Advanced Search
Content Type: Examples
In 2016, Jamie Siminoff, the CEO of the miniature security camera company Ring, emailed his employees information them that the company would adopt a new mission to fight crime by using consumer electronics. The company, which Amazon acquired in 2018, sells its cameras with a social app, "Neighbors", which allows customers to watch their own property and share information about alleged criminality and suspicious individuals with the rest of the people on their block. Ring's hyper-connected…
Content Type: Examples
A vulnerability in Amadeus, the customer reservation system used by 144 of the world's airlines, was only superficially patched after a team reported the vulnerability in 2018. As a result, an attacker could alter online strangers' Passenger Name Records, which contain all the details of the passengers and flights, and are used by government security agencies to check against the no-fly list. Bug hunter Noam Rotem discovered that a web script hosted by individual airlines accepts passengers'…
Content Type: Examples
In December 2018, the security researchers at 0DayAllDay discovered that the encryption keys hard-coded into the firmware inside the Guardzilla indoor wireless security system were protected by a ten-year-old, easily cracked algorithm. Because all the devices used the same keys, anyone could use the keys to log into the company's Amazon-hosted storage service and gain access to the customer data uploaded there. Although the researchers had notified the company in September, they had received no…
Content Type: Examples
In December 2018 Facebook revealed that over a 12-day period in September a software bug may have wrongly allowed about 1,500 third-party apps to access 6.8 million users' photos, including some that people began uploading to the social network but didn't go on to finish posting. EPIC executive director Marc Rotenberg said the incident offered more evidence that Facebook has violated the terms of its 2011 agreement with the US Federal Trade Commission. In May, Facebook suspended some 200 games…
Content Type: Examples
In December 2018, a hacker made more than 50,000 internet-connected printers worldwide print out flyers asking everyone to subscribe to the YouTube channel belonging to PewDiePie, whose real name is Felix Kjellberg. PewDiePie, who has had the most subscribers on YouTube since 2013, was in danger of losing his top ranking to the channel belonging to Bollywood record label T-Series. His fan TheHackerGiraffe used the IoT search engine Shodan to find open printers using the open source Printer…
Content Type: Examples
In February 2019, a faulty firmware update meant that Nike's latest $350 Adapt BB self-lacing shoes could not pair with the app that allows owners to adjust their tightness, customise the lights, and check remaining battery life. Because the shoes have no physical laces, the error effectively made the shoes unwearable.
https://arstechnica.com/gadgets/2019/02/my-left-shoe-wont-even-reboot-faulty-app-bricks-nike-smart-sneakers/
Writer: Ron Amadeo
Publication: Ars Technica
Content Type: Examples
In February 2019, publicity led the gay dating app Jack'd, which claimed to have more than 5 million users and was ranked among the top four gay social apps on both Apple and Android, to close a security flaw that meant that photos users uploaded to share in private chat sessions were accessible to the open web via the app's Amazon Web Services S3 bucket. Location and other metadata about users was also accessible. The company had been told of the security flaw a year earlier by researcher…
Content Type: Examples
In February 2019, the cybersecurity company Trend Micro found that at least 29 beauty and photo editing apps that had been downloaded more than 4 million times from Google's Play Store included code that pushed full-screen ads for fraudulent or pornography content or that directed users to phishing sites by making them believe they had won a contest. A second group of camera apps that claimed to improve photos actually uploaded them to a remote server controlled by the app developer and then…
Content Type: Examples
In November 2018, a security researcher found that the location-tracking children's watch MiSafe's Kid Watcher Plus, originally released in 2015, neither encrypted nor secured the children's accounts, allowing him to track their movements, secretly listen in to their activities, and spoof calls to the watch from their parents. The watches include a GPS system and a 2G mobile data connection so parents can monitor, via a smartphone app, their children's whereabouts and be alerted if the child…
Content Type: Examples
By January 2019, more than 100 million women worldwide were using smartphone apps that began as period-tracking apps but were beginning to branch out into tracking other types of health data - and also to broaden their use of the data they collect in search or profit. Unlike medical establishments and personnel, apps do not have to meet the privacy standards of laws such as the US Health Insurance Portability and Accountability Act. Some persist in asking for more detail; others, such as…
Content Type: Examples
Facebook has taken down 65 accounts, 161 pages, dozens of groups and four Instagram accounts, which were ran by Archimedes Group, an Israeli political consulting and lobbying firm that aimed at disrupting elections in various countries.
