via Bhaskar Chakravorti, PhD - the Dean of Global Business, The Fletcher School at Tufts University, comes this thought provoking piece targeting Facebook Inc.'s (NASDAQ: FB) new 'Privacy Cop'. Certainly, today's Must Read.
'In my opinion, in order to be effective, there are three main privacy-related concerns the FTC’s newly designated cop would need to look out for: the potential for genuine violations of users’ privacy; the targeted spread of harmful content, especially resulting in election manipulation and ethnic violence; and instances of collecting and harvesting far more data than is warranted to provide services to users.' - via Bhaskar Chakravorti, PhD Dean of Global Business, The Fletcher School at Tufts University
Exploit of the Month or How Using Smartphones In Speakerphone-Mode Descimates Your Privacy: Spearphone (PDF) (by way of the obviously superlative engineering of S. Abhishek Anand, Chen Wang, Jian Liu, Nitesh Saxena and Yingying Chen), the speech privacy exploitation activity via the device-under-scrutiny's accelerometer detected vibrations emanating via the device's installed speakers. The claim is the use of the device's so-called speakerphone 'erodes' the privacy of the user. Today's Must Read! Hat Tip. Simply astonishing work.
"In particular, we show that by exploiting the affected accelerometer readings and carefully selecting feature sets along with off-the-shelf machine learning techniques, Spearphone can successfully perform gender classification (accuracy over 90%) and speaker identification (accuracy over 80%). In addition, we perform speech recognition and speech reconstruction to extract more information about the eavesdropped speech to an extent." via the Authors (S. Abhishek Anand, Chen Wang, Jian Liu, Nitesh Saxena and Yingying Chen))
Bad Behaviors should not be tolerated... Behold, and examine, if you will, the data exfiltrated (in this case, the inventory of extensions installed in your broweser, and data contained therein) by Linkedin (Nasdaq: LNKD) when the user authenticates at the company's primary public-facing site. Utilizing tools authored by the inimitable Corey Prophitt it's a revelation of the worst kind. Simply Astounding (and certainly bad behavior by a Microsoft Corporation (Nasdaq MSFT) owned company). Hat Tip.
"How would you feel if you opened a program and the program started to check your file system to see what other programs you had installed? You would probably feel the software was overstepping. This is essentially what LInkedIn does when you visit their website. LinkedIn will scan your local browser files in an attempt to identify a number of different browser extensions you may have installed. The data collected by LinkedIn is then exfiltrated from the browser." - via Corey Prophitt, writing at Prophitt.me
Today's Must Read comes to us via Steve Melendez, reporting for Fast Company, with an outstanding piece on Robotic Surveillance accompanied by an equally tremendous report and posting via the ACLU on the same topic. Read both posts, and the report from the ACLU and try not to weep for our society's future (or not).
"A lawyer for Facebook argued in court Wednesday that the social media site’s users “have no expectation of privacy.” According to Law360, Facebook attorney Orin Snyder made the comment while defending the company against a class-action lawsuit over the Cambridge Analytica scandal. “There is no invasion of privacy at all, because there is no privacy,” Snyder said." - via Mikael Thalen, writing at The Daily Dot
News of recently revealed and egregious tracking behaviors at Google Inc. (Nasdaq: GOOG); specifically Google is using your Gmails account to track your purchases. Our suggestions is to immediately remove any financial transaction related messaging from your Gmail accounts without delay - unless of course, you trust Google...
"While Google told us that you can delete this information at any time, they did not mention how much of a pain it is to do so. Instead of having a single setting that allows you to control how this data is saved, you need to go into each and every purchase and click on the Remove Purchase button. This will bring you to the original email that the data was pulled from and once this email is trashed, the purchase will be removed from the Purchases page. " - via Lawrence Abrams, reporting at Bleeping COmputer
via Slate author April Glaser, comes word of the coming vote by the Commisionsers of the City and County of San Francisco targeting the curtailment and prohibition of human facial computational recognition systems and surveillance (including many other forms of computational image analysis, eg. automated license plate readers - and other types of surveillance by automated and non-automatedmeans) in the City and County of San Francisco, California. Now, if they can only figure out how to teach folks not to defecate on the sidewalks and to safely dispose of the accumulated detritus of intravenous drugs, it might be a great city to live in...
