Advanced Search
Content Type: Examples
Recognising that many parents will be considering purchasing connected toys and other devices for their children, for Christmas 2017 the UK's Information Commissioner's Office issued a list of 12 guidelines for assessing products before purchasing. These include: research the product's security before buying; watch out for online shopping fraud; plan ahead to study the product's security and privacy options; change default user names and passwords; ensure your home router is security; use two-…
Content Type: Examples
A recent study from the Yale Privacy lab and Exodus Privacy founds dozens of invasive trackers hidden in common Android apps. However, the method the researchers used, which involved writing code to expose the internal workings of the devices they tested, is legally barred under the US Digital Millennium Copyright Act (2000). Apple's iOS operating system is locked with digital rights management (DRM) software, and both the DMCA and the EU's Copyright Directive prohibit circumventing DRM or…
Content Type: Examples
Our usual image of online advertising is that we are one of millions whose data is being examined by a large, remote organisation - a government or major company. Research from the University of Washington has found that anyone equipped with time, determination, and a relatively small budget of $1,000 can exploit mobile advertising networks to track a specifically targeted individual. Researchers Paul Vines, Franzi Roesner, and Yoshi Kohno, who presented their work at ACM's Workshop on Privacy…
Content Type: Examples
Some of the Google Home Mini units distributed before release to the tech press and at "Made By Google" events had a defective touch panel. The devices were meant to turn on recording only when the owner woke it up with "OK, Google" or applied a long press to the centre of the touch panels. Instead, the defect meant that the devices turned on recording thousands of times a day and attempted to respond to random noises rather than waiting for the "OK, Google" prompt or long press. The problem…
Content Type: Examples
Widespread controversy resulted when users discovered in April 2017 that the little-known data company Slice Intelligence was passing anonymised data derived from scanning users' email inboxes to the ride-hailing company Uber. The story illustrates both the power of anonymous data and the complex relationships among Silicon Valley companies that obscure their data practices.
The story begins with Unroll.me, a free service that helps people manage their email by consolidating subscription…
Content Type: Examples
Websites have long used third-party analytics scripts to collect information about how visitors use their sites. In November 2017, researchers at Princeton found that an increasing number of sites use "session replay" scripts that collect every action the user performs while on the site, including mouse movements, keystrokes, scrolling behaviour, and the complete contents of pages loaded. Users logically expect the sites to receive typed data only after they're pressed the "submit" button, but…
Content Type: Examples
Among the friends Facebook recommended to Kashmir Hill as people she might know was Rebecca Porter, to the best of her knowledge a total stranger. Because Hill was studying how the "black box" of Facebook recommendations worked, she contacted Porter to ask what the connection might be. To her surprise, Porter turned out to be her great aunt by marriage, unknown to her because her biological grandfather had abandoned her father, who was adopted and never learned his biological history until…
Content Type: Examples
Logitech's announcement that it would end service and support for its Harmony Link devices in 2018 sparked online outrage after consumers realised this meant the devices would be disabled and that only those with devices still under warranty would get free replacements. Logitech has since said it will provide free replacements to all customers, whether or not their warranty had expired.
