Étiquette : privacy (Page 2 of 40)

Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords

“Chrome’s enhanced spellcheck & Edge’s MS Editor are sending data you enter into form fields like username, email, DOB, SSN, basically anything in the fields, to sites you’re logging into from either of those browsers when the features are enabled. Furthermore, if you click on « show password, » the enhanced spellcheck even sends your password, essentially Spell-Jacking your data.”

Source : Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords | otto

Avortement: une société de collecte de données assignée en justice par le gouvernement américain

“La FTC reproche à Kochava de vendre des données de géolocalisation qui permettent de suivre les déplacements d’une personne, entre autres «vers et depuis des endroits sensibles», a expliqué le régulateur dans un communiqué de presse. La FTC mentionne ainsi des cliniques pratiquant l’interruption volontaire de grossesse (IVG), mais aussi des lieux de culte, des centres d’hébergement pour sans-abri ou victimes de violences conjugales, ainsi que des centres de traitement des addictions. Les données vendues par Kochava, qui concernent des «centaines de milliers» de téléphones portables, selon l’Agence, ne comprennent pas les identités des propriétaires de ces smartphones. Mais il est possible de les retrouver en opérant des croisements, notamment avec les adresses où les téléphones mobiles se trouvent la nuit et le nom des propriétaires de ces logements.”

Source : Avortement: une société de collecte de données assignée en justice par le gouvernement américain – Le Temps

“Google has yanked dozens of apps from its Google Play store after determining that they include a software element that surreptitiously harvests data.The Panamanian company that wrote the code, Measurement Systems S. de R.L., is linked through corporate records and web registrations to a Virginia defense contractor that does cyberintelligence, network-defense and intelligence-intercept work for U.S. national-security agencies.The code ran on millions of Android devices and has been found inside several Muslim prayer apps that have been downloaded more than 10 million times, as well as a highway-speed-trap detection app, a QR-code reading app and a number of other popular consumer apps, according to two researchers who discovered the behavior of the code in the course of auditing work they do searching for vulnerabilities in Android apps. They shared their findings with Google, a unit of Alphabet Inc., federal privacy regulators and The Wall Street Journal.”

Source : Google Bans Apps With Hidden Data-Harvesting Software – WSJ

“Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.[…] Apple and Meta both publish data on their compliance with emergency data requests. From July to December 2020, Apple received 1,162 emergency requests from 29 countries. According to its report, Apple provided data in response to 93% of those requests. Meta said it received 21,700 emergency requests from January to June 2021 globally and provided some data in response to 77% of the requests.”

Source : Apple, Meta Gave User Data to Hackers With Forged Legal Requests (AAPL, FB) – Bloomberg

Joint Statement on Trans-Atlantic Data Privacy Framework

“The European Commission and the United States announce that they have agreed in principle on a new Trans-Atlantic Data Privacy Framework, which will foster trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union in the Schrems II decision of July 2020.  The new Framework marks an unprecedented commitment on the U.S. side to implement reforms that will strengthen the privacy and civil liberties protections applicable to U.S. signals intelligence activities.  Under the Trans-Atlantic Data Privacy Framework, the United States is to put in place new safeguards to ensure that signals surveillance activities are necessary and proportionate in the pursuit of defined national security objectives, establish a two-level independent redress mechanism with binding authority to direct remedial measures, and enhance rigorous and layered oversight of signals intelligence activities to ensure compliance with limitations on surveillance activities.”

Source : Joint Statement on Trans-Atlantic Data Privacy Framework

Messages, Dialer apps sent text, call info to Google

“According to a research paper, « What Data Do The Google Dialer and Messages Apps On Android Send to Google? » [PDF], by Trinity College Dublin computer science professor Douglas Leith, Google Messages (for text messaging) and Google Dialer (for phone calls) have been sending data about user communications to the Google Play Services Clearcut logger service and to Google’s Firebase Analytics service. « The data sent by Google Messages includes a hash of the message text, allowing linking of sender and receiver in a message exchange, » the paper says. « The data sent by Google Dialer includes the call time and duration, again allowing linking of the two handsets engaged in a phone call. Phone numbers are also sent to Google. »”

Source : Messages, Dialer apps sent text, call info to Google • The Register

Retourner à l’accueil CNIL.FR

“Google Analytics permet de disposer de statistiques de fréquentation d’un site web. Saisie de plaintes par l’association NOYB, la CNIL, en coopération avec ses homologues européens, a analysé les conditions dans lesquelles les données collectées grâce à cet outil sont transférées vers les États-Unis. La CNIL estime que ces transferts sont illégaux et impose à un gestionnaire du site web français de se conformer au RGPD et, si nécessaire, de ne plus utiliser cet outil dans les conditions actuelles.”

Source : Utilisation de Google Analytics et transferts de données vers les États-Unis : la CNIL met en demeure un gestionnaire de site web | CNIL

Statistical Imaginaries – by danah boyd

“People are afraid to engage with uncertainty. They don’t know how to engage with uncertainty. And they worry about the politicization of uncertainty. But we’re hitting a tipping point. By not engaging with uncertainty, statistical imaginaries are increasingly disconnected from statistical practice, which is increasingly undermining statistical practice. And that threatens the ability to do statistical work in the first place. If we want data to matter, the science community must help push past the politicization of data and uncertainty to create a statistical imaginary that can engage the limitations of data.
The statistical imaginary of precise, perfect, and neutral data has been ruptured. There is no way to put the proverbial genie back in the bottle. Nothing good will come from attempting to find a new way to ignore uncertainty, noise, and error. The answer to responsible data use is not to repair an illusion. It’s to constructively envision and project a new statistical imaginary with eyes wide open. And this means that all who care about the future of data need to help ground our statistical imaginary in practice, in tools, and in knowledge. Responsible data science isn’t just about what you do, it’s about what you ensure all who work with data do.”

Source : Statistical Imaginaries – by danah boyd

Web2 vs Web3 | ethereum.org

“Web2 refers to the version of the internet most of us know today. An internet dominated by companies that provide services in exchange for your personal data. Web3, in the context of Ethereum, refers to decentralized apps that run on the blockchain. These are apps that allow anyone to participate without monetising their personal data. Web3 benefits Many Web3 developers have chosen to build dapps because of Ethereum’s inherent decentralization: Anyone who is on the network has permission to use the service – or in other words, permission isn’t required. No one can block you or deny you access to the service. Payments are built in via the native token, ether (ETH). Ethereum is turing-complete, meaning you can pretty much program anything”

Source : Web2 vs Web3 | ethereum.org

« Older posts Newer posts »

© 2022 no-Flux

Theme by Anders NorenUp ↑