Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

 

14 Aug 2018
Semi-autonomous cars with built-in internet connections are increasingly being delivered with location tracking in place. Marketed as a convenience, the app FordPass links to Ford's Sync Infotainment system and can log frequent and recently visited locations. Similarly, GM Onstar's Family Link
07 Sep 2018
In September 2018, the GuardianApp group of security researchers discovered that dozens of popular news, weather, and fitness iPhone apps that require access to location data sell the data they collect to companies engaged in businesses such as ad targeting. The group found apps such as ASKfm, NOAA
12 Sep 2018
In September 2018, the attorney general of the US state of New Mexico filed suit against Lithuania-based Tiny Lab Productions claiming that the maker of the children's app Fun Kid Racing had violated the Children's Online Privacy Protection Act (1998) by collecting location and other data about the
15 Nov 2018
In November 2018, a security researcher found that the location-tracking children's watch MiSafe's Kid Watcher Plus, originally released in 2015, neither encrypted nor secured the children's accounts, allowing him to track their movements, secretly listen in to their activities, and spoof calls to
08 Jan 2019
It was already known that law enforcement agencies can track phones to within 500 metres if they show service providers a warrant, but in January 2019, it became clear that the same real-time location data was being sold to a wide range of third parties, including car salesmen, property managers
09 Jan 2019
The US government created a database of more than 50 journalists and immigrant rights advocates, many of whom were American citizens, associated with the journey of migrants travelling from Central America to the Mexico-US border in late 2018. Officials from Customs and Border Protection (CBP)
31 Jan 2019
In late 2018, researchers at SINTEF Digital Norway, ETH Zurich, and Berlin's Technical University discovered a new and serious vulnerability in several generations of the cellular mobile communications protocols: 3G, 4G, and the upcoming 5G. The flaw affected Authentication and Key Agreement, which
29 Apr 2019
A private intelligence company, LookingGlass Cyber Solutions, used social media to monitor more than 600 “Family Separation Day Protests” held across the United States on June 30, 2018, to oppose the Trump administration’s policy family separation policy. The policy was part of a “zero tolerance”
06 May 2019
Absher, an online platform and mobile phone app created by the Saudi Arabian government, can allow men to restrict women’s ability to travel, live in Saudi Arabia, or access government services. This app, which is available in the Google and Apple app stores, supports and enables the discriminatory
17 Apr 2020
Abu Dhabi’s Department of Health has released a new mobile app, "Stay Home", to ensure those asked to self-quarantine are abiding by the isolation rules. Everyone subject to quarantine is expected to download the app and create a user name and password; the user must also grant access to camera
30 Apr 2020
The Indian authorities have said that the country's contact-tracing app, Aarogya Setu ("health bridge", in Sanskrit), will be voluntary - but mandatory for federal government employees, food delivery workers, and some other service providers. It may also be needed to access public transport and
06 May 2020
Shortly after launch, security researcher Baptiste Robert discovered that India's contact tracing app, Aarogya Setu ("Health Bridge"), allows users to spoof their GPS location, find out how many people reported themselves as infected within any 500-metre radius, and mount a triangulation attack to
08 Jun 2020
It's been two months since the launch of "Perú en us manos", the mobile app promoted by the Peruvian government amidst the Covid-19 pandemic. Until now the app did not accomplish the ambitious goals it set out to. On its first month the app had detected 1400 risk zones while there where already 36
15 Jun 2020
After the data protection authority ruled that Norway’s Smittestopp app disproportionately intruded on users’ privacy by collecting location data without demonstrating it was strictly necessary and by failing to allow users to separately grant permission for contact tracing and for using the data