This is what happens when ICE asks Google for your user information

You’re scrolling through your Gmail inbox and see an email with a strange subject line: A string of numbers followed by “Notification from Google.”

It may seem like a phishing scam or an update to Gmail’s terms of service. But it could be the only chance you’ll have to stop Google from sharing your personal information with authorities.

Tech companies, which have treasure troves of personal information, have become natural targets for law enforcement and government requests. The industry’s biggest names, such as Google, Facebook, Twitter and LinkedIn, receive data requests — from subpoenas to National Security Letters — to assist in, among other efforts, criminal and non-criminal investigations as well as lawsuits.

An email like this one is a rare chance for users to discover when government agencies are seeking their data.

In Google’s case, the company typically lets users know which agency is seeking their information.

In one email The Times reviewed, Google notified the recipient that the company received a request from the Department of Homeland Security to turn over information related to their Google account. (The recipient shared the email on the condition of anonymity due to concern about immigration enforcement). That account may be attached to Gmail, YouTube, Google Photos, Google Pay, Google Calendar and other services and apps.

The email, sent from Google’s Legal Investigations Support team, notified the recipient that Google may hand over personal information to DHS unless it receives within seven days a copy of a court-stamped motion to quash the request.

https://www.latimes.com/business/technology/story/2021-03-24/federal-agencies-subpoena-google-personal-information

#ice #federal #agencies #google #DeleteGoogle #personal #data #information #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google

We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins.

‼️ The phone IMEI, hardware serial number, SIM serial number and IMSI, handsetphone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this.

💡 When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf

#apple #google #study #telemetry #data #mobilephones #pdf
📡 @nogoolag @blackbox_archiv

TrackerControl

TrackerControl allows users to monitor and control the widespread, ongoing, hidden data collection in mobile apps about user behaviour (‘tracking’).

To detect tracking, TrackerControl combines the power of the Disconnect blocklist, used by Firefox, and our in-house blocklist is used, created from analysing ~2 000 000 apps! Additionally, TrackerControl supports custom blocklists.

💡 This approach

👉🏼 reveals the companies behind tracking,

👉🏼 allows to block tracking selectively, and

👉🏼 exposes the purposes of tracking, such as analytics or advertising.

The app also aims to educate about your rights under Data Protection Law, such the EU General Data Protection Regulation (GDPR).

Under the hood, TrackerControl uses Android’s VPN functionality, to analyse apps’ network communications locally on the Android device. This is accomplished through a local VPN server, to enable network traffic analysis by TrackerControl.

💡 No root is required, other VPNs or Private DNS are not supported. No external VPN server is used, to keep your data safe! TrackerControl even protects you against DNS cloaking, a popular technique to hide trackers in websites and apps.

TrackerControl will always be free and open source, being a research project.

https://trackercontrol.org/

https://github.com/OxfordHCC/tracker-control-android/releases/latest/download/TrackerControl-githubRelease-latest.apk

#TrackerControl #data #collection #android #apps #opensource
📡 @nogoolag 📡 @blackbox_archiv

Your 'smart home' is watching – and possibly sharing your data with the police

Smart-home devices like thermostats and fridges may be too smart for comfort – especially in a country with few laws preventing the sale of digital data to third parties

You may have a roommate you have never met. And even worse, they are nosy. They track what you watch on TV, they track when you leave the lights on in the living room, and they even track whenever you use a key fob to enter the house. This is the reality of living in a “smart home”: the house is always watching, always tracking, and sometimes it offers that data up to the highest bidder – or even to police.

This problem stems from the US government buying data from private companies, a practice increasingly unearthed in media investigations though still quite shrouded in secrecy. It’s relatively simple in a country like the United States without strong privacy laws: approach a third-party firm that sells databases of information on citizens, pay them for it and then use the data however deemed fit. The Washington Post recently reported – citing documents uncovered by researchers at the Georgetown school of law – that US Immigration and Customs Enforcement has been using this very playbook to buy up “hundreds of millions of phone, water, electricity and other utility records while pursuing immigration violations”.

https://www.theguardian.com/commentisfree/2021/apr/05/tech-police-surveillance-smart-home-devices

#smarthome #data #sharing #privacy #surveillance

Facebook does not plan to notify half-billion users affected by data leak

(Reuters) - Facebook Inc did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday.

Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said in a blog post on Tuesday that “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts.

The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time.

The scraped information did not include financial information, health information or passwords, Facebook said. However, the collated data could provide valuable information for hacks or other abuses.

Facebook, which has long been under scrutiny over how it handles user privacy, in 2019 reached a landmark settlement with the U.S. Federal Trade Commission over its investigation into allegations the company misused user data.

