotify from using your Facebook account data to further refine the ads you hear.
Lastly, go to Account > Apps to review all the external apps linked to your Spotify account and see a list of all devices you’re logged in to. Remove any you don’t need or use anymore.
How to review your Spotify account data
You can also see how much of your personal data Spotify has collected. At the bottom of the Privacy Settings page, there’s an option to download your Spotify data for review. While you can’t remove this data from your account, it shows you a selection of personal information, your listening and search history, and other data the company has collected. Click “Request” to begin the process. Note that it can take up to 30 days for Spotify to get your data ready for download.
How to hide public playlists and listening activity on Spotify
Your Spotify playlists and listening activity are public by default, but you can quickly turn them off or even block certain listening activity in Spotify’s web and desktop apps. While this doesn’t affect Spotify’s data tracking, it’s still a good idea to keep some info hidden if you’re trying to make Spotify as private as possible.
How to turn off Spotify listening activity
Desktop
Screenshot: Brendan Hesse
Click your profile image and go to Settings > Social
Turn off “Make my new playlists public.”
Turn off “Share my listening activity on Spotify.”
Mobile
Screenshot: Brendan Hesse
Tap the settings icon in the upper-right of the app.
Scroll down to “Social.”
Disable “Listening Activity.”
How to hide Spotify Playlists
Don’t forget to hide previously created playlists, which are made public by default. This can be done from the desktop, web, and mobile apps.
Mobile
Open the “Your Library” tab.
Select a playlist.
Tap the three-dot icon in the upper-right of the screen.
Select “Make Secret.”
Desktop app and web player
Open a playlist from the library bar on the left.
Click the three-dot icon by the Playlist’s name.
Select “Make Secret.”
How to use Private Listening mode on Spotify
Spotify’s Private Listening mode also hides your listening activity, but you need to enable it manually each time you want to use it.
Mobile
In the app, go to Settings > Social.
Tap “Enable private session.”
Desktop app and web player
There are three ways to enable a Private session on desktop:
Click your profile picture then select “Private session.”
Or, click the “…” icon in the upper-left and go to File > Private session.
Or, go to Settings > Social and toggle “Start a private session to listen anonymously.”
Note that Private sessions only affect what other users see (or don’t see, rather). It doesn’t stop Spotify from tracking your activity—though as Wired points out, Spotify’s Privacy Policy vaguely implies Private Mode “may not influence” your recommendations, so it’s possible some data isn’t tracked while this mode is turned on. It’s better to use the privacy controls outlined in the sections above if you want to change how Spotify collects data.
How to limit third-party cookie tracking in Spotify
Turning on the privacy settings above will help reduce how much data Spotify tracks and uses for advertising and keep some of your Spotify listening history hidden from other users, but you should also take steps to limit how other apps and websites track your Spotify activity.
Screenshot: Brendan Hesse
The desktop app has built-in cookie blocking controls that can do this:
In the desktop app, click your username in the top right corner.
Go to Settings > Show advanced settings.
Scroll down to “Privacy” and turn on “Block all cookies for this installation of the Spotify desktop app.”
Close and restart the app for the change to take effect.
Even with all possible privacy settings turned on and Private Listening sessions enabled at all times, Spotify is still tracking your data. If that is absolutely unacceptable to you, the only real option is to delete your account. This will remove all your Spotify data for good—just make sure you download and back up any data you want to import to other services before you go through with it.
Go to the Contact Spotify Support web page and sign in with your Spotify account.
Select the “Account” section.
Click “I want to close my account” from the list of options.
Scroll down to the bottom of the page and click “Close Account.”
Follow the on-screen prompts, clicking “Continue” each time to move forward.
After the final confirmation, Spotify will send you an email with the cancellation link. Click the “Close My Account” button to verify you want to delete your account (this link is only active for 24 hours).
To be clear, we’re not advocating everyone go out and delete their Spotify accounts over the company’s privacy policy and advertising practices, but it’s always important to know how—and why—the apps and websites we use are tracking us. As we said at the top, even companies with the best intentions can fumble your data, unwittingly delivering it into the wrong hands.
