Advanced Search
Content Type: Long Read
Introduction
In August 2019, when Facebook announced a few new features for advertisers such as ads in search, PI decided to take an in-depth look at what features the company offers its users when it comes to understanding its advertising practices. One of these features, which caught our attention is Facebook Ads Preference, a tool that among other things, lists businesses/advertisers that have uploaded your personal data to target you with (or exclude you from) ads on the platform.
Content Type: Report
Back in October 2019, PI started investigating advertisers who uploaded personal data to Facebook for targeted advertising purposes. We decided to take a look at "Advertisers Who Uploaded a Contact List With Your Information", a set of information that Facebook provides to users about advertisers who upload files containing their personal data (including unique identifier such as phone numbers, emails etc...). Looking at the limited and often inaccurate information provided by Facebook through…
Content Type: News & Analysis
Political campaigns around the world have turned into sophisticated data operations. They rely on data- your data- to facilitate a number of decisions: where to hold rallies, which States or constituencies to focus resources on, which campaign messages to focus on in which area, and how to target supporters, undecided voters, and non-supporters.
While data driven political campaigns are not new, the granularity of data available and the potential power to sway or suppress voters through that…
Content Type: News & Analysis
A few weeks ago, its name would probably have been unknown to you. Amidst the covid-19 crisis and the lockdown it caused, Zoom has suddenly become the go-to tool for video chat and conference calling, whether it’s a business meeting, a drink with friends, or a much needed moment with your family. This intense rise in use has been financially good to the company, but it also came with a hefty toll on its image and serious scrutiny on its privacy and security practices.
While Zoom already had a…
Content Type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content Type: Examples
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…
Content Type: Examples
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum…
Content Type: Case Study
In Peru, you get asked for your fingerprint and your ID constantly - when you’re getting a new phone line installed or depositing money in your bank account – and every Peruvian person has an ID card, and is included in the National Registry of Identity – a huge database designed to prove that everyone is who they say they are. After all, you can change your name, but not your fingerprint.
However, in 2019 the National Police of Peru uncovered a criminal operation that was doing just that:…
Content Type: News & Analysis
On New Year's Day, the Twitter account @HindsightFiles began publishing internal communications and documents from the now defunct SCL Group, dating from 2014-2018. They came from the hard drive of Brittany Kaiser, who held several senior positions at SCL Group including at one of its subsidiaries, Cambridge Analytica, and featured in the Netflix documentary "The Great Hack".
Privacy International first investigated Cambridge Analytica in 2017. We questioned the company's role in the Kenyan…
Content Type: Long Read
We are excited to spotlight our Reproductive Rights and Privacy Project!
The Project is focused on researching and exposing organisations that collect and exploit the information of those seeking to exercise their reproductive rights. Working together with PI partners, other international grassroots organisations and NGOs, PI is researching and advocating against this data exploitation.
So, what are reproductive rights?
Sexual and reproductive rights, which are contained within Economic,…
Content Type: Long Read
Sitting on the ground inside an unadorned courtyard in Koira Tegui, one of Niamey’s most popular districts, Halimatou Hamadou shows a copy of what, she’s been told, is a certificate of birth.
The 33 year old woman, who’s unable to read and write, received it days earlier during a crowded public ceremony at a nearby primary school.
“It’s my first document ever,'' she says, with surprise.
Thanks to the paper, she’ll be able to take part in a crucial passage for the future of Niger: the…
Content Type: Long Read
In this piece we examine mobile phone extraction, relying on publicly available information and Privacy International’s experience from conducting mobile phone extraction using a Cellebrite UFED Touch 2. We welcome input from experts in the field. This is a rapidly developing area. Just as new security features are announced for phones, so too new methods to extract data are found.
[All references can be found in the pdf version below.]
General explanation of mobile phone…
Content Type: News & Analysis
Photo by Daniel Jensen on Unsplash
Everyone is talking about Facebook's end-to-end encryption plans and the US, UK and Australian government's response. Feeling lost? Here is what you need to know.
What's Facebook trying to do?
First let's be clear: Facebook has many faults when it comes to privacy. It's also suffered a number of security failures recently. See here for instance.
In response to their successive failures to protect your privacy, Facebook announced in their 'pivot to privacy…
Content Type: News & Analysis
Image: The Great Hack publicity still, courtesy of Netflix.
This is a review of the documentary 'The Great Hack' originally published on IMDb.
This documentary is a fascinating account of The Facebook/Cambridge Analytica data scandal.
In early 2018, Cambridge Analytica became a household name. The company had exploited the personal data of millions of Facebook users, without their knowledge or consent, and used it for political propaganda.
At a running time of almost two hours, The Great…
Content Type: News & Analysis
We found this image here.
Today, a panel of competition experts, headed by Professor Jason Furman, the former chief economic adviser of in the Obama administration, confirmed that tech giants, like Facebook, Amazon, Google, Apple and Microsoft, do not face enough competition.
Significantly, the report finds that control over personal data by tech giants is one of the main causes preventing competition and ultimately innovation.
Privacy International's research has shown clear examples of…
Content Type: Impact Case Study
What HappenedOn 5 June 2013, The Guardian published the first in a series of documents disclosed by Edward Snowden, a whistleblower who had worked with the NSA. The documents revealed wide-ranging mass surveillance programs conducted by the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), which capture the communications and data of hundreds of millions of people around the world. In addition to revealing the mass surveillance programs of the NSA…
Content Type: Examples
In April 2018, the Austrian cabinet agreed on legislation that required asylum seekers would be forced to hand over their mobile devices to allow authorities to check their identities and origins. If they have been found to have entered another EU country first, under the Dublin regulation, they can be sent back there. The number of asylum seekers has dropped substantially since 2016, when measures were taken to close the Balkan route. The bill, which must pass Parliament, also allows the…
Content Type: Examples
In a report on mobile security updates, the US Federal Trade Commission finds that because of the complexity of the mobile ecosystem applying security updates to operating system software on some mobile devices is time-consuming and complicated. Based on information gathered from eight device manufacturers - Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung, the FTC recommends that manufacturers should deploy these updates more quickly and suggests that manufacturers should…
Content Type: Impact Case Study
What is the problem
Business models of lots of companies is based on data exploitation. Big Tech companies such Google, Amazon, Facebook; data brokers; online services; apps and many others collect, use and share huge amounts of data about us, frequently without our explicit consent of knowledge. Using implicit attributes of low-cost devices, their ‘free’ services or apps and other sources, they create unmatched tracking and targeting capabilities which are being used against us.
Why it is…
