Search
Content type: News & Analysis
Taylor Swift may be tracking you, particularly if you were at her Rose Bowl show in May.
According to an article published by Vanity Fair, at Swift’s concert at the California stadium, fans were drawn to a kiosk where they could watch rehearsal clips. At the same time – and without their knowledge - facial-recognition cameras were scanning them, and the scans were then reportedly sent to a “command post” in Nashville, where they were compared to photos of people who are known…
Content type: Examples
In 2018, a group of researchers from the Campaign for Accountability posed as Russian trolls and were able to purchase divisive online ads and target them at Americans using Google's advertising platform. The researchers constructed fake profiles using the name and identifying details of the Internet Research Agency, a known Kremlin-linked troll farm; the ads appeared on the YouTube channels and websites belonging to CNN, CBS, Huffington Post, and the Daily Beast. The ads were approved in less…
Content type: Examples
In May 2018, researchers in the US and China demonstrated that they could send commands that activate Apple's Siri, Amazon's Alexa, and Google Assistant but that are inaudible to the human ear. The researchers were able to make smartphones and smart speakers dial phone numbers and open websites; the potential is there to make them operate Internet of Things devices, wire money, or execute retail transactions by hiding commands in music or other audio.
https://www.nytimes.com/2018/05/10/…
Content type: Examples
In September 2018, a number of people whose Google Pixel phones, Essential Phone, OnePlus 6, Nokia handsets, and other devices running Android 9 Pie discovered that the devices had, apparently autonomously, activated the software's Battery Saver feature. Google later explained that an internal experiment to test battery-saving features had accidentally - and erroneously - been rolled out to more users than it had intended. The silent and invasive nature of the mistake made it particularly…
Content type: Examples
In October 2018, a transparency report from the smart home company Nest, which Google acquired for $3.2 billion in 2014, found that between 2015 and 2018 Nest had been told to hand over data on 300 separate occasions relating to up to 525 Nest account holders. Nest turned over data in fewer than 20% of the cases in the first half of 2018, down from the second half of 2015, when the company complied nearly 60% of the time. Nest is best known for its smart thermostats, but it also makes…
Content type: Examples
In September 2018, AI Now co-founder Meredith Whittaker sounded the alarm about the potential for abuse of the convergence of neuroscience, human enhancement, and AI in the form of brain-computer interfaces. Part of Whittaker's concern was that the only companies with the computational power necessary to develop these technologies are those already leading in AI: Google, Facebook, Microsoft, and equivalent. The result would be that the neural data collected from individuals' thoughts would be…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.com/v3.0/115882278440564?fields=…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The app sends the following HTTP GET request to graph.facebook.com
GET https://…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.…
Content type: App Analysis
This app prerequest permissions when installing from the app store, a screenshot is attached for reference
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
format: json
sdk: android
event…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
Form data:
format: json
sdk: android…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the app sends the following HTTP GET request to graph.facebook.com
GET https://graph.facebook.com/v2.11/174829003346?fields=…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
format: json
sdk: android
event…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
The app sends the following HTTP GET request to graph.facebook.com
GET https://graph.facebook.com/v2.9/651942978220795?fields=supports_implicit_sdk_logging%2Cgdpv4_nux_content%…
Content type: Long Read
As our four year battle against the UK government’s extraordinarily broad and intrusive hacking powers goes to the Supreme Court, we are launching a new fundraising appeal in partnership with CrowdJustice.
We are seeking to raise £5k towards our costs and need your help. If we lose, the court may order us to pay for the government’s very expensive army of lawyers. Any donation you make, large or small, will help us both pursue this important case and protect the future ability of…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
Form data:
format: json
sdk: android…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.Test user action 1: The user taps on the application icon, which opens the applicationResponse from app: The application is initialised and the following data is sent and received by the app:Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)format: json
sdk: android
event…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following GET request was made:
GET https://graph.facebook.com/v3.1/97534753161…
Content type: Long Read
It’s 15:10 pm on April 18, 2018. I’m in the Privacy International office, reading a news story on the use of facial recognition in Thailand. On April 20, at 21:10, I clicked on a CNN Money Exclusive on my phone. At 11:45 on May 11, 2018, I read a story on USA Today about Facebook knowing when teen users are feeling insecure.
How do I know all of this? Because I asked an advertising company called Quantcast for all of the data they have about me.
Most people will have never heard of…
Content type: Examples
In 2010, customers of the online shoe retailer Zappos, which was acquired by Amazon in 2009, began noticing that recommendations for products they had viewed on the site were following them around the web. The culprit was a then-new practice known as "retargeting", which uses cookies to identify users as they move around the web. The source was quickly - via links on the ads themselves - identified as the French company Criteo, which tells retailers its personalised banners will help them "…
Content type: Examples
In 2018, a week before the General Data Protection Regulation came into force in the EU, Quantcast and several other publishing industry groups complained that Google in an open letter that Google was imposing GDPR risks on publishers and consumers. Under the system Google proposed for GDPR compliance, Google would impose limits on the number of technical vendors publishers could work with, thereby limiting innovation and competition, had yet to commit to joining the IAB Europe's Transparency…
Content type: Examples
In September 2017, unrelated to the massive data breach the company simultaneously announced, Equifax withdrew its mobile apps from Apple's App Store and Google Play because of security flaws that meant that data transferred between users and Equifax was not encrypted in transmission. Given the flaws in implementing HTTPS, attackers could inject their own markup, including JavaScript - which in turn would allow them to ask for any information they wanted without any indication to the user that…
Content type: Examples
In 2017, a group of data brokers led by Acxiom, AppNexus, and MediaMath, and including Index Exchange, LiveIntent, OpenX, and Rocket Fuel,
launched a consortium to make targeted programmatic advertising more widely available. Part of the consortium's goal is to enable the companies involved to compete better with Google's Ad words and Facebook's ad platform, which together account for 48% of all digital advertising spend. The consortium also intended to create a common omnichannel, people-…
Content type: Long Read
Photo Credit: Max Pixel
The fintech sector, with its data-intensive approach to financial services, faces a looming problem. Scandals such as Cambridge Analytica have brought public awareness about abuses involving the use of personal data from Facebook and other sources. Many of these are the same data sets that the fintech sector uses. With the growth of the fintech industry, and its increase in power and influence, it becomes essential to interrogate this use of data by the…