Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

 

15 Jun 2020
After the data protection authority ruled that Norway’s Smittestopp app disproportionately intruded on users’ privacy by collecting location data without demonstrating it was strictly necessary and by failing to allow users to separately grant permission for contact tracing and for using the data
08 Jun 2020
It's been two months since the launch of "Perú en us manos", the mobile app promoted by the Peruvian government amidst the Covid-19 pandemic. Until now the app did not accomplish the ambitious goals it set out to. On its first month the app had detected 1400 risk zones while there where already 36
06 May 2020
Shortly after launch, security researcher Baptiste Robert discovered that India's contact tracing app, Aarogya Setu ("Health Bridge"), allows users to spoof their GPS location, find out how many people reported themselves as infected within any 500-metre radius, and mount a triangulation attack to
17 Apr 2020
Abu Dhabi’s Department of Health has released a new mobile app, "Stay Home", to ensure those asked to self-quarantine are abiding by the isolation rules. Everyone subject to quarantine is expected to download the app and create a user name and password; the user must also grant access to camera
30 Apr 2020
The Indian authorities have said that the country's contact-tracing app, Aarogya Setu ("health bridge", in Sanskrit), will be voluntary - but mandatory for federal government employees, food delivery workers, and some other service providers. It may also be needed to access public transport and
09 Jan 2019
The US government created a database of more than 50 journalists and immigrant rights advocates, many of whom were American citizens, associated with the journey of migrants travelling from Central America to the Mexico-US border in late 2018. Officials from Customs and Border Protection (CBP)
29 Apr 2019
A private intelligence company, LookingGlass Cyber Solutions, used social media to monitor more than 600 “Family Separation Day Protests” held across the United States on June 30, 2018, to oppose the Trump administration’s policy family separation policy. The policy was part of a “zero tolerance”
06 May 2019
Absher, an online platform and mobile phone app created by the Saudi Arabian government, can allow men to restrict women’s ability to travel, live in Saudi Arabia, or access government services. This app, which is available in the Google and Apple app stores, supports and enables the discriminatory
31 Jan 2019
In late 2018, researchers at SINTEF Digital Norway, ETH Zurich, and Berlin's Technical University discovered a new and serious vulnerability in several generations of the cellular mobile communications protocols: 3G, 4G, and the upcoming 5G. The flaw affected Authentication and Key Agreement, which
08 Jan 2019
It was already known that law enforcement agencies can track phones to within 500 metres if they show service providers a warrant, but in January 2019, it became clear that the same real-time location data was being sold to a wide range of third parties, including car salesmen, property managers
15 Nov 2018
In November 2018, a security researcher found that the location-tracking children's watch MiSafe's Kid Watcher Plus, originally released in 2015, neither encrypted nor secured the children's accounts, allowing him to track their movements, secretly listen in to their activities, and spoof calls to
30 Jun 2018
In 2018, the Spanish La Liga app was found to be using the microphone and GPS to clamp down on bars infringing copyright by broadcasting matches without paying. Granting the app the permissions it requests at installation to access the mic and GPS location allows it to turn on the mic at any time
01 Mar 2018
As part of efforts to tone down street fights at night Statumseind in Eindhoven, the Netherlands, the city has deployed technology: wifi trackers, cameras, and microphones attached to lamp posts detect aggressive behaviour and alert police. The data collected by these sensors is used to profile
14 Aug 2018
Semi-autonomous cars with built-in internet connections are increasingly being delivered with location tracking in place. Marketed as a convenience, the app FordPass links to Ford's Sync Infotainment system and can log frequent and recently visited locations. Similarly, GM Onstar's Family Link
12 Sep 2018
In September 2018, the attorney general of the US state of New Mexico filed suit against Lithuania-based Tiny Lab Productions claiming that the maker of the children's app Fun Kid Racing had violated the Children's Online Privacy Protection Act (1998) by collecting location and other data about the
10 Aug 2018
In what appears to be an extension of China's tracking of its Muslim citizens, 3,300 of the 11,500 Chinese pilgrims joining the 2018 hajj to Mecca were outfitted with GPS trackers. When photos were shown of the first group preparing to depart wearing trackers around their necks, the state-run
01 Jun 2018
In June 2018, security researchers found that Google's smart speaker and home assistant, Google Home, and its Chromecast streaming device could be made to leak highly accurate location information because they failed to require authentication from other machines on their local network. The attack
07 Sep 2018
In September 2018, the GuardianApp group of security researchers discovered that dozens of popular news, weather, and fitness iPhone apps that require access to location data sell the data they collect to companies engaged in businesses such as ad targeting. The group found apps such as ASKfm, NOAA
08 Mar 2018
In March 2018, Trever Feden, the CEO of a property management startup, exposed a flaw in the gay-dating app Grindr that opened access to the location data and other information about its more than 3 million daily users. A website Faden set up allowed Grindr users to see who was blocking them after
02 Apr 2018
In April 2018, a researcher at Norway's SINTEF found that the gay-daring app Grindr was sending its 3.6 million users' HIV status and last tested date along with their GPS data, phone ID, and email to two app-optimising companies, Apptimize and Localytics. SINTEF also found that the company was