Advanced Search
Content Type: Report
Back in October 2019, PI started investigating advertisers who uploaded personal data to Facebook for targeted advertising purposes. We decided to take a look at "Advertisers Who Uploaded a Contact List With Your Information", a set of information that Facebook provides to users about advertisers who upload files containing their personal data (including unique identifier such as phone numbers, emails etc...). Looking at the limited and often inaccurate information provided by Facebook through…
Content Type: News & Analysis
A few weeks ago, its name would probably have been unknown to you. Amidst the covid-19 crisis and the lockdown it caused, Zoom has suddenly become the go-to tool for video chat and conference calling, whether it’s a business meeting, a drink with friends, or a much needed moment with your family. This intense rise in use has been financially good to the company, but it also came with a hefty toll on its image and serious scrutiny on its privacy and security practices.
While Zoom already had a…
Content Type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content Type: Examples
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…
Content Type: Examples
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum…
Content Type: Case Study
In Peru, you get asked for your fingerprint and your ID constantly - when you’re getting a new phone line installed or depositing money in your bank account – and every Peruvian person has an ID card, and is included in the National Registry of Identity – a huge database designed to prove that everyone is who they say they are. After all, you can change your name, but not your fingerprint.
However, in 2019 the National Police of Peru uncovered a criminal operation that was doing just that:…
Content Type: Long Read
Sitting on the ground inside an unadorned courtyard in Koira Tegui, one of Niamey’s most popular districts, Halimatou Hamadou shows a copy of what, she’s been told, is a certificate of birth.
The 33 year old woman, who’s unable to read and write, received it days earlier during a crowded public ceremony at a nearby primary school.
“It’s my first document ever,'' she says, with surprise.
Thanks to the paper, she’ll be able to take part in a crucial passage for the future of Niger: the…
Content Type: Long Read
In this piece we examine mobile phone extraction, relying on publicly available information and Privacy International’s experience from conducting mobile phone extraction using a Cellebrite UFED Touch 2. We welcome input from experts in the field. This is a rapidly developing area. Just as new security features are announced for phones, so too new methods to extract data are found.
[All references can be found in the pdf version below.]
General explanation of mobile phone…
Content Type: News & Analysis
Photo by Daniel Jensen on Unsplash
Everyone is talking about Facebook's end-to-end encryption plans and the US, UK and Australian government's response. Feeling lost? Here is what you need to know.
What's Facebook trying to do?
First let's be clear: Facebook has many faults when it comes to privacy. It's also suffered a number of security failures recently. See here for instance.
In response to their successive failures to protect your privacy, Facebook announced in their 'pivot to privacy…
Content Type: News & Analysis
Image: The Great Hack publicity still, courtesy of Netflix.
This is a review of the documentary 'The Great Hack' originally published on IMDb.
This documentary is a fascinating account of The Facebook/Cambridge Analytica data scandal.
In early 2018, Cambridge Analytica became a household name. The company had exploited the personal data of millions of Facebook users, without their knowledge or consent, and used it for political propaganda.
At a running time of almost two hours, The Great…
Content Type: Examples
The Lumi by Pampers nappies will track a child's urine (not bowel movements) and comes with an app that helps you "Track just about everything". The activity sensor that is placed on the nappy also tracks a baby's sleep.
Concerns over security and privacy have been raised, given baby monitors can be susceptible to hackers and any app that holds personal information could potentially expose that information.
Experts say the concept could be helpful to some parents but that there…
Content Type: Video
Watch our video primer (1m54s) on how political advertisers use highly detailed data about you to target political adverts at you.
Read about some simple steps you can take to minimise the amount of political ads you see online and questions you can be asking of those that profit from your data.
Content Type: Examples
In August 2017, it was reported that a researcher scraped videos of transgender Youtubers documenting their transition process without informing them or asking their permission, as part of an attempt to train artificial intelligence facial recognition software to be able to identify transgender people after they have transitioned.
These videos were primarily of transgender people sharing the progress and results of hormone replacement therapy, including video diaries and time-lapse videos. The…
Content Type: Video
In April 2019 Ukraine held presidential elections. We were in Kyiv to hear about people's experience monitoring online disinformation – a big issue in this election. Activists in Ukraine have long experience navigating the noisy and chaotic environment that disinformation creates – which comes not only from Russia, but also from domestic politicians and others with money and power.
At PI, we’re working to make sure that the way data is used by political actors and…
Content Type: Examples
In January 2019, Facebook announced that as of February 28 the site would add more information to that displayed when users click on the "Why am I seeing this?" button that appears next to ads on the service. Along with the brand that paid for the ad, some of the biographical details they'd targeted, and whether they'd uploaded the user's contact information, Facebook would also show when the contact information was uploaded, whether it was by the brand or one of their partners, and when access…
Content Type: News & Analysis
In December 2018, we revealed how some of the most widely used apps in the Google Play Store automatically send personal data to Facebook the moment they are launched. That happens even if you don't have a Facebook account or are logged out of the Facebook platform (watch our talk at the Chaos Communication Congress (CCC) in Leipzig or read our full legal analysis here).Today, we have some good news for you: we retested all the apps from our report and it seems as if we…
Content Type: Examples
In August 2018, banks and merchants had begun tracking the physical movements users make with input devices - keyboard, mouse, finger swipes - to aid in blocking automated attacks and suspicious transactions. In some cases, however, sites are amassing tens of millions of identifying "behavioural biometrics" profiles. Users can't tell when the data is being collected. With passwords and other personal information used to secure financial accounts under constant threat from data breaches, this…
Content Type: Examples
Cookies and other tracking mechanisms are enabling advertisers to manipulate consumers in new ways. For $29, The Spinner will provide a seemingly innocent link containing an embedded cookie that will allow the buyer to deliver targeted content to their chosen recipient. The service advertises packages aimed at men seeking to influence their partners to initiate sex, people trying to encourage disliked colleagues to seek new jobs, and teens trying to get their parents to get a dog. However,…
Content Type: Examples
In October 2018, researcher Johannes Eichstaedt led a project to study how the words people use on social media reflect their underlying psychological state. Working with 1,200 patients at a Philadelphia emergency department, 114 of whom had a depression diagnosis, Eichstaedt's group studied their EMRs and up to seven years of their Facebook posts. Matching every person with a depressive diagnosis with five who did not, to mimic the distribution of depression in the population at large, from…
Content Type: Examples
In 2017, Britain's' two biggest supermarkets, Tesco and Sainsbury's, which jointly cover 45% of the UK's grocery market, announced they would offer discounts on car and home insurance based on customers' shopping habits. For example, based on data from its Nectar card loyalty scheme, Sainsbury's associates reliable, predictable patterns of visits to stores with safer and more cautious driving, and therefore offers those individuals cheaper insurance. For some products, Sainsbury's also mines…
Content Type: Examples
In 2018, based on an analysis of 270,000 purchases between October 2015 and December 2016 on a German ecommerce site that sells furniture on credit, researchers at the National Bureau of Economic Research found that variables such as the type of device could be used to estimate the likelihood that a purchaser would default. The difference in rates of default between users of iOS and Android was about the same as the difference between a median FICO credit score and the 80th percentile of FICO…
Content Type: Impact Case Study
What HappenedOn 5 June 2013, The Guardian published the first in a series of documents disclosed by Edward Snowden, a whistleblower who had worked with the NSA. The documents revealed wide-ranging mass surveillance programs conducted by the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), which capture the communications and data of hundreds of millions of people around the world. In addition to revealing the mass surveillance programs of the NSA…
Content Type: Examples
In June 2018, Uber filed a US patent application for technology intended to help the company identify drunk riders by comparing data from new ride requests to past requests made by the same user. Conclusions drawn from data such as the number of typos or the angle at which the rider is holding the phone would determine which, if any, driver they were matched with. What plans the company may have for the technology is unknown; however, critics expressed concerns that it could deter prospective…
Content Type: Examples
In April 2018, the Austrian cabinet agreed on legislation that required asylum seekers would be forced to hand over their mobile devices to allow authorities to check their identities and origins. If they have been found to have entered another EU country first, under the Dublin regulation, they can be sent back there. The number of asylum seekers has dropped substantially since 2016, when measures were taken to close the Balkan route. The bill, which must pass Parliament, also allows the…
Content Type: Examples
In a 2018 interview, the Stanford professor of organisational behaviour Michal Kosinski discussed his research, which included a controversial and widely debunked 2017 study claiming that his algorithms could distinguish gay and straight faces; a 2013 study of 58,000 people that explored the relationship between Facebook Likes and psychological and demographic characteristics; and the myPersonality project, which collected data on 6 million people via a personality quiz that went viral on…
Content Type: Examples
In 2018, a Duke University medical doctor who worked with Microsoft researchers to analyse millions of Bing user searches found links between some computer users' physical behaviours - tremors while using a mouse, repeated queries, and average scrolling speed - and Parkinson's disease. The hope was to be able to diagnose conditions like Parkinson's and Alzheimer's earlier and more accurately. Other such studies tracked participants via a weekly online health survey, mouse usage, and, via…
Content Type: Examples
In 2017, the Massachusetts attorney general's office reached an agreement under which Boston-based Copley Advertising agreed to eschew sending mobile ads to patients visiting Planned Parenthood and other health clinics. In 2015, Copley's geofencing technique used location information from smartphones and other internet-enabled devices to target "abortion-minded" women and send them ads for alternatives to abortion in a campaign it conducted on behalf of a Christian pregnancy counselling and…
Content Type: Examples
In 2011, the US Department of Homeland Security funded research into a virtual border agent kiosk called AVATAR, for Automated Virtual Agent for Truth Assessments in Real-Time, and tested it at the US-Mexico border on low-risk travellers who volunteered to participate. In the following years, the system was also tested by Canada's Border Services Agency in 2016 and the EU border agency Frontex in 2014. The research team behind the system, which included the University of Arizona, claimed the…
Content Type: Examples
In July 2014, a study conducted by Adam D. I. Kramer (Facebook), Jamie E. Guillory, and Jeffrey T. Hancock (both Cornell University) and published by the Proceedings of the National Academy of Sciences alerted Facebook users to the fact that for one week in 2012 689,003 of them had been the subjects of research into "emotional contagion". In the study, the researchers changed randomly selected users' newsfeeds to be more positive or negative to study whether those users then displayed a more…
