The Norwegian Consumer Council hired a security firm called Mnemonic to audit the security of four popular brands of kids' smart watches and found a ghastly array of security defects: the watches allow remote parties to seize control over them in order to monitor children's movements and see where they've gone, covertly listen in on them, and steal their personal information. The data the watches gather and transmit to offshore servers is copious and sent in the clear. The watches incorporate cameras and the photos children take are also easily plundered by hackers. (more…)
Telcos provide API access to your phone's location, along with your name and address, writes Philip Neutstrom. With two links, to danalinc.com and payfone.com, he shows that these sites can access this data when your phone connects. The pages are demos for the API and serve some of the data provided back to the visitor.
In 2003, news came to light that AT&T was providing the DEA and other law enforcement agencies with no-court-warrant-required access to real time cell phone metadata. This was a pretty big deal at the time.>
But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.>
Given the trivial “consent” step required by these services and unlikely audit controls, it appears that these services could be used to track or de-anonymize nearly anyone with a cell phone in the United States with potentially no oversight.
It knew my name and address and more besides, and located to me to a few hundred feet's accuracy. I certainly never knowingly opted-in to it.
Judith Duportail got privacy activist Paul-Olivier Dehaye and human rights lawyer Ravi Naik to help her force Tinder to turn over 800 pages of records the company had saved during the four years she'd used the app, and discovered that the company was indefinitely retaining "information such as my Facebook “likes”, my photos from Instagram (even after I deleted the associated account), my education, the age-rank of men I was interested in, how many times I connected, when and where every online conversation with every single one of my matches happened." (more…)
Fritz Moser, director of the documentary A Good American, about NSA whistleblower Bill Binney who blames the 9/11 attacks on the NSA's capture by corporate contractors who sold it an expensive, useless, self-perpetuating mass-surveillance system, writes, "Since 6 Sept A GOOD AMERICAN is on Netflix and since then I am getting between 10 and 20 emails per day of people telling me how shocked they were by the film and how angry they are, asking what they could do to help. So we came up with this petition. The petition is hosted by a member of Sascha Meinrath's cross-party Civil Liberties Coalition we are working with in Washington DC, backing the cross-party anti-surveillance Caucus in Congress on a grassroots level."
The Electronic Frontier Foundation and American Civil Liberties just filed a lawsuit against the Department of Homeladn Security on behalf of 11 travellers whose devices were searched at the US border; they assert that warrantless device searches violate the constitutional restriction on searches without probable cause. (more…)
If you're using an anonymity tool -- Tor or something like it -- to be anonymous on the internet, it's really easy to screw it up and do something that would allow an adversary of varying degrees of power (up to and including powerful governments) to unmask you. (more…)