Privacy

I'm checking out various "personal knowledge management" tools in a sandbox to see if it be an upgrade my ragtag collection of text file-based notes.

First candidate is #Logseq, supposedly "privacy-first".

How #privacy friendly is something based on Electron (aka Chrome)? Debatable, but then they also do this:

1. Have "Send usage data" on by default
2. Start with an example page that embeds a YouTube video, and accepts all cookies

tcpdump and mitmproxy go wild when starting the program.

"A global spy tool exposed the locations of billions of people to anyone willing to pay. A Catholic group bought location data about gay dating app users in an effort to out gay priests. A location data broker sold lists of people who attended political protests.

What do these privacy violations have in common? They share a source of data that’s shockingly pervasive and unregulated: the technology powering nearly every ad you see online.

Each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called “real-time bidding” (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of."

https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how

#Privacy #Surveillance #CyberSecurity #AdTargeting #DataProtection #DataBrokers #DataBrokerage #RTB

"Telegram, the popular social network and messaging application which has also become a hotbed for all sorts of serious criminal activity, provided U.S. authorities with data on more than 2,200 users last year, according to newly released data from Telegram.

The news shows a massive spike in the number of data requests fulfilled by Telegram after French authorities arrested Telegram CEO Pavel Durov in August, in part because of the company’s unwillingness to provide user data in a child abuse investigation. Between January 1 and September 30, 2024, Telegram fulfilled 14 requests “for IP addresses and/or phone numbers” from the United States, which affected a total of 108 users, according to Telegram’s Transparency Reports bot. But for the entire year of 2024, it fulfilled 900 requests from the U.S. affecting a total of 2,253 users, meaning that the number of fulfilled requests skyrocketed between October and December, according to the newly released data."

https://www.404media.co/telegram-hands-u-s-authorities-data-on-thousands-of-users/

#USA #Telegram #Messaging #Surveillance #Privacy #DataProtection

Cool + normal.

Use #Signal @[email protected] please everyone 😘

https://www.404media.co/telegram-hands-u-s-authorities-data-on-thousands-of-users/

#News #Privacy #Signal

GrapheneOS Camera app version 77 released:

https://github.com/GrapheneOS/Camera/releases/tag/77

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/18776-grapheneos-camera-app-version-77-released

#GrapheneOS #privacy #security #camera #android

"Consumers are encountering AI systems and tools, whether they know it or not, from customer service chatbots, to educational tools, to recommendation systems powering their social media feeds, to facial recognition technology that could flag them as a security risk, and to tools that determine whether or on what terms they’ll get medical help, a place to live, a job, or a loan. Because there is no AI exemption from the laws on the books, firms deploying these AI systems and tools have an obligation to abide by existing laws, including the competition and consumer protection statutes that the FTC enforces. FTC staff can analyze whether these tools violate people’s privacy or are prone to adversarial inputs or attacks that put personal data at risk. We can also scrutinize generative AI tools that are used for fraud, manipulation, or non-consensual imagery, or that endanger children and others. We can consider the impacts of algorithmic products that make decisions in high-risk contexts such as health, housing, employment, or finance. Those are just a few examples, but the canvas is large.

The following examples from real-world, recent casework and other initiatives highlight the need for companies to consider these factors when developing, maintaining, using, and deploying an AI-based product:"

https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2025/01/ai-risk-consumer-harm

#AI #GenerativeAI #AISafety #Privacy #ConsumerRights #FTC

GrapheneOS Camera app version 76 released:

https://github.com/GrapheneOS/Camera/releases/tag/76

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/18716-grapheneos-camera-app-version-76-released

#GrapheneOS #privacy #security #camera #android

Siri’s eavesdropping led to a $95 million payout by Apple, with users set to receive up to $20 each.

#Apple #Siri #spy #lawsuit #privacy

https://cnews.link/siri-settlement-apple-breach-3/

"Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant.

The development was first reported by Reuters.

The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the assistant "obtained by Apple and/or were shared with third-parties as a result of an unintended Siri activation" between September 17, 2014, and December 31, 2024.

