Add "This Week In Privacy" 5-8 (#76)

2024-04-13 06:01:37 +00:00 · 2024-04-13 06:01:37 +00:00 · 629c92e5d6
parent 87156196f6
commit 629c92e5d6
4 changed files with 429 additions and 0 deletions
--- a/docs/posts/this-week-in-privacy-5.md
+++ b/docs/posts/this-week-in-privacy-5.md
@ -0,0 +1,100 @@
+---
+date: 2024-01-20
+categories:
+    - This Week in Privacy
+authors:
+    - jonaharagon
+---
+
+# This Week in Privacy #5
+
+Welcome back to *This Week in Privacy*, our weekly series where we cover the latest updates with what we're working on within the Privacy Guides community, and this week's top stories in the data privacy and cybersecurity space.
+
+Privacy Guides is a non-profit which researches and shares privacy-related information, and facilitates a community on our [forum](https://discuss.privacyguides.net/?ref=blog.privacyguides.org) and Matrix where people can ask questions and get advice about staying private online and preserving their digital rights.
+
+## Privacy Guides Updates
+
+A small update for our translation team this week, we've resolved our issues with Crowdin, which allowed us to publish the updated version of the website we've been waiting for for several weeks. You can check out the changelog for v3.19 of the website [here](https://github.com/privacyguides/privacyguides.org/releases/tag/v3.19).
+
+For our contributors, the fix involves a change to how we write admonitions in the source code of the website. If you're writing a new page or contributing to an existing one, you can read more about the proper format for admonitions in our [writers guide](https://www.privacyguides.org/en/meta/admonitions/).
+
+## New Recommendations
+
+v3.19 of the website finally published our information on **uBlock Origin Lite** (mentioned in [TWIP #1](https://blog.privacyguides.org/2023/12/09/this-week-in-privacy-1)) and **Brave's forgetful browsing** feature (mentioned in [TWIP #2](https://blog.privacyguides.org/2023/12/16/this-week-in-privacy-2)), so if you were waiting for information about those recommendations to be published, you can read them on privacyguides.org now.
+
+We also updated our Skiff Mail recommendation to reflect their new support for PGP, which is a great step forward in the world of interoperable email encryption. Again, you can read the full [changelog for v3.19](https://github.com/privacyguides/privacyguides.org/releases/tag/v3.19) of privacyguides.org if you want to know about all the changes.
+
+## Privacy News
+
+Moving on to news from around the privacy and cybersecurity space...
+
+In a follow up to the story we shared last week about China cracking AirDrop encryption in order to track individual AirDrop users, *CNN* reports that [Apple has been aware of tracking concerns with AirDrop since at least 2019](https://edition.cnn.com/2024/01/12/tech/china-apple-airdrop-user-encryption-vulnerability-hnk-intl/index.html):
+
+> Security researchers warned Apple as early as 2019 about vulnerabilities in its AirDrop wireless sharing function that Chinese authorities claim they [recently used](https://www.cnn.com/2024/01/10/tech/china-apple-airdrop-encryption-hnk-intl/index.html) to track down users of the feature, the researchers told CNN, in a case that experts say has sweeping implications for global privacy.
+> A group of Germany-based researchers at the Technical University of Darmstadt, who first discovered the flaws in 2019, told CNN Thursday they had confirmation Apple received their original report at the time but that the company appears not to have acted on the findings. The same group published a [proposed fix](https://www.usenix.org/system/files/sec21-heinrich.pdf) for the issue in 2021, but Apple appears not to have implemented it, the researchers said.
+
+The Swiss magazine *Republik* has [accused the Swiss government of massive online surveillance of their citizens](https://www.swissinfo.ch/eng/business/swiss-government-accused-of-massive-online-surveillance/49117880):
+
+> The Swiss Federal Intelligence Service (SRC) is allegedly monitoring the digital activities of the Swiss population, particularly on their mobile phones and computers, according to the German-language magazine Republik.ch on Tuesday. What's more, Swiss spies are said to be storing far more information than they promised when the new intelligence law was introduced. The SRC denies these accusations. The Swiss Government is allegedly able to access the messages and emails of the population thanks to the Swiss Federal Intelligence Service (SRC), at least according to the German-language media [Republik.ch](https://www.republik.ch/2024/01/09/der-bund-ueberwacht-uns-alle).
+
+A study conducted by *Consumer Reports* and *The Markup* indicates that [Facebook receives information from "thousands of companies" about each of its average users](https://www.consumerreports.org/electronics/privacy/each-facebook-user-is-monitored-by-thousands-of-companies-a5824207467):
+
+> Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’ data listing over 7,000 companies providing their data.
+
+Brave Browser is "simplifying" their privacy protections, [removing their "Strict" fingerprinting protection mode from their browser](https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode):
+
+> With desktop and Android version 1.64 in a couple of months (and in today’s Nightly release for testing), Brave will sunset Strict fingerprinting protection mode. This does not affect Brave’s industry-leading fingerprinting protection capabilities for users. Instead, it will allow us to focus on improving privacy protections in Standard mode and avoid Web compatibility issues.
