"Informing You Without Watching you."
[email protected]  @digitalprivacy

Apple Insider, Thu 01/27:
Future AirPods may ID wearer and tailor features to protect owner's privacy

Whatever the reason, there can be times when the AirPods - or any other future Apple headphones - are being used by someone other than their owner.

"For example, first movement information corresponding to movement of a second electronic device is detected," says Apple.

"Second movement information corresponding to movement of a third electronic device is detected."

"A similarity score is determined based on the first movement information and the second movement information," it continues.

So if the three devices — AirPods, Apple Watch, iPhone — are not far apart, it's again likely that it's the owner who is using them.

Read full article here:
(warning: ads & trackers)

Gizmodo, Thu 01/27:
The IRS Needs to Stop Using's Face Recognition, Privacy Experts Warn

That’s opposed to so-called 1:many facial recognition systems (the kind deployed by the likes of now-notorious firms like Clearview AI) that compare users to a database of (many) faces.

The revelation of’s use of 1:many face recognition drew immediate criticisms from a wide range of privacy groups.

“The IRS needs to immediately halt its plan to use facial recognition verification, and all government agencies should end their contracts with,” Seeley George wrote.

If a user is flagged by the facial recognition system, they aren’t blocked outright but are instead redirected to a video chat verification with one of the company’s team members.

In a tweet, Wyden said he was “very disturbed” that some taxpayers may feel like they need to submit to a facial recognition scene.

Read full article here:
(warning: ads & trackers), Wed 01/26:
EPIC and Consumer Reports release paper calling on the Federal Trade Commission to pursue a privacy rulemaking

WASHINGTON, D.C. — Consumer Reports and the Electronic Privacy Information Center (EPIC) today released a white paper that provides a detailed roadmap for how the Federal Trade Commission (FTC) should issue privacy rules under its unfair practices authority.

Justin Brookman, director of technology policy at Consumer Reports, said, “We have been waiting decades for Congress to provide baseline privacy protections over our data.

As outlined in the paper, the FTC has wide authority to issue prescriptive rules in order to forestall business practices that can cause consumer injury.

Last year, CR and EPIC joined over 40 groups in calling on the FTC to begin a privacy rulemaking.

New funding will be crucial in enabling the FTC to meet its responsibilities to protect consumer privacy, including pursuing a privacy rulemaking.

Read full article here:
(warning: ads & trackers)

The Economist (UK), Wed 01/26:
The UN is testing technology that processes data confidentially

This approach involves the data to be analysed being encrypted by their keeper and staying on the premises.

The organisation running the analysis (in this case OpenMined) sends its algorithm to the keeper, who runs it on the encrypted data.

It also permits the organisation releasing the findings to set a so-called “privacy budget”, which determines the level of granularity disclosed by the data.

In the argot of the field, SMPC provides input privacy, while differential privacy offers output privacy.

The PETs Lab’s next goals are to dive more deeply into trade data and to add more agencies to the roster.

Read full article here:
(Paywall), Tue 01/25:
Google readies interest-based advertising in Privacy Sandbox experiments

After years of speculation, setbacks, and criticism Google is trialing a new proposal in its Privacy Sandbox initiative called “Topics” which it claims will facilitate interest-based advertising long after it sunsets third-party cookies in its Chrome browser in 2023.

Google did not provide more details about these companies’ participation — including how many and what type of websites they covered.

Privacy Sandbox experiments have been underway since 2020, the year Google officially confirmed it would roll back support for third-party cookies, the early results of which have polarized opinions with some voicing concerns that Google was covertly going about cementing its dominance in the ad tech market.

“Some of the platforms have already stopped support for third-party cookies, but Google’s really the only one to take this open, collaborative approach in figuring out what the part forward is,” he said.

“Our goal is to really find out what works for the publishers [and advertisers] and also improves privacy.”

Read full article here:
(warning: ads & trackers)

The Verge, Tue 01/25:
Plaid’s new privacy controls let you manage your financial data from a single hub

Plaid, a go-between for financial apps like Robinhood, Venmo, and Betterment and bank accounts, has created a privacy hub where you can manage all of your financial connections.

The settlement requires Plaid to prominently display the privacy hub on its site.

Then, it’s possible to browse connections and disconnect unused apps from bank accounts.

The portal details the kinds of data users sharing through Plaid, as well as which bank accounts are connected.

Plaid says its privacy hub has been in the works for the past two years.