Even if you’re cool with Spotify tracking you and don’t feel like enabling the options we’ve outlined in this guide, take a moment to tune up your account’s privacy with a strong password and two-factor sign-in, and remove any unnecessary info from your profile. These extra steps will help keep you safe if there’s ever an unexpected security breach.
an AI on your phone will scan all those you have sent and will send to iPhotos. It will generate fingerprints that purportedly identify pictures, even if highly modified, that will be checked against fingerprints of known CSAM material. Too many of these – there’s a threshold – and Apple’s systems will let Apple staff investigate. They won’t get the pictures, but rather a voucher containing a version of the picture. But that’s not the picture, OK? If it all looks too dodgy, Apple will inform the authorities
[…]
In a blog post “Recognizing People in Photos Through Private On-Device Machine Learning” last month, Apple plumped itself up and strutted its funky stuff on how good its new person recognition process is. Obscured, oddly lit, accessorised, madly angled and other bizarrely presented faces are no problemo, squire.
By dint of extreme cleverness and lots of on-chip AI, Apple says it can efficiently recognise everyone in a gallery of photos. It even has a Hawkings-grade equation, just to show how serious it is, as proof that “finally, we rescale the obtained features by ss and use it as logit to compute the softmax cross-entropy loss based on the equation below.” Go, look. It’s awfully science-y.
The post is 3,500 words long, complex, and a very detailed paper on computer vision, one of the two tags Apple has given it. The other tag, Privacy, can be entirely summarised in six words: it’s on-device, therefore it’s private. No equation.
That would be more comforting if Apple hadn’t said days later how on-device analysis is going to be a key component in informing law enforcement agencies about things they disapprove of. Put the two together, and there’s a whole new and much darker angle to the fact, sold as a major consumer benefit, that Apple has been cramming in as much AI as it can so it can look at pictures as you take and after you’ve stored them.
We’ve all been worried about how mobile phones are stuffed with sensors that can watch what we watch, hear what we hear, track where we go and note what we do. The evolving world of personal data privacy is based around these not being stored in the vast vaults of big data, keeping them from being grist to the mill of manipulating our digital personas.
But what happens if the phone itself grinds that corn? It may never share a single photograph without your permission, but what if it can look at that photograph and generate precise metadata about what, who, how, when, and where it depicts?
This is an aspect of edge computing that is ahead of the regulators, even those of the EU who want to heavily control things like facial recognition. By the time any such regulation is produced, countless millions of devices will be using it to ostensibly provide safe, private, friendly on-device services that make taking and keeping photographs so much more convenient and fun.
It’s going to be very hard to turn that off, and very easy to argue for exemptions that weaken the regs to the point of pointlessness. Especially if the police and security services lobby hard as well, which they will as soon as they realise that this defeats end-to-end encryption without even touching end-to-end encryption.
So yes, Apple’s anti-CSAM model is capable of being used without impacting the privacy of the innocent, if it is run exactly as version 1.0 is described. It is also capable of working with the advances elsewhere in technology to break that privacy utterly, without setting off the tripwires of personal protection we’re putting in place right now.
[…]Rockstar Games has previously had its own run-in with its modding community, banning modders who attempted to shiftGTA5’s online gameplay to dedicated servers that would allow mods to be used, since Rockstar’s servers don’t allow mods. What it’s now doing in issuing copyright notices on modders who have been forklifting older Rockstar assets into newer GTA games, however, is totally different.
Grand Theft Auto publisher Take-Two has issued copyright takedown notices for several mods on LibertyCity.net, according to a post from the site. The mods either inserted content from older Rockstar games into newer ones, or combined content from similar Rockstar games into one larger game. The mods included material from Grand Theft Auto 3, San Andreas, Vice City, Mahunt, and Bully.
This has been a legally active year for Take-Two, starting with takedown notices for reverse-engineered versions of GTA3 and Vice City. Those projects were later restored. Since then, Take-Two has issued takedowns for mods that move content from older Grand Theft Auto games into GTA5, as well as mods that combine older games from the GTA3 generation into one. That lead to a group of modders preemptively taking down their 14-year-old mod for San Andreas in case they were next on Take-Two’s list.
