Search
Content type: Report
A video presentation of the finding of this report can be found here, as presented at 35th Chaos Computer Congress (35C3)
Previous research has shown how 42.55 percent of free apps on the Google Play store could share data with Facebook, making Facebook the second most prevalent third-party tracker after Google’s parent company Alphabet. In this report, Privacy International illustrates what this data sharing looks like in practice, particularly for people who do not have a Facebook account.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
format: json
sdk: android
event…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: Examples
Shortly before the November 2018 US midterm elections, the Center for Media and Democracy uncovered documents showing that the multi-billionaire Koch brothers have developed detailed personality profiles on 89 percent of the US population with the goal of using them to launch a private propaganda offensive to promote Republican candidates. The brothers have also developed "persuasion models" and partnered with cable and satellite TV providers to target voters with tailored messaging during TV…
Content type: Examples
In 2018, 17 US states and the District of Columbia filed suit to block the addition of a citizenship question to the 2020 census. Emails released as part of the lawsuit show that the administration began pushing to add the question as early as the beginning of 2017, claiming it was to improve enforcement of the 1965 Voting Rights Act. Critics, however, say the question will depress response rates, make the count more expensive and less accurate, and believe the question is intended to…
Content type: Examples
In July 2018, Robert Mueller, the special prosecutor appointed to look into Russian interference in the 2016 US presidential election, charged 12 Russian intelligence officers with hacking Hillary Clinton's campaign and the Democratic National Committee by spearphishing staffers. The charges include conspiracy to commit an offence against the US, aggravated identity theft, conspiracy to launder money, and conspiracy to access computers without authorisation. The hack led to the release of…
Content type: Examples
Facebook ads purchased in May 2016 by the Internet Research Agency, a notorious Russian troll farm, urged users to install the FaceMusic app. When installed, this Chrome extension gained wide access to the users' Facebook accounts and web browsing behaviour; in some cases it messaged all the user's Facebook Friends. The most successful of these ads specifically targeted American girls aged 14 to 17 and said the app would let them play their favourite music on Facebook for free and share it…
Content type: Examples
On the night of June 23, 2016, as the polls closed Britain's Sky News broadcast what sounded like a concession statement from Nigel Farage, the leader of the campaign to leave the EU, plus a YouGov exit poll indicating that the country had voted to remain; over an hour later, Farage reiterated his concession to the Press Association. The combination pushed up the pound on the world's foreign exchanges. A few hours later, when the true result was announced, the pound crashed - but in between a…
Content type: Examples
"Buzzer teams" - teams employed to amplify messages and create a buzz on social media - were used by all candidates in the 2017 Indonesian general elections. Coordinated via WhatsApp groups, many of the teams opened fake accounts to spread both positive and negative messages, as well as hate speech. The operators of the most influential accounts could command $1,400 for a single tweet.
https://www.theguardian.com/world/2018/jul/23/indonesias-fake-twitter-account-factories-jakarta-politic…
Content type: Examples
The Tel-Aviv-based private intelligence firm Black Cube, which is largely staffed by former Israeli intelligence operatives, was involved in a campaign to attack NGOs and businessman-turned-philanthropist George Soros during Hungary's election campaign. Between December 2017 and March 2018, agents using false identities secretly recorded the results of contacts with Hungarian NGOs and individuals connected to Soros. The recordings began appearing in the press three weeks before the election,…
Content type: Examples
In March 2018, Indian Congress president Rahul Gandhi tweeted that the Naramendra Modi app issued by India's ruling Bharatiya Janata Party was leaking user data. The app is intended to spearhead BJP's social media strategy in the run-up to the 2019 general elections; the party hopes to use it to mobilise 100 million BJP members and has set a target of 100,000 downloads for each district. Both privacy activists and political rivals complained that the app asks for too many permissions, is…
Content type: Examples
In May 2018, a report form Strathmore University's Centre for Intellectual Property and Information Technology (CIPIT) found that some staff at Kenya's Independent Electoral and Boundaries Commission who were mandated to protect voter data made millions of Kenyan shillings by illegally selling private voter data to politicians during the 2017 general election. CIPIT collected campaign messages sent by candidates for MP, Member of County Assembly, the Senate, and representative of women. Any…
Content type: Examples
In November 2018, the UK government announced it would pilot voter ID for in 11 local authorities during thte 2019 local elections in order to gain insight into ensuring voting security and lowering the risk of voter fraud. The Cabinet Office deemed the pilots conducted in five local authorities during the 2018 local elections to be a success. Four models of checking are under consideration: photo ID (Pendle, East Staffordshire, Woking); one photo or up to two non-photo IDs (Ribble Valley,…
Content type: Examples
With only days to go before the 2018 US midterm elections, a federal judge ruled that the state of Georgia must change its "exact match" law that required voter registrations with even the tiniest variation from other official identifications to be flagged as potential non-citizens unless they could produce proof of identity. A group of civil rights groups sued Republican secretary of state Brian Kemp, in charge of the elections despite also running for governor, to change the procedure, which…
Content type: Examples
In August 2018, the US Democratic National Committee notified the FBI that the San Francisco-based security company Lookout and the cloud service provider DigitalOcean had detected an attempted hack targeted at the DNC voter database. The attack took the form of a fake DNC login page intended to trick people into disclosing their usernames and passwords thinking they were accessing the DNC's VoteBuilder platrform. Lookout believes it found the site within 30 minutes of its going up online, but…
Content type: Examples
Shortly before the 2018 US midterm elections, Georgia secretary of state and gubernatorial candidate Brian Kemp accused Georgia's Democratic Party of hacking into the state's voter registration database, though without providing any evidence to support the claim. The motives behind the claim were unclear, but a report published by WhoWhatWhy suggested that the claim may have referred to a cybersecurity investigation conducted by the Democrats that uncovered significant flaws in the state's…
Content type: Examples
A database compiled through investigations conducted in 2018 by the Guardian and the Undercover Research Group network of activists shows that undercover police officers spied on 124 left-wing activist groups between 1970 and 2007. The police infiltrated 24 officers over that time within the Socialist Workers Party, which, with a membership of a few thousand, advocates revolution to ablish capitalism. Four of these undercover officers began sexual relationships with deceived female members, and…
Content type: Examples
In 2018, the UK Information Commissioner's Office fined Emma's Diary, a site offering pregnancy and childcare advice owned by Lifecycle Marketing (Mother and Baby) Ltd, £140,000 for collecting and selling personal information belonging to more than 1 million people without disclosing in the site's privacy policy how it would be used. Although Lifecycle denied the allegations, the ICO found that the company sold the data to Experian Marketing Services to build into profiles for use by the…
Content type: Examples
A 2018 study of the use of biometric technology for voter identification and verification in Ghana in 2012 called the effort a failure. It's not enough, the researchers argue, for biometrics to be technically sound; for the technology to function as intended registration centres must have real-time connectivity to an electronic national register, electoral officials need to be trained intensively both to operate the machines and to handle outliers and breakdowns. The biometrics themselves are…
Content type: Examples
Under a clause in the country's computer crime act that criminalises uploading content that is false or causes "panic", in 2018, Thailand's ruling military junta pursued a criminal investigation into a live feed on the Facebook page belonging to the rising Future Forward Party. The postings claimed that the governing party, the National Council for Peace and Order, which seized power in 2014 was using the threat of lawsuits to recruit former MPs from rival parties. The NCPO has promised to hold…
Content type: Examples
In July 2018, Election Systems and Software (ES&S), long the top US manufacturer of voter machines, admitted in a letter to Senator Ron Wyden (D-OR) that it had installed pcAnywhere remote access software and modems on a number of the election management systems it had sold between 2000 and 2006. The admission was in direct contradiction to the company's response for a New York Times article earlier in the year on US voting machines' vulnerability to hacking. ES&S says it stopped…
Content type: Examples
In the run-up to the November 2018 US midterm elections, Vice tested Facebook's new system of mandatory "Paid for" disclosure intended to bring greater transparency to the sources of ads relating to "issues of national importance". Placing political ads requires a valid ID and proof of residence. Vice found that Facebook quickly approved ads the site attempted to place that named Islamic State, US vice president Mike Pence, and Democratic National Committee chair Tom Perez in the "Paid for"…
Content type: Examples
A combination of entrenched and litigious voting machine manufacturers with immense control over their proprietary software and a highly complex and fragmented voting infrastructure mean that even though concerns were raised as early as 2004 about the security of US voting machines, the 2018 midterm election saw little improvement. The machines in use in the more than 10,000 US election jurisdictions are all either optical-scan or direct-recording electronic (DRE). Optical-scan, which scans…
Content type: Examples
In September 2018, when Massachusetts state police tweeted a map of responses to fires and explosions during a gas emergency, they inadvertently revealed that they were closely monitoring several activist groups, including a Facebook group for Mass Action Against Police Brutality, the Coalition to Organize and Mobilize Boston Against Trump, Facebook 413, Facebook MA Activism, and Resistance Calendar. The image was taken down and cropped after half an hour, but it spurred journalists to ask…
Content type: Examples
In September 2018, Google warned a selection of US senators and their aides that their Gmail accounts were being targeted by foreign government hackers. Google has issued warnings of phishing attempts by state-sponsored actors since 2012, though getting a notice does not mean the account has been compromised.
https://www.cnet.com/news/google-warns-us-senators-of-foreign-hackers-targeting-their-gmail-accounts/
Writer: Richard Nieva
Publication: CNet
Content type: Examples
In the run-up to the 2018 US mid-term elections, researchers found that the dissemination of fake news on Facebook was increasingly a domestic American phenomenon rather than, as in the 2016 presidential election, an effort driven by state-backed Russian operatives. Removing such accounts (Twitter) and pages (Facebook) is tricky in the US, where the boundary between free speech and disinformation is particularly sensitive. In addition, domestic disinformation is harder to distinguish. One of…
Content type: Examples
In the months leading up to the US 2018 midterm elections, Republican officials in Georgia, Texas, and North Carolina made moves they described as ensuring voting integrity but which critics saw as blocking voter access. In Georgia, where Secretary of State Brian Kemp is charged with enforcing election law and was simultaneously running for governor, election officials blocked 53,000 applications to register, 70% of which are those of African-Americans, under a law requiring personal…
Content type: Examples
In 2018, after the UK Cabinet Office said a trial of compulsory voter ID was necessary because reports of voter fraud had more than doubled between the 2014 and 2016 elections - a claim immediately disputed by a voter and upheld by the UK Statistics Authority. While it was true that there were 21 reports in 2014 and 44 in 2016, the number fell to 28 in 2017, small numbers to begin with. Crucially, more than twice as many people voted in 2016, the year of the EU referendum. None of the five…