Tag • #privacy

chevron_right

French Police Will Be Able to Spy on People through Their Cell Phones

news.movim.eu / Schneier · Wednesday, 12 July, 2023 - 20:23

The French police are getting new surveillance powers :

French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5.

[…]

Covering laptops, cars and other connected objects as well as phones, the measure would allow the geolocation of suspects in crimes punishable by at least five years’ jail. Devices could also be remotely activated to record sound and images of people suspected of terror offenses, as well as delinquency and organized crime.

[…]

During a debate on Wednesday, MPs in President Emmanuel Macron’s camp inserted an amendment limiting the use of remote spying to “when justified by the nature and seriousness of the crime” and “for a strictly proportional duration.” Any use of the provision must be approved by a judge, while the total duration of the surveillance cannot exceed six months. And sensitive professions including doctors, journalists, lawyers, judges and MPs would not be legitimate targets.

chevron_right

Google Is Using Its Vast Data Stores to Train AI

news.movim.eu / Schneier · Wednesday, 12 July, 2023 - 14:50

No surprise, but Google just changed its privacy policy to reflect broader uses of all the surveillance data it has captured over the years:

Research and development : Google uses information to improve our services and to develop new products, features and technologies that benefit our users and the public. For example, we use publicly available information to help train Google’s AI models and build products and features like Google Translate, Bard, and Cloud AI capabilities.

(I quote the privacy policy as of today. The Mastodon link quotes the privacy policy from ten days ago. So things are changing fast.)

chevron_right

Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws

news.movim.eu / Schneier · Monday, 22 May, 2023 - 19:25

It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight . No private right of action in any of those, which means it’s up to the states to enforce the laws.

chevron_right

Mathias Poujol-Rost ✅ · Saturday, 1 April, 2023 - 20:23

Contact publication

chevron_right

The Security Vulnerabilities of Message Interoperability

news.movim.eu / Schneier · Tuesday, 28 March, 2023 - 18:05

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other:

The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage keys, authenticate users, and moderate content? How much metadata will have to be shared, and how?

In our latest paper, One Protocol to Rule Them All? On Securing Interoperable Messaging , we explore the security tensions, the conflicts of interest, the usability traps, and the likely consequences for individual and institutional behaviour.

Interoperability will vastly increase the attack surface at every level in the stack from the cryptography up through usability to commercial incentives and the opportunities for government interference.

It’s a good idea in theory, but will likely result in the overall security being the worst of each platform’s security.

chevron_right

Security Vulnerabilities in Snipping Tools

news.movim.eu / Schneier · Sunday, 26 March, 2023 - 20:19

Both Google’s Pixel’s Markup Tool and the Windows Snipping Tool have vulnerabilities that allow people to partially recover content that was edited out of images.

chevron_right

ChatGPT Privacy Flaw

news.movim.eu / Schneier · Wednesday, 22 March, 2023 - 03:25

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories.

chevron_right

Experian Privacy Vulnerability

news.movim.eu / Schneier · Wednesday, 11 January, 2023 - 20:53

Brian Krebs is reporting on a vulnerability in Experian’s website:

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.

chevron_right

Timothée Jaussoin · pubsub.movim.eu / Movim · Monday, 24 October, 2022 - 06:36

Contact publication

reply

Original post deleted