Search
Content type: Virtual Machine
The documentation below is a copy of the documentation found on Github: Interception environment on Github
Privacy International's data interception environment
Version: 2.1.2-20190730
Privacy International's data interception environment
Quick Start Guide
Step 0 - Prerequisites
Step 1 - Download
Step 2 - Importation
Step 3 - Initialising
Step 4 - Setup
Step 5 - Capture
Step 6 - Notes for Android Nougat or Later
Background
Theory
Implementation
Virtualbox (6.0.4)…
Content type: News & Analysis
In December 2018, we revealed how some of the most widely used apps in the Google Play Store automatically send personal data to Facebook the moment they are launched. That happens even if you don't have a Facebook account or are logged out of the Facebook platform (watch our talk at the Chaos Communication Congress (CCC) in Leipzig or read our full legal analysis here).
Today, we have some good news for you: we retested all the apps from our report and it seems as if we…
Content type: Report
6 March 2019
Privacy International (PI) has written Facebook to express our concern and request urgent answers regarding its policy on the sharing of mobile phone numbers of its users.
Alarmingly, recent reports say that some of the phone numbers provided by users for the express purpose of two-factor authentication (2FA) as a way of securing their accounts are now made searchable across the platform by default.
PI is concerned that allowing such numbers to be searchable…
Content type: Long Read
(In order to click the hyperlinks in the explainer below, please download the pdf version at the bottom of the page).
Content type: Explainer graphic
You can also read a more detailed explainer about body worn video cameras here.
Content type: Explainer graphic
You can also read a more detailed explainer about facial recognition cameras here.
Content type: Examples
By 2018, Palantir, founded in 2004 by Peter Thiel to supply tools for finding obscure connections by analysing a wide range of data streams to the Pentagon and the CIA for the War on Terror, was supplying its software to the US Department of Health and Human Services to detect Medicare fraud, to the FBI for criminal probes, and to the Department of Homeland Security to screen air travellers and monitor immigrants. It was also supplying its software to police and sheriff's departments in New…
Content type: Examples
In 2018, the Spanish La Liga app was found to be using the microphone and GPS to clamp down on bars infringing copyright by broadcasting matches without paying. Granting the app the permissions it requests at installation to access the mic and GPS location allows it to turn on the mic at any time. The company says that the audio clips it picks up are converted automatically into binary codes to identify illegal streams but are never listened to.
https://www.joe.co.uk/sport/la-liga-uses-its-…
Content type: Examples
In June 2018, a panel set up to examine the partnerships between Alphabet's DeepMind and the UK's NHS express concern that the revenue-less AI subsidiary would eventually have to prove its value to its parent. Panel chair Julian Huppert said DeepMind should commit to a business model, either non-profit or reasonable profit, and noted the risk that otherwise Alphabet would push the company to use its access to data to drive monopolistic profits. In that case, DeepMind would either have to…
Content type: Examples
In June 2018 Apple updated its app store policies to bar developers from collecting information from users' address books and selling it on. While some apps have a legitimate need to access users' contacts, collecting information unnecessarily is a common money-making tactic. How many apps were affected by the change is unknown.
https://www.washingtonpost.com/news/the-switch/wp/2018/06/13/apple-is-ending-apps-ability-to-secretly-sell-your-contacts-list/
writer: Hayley Tsukayama
publication:…
Content type: Examples
In 2018, an investigation found that children as young as nine in Hong Kong were exposing their identities online via Tik Tok, the most-downloaded iPhone app for creating and sharing short videos. Both Tik Tok and its sibling app Musical.ly, which is popular in Europe, Australia, and the US and allows users to create short lip-synched music videos - are owned by the Chinese company Bytedance. Tik Tok's service agreement says the app is not for use by those under 16. The app has only two options…
Content type: Examples
In 2018, the Brazil-based Coding Rights' feminist online cybersecurity guide Chupadados undertook a study of four popular period-tracking apps to find which best protected user privacy. Most, they found, rely on collecting and analysing data in order to be financially viable. The apps track more than just periods and ovulation; they ask for many intimate details about women's activities and health. The group found that the most trustworthy app was Clue, which is ad-free and optionally password-…
Content type: Advocacy
In October 2018, Privacy International submitted to the public consultation on the “Consolidated Guidance to Intelligence Officers and Service Personnel on the Detention and Interviewing of Detainees Overseas, and on the Passing and Receipt of Intelligence Relating to Detainees” (“Consolidated Guidance”) held by the Investigatory Powers Commissioner’s Office (“IPCO”).
