Apple’s MAC Address Privacy Feature Has Never Worked

Ever since Apple re-branded as the “Privacy” company several years back, it’s been rolling out features designed to show its commitment to protecting users. Yet while customers might feel safer using an iPhone, there’s already plenty of evidence that Apple’s branding efforts don’t always match the reality of its products. In fact, a lot of Read more about Apple’s MAC Address Privacy Feature Has Never Worked[…]

Empowering Responsible and Compliant Practices: Bridging the Gap for US Citizens and Corporations with the New EU-US Data Privacy Framework

The Data Privacy Framework (DPF) presents new legal guidance to facilitate personal data sharing between US companies and their counterparts in the EU and the UK. This framework empowers individuals with greater control over their personal data and streamlines business operations by creating common rules around interoperable dataflows. Moreover, the DPF will help enable clear Read more about Empowering Responsible and Compliant Practices: Bridging the Gap for US Citizens and Corporations with the New EU-US Data Privacy Framework[…]

Equifax poked with paltry $13.4 million following 147m customer data breach in 2017

Credit bureau company, Equifax, has been fined US$13.4 million by The Financial Conduct Authority (FCA), a UK financial watchdog, following its involvement in “one of the largest” data breaches ever. This cyber security incident took place in 2017 and saw Equifax’s US-based parent company, Equifax Inc., suffer a data breach that saw the personal data Read more about Equifax poked with paltry $13.4 million following 147m customer data breach in 2017[…]

ICE, CBP, Secret Service All Illegally Used Smartphone Location Data

In a bombshell report, an oversight body for the Department of Homeland Security (DHS) found that Immigration and Customs Enforcement (ICE), Customs and Border Enforcement (CBP), and the Secret Service all broke the law while using location data harvested from ordinary apps installed on smartphones. In one instance, a CBP official also inappropriately used the Read more about ICE, CBP, Secret Service All Illegally Used Smartphone Location Data[…]

EPIC urges FTC to investigate Grindr’s data practices

On Wednesday, EPIC filed a complaint with the US government watchdog over Grindr’s “apparent failure to safeguard users’ sensitive personal data.” This includes both present and past users who have since deleted their accounts, according to the complaint. Despite promising in its privacy policy to delete personal info if customers remove their account, Grindr allegedly retained Read more about EPIC urges FTC to investigate Grindr’s data practices[…]

Singapore plans to scan your face instead of your passport

[…] “Singapore will be one of the first few countries in the world to introduce automated, passport-free immigration clearance,” said minister for communications and information Josephine Teo in a wrap-up speech for the bill. Teo did concede that Dubai had such clearance for select enrolled travelers, but there was no assurance of other countries planning Read more about Singapore plans to scan your face instead of your passport[…]

Firefox now has private browser-based website translation – no cloud servers required

Web browsers have had tools that let you translate websites for years. But they typically rely on cloud-based translation services like Google Translate or Microsoft’s Bing Translator. The latest version of Mozilla’s Firefox web browser does things differently. Firefox 118 brings support for Fullpage Translation, which can translate websites entirely in your browser. In other Read more about Firefox now has private browser-based website translation – no cloud servers required[…]

Philips Hue / Signify Ecosystem: ‘Collapsing Into Stupidity’

The Philips Hue ecosystem of home automation devices is “collapsing into stupidity,” writes Rachel Kroll, veteran sysadmin and former production engineer at Facebook. “Unfortunately, the idiot C-suite phenomenon has happened here too, and they have been slowly walking down the road to full-on enshittification.” From her blog post: I figured something was up a few Read more about Philips Hue / Signify Ecosystem: ‘Collapsing Into Stupidity’[…]

Philips Hue will force users to upload their data to Hue cloud – changing their TOS after you bought the product for not needing an account

Today’s story is about Philips Hue by Signify. They will soon start forcing accounts on all users and upload user data to their cloud. For now, Signify says you’ll still be able to control your Hue lights locally as you’re currently used to, but we don’t know if this may change in the future. The Read more about Philips Hue will force users to upload their data to Hue cloud – changing their TOS after you bought the product for not needing an account[…]

T-Mobile US exposes some customer data, but don’t say breach

T-Mobile US has had another bad week on the infosec front – this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied. According to customers who complained of the issue on Reddit and X, the T-Mobile app was displaying other customers’ data instead of Read more about T-Mobile US exposes some customer data, but don’t say breach[…]

Dutch privacy watchdog SDBN sues twitter for collecting and selling data via Mohub (wordfeud, duolingo, etc) without notifying users

The Dutch Data Protection Foundation (SDBN) wants to enforce a mass claim for 11 million people through the courts against social media company X, the former Twitter. Between 2013 and 2021, that company owned the advertising platform MoPub, which, according to the privacy foundation, illegally traded in data from users of more than 30,000 free Read more about Dutch privacy watchdog SDBN sues twitter for collecting and selling data via Mohub (wordfeud, duolingo, etc) without notifying users[…]

Google Chrome’s Privacy Sandbox: any site can now query all your habits

[…] Specifically, the web giant’s Privacy Sandbox APIs, a set of ad delivery and analysis technologies, now function in the latest version of the Chrome browser. Website developers can thus write code that calls those APIs to deliver and measure ads to visitors with compatible browsers. That is to say, sites can ask Chrome directly Read more about Google Chrome’s Privacy Sandbox: any site can now query all your habits[…]

