Advanced Search
Content Type: Key Resources
In the run up to the French presidential election of 2017, political parties increasingly used data-driven targeting techniques and companies to manage their campaigns. Here are some examples.
Content Type: Examples
In 2019, after five years of acquisitions and billions of dollars in investment in advertising software and real-time tracking of web users, Oracle, facing questions about the practices of Data Cloud, its advertising software division, began laying off staff. The reason may have been partly financial: analysts estimate that in 2018 Data Cloud earned only $500 million of Oracle's $40 billion in revenues. Other factors include the Cambridge Analytica scandal, which led Facebook to tighten up…
Content Type: Examples
In January 2018, internet users began complaining about a new wave of pop-up ads across the web: hard-to-close, misleading, and malicious, some of them making it impossible for people to read news. While many blamed reputable publishers like the New York Times and the Atlantic for being willing to run such intrusive ads, in fact the fault lies with a complex advertising system of intermediaries and exchanges and precise targeting that obscures the origins and types of ads being supplied. The…
Content Type: Examples
In February 2019 Google engineers announced that they had created faster, more efficient encryption system that could function on less-expensive Android phones that were too low-powered to implement existing full-device encryption. The scheme, known as Adiantum, uses established and well-vetted encryption tools and principles. Android has required smartphones to support encryption since 2015's version 6, but low-end devices were exempt because of the performance hit. It will now be up to device…
Content Type: Examples
In November 2018, Germany's Federal Cyberintelligence Agency (Bundesamt für Sicherheit in der Informationstechnik, or BSI) released a highly detailed analysis of the myriad ways that Windows 10 tracks users and showing that only enterprise versions of Windows have the ability to turn them off. BSI found that under the Full Tracking setting Windows runs 534 tracking processes and 503 on the Basic setting. Enterprise versions have an extra "security" setting available that reduces the number to…
Content Type: Examples
A November 2018 report from Data & Society discusses "data craft", the methods manipulators use to create disinformation with falsified metadata, specifically platform activity signals, which can be read by machine learning algorithms, platforms, and humans. Manipulators use platform features in unexpected and skilful ways to evade moderation efforts, and their methods need to be understood. The report includes three case studies: politicians' accounts on Instagram, official US government…
Content Type: Key Resources
Political campaigns, debate and engagement has become increasingly digitalised in Italy. Here are some examples of concerns this has raised.
Content Type: Examples
A couple who tried, in February 2018, to keep their unborn child a secret from the internet, in part so the child could create its own internet identity when it was ready. They had some success in avoiding being pursued by baby-related ads, but found themselves unable to exercise the control they wanted. While no one asks for pregnancy and parenting ads to be turned on, no one is able to get them turned off, and data brokers sell the most personal details of our lives. The cost of trying to…
Content Type: Examples
In October 2018, Google developers announced Manifest V3, a new standard for developing extensions for its Chrome web browser. One of the modifications included replacing the API used by extensions that need to intercept and work with network requests. The new API, DeclarativeNetRequest, limits the number of network requests an extension can access; the result was to muzzle third-party adblockers but not the new one Google was building in. Google claimed that implementing a maximum value was…
Content Type: Examples
In a December 2018 update, Facebook so effectively disguised sponsored posts that it took AdBlocker Plus a month, instead of the more usual few days, to find a way to counter it. Facebook has responded to the threat posed to its business model by adblockers by both providing users with advertising settings and tweaking its code to keep adblockers from working on the site. Federal Trade Commission rules require Facebook ads to be clearly labelled as such, but the adblocking arms race has…
Content Type: Examples
In November 2018, a report by the consultancy Privacy Company, on behalf of the Dutch Ministry of Justice, found that Microsoft could be breaking European data collection rules because its Office software was collecting large amounts of personal data including email subject lines and snippets of content typed into emails or Word. The data was originally transmitted to the US, but in an effort to comply with GDPR Microsoft had switched to storing the data in Europe. The Dutch government was…
Content Type: Examples
In November 2018 the campaign group Freedom from Facebook used the social network's own advertising tools to promote a "safe space" website where they can submit whistleblower tips anonymously. Facebook declined to comment but did not appear to be blocking the ads nor keeping a log of who viewed them. One leak suggested that recent scandals, including the Cambridge Analytica affair, had led to a rise in the percentage of staff who said they were optimistic about the company's future. The PR…
Content Type: Examples
In November 2018, a UK Gambling Commission audit found that the number of problem gamblers aged 11 to 16 had quadrupled to 55,000 over two years, 70,000 children were at risk, and 450,000, or one in seven, children aged 11 to 16 bet regularly, spending, on average, £16 a week on fruit machines, bingo, betting shops, and online games, all of which are illegal for under-18s. Two-thirds of children told auditors they had seen gambling ads on TV; close to a million had been exposed to gambling…
Content Type: Examples
In November 2018 Bidooh announced it was developing an intelligent and automated digital billboard advertising platform that it said would leverage facial recognition and blockchain technology to track engagement. Billboard advertising is valued globally at almost $34.8 billion a year. Bidooh has said it considers itself the "Google Adwords" for digital billboard advertising; it intends the new system to be able to target passers-by based on criteria such as age, gender, facial hair, and…
Content Type: Examples
Days after the 2018 shooting that killed 11 Jewish congregants in a Pittsburgh synagogue, The Intercept found that Facebook still allowed advertisers to choose "white genocide conspiracy theory" as a targeting criterion, capturing 168,000 members of the social network. The technique used was the same as the one Pro Publica had discovered a year earlier that showed that "Jew hater", "How to burn Jews", and "History of 'why jews run the world'" were acceptable to Facebook as selection criteria…
Content Type: Long Read
CEOs of the big tech companies have all recently discovered the value of privacy. On Tuesday, 30 April 2019, Mark Zuckerberg, announced his future plans to make Facebook a "privacy-focused social platform". This was followed by Google's Sundar Pichai demand that “privacy must be equally available to everyone in the world.” Meanwhile, Twitter's Jack Dorsey, has described the General Data Protection Regulation (GDPR) as "net-positive", while Apple had already positioned itself as the champion of…
Content Type: Examples
In its February 2019 iOS release (12.2), Apple introduced a toggle enabling users to control whether websites received motion and orientation data collected by the gyroscope and accelerometer inside the iPhone, iPad, and iPod touch. The change is believed to be in response to a 2018 report that thousands of websites have uncontrolled access to motion, orientation, proximity, and light sensor data on mobile devices.