+
+Privacy Guides currently recommends using Strict fingerprinting protections in Brave, as do many other privacy-centric configuration guides for Brave Browser. We are looking into into what this change will mean for our guide and recommendations, and we'll release an additional update about this soon.
+
+In what is hopefully not new news to anyone here, [Google is admitting they track more about your browsing than some people might think in Incognito Mode](https://www.ghacks.net/2024/01/16/google-updates-chromes-incognito-mode-disclaimer-to-admit-it-is-tracking-users):
+
+> Google is rolling out a change to the Incognito Mode disclaimer of the company's Chrome web browser. It admits in it that it is tracking users even while the mode is active. The company [settled a $5 billion privacy lawsuit](https://www.ghacks.net/2023/12/29/google-settles-its-5-billion-privacy-lawsuit-over-incognito-mode-tracking) over tracking in Incognito Mode in December 2023.
+
+## Security News
+
+In a first for Qualcomm devices, the [Samsung Galaxy S24 is receiving 7 years of updates](https://arstechnica.com/gadgets/2024/01/the-galaxy-s24-gets-seven-years-of-updates-1300-titanium-ultra-model):
+
+> Samsung is matching Google's new update plan and offering "seven years of security updates and seven generations of OS upgrades." Previously, it gave [four years](https://news.samsung.com/global/samsung-sets-the-new-standard-with-four-generations-of-os-upgrades-to-ensure-the-most-up-to-date-and-more-secure-galaxy-experience) of updates.
+
+We generally don't [recommend](https://www.privacyguides.org/en/android) Samsung devices, but this change could have a major impact in the Android hardware space overall. Fairphone notably had to resort to an "industrial" chip in their latest phone just to receive 5 years of updates from Qualcomm, but this could push Qualcomm to update all of their newer devices for much longer than before. Time will tell whether this level of support will be available to companies other than Samsung in the future.
+
+Kaspersky released a [new tool which analyzes the Shutdown.log file on iOS devices to scan for Pegasus malware](https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734):
+
+> [...] we’ve analyzed and confirmed the reliability of detecting a Pegasus malware infection using the Shutdown.log artifact stored in a sysdiag archive. The lightweight nature of this method makes it readily available and accessible. Moreover, this log file can store entries for several years, making it a valuable forensic artifact for analyzing and identifying anomalous log entries. Again, this is not a silver bullet that can detect all malware, and this method relies on the user rebooting the phone as often as possible.
+
+Kaspersky notes that typical methods of [detecting mobile spyware](https://www.privacyguides.org/en/device-integrity) rely on either scanning a full encrypted backup of the device, or performing network traffic analysis on the device in question, both of which can be time-consuming and difficult. This new tool scans system log files which are readily available in iOS and are much more lightweight than full backups.
+
+## Community News
+
+One of our readers noted that a creator on YouTube expressed confusion about how we make recommendations about tools like [VPNs](https://www.privacyguides.org/en/vpn). I'll briefly cover the transparent process here in response:
+
+1. **New tools and providers are recommended by our [community](https://discuss.privacyguides.net/c/site-development/suggestions/6).** Often people will ask why we haven't reviewed a certain tool, and the answer is usually that our community simply didn't care enough about that tool to suggest it in the first place. We have a section on our forum where people can suggest and vote for tools they think should be covered, and then we review them.
+2. **Suggestions are evaluated by our team.** One or two of our [team members](https://www.privacyguides.org/en/about) will test out these tools and take notes about how they do or do not fit our criteria, and these notes are shared on our forum. The team member will mark a suggestion as either [approved](https://discuss.privacyguides.net/tag/approved) (awaiting a pull request) or [rejected](https://discuss.privacyguides.net/tag/rejected). This step is not the final approval for a tool.
+3. **A pull request (first draft) is submitted.** Somebody—typically but not always the team member from the previous step—will write a draft recommendation, section, or page on the website and submit it on [GitHub](https://github.com/privacyguides/privacyguides.org/pulls).
+4. **Pull Requests are evaluated by our team.** At this point, two team members other than the one who wrote the pull request will perform a final evaluation of the recommendation. They verify every statement being published, make sure the tool meets our criteria and nothing slipped through in the preliminary review on our forum, and perform a final pass through of the draft. Approvals or requests for changes are indicated on GitHub.
+5. **Approved PRs are merged into the main site.** After a minimum of two individual approvals from contributors other than the author of the PR, a recommendation can be published on the website. This process ensures the information available is reliable as possible, and was published in accordance to all our policies. Every team member has the individual ability to block a PR at any time with a "Request for Changes" note until their concerns are addressed.
+
+Privacy Guides has strict conflict of interest policies when it comes to submissions, and of course we don't make recommendations based on affiliate programs (which we don't participate in), sponsors, or other financial incentives. Privacy Guides is a non-profit organization in the United States with a legal obligation to fulfill the following [mission statement](https://opencollective.com/privacyguides):
+
+> The **Privacy Guides** team is providing services, tools, and knowledge to protect your privacy against global mass surveillance. Our website is free of advertisements and not affiliated with any listed providers.
+>
+> The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. We do not operate Privacy Guides for personal profit, and all funds will be used to further our mission in one form or another.
+
+Activities outside the scope of that statement are prohibited.
