Advanced Search
Content Type: Examples
In 2014, the UK suicide prevention group The Samaritans launched Radar, a Twitter-based service intended to leverage the social graph to identify people showing signs of suicidal intent on social media and alert their friends to reach out to offer them help. The app was quickly taken offline after widespread criticism and an online petition asking them to delete the app. Among the complaints: the high error rate, intrusiveness, and the Samaritans' response, which was to suggest that people…
Content Type: Examples
As of early 2018, Facebook's friends recommendations (People You May Know) are based on the address books users give them. However, Facebook has been filing patent applications for a new generation of technologies for collecting more information about its users and matching them more accurately. One, filed in 2014, describes technology to discern whether two people might know each other from smartphone data including location, accelerometer, and gyroscope readings, which show how often two…
Content Type: Examples
EU antitrust regulators are studying how companies gather and use big data with a view to understanding how access to data may close off the market to smaller, newer competitors. Among the companies being scrutinised are the obvious technology companies, such as Google and Facebook, and less obvious companies such as German car maker BMW. The commissioner for competition, Margrethe Vestager, says her office has not yet found cause for concerns, although it fined Facebook for giving misleading…
Content Type: Examples
In 2014, researchers at Princeton University outlined an attack that uses multiple third-party cookies to link traffic so that individual users can be identified and tracked from anywhere in the world. A nation-state wishing to surveil particular users outside its jurisdiction, for example, may have access only to data that passes through routers within their country. Linking cookies and using only web page header data to track 25 simulated users browsing from a US location over a three-…
Content Type: Examples
In a letter accompanying his annual report to the Prime Minister for 2017, the British Interception of Communications Commissioner, Stanley Burnton, has expressed concern about the increasingly unacceptable number of errors police are making in resolving Internet Protocol addresses. Because of the way communications service providers allocate - and reallocate - IP addresses, tracing one to a specific location requires manual entry of the address (up to 12 digits) along with details such as…
Content Type: Examples
The Chinese company Tencent has issued a statement denying that it stores or analyses communications sent over WeChat, the country's most popular messaging platform after Geely Automobile chairman Li Shufu claimed there was no data privacy in China at a business forum. Shufu also claimed that Tencent chairman Pony Ma was "definitely looking at our WeChat messages every day". Under the Chinese government's rules, all social media groups are required to store user records. Although relatively…
Content Type: Examples
In 2016, the US Federal Trade Coimmission issued a warning to app developers that had installed Silverpush, software that uses device microphones to listen for audio signals inaudible to the human ear that identify the television programmes they are watching. Nonetheless, similar technology continued to spread. In 2017, software from the TV data collection startup Alphonso, began to spread. As many as 1,000 gaming, messaging, and social apps using Alphonso's software, some of them aimed at…
Content Type: Examples
A report for the US National Academy of Sciences explains the methods used by a team of computer scientists to derive accurate, neighbourhood-level estimates of the racial, economic, and political characteristics of 200 US cities using the images collected by Google Street View in 2013 and 2014. The key element: the pictures captured of 22 million cars parked along or driving down those streets. The scientists trained a computer algorithm to recognise the make, model, and year of each…
Content Type: Examples
Mothers of black, male teenagers in Chicago, fear their children will be added to the Chicago Police Department's gang database. As of the end of 2017, the database contains the names of 130,000 people, 90% of them black or Latino, who are suspected of being gang members. Most have never been arrested for a violent offence or for a drug or weapons charge. The police are not required to notify those who are added to the database, and the reasons for inclusion may be as trivial as style of dress…
Content Type: Examples
In 2017, a study claimed to have shown that artificial intelligence can infer sexual orientation from facial images, reviving the kinds of claims made in the 19th century about inferring character from outer appearance. Despite widespread complaints and criticisms, the study, by Michal Kosinski and Yilun Wang, is scheduled for publication in the respected Journal of Personality and Social Psychology. A reanalysis of the study's methodology and findings shows that the answers to a handful of yes…
Content Type: Examples
Research from ProPublica in December 2017 found that dozens of companies, including Verizon, Amazon, and Target are using Facebook to target job ads to exclude older workers. Excluding older workers is illegal under US law, but Facebook's system allows advertisers to specify precisely who should see their ads. Verizon, for example, specified that its effort to recruit applicants for a unit focused on financial planning and analysis would run on the Facebook feeds of users 25 to 36 years…
Content Type: Examples
Sidewalk Labs, a subsidiary of Alphabet (Google's owner), has signed a deal with the Canadian city of Toronto to redevelop the brownfield Quayside waterfront district and turn it into a technology hub. The deal raises three sets of issues. First (The Guardian) is the essential privatisation of public space by granting Sidewalk Labs over the technology used and the data collected. Second (The Civicist), are the privacy implications, discussed in a public forum, of allowing Sidewalk Labs to…
Content Type: Examples
"To the 53 people who’ve watched A Christmas Prince every day for the past 18 days: Who hurt you?" Netflix tweeted in December 2017. While the tweet did not contain any information that could have identified any of the 53 people, it still made many of those who saw it uncomfortable. A Christmas Prince was a new movie released by Netflix, and the statistic is apparently derived from the service's detailed collection of data on what its subscribers watch.