All of this is partially notable because it’s new. Like many games released for the PC, the GTA series has enjoyed a healthy modding community. And Rockstar, previously, has largely left this modding community alone. Which is generally smart, as mods such as the ones the community produces are fantastic ways to both keep a game fresh as it ages and lure in new players to the original game by enticing them with mods that meet their particular interests. I’ll never forget a Doom mod that replaced all of the original MIDI soundtrack files with MIDI versions of 90’s alternative grunge music. That mod caused me to play Doom all over again from start to finish.
But now Rockstar Games has flipped the script and is busily taking these fan mods down. Why? Well, no one is certain, but likely for the most obvious reason of all.
One reason a company might become more concerned with this kind of copyright infringement is that it’s planning to release a similar product and wants to be sure that its claim to the material can’t be challenged. It’s speculative at this point, but that tracks with the rumors we heard earlier this year that Take-Two is working on remakes of the PS2 Grand Theft Auto games.
In other words, Rockstar appears to be completely happy to reap all the benefits from the modding community right up until the moment it thinks it can make more money with re-releases, at which point the company cries “Copyright!” The company may well be within its rights to operate that way, but why in the world would the modding community ever work on Rockstar games again?
If you’re concerned that Amazon might misuse palm print data from its One service, you’re not alone. TechCrunchreports that Senators Amy Klobuchar, Bill Cassidy and Jon Ossoff have sent a letter to new Amazon chief Andy Jassy asking him to explain how the company might expand use of One’s palm print system beyond stores like Amazon Go and Whole Foods. They’re also worried the biometric payment data might be used for more than payments, such as for ads and tracking.
The politicians are concerned that Amazon One reportedly uploads palm print data to the cloud, creating “unique” security issues. The move also casts doubt on Amazon’s “respect” for user privacy, the senators said.
In addition to asking about expansion plans, the senators wanted Jassy to outline the number of third-party One clients, the privacy protections for those clients and their customers and the size of the One user base. The trio gave Amazon until August 26th to provide an answer.
[…]
The company has offered $10 in credit to potential One users, raising questions about its eagerness to collect palm print data. This also isn’t the first time Amazon has clashed with government
[…]
Amazon declined to comment, but pointed to an earlier blog post where it said One palm images were never stored on-device and were sent encrypted to a “highly secure” cloud space devoted just to One content.
Basically having these palm prints all in the cloud is really an incredibly insecure way to keep all this biometric data of people that they can’t ever change, short of burning their palms off.
We’ve talked a lot on Techdirt about the end of ownership, and how companies have increasingly been reaching deep into products that you thought you bought to modify them… or even destroy them. Much of this originated in the copyright space, in which modern copyright law (somewhat ridiculously) gave the power to copyright holders to break products that people had “bought.” Of course, the legacy copyright players like to conveniently change their language on whether or not you’re buying something or simply “licensing” it temporarily based on what’s most convenient (i.e., what makes them the most money) at the time.
Over at the Nation, Maria Bustillos, recently wrote about how legacy companies — especially in the publishing world — are trying to take away the concept of book ownership and only let people rent books. A little over a year ago, picking up an idea first highlighted by law professor Brian Frye, we highlighted how much copyright holders want to be landlords. They don’t want to sell products to you. They want to retain an excessive level of control and power over it — and to make you keep paying for stuff you thought you bought. They want those monopoly rents.
As Bustillos points out, the copyright holders are making things disappear, including “ownership.”
Maybe you’ve noticed how things keep disappearing—or stop working—when you “buy” them online from big platforms like Netflix and Amazon, Microsoft and Apple. You can watch their movies and use their software and read their books—but only until they decide to pull the plug. You don’t actually own these things—you can only rent them. But the titanic amount of cultural information available at any given moment makes it very easy to let that detail slide. We just move on to the next thing, and the next, without realizing that we don’t—and, increasingly, can’t—own our media for keeps.
