Privacy

If you do not have access to the entirety of the article, it was reposted here: https://rss.ponder.cat/post/169335

Meta is making a few notable adjustments to the privacy policy for its Ray-Ban Meta smart glasses. In an email sent out on April 29th to owners of the glasses, the company outlined two key changes. First, it’s giving Meta AI a more frequent view of the world. “Meta AI with camera use is always enabled on your glasses unless you turn off ‘Hey Meta,” the email said, referring to the hands-free voice command functionality.

So unless you turn that convenience-minded feature off, Meta will frequently be analyzing whatever’s captured by the built-in camera. If you simply want to use the Ray-Ban Metas as a “normal” camera without any artificial intelligence thrown in, you’ll have to disable “Hey Meta” and stick to the physical controls.

Second, Meta is taking after Amazon by no longer allowing Ray-Ban Meta owners to opt out of having their voice recordings stored in the cloud. “The option to disable voice recordings storage is no longer available, but you can delete recordings anytime in settings,” the company wrote. In its voice privacy notice, Meta states that “voice transcripts and stored audio recordings are otherwise stored for up to one year to help improve Meta’s products.” If the company detects that a voice interaction was accidental, those recordings are deleted after a shorter 90-day window.

The motivation behind these changes is clear: Meta wants to continue providing its AI models with heaps of data on which to train and improve subsequent results. Some users began noticing these policy changes in March, but at least in the United States, Meta says they went into effect as of April 29th.

Earlier this month, the company rolled out a live translation feature to the Ray-Ban Meta product. And just yesterday, Meta rolled out a standalone Meta AI app on smartphones to more directly compete with Open AI’s ChatGPT, Google Gemini, Anthropic’s Claude, and other AI chatbots.

The company is reportedly planning a higher-end pair of Ray-Ban Meta glasses for release later in 2025. The current glasses lineup starts at $299, but the more premium version could cost around $1,000. Meta is set to report its Q1 2025 earnings later on Wednesday, and the company is likely to address the tariff chaos that has roiled markets in recent months.

Archived

• The agency said that before DeepSeek’s chatbot was removed from app stores in South Korea, the company was transferring user data to firms in China and the U.S. without consent.
• The findings were released in relation to an ongoing investigation into DeepSeek, and the company has been sent corrective recommendations.

South Korea’s data protection authority has concluded that Chinese artificial intelligence startup DeepSeek collected personal information from local users and transferred it overseas without their permission.

The authority, the Personal Information Protection Commission [PIPC], released its written findings on Thursday in connection with a privacy and security review of DeepSeek.

It follows DeepSeek’s removal of its chatbot application from South Korean app stores in February at the recommendation of PIPC.

[...]

During DeepSeek’s presence in South Korea, it transferred user data to several firms in China and the U.S. without obtaining the necessary consent from users or disclosing the practice, the PIPC said.

The agency highlighted a particular case in which DeepSeek transferred information from user-written AI prompts, as well as device, network, and app information, to a Chinese cloud service platform named Beijing Volcano Engine Technology Co.

[...]

When the data protection authority announced the removal of DeepSeek from local app stores, it signaled that the app would become available again once the company implemented the necessary updates to comply with local data protection policy.

That investigation followed reports that some South Korean government agencies had banned employees from using DeepSeek on work devices. Other global government departments, including in Taiwan, Australia, and the U.S., have reportedly instituted similar bans.

• In December, an investigation by Tom's Hardware found that Recall frequently captured sensitive information in its screenshots, including credit card numbers and Social Security numbers — even though its "filter sensitive information" setting was supposed to prevent that from happening.

The Trump administration is pooling data on Americans. Experts fear what comes next.

Gift article, paywall restrictions should be lifted

cross-posted from: https://lemmy.world/post/28688755

On Tuesday, the official account for the visa branch of the US Embassy in Tokyo posted an important note for those applying for a nonimmigrant visa — or DS-160 — for the States. According to the notice, applications must include accurate information regarding their SNS accounts that they have used within the last five years. Anyone who fails to comply with this request won’t be allowed to enter the country.

While the US Department of State (DOS) and the US Citizenship and Immigration Services (USCIS) have been checking the social media accounts of visa applicants and immigrants since at least 2019, Susanne Heubel, senior counsel at New York-based immigration law firm Harter Secrest & Emery LLP, told US Today that up until his last January these searches have been “almost negligible.”

cross-posted from: https://lemm.ee/post/62277390

The UN Convention on the Rights of the Child clearly expresses that minors have rights to freedom of expression and access to information online, as well as the right to privacy.

These rights would be steamrolled by age verification requirements.

I came across https://www.reflectacles.com/. I'm not sure if this type of gear is effective. Does anyone have experience or feedback on useful equipment for mitigating scanning in public spaces?

cross-posted from: https://lemmy.sdf.org/post/33178194

Online dissent is a serious crime in China. So why did a Weibo censor help me publish posts critical of the Communist party?

[...]

The Cyberspace Administration of China is the premier censorship agency in China. The newly appointed boss, Lu Wei, popularly known as the “internet tsar”, begins to implement a series of severe purges of online speech. Countless accounts are cancelled, and many people are thrown behind bars for what they wrote online. But that’s just guesswork. In China, there’s no need for a good reason to block someone’s account. A powerful government agency can simply issue an order to make a person disappear from public life.

[...]