+
+Privacy is not a zero-sum game, but unfortunately some content creators see our independent process as a threat to their [business model](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites), and would rather publish their "speculations" and create drama instead of checking their facts, so this is a one-stop place to check their facts for them instead of debating each one individually, which we don't have time to do. Although, if anyone does have a specific question about something which is not covered here, a question on our forum will always receive a response!
+
+## TWIP Live 🔴
+
+All the updates from *This Week in Privacy* will be shared here on the blog every week, so subscribe with your favorite RSS reader if you want to stay tuned. However, for people who prefer audio, we're going to be trying out a podcast-style recording of these updates every week, livestreamed on our YouTube channel.
+
+- [Listen to *This Week in Privacy #5* on YouTube](https://www.youtube.com/watch?v=2i9a_-d1Aao)
+
+We're trialing *This Week in Privacy* for a month to see whether we and the community finds these sorts of updates to actually be valuable. *If* we do continue to publish these updates after that, we'll publish the audio version of the show as a standard RSS feed outside of YouTube separately.
+
+**Update Jan 21, 2024:** [*This Week in Privacy* is now available via RSS](https://fm.neat.tube/@thisweekinprivacy) for use with any podcast client!
+
+## In the next TWIP
+
+Will we continue to publish these updates? We'll see! We are hoping to publish a new TWIP update every Saturday, but we won't be able to do so without your help. If you find a news story you'd like us to share, or you're working on anything in the privacy space which our community would be interested in, please get in touch on our forum to share your update and be featured in next week's publication.
--- a/docs/posts/this-week-in-privacy-6.md
+++ b/docs/posts/this-week-in-privacy-6.md
@ -0,0 +1,105 @@
+---
+date: 2024-01-27
+categories:
+    - This Week in Privacy
+authors:
+    - jonaharagon
+---
+
+# This Week in Privacy #6
+
+Welcome back to *This Week in Privacy*, our weekly series where we cover the latest updates with what we're working on within the Privacy Guides community, and this week's top stories in the data privacy and cybersecurity space.
+
+Privacy Guides is a non-profit which researches and shares privacy-related information, and facilitates a community on our [forum](https://discuss.privacyguides.net/?ref=blog.privacyguides.org) and Matrix where people can ask questions and get advice about staying private online and preserving their digital rights.
+Privacy Guides Updates
+
+The [*This Week in Privacy* podcast](https://fm.neat.tube/@thisweekinprivacy) is now available via standard RSS for consumption within your favorite podcast client. Thanks to hosting it with [Castopod](https://castopod.org), an open-source podcasting hosting platform, it can also be followed by any fediverse client such as Mastodon at [@thisweekinprivacy@fm.neat.tube](https://fm.neat.tube/@thisweekinprivacy). If you enjoy the audio show, give us a follow!
+
+## Privacy News
+
+While not strictly privacy-related *per se*, one of the biggest problems stopping adoption of privacy-respecting software is that big tech gatekeepers go out of their way to prevent alternatives from being as user friendly and feature complete as they could be. In response to this, Mozilla created a new issue tracker called *Platform Tilt*, in which they document all of the ways that Apple, Google, and Microsoft purposely put alternatives like Firefox at a disadvantage, and is calling for action from these companies to level the playing field.
+
+[Platform Tilt: Documenting the Uneven Playing Field for an Independent Browser Like Firefox – Open Policy & Advocacy](https://blog.mozilla.org/netpolicy/2024/01/19/platform-tilt)
+
+> Browsers are the principal gateway connecting people to the open Internet, acting as their agent and shaping their experience. The central role of browsers has long motivated us to build…
+
+## Open Policy & Advocacy
+
+In law enforcement news, WIRED reports that police throughout the United States believe that running faces generated by AI based on DNA evidence through AI facial recognition software "should at least be an option" available to investigators, and that this practice has been performed by various agencies already.
+
+> \[In 2017, detectives working a cold case at the East Bay Regional Park District Police Department\] sent genetic information collected at the crime scene to Parabon NanoLabs—a company that says it can turn DNA into a face. \[...\]
+> \[The\] department published the predicted face in an attempt to solicit tips from the public. Then, in 2020, one of the detectives did something civil liberties experts say is even more problematic—and a violation of Parabon NanoLabs’ terms of service: He asked to have the rendering run through facial recognition software.
+
+[Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It](https://www.wired.com/story/parabon-nanolabs-dna-face-models-police-facial-recognition/)
+> Police around the US say they’re justified to run DNA-generated 3D models of faces through facial recognition tools to help crack cold cases. Everyone but the cops thinks that’s a bad idea.
+> WIREDCondé Nast
+
+In unsurprising news, researchers have found that many iPhone apps spy on you when they receive notifications, despite Apple's "policies" against this behavior.
+
+> If the app is closed, the iPhone operating system lets the app wake up temporarily \[when it receives a push notification\] to contact company servers, send you the notification, and perform any other necessary business. The data harvesting Mysk spotted happened during this brief window.
+
+[iPhone Apps Secretly Harvest Data When They Send You Notifications, Researchers Find](https://gizmodo.com/iphone-apps-can-harvest-data-from-notifications-1851194537)
+> Security researchers say apps including Facebook, LinkedIn, TikTok, Twitter, and countless others collect data in surprising ways.
