“Microsoft’s AI research team, while publishing a bucket of open-source training data on GitHub, accidentally exposed 38 terabytes of additional private data — including a disk backup of two employees’ workstations. The backup includes secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The researchers shared their files using an Azure feature called SAS tokens, which allows you to share data from Azure Storage accounts.”
“Matthew Green, a cryptography professor at Johns Hopkins University in the US, just encountered the popup and expressed his dismay.
« I don’t want my browser keeping track of my browsing history to help serve me ads, and I definitely don’t want my browser sharing any function of my browsing history with every random website I visit, » he said via Twitter.
And VC Paul Graham has derided ad targeting tech as spyware. Google has offered repeated reassurances that its Topics API does not allow companies to identify those whose interests inform its ad API. But some developers claim Topics may be useful for browser fingerprinting and both Apple and Mozilla have said they won’t adopt Topics due to privacy concerns.”
“Engineers at the tech giants built tools years ago that could put a name to any face but, for once, Silicon Valley did not want to move fast and break things.”
“Car makers have been bragging about their cars being “computers on wheels » for years to promote their advanced features. However, the conversation about what driving a computer means for its occupants’ privacy hasn’t really caught up. While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed.”
“When The New York Times reported in April that a contractor had purchased and deployed a spying tool made by NSO, the contentious Israeli hacking firm, for use by the U.S. government, White House officials said they were unaware of the contract and put the F.B.I. in charge of figuring out who might have been using the technology. After an investigation, the F.B.I. uncovered at least part of the answer: It was the F.B.I.”
“The proposed Article 35 of the Military Planning Law gives ANSSI the authority to install “technical markers” — hardware and software enabling the collection of user data on the networks of electronic communications operators and data center operators. This provision would grant ANSSI the authority to install surveillance capabilities in private data centers without due process, posing a grave risk to the civil liberties of both French and global Internet users. This appears to be in conflict not only with EU law but also with the OECD Declaration on Government Access to Personal Data Held by Private Sector Entities, which seeks to ensure that “government access should be carried out in a manner that is not excessive in relation to the legitimate aims and in accordance with legal standards of necessity, proportionality, reasonableness and other standards that protect against the risk of misuse and abuse, as set out in and interpreted within the country’s legal framework.””
“Google will have to postpone starting its artificial intelligence chatbot Bard in the European Union after its main data regulator in the bloc raised privacy concerns. The Irish Data Protection Commission said Tuesday that the tech giant had so far provided insufficient information about how its generative AI tool protects Europeans’ privacy to justify an EU launch. The Dublin-based authority is Google’s main European data supervisor under the bloc’s General Data Protection Regulation (GDPR). « Google recently informed the Data Protection Commission of its intention to launch Bard in the EU this week, » said Deputy Commissioner Graham Doyle. The watchdog « had not had any detailed briefing nor sight of a data protection impact assessment or any supporting documentation at this point. »”
“Security experts have long said that any potential backdoors into encrypted communications or ways to decrypt services would undermine the overall security of the encryption. If law enforcement officials have a way to decipher messages, criminal hackers or those working on behalf of governments could exploit the same capabilities.”
“At TikTok, the company organizes all the videos its users post into a web of clusters, sorted by topics, the former TikTok employees said. The clusters span the universe of TikTok videos, including ones named: mainstream female, alt female, southeastern black male, and coastal, white-collar male. Each cluster includes subgroups; for alt female, those included tattoos, some lesbian content, and “Portland.” A cluster about professional basketball, for example, had subgroups about the Golden State Warriors, and star player Steph Curry. TikTok tracked the categories of content and users on its app in an effort to understand trends and find ways to boost engagement, some of the former employees said. Some TikTok employees could view the unique identification numbers of the users associated with each cluster, as well as the list of users who were watching videos in each cluster. Additionally, employees could look up users based on their ID number—a series of numbers each TikTok user is given when they start watching videos on the app—to see what cluster they were associated with, according to some of the former employees.”
“Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. « Google is aware that an exploit for CVE-2023-2033 exists in the wild, » the search giant said in a security advisory published on Friday. The new version is rolling out to users in the Stable Desktop channel, and it will reach the entire user base over the coming days or weeks. Chrome users should upgrade to version 112.0.5615.121 as soon as possible, as it addresses the CVE-2023-2033 vulnerability on Windows, Mac, and Linux systems.”