Ireland’s Data Protection Commission, the European Union’s lead regulator for Facebook, said on Tuesday it had contacted the company about the data leak. It said it received “no proactive communication from Facebook” but was now in contact.

The July 2019 FTC settlement requires Facebook to report details about unauthorized access to data on 500 or more users within 30 days of confirming an incident.

The Facebook spokesman declined to comment on the company’s conversations with regulators but said it was in contact to answer their questions.

https://www.reuters.com/article/us-facebook-data-leak/facebook-does-not-plan-to-notify-half-billion-users-affected-by-data-leak-idUSKBN2BU2ZY

#facebook #DeleteFacebook #data #leak #database #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Another huge data breach, another stony silence from Facebook

The social media giant is still a law unto itself. Can anybody hold it to account?

Half a billion Facebook users’ accounts stolen. Personal information compromised. Telephone numbers and birth dates drifting across the internet being used for God knows what. And for four days, from Facebook’s corporate headquarters, nothing but silence.

If this sounds familiar, it’s because it is. This week saw reports of a massive new Facebook breach and everything about it, from Facebook’s denials of the words “data” and “breach” to its repeated refusal to answer journalists’ questions, has been uncannily reminiscent of the Cambridge Analytica scandal.

Three years on, “Cambridge Analytica” is a byword for mass-data abuse, Facebook has been fined billions of dollars for failing to protect users’ data and... not a thing has changed. If ever there were a moment to understand how profoundly all systems of accountability have failed, and continued to fail, it is this.

Last week Nick Clegg, vice president of global affairs at Facebook, admitted on The Verge website that the Cambridge Analytica scandal had “rocked Facebook right down to its foundations”. And yet it has learned nothing. It has paid no real price (the record $5 billion fine it paid to the Federal Trade Commission (FTC) is literally no price at all to Facebook), suffered no real consequences, and failed to answer any questions over the involvement of its executives.

https://www.theguardian.com/technology/2021/apr/11/another-huge-data-breach-another-stony-silence-from-facebook

#facebook #DeleteFacebook #data #breach #comment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

WhatsApp's new privacy policy is so bad it might be illegal

A German data protection agency has opened proceedings

WhatsApp has been facing one hell of a backlash ever since it shared that it wanted to update its privacy policy with changes that would allow Facebook to aggregate all of its users' data across all of its services. And now, the company might be in for some regulatory issues, as well. A German privacy regulator (via Bloomberg) has opened proceedings to stop the company from moving forward with the privacy policy update.

The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, is looking to stop Facebook from aggregating the data from WhatsApp, fearing that the company would use it to expand its marketing and advertising business.

Caspar said in a statement: "Currently, there is reason to believe that the data sharing provisions between WhatsApp and Facebook are intended to be unlawfully enforced due to the lack of voluntary and informed consent. In order to prevent unlawful mass data sharing and to put an end to unlawful consent pressure on millions of people, a formal administrative procedure has now been initiated to protect data subjects."

The goal is to reach a decision before May 15, the date when users have to accept the new privacy policy or (presumably) stop using WhatsApp. It's highly possible that the order will only apply for German residents, but we can still hope that the proceedings will set a precedence for other countries and regulators.

The Hamburg commissioner previously successfully issued a similar order against Facebook four and a half years ago for updating WhatsApp's terms and services with changes regarding information sharing across Facebook companies. The order was confirmed by two instances after Facebook took legal action against it, and data sharing between Facebook and WhatsApp has been more limited in the EU than in other regions ever since.

https://www.androidpolice.com/2021/04/13/whatsapps-new-privacy-policy-is-so-bad-it-might-be-illegal/

#whatsapp #DeleteWhatsapp #privacy #policy #illegal #data #protection #germany
📡 @nogoolag 📡 @blackbox_archiv

Forced unemployment and second-class status: The life of Google's data center contractors

Contractors love the good pay and engaging work in Google's data centers. They resent that Google and its staffing firm, Modis Engineering, make them quit every two years.

Shannon Wait felt a muscle pull in her shoulder as she knelt to lug a 50-pound battery into its rack, but she ignored the pain and kept going. She had 20 batteries to replace in the cavernous, 85-degree warehouse that day.

Hauling batteries is a major part of the job for Wait and hundreds of other workers like her at Google's data centers. They'd tried switching to automated machines during her two years working in the Berkeley County, South Carolina facility, but that stopped after only a few weeks when one of the machines pinned a co-worker to a wall.

Despite the heavy lifting, many of the workers in Google's 14 U.S. data centers at least start out enjoying the work. It's a tech job for people with no tech experience. It pays relatively well ($15 per hour for most contract workers). And while it's physically demanding, it's nothing like working at an Amazon fulfillment center or the local Walmart.