+> GizmodoThe A.V. Club
+
+Amazon Ring is no longer sharing videos with police without performing a formal legal request through the court system, as it probably should have been this whole time:
+
+> Amazon’s Ring will no longer let police and other government agencies request doorbell camera footage from within the company’s Neighbors app, in what privacy advocates are hailing as a long-awaited victory for civil liberties.
+> Authorities seeking Ring surveillance videos must now submit a formal legal request to the company, rather than soliciting footage directly from users through the app, Ring said in a blog post Wednesday.
+
+[Amazon’s Ring to shutter video-sharing program popular with police | CNN Business](https://www.cnn.com/2024/01/24/tech/amazons-ring-video-sharing-with-police/index.html)
+> Amazon’s Ring will no longer let police and other government agencies request doorbell camera footage from within the company’s Neighbors app, in what privacy advocates are hailing as a long-awaited victory for civil liberties.
+> CNN · Brian Fung
+
+In more lighthearted news, 404 Media reported on a collection of documents obtained this week from the NSA, published on the [Internet Archive](https://archive.org/details/nsa-furby-memo/NSA%20Furby%20Memo%20-%20Memoranda/page/n5/mode/2up), detailing concerns in 1998 about "embedded AI" in the Furby children's toy.
+
+> The NSA’s interest in and concern with the spying capabilities of the Furby—the iconic furry robot toy—has been [documented](https://www.snopes.com/fact-check/nasa-furby-ban/?ref=404media.co) over the years by various news outlets, [YouTube channels](https://www.youtube.com/watch?v=25QHy50nyZo&ref=404media.co), and the [Federal Aviation Administration](https://www.faa.gov/media/19696?ref=404media.co) (which banned Furby operation during takeoff and landing). But previous write-ups rely on a brief news story in the *Washington Post* from January 13, 1999 called “[A TOY STORY OF HAIRY ESPIONAGE](https://www.washingtonpost.com/archive/politics/1999/01/13/a-toy-story-of-hairy-espionage/edb69b8a-1b41-47f8-8166-b8839cd637f3/?ref=404media.co),” which noted that Furby had been banned from the NSA’s offices in Maryland in part because they were worried that NSA employees would discuss classified information to the Furby, which could learn from it and would possibly repeat what it’d heard at a later date.
+
+[These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children’s Toy](https://www.404media.co/these-are-the-notorious-nsa-furby-documents-showing-spy-agency-freaking-out-about-childrens-toy)
+> “Apparently, these stuffed critters learn from nearby speech patterns. That would definitely be a security concern.”
+> 404 Media · Jason Koebler
+
+Finally, US Senator Ron Wyden (D-Oregon) revealed documents confirming that the NSA purchases records from commercial data brokers in order to spy on which apps and websites Americans use.
+
+> Wyden suggested that the intelligence community might be helping data brokers violate an FTC [order](https://www.ftc.gov/system/files/ftc_gov/pdf/X-Mode-D%26O.pdf) requiring that Americans are provided "clear and conspicuous" disclosures and give informed consent before their data can be sold to third parties. In the seven years that Wyden has been investigating data brokers, he said that he has not been made "aware of any company that provides such a warning to users before collecting their data."
+
+[NSA finally admits to spying on Americans by purchasing sensitive data](https://arstechnica.com/tech-policy/2024/01/nsa-finally-admits-to-spying-on-americans-by-purchasing-sensitive-data)
+> Violating Americans’ privacy “not just unethical but illegal,” senator says.
+> Ars Technica · Ashley Belanger
+
+## Security News
+
+Microsoft announced that they were breached this month by SVR, the same Russian intelligence agency which [broke into SolarWinds in 2020](https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach). Microsoft reports that the attackers compromised the email accounts of members of their senior leadership team and employees in other departments including cybersecurity and legal. It doesn't appear that the attackers had to use any new vulnerabilities/0-days, Microsoft merely didn't follow best security practices internally.
+
+[Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center](https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard)
+> Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard
+> Microsoft Security Response Center · MSRC
+
+## Community News
+
+OpenWrt, one of our top choices for [alternative/open-source router firmware](https://www.privacyguides.org/en/router), is working on creating its own open reference hardware.
+
+> OpenWrt\[...\] is 20 years old this year. To keep the project going, lead developers have [proposed](https://forum.openwrt.org/t/openwrt-one-celebrating-20-years-of-openwrt/183684) creating a "fully upstream supported hardware design," one that would prevent the need for handling "binary blobs" in modern router hardware and let DIY router enthusiasts forge their own path. \[...\] There is no expected release date, though it's noted that it's the "first" community-driven reference hardware.
+
+[OpenWrt, now 20 years old, is crafting its own future-proof reference hardware](https://arstechnica.com/gadgets/2024/01/openwrt-now-20-years-old-is-crafting-its-own-future-proof-reference-hardware)
+> There are, as you might expect, a few disagreements about what’s most important.