Archimedes was mostly active in Sub-Saharan Africa but also some part of Southeast Asia and Latin America. According to Facebook, the accounts taken down were attempting to influence people in Nigeria, Senegal, Togo, Angola, Niger and Tunisia. But the most…
Content Type: Examples
Similar to the European Commission’s investigation and the stand-alone German and Italian investigations into Amazon’s anti-competitive behaviour, Austria is now investigating whether Amazon is exploiting its market dominance in relation to other retailers that use its website as a marketplace.
The Austrian regulator said it would examine terms and conditions under which the U.S. online giant grants Austrian vendors access to its marketplace.
In a statement, it said “[T]here is a suspicion…
Content Type: Examples
The European Commission, EU’s antitrust watchdog, is nearing a decision on its investigation into Amazon. According to a report in Seeking Alpha, EU Competition Chief Margrethe Vestager said the Commission gathered “a lot of data” in its investigation into Amazon. The report noted the EU sent out 1,500 questionnaires to businesses as part of the investigation.
Sources: https://www.competitionpolicyinternational.com/eu-vestager-closes-in-on-amazon-investigation/ and https://www.…
Content Type: Examples
On April 16th 2019, Italy’s antitrust authority said that it had launched a probe into five Amazon companies for possible abuse of dominant market position in e-commerce and logistical services. The companies being looked into include Amazon Services Europe, Amazon Europe Core, Amazon EU, Amazon Italia Services, and Amazon Italia Logistica. In comments sent via e-mail, Amazon said “We are fully cooperating with the Authority.” The Authority said the probe would be wrapped up by April 15th, 2020…
Content Type: Examples
Following Ms. Vestager’s investigation into Amazon and its own sector enquiry into online price comparison services in October 2017, in June 2018 the German Federal Cartel Office (“Bundeskartellamt”) claimed that it “received a lot of complaints” and is said to be “looking at the role and market power of Amazon” with regards to Amazon’s hybrid function. (Nicholas Hirst, MLEX, 27 June 2018, Amazon’s ‘hybrid function’ catches eye of German antitrust enforcers.) Germany is Amazon’s…
Content Type: Examples
Reports that Amazon is planning on launching a free ad-supported music service caused Spotify’s (the Swedish audio streaming platform) shares to fall 4% on Monday, April 15th. And, on April 18th, Amazon published a blog post where it announced that launch of Amazon’s free music-streaming service in the US. The ad-supported free service became available exclusively through Alexa, Amazon’s voice assistant programmed into Echo devices. It has been reported thatthe Alexa only launch…
Content Type: Examples
In September 2018, EU’s antitrust watchdog, the European Commission, launched a preliminary investigation into how the platform uses data about merchants. Margrethe Vestager, EU Competition Commissioner said that the informal probe concerns the e-commerce group’s dual role as a competitor while simultaneously acting as a host to third-party merchants, who sell goods on Amazon’s websites. “The question here is about the data,” Ms. Vestager said.
The Amazon marketplace investigation follows up…
Content Type: Examples
Amazon has been accused of treating its UK warehouse staff like robots. Between 2015 and 2018, ambulances were called out close to 600 times to Amazon’s UK warehouses. A Freedom of Information request to ambulance services from the GMB union revealed 115 call-outs to Amazon’s site in Rugeley, near Birmingham, including three related to pregnancy or maternity related problems and three for major trauma. At least 1800 people work year-round at the Rugeley warehouse and more than 2000 more can…
Content Type: Examples
On 10 April 2019, an investigation by Bloomberg, disclosed that thousands of Amazon employees around the world are listening in on Amazon Echo users. In order to help improve the Alexa digital assistant powering its line of Echo speakers, the team listens to voice recordings captured in Echo owners’ homes and offices. The recordings are transcribed, annotated and then fed back into the software to help Alexa’s understanding of human speech. In marketing materials, Amazon says Alexa “…
Content Type: Examples
In yet another murder case, a New Hampshire judge ordered Amazon to turn over two days of Amazon Echo recordings in a double murder case in November 2018.