The Harmony Link lets users control home entertainment devices through a companion mobile app. Its…
Content Type: Examples
In 2017, Amazon was granted a patent has been granted a patent, first filed in 2012, on a mechanism that allows retailers to intercept network requests such as URLs and search terms on in-store wifi and either block shoppers from conducting online price comparisons or offer them discount coupons or complementary items. The patented technology would also tell the retailer the customer's physical whereabouts so they can send a sales representative. The company's plans for this technology, which…
Content Type: Examples
Sonos, which makes connected home sound systems, has told its customers that they will not be able to opt out of a new privacy policy launched in August 2017 that allows the company to begin collecting audio settings, errors, and other account data. Customers can opt out of sending some types of personal information, but not functional data such as email addresses, IP addresses, account login information, and information about the rooms, devices, wifi antennas, and other hardware the system…
Content Type: Examples
Owners of the Hong Kong-based sex toy company Lovense's vibrators who installed the company's remote control app were surprised to discover that the app was recording user sessions without their knowledge. They had authorised the app to use the phone's built-in microphone and camera, but only for use within the app's built-in chat function and to send voice clips on command. Lovense says that no data was sent to its servers, and that the audio files users have found stored on their phones are…
Content Type: Examples
On September 11, 2017, while Florida residents were evacuating during the approach of Hurricane Irma, Tesla rolled out a real-time software update that increased the battery capacity of some of its Model S sedans and Model X SUVs. The update extended the vehicles' range, enabling drivers to travel further on a single charge, and was rolled out in response to requests for help from customers stuck in traffic while trying to evacuate. Tesla said the increase was temporary, and would be reversed…
Content Type: Examples
The UK consumer watchdog Which? has called on retailers to stop selling popular connected toys it says have proven security issues. These include Hasbro's Furby Connect, Vivid Imagination's I-Que robot, and Spiral Toys' Cloudpets and Toy-fi Teddy. In its report, Which? found that these toys do not require authentication to link to other devices via Bluetooth, meaning that any device within range could connect to the toys and take control of them or send messages. Spiral Toys did not comment.…
Content Type: Examples
The UK Information Commissioner's Office has published policy guidelines for big data, artificial intelligence, machine learning and their interaction with data protection law. Applying data protection principles becomes more complex when using these techniques. The volume of data, the ways it's generated, the complexity of the way it's processed, the new uses found for it, and the potential for unexpected consequences to individuals are all among the challenges the ICO considers. The report…
Content Type: Examples
A mistake in Facebook's machine translation service led to the arrest and questioning of a Palestinian man by Israeli police. The man, a construction worker on the West Bank, posted a picture of himself leaning against a bulldozer like those that have been used in hit-and-run terrorist attacks, with a caption that correctly translates to "good morning". Facebook's AI translated it into "hurt them" in English or "attack them" in Hebrew. Based on that, police officers arrested him later that day…
Content Type: Examples
A 2017 Freedom House survey of 65 countries found that 30 of them were using armies of "opinion-shapers" to manipulate elections, advance anti-democratic agendas, and repress their citizens. Although most of these countries direct these efforts to manipulate opinion domestically, the report finds that manipulation and disinformation played a role in elections in at least 17 other countries, including the US presidential election and the UK's EU referendum. The number of…
Content Type: Examples
An investigation by the Irish Data Protection Commissioner has led Eir, a telecommunications company, to replace almost 20,000 modems supplied to customers with basic broadband packages without access to fibre services. The action follows an incident in 2016 in which nearly 2,000 customer routers were breached. At the time, Eir contacted about 130,000 of its broadband customers whose routers were believed to be vulnerable to infection by a virus that could enable the routers to be hacked. Eir…
Content Type: Examples
A paper by Michael Veale (UCL) and Reuben Binns (Oxford), "Fairer Machine Learning in the Real World: Mitigating Discrimination Without Collecting Sensitive Data", proposes three potential approaches to deal with hidden bias and unfairness in algorithmic machine learning systems. Often, the cause is biases in the historical data used to train these systems. In the first approach, trusted third parties selectively store the data needed to audit systems and discover discrimination and incorporate…
Content Type: Examples
In the remote western city Xinjiang, the Chinese government is using new technology and humans to monitor every aspect of citizens' lives. China, which has gradually increased restrictions in the region over the last ten years in response to unrest and violent attacks, blames the need for these measures on the region's 9 million Uighurs. This Muslim ethnic minority make up nearly half of the region's population, and the government accuses them of forming separatist groups and fuelling…