+> Ars Technica · Kevin Purdy
+
+Apple announced this week that—in the EU only!—they would begin to allow alternative app marketplaces, alternative browser engines, and alternative NFC payment apps on iOS. However, the restrictive way that they are going about this means we're not going to see [Android-style side loading](https://www.privacyguides.org/en/android/#obtaining-applications) or an iOS version of F-Droid anytime soon.
+
+I wrote more about these changes and Apple's non-compliance with the DMA in a separate blog post:
+
+[Apple is Incredibly Salty About the Digital Markets Act](https://www.jonaharagon.com/posts/apple-is-incredibly-salty-about-the-digital-markets-act)
+> Apple’s press release yesterday reads with the professionally and poise of a teenager throwing a tantrum, it’s amazing really. Apple announces changes to iOS, Safari, and the App Store in the European UnionApple announced changes to iOS, Safari, and the App Store impacting developers’ apps in the EU to comply
+Jonah Aragon · Jonah Aragon
+
+## TWIP Live 🔴
+
+All the updates from *This Week in Privacy* will be shared here on the blog every week, so subscribe with your favorite RSS reader if you want to stay tuned. However, for people who prefer audio, we're going to be trying out a podcast-style recording of these updates every week, livestreamed on our YouTube channel.
+
+- [Listen to *This Week in Privacy #6* on YouTube](https://youtube.com/live/gDaz4VxYZmQ?feature=share)
+- [Follow the *This Week in Privacy* podcast via RSS](https://fm.neat.tube/@thisweekinprivacy)
+
+## In the next TWIP
+
+Will we continue to publish these updates? We'll see! We are hoping to publish a new TWIP update every Saturday, but we won't be able to do so without your help. If you find a news story you'd like us to share, or you're working on anything in the privacy space which our community would be interested in, please get in touch on our forum to share your update and be featured in next week's publication.
--- a/docs/posts/this-week-in-privacy-7.md
+++ b/docs/posts/this-week-in-privacy-7.md
@ -0,0 +1,96 @@
+---
+date: 2024-02-04
+categories:
+    - This Week in Privacy
+authors:
+    - jonaharagon
+---
+
+# This Week in Privacy #7
+
+Welcome back to *This Week in Privacy*, our weekly series where we cover the latest updates with what we're working on within the Privacy Guides community, and this week's top stories in the data privacy and cybersecurity space.
+
+Privacy Guides is a non-profit which researches and shares privacy-related information, and facilitates a community on our [forum](https://discuss.privacyguides.net/?ref=blog.privacyguides.org) and Matrix where people can ask questions and get advice about staying private online and preserving their digital rights.
+
+## Privacy Guides Updates
+
+This week we published [new changes](https://github.com/privacyguides/privacyguides.org/releases/tag/v3.20) to privacyguides.org:
+
+- Daniel tested different news aggregator clients and replaced gfeeds with NewsFlash as a tool Linux readers should definitely check out, as gfeeds appears to now be [unmaintained](https://github.com/privacyguides/privacyguides.org/pull/2374).
+- Jonah added some information on Stolen Data Protection to our iOS overview page.
+
+## Privacy Updates
+
+Microsoft is continuing to attempt to assert their monopoly status over the web by forcibly switching people to use Microsoft Edge yet again, this time by automatically opening Microsoft Edge after updating your PC with all the tabs from the browser you were using before.
+
+[Microsoft stole my Chrome tabs, and it wants yours, too](https://www.theverge.com/24054329/microsoft-edge-automatic-chrome-import-data-feature)
+> Microsoft Edge is misbehaving.
+> The Verge
+
+Apple claims that new proposed laws in the UK could let the UK government unilaterally veto new privacy and security features introduced by tech companies. Other civil liberty groups such as Privacy International and Big Brother Watch have also spoken out about these changes:
+
+> The groups said they were concerned the proposed changes would "force technology companies, including those based overseas, to inform the government of any plans to improve security or privacy measures on their platforms so that the government can consider serving a notice to prevent such changes".
+
+[Apple says UK could ‘secretly veto’ global privacy tools](https://www.bbc.com/news/technology-68128177)
+> A law change to let the government block new features would be an “unprecedented overreach,” it says.
+> BBC News
+
+The developer of Nitter says they don't see a "way forward" for the project after Twitter severely cut off guest access to the service, potentially marking the beginning of the end for privacy-respecting Twitter frontends in general.
+
+[looks like X/twitter(?) broke something again · Issue #983 · zedeus/nitter](https://github.com/zedeus/nitter/issues/983#issuecomment-1913362376)
+> GitHub · zedeus
+
+Italy's Data Protection Authority found privacy violations in OpenAI's ChatGPT tool: "They are related to mass collection of users' data which is then used to train the algorithm."
+
+> The regulator is also concerned that younger users may be exposed to inappropriate content generated by the chatbot.
+> Under the EU's GDPR law, firms which break the rules can be fined up to 4% of the company's global turnover.
+
+[ChatGPT: Italy says OpenAI’s chatbot breaches data protection rules](https://www.bbc.com/news/technology-68128396)
+
+> Italy had previously banned the AI-powered chatbot over privacy concerns.