Eligible individuals can submit claims for up to five Siri devices – iPhone, iPad, Apple Watch, MacBook, iMac, HomePod, iPod touch, or Apple TV – on which they claim to have experienced an accidental Siri activation during a conversation intended to be confidential or private. Class members who submit valid claims can receive $20 per device."

https://thehackernews.com/2025/01/apple-to-pay-siri-users-20-per-device.html

#Apple #Siri #Privacy #USA #DataProtection

"Almost two years ago, Louisiana passed a law that started a wave that’s since spread across the entire U.S. south, and has changed the way people there can access adult content. As of today, Florida, Tennessee, and South Carolina join the list of 17 states that can’t access some of the most popular porn sites on the internet, because of regressive laws that claim to protect children but restrict adults’ use of the internet, instead.

That law, passed as Act 440, was introduced by “sex addiction” counselor and state representative Laurie Schegel and quickly copied across the country. The exact phrasing varies, but in most states, the details of the law are the same: Any “commercial entity” that publishes “material harmful to minors” online can be held liable—meaning, tens of thousands of dollars in fines and/or private lawsuits—if it doesn’t “perform reasonable age verification methods to verify the age of individuals attempting to access the material.”

To remain compliant with the law while protecting users’ privacy, Aylo—the company that owns Pornhub and a network of sites including Brazzers, RedTube, YouPorn, Reality Kings, and several others—is making the choice, state by state, to block users altogether."

https://www.404media.co/pornhub-is-now-blocked-in-almost-all-of-the-u-s-south/

#USA #Censorship #PoliceState #Authoritarianism #Surveillance #AgeVerification #Privacy

"In the years to come, the federal government and many state governments might engage in surveillance and data gathering as they round up immigrants, punish people for seeking, providing, or assisting abortions, and attack gender-affirming health care. The government might use personal data in its effort to retaliate against those who stand in its way. Such efforts might be assisted by mobs of vigilantes who will use personal data to dox, threaten, embarrass, and harm anyone they don’t like — much like the way many people eagerly assisted totalitarian regimes in finding “undesirables” and rooting out and punishing dissenters.

Our best hope for protection is that legislators in Massachusetts and other states who are concerned about these risks take steps now to upgrade their privacy laws."

https://teachprivacy.com/privacy-in-authoritarian-times/

#Privacy #CyberSecurity #Surveillance #Authoritarianism #DataProtection

GrapheneOS version 2024123000 released:

https://grapheneos.org/releases#2024123000

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/18611-grapheneos-version-2024123000-released

#GrapheneOS #privacy #security

The #Volkswagen #geolocation leak is a great example of why I am such a Luddite when it comes to sharing data with companies. I use as few cloud services as possible (for example, with Apple, I only use the "Find My" service from iCloud).

Even if you make an informed decision to share your data with a company, the data can still leak by accident or through a system compromise. The unfortunate fact is that these days, many services are made difficult or even impossible to use without accepting excessive data sharing.

https://www.carscoops.com/2024/12/vw-group-data-breach-exposed-location-info-for-800000-evs/

#privacy #GDPR #infoleaks #volksdaten

Apple Photos phones home on iOS 18 and macOS 15

https://lapcatsoftware.com/articles/2024/12/3.html

#Apple #Security #Privacy

My #GenZ daughter asked for our old pocket size digital #camera. Apparently, all the cool kids are using them.

I assumed it was because the cool people suddenly discovered the importance of retro #privacy, controlling and storing your images offline, beyond the reach of content hungry AI. She assured me that privacy had nothing to do with it.

Can someone explain this to me like I'm 23? Why is my old camera suddenly cool?

Maybe @[email protected] knows. She's cool.

"EFF’s attorneys, activists, and technologists were media rockstars in 2024, informing the public about important issues that affect privacy, free speech, and innovation for people around the world.

Perhaps the single most exciting media hit for EFF in 2024 was “Secrets in Your Data,” the NOVA PBS documentary episode exploring “what happens to all the data we’re shedding and explores the latest efforts to maximize benefits – without compromising personal privacy.” EFFers Hayley Tsukayama, Eva Galperin, and Cory Doctorow were among those interviewed."

https://www.eff.org/deeplinks/2024/12/eff-press-2024-review

#DigitalRights #USA #Privacy #DigitalActivism

"Of course, this user never requested that my on-device experiences be "enriched" by phoning home to Cupertino. This choice was made by Apple, silently, without my consent.