Prosecutors believe that recordings from an Amazon Echo in the Farmington home where two women were murdered in January 2017 may yield further clues as to who their killer might be. Though the Echo was seized when police secured the crime scene, the recordings are stored on Amazon servers.
Timothy Verrill, of Dover, New Hampshire, was…
Content Type: Examples
In 2015, James Bates (of Arkansas, United States) was charged with first-degree murder in the death of Victor Collins. Collins was found floating face down in Bates’ hot tub in November 2015, police said. Amazon Echo entered the murder case because someone present on the night of Collins’ death recalled hearing music streaming through the device. It was widely reported that Amazon fought the prosecution’s request to hand over data recorded by the device that night. Eventually, the argument…
Content Type: News & Analysis
We look at the recently published report on forensic science in the UK, highlight concerns about police not understanding new tech used to extract data from mobile phones; the risk of making incorrect inferences and the general lack of understanding about the capabilities of these tools.
The delivery of justice depends on the integrity and accuracy of evidence and trust that society has in it. So starts the damning report of the House of Lords Science and Technology Select…
Content Type: News & Analysis
Photo by Mike MacKenzie (via www.vpnsrus.com)
Ever, a cloud storage app, is an example of how facial recognition technology can be developed in ways people do not expect and can risk amplifying discrimination.
Ever is a cloud storage app that brands itself as “helping you capture and rediscover your life’s memories,” including by uploading and storing personal photos; Ever does not advertise that it uses the millions of photos people upload to train its facial recognition software,…
Content Type: Long Read
Details of case:
R (on the application of Privacy International) (Appellant) v Investigatory Powers Tribunal and others (Respondents)
[2019] UKSC 22
15 May 2019
The judgment
What two questions was the Supreme Court asked to answer?
Whether section 67(8) of RIPA 2000 “ousts” the supervisory jurisdiction of the High Court to quash a judgment of the Investigatory Powers Tribunal for error of law?
Whether, and, if so, in accordance with what principles, Parliament may by…
Content Type: Press release
Today, after a five year battle with the UK government, Privacy International has won at the UK Supreme Court. The UK Supreme Court has ruled that the Investigatory Powers Tribunal’s (IPT) decisions are subject to judicial review in the High Court. The Supreme Court's judgment is a major endorsement and affirmation of the rule of law in the UK. The decision guarantees that when the IPT gets the law wrong, its mistakes can be corrected.
Key point:
UK Supreme Court rules that the UK spying…
Content Type: Explainer
It’s tough to minimise targeted ads on phones because ads can be delivered based on data from the device level (such as what operating system your phone is using or based on unique numbers that identify your phone), browser level (what you search for within a browser), and within the apps you use. An app could target ads at you based on your location (tied to your unique device id number(s)) for example. Apps, including Instagram, direct you to opt-out of targeted ads at the device level. Here'…
Content Type: Explainer
It’s tough to minimise targeted ads on phones because ads can be delivered based on data from the device level (such as what operating system your phone is using or based on unique numbers that identify your phone), browser level (what you search for within a browser), and within the apps you use. An app could target ads at you based on your location (tied to your unique device id number(s)) for example. Apps, including Instagram, direct you to opt-out of targeted ads at the device level. Here'…
Content Type: Explainer
It’s tough to minimise targeted ads on phones because ads can be delivered based on data from the device level (such as what operating system your phone is using or based on unique numbers that identify your phone), browser level (what you search for within a browser), and within the apps you use. An app could target ads at you based on your location (tied to your unique device id number(s)) for example. Apps, including Instagram, direct you to opt-out of targeted ads at the device level. Here'…
Content Type: Explainer
It’s tough to minimise targeted ads on phones because ads can be delivered based on data from the device level (such as what operating system your phone is using or based on unique numbers that identify your phone), browser level (what you search for within a browser), and within the apps you use. An app could target ads at you based on your location (tied to your unique device id number(s)) for example. Apps, including Instagram, direct you to opt-out of targeted ads at the device level. Here'…
Content Type: News & Analysis
Privacy International welcomes WhatsApp's immediate reaction after the revelation that Israeli cyber intelligence company NSO group had exploited a vulnerability in their software. We encourage all WhatsApp users to update their app as soon as possible. However, we believe WhatsApp needs to be much more transparent with their users. We haven't seen a notification on the app itself that would inform users about both, the bug, and the fix. The current version merely states that you can now see…