Yodlee is the biggest financial data broker in the U.S., and it routinely sells your credit card data to investment and research firms.
The Yodlee document describes in detail what type of data its clients gain access to, how the company manages that data across its infrastructure, and the specific measures Yodlee takes to try and anonymize its dataset…Once logged into Yodlee’s server, clients download the data as a large text file, rather than interacting with the data in a dashboard or interface that stays solely within Yodlee’s control, according to the document.
ISPs are suing Maine over a privacy law that will go into effect this July, saying it violates their free speech rights. The law would force them to obtain user consent before collecting and selling their data.
BBC News published an inside look into “Why Amazon knows so much about you.”
“They happen to sell products, but they are a data company,” says James Thomson, one of the former executives interviewed.
“Each opportunity to interact with a customer is another opportunity to collect data.”
Founder Jeff Bezos frames it in terms of being a “customer obsession”, saying the firm’s first priority is to “figure out what they want, what’s important to them”.
Sen. Kirsten Gillibrand (D-NY) proposed a bill called the Data Protection Act that would create a federal U.S. data protection agency.
Investigations are underway to examine Avast’s practice of collecting and selling its users’ browser histories.
Avast, which is based in the Czech Republic, claimed it was stripping away users’ personal details from the collected browser histories as a way to “de-identify” the data, and preserve their customers’ privacy. However, the joint investigation from PCMag and Motherboard found the contrary: The same data can actually be combined with other information to identify the web activities of individual Avast users, including their internet searches. As many as 100 million users had their data collected.
I’m glad there are investigations. As I found out last week, there are likely other companies participating in this data collection practice.
Andrew wrote that Apple scans uploaded iCloud content for child abuse imagery, and a search warrant reveals it scans emails too.
Popular Apple Mail alternative Edison Mail scans your emails for market research so companies can make “better investment decisions” among other uses.
On its website Edison says that it does “process” users’ emails, but some users did not know that when using the Edison app the company scrapes their inbox for profit. Motherboard has also obtained documentation that provides more specifics about how two other popular apps—Cleanfox and Slice—sell products based on users’ emails to corporate clients.
I did write about Edison Mail coming to the Mac last year, and noted that the company calls it “interesting research.”
Last month, we got word that a company called Clearview AI helped law enforcement with its facial recognition technology. Now, Facebook and Google, which also use facial recognition, told Clearview AI to stop scraping images from each one’s website.
Ton-That argued that his firm’s work is protected by the First Amendment and also that Clearview doesn’t do anything Google doesn’t.
“The way we have built our system is to only take publicly available information and index it that way,” he said.
Ton-That added, “Google can pull in information from all different websites… So if it’s public and it’s out there and could be inside Google search engine, it can be inside ours as well.”
In today’s episode of The Mac Observer‘s Daily Observations podcast, Kelly and I did our Security Friday. We talked about two security articles this week, and answered a reader’s question about antivirus programs. I mentioned that people shouldn’t use Avast since it was revealed they collected and sold user data. Now, in the irony of ironies, I got an email today from someone offering me Trend Micro user data.
We have an updated contact list of Trend Micro Users, which can support your marketing campaigns. The database will have access to complete contact information of Trend Micro Users including Emails, Phone number, Mailing address and other relevant data fields. Please let me know your interest in acquiring the list and I will get back to you with counts and pricing. Also, let me know if you are interested in acquiring similar technology users contact list.
That’s a no from me, fam.
Software engineer Robert Heaton discovered that his Wacom tablet was tracking every app he opened and sending that data to Google Analytics.
I suspect that Wacom doesn’t really think that it’s acceptable to record the name of every application I open on my personal laptop. I suspect that this is why their privacy policy doesn’t really admit that this is what that they do. I imagine that if pressed they would argue that the name of every application I open on my personal laptop falls into one of their broad buckets like “aggregate data” or “technical session information”, although it’s not immediately obvious to me which bucket.
In a report from the Financial Times (paywall), a letter signed by 129 non-profits, think tanks, and academics urge Facebook to reconsider encrypting its apps. They use the “think of the children” argument because encryption could enable more child sexual abuse. But Justin Myles Holmes says we should think of the children and enable end-to-end encryption for them, so their data isn’t used and abused by corporations precisely like Facebook.