After three years as a censor, Liu [Lipeng] detests his job. He detests the white office ceiling, the grey industrial carpet and the office that feels more like a factory. He also detests his 200-odd colleagues sitting in their cubicles, each concentrating on their mouse and keyboard as they delete or hide content.

[...]

One day, Liu sends me a direct message on X. He is excessively polite. He writes: “Mr Murong, please forgive me for presumptuously disturbing you,” before asking whether I remember the email sent via Yu Dayou with the two screenshots. My heart is pounding. I say: “Yes, I remember that. I wondered who sent that email. I am most grateful.”

We have a long phone call like long-lost friends. We describe everything we have done since leaving China. He says: “I wish to testify that although I was a Weibo censor, I am not a bad person.”

[...]

This article is in German. Link found in a popular, censored r/privacy Reddit post, a common occurrence.

Machine-translated article below:

Switzerland has an international reputation for being a safe haven for data – outside the EU, with political stability and a modernized data protection law. But this reputation is deceptive when you take a closer look at that Intelligence Act (NDG) throws. It has allowed this since 2017 Federal Intelligence Service (NDB) far-reaching interventions: cable reconnaissance, state Trojans, data retention and the exchange with foreign secret services are possible – sometimes even without concrete suspicion. Particularly explosive: In the run-up to the 2016 vote, the Federal Council assured that no nationwide surveillance was planned and that only data traffic abroad would be affected. In fact, it later became known that national traffic is also recorded. Terms such as »filtering « or »monitoring « have never been clearly defined politically – a breeding ground for lack of transparency and loss of trust.

Approval and control mechanisms exist, but their effectiveness is limited. Legally legitimized access to large amounts of data raises serious questions: How much surveillance can a democracy take? Where does security end, where does control begin? And what does this mean for companies that advertise their services based in Switzerland as particularly safe?

Also popular Swiss providers like Threema or ProtonVPN are fundamentally subject to Swiss law – and thus also to the NDG. This means that in certain cases, state access can also be legally possible here. Both companies advertise with technical end-to-end encryption or No-log policy, but technical security alone does not protect against legal access powers. Trust is good – but a critical look at the legal framework remains essential.

Yes, Swiss laws also allow official access to existing data. Switzerland is not a data protection paradise – even if it is often represented or advertised in the same way. At first glance, the location seems trustworthy, but the NDG allows extensive, sometimes suspicious monitoring. The reality of government access options contrasts sharply with the image that many providers and users paint. Those who hope for real digital sovereignty should not be blinded by the myth of the safe Swiss data port.

At the same time, in many other countries it doesn't look any better –, often even significantly worse. In the United States, for example, laws like the Patriot Act, the Cloud Act or FISA §702 (here is an overview) extensive access to data, including from providers operating outside the USA. In the United Kingdom and France there are also legal bases for tamper-free mass surveillance.

Germany does a little better in comparison –, above all thanks to the basic legal anchoring in the Basic Law, the independent case law of the Federal Constitutional Court and a lively public debate about data protection. But here, too, not everything is in the green: the use of state Trojans (Source TKÜ), the often opaque cooperation between secret services and the recurring political pressure on the long-failed Data retention show that fundamental rights are also under constant pressure in Germany. Nowhere is there absolute certainty – but how transparently and critically a society deals with surveillance makes the decisive difference.

Found on Reddit's r/privacy, where either moderators or Automod have pulled the plug on it.

[...]

The first rupture appeared on January 29 when cloud security firm Wiz stumbled upon an exposed ClickHouse database tagged “ds‑log‑prod‑001". Anyone with a browser could have accessed more than a million log lines: raw chat history, API keys, and even internal service tokens. Wiz engineers demonstrated that with two clicks they could seize “full database control", inject malicious code and pivot into the rest of DeepSeek’s infrastructure.

A week later mobile forensics specialists at NowSecure published a parallel autopsy of the iOS build. Their findings read like a checklist of everything Apple’s security team tells developers not to do: hard‑coded encryption keys, deprecated 3DES ciphers and App Transport Security switched off globally, allowing chats to travel unencrypted. The company urged enterprises to ban the app outright. However, DeepSeek’s parentage turned out to be even more troubling.

Corporate registries in Zhejiang and the Cayman Islands show the chatbot is a wholly owned offshoot of High‑Flyer Quant, a hedge fund founded in 2016 by the 38‑year‑old trader and CEO of Deepseek, Liang Wenfeng. Reuters reporting confirms that High‑Flyer pivoted from equity markets to artificial intelligence research in 2023, building two super‑computing clusters stuffed with Nvidia A100 processors before US export controls came into force.

[...]

Sources say the Computer Emergency Response Team of India (CERT‑In) is preparing a broader advisory under the new Digital Personal Data Protection Act that could push local app stores to delist the software if it fails a security audit. Other democracies have gone further: Italy, Australia and Taiwan have banned DeepSeek from public‑sector systems, with Taipei warning of “systemic espionage risk".

[...]

High‑Flyer Quant’s pitch decks boast of “harvesting alternative data at planetary scale". If every trade idea whispered into DeepSeek ends up in a Hangzhou warehouse, the company enjoys a real‑time map of market sentiment unavailable to Wall Street — and unpoliced by the Securities and Exchange Commission. For American fund managers and Indian startups alike, using the chatbot could be tantamount to CC‑ing a rival on every brainstorming session.

[...]