+> BBC News
+
+Fast Company [reports](https://www.fastcompany.com/91018129/body-cameras-healthcare-retail-workers) that Axon, the largest supplier of body cams to police agencies, is now pitching their devices for use by retail and healthcare employees:
+
+> The idea is mostly twofold: to enforce accountability on its wearer’s part, and to discourage the on-the-job abuse that’s been surging against frontline workers even before the pandemic began.
+
+> Body cams of all kinds have begun to appear on hospital and in-store workers [in the U.S.,](https://www.forbes.com/sites/laurendebter/2023/11/06/shoplifting-has-gotten-so-bad-that-retailers-are-using-body-cams) following roll-outs in Australia and the U.K., including at the National Health Service and retail giant Tesco.
+
+> Most workers wearing its cameras are security personnel, but trials are underway with non-security healthcare staff and in-store retail associates, the company says.
+
+We've talked about age verification in the US recently before, but a similar law is working its way through Canada as well. The CBC notes concerns about privacy and censorship with laws like these:
+
+[Why a proposed bill aiming to prevent kids from accessing porn sites is raising privacy concerns | CBC News](https://www.cbc.ca/news/politics/porn-site-age-verification-proposed-bill-1.7060841)
+
+> An independent senator is sponsoring a law that would required porn websites to implement some kind of age verification mechanism to protect minors from exposure to online pornography. Critics say that would be ineffective and would raise significant privacy and freedom of expression issues.
+> CBCMark · Gollom
+
+10 News First Sydney reports that a "fleet of 70 congestion-busting drones" is being deployed in Australia, monitoring drivers in New South Wales:
+
+A fleet of 70 congestion-busting drones will be keeping an eye on New South Wales motorists, helping everyone get around more easily when the road network gets clogged | [#10NewsFirst](https://twitter.com/hashtag/10NewsFirst?src=hash&ref_src=twsrc%5Etfw) [pic.twitter.com/AR1NbexsRa](https://t.co/AR1NbexsRa)
+\— 10 News First Sydney (@10NewsFirstSyd) [February 4, 2024](https://twitter.com/10NewsFirstSyd/status/1754034431654858878)
+
+## Security News
+
+Cloudflare published more information about the security incident they experienced at the end of last year. While no customer data was affected in this case, it again demonstrates how much of a target big tech infrastructure has made themselves as a result of centralizing everything on their platforms.
+
+[Thanksgiving 2023 security incident](https://blog.cloudflare.com/thanksgiving-2023-security-incident)
+> On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.
+> The Cloudflare Blog · Matthew Prince
+
+## Community News
+
+Proton Mail's desktop apps are [now available](https://www.reddit.com/r/ProtonMail/comments/1affp2z/the_proton_mail_desktop_apps_for_windows_and) in beta to all paying subscribers (previously limited to Visionary users). Unfortunately there is still no version of the app available for Linux.
+
+I published a video on YouTube about the *Kids Online Safety Act*, a bill which threatens mass internet censorship by big tech platforms. Earlier this week the Senate met with CEOs from various tech companies about KOSA and similar laws, which are still being considered despite [strong resistance](https://www.stopkosa.com) from groups like Fight for the Future and the EFF:
+
+## TWIP Live 🔴
+
+All the updates from *This Week in Privacy* will be shared here on the blog every week, so subscribe with your favorite RSS reader if you want to stay tuned. However, for people who prefer audio, we're going to be trying out a podcast-style recording of these updates every week, livestreamed on our YouTube channel.
+
+- [Listen to *This Week in Privacy #7* on YouTube](https://www.youtube.com/watch?v=oS6W3RyBZ30)
+- [Follow the *This Week in Privacy* podcast via RSS](https://fm.neat.tube/@thisweekinprivacy)
+
+## In the next TWIP
+
+Will we continue to publish these updates? We'll see! We are hoping to publish a new TWIP update every Saturday, but we won't be able to do so without your help. If you find a news story you'd like us to share, or you're working on anything in the privacy space which our community would be interested in, please get in touch on our forum to share your update and be featured in next week's publication.
--- a/docs/posts/this-week-in-privacy-8.md
+++ b/docs/posts/this-week-in-privacy-8.md
@ -0,0 +1,128 @@
+---
+date: 2024-02-11
+categories:
+    - This Week in Privacy
+authors:
+    - jonaharagon
+---
+
+# This Week in Privacy #8
+
+Welcome back to *This Week in Privacy*, our weekly series where we cover the latest updates with what we're working on within the Privacy Guides community, and this week's top stories in the data privacy and cybersecurity space.
+
+Privacy Guides is a non-profit which researches and shares privacy-related information, and facilitates a community on our [forum](https://discuss.privacyguides.net/?ref=blog.privacyguides.org) and Matrix where people can ask questions and get advice about staying private online and preserving their digital rights.
+
+## Privacy Guides Updates
+
+Unfortunately, Skiff Mail was removed from Privacy Guides's [email provider recommendations](https://www.privacyguides.org/en/email) earlier today, following their announcement that they are being acquired by Notion and shutting down their platform in 6 months.
+
+If you currently use Skiff Mail for your email mailbox or aliasing service, you should switch to another provider such as Proton or Mailbox.org as soon as possible. Obviously, this was not the expectation for Skiff Mail when we added them to the website last year.
