privacyguides/blog.privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/blog.privacyguides.org.git synced 2025-07-14 07:22:36 +00:00
Code Activity
Files
main
blog.privacyguides.org/docs/posts/this-week-in-privacy-6.md

106 lines
12 KiB
Markdown
Raw Permalink Normal View History

Add "This Week In Privacy" 5-8 (#76)
2024-04-13 06:01:37 +00:00
---
date: 2024-01-27
categories:
- This Week in Privacy
authors:
- jonaharagon
---
# This Week in Privacy #6
Welcome back to *This Week in Privacy*, our weekly series where we cover the latest updates with what we're working on within the Privacy Guides community, and this week's top stories in the data privacy and cybersecurity space.
Privacy Guides is a non-profit which researches and shares privacy-related information, and facilitates a community on our [forum](https://discuss.privacyguides.net/?ref=blog.privacyguides.org) and Matrix where people can ask questions and get advice about staying private online and preserving their digital rights.
Privacy Guides Updates
The [*This Week in Privacy* podcast](https://fm.neat.tube/@thisweekinprivacy) is now available via standard RSS for consumption within your favorite podcast client. Thanks to hosting it with [Castopod](https://castopod.org), an open-source podcasting hosting platform, it can also be followed by any fediverse client such as Mastodon at [@thisweekinprivacy@fm.neat.tube](https://fm.neat.tube/@thisweekinprivacy). If you enjoy the audio show, give us a follow!
## Privacy News
While not strictly privacy-related *per se*, one of the biggest problems stopping adoption of privacy-respecting software is that big tech gatekeepers go out of their way to prevent alternatives from being as user friendly and feature complete as they could be. In response to this, Mozilla created a new issue tracker called *Platform Tilt*, in which they document all of the ways that Apple, Google, and Microsoft purposely put alternatives like Firefox at a disadvantage, and is calling for action from these companies to level the playing field.
[Platform Tilt: Documenting the Uneven Playing Field for an Independent Browser Like Firefox Open Policy & Advocacy](https://blog.mozilla.org/netpolicy/2024/01/19/platform-tilt)
> Browsers are the principal gateway connecting people to the open Internet, acting as their agent and shaping their experience. The central role of browsers has long motivated us to build…
## Open Policy & Advocacy
In law enforcement news, WIRED reports that police throughout the United States believe that running faces generated by AI based on DNA evidence through AI facial recognition software "should at least be an option" available to investigators, and that this practice has been performed by various agencies already.
> \[In 2017, detectives working a cold case at the East Bay Regional Park District Police Department\] sent genetic information collected at the crime scene to Parabon NanoLabs—a company that says it can turn DNA into a face. \[...\]
> \[The\] department published the predicted face in an attempt to solicit tips from the public. Then, in 2020, one of the detectives did something civil liberties experts say is even more problematic—and a violation of Parabon NanoLabs terms of service: He asked to have the rendering run through facial recognition software.
[Cops Used DNA to Predict a Suspects Face—and Tried to Run Facial Recognition on It](https://www.wired.com/story/parabon-nanolabs-dna-face-models-police-facial-recognition/)
> Police around the US say theyre justified to run DNA-generated 3D models of faces through facial recognition tools to help crack cold cases. Everyone but the cops thinks thats a bad idea.
> WIREDCondé Nast
In unsurprising news, researchers have found that many iPhone apps spy on you when they receive notifications, despite Apple's "policies" against this behavior.
> If the app is closed, the iPhone operating system lets the app wake up temporarily \[when it receives a push notification\] to contact company servers, send you the notification, and perform any other necessary business. The data harvesting Mysk spotted happened during this brief window.
[iPhone Apps Secretly Harvest Data When They Send You Notifications, Researchers Find](https://gizmodo.com/iphone-apps-can-harvest-data-from-notifications-1851194537)
> Security researchers say apps including Facebook, LinkedIn, TikTok, Twitter, and countless others collect data in surprising ways.
> GizmodoThe A.V. Club
Amazon Ring is no longer sharing videos with police without performing a formal legal request through the court system, as it probably should have been this whole time:
> Amazons Ring will no longer let police and other government agencies request doorbell camera footage from within the companys Neighbors app, in what privacy advocates are hailing as a long-awaited victory for civil liberties.
> Authorities seeking Ring surveillance videos must now submit a formal legal request to the company, rather than soliciting footage directly from users through the app, Ring said in a blog post Wednesday.
[Amazons Ring to shutter video-sharing program popular with police | CNN Business](https://www.cnn.com/2024/01/24/tech/amazons-ring-video-sharing-with-police/index.html)
> Amazons Ring will no longer let police and other government agencies request doorbell camera footage from within the companys Neighbors app, in what privacy advocates are hailing as a long-awaited victory for civil liberties.
> CNN · Brian Fung
In more lighthearted news, 404 Media reported on a collection of documents obtained this week from the NSA, published on the [Internet Archive](https://archive.org/details/nsa-furby-memo/NSA%20Furby%20Memo%20-%20Memoranda/page/n5/mode/2up), detailing concerns in 1998 about "embedded AI" in the Furby children's toy.
