privacy

cross-posted from: https://programming.dev/post/36575333

Main Page.

• Full Report- 33 Pages.
• Highlights 1 Page.
• Accessible PDF-28 pages.

Property technology broadly refers to the use of software, digital platforms, and other digital tools used in the housing market. Property owners and renters use these technologies for functions including advertising, touring, leasing, and financial management of rental housing. These tools may incorporate computer algorithms and artificial intelligence.

Selected Property Technology Tools Used in Rental Housing

Property technology tools used for advertising, tenant screening, rent-setting, and facial recognition have both benefits and risks. For example, facial recognition technology can enhance safety, according to three industry associations and all 10 of the public housing agencies in GAO's review. However, these tools also may pose risks related to transparency, discriminatory outcomes, and privacy. For instance, potential renters may struggle to understand, and owners to explain, the basis for screening decisions made by algorithms. Facial recognition systems also might misidentify individuals from certain demographic groups, and property owners might use surveillance information without renter consent, according to advocacy groups GAO interviewed.

The four federal agencies took several actions to address these risks. To combat alleged misleading and discriminatory advertising on rental platforms, agencies pursued legal action and obtained settlements requiring changes to advertising practices and improved compliance with the Fair Housing Act. They also took enforcement actions against tenant screening companies for using inaccurate or outdated data.

However, all 10 public housing agencies stated public housing agencies would benefit from additional direction on use of facial recognition technology. The Department of Housing and Urban Development's (HUD) current guidance to these agencies is high-level and does not provide specific direction on key operational issues, such as managing privacy risks or sharing data with law enforcement. More detailed written direction could provide public housing agencies additional clarity on the use of facial recognition technology and better address tenant privacy concerns.

cross-posted from: https://programming.dev/post/36487769

Comments

• Lobsters.

cross-posted from: https://programming.dev/post/36285037

Full PDF report.

It’s Not Just Porn—LGBTQ+, Public Health, and Politics Forums All Behind Age Gates

On July 25, users in the UK were shocked and rightfully revolted to discover that their favorite Reddit communities were now locked behind age verification walls. Under the new policies, UK Redditors were asked to submit a photo of their government ID and/or a live selfie to Persona, the for-profit vendor that Reddit contracts with to provide age verification services.

For many, this was the first time they realized what the OSA would actually mean in practice—and the outrage was immediate. As soon as the policy took effect, reports emerged from users that subreddits dedicated to LGBTQ+ identity and support, global journalism and conflict reporting, and even public health-related forums like r/periods, r/stopsmoking, and r/sexualassault were walled off to unverified users. A few more absurd examples of the communities that were blocked off, according to users, include: r/poker, r/vexillology (the study of flags), r/worldwar2, r/earwax, r/popping (the home of grossly satisfying pimple-popping content), and r/rickroll (yup). This is, again, exactly what digital rights advocates warned about.

The OSA defines "harmful" in multiple ways that go far beyond pornography, so the obstacles the UK users are experiencing are exactly what the law intended. Like other online age restrictions, the OSA obstructs way more than kids’ access to clearly adult sites. When fines are at stake, platforms will always default to overcensoring. So every user in the country is now faced with a choice: submit their most sensitive data for privacy-invasive analysis, or stay off of Reddit entirely. Which would you choose?

Cross posted from: https://programming.dev/post/36206911

cross-posted from: https://lemmy.nz/post/27167107

The Artificial Intelligence Unit will be made up of police officers and agents from other security forces. Its tasks will include “patrolling open social platforms, applications and websites,” where it will seek to “detect potential threats, identify movements of criminal groups or anticipate disturbances.” It will also be dedicated to “analyzing images from security cameras in real time in order to detect suspicious activities or identify wanted persons using facial recognition.” The resolution also awards it powers worthy of science fiction: “Using machine learning algorithms to analyze historical crime data and thus predict future crimes.” Another purpose will be to discover “suspicious financial transactions or anomalous behavior that could indicate illegal activities.”

The new unit will not only deal with virtual spaces. It will be able to “patrol large areas using drones, provide aerial surveillance and respond to emergencies,” as well as perform “dangerous tasks, such as defusing explosives, using robots.”