If we fail to take action now, we risk a world in which unsavory actors – domestic and foreign – have built rich, comprehensive profiles for every one of our children, following the trajectories of their education, home life, consumer habits, health, and on and on. These profiles will then be used to manipulate their behavior not only as consumers, but as voters and participants in all those corners of society which, in order for freedom and justice to prevail, require instead that these kids mature into functional, free-thinking adults.
Vicki Boykis wrote yesterday about Apple’s privacy, current flaws, and how the company should do better (I agree!)
So, here we are, in 2020, with Apple in a bit of a pickle. It’s becoming so big that it’s not prioritizing security. At the same time, it needs to advertise privacy as a key differentiator as consumer tastes change. And, at the same time, it’s about to get canclled [sic] by the FBI, China, and Russia.
And while it’s thinking over all of these things, it’s royally screwing over the consumer who came in search of a respite from being tracked.
Two years ago we found out that US carriers were selling real-time location data of its customers. The FCC has wrapped up its investigation, and maybe it will punish the carriers…or maybe not. Who knows? Chairman Ajit Pai doesn’t.
Pai’s statement went on: “Accordingly, in the coming days, I intend to circulate to my fellow Commissioners for their consideration one or more Notice(s) of Apparent Liability for Forfeiture in connection with the apparent violation(s). We are unable to provide additional information about any pending enforcement action(s) beyond what is stated in the letter.”
If that seems unusual vague: that “one or more” mobile operators “apparently violated” the law by selling location data, you’re not the only one.
Students at Harvard built a tool to analyze datasets from data breaches. They could identify an individual despite promises of anonymized data from companies.
Reporters at The California Sunday Magazine recently published an overview of facial recognition technology. It’s a long read and it provides a lot of information on this technology and how it works. Among the tidbits that caught my eye I wanted to share this one:
Why has the use of facial recognition become such a hot-button issue now? The most obvious answer is that the technology has been improved, streamlined, and commercialized to the point that it has become widely accessible, available for purchase for as low as 40 cents an image if you opt for Amazon’s facial-recognition software plan.
RoomMe is a occupancy automation sensor for your home. This means when a person walks into a room, it detects your phone via Bluetooth to enable person-specific automation. A spokesperson told me it uses localized technology called Presence Sensing Technology. It stores your automation rules on your smartphone and doesn’t accept external automation triggers or manual operation. Meaning, the device commands your other devices and doesn’t accept commands from other devices. However, according to its privacy policy the app does contain Google analytics and “behavioral remarketing services” to show you ads outside of the app. But you can enable Limit Ad Tracking in iOS settings. You can pick up a single RoomMe sensor for US$69.99, or buy combo packs. It supports various smart home protocols including HomeKit.
Jennifer Jolly wrote an article wondering if Siri was spying on her because she began to see ads in Spanish after her husband began speaking Spanish at home, within “earshot” of her iPad. The answer is, of course, no. In her buried lede she tells us that she had just moved to a predominantly Spanish-speaking part of Oakland California. It seems reasonable to me that you would see Spanish ads in a Spanish area. Although I’m sure the device’s language is a factor. We did have news last year that contractors listened to some snippets of Siri recordings, but that was to improve the service and not sell ads. Meanwhile, if you turn on Limit Ad Tracking in Settings, your advertising identifier is zeroed. After that, location becomes one of the big factors in advertising.
And Apple says it engineers its devices to protect user privacy. When it comes to Siri, which is integrated in nearly every Apple device, the assistant is designed to activate only after the wake word (“Hey, Siri”) or a waking action is completed, Apple says.
CocoonWeaver is a new-ish app (released five months ago) that gives you private voice transcriptions automatically sorted into categories with a voice command. To assign a category to a transcription just say at the beginning, “Cocoon, <category>” then start talking as normal. The developers also have a good privacy policy. Audio and textual data is encrypted and stored locally. The app’s design adheres to guidelines put forth by The Center for Humane Technology. Other features include: Integrated maps for geotagged notes, global search of history, an Apple Watch app, works offline, and more. App Store: Free
Using Screen Time, Andrew shows you how to block robocalls, disable your microphone and camera, and make the job harder for thieves.
In the next few weeks you might see a reminder in the Facebook to review your privacy settings. That is, what little privacy the company gives you.
The updates represent Facebook burnishing its image to some extent. It spent much of the last decade embroiled in privacy problems that ranged from the Cambridge Analytica scandal through to data exposure on a third-party system. At the same time, it’s safe to say many people want to know their data is being used properly — the prompt and expanded tools could provide a degree of reassurance.
I don’t think it’s possible for Facebook to burnish its image.
