Advanced Search
Content Type: Examples
As part of efforts to tone down street fights at night Statumseind in Eindhoven, the Netherlands, the city has deployed technology: wifi trackers, cameras, and microphones attached to lamp posts detect aggressive behaviour and alert police. The data collected by these sensors is used to profile, nudge, or actively target people. However, the area does not notify visitors that data is being collected and kept. The eastern Dutch city of Enschede uses smartphones' wifi signals to identify and…
Content Type: Examples
In May 2018, Slice Technologies, which provides the free Unroll.me email management service in return for data-mining individuals' email inboxes, announced it would discontinue offering its service in Europe rather than comply with the incoming General Data Protection Regulation. Unroll.me's privacy policy claims the right to share users' information with a range of third parties, and the company is known to have provided statistics about its users' Lyft receipts to Uber.
https://techcrunch.…
Content Type: Examples
In 2018, changes to Apple's rules for data collection led Facebook to withdraw its Onavo Protect VPN app from the app store. The app's function was to warn users when they were visiting potentially harmful websites and protected their data when using public wifi. However, the app also collected data on the other apps installed on the device, monitoring that violates Apple's changed rules. In response to accusations that Facebook used the data to identify and acquire competitors, the company…
Content Type: Examples
Semi-autonomous cars with built-in internet connections are increasingly being delivered with location tracking in place. Marketed as a convenience, the app FordPass links to Ford's Sync Infotainment system and can log frequent and recently visited locations. Similarly, GM Onstar's Family Link allows remote users to track family memories and receive alerts about the car's location. Although Ford says a "master reset" restores the car's factory settings, these systems still leave victims of…
Content Type: Examples
In August 2018, domestic abuse victims, their lawyers, shelter workers, and emergency responders began finding that the Internet of Things was becoming an alarming new tool for harassment, monitoring, revenge, and control. Smartphone apps enable abusers to remotely control everyday objects inside their targets homes and use them to watch, listen, scare, or intimidate. Lack of knowledge about how the technology works and uncertainty about how much control the abusive partner has add a…
Content Type: Examples
In August 2018 the US Food and Drug Administration approved the first over-the-counter digital contraceptive, an app called Natural Cycles. The app, which analyses basal body temperature readings and monthly menstruation data to determine whether unprotected sex is likely to lead to pregnancy, sparked many public complaints of inaccuracy. Users pay $80 a year or $10 a month to use the app. However, the app's privacy policy also awards the Swedish maker broad rights to reuse and share the data…
Content Type: Examples
In August 2018, banks and merchants had begun tracking the physical movements users make with input devices - keyboard, mouse, finger swipes - to aid in blocking automated attacks and suspicious transactions. In some cases, however, sites are amassing tens of millions of identifying "behavioural biometrics" profiles. Users can't tell when the data is being collected. With passwords and other personal information used to secure financial accounts under constant threat from data breaches, this…
Content Type: Examples
In 2018, Wells Fargo disclosed that due to a computer bug that remained undiscovered for nearly five years 600 customers were granted more expensive mortgage loans than they could have qualified for. About 400 of them went on to lose their homes. The announcement reignited the public anger and distrust created by the bank's 2016 fake accounts scandal, which was attributed to a hard-driving, aggressive, pervasive sales culture that is difficult to change.
https://www.ft.com/content/dbc1d692-…
Content Type: Explainer graphic
You can also read a more detailed explainer about IMSI catchers here.
