Weekly Privacy Roundup #8
”Privacy is dead, and social media hold the smoking gun.” – Pete Cashmore.
Face masks prompt London police to consider pause in rollout of facial recognition cameras
The rollout of facial recognition cameras in London is facing disruption as citizens are now using face coverings that could potentially incapacitate the technology.
The United Kingdom has been a keen adopter of surveillance technology including facial recognition cameras in recent years, despite concerns that widespread spying erodes citizen rights to privacy.
Last year, the Information Commissioner's Office (ICO) launched an investigation into a trial of facial recognition cameras installed at King's Cross, a busy underground and overground train station, based on claims that commuters and passers-by were being surveilled without explicit consent.
UK’s largest airline, easyJet, reveals January 2020 breach of 9 million customer records
The largest airline in the United Kingdom, easyJet, revealed that they had been hacked by a “sophisticated attack” in January of 2020. All in all, approximately 9 million customers were affected by the EasyJet hack. The affected customers had their travel records and emails exposed. The EasyJet disclosure also revealed that 2,208 of the 9 million affected customers had their credit card information accessed but nobody had their passport records accessed. According to their notice to investors on the London Stock Exchange, they will be notifying affected customers over the next week.
OpenSAFELY: more proof that tackling the coronavirus pandemic does not require privacy to be compromised
In recent weeks, there has been an intense focus on the use of contact tracing apps as a way to emerge safely from the lockdowns that are in place around the world. A key question is whether to use a centralized or de-centralized architecture. After some division, the balance has firmly swung towards the latter, with only a few hold-outs such as the UK and France sticking with centralized approaches. That’s clearly good news for privacy, since it’s riskier to keep data in one location, both in terms of leaks and abuse by governments. But it’s not the only area where some see a tension between data protection and tackling the Covid-19 pandemic effectively.
eBay port scans visitors' computers for remote access programs
When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote management applications.
Over the weekend, Jack Rhysider of DarkNetDiaries discovered that when visiting eBay.com, the site performed a port scan of his computer for 14 different ports.
Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more.
After learning about this, BleepingComputer conducted a test and can confirm that eBay.com is indeed performing a local port scan of 14 different ports when visiting the site.
Bleeping Computer
Mozilla, Twitter, Reddit join forces in effort to block browsing data from warrantless access
Asha Barbaschow reports:
A group of seven internet companies are vowing to stand up for the privacy of its users this week when the United States House of Representatives considers the USA FREEDOM Reauthorization Act of 2020.
Mozilla, Engine, Reddit, Reform Government Surveillance, Twitter, i2Coalition, and Patreon have asked four US legislators to explicitly prohibit the warrantless collection of internet search and browsing history.
GDPR - 2 years on
GDPR was hard won. PI, together with other civil society actors, fought from the beginning for a version of the law that offers the strongest rights and protections in the face of intense industry lobbying.
Two years later, has GDPR fulfilled its promise?
Any individual who has the slightest engagement in the privacy of their personal data online will likely be sympathetic to Barlow’s quote. It’s been 2 years since the implementation of the General Data Protection Regulation (GDPR), the EU’s data protection and privacy regulation which aimed to give control to individuals over their personal data and to simplify the requirements on businesses.
Are there fewer data breaches? Are companies taking privacy and consent more seriously? Do individuals engage in the protection of their personal information more? It’s difficult to answer the question of whether GDPR has been successful as we don’t know what would have been the state of play if the data protection regulation it succeeded was still in place.
Hacker extorts online shops, sells databases if ransom not paid
More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the amount of stolen data is much larger.
The attacker is hacking into insecure servers that are reachable over the public web, copies the databases, and leaves a note asking for a ransom in return of the stolen data.