Search
Content type: Explainer
PI has long worked on the exploitation of data by companies. We've filed complaints against companies that constantly track you around the internet, we've shown how numerous phone apps share data with Facebook, we've exposed how advertisers track visitors on mental health websites, we've shown how period tracking apps collect and share data of users (including whether they are having unprotected sex or not!), exposed how major tech companies are not providing meaningful transparency to their…
Content type: News & Analysis
Yesterday, we found out that Google has been reported to collect health data records as part of a project it has named “Project Nightingale”. In a partnership with Ascension, Google has purportedly been amassing data for about a year on patients in 21 US states in the form of lab results, doctor diagnoses and hospitalization records, among other categories, which amount to a complete health history, including patient names and dates of birth.
This comes just days after the news of Google'…
Content type: News & Analysis
Even if we are not Fitbit users, we all need to stop and think about the implications of this merger. There is a reason that our health data is subject to higher levels of protection - its intimate, reveals vast amounts about our everyday lives, and the potential consequences if exploited can be devastating. Google should be keeping its hands off our health data.
Sign our letter to the European Commission, asking them to block the Google/Fitbit merger.
Let's tell Google, 'NOT ON OUR WATCH!'
Content type: Long Read
[Photo credit: Images Money]
The global counter-terrorism agenda is driven by a group of powerful governments and industry with a vested political and economic interest in pushing for security solutions that increasingly rely on surveillance technologies at the expenses of human rights.
To facilitate the adoption of these measures, a plethora of bodies, groups and networks of governments and other interested private stakeholders develop norms, standards and ‘good practices’ which often end up…
Content type: Long Read
In this piece we examine mobile phone extraction, relying on publicly available information and Privacy International’s experience from conducting mobile phone extraction using a Cellebrite UFED Touch 2. We welcome input from experts in the field. This is a rapidly developing area. Just as new security features are announced for phones, so too new methods to extract data are found.
[All references can be found in the pdf version below.]
General explanation of mobile phone…
Content type: News & Analysis
The latest news of Twitter “inadvertently” sharing email addresses or phone numbers provided for safety or security purposes (for example, two-factor authentication) for advertising purposes is extremely concerning for several reasons.
First of all, it is not the first time for Twitter's used people's data in ways they wouldn't expect or that ignores their choices: in August, the company disclosed that it may have shared data on users with advertising partners, even if they had opted out from…
Content type: News & Analysis
Today’s announcement regarding the UK and US agreement signed pursuant to the US CLOUD Act is being touted on both sides of the Atlantic as a major victory for law enforcement and security. But it is a step backward for privacy.
And it’s far more complicated than their press release and letter to industry.
The agreement replaces the prior system, under which law enforcement agencies from around the world, including the UK, had to meet US legal standards in order to get access to content held…
Content type: Long Read
An analysis of what Facebook, Google, and Twitter have done to provide users with political ad transparency as of September 2019. Our full analysis is linked below.
Recently the role of social media and search platforms in political campaigning and elections has come under scrutiny. Concerns range from the spread of disinformation, to profiling of users without their knowledge, to micro-targeting of users with tailored messages, to interference by foreign entities, and more. Significant…
Content type: Examples
Rewire.News has reported that Google apparently remains unwilling to differentiate its Maps search results between clinics in the US that offer abortion care and faith-based organisations that do not provide abortion care.
Rewire.News reports that, in contrast Yelp "made a concerted effort" to ensure that the company differentiated between faith-based centres, also known as crisis pregnancy centres in the US, and medical facilities that provided medical reproductive healthcare, including…
Content type: Explainer
Abstract
Over the past few years, smart phones have become incredibly inexpensive, connecting millions of people to the internet for the first time. While growing connectivity is undeniably positive, some device vendors have recently come under scrutiny for harvesting user data and invasive private data collection practices.