> The NSAs interest in and concern with the spying capabilities of the Furby—the iconic furry robot toy—has been [documented](https://www.snopes.com/fact-check/nasa-furby-ban/?ref=404media.co) over the years by various news outlets, [YouTube channels](https://www.youtube.com/watch?v=25QHy50nyZo&ref=404media.co), and the [Federal Aviation Administration](https://www.faa.gov/media/19696?ref=404media.co) (which banned Furby operation during takeoff and landing). But previous write-ups rely on a brief news story in the *Washington Post* from January 13, 1999 called “[A TOY STORY OF HAIRY ESPIONAGE](https://www.washingtonpost.com/archive/politics/1999/01/13/a-toy-story-of-hairy-espionage/edb69b8a-1b41-47f8-8166-b8839cd637f3/?ref=404media.co),” which noted that Furby had been banned from the NSAs offices in Maryland in part because they were worried that NSA employees would discuss classified information to the Furby, which could learn from it and would possibly repeat what itd heard at a later date.
[These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Childrens Toy](https://www.404media.co/these-are-the-notorious-nsa-furby-documents-showing-spy-agency-freaking-out-about-childrens-toy)
> “Apparently, these stuffed critters learn from nearby speech patterns. That would definitely be a security concern.”
> 404 Media · Jason Koebler
Finally, US Senator Ron Wyden (D-Oregon) revealed documents confirming that the NSA purchases records from commercial data brokers in order to spy on which apps and websites Americans use.
> Wyden suggested that the intelligence community might be helping data brokers violate an FTC [order](https://www.ftc.gov/system/files/ftc_gov/pdf/X-Mode-D%26O.pdf) requiring that Americans are provided "clear and conspicuous" disclosures and give informed consent before their data can be sold to third parties. In the seven years that Wyden has been investigating data brokers, he said that he has not been made "aware of any company that provides such a warning to users before collecting their data."
[NSA finally admits to spying on Americans by purchasing sensitive data](https://arstechnica.com/tech-policy/2024/01/nsa-finally-admits-to-spying-on-americans-by-purchasing-sensitive-data)
> Violating Americans privacy “not just unethical but illegal,” senator says.
> Ars Technica · Ashley Belanger
## Security News
Microsoft announced that they were breached this month by SVR, the same Russian intelligence agency which [broke into SolarWinds in 2020](https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach). Microsoft reports that the attackers compromised the email accounts of members of their senior leadership team and employees in other departments including cybersecurity and legal. It doesn't appear that the attackers had to use any new vulnerabilities/0-days, Microsoft merely didn't follow best security practices internally.
[Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center](https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard)
> Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard
> Microsoft Security Response Center · MSRC
## Community News
OpenWrt, one of our top choices for [alternative/open-source router firmware](https://www.privacyguides.org/en/router), is working on creating its own open reference hardware.
> OpenWrt\[...\] is 20 years old this year. To keep the project going, lead developers have [proposed](https://forum.openwrt.org/t/openwrt-one-celebrating-20-years-of-openwrt/183684) creating a "fully upstream supported hardware design," one that would prevent the need for handling "binary blobs" in modern router hardware and let DIY router enthusiasts forge their own path. \[...\] There is no expected release date, though it's noted that it's the "first" community-driven reference hardware.
[OpenWrt, now 20 years old, is crafting its own future-proof reference hardware](https://arstechnica.com/gadgets/2024/01/openwrt-now-20-years-old-is-crafting-its-own-future-proof-reference-hardware)
> There are, as you might expect, a few disagreements about whats most important.
> Ars Technica · Kevin Purdy
Apple announced this week that—in the EU only!—they would begin to allow alternative app marketplaces, alternative browser engines, and alternative NFC payment apps on iOS. However, the restrictive way that they are going about this means we're not going to see [Android-style side loading](https://www.privacyguides.org/en/android/#obtaining-applications) or an iOS version of F-Droid anytime soon.
I wrote more about these changes and Apple's non-compliance with the DMA in a separate blog post:
[Apple is Incredibly Salty About the Digital Markets Act](https://www.jonaharagon.com/posts/apple-is-incredibly-salty-about-the-digital-markets-act)
> Apples press release yesterday reads with the professionally and poise of a teenager throwing a tantrum, its amazing really. Apple announces changes to iOS, Safari, and the App Store in the European UnionApple announced changes to iOS, Safari, and the App Store impacting developers apps in the EU to comply
Jonah Aragon · Jonah Aragon
## TWIP Live 🔴
All the updates from *This Week in Privacy* will be shared here on the blog every week, so subscribe with your favorite RSS reader if you want to stay tuned. However, for people who prefer audio, we're going to be trying out a podcast-style recording of these updates every week, livestreamed on our YouTube channel.
- [Listen to *This Week in Privacy #6* on YouTube](https://youtube.com/live/gDaz4VxYZmQ?feature=share)
- [Follow the *This Week in Privacy* podcast via RSS](https://fm.neat.tube/@thisweekinprivacy)
## In the next TWIP
Will we continue to publish these updates? We'll see! We are hoping to publish a new TWIP update every Saturday, but we won't be able to do so without your help. If you find a news story you'd like us to share, or you're working on anything in the privacy space which our community would be interested in, please get in touch on our forum to share your update and be featured in next week's publication.
Copy Permalink