From my own perspective, computing privacy is simple: if something happens entirely on my computer, then it's private, whereas if my computer sends data to the manufacturer of the computer, then it's not private, or at least not entirely private. Thus, the only way to guarantee computing privacy is to not send data off the device.

I don't understand most of the technical details of Apple's blog post. I have no way to personally evaluate the soundness of Apple's implementation of Enhanced Visual Search. One thing I do know, however, is that Apple computers are constantly full of privacy and security vulnerabilities, as proved by Apple's own security release notes. You don't even have to hypothesize lies, conspiracies, or malicious intentions on the part of Apple to be suspicious of their privacy claims. A software bug would be sufficient to make users vulnerable, and Apple can't guarantee that their software includes no bugs. (To the contrary, Apple's QA nowadays is atrocious.)

It ought to be up to the individual user to decide their own tolerance for the risk of privacy violations. In this specific case, I have no tolerance for risk, because I simply have no interest in the Enhanced Visual Search feature, even if it happened to work flawlessly. There's no benefit to outweigh the risk. By enabling the "feature" without asking, Apple disrespects users and their preferences. I never wanted my iPhone to phone home to Apple.

Remember this advertisement? "What happens on your iPhone, stays on your iPhone.""

https://lapcatsoftware.com/articles/2024/12/3.html

#Apple #ApplePhotos #Privacy #DataProtection #Encryption #iOS #iPhone

"This article uses the case study of an insurance product linked to a health and wellbeing program—the Vitality scheme—as a lens to examine the limited regulation of collection and use of non-personal (de-identified/anonymised) information and the impacts it has on individuals, as well as society at large. Vitality is an incentive-based engagement program that mobilises online assessment tools, preventive health screening, and physical activity and wellness tracking through smart fitness technologies and apps. Vitality then uses the data generated through these activities, mainly in an aggregated, non-personal form, to make projections about changes in behaviour and future health outcomes, aiming at reducing risk in the context of health, life, and other insurance products. Non-personal data has been traditionally excluded from the scope of legal protections, and in particular privacy and data regimes, as it is thought not to contain information about specific, identifiable people, and thus its potential to affect individuals in any meaningful way has been understood to be minimal. However, digitalisation and ensuing ubiquitous data collection are proving these traditional assumptions wrong. We show how the response of the legal systems is limited in relation to non-personal information collection and use, and we argue that irrespective of the (possibly) beneficial nature of insurance innovation, the current lack of comprehensive regulation of non-personal data use potentially leads to individual, collective and societal data harms, as the example of the Vitality scheme illustrates."

https://www.sciencedirect.com/science/article/pii/S0267364924001614

#Australia #HealthInsurance #Anonymization #Privacy #DataProtection #GDPR #Insurance

Boost if you feel a small glow, an ember of revolt as you systematically strip all the tracking variables after the ? from the URLs you share. It's not much, but it's something.

#Surveillance #Privacy

Good holidays to everyone! And to all who have to work during this time, keep up your good work!

News:
From today until the 31. December monocles chat is available for free in the Playstore:

https://play.google.com/store/apps/details?id=eu.monocles.chat&amp%3Bpcampaignid=web_share

Feel free to chat with us on XMPP xmpp:[email protected]

#monocleschat #monocles #xmpp #privacy #chat #messenger

"Capitalist and technology-enabled surveillance has moved beyond targeting users with ads to targeting their lives. This is why privacy online today means freedom tomorrow. Protecting our privacy secures our fundamental rights for the future.

I will be honest, it can be overwhelming; however, in times like this, I like to focus on what can be done instead of worrying about what hasn't happened yet. The most important thing is to act, no matter how difficult it can be during times of fear and stress. Pushing for incremental change and improvements requires small actions every day. We have to engage the folks that are willing to join our fight, pave the way for those actions, and build the communities we want collectively.

