Weekly Privacy Roundup #1
Also in my privacy roundup the main topic this week is, again and unfortunately, the COVID-19 pandemic.
Bluetooth tracking and COVID-19: A tech primer
In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. The aim of this piece is to provide more detail on the technology itself, rather than a deep dive into the risks and whether or not Bluetooth technology should be used.Privacy International
Cloudflare’s 220.127.116.11 DNS Passes Privacy Audit, Some Issues Found
Cloudflare has released the results of a privacy audit of their a 18.104.22.168 DNS service that backs up Cloudflare’s statement regarding how DNS query data is being stored and collected on their servers.
After launching their 22.214.171.124 DNS service in 2018, people became concerned that Cloudflare was utilizing the data received from the use of their DNS resolvers as a currency that could be sold to third-parties or enrich the company in some way.
No doubt having huge amounts of data about the sites people visit would be of benefit, Cloudflare has always stated they put privacy first when they designed their 126.96.36.199 service by wiping logs within 24 hours and never writing the full IP address of users to logs.Bleepingcomputer
Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests
International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years.The Hacker News
“At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property,” Marriott said in a statement.
“We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.”
Voter information for 4,934,863 Georgians leaked online
According to the data breach notification service Under the Breach, on Saturday a file containing voter information for more than 4.9 million Georgians, including deceased citizens, has been published on a hacking forum.
Georgia has 3.7 million citizens, but the voting population is around one third.
Data were included in a Microsoft Access database file of a 1.04 GB.SecurityAffairs
Exposed personal information includes full names, home addresses, dates of birth, ID numbers, and mobile phone numbers.
Privacy Rights May Become Next Victim of Killer Pandemic
From China to Singapore to Israel, governments have ordered electronic monitoring of their citizens’ movements in an effort to limit contagion. In Europe and the United States, technology firms have begun sharing “anonymized” smartphone data to better track the outbreak.
These moves have prompted soul-searching by privacy activists who acknowledge the need for technology to save lives while fretting over the potential for abuse.
“Governments around the world are demanding extraordinary new surveillance powers intended to contain the virus’ spread,” the Electronic Frontier Foundation said in an online post.SecurityWeek
Should governments track your location to fight COVID-19?
Anyone viewing their Google Maps Timeline for the first time gets one of two feelings: Dread at the thought of how much information the company collects about their every move, or elation as they realise they can go back and see what they were doing not just on any given day, but during any given minute.
Governments struggling to control the spread of COVID-19 have been quick to catch on to these possibilities. This data could help them track other patients that a newly diagnosed sufferer had been in contact with. In aggregate, it could help identify high-risk areas where people are gathering. It could also have other, more invasive uses.
This weekend, the Wall Street Journal reported that US government officials are using location data from millions of cellphones to understand citizens’ movements and how they’re affecting the spread of the disease. That data, which sources have said is stripped of personally identifying information, shows how community hubs like shops and parks are still drawing crowds. The data can also show how well the population at large is following requests to stay indoors. A lot of this data comes from advertising companies that gather it as a matter of course, the paper said.Naked Security
>4,000 Android apps silently access your installed software
More than 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users, a recently published research paper found.
The apps use an Android-provided programming interface that scans a phone for details about all other apps installed on the phone. The app details—which include names, dates they were first installed and most recently updated, and more than three-dozen other categories—are uploaded to remote servers without permission and no notification.ArsTechnica
Edward Snowden says COVID-19 could give governments invasive new data-collection powers that could last long after the pandemic
Edward Snowden, the man who exposed the breadth of spying at the US’s National Security Agency, has warned that an uptick in surveillance amid the coronavirus crisis could lead to long-lasting effects on civil liberties.
During a video-conference interview for the Copenhagen Documentary Film Festival, Snowden said that, theoretically, new powers introduced by states to combat the coronavirus outbreak could remain in place after the crisis has subsided.
Fear of the virus and its spread could mean governments “send an order to every fitness tracker that can get something like pulse or heart rate” and demand access to that data, Snowden said.Business Insider
Zoom Updates iOS App Following Backlash Over Sending Data To Facebook
A Zoom spokesperson in a statement to Motherboard told that they unaware that the Facebook SDK was collecting unnecessary device data.
“Zoom takes its users’ privacy extremely seriously. We originally implemented the ‘Login with Facebook’ feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data.
“The data collected by the Facebook SDK did not include any personal user information, but rather included data about users’ devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space.
“We will be removing the Facebook SDK and reconfiguring the feature so that users will still be able to login with Facebook via their browser. Users will need to update to the latest version of our application once it becomes available in order for these changes to take hold, and we encourage them to do so. We sincerely apologize for this oversight, and remain firmly committed to the protection of our users’ data.”
After Zoom issued an update to its iOS app, Motherboard has since verified that the app now no longer sends data to Facebook when it is opened.TechWorm
Telecoms across Europe are sharing phone location data with governments as a result of the COVID-19 pandemic
A telecommunications lobbying group, the GSMA, has confirmed that several telecom companies in Europe are providing mobile phone location data with the European Union as a way to track the spread of COVID-19. According to Reuters and other media sources, these are the telecommunications companies that are working with the European Union to provide “anonymized” data sets:
Vodafone, Deutsche Telekom, Orange, Proximus, Swisscom, Telefonica, Telecom Italia, Telenet, Telenor, Telia and A1 Telekom Austria, and Windtre
Telecoms are also working with individual countries such as Italy, Austria, Switzerland, and Belgium to provide this data for virus tracking purposes. In Germany, the information is being shared with the Robert Koch Institute, Germany’s CDC.Privacy News Online
Activists in Minecraft made a digital library to bypass government censorship
Media freedom activists have built a 125 million block library in a Minecraft map called the “Uncensored Library” which contains a world’s worth of information and is available to read for users within oppressive regimes that otherwise censor such information. This massive digital library was unveiled for the World Day against Censorship by the organization Reporters Without Borders. TPrivate Internet Access