Étiquette : privacy (Page 1 of 39)

“Google has yanked dozens of apps from its Google Play store after determining that they include a software element that surreptitiously harvests data.The Panamanian company that wrote the code, Measurement Systems S. de R.L., is linked through corporate records and web registrations to a Virginia defense contractor that does cyberintelligence, network-defense and intelligence-intercept work for U.S. national-security agencies.The code ran on millions of Android devices and has been found inside several Muslim prayer apps that have been downloaded more than 10 million times, as well as a highway-speed-trap detection app, a QR-code reading app and a number of other popular consumer apps, according to two researchers who discovered the behavior of the code in the course of auditing work they do searching for vulnerabilities in Android apps. They shared their findings with Google, a unit of Alphabet Inc., federal privacy regulators and The Wall Street Journal.”

Source : Google Bans Apps With Hidden Data-Harvesting Software – WSJ

“Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.[…] Apple and Meta both publish data on their compliance with emergency data requests. From July to December 2020, Apple received 1,162 emergency requests from 29 countries. According to its report, Apple provided data in response to 93% of those requests. Meta said it received 21,700 emergency requests from January to June 2021 globally and provided some data in response to 77% of the requests.”

Source : Apple, Meta Gave User Data to Hackers With Forged Legal Requests (AAPL, FB) – Bloomberg

Joint Statement on Trans-Atlantic Data Privacy Framework

“The European Commission and the United States announce that they have agreed in principle on a new Trans-Atlantic Data Privacy Framework, which will foster trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union in the Schrems II decision of July 2020.  The new Framework marks an unprecedented commitment on the U.S. side to implement reforms that will strengthen the privacy and civil liberties protections applicable to U.S. signals intelligence activities.  Under the Trans-Atlantic Data Privacy Framework, the United States is to put in place new safeguards to ensure that signals surveillance activities are necessary and proportionate in the pursuit of defined national security objectives, establish a two-level independent redress mechanism with binding authority to direct remedial measures, and enhance rigorous and layered oversight of signals intelligence activities to ensure compliance with limitations on surveillance activities.”

Source : Joint Statement on Trans-Atlantic Data Privacy Framework

Messages, Dialer apps sent text, call info to Google

“According to a research paper, « What Data Do The Google Dialer and Messages Apps On Android Send to Google? » [PDF], by Trinity College Dublin computer science professor Douglas Leith, Google Messages (for text messaging) and Google Dialer (for phone calls) have been sending data about user communications to the Google Play Services Clearcut logger service and to Google’s Firebase Analytics service. « The data sent by Google Messages includes a hash of the message text, allowing linking of sender and receiver in a message exchange, » the paper says. « The data sent by Google Dialer includes the call time and duration, again allowing linking of the two handsets engaged in a phone call. Phone numbers are also sent to Google. »”

Source : Messages, Dialer apps sent text, call info to Google • The Register

Retourner à l’accueil CNIL.FR

“Google Analytics permet de disposer de statistiques de fréquentation d’un site web. Saisie de plaintes par l’association NOYB, la CNIL, en coopération avec ses homologues européens, a analysé les conditions dans lesquelles les données collectées grâce à cet outil sont transférées vers les États-Unis. La CNIL estime que ces transferts sont illégaux et impose à un gestionnaire du site web français de se conformer au RGPD et, si nécessaire, de ne plus utiliser cet outil dans les conditions actuelles.”

Source : Utilisation de Google Analytics et transferts de données vers les États-Unis : la CNIL met en demeure un gestionnaire de site web | CNIL

Statistical Imaginaries – by danah boyd

“People are afraid to engage with uncertainty. They don’t know how to engage with uncertainty. And they worry about the politicization of uncertainty. But we’re hitting a tipping point. By not engaging with uncertainty, statistical imaginaries are increasingly disconnected from statistical practice, which is increasingly undermining statistical practice. And that threatens the ability to do statistical work in the first place. If we want data to matter, the science community must help push past the politicization of data and uncertainty to create a statistical imaginary that can engage the limitations of data.
The statistical imaginary of precise, perfect, and neutral data has been ruptured. There is no way to put the proverbial genie back in the bottle. Nothing good will come from attempting to find a new way to ignore uncertainty, noise, and error. The answer to responsible data use is not to repair an illusion. It’s to constructively envision and project a new statistical imaginary with eyes wide open. And this means that all who care about the future of data need to help ground our statistical imaginary in practice, in tools, and in knowledge. Responsible data science isn’t just about what you do, it’s about what you ensure all who work with data do.”

Source : Statistical Imaginaries – by danah boyd

Web2 vs Web3 | ethereum.org

“Web2 refers to the version of the internet most of us know today. An internet dominated by companies that provide services in exchange for your personal data. Web3, in the context of Ethereum, refers to decentralized apps that run on the blockchain. These are apps that allow anyone to participate without monetising their personal data. Web3 benefits Many Web3 developers have chosen to build dapps because of Ethereum’s inherent decentralization: Anyone who is on the network has permission to use the service – or in other words, permission isn’t required. No one can block you or deny you access to the service. Payments are built in via the native token, ether (ETH). Ethereum is turing-complete, meaning you can pretty much program anything”

Source : Web2 vs Web3 | ethereum.org

Reconnaissance faciale : la CNIL met en demeure Clearview AI de cesser la réutilisation de photographies accessibles sur internet | CNIL

http://www.beaude.net/no-flux/wp-content/uploads/2021/12/med-clearview-vf.png

“La société CLEARVIEW AI a développé un logiciel de reconnaissance faciale dont la base de données repose sur l’aspiration de photographies et de vidéos publiquement accessibles sur internet. La présidente de la CNIL l’a mise en demeure de cesser ce traitement illicite et de supprimer les données dans un délai de 2 mois.”

Source : Reconnaissance faciale : la CNIL met en demeure CLEARVIEW AI de cesser la réutilisation de photographies accessibles sur internet | CNIL

Expanding Our Bug Bounty Program to Address Scraping | Meta

http://www.beaude.net/no-flux/wp-content/uploads/2021/12/Bug-Bounty-End-of-Year-Moment-2021_Header.jpg

“We know that automated activity designed to scrape people’s public and private data targets every website or service. We also know that it is a highly adversarial space where scrapers — be it malicious apps, websites or scripts — constantly adapt their tactics to evade detection in response to the defenses we build and improve. As part of our larger security strategy to make scraping harder and more costly for the attackers, today we are beginning to reward valid reports of scraping bugs in our platform.
Starting today, our data bounty program will also cover scraped datasets found online. We will reward reports of unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII or sensitive data (e.g. email, phone number, physical address, religious or political affiliation). The reported dataset must be unique and not previously known or reported to Meta. We aim to learn from this effort so we can expand the scope to smaller datasets over time.”

Source : Expanding Our Bug Bounty Program to Address Scraping | Meta

« Older posts

© 2022 no-Flux

Theme by Anders NorenUp ↑