+
+[Remove Skiff](https://discuss.privacyguides.net/t/remove-skiff/16228/52)
+> Obviously *approved* with today’s news (Skiff – Migrating your data) and just needs a PR to remove them from the site now. I’m out & just on my phone right now so I’ll post more about this later— because we should brainstorm a better filter for companies like Skiff in the future certainly 😬
+> Privacy Guides · TorLover9
+
+The longevity of the products we recommend is important to us, and we are carefully considering how predictable and avoidable this situation was in order to potentially try to prevent recommending other products that end up with this outcome in the future. This discussion is ongoing within our community, and if you have any thoughts on the matter we welcome them in this forum thread:
+
+[Avoiding the next Skiff (Criteria to ban VC-backed projects?)](https://discuss.privacyguides.net/t/avoiding-the-next-skiff-criteria-to-ban-vc-backed-projects/16722)
+> Continuing the discussion from Remove Skiff: I think clearly there is some need to define a criteria to weed out technically proficient products that secretly aren’t in it for the long-term. There are of course many examples of this: Skiff, Keybase, Ello, Krypt.co, etc. The problem is of course where to draw that line. IMHO, the most promising possibility to me at the moment is to simply reject VC funded projects (I’m going to merge the discussion about that into this topic below, so you can r…
+> Privacy Guides · jonah
+
+If we change our criteria to better flag and avoid companies which are likely to be acquired or shut down in the future, we will likely post an update on this blog detailing those changes further.
+
+## Privacy Updates
+
+Mozilla has a new tool, Mozilla Monitor Plus, to automatically remove your information from data broker sites. This is an update to their previous Firefox Monitor tool which monitored your email address in the Have I Been Pwned database. Their new product offering combines that service with paid data broker search and opt-out functionality, powered by Onerep.
+
+[Mozilla releases Mozilla Monitor Plus](https://discuss.privacyguides.net/t/mozilla-releases-mozilla-monitor-plus/16665)
+> Seems like an alternative to DeleteMe with a more trusted brand name. Privacy as a service seems to be getting more and more popular these days, as Consumer Reports also released their Permission Slip app.
+> Privacy Guides · Parish2555
+
+New laws in the United Kingdom would make wearing a face mask during a protest (e.g. to protect your identity, protect yourself from an ongoing pandemic, or protect yourself from police smoke screens) illegal:
+
+> Police will be given new powers to arrest protesters who wear face coverings under new laws cracking down on disorder, ministers have announced.
+> Demonstrators flouting an order to remove their mask could be jailed for a month and fined up to £1,000.
+
+[Protesters face jail for wearing face masks or carrying flares under new crackdown](https://www.independent.co.uk/news/uk/home-news/protests-face-mask-coverings-flares-law-b2492373.html)
+> New blitz unveiled on people hiding their identity, using fireworks and blocking roads
+> The Independent · Jane Dalton
+
+EU users on iOS 17.4 can apparently no longer install Progressive Web Apps on their phone following the recent changes to iOS in the EU which allow for browser engines other than WebKit. What this means is that users in the EU will be forced to obtain their apps from centralized app stores rather than the internet for full functionality.
+
+> This has a lot of consequences for users. For example, all data stored by these web apps is automatically deleted with the update. Websites can also no longer send push notifications to users.
+
+[iOS 17.4 seems to remove web app support in the EU](https://9to5mac.com/2024/02/08/ios-17-4-web-app-eu)
+> Apple recently released iOS 17.4 beta to comply with the European Union’s Digital Markets Act (DMA) antitrust legislation, which forced…
+> 9to5Mac · Filipe Espósito
+
+London Underground is testing our new AI surveillance tools to try and detect crime in weapons.
+
+> Thousands of people using the London Underground had their movements, behavior, and body language watched by AI surveillance software designed to see if they were committing crimes or were in unsafe situations, new documents obtained by WIRED reveal. The machine-learning software was combined with live CCTV footage to try to detect aggressive behavior and guns or knives being brandished, as well as looking for people falling onto Tube tracks or dodging fares.
+
+[London Underground Is Testing Real-Time AI Surveillance Tools to Spot Crime](https://www.wired.com/story/london-underground-ai-surveillance-documents)
+> In a test at one station, Transport for London used a computer vision system to try and detect crime and weapons, people falling on the tracks, and fare dodgers, documents obtained by WIRED show.
+> WIREDCondé · Nast
+
+A proposed border policy in the US allocates $170 million towards autonomous surveillance towers and $204 million for "expenses related to the analysis of DNA samples."
+
+> “This combination of money for surveillance and surveillance technology, along with the included gutting of asylum, would transform our system and hyper-amplify what’s already happening on the ground,” said Paromita Shah, the executive director of the immigrant rights group Just Futures Law.
+
+> The US has already spent hundreds of millions of dollars on these automated surveillance towers, which are primarily made by Anduril Industries – the brainchild of Palmer Luckey, founder of Oculus VR.