But Wait and other workers like her who keep the data centers running are not actually Google employees. While as many as half the workers in some data centers actually work for Google, make Google salaries and get all those famous Google perks, the other half don't. For data center contractors specifically, that difference can extend beyond second-tier social status to job insecurity and forced unemployment.

Protocol spoke with four contract and full-time Google employees in three of the 14 U.S. locations for this story, all of whom were granted anonymity for fear of losing their jobs (except for Wait, whose data center contract recently ended).

https://www.protocol.com/google-contractors-forced-unemployment

#google #DeleteGoogle #data #center #contractors #unemployment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Internal Facebook email reveals intent to frame data scraping as ‘normalized, broad industry issue’

Updated: More scraping incidents are "expected" in the future.

An internal email accidentally leaked by Facebook to a journalist has revealed the firm's intentions to frame a recent data scraping incident as "normalized" and a "broad industry issue."

Facebook has recently been at the center of a data scraping controversy. Earlier this month, Hudson Rock researchers revealed that information belonging to roughly 533 million users had been posted online, including phone numbers, Facebook IDs, full names, and dates of birth.

The social media giant confirmed the leak of the "old" data, which had been scraped in 2019. A functionality issue in the platform's contact platform, now fixed, allowed the automatic data pillaging to take place.

The scraping and subsequent online posting of user data raised widespread criticism and on April 14, the Irish Data Protection Commission (DPC) said it planned to launch an inquiry to ascertain if GDPR regulations and/or the Data Protection Act 2018 have been "infringed by Facebook."

Now, an internal email leaked to the media (Dutch article, translated) has potentially revealed how Facebook wishes to handle the blowback.

https://www.zdnet.com/article/facebook-internal-email-reveals-intent-to-frame-data-scraping-as-broad-industry-issue-and-normalized/

https://datanews.knack.be/ict/nieuws/interne-mail-toont-hoe-facebook-veiligheidsproblemen-wil-normaliseren/article-news-1724927.html

#facebook #DeleteFacebook #data #scraping #internal #email #thinkabout #why
📡 @nogoolag 📡 @blackbox_archiv

The Instagram ads Facebook won't show you

Companies like Facebook aren’t building technology for you, they’re building technology for your data. They collect everything they can from FB, Instagram, and WhatsApp in order to sell visibility into people and their lives.

This isn’t exactly a secret, but the full picture is hazy to most – dimly concealed within complex, opaquely-rendered systems and fine print designed to be scrolled past. The way most of the internet works today would be considered intolerable if translated into comprehensible real world analogs, but it endures because it is invisible.

https://signal.org/blog/the-instagram-ads-you-will-never-see/

#signal #instagram #facebook #DeleteFacebook #ads #data #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Facebook shut down Signal’s ads because they exposed too much

Facebook has barred privacy-focused messaging app Signal from running a series of Instagram ads, which would have exposed just how much personal information the photo-sharing network – and its social media behemoth owner – has on individuals as they browse their timeline. Signal had intended to use Instagram’s own third-party advert tools to reveal some of the precise targeting that advertisers can buy access to.

There’s a general acknowledgement these days that advertisers can filter who, exactly, sees their commercials. That makes good business sense, after all: there’s no point in showing ads to people who are unlikely to be interested in your product.

However it’s likely that few mainstream consumers are aware of quite how much targeted information ad network providers like Facebook hold on them. Collated across multiple interactions online – with websites, apps, services, and more – they help build unexpectedly precise profiles about each user. Those profiles can then in turn be sold as visibility filters to more advertisers, so that they can further narrow down their campaigns to whoever they believe will be the most receptive audience.

https://www.slashgear.com/facebook-shut-down-signals-ads-because-they-exposed-too-much-04671574/

💡 read as well:
https://t.me/BlackBox_Archiv/2138

#signal #instagram #facebook #DeleteFacebook #ads #data #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Answering Europe’s Call: Storing and Processing EU Data in the EU

Today we are announcing a new pledge for the European Union. If you are a commercial or public sector customer in the EU, we will go beyond our existing data storage commitments and enable you to process and store all your data in the EU. In other words, we will not need to move your data outside the EU. This commitment will apply across all of Microsoft’s core cloud services – Azure, Microsoft 365, and Dynamics 365. We are beginning work immediately on this added step, and we will complete by the end of next year the implementation of all engineering work needed to execute on it. We’re calling this plan the EU Data Boundary for the Microsoft Cloud.

The new step we’re taking builds on our already strong portfolio of solutions and commitments that protect our customers’ data, and we hope today’s update is another step toward responding to customers that want even greater data residency commitments. We will continue to consult with customers and regulators about this plan in the coming months, including adjustments that are needed in unique circumstances like cybersecurity, and we will move forward in a way that is responsive to their feedback.