A digital policy specialist says, the initiative essentially means “illegal intelligence disguised as the use of ‘modern’ technologies.” Among the implicit risks, that there will be little control and many different security forces with access to the information that’s collected.

cross-posted from: https://programming.dev/post/36111319

EFF: Atlas of Surveillance.

cross-posted from: https://programming.dev/post/36109840

Photo by Sora Shimazaki

by Nikita Biryukov, New Jersey Monitor
August 19, 2025

Police did not act improperly when an officer gained access to the phone of an individual detained for kidnapping, sex assault, and other serious charges after watching the man enter his cellphone passcode and committing it to memory, a New Jersey appeals court ruled Tuesday.

Tyrone Ellison, who was arrested and convicted after kidnapping a minor with substance abuse issues from a Newark hospital, had no reasonable expectation of privacy when he unlocked his phone while in police custody and under the supervision of a detective, the court ruled.

“There was no violation of defendant’s Fifth Amendment right against self-incrimination where defendant voluntarily requested his cell phone, was not compelled to provide the passcode and voluntarily entered the passcode in the officer’s presence,” the judges wrote.

Police could not leave Ellison unattended with his phone without risking him deleting evidence, the ruling adds.

The judges said prior case law that found an arrestee maintained a reasonable expectation of privacy when making a call from a police station without being told that call may be monitored or recorded does not apply to Ellison’s case.

Ellison, the judges wrote, was aware of the detective’s presence when entering his passcode, did not attempt to conceal his password, and was not stopped from concealing his passcode from police.

“There was no deception or trickery used to obtain defendant’s passcode. Nor did the police orchestrate the situation to induce defendant to reveal the passcode,” the court wrote.

In effect, Ellison’s expectation of privacy vanished when he chose to unlock his phone in the presence of police, the court found.

A divided New Jersey Supreme Court in 2020 ruled in Andrews v. New Jersey that while the Fifth Amendment presumptively protects individuals’ passcodes, they can be compelled to reveal them under the foregone conclusion exception to the amendment. That exception allows the compelled disclosure of documents and passcodes as long as authorities know they exist and the individual subject to the warrant knows and possesses them.

Tuesday’s ruling says another doctrine that allows authorities to use improperly obtained information if it would have inevitably come into their possession through proper channels would have allowed police to use the passcode even if it was initially obtained improperly.

Police obtained a communications data warrant to search the phone and could have obtained an order to compel Ellison to disclose his passcode, the judges wrote.

“Once the passcode was compelled, law enforcement would have been able to access the contents of the phone,” the judges wrote.

The New Jersey Office of the Public Defender represented Ellison. Alison Perrone, deputy of the office’s appellate section, called the ruling concerning and said her office will ask the New Jersey Supreme Court to review the case.

“The ability of law enforcement to observe and later use a person’s private phone passcode while in custody presents serious questions about constitutional rights in the digital era,” Perrone said in a statement.

GET THE MORNING HEADLINES.SUBSCRIBE

New Jersey Monitor is part of States Newsroom, a nonprofit news network supported by grants and a coalition of donors as a 501c(3) public charity. New Jersey Monitor maintains editorial independence. Contact Editor Terrence T. McDonald for questions: [email protected].

Creative Commons license CC BY-NC-ND 4.0.

cross-posted from: https://lemmybefree.net/post/1243814

Hi! I'm looking for a privacy respecting Android tablet.

I ruled out the google tablet due to it being too expensive with an LCD screen

I would prefer a nice OLED screen if possible (or similar), and preferably cheap. Must be able to stream HEVC encoded videos (not 10 years old hardware), and preferably more (VP9, AV1, for future proofing)

The main use will be to watch content (movies, series, videos) from YouTube and Jellyfin, and sometimes some other apps if they're not enforcing the Play Integrity API

So far I've searched some OS and I'm considering LineageOS or /e/OS, with /e/OS looking better in terms of privacy. Don't want google to track everywhere I go and everything I do.

Any recommendations for good cheap hardware with bootloader unlocking, and recommendations for a good Android ROM?

I’ve already got a ton of ‘em but I’m always on the lookout for more. What are your favorite lesser-known DNS blocklists?

So we know the UK, France, Sweden and Australia all have “pondered out loud” about getting platforms like Signal to allow backdoors into encrypted calls and messages.

This creates a sense of safety about these platforms being secure, because governments want to come after them.

Here’s a tinfoil hat take: Five Eyes is significantly reducing inter cooperation. The non-fascist parts of the alliance don’t want to share with the obvious authoritarian, but the authoritarian one used to share the fruits of their established backdoors with them, and now they don’t.

