kravietz 🦇 @kravietz@social.privacytools.io

@lukOlejnik Next update of Google's Chrome delivers "first-party sets". Feature bypasses single origin policy: several websites to communicate/share data/cookies/etc. Single origin policy prohibit such flows. Opens new tracking potential. #privacy #chrome

https://github.com/privacycg/first-party-sets

Mozilla opposed this change

https://github.com/privacycg/proposals/issues/17#issuecomment-641687052

The European Data Protection Supervisor (EDPS) publishes the tool Website Evidence Collector under the European Union Public License (EUPL-1.2). The tool supports the automation of privacy and personal data protection inspections of websites. The tool collects evidence of personal data processing, such as cookies, or requests to third parties.

#privacy #gdpr

https://joinup.ec.europa.eu/collection/free-and-open-source-software/solution/website-evidence-collector

Exclusive: Warning Over Chinese Mobile Giant #xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use

https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/

#privacy

How #privacy projects such as Disconnect.me have actual impact on behaviour of #adtech companies:

https://github.com/disconnectme/disconnect-tracking-protection/commit/d76c42b92bdbdba454470e900ab6666c0038917f

With a nice shitstorm currently going on around various "revolutionary" proposals on how to rebuild online #advertising I would like to bring back this excellent 2015 presentation that goes into technical details *why* exactly #adtech needs all this surveillance exactly https://idlewords.com/talks/what_happens_next_will_amaze_you.htm #privacy

If you were still thinking that behavioral profiling is not creepy... #adtech #privacy

No worries, we're fixing mobile too ¯\_(ツ)_/¯

"If Chrome fixes #privacy too fast it could break the web ... Much of the content on the web is supported by advertising revenue, and advertisers will shift to mobile apps"

https://www.cnet.com/google-amp/news/if-chrome-fixes-privacy-too-fast-it-could-break-the-web-google-exec-warns/

EFF: BREAKING: We’ve confirmed that the Ring doorbell app on Android covertly shares personally identifiable information on its users with third-party companies, including Facebook. https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers #amazon #privacy

How surprising! ;) https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast #amazon #privacy #ring

Web trackers using CNAME Cloaking to bypass browsers’ ad blockers

https://portswigger.net/daily-swig/web-trackers-using-cname-cloaking-to-bypass-browsers-ad-blockers #privacy #advertising

"Algorithms and digital technologies constantly collect data and evaluate us and sometimes make life changing decisions such as credit, housing and employment.  Advertisements play a crucial part in this in that they inform us about goods and services, opportunities, products or nudge us into certain behaviours."

https://www.oii.ox.ac.uk/news/releases/public-at-risk-of-discrimination-from-online-behavioural-advertising-says-oxford-legal-expert/

#privacy #advertising

"15.4% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9% contain at least one insecure code snippet." https://www.aisec.fraunhofer.de/en/stackoverflow.html #security #privacy

Client-side scanning is a new proposal of US law enforcement to combat child porn by hashing every image sent by IM clients against a database of known CP hashes. EFF discusses how this can be abused.

https://www.eff.org/deeplinks/2019/11/why-adding-client-side-scanning-breaks-end-end-encryption #privacy

"Facebook isn't neutral turf on which good ideas will naturally prevail over bad ones, John Stuart Mill-style. It's an advertising-driven business whose design deliberately promotes its own peculiar idea of "engagement." https://www.axios.com/costs-facebook-free-speech-zuckerberg-444086fb-8f91-467a-b388-936b9de10a02.html #facebook #privacy

Conveniently skips CA and other shenanigans but still interesting PoV:

"Why would Facebook or Google owe you anything? (...) You willfully used a service and generated data that wouldn’t otherwise exist. What you get in return is Facebook itself, for which you’ve not paid a nickel. (...) You’re an infinitesimally small part of a data cooperative whose benefits accrue to the very users that generated it." https://www.wired.com/story/no-data-is-not-the-new-oil/ #privacy #facebook #google

Facebook, Twitter and Alphabet’s Google have failed to provide adequate transparency for global users around political advertising on their services, a privacy advocacy group said on Tuesday.

https://www.reuters.com/article/us-tech-privacy/privacy-group-says-tech-giants-not-delivering-on-political-ads-pledges-idUSKBN1WH2NW #privacy #twitter #google #facebook

Smart TVs sending sensitive user data to Netflix and Facebook

#privacy #facebook

https://amp.ft.com/content/23ab2f68-d957-11e9-8f9b-77216ebe1f17

"Ecuadorian authorities have arrested the executive of a data analytics firm after his company left the personal records of most of Ecuador's population exposed online on an internet server." #privacy Novaestrat

#Facebook “uses precise location even when you’re not using the app” #privacy https://www.theregister.co.uk/AMP/2019/09/10/facebook_location_tracking/

#facebook asked people for their mobile numbers "only for #authentication purposes", then used them for profiling, and then leaked on the web... https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/ #privacy