https://www.macrumors.com/2019/02/04/ios-12-2-safari-motion-orientation-access-…
Content Type: Examples
In late 2018, researchers at SINTEF Digital Norway, ETH Zurich, and Berlin's Technical University discovered a new and serious vulnerability in several generations of the cellular mobile communications protocols: 3G, 4G, and the upcoming 5G. The flaw affected Authentication and Key Agreement, which negotiates and establishes authentication between cellular networks and users' phones. AKA as designed for 5G was intended to close a vulnerability in 3G and 4G that allows fake base stations, known…
Content Type: Examples
In January 2019 Apple briefly disabled the group functionality in its FaceTime video calling application after bug was discovered that allowed users to listen on the people they were calling when they did not pick up the call and also allowed some callers to see video of the person they were calling before the receiver picked up. Apple fixed the problem a week later in its next software update, iOS 12.1.4.
https://www.theguardian.com/technology/2019/jan/28/apple-facetime-bug-listen-calls-…
Content Type: Examples
In January 2019, researchers reported finding two huge data dumps. Collection #1 contained passwords and usernames relating to nearly 773 million email addresses spread across about 2.7 spreadsheet rows in 12,000 files. Collection #2.5 contained 845GB of data and more than 25 billion records that included 2.2 billion unique usernames and passwords. Researchers at Phosphorus.io said that more than 130 people were making the data available, and there had been more than 1,000 downloads. Troy Hunt'…
Content Type: Examples
In February 2019, an anonymous tip-off to Computer Sweden revealed that a database containing recordings of 170,000 hours of calls made to the Vårdguiden 1177 non-emergency healthcare advice line was left without encryption or password protection on an open web server provided by Voice Integrate Nordic AB. After the breach was discovered, MedHelp, which runs the 1177 service, shut the server down and found that 55 call files had been illegally downloaded from seven different IP addresses. Nine…
Content Type: Examples
As part of its planning for the 2020 Olympic Games, due to be held in Tokyo, Japan approved a law that would allow the government to conduct a survey to identify vulnerable Internet of Things devices. The National Institute of Information and Communications Technology staff who carry out the survey, who will be supervised by the Ministry of Internal Affairs and Communications, are required to follow strict rules in attempting to hack into these devices: they are only allowed to use default…
Content Type: Examples
In January 2019 Twitter revealed that it had discovered a security flaw in that meant that Android users who updated the email address linked to their account between November 2014 and January 2019 had inadvertently turned off the "protected" setting on their accounts so that their tweets could have been exposed publicly. The company said it was alerting the affected users and publishing the error because it wanted to be sure of reaching the users it could not identify in its internal…
Content Type: Examples
In November 2018 the UK Information Commissioner's Office fined Uber's European operation £385,000 for inadequate security that permitted a November 2016 data breach affecting nearly 3 million British users and 82,000 drivers. In the 2016 breach, attackers obtained credentials that allowed them to access Uber's cloud servers and download 16 large files that held the records of 35 million Uber users worldwide. These included passengers' full names, phone numbers, email addresses, and sign-up…
Content Type: Examples
It was already known that law enforcement agencies can track phones to within 500 metres if they show service providers a warrant, but in January 2019, it became clear that the same real-time location data was being sold to a wide range of third parties, including car salesmen, property managers, bail bondsmen, and bounty hunters. The latter in turn would track any phone for private individuals for a few hundred dollars. At least one company, Microbilt, is selling these phone geolocation…
Content Type: Examples
In November 2018, the criminal hacker group 3ve found a new way of exploiting security weaknesses in the Border Gateway Protocol that allowed them to take control of IP addresses belonging to the US Air Force and other reputable organisations; the result was to net them $29 million in fraudulent advertising revenue. The scheme involved a thousand servers that impersonated human beings viewing ads on bogus pages run by 3ve; to camouflage the origins of the traffic the page requests were…
Content Type: Examples
A November 2018 breach of a government-funded resettlement agency's database in South Korea allowed hackers, believed to be North Korean state security officials, to copy the personal information belonging to 997 North Koreans living in South Korea. Escaping to South Korea is considered an act of treason in North Korea, and those who leave North Korea without permission may be sentenced to prison or hard labour while their families are penalised financially. Previous attempts to attack escapees…
Content Type: Examples
The miniature security camera maker Ring, which was acquired by Amazon in 2017 for a reported $1 billion, has a history of inadequate oversight of the data collected by those cameras on behalf of its customers. In 2016, it reportedly granted virtually unlimited access to its Ukraine-based research and development team to a folder on Amazon's S3 cloud service that held, unencrypted, every video Ring cameras around the world had recorded in order to compensate for weaknesses in its facial and…
Content Type: Examples
In January 2019, the security researcher Justin Paine discovered that the California-based voice over IP provider Voipo had left exposed an unprotected database containing tens of gigabytes of call logs, other internal documents, and customer text messages, including password resets and two-factor authentication codes, all dated between May 2015 and January 8, 2019. The material could have given an attacker deep access to the company's systems. When Paine contacted the company's chief…