Privacy

cross-posted from: https://lemmy.sdf.org/post/30014811

cross-posted from: https://lemmy.sdf.org/post/30014783

U.S. Federal Trade Commission urged to investigate Google’s RTB data in first ever complaint under new national security data law.

Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed today at the FTC by Enforce and EPIC. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act.

The complaint (open pdf) targets a major part of Google’s business: Google’s Real-Time Bidding (RTB) system dominates online advertising, and operates on 33.7 million websites, 92% of Android apps, and 77% of iOS apps. Much of Google’s $237.9 billion advertising revenue is RTB.

Today’s complaint reveals that Google has known for at least a decade that its RTB technology broadcasts sensitive data without any security, according to internal Google discussions highlighted in today’s complaint.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls (example) to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers. Even Google’s so called “non personalized” data contains dangerous data.

[...]

cross-posted from: https://lemmy.blahaj.zone/post/22523265

There’s a reason that cookies and privacy policies (in the EU at least) have become such an online nuisance. These assurances of your safety and privacy are nothing more than a pretext to get consent. Your “anonymised” data is sold to an infinite regress of third parties, analysed, correlated and de-anonymised again. Any smart device you use, your browsing habits, banking transactions, your GPS position are all used to deduce fine grain information about you. Then weaponised against you for as much profit as possible.

cross-posted from: https://programming.dev/post/26136291

Mozilla has just deleted the following:

“Does Firefox sell your personal data?”

“Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise. "

Source: Lundke journal.

The 2024 Tesla Model 3 has some of the most advanced navigation, autonomous driving, and safety features currently on the market, meaning it’s full of equipment that can record and track your surroundings—and you. How much data does Tesla collect? Where is it stored? And can you trust them to protect your sensitive information? WIRED decided to investigate.

cross-posted from: https://lemmy.blahaj.zone/post/22470723

The DHS quietly updated its policy manual earlier this month, removing LGBTQ+ identities from the section prohibiting surveillance based solely on immutable characteristics.

cross-posted from: https://lemm.ee/post/56769139

cross-posted from: https://sopuli.xyz/post/23170564

cross-posted from: https://fedia.io/m/firefox/t/1847796

We’re introducing a Terms of Use for Firefox for the first time, along with an updated Privacy Notice.

From the new terms:

When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

cross-posted from: https://lemmy.world/post/26088944

Signal CEO Meredith Whittaker says her company will withdraw from countries that force messaging providers to allow law enforcement officials to access encrypted user data, as Sweden continues to mull such plans.

She made the claims in an interview with Swedish media SVT Nyheter which reported the government could legislate for a so-called E2EE backdoor as soon as March 2026. It could bring all E2EE messenger apps like Signal, WhatsApp, iMessage, and others into scope.

Whittaker said there is no such thing as a backdoor for E2EE "that only the good guys can access," however.

"Either it's a vulnerability that lets everyone in, or we continue to uphold strong, robust encryption and ensure the right to privacy for everyone. It either works for everyone or it's broken for everyone, and our response is the same: We would leave the market before we would comply with something that would catastrophically undermine our ability to provide private communications."

Sweden launched an investigation into its data retention and access laws in 2021, which was finalized and published in May 2023, led by Minister of Justice Gunnar Strömmer.

Strömmer said it was vital that law enforcement and intelligence agencies were able to access encrypted messaging content to scupper serious crime – the main argument made by the UK in pursuing its long-term ambition to break E2EE.

The inquiry made several proposals to amend existing legislation, including the recommendation that encrypted messaging must store chat data for up to two years and make it available to law enforcement officials upon request.

It would essentially mirror the existing obligation for telecoms companies to provide call and SMS data to law enforcement, as is standard across many parts of the developed world, but extend it to encrypted communications providers.

cross-posted from: https://lemm.ee/post/56591279

Swedish government wants a back door in signal for police and 'Säpo' (Swedish federation that checks for spies)

Let's say that this becomes a law and Signal decides to withdraw from Sweden as they clearly state that they won't implement a back door; would a citizen within the country still be able to use and access Signals services? Assuming that google play services probably would remove the Signal app within Sweden (which I also don't use)

I just want the government to go f*ck themselves, y'know?

FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data By Zak Doffman, Contributor. Zak Doffman writes about security, surveillance and privacy. Feb 24, 2025

The furor after Apple removed full iCloud security for U.K. users may feel a long way from American users this weekend. But it’s not — far from it. What has just shocked the U.K. is exactly what the FBI told me it also wants in the U.S. “Lawful access” to any encrypted user data. The bureau’s quiet warning was confirmed just a few weeks ago.

The U.K. news cannot be seen in isolation and follows years of battling between big tech and governments over warranted, legal access to encrypted messages and content to fuel investigations into serious crimes such as terrorism and child abuse.

As I reported in 2020, “it is looking ever more likely that proponents of end-to-end security, the likes of Facebook and Apple, will lose their campaign to maintain user security as a priority.” It has taken five years, but here we now are.

The last few weeks may have seemed to signal a unique fork in the road between the U.S. and its primary Five Eyes ally, the U.K. But it isn’t. In December, the FBI and CISA warned Americans to stop sending texts and use encrypted platforms instead. And now the U.K. has forced open iCloud to by threatening to mandate a backdoor. But the devil’s in the detail — and we’re fast approaching a dangerous pivot.

While CISA — America’s cyber defense agency — appears to advocate for fully secure messaging platforms, such as Signal, the FBI’s view appears to be different. When December’s encryption warnings hit in the wake of Salt Typhoon, the bureau told me while it wants to see encrypted messaging, it wants that encryption to be “responsible.”

What that means in practice, the FBI said, is that while “law enforcement supports strong, responsibly managed encryption, this encryption should be designed to protect people’s privacy and also managed so U.S. tech companies can provide readable content in response to a lawful court order.” That’s what has just happened in the U.K. Apple’s iCloud remains encrypted, but Apple holds the keys and can facilitate “readable content in response to a lawful court order.”

There are three primary providers of end-to-end encrypted messaging in the U.S. and U.K. Apple, Google and Meta. The U.K. has just pushed Apple to compromise iMessage. And it is more than likely that “secret” discussions are also ongoing with the other two. It makes no sense to single out Apple, as that would simply push bad actors to other platforms, which will happen anyway, as is obvious to any security professional.

In doing this, the U.K. has changed the art of the possible, bringing new optionality to security agencies across the world. And it has done this against the backdrop of that U.S. push for responsible encryption and Europe’s push for “chat control.” The U.K has suddenly given America’s security agencies a precedent to do the same.

“The FBI and our partners often can’t obtain digital evidence, which makes it even harder for us to stop the bad guys,” warned former director Christopher Wray, in comments the bureau directed me towards. “The reality is we have an entirely unfettered space that’s completely beyond fully lawful access — a place where child predators, terrorists, and spies can conceal their communications and operate with impunity — and we’ve got to find a way to deal with that problem.”

The U.K. has just found that way. It was first, but unless a public backlash sees Apple’s move reversed, it will not be last. In December, the FBI’s “responsible encryption” caveat was lost in the noise of Salt Typhoon, but it shouldn’t be lost now. The tech world can act shocked and dispirited at the U.K. news, but it has been coming for years. While the legalities are different in the U.S., the targeted outcome would be the same.

Ironically, because the U.S. and U.K. share intelligence information, some American lawmakers have petitioned the Trump administration to threaten the U.K. with sanctions unless it backtracks on the Apple encryption mandate. But that’s a political view not a security view. It’s more likely this will go the other way now. As EFF has warned, the U.K. news is an “emergency warning for us all,” and that’s exactly right.

“The public should not have to choose between safe data and safe communities, we should be able to have both — and we can have both,” Wray said. “Collecting the stuff — the evidence — is getting harder, because so much of that evidence now lives in the digital realm. Terrorists, hackers, child predators, and more are taking advantage of end-to-end encryption to conceal their communications and illegal activities from us.”