There is a lesson to be learned from merging with Tails in 2024 and our growth in the last several years: together we are stronger. And in 2025, I want to use this lesson as a guiding principle, that solidarity and collaboration are our greatest strengths."

https://blog.torproject.org/tor-in-2024/

#Tor #Anonymity #Privacy #Surveillance

"The European Commission is proposing regulation under its initiative for digitalising travel documents. We are responding to a consultation that is open to the public and highlighting problems with the proposal. In this article we provide background to the initiative and highlight problems that could put fundamental rights at risk, such as a new, secretive biometric surveillance infrastructure to implement to proposed system.

The European Commission (EC) has presented two proposals in the context of their initiative for digitalising travel documents. This initiative includes a “Proposal for a Regulation establishing an application for the electronic submission of travel data (“EU Digital Travel application”) […] as regards the use of digital travel credentials” (2024/0670 (COD)) – henceforth “the proposal” or the “the travel app” and subject of this article and of our consultation feedback – and a “Proposal for a Council Regulation establishing an identity card-based digital travel credential”. A previous public consultation on the goals of this initiative, prior to the presentation of the legislative proposals, received overwhelmingly negative feedback."

https://edri.org/our-work/pre-travel-controls-digitalising-travel-documents/

#EU #EC #Surveillance #Biometrics #DataProtection #Privacy #DigitalRights

"Italy's data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data.

The fine comes nearly a year after the Garante found that ChatGPT processed users' information to train its service in violation of the European Union's General Data Protection Regulation (GDPR).

The authority said OpenAI did not notify it of a security breach that took place in March 2023, and that it processed the personal information of users to train ChatGPT without having an adequate legal basis to do so. It also accused the company of going against the principle of transparency and related information obligations toward users.

"Furthermore, OpenAI has not provided for mechanisms for age verification, which could lead to the risk of exposing children under 13 to inappropriate responses with respect to their degree of development and self-awareness," the Garante said.

Besides levying a €15 million fine, the company has been ordered to carry out a six-month-long communication campaign on radio, television, newspapers, and the internet to promote public understanding of how ChatGPT works.

This specifically includes the nature of data collected, both user and non-user information, for the purpose of training its models, and the rights that users can exercise to object, rectify, or delete that data."

#AI #GenerativeAI #EU #Italy #OpenAI #DataProtection #Privacy #ChatGPT

"The law does not specify which social media platforms will be banned. Instead, this decision is left to Australia’s communications minister who will work alongside the country’s internet regulator, the eSafety Commissioner, to enforce the rules. This gives government officials dangerous power to target services they do not like, all at a cost to both minor and adult internet users.

The legislation also does not specify what type of age verification technology will be necessary to implement the restrictions but prohibits using only government IDs for this purpose. This is a flawed attempt to protect privacy.

Since platforms will have to provide other means to verify their users' ages other than by government ID, they will likely rely on unreliable tools like biometric scanners. The Australian government awarded the contract for testing age verification technology to a UK-based company, Age Check Certification Scheme (ACCS) who, according to the company website, “can test all kinds of age verification systems,” including “biometrics, database lookups, and artificial intelligence-based solutions.”"

https://www.eff.org/deeplinks/2024/12/australia-banning-kids-social-media-does-more-harm-good

#Australia #SocialMedia #AgeVerification #Surveillance #Privacy #DataProtection

"The findings, presented in November in Madrid at the Internet Measurement Conference (IMC 2024) and published in the Proceedings of the 2024 ACM on Internet Measurement Conference, highlight the frequency with which these screenshots are transmitted to the servers of the brands analyzed: Samsung and LG. Specifically, the research showed that Samsung TVs sent this information every minute, while LG devices did so every 15 seconds.

"This gives us an idea of the intensity of the monitoring and shows that smart TV platforms collect large volumes of data on users, regardless of how they consume content, whether through traditional TV viewing or devices connected via HDMI, like laptops or gaming consoles," Callejo emphasizes.

To test the ability of TVs to block ACR tracking, the research team experimented with various privacy settings on smart TVs. The results demonstrated that, while users can voluntarily block the transmission of this data to servers, the default setting is for TVs to perform ACR."

https://techxplore.com/news/2024-12-smart-tvs-viewing-external-screens.html

#TVs #SmartTVs #Surveillance #DataProtection #Privacy