Read full article here:
(warning: ads & trackers)

Wall Street Journal, Tue 01/25:
Google Overhauls Cookie Replacement Plan After Privacy Critiques

The company’s Chrome browser will distill a shortlist of interests based on a user’s recent browsing history, the company said.

The proposal is an outgrowth of Google’s plan to phase out a user-tracking technology called third-party cookies in 2023.

The plan met considerable pushback from the ad industry, which said it was less effective than using cookies to track users’ browsing histories to infer their interests and habits.

Google Senior Product Director Ben Galbraith said privacy concerns were the primary driver of the changes Google made for Topics.

Regulators have been looking closely at the Google plan to remove cookies.

Read full article here:
(Paywall), Tue 01/25:
Stay safe with AirTag and other Find My accessories

Stay safe with AirTag and other Find My accessoriesAirTag lets you easily track things like your keys, wallet, purse, backpack, luggage, and more.

AirTag and Find My network accessories have unique Bluetooth identifiers that change frequently.

Check for AirTags using an Android device You can check for nearby AirTag or Find My network accessories using the Tracker Detect app from the Google Play Store.

If you think someone is using an AirTag or another item tracker to track your location, you can scan to try to find it.

If you hear an AirTag make a sound When moved, any AirTag separated for a period of time from the person who registered it makes a sound to alert those nearby.

Read full article here:
(warning: ads & trackers), Mon 01/24:
IRS Wants Your Face on File, Will Require Facial-Recognition Online - Privacy Experts Sound Alarm

To verify their identity with, taxpayers will need to provide a photo of an identity document such as a driver's license, state ID, or passport.

Once their identity has been verified, they can securely access IRS online services, the IRS explained in a November press release.

The IRS has been working hard to make improvements in this area, and this new verification process is designed to make IRS online applications as secure as possible for people," said IRS Commissioner Chuck Rettig.

Taxpayers who need help verifying their identity or submitting a support ticket can visit the IRS Help Site.

"The IRS emphasizes taxpayers can pay or file their taxes without submitting a selfie or other information to a third-party identity verification company.

Read full article here:
(warning: ads & trackers), Mon 01/24:
As Myanmar Junta Extends Control Over Telcos, Surveillance And Privacy Risks Increase

As Myanmar Junta Extends Control Over Telcos, Surveillance And Privacy Risks IncreaseNorway’s Telenor is obligated to mitigate the human rights risks of its sale to local operators before the telco imminently changes hands and passes on the private information of millions of people in Myanmar to a military-linked operator, Shwe Byain Phyu Group.

“It is clear the military wants control over Telenor’s Myanmar private customer data through proxy ownership,” said Dhevy Sivaprakasam, Asia Pacific Policy Counsel at Access Now.

This decision was not made public, but is a clear indicator that the Myanmar military is continuing to tighten control of the country’s telecommunications.

The risk of surveillance and the abuse of people’s privacy are extreme, and all actors in the telecom sector in Myanmar must urgently act to enforce data protection and privacy safeguards.

It can be assumed these providers, and a fourth, Ooredoo, have activated intercept surveillance technology in compliance with junta orders after Telenor revealed they had been “continually pressured” to do so.

Read full article here:
(warning: ads & trackers)

Wall Street Journal, Mon 01/24:
Google Deceived Users About Location Tracking, States Allege

WASHINGTON— Alphabet Inc.’s GOOG -2.79% Google deceived consumers by recording their location even after users tried to turn off the company’s tracking on their smartphones and web browsers, according to lawsuits by Washington, D.C., and three other states.

“The attorneys general are bringing a case based on inaccurate claims and outdated assertions about our settings,” said Google spokesman José Castañeda.

“We have always built privacy features into our products and provided robust controls for location data.

The location data is collected by Google Search, Google Maps, YouTube and more, the complaint says, even when a user’s location isn’t needed to support the functionality of the service.

The suits related to location tracking prominently cite a 2018 Associated Press article that reported Google’s practices were inconsistent with its statements to users.

Read full article here:

The Guardian (UK), Mon 01/24:
Google sued over privacy concerns by Texas, Indiana and District of Columbia

Texas, Indiana and the District of Columbia sued Alphabet’s Google on Monday over what they called deceptive location tracking practices that invade users’ privacy.

The Washington state attorney general, Bob Ferguson, said his office was filing a lawsuit against Google as well.

“Location data is key to Google’s advertising business.

We have always built privacy features into our products and provided robust controls for location data.

We will vigorously defend ourselves and set the record straight.”In May 2020, the state of Arizona filed a similar lawsuit against Google over its collection of location data of users.