And while most of the focus on this space has been around music and movies, it’s happening to books as well:
Unfortunately, today’s mega-publishers and book distributors have glommed on to the notion of “expiring” media, and they would like to normalize that temporary, YouTube-style notion of a “library.” That’s why, last summer, four of the world’s largest publishers sued the Internet Archive over its National Emergency Library, a temporary program of the Internet Archive’s Open Library intended to make books available to the millions of students in quarantine during the pandemic. Even though the Internet Archive closed the National Emergency Library in response to the lawsuit, the publishers refused to stand down; what their lawsuit really seeks is the closing of the whole Open Library, and the destruction of its contents. (The suit is ongoing and is expected to resume later this year.) A close reading of the lawsuit indicates that what these publishers are looking to achieve is an end to the private ownership of books—not only for the Internet Archive but for everyone.
[…]
The big publishers and other large copyright holders always insist that they’re “protecting artists.” That’s almost never the case. They regularly destroy and suppress creativity and art with their abuse of copyright law. Culture shouldn’t have to be rented, especially when the landlords don’t care one bit about the underlying art or cultural impact.
[…] In “Pretty Good Phone Privacy,” [PDF] a paper scheduled to be presented on Thursday at the Usenix Security Symposium, Schmitt and Barath Raghavan, assistant professor of computer science at the University of Southern California, describe a way to re-engineer the mobile network software stack so that it doesn’t betray the location of mobile network customers.
“It’s always been thought that since cell towers need to talk to phones then all users have to accept the status quo in which mobile operators track our every movement and sell the data to data brokers (as hasbeenextensivelyreported),” said Schmitt. “We show how it’s possible to protect users’ mobile privacy while at the same time providing normal connectivity, and to do so without changing any of the hardware in mobile networks.”
In recent years, mobile carriers have been routinely selling and leaking location data, to the detriment of customer privacy. Efforts to alter the status quo have been hampered by an uneven regulatory landscape, the resistance of data brokers that profit from the status quo, and the assumption that cellular network architecture requires knowing where customers are located.
[…]
The purpose of Pretty Good Phone Privacy (PGPP) is to avoid using a unique identifier for authenticating customers and granting access to the network. It’s a technology that allows a Mobile Virtual Network Operator (MVNO) to issue SIM cards with identical SUPIs for every subscriber because the SUPI is only used to assess the validity of the SIM card. The PGPP network can then assign an IP address and a GUTI (Globally Unique Temporary Identifier) that can change in subsequent sessions, without telling the MVNO where the customer is located.
“We decouple network connectivity from authentication and billing, which allows the carrier to run Next Generation Core (NGC) services that are unaware of the identity or location of their users but while still authenticating them for network use,” the paper explains. “Our architectural change allows us to nullify the value of the user’s SUPI, an often targeted identifier in the cellular ecosystem, as a unique identifier.”
[…]
Its primary focus is defending against the surreptitious sale of location data by network providers.
[…]
Schmitt argues PGPP will help mobile operators comply with current and emerging data privacy regulations in US states like California, Colorado, and Virginia, and post-GDPR rules in Europe
The Open App Markets Act, which is being spearheaded by Sens. Richard Blumenthal, and Marsha Blackburn, is designed to crack down on some of the scummiest tactics tech players use to rule their respective app ecosystems, while giving users the power to download the apps they want, from the app stores they want, without retaliation.
“For years, Apple and Google have squashed competitors and kept consumers in the dark—pocketing hefty windfalls while acting as supposedly benevolent gatekeepers of this multibillion-dollar market,” Blumenthal told the Wall Street Journal. As he put it, this bill is tailor-made to “break these tech giants’ ironclad grip open the app economy to new competitors and give mobile users more control over their own devices.”
The antitrust issues facing both of these companies—along with fellow tech giants like Facebook and Amazon—have come to a boiling point on Capitol Hill over the past year. We’ve seen lawmakers roll out bill after bill meant to target some of the most lucrative monopolies these companies hold: Amazon’s marketplace, Facebook’s collection of platforms, and, of course, Apple and Google’s respective app stores. Last month, three dozen state attorneys general levied a fresh antitrust suit against Google for the Play Store fees forced on app developers. Meanwhile, Apple is still in a heated legal battle with Epic Games over its own mandated commissions, which can take up to 30% from every in-app purchase users make.