Content Type: Examples
In August 2018 Amazon rolled out a software update to Fire OS 5, the operating system used by older versions of its Fire TV and Fire TV Stick devices to counteract malware. At risk were versions of the devices before the company released Fire OS 6 whose owners had turned on Android Debug Bridge in order to sideload applications that aren't directly available from Amazon's app store. Fire OS 6 makes clearer the risk people were taking, as does the patched Fire OS 5.2.6.6. The malware will still…
Content Type: Examples
In September 2018, Google was discovered to be prototyping a search engine, codenamed Dragonfly, designed to comply with China's censorship regime. Among other features, Dragonfly would tie users' searches to their personal phone numbers, ensuring the government could track their queries. Among the terms on Google's Mandarin-language blacklist: "human rights", "student protest", and "Nobel prize". One Google source suggested Dragonfly would also force on users potentially manipulated Chinese-…
Content Type: Examples
Cookies and other tracking mechanisms are enabling advertisers to manipulate consumers in new ways. For $29, The Spinner will provide a seemingly innocent link containing an embedded cookie that will allow the buyer to deliver targeted content to their chosen recipient. The service advertises packages aimed at men seeking to influence their partners to initiate sex, people trying to encourage disliked colleagues to seek new jobs, and teens trying to get their parents to get a dog. However,…
Content Type: Examples
In September 2018, the attorney general of the US state of New Mexico filed suit against Lithuania-based Tiny Lab Productions claiming that the maker of the children's app Fun Kid Racing had violated the Children's Online Privacy Protection Act (1998) by collecting location and other data about the children playing the game. The suit also included online ad businesses run by Google, Twitter, and three other companies, arguing that Google's inclusion of the app in the family section of its Play…
Content Type: Examples
Affiliate marketers, who buy ad space in bulk, run campaigns, and earn commissions on the sales they generate, are behind some of the shady and misleading ads that pollute social media and the wider internet, despite also promoting some legitimate businesses such as Amazon and eBay. At one of several yearly conferences, a Berlin event sponsored by Stack That Money, included representatives from Facebook, "Your Computer May Be Infected", "You Won an iPhone", a Russian promoter of black mask face…
Content Type: Examples
By the time T-Mobile announced in August 2018 that a data breach had compromised customers' names, billing zip codes, email addresses, account numbers, account types, phone numbers, and some hashed passwords, the most crucial of these had become phone numbers. Never intended as identifiers, phone numbers have become tools for authentication and therefore long-term "skeleton keys" to individuals' lives. Techniques such as SIM-swapping allow attackers to intercept SMS messages. Credit card…
Content Type: Examples
In 2017, Alphabet's Sidewalk Labs began a collaboration with Waterfront Toronto intended to turn a 12-acre lakeside area into a "smart city" equipped with sensors and responsive infrastructure. Frustration that Torontonians' data privacy concerns were not being addressed led Saadia Muzaffar, founder of TechGirls Canada, to resign from Waterfront Toronto's Digital Strategy Advisory Panel in October 2018. In a lengthy resignation letter, she called attention to the risk that embedding poorly…
Content Type: Examples
In October 2018, researcher Johannes Eichstaedt led a project to study how the words people use on social media reflect their underlying psychological state. Working with 1,200 patients at a Philadelphia emergency department, 114 of whom had a depression diagnosis, Eichstaedt's group studied their EMRs and up to seven years of their Facebook posts. Matching every person with a depressive diagnosis with five who did not, to mimic the distribution of depression in the population at large, from…
Content Type: Examples
In 2018, WhatsApp founder Brian Acton responded to the Cambridge Analytica scandal by tweeting "It is time. #deletefacebook." He also left the company, walking away from $850 million in unvested stock rather than accede to Facebook's plans to add advertising and commercial messaging, a purpose at odds with WhatsApp's encrypted environment. In 2014, Acton and his co-founder Jan Koum, sold WhatsApp to Facebook for $22 billion. Acton's wanted instead to monetise WhatsApp by charging users tiny…
Content Type: Examples
After a series of scandals, in the year up to September 2018 54% of American Facebook users had changed their privacy settings and 42% had skipped visiting the platform for several weeks or more. About 26% said they had deleted the Facebook app from their smartphone. Some 74% of Facebook users had taken at least one of these three actions, split evenly across Democrats and Republicans. Across age groups, younger users (18 to 29) were more likely to have deleted the app (44%), and only a third…
Content Type: Examples