Note that the US isn’t asking signal for a backdoor. Why? Back in 2015-2016 (last years of Obama), Apple had a loud and visible feud with the FBI. Since the authoritarian came to power, this all disappeared from the media. Interestingly, 10 years have gone by since that moment, every single aspect of our lives has become more surveilled, and somehow the US govt has stopped trying to get into phones? *While the CEO is making hand deliveries of 24 karat gold bars to the Oval Office?

TLDR; I think a safe assumption that they are in our devices by now. Fundamentally people misunderstand encryption. Encryption is only as strong as the weakest link. If your signal chats are unencrypted for consumption on your device, then that’s when the unencrypted content can be captured.

For the longest time, Apple stored your iCloud backups encrypted. Looked good in marketing materials, until they casually admitted the decryption key is stored in the same cloud.

Combine this with ICE capturing citizens without due process. If you have a vanilla smart device, you’re doing the surveillance for them. /tinfoilhat

Online ~~age~~ identity verification is rolling out in the UK. Pundits expect an enthusiastic rollout of similar laws in the US this fall. I'm in Canada, per the OP instance.

I don't have a computer scientist background. I don't understand this stuff. I find the most credible-sounding person I can and basically trust them on whether or not this stuff can realistically be implemented in a privacy-respecting fashion. I don't think it can be.

I know how I'll probably handle online identity verification laws when then land on my shores. I'll refuse to participate in any new age of online identity verfication insofar as I can:

• I might not be able to access content via anonymous frontends of YT, twitter, and reddit that I occasionally use
• Probably can't access porn or buy anything sex-related online
• Might be limited in accessing other content of personal interest (e.g., LGBTQ+ sites, non-mainstream news)
• Probably have to go in-person for government or commercial services more often
• Most of all I think I'd miss the Fediverse

In putting these thoughts to figurative paper, I think I realize my best strategy. It's to be prepared to shift to other online platforms. Because freethinking people will shift if they have to. I don't want to get left behind. Any advice on how to prepare or what to look into (as a layperson)?

Will Lemmy and other Fediverse sites be able to remain operational without enacting identity verification if they ensure there's no restricted material on their websites? And say let's for example that this just means porn (and not LGBTQ+, anti-fascism, anti-zionism etc; ie, chilled free speech around very broadly relevant content), is that possible as is without paid admin/mods?

-Dumb and worried

I don't suppose there's a solution to it. I use https://search.trom.tf/ which cycles through a list of SearXNG instances, but some of them retrieve results that literally look like they belong to another query. Has anyone else experienced this?

The UK's Online Safety Act doesn't just age-gate porn; it blocks material deemed "harmful" to minors. Days after the law went into effect, reports of non-explicit content on social media getting blocked in the region started to crop up. Subreddits from r/IsraelCrimes to r/stopsmoking are now walled in the UK. Video games, Spotify, and dating apps have instituted or will institute age checks.

Given the SCOTUS age verification decision [June '25], Stabile fears that people [in the US] will go "mask off" in the fall and spring, when state legislatures start getting back together. "People are going to attempt to restrict the internet even more aggressively," Stabile said. "I think people are going to work to restrict all sorts of content, particularly LGBTQ content, but also content that is broadly defined as any sort of threat or propaganda to minors." Other experts Mashable spoke to agree with him.

"I'm going to jump to the end step," [Eric Goldman, law professor at the Santa Clara University School of Law] said. "The end step is that most online users are going to be required to age authenticate most of the time they visit websites. That's going to become the norm." In a paper he wrote, Goldman called these statutes "segregate-and-suppress" laws.

The stated reason behind these laws is to "protect children." But as journalist Taylor Lorenz pointed out, in the UK, age verification is already preventing children from accessing vital information, such as about menstruation and sexual assault.

"When we see crackdowns on spaces on the internet, we're essentially stripping away that potential for self-actualization," Goldman said. We've reached the dystopian stage of the internet, he added.

I usually don’t try using coupons since many of the codes shown on websites don’t work, but I feel bad for not trying hard or smart enough. I’ve heard good things about Retailmenot, I haven’t tried it yet but I wondering if there are privacy trade-offs.

Newgrounds, a gaming forum, has some clever ways for non-intrusively complying with the shambling disaster that is the "UK Online Safety Act".

For years, I've been doing something similar to this when generating internal reports on DNA Lounge demographics: e.g., if someone bought a ticket for an 18+ event 5 years ago, they must be at least 23 years old now.

Newgrounds: Here is our current plan for UK users:

1. If your account is more than ten years old, we will assume you are currently over 18. This is in line with one of the methods of effective age assurance, which involves paying a third party to match your email address against some sort of database of scraped data, which determines if your email has been in use for a long time. We have our own long-term data, so we'll use that instead.