The FBI’s formal position is that it is “a strong advocate for the wide and consistent use of responsibly managed encryption — encryption that providers can decrypt and provide to law enforcement when served with a legal order.”

The challenge is that while the bureau says it “does not want encryption to be weakened or compromised so that it can be defeated by malicious actors,” it does want “providers who manage encrypted data to be able to decrypt that data and provide it to law enforcement only in response to U.S. legal process.”

That’s exactly the argument the U.K. has just run.

Somewhat cynically, the media backlash that Apple’s move has triggered is likely to have an impact, and right now it seems more likely we will see a reversal of some sort of Apple’s move, rather than more of the same. The UK government is now exposed as the only western democracy compromising the security for tens of millions of its citizens.

Per The Daily Telegraph, “the [UK] Home Office has increasingly found itself at odds with Apple, which has made privacy and security major parts of its marketing. In 2023, the company suggested that it would prefer to shut down services such as iMessage and FaceTime in Britain than weaken their protections. It later accused the Government of seeking powers to 'secretly veto’ security features.”

But now this quiet battle is front page news around the world. The UK either needs to dig in and ignore the negative response to Apple’s forced move, or enable a compromise in the background that recognizes the interests of the many.

As The Telegraph points out, the U.S. will likely be the deciding factor in what happens next. “The Trump administration is yet to comment. But [Tim] Cook, who met the president on Thursday, will be urging him to intervene,” and perhaps more interestingly, “Elon Musk, a close adviser to Trump, criticised the UK on Friday, claiming in a post on X that the same thing would have happened in America if last November’s presidential election had ended differently.”

Former UK cybersecurity chief Ciaran Martin thinks the same. “If there’s no momentum in the U.S. political elite and US society to take on big tech over encryption, which there isn’t right now, it seems highly unlikely in the current climate that they’re going to stand for another country, however friendly, doing it.”

Meanwhile the security industry continues to rally en masse against the change.

“Apple’s decision,” an ExpressVPN spokesperson told me, “is deeply concerning. By removing end-to-end encryption from iCloud, Apple is stripping away its UK customers’ privacy protections. This will have serious consequences for Brits — making their personal data more vulnerable to cyberattacks, data breaches, and identity theft.”

It seems inconceivable the UK will force all encrypted platforms to remove that security wrap, absent which the current move becomes pointless. The reality is that the end-to-end encryption ship has sailed. It has becomne ubiquitous. New measures need to be found that will rely on metadata — already provided — instead of content.

Given the FBI’s stated position, what the Trump administration does in response to the UK is critical. Conceivably, the U.S. could use this as an opportunity to revisit its own encryption debate. That was certainly on the cards under a Trump administration pre Salt Typhoon. But the furor triggered by Apple now makes that unlikely. However the original secret/not secret news leaked, it has changed the dynamic completely.

cross-posted from: https://lemmy.world/post/26006683

This really hit home for me:

What now? Companies need to do a better job of only collecting the information they need to operate, and properly securing what they store. Also, the U.S. needs to pass comprehensive privacy protections. At the very least, we need to be able to sue companies when these sorts of breaches happen (and while we’re at it, it’d be nice if we got more than $5.21 checks in the mail). EFF has long advocated for a strong federal privacy law that includes a private right of action.

cross-posted from: https://fosstodon.org/users/notesnook/statuses/114059550980301173

Choose your warrior:

• @StandardNotes
• @[email protected] 🛡️
• @joplinapp

All of these are open source, private and encrypted. Of course, Notesnook is still the best 😉

#notetaking, #privacy, #security, #notesnook, #opensource

A lot of people seem to be confused so to clear up: They haven't broken encryption. They are phishing using malicious QR codes.

Russia-backed hacking groups have developed techniques to compromise encrypted messaging services, including Signal, WhatsApp and Telegram, placing journalists, politicians and activists of interest to the Russian intelligence service at potential risk.

Google Threat Intelligence Group disclosed today that Russia-backed hackers had stepped up attacks on Signal Messenger accounts to access sensitive government and military communications relating to the war in Ukraine.

Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram.