Advanced Search
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: News & Analysis
Name: Google/Fitbit merger
Age: Gestating
Appearance: A bit dodgy. One of the world’s biggest tech giants, trying to purchase a company that makes fitness tracking devices, and therefore has huge amounts of our health data.
I don’t get it. Basically Google is trying to buy Fitbit. As if Google doesn’t already have enough data about us, it now wants huge amounts of health data too.
Oh, Fitbit, that’s that weird little watch-type-thing that people get for Christmas, wear for about a month…
Content Type: Call to Action
You might have read our investigation into advertisers who upload your data on Facebook and found out some companies doing the same to you. Well, you can join us and hold them accountable by sending your own Data Subject Access Request (DSAR)!
Before you get started we suggest you read our FAQ and take a look at our 7+1 tips to make the most out of your DSAR before and after.
To do so you simply need to copy the message bellow and send it to the companies that uploaded your data…
Content Type: Examples
Academics have disclosed today a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices.
The vulnerability, codenamed BIAS (Bluetooth Impersonation AttackS), impacts the classic version of the Bluetooth protocol, also known as Basic Rate / Enhanced Data Rate, Bluetooth BR/EDR, or just Bluetooth Classic.
The BIAS attack
The BIAS security flaw resides in how devices handle the link key,…
Content Type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of COVID-19, governments around the world are rushing to track the locations of their populace.
In this third installment of our Covid-19 tracking technology primers, we look at Satellite Navigation technology. In Part 1 of our mini-series on we discussed apps that use Bluetooth for proximity tracking. Telecommunications operators ('telcos'), which we discussed in Part 2, are also handing over customer data, showing the cell towers…
Content Type: Examples
Mexico is one of the biggest buyers of next-generation surveillance technology. And now data leaked to Forbes indicates it's taken an unprecedented step in becoming the first-known buyer of surveillance technology that silently spies on calls, text messages and locations of any mobile phone user, via a long-vulnerable portion of global telecoms networks known as Signalling System No. 7 (SS7).
The revelation was contained in what an anonymous source close claimed was…
Content Type: Examples
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers.
“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” they added.
“This means a Bluetooth connection can be established without pairing the devices at all.…
Content Type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content Type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. We have seen such examples in Singapore and emerging plans in the UK.
Apps that use Bluetooth are just one way to track location. There are several different technologies in a smartphone…
Content Type: Examples
Recent study shows that Americans are wary of data from smart speakers being used in criminal investigations, the Pew Research Center reported. A recent study showed that 49% of Americans answered that it is unacceptable for smart speakers companies to share audio recordings of their customers with law enforcement in order to help with criminal investigations. Only 25% said it is acceptable. Aparently, this result contrasts with some other data use practices measured in the same survey. For…
Content Type: Examples
A woman was killed by a spear to the chest at her home in Hallandale Beache, Florida, north of Miami, in July. Witness "Alexa" has been called yet another time to give evidence and solve the mystery. The police is hoping that the smart assistance Amazon Echo, known as Alexa, was accidentally activated and recorded key moments of the murder. “It is believed that evidence of crimes, audio recordings capturing the attack on victim Silvia Crespo that occurred in the main bedroom … may be found on…
Content Type: Video
Watch our video primer (1m54s) on how political advertisers use highly detailed data about you to target political adverts at you.
Read about some simple steps you can take to minimise the amount of political ads you see online and questions you can be asking of those that profit from your data.
Content Type: Examples
Cookies and other tracking mechanisms are enabling advertisers to manipulate consumers in new ways. For $29, The Spinner will provide a seemingly innocent link containing an embedded cookie that will allow the buyer to deliver targeted content to their chosen recipient. The service advertises packages aimed at men seeking to influence their partners to initiate sex, people trying to encourage disliked colleagues to seek new jobs, and teens trying to get their parents to get a dog. However,…
Content Type: Examples
In July 2018, Dutch researcher Foeke Postma discovered that Polar, the manufacturer of the world's first wireless heart rate monitor manufacturer, was exposing the heart rates, routes, dates, times, duration, and pace of exercises performed by individuals at military sites and at their homes via its social platform, Polar Flow. Polar placed these individuals at particular risk by showing all the exercises a particular individual has completed since 2014 on a single global map. Postma was able…
Content Type: Examples
In April 2018, the Austrian cabinet agreed on legislation that required asylum seekers would be forced to hand over their mobile devices to allow authorities to check their identities and origins. If they have been found to have entered another EU country first, under the Dublin regulation, they can be sent back there. The number of asylum seekers has dropped substantially since 2016, when measures were taken to close the Balkan route. The bill, which must pass Parliament, also allows the…
Content Type: Examples
In October 2018 Amazon patented a new version of its Alexa virtual assistant that would analyse speech to identify signs of illness or emotion and offer to sell remedies. The patent also envisions using the technology to target ads. Although the company may never exploit the patent, the NHS had previously announced it intended to make information from its online NHS Choices service available via Alexa.
https://www.telegraph.co.uk/technology/2018/10/09/amazon-patents-new-alexa-feature-knows-…
Content Type: Examples
In a 2018 interview, the Stanford professor of organisational behaviour Michal Kosinski discussed his research, which included a controversial and widely debunked 2017 study claiming that his algorithms could distinguish gay and straight faces; a 2013 study of 58,000 people that explored the relationship between Facebook Likes and psychological and demographic characteristics; and the myPersonality project, which collected data on 6 million people via a personality quiz that went viral on…
Content Type: Examples
In 2017, the Massachusetts attorney general's office reached an agreement under which Boston-based Copley Advertising agreed to eschew sending mobile ads to patients visiting Planned Parenthood and other health clinics. In 2015, Copley's geofencing technique used location information from smartphones and other internet-enabled devices to target "abortion-minded" women and send them ads for alternatives to abortion in a campaign it conducted on behalf of a Christian pregnancy counselling and…
Content Type: Examples
The CEO of MoviePass, an app that charges users $10 a month in return for allowing them to watch a movie every day in any of the 90% of US theatres included in its programme, said in March 2018 that the company was exploring the idea of monetising the location data it collects. MoviePass was always open about its plans to profit from the data it collects, but it seems likely that its 1.5 million users assumed that meant ticket sales, movie choice, promotions, and so on - not detailed tracking…
Content Type: Examples
The Danish company Blip Systems deploys sensors in cities, airports, and railway stations to help understand and analyse traffic flows and improve planning. In the UK's city of Portsmouth, a network of BlipTrack sensors was installed in 2013 by VAR Smart CCTV, and the data it has collected is used to identify problem areas and detect changing traffic patterns. The city hope that adding more sensors to identify individual journeys will help reduce commuting times, fuel consumption, and vehicular…
Content Type: Examples
In February 2018 the Canadian government announced a three-month pilot partnership with the artificial intelligence company Advanced Symbolics to monitor social media posts with a view to predicting rises in regional suicide risk. Advanced Symbolics will look for trends by analysing posts from 160,000 social media accounts; the results are intended to aid the Canadian government in allocating mental health resources. The company claims to be able to predict suicidal ideation, behaviours, and…
Content Type: Examples
The French data protection regulator, the Commission Nationale de l'Informatique et des Libertés (CNIL), has issued a formal notice to Genesis Industries Limited, the maker of the connected toys My Friend Cayla and I-QUE. Genesis has two months to bring the toys into compliance with data protection law. CNIL says that based on the security flaws found by a consumer association (presumably the Norwegian Consumer Council, which did this work in 2016) its chair decided to perform online…
Content Type: Examples
The UK consumer watchdog Which? has called on retailers to stop selling popular connected toys it says have proven security issues. These include Hasbro's Furby Connect, Vivid Imagination's I-Que robot, and Spiral Toys' Cloudpets and Toy-fi Teddy. In its report, Which? found that these toys do not require authentication to link to other devices via Bluetooth, meaning that any device within range could connect to the toys and take control of them or send messages. Spiral Toys did not comment.…
Content Type: Examples
A pregnancy-tracking app collected basic information such as name, address, age, and date of last period from its users. A woman who miscarried found that although she had entered the miscarriage into the app to terminate its tracking, the information was not passed along to the marketers to which the app's developer had sold it. A few weeks before her original due date, a package was delivered to her home including a note of congratulations and a box of baby formula. Although the baby had died…
Content Type: Examples
In the wake of Tesla’s first recorded autopilot crash, automakers are reassessing the risk involved with rushing semi-autonomous driving technology into the hands of distractible drivers. But another aspect of autopilot—its ability to hoover up huge amounts of mapping and “fleet learning” data—is also accelerating the auto industry’s rush to add new sensors to showroom-bound vehicles. This may surprise some users: Tesla’s Terms of Use (TOU) does not explicitly state that the company will…
Content Type: Examples
Caucuses, which are used in some US states as a method of voting in presidential primaries, rely on voters indicating their support for a particulate candidate by travelling to the caucus location. In a 2016 Marketplace radio interview, Tom Phillips, the CEO of Dstillery, a big data intelligence company, said that his company had collected mobile device IDs at the location for each of the political party causes during the Iowa primaries. Dstillery paired caucus-goers with their online…
Content Type: Examples
In 2015, the Royal Parks conducted a covert study of visitors to London's Hyde Park using anonymised mobile phone signals provided by the network operator EE to analyse footfall. During the study, which was conducted via government-funded Future Cities Catapult, the Royal Parks also had access to aggregated age and gender data, creating a detailed picture of how different people used the park over the period of about a year. The study also showed the percentage of EE subscribers who visited…
Content Type: Examples
In 2015, ABI Research discovered that the power light on the front of Alphabet's Nest Cam was deceptive: even when users had used the associated app to power down the camera and the power light went off, the device continued to monitor its surroundings, noting sound, movement, and other activities. The proof lay in the fact that the device's power drain diminished by an amount consistent with only turning off the LED light. Alphabet explained the reason was that the camera had to be ready to be…
Content Type: Examples
Because banks often decline to give loans to those whose "thin" credit histories make it hard to assess the associated risk, in 2015 some financial technology startups began looking at the possibility of instead performing such assessments by using metadata collected by mobile phones or logged from internet activity. The algorithm under development by Brown University economist Daniel Björkegren for the credit-scoring company Enterpreneurial Finance Lab was built by examining the phone records…
Content Type: Examples
In 2016, the American Civil Liberties Union of Northern California published a report revealing that the social media monitoring service Geofeedia had suggested it could help police track protesters. The report's publication led Twitter and Facebook to restrict Geofeedia's access to their bulk data. ACLUNC argued that even though the data is public, using it for police surveillance is an invasion of privacy. Police are not legally required to get a warrant before searching public data; however…