Due to the open-source nature of the Android operating system vendors can add pre-installed apps (often called “bundled apps” or "bloatware") to mobile phones.…
Content type: App Analysis
The following is the output from Pinoy of Exodus Standalone, by Exodus Privacy
{
"application": {
"name": "Pinoy",
"libraries": [],
"handle": "com.zed.pinoy",
"version_name": "4.19",
"uaid": "D850D2DCD60B3482C1012D8DCE0382CF7D66AEB6",
"permissions": [
"android.permission.READ_PHONE_STATE",
"android.permission.INTERNET",
"android.permission.ACCESS_NETWORK_STATE",
"android.permission.WRITE_EXTERNAL_STORAGE",
"android.permission.…
Content type: App Analysis
The following is the output from MyPhone Registration of Exodus Standalone, by Exodus Privacy
{
"trackers": [],
"apk": {
"path": "/media/transfer/AndroidAnaylsis/Library/OriginalAPKs/MyPhoneRegistration.apk",
"checksum": "584fb7efe352024b52e2584de6afd6944d5bdf038c6459200c5e4a021d3f096a"
},
"application": {
"libraries": [],
"version_code": "1",
"permissions": [
"android.permission.DISABLE_KEYGUARD",
"android.permission.RECEIVE_BOOT_COMPLETED…
Content type: App Analysis
The following is the output from Facebook Lite of Exodus Standalone, by Exodus Privacy
{
"trackers": [],
"apk": {
"checksum": "8cf800fbe1626468b7af1f3b59dae657f22f0a9fb3070b80122af6171df67689",
"path": "/media/transfer/AndroidAnaylsis/Queue/com.facebook.lite.apk"
},
"application": {
"name": "Lite",
"handle": "com.facebook.lite",
"uaid": "79CC550EE0002725D1108B4580200A40D6AFA2FD",
"version_name": "49.0.0.10.69",
"version_code": "63889098",
"…
Content type: App Analysis
The following is the output from Brown Portal of Exodus Standalone, by Exodus Privacy
{
"trackers": [],
"apk": {
"path": "/media/transfer/AndroidAnaylsis/Library/OriginalAPKs/BrownPortal.apk",
"checksum": "154622e8812f2db94bf717fc4aef29a5a24569b5940e7640915cf5958acd4ad9"
},
"application": {
"name": "Brown Portal",
"version_name": "1.1.2",
"permissions": [
"android.permission.WRITE_EXTERNAL_STORAGE",
"android.permission.INTERNET",
"android.…
Content type: Examples
Ahead of the Irish referendum to amend the Constitutions of Ireland to allow the parliament to legislative for abortion which took place in May 2018, Google decided to stop all advertising relating to the referendum on all of its advertising platforms, including AdWords and YouTube.
This followed decisions by Facebook to no longer accept advertising relating to the referendum funded by foreign organisations outside Ireland, and Twitter not allowing any advertising in relation to the…
Content type: Long Read
We found this image here.
Using Facebook, Google, and Twitter’s ad libraries, PI has tried to understand how political ads are targeted in the UK. This information – which should be very clear on political ads – is instead being squirreled away under multiple clicks and confusing headings.
Importantly, in most countries around the world, users cannot understand why they’re being targeted with political ads on these platforms at all. This is because Facebook, Google, and Twitter have taken…
Content type: News & Analysis
Photo by Jake Hills on UnsplashOur research has shown how some apps like Maya by Plackal Tech and MIA by Mobbap Development Limited were – at the time of the research – sharing your most intimate data about your sexual life and medical history with Facebook.Other apps like Mi Calendario, Ovulation Calculator by Pinkbird and Linchpin Health were letting Facebook know every time you open the app.We think companies like theses should do better and we are pleased to see some of them have already…
Content type: Long Read
In December 2018, Privacy international exposed the dubious practices of some of the most popular apps in the world.