Microsoft cloud services already comply with or exceed EU guidelines even before the plan we’re announcing today. We already provide commercial and public sector customers the choice to have data stored in the EU, and many Azure cloud services can already be configured to process data in the EU as well. In addition, we use world-class encryption and robust lockbox solutions that meet current regulatory guidance. Many of our services put control of customer data encryption in customers’ hands through the use of customer-managed keys, and we defend our customers’ data from improper access by any government in the world.

https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/

#microsoft #eu #data #boundary
📡 @nogoolag 📡 @blackbox_archiv

RocketReach and the creepy world of data harvesting

You’ve probably never heard of RocketReach. But I think you should, as it’s got me properly riled up.

I just want people to leave me alone. My job is hard enough as it is, without people sliding into my inbox 24/7.

- Hey, got time for a quick 15 minute chat about this random tool you’ll never use? NO

- Hi, I’d love to chat with you about a potential partnership with-GO AWAY.

- We really think your organisation could benefit from- JUST LEAVE ME ALONE.

- I noticed you haven’t replied to our previous emails; just checking you didn’t miss this. I DIDN’T MISS IT I’M DELIBERATELY IGNORING YOU.

It’s constant, and it’s draining. I don’t know who out there is telling people that spamming folks with cold emails is the way to grow your business, but I’m begging them to stop.

I mean, it must be working, or they wouldn’t do it. But it’s just incredibly frustrating. Especially if you’re someone like me that doesn’t like to be mean to people. My deeply-instilled British values of politeness mean it pains me to ignore these people.

But I have to, or I wouldn’t be able to function. Just replying to these people would be a full-time job.

So imagine my dismay when I discovered there are websites out there specialising in making it even easier to contact me. And one of the worst offenders out there is RocketReach.

https://cookywook.co.uk/blog/rocketreach-and-the-creepy-world-of-data-harvesting/

#data #harvesting #BigData #privacy #rocketreach #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away

Software giant vows data processing of EU cloud services to stay in EU, which means that currently...

Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup.

Those problems extend to UK public sector organisations seeking to stick within government guidance as well as a longstanding issue where personal data held in the EU can potentially be accessed via US security laws.

In a blog, Brad Smith, Microsoft’s president and chief legal officer, said the software and cloud services gaint would, by the end 2022, enable EU customers of Azure, Microsoft 365, and Dynamics 365 to have all their data processed physically within the EU.

https://www.theregister.com/2021/05/07/schrems_slams_microsoft_eu_data/

💡 read as well:
Answering Europe’s Call: Storing and Processing EU Data in the EU
https://t.me/BlackBox_Archiv/2163

#microsoft #eu #data #boundary #nsa #schrems
📡 @nogoolag 📡 @blackbox_archiv

More likely to be hospitalized from the injection than from covid in the young

Robert W. #Malone didn't kill himself

#risk #youth #killshot #cdc #official #data #pfizer

#Amazon hit with $886m #fine for alleged #data law #breach

https://www.bbc.com/news/business-58024116

How Data Brokers Sell Access to the Backbone of the Internet – https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru

#data #backbone #privacy

Biden, Von der Leyen, announce agreement ‘in principle’ on transatlantic data flows

US President Joe Biden and European Commission President Ursula von der Leyen declared on Friday (25 March) the two sides had reached a political agreement on international data transfers, a move cautiously welcomed by industry and analysts.

The agreement at the political level, announced at a joint press conference in Brussels, paves the way for a successor to the Privacy Shield deal, which provided the legal framework for transferring personal data to both sides of the Atlantic until it was invalidated by the Court of Justice of the European Union (CJEU) in July 2020.

Since then, EU officials and members of the US administration have been scrambling to find a legal basis for a new agreement. The core issue is the US surveillance laws, which allow intelligence services to access personal data with little scrutiny and no possibility to readdress.

https://www.euractiv.com/section/data-protection/news/biden-von-der-leyen-announce-agreement-in-principle-on-transatlantic-data-flows/
#europe #eu #privacy #data

India is the sixth most data-breached country in world, says study by cybersecurity firm

India is the sixth most breached country in the world, since the first recorded digital attacks in 2004, according to a study released by Netherlands-based cybersecurity company Surfshark Monday. This means that 18 out of every 100 Indians had their personal contact details breached since 2004, the study noted.
https://theprint.in/india/india-is-the-sixth-most-data-breached-country-in-world-says-study-by-cybersecurity-firm/995215/

#India #data #breach

Fundamental flaws uncovered in Mega's encryption scheme — show the service can read your data

MEGA's system does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files — the researchers wrote on a website. Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice, which pass all authenticity checks of the client. We built proof-of-concept versions of all the attacks — showcasing their practicality and exploitability.

https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/

#mega #vulnerability #cloud #data