Content Type: Examples
Cracked Labs examines the impact on individuals, groups, and wider society of the corporate use of personal information as it feeds into automated decision-making, personalisation, and data-driven manipulation. On the web, companies track us via hidden software that collects information about the sites we use, our navigation patterns, and even our keystrokes, mouse movements, and scrolling activity and transmits it to hundreds of third-party companies. Similarly, smartphones send a flow of…
Content Type: Examples
The Dutch data protection authority has found that Microsoft's Windows 10 operating system breaches Dutch law by processing personal data of the system's users without informing them clearly about what type of data the company uses and for what purpose. In addition, users cannot give valid consent because the company does not clearly inform them that under the default settings it collects personal usage data through its Edge web browser. The result is to rob users of control over both their…
Content Type: Examples
Privacy and child advocacy groups in the US, Denmark, Belgium, the Netherlands, Sweden, Germany, and the UK are filing complaints with regulators after a study by the Norwegian Consumer Council found critical security flaws and missing privacy protection in children's smartwatches. The watches, which are functionally essentially wearable smartphones, are intended to help parents keep an eye on their children. However, the NCC's research found that they can be easily taken over by strangers and…
Content Type: Examples
In 2017, after protests from children's health and privacy advocates, Mattel cancelled its planned child-focused "Aristotle" smart hub. Aristotle was designed to adapt to and learn about the child as they grew while controlling devices from night lights to homework aids. However, Aristotle was only one of many tech devices being released onto the market to take over functions that have traditionally been part of the intimate relationship between children and their parents: a smart cradle that…
Content Type: Examples
A report from the University of Washington studies parents' and children's interactions with general-purpose connected devices and connected toys. There are numerous privacy issues: toy companies may collect masses of children's intimate data; the toys may enable parents to spy on their children, and criminals hacking these systems may be able to identify and locate the children. For example, the 2015 cyber attack on VTech, a children's tablet maker, exposed the personal data of 5 million…
Content Type: Examples
In 2016, researchers at the University of Birmingham and the German engineering firm Kasper & Oswald discovered two vulnerabilities in the keyless entry systems affecting practically every car Volkswagen Group had sold since 1995, estimated at 100 million vehicles. Two separate attacks use cheap, readily available radio hardware to intercept signals from a car owner's key fob and use them to clone the key. A hardware radio is not needed; the researchers were able to perform the attacks…
Content Type: Examples
A pregnancy-tracking app collected basic information such as name, address, age, and date of last period from its users. A woman who miscarried found that although she had entered the miscarriage into the app to terminate its tracking, the information was not passed along to the marketers to which the app's developer had sold it. A few weeks before her original due date, a package was delivered to her home including a note of congratulations and a box of baby formula. Although the baby had died…
Content Type: Examples
In the wake of Tesla’s first recorded autopilot crash, automakers are reassessing the risk involved with rushing semi-autonomous driving technology into the hands of distractible drivers. But another aspect of autopilot—its ability to hoover up huge amounts of mapping and “fleet learning” data—is also accelerating the auto industry’s rush to add new sensors to showroom-bound vehicles. This may surprise some users: Tesla’s Terms of Use (TOU) does not explicitly state that the company will…
Content Type: Examples
At the 2016 Usenix Workshop on Offensive Technologies, researchers from the University of Michigan presented the results of tests that showed that industrial vehicles - a 2006 semi-trailer and a 2001 school bus - were subject to the same security flaws as had already been found in domestic cars. Via digital signals sent within a big truck's internal network, the researchers were able to change the truck's instrument panel readout, trigger unintended acceleration, and even disable part of the…
Content Type: Examples
In 2013, in collaboration with the Illinois Institute of Technology, the Chicago Police Department set up the Strategic Subjects List, an effort to identify the most likely victims and perpetrators of gun violence. In 2016, a report published by the RAND Corporation found that the project, which had been criticised by both the American Civil Liberties Union and the Electronic Frontier Foundation, simply did not work in the sense of directing social services to those who needed them or keep…
Content Type: Examples
The light surrounding you this very second may be used to expose how much money you make, where you live, when you're home, and much more. That's the big takeaway from
A 2016 analysis of ambient light sensors by London-based security and privacy consultant and University College London researcher Lukasz Olejnik warns that light readings convey rich and sensitive data about users. Light sensors' primary use is to adjust screen brightness to the user's surroundings. However, when…