Subscribers are generally aware that the…
Content Type: Examples
Researchers at Princeton University have shown that a vulnerability identified 11 years ago in the password managers built into web browsers can be exploited to allow third parties to track users across more than a thousand websites. The attack depends on the managers' autofill capability, and works by injecting an invisible login form onto non-login pages on sites where users have already stored their credentials. The password manager fills in the user's email address and password, and the…
Content Type: Examples
Scientists at MIT have created an algorithm called "EQ Radio" that detects and measures individual heartbeats and therefore individuals' emotions by bouncing radio frequency signals - such as ordinary wifi- off of people. The algorithm works the same as an electrocardiogram but needs no leads to be attached, but must process the information it receives differently. With no leads physically attached, EQ Radio can't anticipate the size and shape of the wavelengths it will receive but must develop…
Content Type: Examples
A federal class-action lawsuit filed in California in July 2017 alleges that in violation of the Children's Online Privacy Protection Act (COPPA) and without parental permission, the Walt Disney Company secretly collects personal information about some of its youngest customers and shares it illegally with advertisers. The lawsuit alleges that Disney allowed the software companies Upsight, Unity, and Kochava, which are also named in the suit, to embed trackers in Disney apps that can then…
Content Type: Examples
Every Tesla vehicle is a mobile data collector incorporating built-in sensors that constantly record information about the car's environment and the way the driver navigates through it. The result is to inspire established automakers such as General Motors, Volkswagen, and Nissan-Renault to follow suit by signing partnerships with Mobileye, a sensor supplier that will integrate its camera-based Road Experience Management system into their non-autonomous vehicles and begin a crowd-sourced…
Content Type: Examples
After investigation, the UK's privacy regulatory, the Information Commissioner's Office has found that two small sections of the written scripts used by Blue Telecoms, a marketing firm that made calls on behalf of the Conservative Party during the 2017 general election, crossed the line from legitimate market research to unlawful direct marketing. The ICO has issued a warning to the Conservative Party rather than launching a formal regulatory action because, it says, the overall campaign was…
Content Type: Examples
The French data protection regulator, the Commission Nationale de l'Informatique et des Libertés (CNIL), has issued a formal notice to Genesis Industries Limited, the maker of the connected toys My Friend Cayla and I-QUE. Genesis has two months to bring the toys into compliance with data protection law. CNIL says that based on the security flaws found by a consumer association (presumably the Norwegian Consumer Council, which did this work in 2016) its chair decided to perform online…
Content Type: Examples
GPS data indicates economic gap between crowds attending presidential inauguration and women's march
Using anonymised data GPS data from mobile devices, primarily smart phones, SafeGraph concluded that the crowds attending the US presidential inauguration in January 2016 make significantly less money than attendees of the Women's March two months later. The income level estimates were made possible by merging SafeGraph's movement data with census data, which is organised by US postal zip codes. Identifying the zip code in which a phone spends most of its time enabled Safe Graph to show that…
Content Type: Examples
Facebook and Twitter have advised Damian Collins, the chair of the UK Parliament's digital, culture, media, and sport committee, that the companies will hand over some information relating to the rearch of Russia-backed posts during the EU referendum. Facebook has already given the US Senate similar information about Russia-backed posts during the 2016 presidential election; this information showed that campaign ads and fake news generated by the Internet Research Agency troll factory in St…
Content Type: Examples
