Category Archives: Privacy

Privacy: The GDPR right to privacy in the EU

Two years ago, Europe introduced the world’s toughest data privacy legislation, putting on notice the tech giants of the world who’d grown fat off your personal data. The General Data Protection Regulation, widely known as the GDPR, is a far-reaching law designed to uphold the right to privacy for Europe’s citizens. It promises to issue bigger fines for data protection violations than have ever been seen before: 20 million euros, or up to 4% of a company’s annual worldwide revenue from the preceding financial year, whichever’s greater.

Source: As the GDPR turns 2, Big Tech should watch out for big sanctions – CNET

Covid tracking apps summarized

When people mention “Covid tracking apps” it would be useful to first define what is meant by “Covid tracking app”. There are many approaches in use and many that are proposed. The various methods are remarkably different. When you hear that “Country X used a tracking app and they have fewer cases”, this does not mean they used a tracking app like you have in mind.

Most apps use location data provided by the cellular network itself or on GPS/Wi-Fi position fixes stored on the phone and shared directly with public health authorities.  Some use the data for contact tracing, coupled with free Covid-19 testing, while others use location data to enforce strict geo-fenced quarantine procedures that if violated, may result in arrest and imprisonment. Few existing apps use  close contact tracing based on Bluetooth.

Contact tracing apps, by themselves, appear to provide little value. As we will see, to be useful there needs to be supporting infrastructure outside the app – such as Korea offering Covid-19 testing to those in close contact. And the app must be installed by nearly all smart phone users (and this will miss about 15% of phones that are not smart phones). Most countries are not using  phone-based apps to track location – they are using the phone network to report locations on 100% of phones in use, which is very different than voluntary installation of a tracking  app.

Consequently, when you hear someone refer to “contact tracing app”, you need to ask them to define what they mean by “contact tracing app”.

What follows is a review of various “contact tracing” apps used in different countries.

Continue reading Covid tracking apps summarized

Privacy: Spooks figure out ways to trick you into not using encryption

Picsix’s tool creates a fake cell tower that can fool a target’s phone into transmitting data to it. The device cannot read encrypted data, but instead tries a different tactic to get private information: making encrypted apps glitchy or even totally unusable. It’s a subtle but strong way to push a frustrated target away from a private app and toward a non-encrypted service that can easily be intercepted and eavesdropped on. The encryption itself is never broken—it is simply rendered useless.

Source: Cops see an encryption problem. Spyware makers see an opportunity. – MIT Technology Review

A call for a code of tech ethics?

Facebook and the like need to craft a professional code of ethics for the technology industry.

Source: A Facebook request: Write a code of tech ethics – Los Angeles Times

Where this is headed, naturally, is the concept of licensed professional engineers (P.E.) in software engineering. Development of a professional engineering licensing exam for software engineering was done many years ago. I believe Texas was the only state to offer the exam; however, due to low participation, they are discontinuing the software engineering PE exam as of April 2019.

How your phone’s location history is used against you

The FBI recently demanded from Google the data about all people using location services within a 100-acre area in Portland, Maine, as part of an investigation into a series of robberies. The request included the names, addresses, phone numbers, “session” times and duration, log-in IP addresses, email addresses, log files and payment information.

Source: Can the police search your phone? | Computerworld

Police may have used location history is to see who has crossed paths of a person they were tracking. For example, suppose police are tracking an illicit drug distribution ring. Dealers meet with customers to deliver drugs.

In order to identify potential customers, police can see whose location data puts them in close proximity to the distributor they are tracking. Merely by being around a distributor, you then become a potential target of police operations.

Google admits turning off ‘location history’ does nothing

Google admits they spy on you always: Google has changed a help page that erroneously described how its “Location History” setting works,…

Even when Location History is set to off, Google’s Android continues to track your location. Google uses your highly detailed location information to discern your interests, where you shop, why type of health problems you may have (by virtue of which doctors or therapists you visit) and more.

Source: Google admits turning off ‘location history’ does nothing | SocialPanic.org

The reason Google tracks your location, everywhere you go

We now know that even with Location Services disabled, Google still tracks and records your every move. The data is collected, ostensibly, for targeted advertising. An advertiser could request thei…

Source: The reason Google tracks your location, everywhere you go | SocialPanic.org

It’s all about knowing where you shop, and where you go. An enormous amount of data may be discerned from your location data – even your health records. Seriously.

Social Panic is one of my other blogs. Please check it out.

Data mining enables many companies to discern your health conditions

Data brokers compile health and frailty profiles that have wide-ranging applications for drug companies, advertisers, insurers and other buyers.

Source: How bits of captured data paint a stealth portrait of your health

They do not need access to your protected[1] health care records. Instead, companies are data mining your credit card purchases, your public social media, your online purchase habits and a host of other data points to guess at your health situation and assign you a “health score”.

This secret health score could be used by insurance companies to change your life insurance premiums, or by a prospective employer to deny you a job because your health score is not good enough for them.

You have no idea what data they have collected and analyzed, nor what score they have assigned to you. The data itself is often incorrect (as I recently found) and their assumptions about you are often wrong too. But there is no way to correct their secret health score.

Continued: Venmo lies about their priority of privacy

Venmo declined to say why it makes full public disclosure the default setting, but a company spokesperson told CNNMoney that “the safety and privacy of Venmo users and their information is one of our highest priorities.”

Source: A researcher studied a year of public Venmo transactions. Here’s what she learned

That’a a lie, as I showed 5 weeks ago:

Someone entered my email address for their account at Venmo. Month’s ago. Apparently Venmo NEVER VERIFIED the email address. Consequently, I receive their emailed financial transaction correspondence – for several months. Guess their customer never noticed they were not receiving emails? (Or is Google broken and one email address is being delivered to different people? Anything is possible!)

I successfully changed the password on a Venmo account that was not mine.

Never, ever use Venmo for transactions if you care even the slightest about keeping your transactions private.