"Beyond prohibiting face surveillance, the bill also requires all other types of surveillance technologies—like automatic license plate readers, predictive policing software, and cell phone surveillance towers—to only be adopted by city agencies following a public notice and vote by the Board of Supervisors. The bill also requires clear policies for how surveillance technologies will be used by the city government. via April Glaser writing at Slate
Read The Telegraph's Robin Pagnamenta's superbly-written piece on TikTok - how the company poses an ostensibly larger and insidious vectored privacy threat as compared to the measly annoyance propagated by Facebook Inc. (NASDAQ: FB); only with a People's Republic of China veneer (and counting amongst it's investors United States based KKR (retired United State Army General David H. Petraeus is a member of the management team at KKR) and Japan - based Softbank Technology Corporation (NASDAQ SFBTF) ). Today's MustRead.
'The Telegraph’s Robin Pagnamenta argues TikTok and its parent company pose a far greater global security concern for Western economies than Chinese telecommunications equipment giant Huawei Technologies. ByteDance’s suite of apps, Pagnamenta warns, “are hoovering up oodles of data on hundreds of millions of foreigners – British, American, Brazilian and Indian – many of them children.' -via Fortune Magazine's Clay Chandler and Eamon Barrett
In perhaps the singularly snarky (yet fundamentally true) privacy piece posted targeting privacy invading smart devices on El Reg in the past couple of weeks, comes reporter Alistair Dabbs' jaundiced (and highly entertaining) focused, tech-askew-world-view of so-called 'smart speakers', and other detritus emanating out of the 'robber-baron-age-of-tech'. Enjoy.
"Some 14 years after the publication of NASA-linked research on sub-vocal speech recognition, the genre is currently enjoying a bit of a revival. In the near future, you will acquire the valuable skill to accidentally tell Alexa to buy 400 rolls of toilet paper simply by clearing your throat." - via Alistair Dabbs' privacy piece posted at The Register
News, via Jon Brodkin, writing at Ars Technica, that Airbnb initially took no steps to stop a property owner recording an Airbnb guest. What was Airbnb thinking? Apparently, they were not thinking at all...
'Airbnb's response was troubling, Nealie Barker said. Customer service reps "didn't seem to grasp the seriousness of the issue. They were treating it like a canceled booking," she told CNN. Airbnb temporarily suspended the listing and promised to investigate, CNN wrote. But when Barker contacted Airbnb again two weeks later, "the company told her that the host had been 'exonerated,' and the listing reinstated."' - news, via, Jon Brodkin, writing at Ars Technica
via Chris Morris' well-crafted reportage at Fortune, comes the story of illegal data sharing engaged in by Motel 6, and the $12,000,000 price tag the company coughed up in settlement fines to the State of Washington. I guess they might not be 'leaving the light on for you' - for a while... Today's Must Read.
"Motel 6 will take a $12 million hit for allegedly sharing the personal information of about 80,000 guests with immigration officials without the knowledge or permission of those customers. The chain has settled a lawsuit brought by the state of Washington over the controversial policy of seven of its hotels in that state between 2015 and 2017. The company has also said it will stop the practice of handing over guest information without a subpoena or warrant, unless it believes someone is in imminent danger." - via Chris Morris', at Fortune
Senator Rubio's new privacy bill will prevent States from ratifying their own privacy laws; I wonder what his Constituency thinks of this.
I'm astonished that the good Senator bothers to leave his home in the morning to craft what is essentially a rehash of previous ineffective legislation for his 'American Data Dissemination Act of 2019’. Perhaps he should just phone-in his CRs (Clean or Not), Bills and what-not ... I'll wager his effectiveness, efficiency and popularity would rise exponentially...
Perhaps this weekend, I'll point my admittedly jaundiced (don't forget skeptical) gaze towards Simson Garfinkel, PhD's (Dr. Garfinkel is the United States Census Bureau's Senior Computer Scientist for Confidentiality and Data Access and the Chair of the Bureau's Disclosure Review Board) superb tome targeting the oft-uttered 'death of privacy'. Entitled in a apropos fashion: 'Database Nation: The Death of Privacy in the 21st Century". (Please note the preceding book link is not an affiliate link to booksellers - mh). Oh, and then there's this...