Read full article here:
(warning: ads & trackers)

Techcrunch, Mon 01/24:
Google’s Privacy Sandbox targeted by fresh EU antitrust complaint – TechCrunch

German publishers are the latest to band together to try to derail or at least delay Google’s “Privacy Sandbox” plan to end support for tracking cookies in Chrome via a complaint to the European Commission.

The tech giant also claimed its Privacy Sandbox proposal are being designed in the open — in consultation with a cross-section of the web community, including publishers.

So it’s interesting to speculate whether the FCO has received a copy of the German publishers complaint against Privacy Sandbox.

And MEPs recently voted to beef up restrictions on gatekeepers’ ability to track Internet users for ad targeting.

So, whether or not Google gets its way with Privacy Sandbox, it’s clear adtech is facing substantial regional pressure to reform.

Read full article here:
(warning: ads & trackers)

The Verge, Mon 01/24:
Google sued by DC and three states for ‘deceptive’ Android location tracking

The attorneys general of three states and the District of Columbia are suing Google for the allegedly deceptive collection of location data on Android.

The complaints, which build on a 2020 lawsuit filed by the Arizona Attorney General, allege that Google’s “complex web” of settings obfuscated whether users were sharing their location at a given moment.

State attorneys general from Washington, Texas, and Indiana are also filing similar suits in their own jurisdictions.

The DC complaint claims that Google’s settings “purport to give consumers control over the location data Google collects and uses.

“The attorneys general are bringing a case based on inaccurate claims and outdated assertions about our settings,” said Google policy spokesperson José Castañeda.

Read full article here:
(warning: ads & trackers)

Gizmodo, Mon 01/24:
Google Illegally Used Dark Patterns to Trick Users Into Handing Over Location Data, State AGs Say

Altogether, these practices may amount to violations of D.C.’s Consumer Protection Procedures Act, and Texas’ Deceptive Trade Practices Consumer Protection Act the lawsuits allege.

Washington State and Indiana are expected to file similar suits later today according to D.C. attorney general Karl A. Racine.

“Google leads consumers to believe that consumers are in control of whether Google collects and retains information about their location and how that information is used,” the D.C. suit reads.

Monday’s lawsuit drew inspiration from a 2018 Associated Press article that determined Google services were storing users’ location data even if those users had turned on privacy settings preventing the company from doing so.

The D.C. office launched an investigation not long after that article into Google location tracking practices.

Read full article here:
(warning: ads & trackers)

The Hill, Mon 01/24:
Why Congress should pass data privacy legislation in 2022

Data privacy legislation has been on the Congressional to-do list for years, but as more states consider their own comprehensive privacy laws and Europe’s privacy regulation approaches its fifth anniversary, the federal government continues to lag behind.

Poorly crafted privacy laws can impose many direct compliance costs on businesses, which may have to hire data protection officers, conduct privacy audits, perform data-impact assessments, and respond to customers’ data requests.

ADVERTISEMENTFifty differing state privacy laws would impose these costs many times over, unnecessarily burdening U.S. businesses while offering no added value to consumers.

Not only should federal data privacy legislation preempt state privacy laws, it also should take a balanced approach to protecting consumer privacy while minimizing the impact on innovation and compliance costs.

Passing a comprehensive, bipartisan data privacy law should be at the top of Congress’ technology policy agenda in 2022.

Read full article here:
(warning: ads & trackers)

The Guardian (UK), Mon 01/24:
The surveillance concerns around China’s Winter Olympics app – explained

Second, the app is not encrypting some sensitive data at all.

Effectively, that means some sensitive data within the app, “including the names of messages’ senders and receivers and their user account identifiers”, is being transmitted without any security.

The encryption flaws in the app have raised further concerns, but how worried should visiting countries and athletes be?

Though experts say general concerns about surveillance during the Olympics and the app are warranted, the reality is the app’s security flaws are probably more a reflection of poor design rather than sinister intent to surveil.

However, there are regular precautions that those traveling to China, during the Olympics or otherwise, should take, Callus said.

Read full article here:
(warning: ads & trackers)

Wall Street Journal, Sun 01/23:
How to Avoid Unwanted Photos on Social Media

If you’re job hunting and don’t want prospective employers to see your social media history, you can temporarily disable your account.

On the Instagram app, tap Settings > Account > Delete Account > Disable Account.

On Twitter, go to Settings and privacy > Privacy and safety > Audience and tagging, then drag the Protect your Tweets slider to on.