Blumenthal and Blackburn target these fees specifically. The bill would prohibit app stores from requiring that developers use their payment systems, for example. It would also prevent app stores from retaliating against developers who try to implement payment systems of their own, which is the exact scenario that got Epic booted from the App Store last summer.
On top of this, the bill would require that devices allow app sideloading by default. Google’s allowed this practice for a while, but this month started taking steps to narrow the publishing formats developers could use. Apple hardware, meanwhile, has never been sideload-friendly—a choice that’s meant to uphold the “privacy initiatives” baked into the App Store, according to Apple CEO Tim Cook.
Here are some other practices outlawed by the Open App Markets Act: Apple, Google, or any other app store owner would be barred from using a developer’s proprietary app intel to develop their own competing product. They’d also be barred from applying ranking algorithms that rank their own apps over those of their competitors. Users, meanwhile, would (finally) need to be given choices of the app store they can use on their device, instead of being pigeonholed into Apple’s App Store or Google’s Play Store.
Like all bills, this new legislation still needs to go through the regulatory churn before it has any hope of passing, and it might look like a very different set of rules by the time it finally does. But at this point, antitrust action is going to come for these companies whether they like it or not.
Amazon.com Inc. withdrew a set of staff guidelines that claimed ownership rights to video games made by employees after work hours and dictated how they could distribute them, according to a company email reviewed by Bloomberg.
[…]
The old policies mandated that employees of the games division who were moonlighting on projects would need to use Amazon products, such as Amazon Web Services, and sell their games on Amazon digital stores. It also gave the company “a royalty free, worldwide, fully paid-up, perpetual, transferable license” to intellectual property rights of any games developed by its employees.
[…]
The games division has struggled practically since its inception in 2012 and can hardly afford another reputational hit. It has never released a successful game, and some current and former employees have placed the blame with Frazzini. Bloomberg reported in January that Frazzini had hired veteran game developers and executives but largely dismissed or ignored their advice.
So tbh if they can’t make games during work hours, what difference is it that their incompentence after work hours can’t be sold outside of Amazon. Or are the employees ripping the Amazon Games division off?
China has drafted new rules required of its autonomous and networked vehicle builders.
Data security is front and centre in the rules, with manufacturers required to store data generated by cars – and describing their drivers – within China. Data is allowed to go offshore, but only after government scrutiny.
Manufacturers are also required to name a chief of network security, who gets the job of ensuring autonomous vehicles can’t fall victim to cyber attacks. Made-in-China auto-autos are also required to be monitored to detect security issues.
Over-the-air upgrades are another requirement, with vehicle owners to be offered verbose information about the purpose of software updates, the time required to install them, and the status of upgrades.
Behind the wheel, drivers must be informed about the vehicle’s capabilities and the responsibilities that rest on their human shoulders. All autonomous vehicles will be required to detect when a driver’s hands leave the wheel, and to detect when it’s best to cede control to a human.
If an autonomous vehicle’s guidance systems fail, it must be able to hand back control.
Google Pay is an online paying system and digital wallet that makes it easy to buy anything on your mobile device or with your mobile device. But if you’re concerned about what Google is doing with all your data (which you probably should be), Google doesn’t make it easy for Google Pay has some secret settings to manage your settings.
A report from Bleeping Computer shows that privacy settings aren’t available through the main Google Pay setting page that is accessible through the navigation sidebar.
On that screen, users can adjust all the same settings available on the other settings page, but they can also address three additional privacy settings—controlling whether Google Pay is allowed to share account information, personal information, and creditworthiness.
Here’s the full language of those three options:
-Allow Google Payment Corporation to share third party creditworthiness information about you with other companies owned and controlled by Google LLC for their everyday business purposes.
-Allow your personal information to be used by other companies owned and controlled by Google LLC to market to you. Opting out here does not impact whether other companies owned and controlled by Google LLC can market to you based on information you provide to them outside of Google Payment Corporation.
-Allow Google LLC or its affiliates to inform a third party merchant, whose site or app you visit, whether you have a Google Payments account that can be used for payment to that merchant. Opting out may impact your ability to use Google Payments to transact with certain third party merchants.