2. If your account ever bought Supporter status with a credit card and we can confirm that with the payment processor, we will assume you are over 18 because you need to be 18 in the UK to have a credit card.

3. If your account ever bought Supporter status more than two years ago, we will assume you are over 18 because you need to be at least 16 to have a Paypal or debit card in the UK (assuming we are right about this).

4. If none of the above applies, you will have the opportunity to pay a small one-time fee via credit card as confirmation of your age.

We are not planning to offer things like ID checks or facial recognition because these require us to pay a third party to confirm each person.

cross-posted from: https://lemmy.ml/post/33650112

Hey, everyone. If you're looking for a fresh privacy podcast, we recently started a new one called Signal Jam.

Here's a bit about why we made Signal Jam and what we're hoping to do differently.

We even have preliminary ways for you to participate in the project, which you can read about here.

Feel free to connect with us on Proton, Tuta, Signal, or here on Lemmy. Looking forward to your feedback and thoughts!

cross-posted from: https://piefed.world/post/311743

This is what is shown now when you have to verify

cross-posted from: https://lemmy.sdf.org/post/38711471

Archived

Here is the original report (pdf).

Security researchers say Chinese authorities are using a new type of malware to extract data from seized phones, allowing them to obtain text messages — including from chat apps such as Signal — images, location histories, audio recordings, contacts, and more.

In a report [...] mobile cybersecurity company Lookout detailed the hacking tool called Massistant, which the company said was developed by Chinese tech giant Xiamen Meiya Pico.

Massistant, according to Lookout, is Android software used for the forensic extraction of data from mobile phones, meaning the authorities using it need to have physical access to those devices. While Lookout doesn’t know for sure which Chinese police agencies are using the tool, its use is assumed widespread, which means Chinese residents, as well as travelers to China, should be aware of the tool’s existence and the risks it poses.

“It’s a big concern. I think anybody who’s traveling in the region needs to be aware that the device that they bring into the country could very well be confiscated and anything that’s on it could be collected,” Kristina Balaam, a researcher at Lookout who analyzed the malware, told TechCrunch ahead of the report’s release. “I think it’s something everybody should be aware of if they’re traveling in the region.”

Balaam found several posts on local Chinese forums where people complained about finding the malware installed on their devices after interactions with the police.

“It seems to be pretty broadly used, especially from what I’ve seen in the rumblings on these Chinese forums,” said Balaam.

[...]

cross-posted from: https://lemmy.sdf.org/post/38682823

Ireland's Data Protection Commission (DPC) has announced that it has opened an inquiry into TikTok Technology Limited’s (TikTok) transfers of EEA users’ personal data to servers located in China.

[...]

In April 2025, TikTok informed the DPC of an issue that it had discovered in February 2025, namely that limited EEA user data had in fact been stored on servers in China, contrary to TikTok’s evidence to the previous inquiry.

[...]

The DPC’s decision, which issued following the inquiry cooperation procedure with peer EU regulators under the GDPR One Stop Shop mechanism, expressed its deep concern that TikTok had submitted inaccurate information to that inquiry. In its press release issued at the time of the conclusion of that inquiry, the DPC stated that it was taking those developments “very seriously” and was “considering what further regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities”. As a result of that consideration, the DPC has now decided to open this new inquiry into TikTok.

[...]

cross-posted from: https://lemmy.sdf.org/post/38550444

The Chinese artificial intelligence (AI) application DeepSeek is set to be removed from app stores in Germany at the behest of the federal data protection officer, Louisa Specht-Riemenschneider, due to violations of European law.

"China does not have a level of data protection that corresponds to our General Data Protection Regulation," she told the newspapers of the Funke media group. Data transfers to China are "extremely critical," she said.

[...]

Specht-Riemenschneider said she supports the initiative of the Berlin data protection officer and did not accept criticism that data protection is a hindrance to innovation.

"Data protection is a guarantee of trust. It can even be a competitive advantage," said Specht-Riemenschneider. "What hinders innovation is legal uncertainty in the market. And this also stems from a proliferation of digital legislation."

She said that digital legislation in Europe must be better coordinated, with clear rules including for data protection.

Authorities in South Korea, Italy, Taiwan and Australia have already taken action against DeepSeek.

[...]

Bitwarden is positioning itself at the forefront of secure credential management and Agentic AI. By introducing its Model Context Protocol (MCP) server, Bitwarden provides the infrastructure for secure AI agent integration with password management.