They could still post photos and videos, but you won’t be tagged and may not know about them.

You also can adjust your tagged settings by tapping Settings > Privacy > Posts > then scroll to Tagged Posts and select “on” under Manually Approve Tags.

Read full article here:

EFF, Sat 01/22:
The U.K. Paid $724,000 For A Creepy Campaign To Convince People That Encryption is Bad. It Won’t Work.

This week, the U.K. government launched an unprecedented and deceptive effort to kill off end-to-end encryption.

The explicit goal of the “No Place to Hide” campaign, launched on Tuesday, is to prevent Facebook from expanding its use of end-to-end encryption.

Over the weekend, Rolling Stone magazine revealed details of how the M&C Saatchi ad agency pitched this campaign to the U.K. government’s Home Office.

This increased scanning is primarily responsible for what law enforcement agencies in the U.S. and U.K. have called an increase in online child abuse—but the scanning isn’t even accurate.

In the short run, we expect the U.K. government’s anti-encryption campaign to fade away.

Read full article here:
(It's EFF - safe to visit)

The Guardian (UK), Fri 01/21:
End-to-end encryption protects children, says UK information watchdog

The UK data watchdog has intervened in the debate over end-to-end encryption, warning that delaying its introduction puts “everyone at risk” including children.

The Information Commissioner’s Office said strongly encrypting communications strengthens online safety for children by reducing their exposure to threats such as blackmail, while also allowing businesses to share information securely.

“E2EE [end-to-end encryption] serves an important role both in safeguarding our privacy and online safety,” said Stephen Bonner, the ICO’s executive director for innovation and technology.

Meta, the owner of Messenger and Instagram, said in November last year it would delay its end-to-end encryption plans by a year to 2023.

Its WhatsApp messaging service already uses end-to-end encryption.

Read full article here:
(warning: ads & trackers)

EFF, Thu 01/20:
DSA: EU Parliament Vote Ensures a Free Internet, But a Final Regulation Must Add Stronger Privacy Protections

In today's vote, the EU Parliament made the right choice.

Further analysis is required but, on the whole, the EU Parliament avoided following in the footsteps of prior controversial and sometimes disastrous EU internet rules, such as the EU copyright directive.

In other words, lawmakers focused on how processes should work on online platforms: reporting problematic content, structuring terms of use, and responding to erroneous content removals.

If the proposed DSA becomes law, users will better understand how content decisions are made and enjoy a right to reinstatement if platforms make mistakes.

However, the EU Parliament's position, if it becomes law, could change the rules of the game for all platforms.

Read full article here:
(It's EFF - safe to visit)

The Markup, Wed 01/19:
Help Us Investigate the Ed Tech Industry – The Markup

Now, in order to dig deeper into the ed tech industry, we’re asking for your help.

This template, written by the Student Data Privacy Project, is for a comprehensive FERPA request for information held by third-party technology vendors.

Some companies have specific CCPA request forms on their website—like this one for EAB— or designate where and how to submit CCPA requests.

At the end of the policies, there’s often an email address customers are instructed to contact with questions or data requests.

The Electronic Privacy Information Center (EPIC) has a guide and CCPA request template you can use here.

Read full article here:
(warning: ads & trackers)

New York Times, Tue 01/18:
Swipe Right When You See a Conference Room You Like

Building apps also offer the ability to monitor the use of conference rooms, cafeterias and parking lots in an effort to improve operations.

But privacy advocates say they are worried about the collection of workers’ personal data.

Companies should be transparent about what information they are tracking, how they are using it, who will have access to it and why, Dr. Cranor said.

To help ease privacy concerns, companies using building apps should anonymize data whenever possible, said Paul Rohmeyer, a professor at the Stevens Institute of Technology.

The tracking software in building apps should be limited for other reasons as well, Dr. Rohmeyer said.

Read full article here:

EFF, Tue 01/18:
Podcast Episode: How Private is Your Bank Account?

Podcast Episode 108Your friends, your medical concerns, your political ideology— financial transactions tell the story of your life in intimate details.

Our financial transactions really paint an intimate portrait of our lives.

Our financial transactions really expose our religious beliefs or our family status or a medical history, our location.

Cindy: So we are delighted to have Marta with us today to talk about financial surveillance, Marta and EFF.

Marta: In the financial system financial transactions that go through certain intermediaries like banks, are often turned over to the government by default.

Read full article here:
(It's EFF - safe to visit)