According to Bleeping Computer, the default of Google Pay is to enable all the above settings. In order to opt out, users have to go to the special URL that is not accessible through the navigation bar.
As the Reddit post that inspired the Bleeping Computer report claims, this discrepancy makes it appear that Google Pay is hiding its privacy options. “Google is not walking the talk when it claims to make it easy for their users to control the privacy and use of their own data,” the Redditor surmised.
A Google spokesperson told Gizmodo they’re working to make the privacy settings more accessible. “The different settings views described here are an issue resulting from a previous software update and we are working to fix this right away so that these privacy settings are always visible on pay.google.com,” the spokesperson told Gizmodo.
“All users are currently able to access these privacy settings via the ‘Google Payments privacy settings page’ link in the Google Pay privacy notice.”
Here’s hoping that my bank can set up it’s own version of Google Pay instead of integrating with it. I definitely don’t want Google or Apple getting their grubby little paws on my financial data.
Protect your card details and your money by creating virtual cards at each place you spend online, or for each purchase
Create single-use cards that close themselves automatically
browser extension to create and auto-fill card numbers at checkout
Privacy Cards put the control in your hands when you make a purchase online. Business or personal, one-time or subscription, now you decide who can charge your card, how much, how often, and you can close a card any time
The Copyright, Designs and Patents Act 1988 (CDPA) sets the term of protection for works protected copyright. For artistic works, the term of protection is life of the author plus 70 years. For more information on the term of copyright, see our Copyright Notice: Duration of copyright (term) on this subject. Section 52 CDPA previously reduced the term of copyright for industrially manufactured artistic works to 25 years.
In 2011, a judgment was made by the Court of Justice of the European Union (CJEU) in relation to copyright for design works. The government concluded that section 52 CDPA should be repealed to provide equal protection for all types of artistic work. This repeal was included in the Enterprise and Regulatory Reform Act 2013. The main copyright works affected were works of artistic craftsmanship. The primary types of work believed to be in scope were furniture, jewellery, ceramics, lighting and other homewares. This would be both the 3D manufacture and retail and the 2D representation in publishing.
[…]
The Copyright (Amendment) Regulations 2016 came into force on 6 April 2017. They amended Schedule 1 CDPA to allow works made before 1957 to attract copyright protection, whatever their separate design status. They also removed a compulsory licensing provision for works with revived copyright from the Duration of Copyright and Rights in Performances Regulations 1995 (1995 Regulations). Existing compulsory licences which had agreed a royalty or remuneration with the rights holder could continue. The relevant documents can be found in the Changes to Schedule 1 CDPA and duration of Copyright Regulations consultation.
The Blackstone-owned genealogy giant Ancestry.com raised a ton of red flags earlier this month with an update to its terms and conditions that give the company a bit more power over your family photos. From here on out, the August 3 update reads, Ancestry can use these pics for any reason, at any time, forever.
[…]
By submitting User Provided Content through any of the Services, you grant Ancestry a perpetual, sublicensable, worldwide, non-revocable, royalty-free license to host, store, copy, publish, distribute, provide access to, create derivative works of, and otherwise use such User Provided Content to the extent and in the form or context we deem appropriate on or through any media or medium and with any technology or devices now known or hereafter developed or discovered. This includes the right for Ancestry to copy, display, and index your User Provided Content. Ancestry will own the indexes it creates.
[…]
The company also noted that it added a helpful clause to clarify that, yes, deleting your documents from Ancestry’s site would also remove any rights Ancestry holds over them. But there’s a catch: if any other Ancestry users copied or saved your content, then Ancestry still holds those rights until these other users delete your documents, too.
One day after Apple confirmed plans for new software that will allow it to detect images of child abuse on users’ iCloud photos, Facebook’s head of WhatsApp says he is “concerned” by the plans.
In a thread on Twitter, Will Cathcart called it an “Apple built and operated surveillance system that could very easily be used to scan private content for anything they or a government decides it wants to control.” He also raised questions about how such a system may be exploited in China or other countries, or abused by spyware companies.