Privacy International’s submission addresses the portions of the Consolidated Guidance on “the Passing and…
Content type: Examples
In May 2018, Slice Technologies, which provides the free Unroll.me email management service in return for data-mining individuals' email inboxes, announced it would discontinue offering its service in Europe rather than comply with the incoming General Data Protection Regulation. Unroll.me's privacy policy claims the right to share users' information with a range of third parties, and the company is known to have provided statistics about its users' Lyft receipts to Uber.
https://techcrunch.…
Content type: Examples
As part of efforts to tone down street fights at night Statumseind in Eindhoven, the Netherlands, the city has deployed technology: wifi trackers, cameras, and microphones attached to lamp posts detect aggressive behaviour and alert police. The data collected by these sensors is used to profile, nudge, or actively target people. However, the area does not notify visitors that data is being collected and kept. The eastern Dutch city of Enschede uses smartphones' wifi signals to identify and…
Content type: Examples
In November 2018 New York City's housing committee ruled that Airbnb must turn over the addresses and host names that use its service to the city's Office of Special Enforcement as part of a crackdown on illegal operators. The hotel industry contended in a report earlier in the year that around two-thirds of Airbnb's income from New York, which is one of Airbnb's top five markets, comes from rentals that violate the rule in most apartment buildings barring rentals of less than 30 days unless…
Content type: Examples
A 2018 law passed in Egypt requires ride-hailing services such as Uber and local competitor Careem to supply passenger data to the security agencies when requested to do so. More than 4 million people in Egypt have used Uber since it debuted there in 2014. While human rights advocates expressed concern at the weakness of the standard in the legislation, Uber called it a "progressive" regulation. A prior draft of the bill called for the data to be provided in real time and required the company…
Content type: Examples
In August 2018 the US Food and Drug Administration approved the first over-the-counter digital contraceptive, an app called Natural Cycles. The app, which analyses basal body temperature readings and monthly menstruation data to determine whether unprotected sex is likely to lead to pregnancy, sparked many public complaints of inaccuracy. Users pay $80 a year or $10 a month to use the app. However, the app's privacy policy also awards the Swedish maker broad rights to reuse and share the data…
Content type: Examples
In August 2018, domestic abuse victims, their lawyers, shelter workers, and emergency responders began finding that the Internet of Things was becoming an alarming new tool for harassment, monitoring, revenge, and control. Smartphone apps enable abusers to remotely control everyday objects inside their targets homes and use them to watch, listen, scare, or intimidate. Lack of knowledge about how the technology works and uncertainty about how much control the abusive partner has add a…
Content type: Examples
Semi-autonomous cars with built-in internet connections are increasingly being delivered with location tracking in place. Marketed as a convenience, the app FordPass links to Ford's Sync Infotainment system and can log frequent and recently visited locations. Similarly, GM Onstar's Family Link allows remote users to track family memories and receive alerts about the car's location. Although Ford says a "master reset" restores the car's factory settings, these systems still leave victims of…
Content type: Examples
In 2018, changes to Apple's rules for data collection led Facebook to withdraw its Onavo Protect VPN app from the app store. The app's function was to warn users when they were visiting potentially harmful websites and protected their data when using public wifi. However, the app also collected data on the other apps installed on the device, monitoring that violates Apple's changed rules. In response to accusations that Facebook used the data to identify and acquire competitors, the company…
Content type: Examples
In 2018, Wells Fargo disclosed that due to a computer bug that remained undiscovered for nearly five years 600 customers were granted more expensive mortgage loans than they could have qualified for. About 400 of them went on to lose their homes. The announcement reignited the public anger and distrust created by the bank's 2016 fake accounts scandal, which was attributed to a hard-driving, aggressive, pervasive sales culture that is difficult to change.
https://www.ft.com/content/dbc1d692-…
Content type: Examples
In August 2018, banks and merchants had begun tracking the physical movements users make with input devices - keyboard, mouse, finger swipes - to aid in blocking automated attacks and suspicious transactions. In some cases, however, sites are amassing tens of millions of identifying "behavioural biometrics" profiles. Users can't tell when the data is being collected. With passwords and other personal information used to secure financial accounts under constant threat from data breaches, this…
Content type: Long Read
(In order to click the hyperlinks in the explainer below, please download the pdf version at the bottom of the page).
Content type: News & Analysis
Privacy International welcomes the focus on data and privacy contained in the final report by the UK House of Commons Digital, Culture, Media and Sport Committee (DCMS) on Disinformation and ‘fake news’. Beyond our control, companies and political parties have banded together to exploit our data. This report establishes essential steps to remedying this downward spiral. An important part of the democratic process is freedom of expression and right to political participation, including the right…
Content type: Long Read
As calls for a ‘secure southern border’ are amplified in the US by politicians and pundits, Silicon Valley techies are coming out in force to proffer swanky digital solutions in the place of 30-foot steel slats or concrete blocks.
One such company is Anduril Industries, named after a sword in Lord of the Rings, which represents a symbol of hidden power.
Over recent months, Anduril Industries frontman Palmer Luckey has been making the PR rounds to promote his company’s version of a border wall…
Content type: Long Read
UPDATED 11TH JUNE 2019: We've just launched our campaign, and you can now write to your local PCC easily using the online portal we have created with Liberty.
(In order to click the hyperlinks in the explainer below, please download the pdf version at the bottom of the page).