Even after 2015, when Facebook said it had walled off user records from third parties, inside sources and court documents showed that the company went on maintaining a whitelist of companies that were allowed customised access to information about users' Friends, phone numbers, and a "friend link" metric that measured the degrees of separation. Whitelisted companies included Nissan and Royal Bank of Canada, and others that either advertised on the network or were valuable to Facebook for other…
Content Type: Examples
In July 2018, Facebook announced it was investigating whether the Boston-based company Crimson Hexagon had violated the company's policies on surveillance. Crimson Hexagon markets itself as offering "consumer insights". Its customers include a Russian non-profit with ties to the Kremlin, and multiple US government agencies. After pressure from civil liberties groups, Facebook put a policy in place in March 2017 barring the use of members' data for the purposes of government surveillance.…
Content Type: Examples
In May 2018 Facebook announced it would partner with organisations in places such as Myanmar and South Sudan in order to develop more "context-specific" knowledge about how its platform is being abused to create real risks of harm and violence. In Myanmar, where telephone companies allowed Facebook to offer free access, the number of users rose in tandem with the amount of online hate speech, most of it directed against the country's Muslim minority. Facebook wound up withdrawing its Free…
Content Type: Examples
In May 2018, Facebook said that as part of its investigation into how Cambridge Analytica had abused personal data on the social network, it had investigated thousands of apps on its platform and suspended about 200 of them. The company said it was investigating further to identify every app that may have misused users' personal data before the site's policy changed in 2014. Facebook said it would ban any further apps it found and notify users through a dedicated web page. Among those suspended…
Content Type: Examples
In 2018, economists Marianne Bertrand and Emir Kamenica at the University of Chicago Booth School of Business showed that national divisions are so entrenched that details of what Americans buy, do, and watch can be used to predict, sometimes with more than 90% accuracy, their politics, race, income, education, and gender. In a paper published by the National Bureau of Economic Research, the economists taught machine algorithms to detect patterns in decades of responses to three long-running…
Content Type: Examples
In 2018, experiments showed that despite the company's denials, ads could be targeted at specific Facebook users via information that the users had never given Facebook, such as phone numbers.
The reason: Facebook allows advertisers to upload their own lists of phone numbers of email addresses, and the service will use them to put ads in front of users associated with those details. The company also uses information supplied for security purposes, including phone numbers provided for two-…
Content Type: Examples
In June 2018 Facebook announced it would install new controls to improve members' understanding of how companies targeted them with advertising, including letting them know if a data broker supplied the information. This was the second update to the company's policies in 2018; in March it attempted to ban the use of data brokers but pulled back when advertisers threatened to pull their business.
https://uk.reuters.com/article/us-facebook-privacy-broker/facebook-releases-new-privacy-safeguards-…
Content Type: Examples
In November 2018, HSBC announced a serious data breach in its US business between October 4 and 14, when fraudsters used credential stuffing to gain access to detailed account information relating to about 1% of its 1.4 million US customers. HSBC said that in response it had strengthened its login and authentication processes and implemented additional layers of security. The bank gave affected customers a year's credit monitoring and identity fraud protection, and reminded customers to use…
Content Type: Examples
In July 2018 the three-year-old payment system Revolut notified the UK's National Crime Agency and the Financial Conduct Authority that it had found evidence of money laundering on its system. From its beginnings as a prepaid credit card operator, Revolut had branched out into small business services and cryptocurrencies. Former employees suggest that although the company recently participated in an industry-wide review of money laundering checks and was in compliance with the EU's PSD2, its…
Content Type: Examples
In 2018, the Berlin-based researcher Hang Do Thi Duc concluded after analysing more than 200 million public transactions made in 2017 that anyone can track the purchase history of a user of the peer-to-peer payment app Venmo. By accessing the data via an open API, Do Thi Duc was able to view the names, transaction dates, and messages sent with payment for all users who hadn't changed their settings to private. Venmo's default setting is "public", and does not clearly highlight how to change it…
Content Type: Examples
In 2017, Britain's' two biggest supermarkets, Tesco and Sainsbury's, which jointly cover 45% of the UK's grocery market, announced they would offer discounts on car and home insurance based on customers' shopping habits. For example, based on data from its Nectar card loyalty scheme, Sainsbury's associates reliable, predictable patterns of visits to stores with safer and more cautious driving, and therefore offers those individuals cheaper insurance. For some products, Sainsbury's also mines…