Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

 

09 Jan 2019
The US government created a database of more than 50 journalists and immigrant rights advocates, many of whom were American citizens, associated with the journey of migrants travelling from Central America to the Mexico-US border in late 2018. Officials from Customs and Border Protection (CBP)
29 Apr 2019
A private intelligence company, LookingGlass Cyber Solutions, used social media to monitor more than 600 “Family Separation Day Protests” held across the United States on June 30, 2018, to oppose the Trump administration’s policy family separation policy. The policy was part of a “zero tolerance”
06 May 2019
Absher, an online platform and mobile phone app created by the Saudi Arabian government, can allow men to restrict women’s ability to travel, live in Saudi Arabia, or access government services. This app, which is available in the Google and Apple app stores, supports and enables the discriminatory
31 Jan 2019
In late 2018, researchers at SINTEF Digital Norway, ETH Zurich, and Berlin's Technical University discovered a new and serious vulnerability in several generations of the cellular mobile communications protocols: 3G, 4G, and the upcoming 5G. The flaw affected Authentication and Key Agreement, which
08 Jan 2019
It was already known that law enforcement agencies can track phones to within 500 metres if they show service providers a warrant, but in January 2019, it became clear that the same real-time location data was being sold to a wide range of third parties, including car salesmen, property managers
15 Nov 2018
In November 2018, a security researcher found that the location-tracking children's watch MiSafe's Kid Watcher Plus, originally released in 2015, neither encrypted nor secured the children's accounts, allowing him to track their movements, secretly listen in to their activities, and spoof calls to
30 Jun 2018
In 2018, the Spanish La Liga app was found to be using the microphone and GPS to clamp down on bars infringing copyright by broadcasting matches without paying. Granting the app the permissions it requests at installation to access the mic and GPS location allows it to turn on the mic at any time
01 Mar 2018
As part of efforts to tone down street fights at night Statumseind in Eindhoven, the Netherlands, the city has deployed technology: wifi trackers, cameras, and microphones attached to lamp posts detect aggressive behaviour and alert police. The data collected by these sensors is used to profile
14 Aug 2018
Semi-autonomous cars with built-in internet connections are increasingly being delivered with location tracking in place. Marketed as a convenience, the app FordPass links to Ford's Sync Infotainment system and can log frequent and recently visited locations. Similarly, GM Onstar's Family Link
12 Sep 2018
In September 2018, the attorney general of the US state of New Mexico filed suit against Lithuania-based Tiny Lab Productions claiming that the maker of the children's app Fun Kid Racing had violated the Children's Online Privacy Protection Act (1998) by collecting location and other data about the
10 Aug 2018
In what appears to be an extension of China's tracking of its Muslim citizens, 3,300 of the 11,500 Chinese pilgrims joining the 2018 hajj to Mecca were outfitted with GPS trackers. When photos were shown of the first group preparing to depart wearing trackers around their necks, the state-run
01 Jun 2018
In June 2018, security researchers found that Google's smart speaker and home assistant, Google Home, and its Chromecast streaming device could be made to leak highly accurate location information because they failed to require authentication from other machines on their local network. The attack
07 Sep 2018
In September 2018, the GuardianApp group of security researchers discovered that dozens of popular news, weather, and fitness iPhone apps that require access to location data sell the data they collect to companies engaged in businesses such as ad targeting. The group found apps such as ASKfm, NOAA
08 Mar 2018
In March 2018, Trever Feden, the CEO of a property management startup, exposed a flaw in the gay-dating app Grindr that opened access to the location data and other information about its more than 3 million daily users. A website Faden set up allowed Grindr users to see who was blocking them after
02 Apr 2018
In April 2018, a researcher at Norway's SINTEF found that the gay-daring app Grindr was sending its 3.6 million users' HIV status and last tested date along with their GPS data, phone ID, and email to two app-optimising companies, Apptimize and Localytics. SINTEF also found that the company was
07 Apr 2018
In late 2018, after apps like Strava and Polar Flow exposed the movements of staff around military bases, the US Department of Defense banned military troops and other workers at sensitive sites from using fitness trackers and other apps that could reveal their users' location. Military leaders will
10 May 2018
The US company Securus provides a cellphone tracking service that can locate almost any cellphone in the US within seconds by obtaining data from major carriers via a system used by marketers and other companies. In 2018, former Mississippi County, Missouri, sheriff Cory Hutcheson was charged in
18 Jul 2018
In July 2018, Dutch researcher Foeke Postma discovered that Polar, the manufacturer of the world's first wireless heart rate monitor manufacturer, was exposing the heart rates, routes, dates, times, duration, and pace of exercises performed by individuals at military sites and at their homes via its
20 Apr 2018
In April 2018, the Austrian cabinet agreed on legislation that required asylum seekers would be forced to hand over their mobile devices to allow authorities to check their identities and origins. If they have been found to have entered another EU country first, under the Dublin regulation, they can
25 May 2018
In 2018, the digital marketing company Tell All Digital began marketing technology to personal injury law firms to enable them to send mobile ads to patients they know are waiting for treatment in an emergency room and for up to a month afterwards. The technology relies on geofencing, a technique