In 2017, Grindr, which at the time was available in 192 countries, began implementing new privacyimplementing new privacy protection measures in order to help protect its users in anti-gay countries such as those in the Middle East and Africa. Among them: users will be able to to change the Grindr app icon on their phones, and in collaboration with regional activists the company will put out weekly (or, if necessary, daily) notifications including safety tips to avoid police entrapment and…
Content Type: Examples
Recognising that many parents will be considering purchasing connected toys and other devices for their children, for Christmas 2017 the UK's Information Commissioner's Office issued a list of 12 guidelines for assessing products before purchasing. These include: research the product's security before buying; watch out for online shopping fraud; plan ahead to study the product's security and privacy options; change default user names and passwords; ensure your home router is security; use two-…
Content Type: Examples
A recent study from the Yale Privacy lab and Exodus Privacy founds dozens of invasive trackers hidden in common Android apps. However, the method the researchers used, which involved writing code to expose the internal workings of the devices they tested, is legally barred under the US Digital Millennium Copyright Act (2000). Apple's iOS operating system is locked with digital rights management (DRM) software, and both the DMCA and the EU's Copyright Directive prohibit circumventing DRM or…
Content Type: Examples
Our usual image of online advertising is that we are one of millions whose data is being examined by a large, remote organisation - a government or major company. Research from the University of Washington has found that anyone equipped with time, determination, and a relatively small budget of $1,000 can exploit mobile advertising networks to track a specifically targeted individual. Researchers Paul Vines, Franzi Roesner, and Yoshi Kohno, who presented their work at ACM's Workshop on Privacy…
Content Type: Examples
Some of the Google Home Mini units distributed before release to the tech press and at "Made By Google" events had a defective touch panel. The devices were meant to turn on recording only when the owner woke it up with "OK, Google" or applied a long press to the centre of the touch panels. Instead, the defect meant that the devices turned on recording thousands of times a day and attempted to respond to random noises rather than waiting for the "OK, Google" prompt or long press. The problem…
Content Type: Examples
Widespread controversy resulted when users discovered in April 2017 that the little-known data company Slice Intelligence was passing anonymised data derived from scanning users' email inboxes to the ride-hailing company Uber. The story illustrates both the power of anonymous data and the complex relationships among Silicon Valley companies that obscure their data practices.
The story begins with Unroll.me, a free service that helps people manage their email by consolidating subscription…
Content Type: Examples
Websites have long used third-party analytics scripts to collect information about how visitors use their sites. In November 2017, researchers at Princeton found that an increasing number of sites use "session replay" scripts that collect every action the user performs while on the site, including mouse movements, keystrokes, scrolling behaviour, and the complete contents of pages loaded. Users logically expect the sites to receive typed data only after they're pressed the "submit" button, but…
Content Type: Examples
Among the friends Facebook recommended to Kashmir Hill as people she might know was Rebecca Porter, to the best of her knowledge a total stranger. Because Hill was studying how the "black box" of Facebook recommendations worked, she contacted Porter to ask what the connection might be. To her surprise, Porter turned out to be her great aunt by marriage, unknown to her because her biological grandfather had abandoned her father, who was adopted and never learned his biological history until…
Content Type: Examples
Logitech's announcement that it would end service and support for its Harmony Link devices in 2018 sparked online outrage after consumers realised this meant the devices would be disabled and that only those with devices still under warranty would get free replacements. Logitech has since said it will provide free replacements to all customers, whether or not their warranty had expired.
The Harmony Link lets users control home entertainment devices through a companion mobile app. Its…