Google taken to court in NL for large scale privacy breaches

The Foundation for the Protection of Privacy Interests and the Consumers’ Association are taking the next step in their fight against Google. The tech company is being taken to court today for ‘large-scale privacy violations’. The proceedings demand, among other things, that Google stop its constant surveillance and sharing of personal data through online advertising Read more about Google taken to court in NL for large scale privacy breaches[…]

Mozilla investigates 25 major car brands and finds privacy is shocking

[…] The foundation, the Firefox browser maker’s netizen-rights org, assessed the privacy policies and practices of 25 automakers and found all failed its consumer privacy tests and thereby earned its Privacy Not Included (PNI) warning label. If you care even a little about privacy, stay as far away from Nissan’s cars as you possibly can Read more about Mozilla investigates 25 major car brands and finds privacy is shocking[…]

Australian Government, Of All Places, Says Age Verification Is A Privacy & Security Nightmare

In the past I’ve sometimes described Australia as the land where internet policy is completely upside down. Rather than having a system that protects intermediaries from liability for third party content, Australia went the opposite direction. Rather than recognizing that a search engine merely links to content and isn’t responsible for the content at those Read more about Australian Government, Of All Places, Says Age Verification Is A Privacy & Security Nightmare[…]

Companies are recording your conversations whilst you are on hold with them

Is Achmea or Bol.com customer service putting you on hold? Then everything you say can still be heard by some of their employees. This is evident from research by Radar. When you call customer service, you often hear: “Please note: this conversation may be recorded for training purposes.” Nothing special. But if you call the Read more about Companies are recording your conversations whilst you are on hold with them[…]

China floats rules for facial recognition technology – they are good and be great if the govt was bound by them too!

China has released draft regulations to govern the country’s facial recognition technology that include prohibitions on its use to analyze race or ethnicity. According to the the Cyberspace Administration of China(CAC), the purpose is to “regulate the application of face recognition technology, protect the rights and interests of personal information and other personal and property Read more about China floats rules for facial recognition technology – they are good and be great if the govt was bound by them too![…]

Reddit Wins, Doesn’t Have to NARC on Users Who Discussed Torrenting

This weekend, a federal court tossed a subpoena in a case against the internet service provider Grande that would require Reddit to reveal the identities of anonymous users that torrent movies. The case was originally filed in 2021 by 20 movie producers against Grande Communications in the Western District of Texas federal court. The lawsuit Read more about Reddit Wins, Doesn’t Have to NARC on Users Who Discussed Torrenting[…]

New privacy deal allows US tech giants to continue storing European user data on American servers

Nearly three years after a 2020 court decision threatened to grind transatlantic e-commerce to a halt, the European Union has adopted a plan that will allow US tech giants to continue storing data about European users on American soil. In a decision announced Monday, the European Commission approved the Trans-Atlantic Data Privacy Framework. Under the Read more about New privacy deal allows US tech giants to continue storing European user data on American servers[…]

Google Says It’ll Scrape Everything You Post Online for AI

Google updated its privacy policy over the weekend, explicitly saying the company reserves the right to scrape just about everything you post online to build its AI tools. If Google can read your words, assume they belong to the company now, and expect that they’re nesting somewhere in the bowels of a chatbot. “Google uses Read more about Google Says It’ll Scrape Everything You Post Online for AI[…]

Sacramento Sheriff is sharing license plate reader data with anti-abortion states, records show

In 2015, Democratic Elk Grove Assemblyman Jim Cooper voted for Senate Bill 34, which restricted law enforcement from sharing automated license plate reader (ALPR) data with out-of-state authorities. In 2023, now-Sacramento County Sheriff Cooper appears to be doing just that. The Electronic Frontier Foundation (EFF) a digital rights group, has sent Cooper a letter requesting Read more about Sacramento Sheriff is sharing license plate reader data with anti-abortion states, records show[…]

France Allows Police to Remotely Turn On GPS, Camera, Audio on Phones

Amidst ongoing protests in France, the country has just passed a new bill that will allow police to remotely access suspects’ cameras, microphones, and GPS on cell phones and other devices. As reported by Le Monde, the bill has been criticized by the French people as a “snoopers” charter that allows police unfettered access to Read more about France Allows Police to Remotely Turn On GPS, Camera, Audio on Phones[…]

$6.3b US firm Telesign breached GDPR, reputation-scoring half of the population of the planet with mobiles

A US-based fraud prevention company is in hot water over allegations it not only collected data from millions of EU citizens and processed it using automated tools without their knowledge, but that it did so in the United States, all in violation of the EU’s data protection rules. The complaint was filed by Austrian privacy Read more about $6.3b US firm Telesign breached GDPR, reputation-scoring half of the population of the planet with mobiles[…]

Fitbit Privacy & security guide – no one told me it would send my data to the US

As of January 14, 2021, Google officially became the owner of Fitbit. That worried many privacy conscious users. However, Google promised that “Fitbit users’ health and wellness data won’t be used for Google ads and this data will be kept separate from other Google ad data” as part of the deal with global regulators when Read more about Fitbit Privacy & security guide – no one told me it would send my data to the US[…]

Amazon’s Ring used to spy on customers, children, FTC says in privacy settlement

A former employee of Amazon.com’s Ring doorbell camera unit spied for months on female customers in 2017 with cameras placed in bedrooms and bathrooms, the Federal Trade Commission said in a court filing on Wednesday when it announced a $5.8 million settlement with the company over privacy violations. Amazon also agreed to pay $25 million Read more about Amazon’s Ring used to spy on customers, children, FTC says in privacy settlement[…]