+
+[‘A privacy nightmare’: the $400m surveillance package inside the US immigration bill](https://www.theguardian.com/us-news/2024/feb/06/us-immigration-bill-mexico-border-surveillance-privacy)
+> Experts issue warning over bipartisan measure’s funding for towers and DNA tests that would ‘hyper-amplify what’s already happening’
+The Guardian · Johana Bhuiyan
+
+## Security News
+
+Canada is planning to ban the Flipper Zero to curb a "surge in car thefts," despite the fact that the Flipper Zero is unable to be used to steal devices in any vehicle with even the most basic rolling code mechanism, i.e. any vehicle since the 90s. This follows the Flipper Zero being [banned on Amazon](https://www.bleepingcomputer.com/news/technology/flipper-zero-banned-by-amazon-for-being-a-card-skimming-device-) for being a card skimming device, despite it being unable to skim cards, and being [banned in Brazil](https://www.bleepingcomputer.com/news/security/brazil-seizing-flipper-zero-shipments-to-prevent-use-in-crime) due to alleged "criminal use."
+
+[Canada to ban the Flipper Zero to stop surge in car thefts](https://www.bleepingcomputer.com/news/security/canada-to-ban-the-flipper-zero-to-stop-surge-in-car-thefts)
+> The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.
+> BleepingComputer · Sergiu Gatlan
+
+BleepingComputer reports that Apple allowed a fake version of LastPass on the App Store:
+
+> As LastPass is used to store very sensitive information, such as authentication secrets and credentials (username/email and password), the app was likely created to act as a phishing app and steal credentials.
+
+[Fake LastPass password manager spotted on Apple’s App Store](https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store)
+> LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users’ credentials.
+> BleepingComputer · Bill Toulas
+
+Ars Technica reports that developers are currently patching a "critical vulnerability" in the shim bootloader software, which enables secure boot for many Linux distros. According to Matthew Garrett, a security developer and one of the original shim authors:
+
+> An attacker (physically present or who has already compromised root on the system) could use this to subvert secure boot (add a new boot entry to a server they control, compromise shim, execute arbitrary code).
+
+[Critical vulnerability affecting most Linux distros allows for bootkits](https://arstechnica.com/security/2024/02/critical-vulnerability-affecting-most-linux-distros-allows-for-bootkits)
+> Buffer overflow in bootloader shim allows attackers to run code each time devices boot up.
+> Ars Technica · Dan Goodin
+
+Earlier this week, many tech publications erroneously reported that "3 million toothbrushes" were used in a DDoS attack, despite there clearly being no toothbrush vendors who even make millions of Wi-Fi enabled toothbrushes in the first place (existing smart toothbrushes use Bluetooth and have no internet connectivity), and no actual evidence of any such botnet from any sources. The original source of this story later confirmed that it was a "hypothetical scenario and not a real attack."
+
+[No, 3 million electric toothbrushes were not used in a DDoS attack](https://www.bleepingcomputer.com/news/security/no-3-million-electric-toothbrushes-were-not-used-in-a-ddos-attack)
+> A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.
+> BleepingComputer · Lawrence Abrams
+
+## Community News
+
+Fedora rebranded all their immutable desktops as [Fedora Atomic Desktops](https://www.privacyguides.org/en/desktop/#fedora-atomic-desktops). Fedora Silverblue (GNOME) and Fedora Kinoite (KDE) are retaining their names because of their brand recognition, but future versions will use a naming convention like "Fedora Sway Atomic" (for the Sway desktop environment).
+
+[Introducing Fedora Atomic Desktops - Fedora Magazine](https://fedoramagazine.org/introducing-fedora-atomic-desktops)
+> Announcing a new family of Fedora Linux spins: Fedora Atomic. This will simplify how to discuss rpm-ostree and naming of future atomic spins.
+> Fedora Magazine · Joseph Gayoso
+
+Mozilla has a new interim CEO, as Mitchell Baker [steps down](https://fortune.com/2024/02/08/mozilla-firefox-ceo-laura-chambers-mitchell-baker-leadership-transition) from her position. The Register [reports](https://www.theregister.com/2024/02/09/mozilla_ceo_mitchell_baker_departs) that Mozilla is unwilling to share the compensation package for the incoming CEO at this time.
+
+[Mitchell Baker steps down as CEO of Mozilla Corporation](https://discuss.privacyguides.net/t/mitchell-baker-steps-down-as-ceo-of-mozilla-corporation/16749)
+> Privacy Guides · anonymous127
+
+## TWIP Live 🔴
+
+All the updates from *This Week in Privacy* will be shared here on the blog every week, so subscribe with your favorite RSS reader if you want to stay tuned. However, for people who prefer audio, we're going to be trying out a podcast-style recording of these updates every week, livestreamed on our YouTube channel.
+
+- [Listen to *This Week in Privacy #8* on YouTube](https://www.youtube.com/watch?v=PfflRBUSTB4)
+- [Follow the *This Week in Privacy* podcast via RSS](https://fm.neat.tube/@thisweekinprivacy)
+
+## In the next TWIP
+
+Will we continue to publish these updates? We'll see! We are hoping to publish a new TWIP update every Saturday, but we won't be able to do so without your help. If you find a news story you'd like us to share, or you're working on anything in the privacy space which our community would be interested in, please get in touch on our forum to share your update and be featured in next week's publication.