Out of the 36 apps we tested, we found that 61% automatically transfer data to Facebook the moment a user opens the app. This happens whether the user has a Facebook account or not, and whether they are logged into Facebook or not. We also found that some of those apps routinely send Facebook incredibly detailed and sometimes sensitive personal data. Again, it didn’t matter if…
Content type: Long Read
A new study by Privacy International reveals how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
This article is part of a research led by Privacy International on mental health websites and tracking. Read our…
Content type: News & Analysis
This article is part of a research led by Privacy International on mental health websites and tracking. Read our full report.
According to the World Health Organisation (WHO), 25 percent of the European population suffers from depression or anxiety each year, yet about 50% of major depressions remain untreated. This means that everyday thousands of people are looking for information about depression online. They take tests to find out how serious their symptoms are, they try to access…
Content type: Advocacy
On 28 August 2019 PI joined International Privacy Network partner Asociación por los Derechos Civiles and others in writing to the Directors of Public Policy for Latin America at Facebook, Google, and Twitter. The letters outline what steps are needed to make the social media giants' ad archives effective. Earlier this year organisations across Europe, led by the Mozilla, wrote to the companies with similar guidelines - the letters sent today say that equivalent steps should be taken for ad…
Content type: Examples
After four years of negotiation, in 2017 Google began paying Mastercard millions of dollars for access to the latter's piles of transaction data as part of its "Stores Sales Measurement" service. Google, which claimed to have access to 70% of US credit and debit cards through partners, said that double-blind encryption prevents both partners from seeing the other's users' personally identifiable information. Mastercard said the company shares transaction trends with merchants and their service…
Content type: Explainer
Recently the role of social media and search platforms in political campaigning and elections has come under scrutiny. Concerns range from the spread of disinformation, to profiling of users without their knowledge, to micro-targeting of users with tailored messages, to interference by foreign entities, and more. Significant attention has been paid to the transparency of political ads - what are companies doing to provide their users globally with meaningful transparency into how they…
Content type: Examples
French website IVG.net, first Google result when typing IVG (Interuption Volontaire de Grossesse or abortion in french), has been exposed as being anti-abortion website spreading misinformation. Offering an official looking "Numero vert" (free to call phone number number), IVG.net attempts to convince pregnant women calling the service that abortion is a high risk operation which will have terrible impact on their health and personal life, pressuring women to not undertake such operation. The…
Content type: Long Read
Photo by David Werbrouck on Unsplash
This is an ongoing series about the ways in which those searching for abortion information and procedures are being traced and tracked online. This work is part of a broader programme of work aimed at safeguarding the dignity of people by challenging current power dynamics, and redefining our relationship with governments, companies, and within our own communities. As an enabling right, privacy plays an important role in supporting the exercise of…
Content type: Long Read
By Valentina Pavel, PI Mozilla-Ford Fellow, 2018-2019
Our digital environment is changing, fast. Nobody knows exactly what it’ll look like in five to ten years’ time, but we know that how we produce and share our data will change where we end up. We have to decide how to protect, enhance, and preserve our rights in a world where technology is everywhere and data is generated by every action. Key battles will be fought over who can access our data and how they may use it. It’s time to take…
Content type: Examples
Absher, an online platform and mobile phone app created by the Saudi Arabian government, can allow men to restrict women’s ability to travel, live in Saudi Arabia, or access government services. This app, which is available in the Google and Apple app stores, supports and enables the discriminatory male guardianship system in Saudi Arabia and violations of womens’ rights, including the right to leave and return to one’s own country. Because women in Saudi Arabia are required to have a male…
Content type: Long Read
Everyday objects and devices that can connect to the Internet -- known as the Internet of Things (IoT) or connected devices -- play an increasing role in crime scenes and are a target for law enforcement. Exploiting new technologies that are in our homes and on our bodies as part of criminal investigations and for use as evidence, raises new challenges and risks that have not been sufficiently explored.
We believe that a discussion on the exploitation of IoT by law enforcement would…