Second Timeline: current events

Massive invasions, threats and hazards created by Surveillance Capitalism

Our timelines are easily navigated in bite size overviews, by swiping left or right on a phone, clicking and dragging on a tablet or desktop, or clicking the left and right arrows.

Please feel free to leave comments or questions below the timeline.


The DOJ is seeking to force Google to sell or spin off parts of its digital ad arm so it will no longer have control over every side of the ad tech stack: the buyer side, seller side, and the exchange in the middle

Google earned about $169 billion in digital ads worldwide in 2022, but the vast majority of that revenue (as well as Google’s revenue, period) comes from search ads, which are ads that businesses place on user searches that might be relevant to them. This suit is targeting not Google’s search ad empire but rather the part of its business that places the ads on websites across the internet outside of Google’s properties. That’s a much smaller, yet still considerable, share of Google’s revenue.

...The DOJ has reportedly been preparing its case against Google’s digital ad business for years, even before the Biden administration. This latest suit also joins four other government antitrust lawsuits Google is already facing, including one DOJ suit from October 2020 over its search engine and search ad business and one filed by 38 state attorneys general in December of the same year, again over the search business. In July 2021, 37 state attorneys general sued Google over its Play app store, and 17 state attorneys general sued over the digital ad business in a similar case to what the DOJ is bringing now.


Chinese companies lead the world in exporting face recognition

The report argues that these exports may enable other governments to perform more surveillance, potentially harming citizens’ human rights. “The fact that China is exporting to these countries may kind of flip them to become more autocratic, when in fact they could become more democratic,” says Martin Beraja, an economist at MIT involved in the study whose work focuses on the relationship between new technologies like AI, government policies, and macroeconomics.

...Face recognition was one of the first practical uses for AI to appear after vastly improved image processing algorithms using artificial neural networks surfaced in the early 2010s. She suggests the large language models that have caused excitement around clever conversational tools such as ChatGPT could follow a similar path, for example by being adapted into more effective ways to censor web content or analyze communications.


Amazon warns employees not to share confidential information with ChatGPT after seeing cases where its answer 'closely matches existing material' from inside the company

The exchange reflects one of the many new ethical issues arising as a result of the sudden emergence of ChatGPT, the conversational AI tool that can respond to prompts with markedly articulate and intelligent answers. Its rapid proliferation has the potential to upend a number of industries, across media, academics, and healthcare, precipitating a frenzied effort to grapple with the chatbot's use-cases and the consequences.

..."OpenAI is far from transparent about how they use the data, but if it's being folded into training data, I would expect corporations to wonder: After a few months of widespread use of ChatGPT, will it become possible to extract private corporate information with cleverly crafted prompts?" said Emily Bender, who teaches computational linguistics at University of Washington.


Apple has always collected some data about its customers—as all businesses do—but its increasing push into services and advertising opens the door for more potential data collection.

This data has the potential to be extensive. “Everything is monitored and sent to Apple almost in real time,” says Tommy Mysk, an app developer and security researcher who runs the software company Mysk with fellow developer Talal Haj Bakry. In November, the Mysk researchers demonstrated how taps on the screen were logged when using the App Store. Their follow-up research demonstrated that analytics data could be used to identify people.

...In the Privacy & Security section of Apple’s settings, it may also be worth considering Analytics & Improvements. Within this setting, you can stop Apple's collection of iPhone and iCloud analytics data, which it says are used to help it improve its products and services. If you want to get the data that Apple has on you, it can be accessed through the company’s download tool.

Albert Fox Cahn, the executive director of the civil rights and privacy group Surveillance Technology Oversight Project, says Apple should do more to highlight its recently announced encrypted iCloud backups. “Many users don’t realize just how vulnerable iCloud data (including device backups and messages) are by default,” Cahn says.


The ‘Enshittification’ of TikTok

This strategy meant that it became progressively harder for shoppers to find things anywhere except Amazon, which meant that they only searched on Amazon, which meant that sellers had to sell on Amazon. That's when Amazon started to harvest the surplus from its business customers and send it to Amazon's shareholders. Today, Marketplace sellers are handing more than 45 percent of the sale price to Amazon in junk fees. The company's $31 billion "advertising" program is really a payola scheme that pits sellers against each other, forcing them to bid on the chance to be at the top of your search.

...But Facebook has a new pitch. It claims to be called Meta, and it has demanded that we live out the rest of our days as legless, sexless, heavily surveilled low-poly cartoon characters. It has promised companies that make apps for this metaverse that it won't rug them the way it did the publishers on the old Facebook. It remains to be seen whether they'll get any takers. As Mark Zuckerberg once candidly confessed to a peer, marveling at all of his fellow Harvard students who sent their personal information to his new website, "TheFacebook":

I don’t know why.

They “trust me”

Dumb fucks.

...The demise of Amazon Smile coincides with the increasing enshittification of Google Search, the only successful product the company managed to build in-house. All its other successes were bought from other companies: video, docs, cloud, ads, mobile, while its own products are either flops like Google Video, clones (Gmail is a Hotmail clone), or adapted from other companies' products, like Chrome.


I’m a Congressman Who Codes. A.I. Freaks Me Out.

Private entities such as the Los Angeles Football Club and Madison Square Garden Entertainment already are deploying A.I. facial recognition systems. The football (professional soccer) club uses it for its team and staff. Recently, Madison Square Garden used facial recognition to ban lawyers from entering the venue who worked at firms representing clients in litigation against M.S.G. Left unregulated, facial recognition can result in an intrusive public and private surveillance state, where both the government and private corporations can know exactly where you are and what you are doing.

...We may not need to regulate the A.I. in a smart toaster, but we should regulate it in an autonomous car that can go over 100 miles per hour. The National Institute of Standards and Technology has released a second draft of its AI Risk Management Framework. In it, NIST outlines the ways in which organizations, industries and society can manage and mitigate the risks of A.I., like addressing algorithmic biases and prioritizing transparency to stakeholders. These are nonbinding suggestions, however, and do not contain compliance mechanisms. That is why we must build on the great work already being done by NIST and create a regulatory infrastructure for A.I.

...The fourth industrial revolution is here. We can harness and regulate A.I. to create a more utopian society or risk having an unchecked, unregulated A.I. push us toward a more dystopian future. And yes, I wrote this paragraph.


A rival chatbot has shaken Google out of its routine, with the founders who left three years ago re-engaging and more than 20 A.I. projects in the works.

The new A.I. technology has shaken Google out of its routine. Mr. Pichai declared a “code red,” upending existing plans and jump-starting A.I. development. Google now intends to unveil more than 20 new products and demonstrate a version of its search engine with chatbot features this year, according to a slide presentation reviewed by The New York Times and two people with knowledge of the plans who were not authorized to discuss them.


Google is freaking out about ChatGPT

The recent launch of OpenAI’s AI chatbot ChatGPT has raised alarms within Google, according to reports from The New York Times. Now, the Times says Google has plans to “demonstrate a version of its search engine with chatbot features this year” and unveil more than 20 projects powered by artificial intelligence.

...In recent years, Google has trodden carefully when it comes to the release of new AI products. The company found itself at the center of a debate over the ethics of artificial intelligence after firing two prominent researchers in the field, Timnit Gebru and Margaret Mitchell. The pair laid out criticisms of AI language models, noting challenges like their propensity to amplify biases in their training data and present false information as fact.


TikTok’s Secret ‘Heating’ Button Can Make Anyone Go Viral

For TikTok, fears of political manipulation are tied to concern that the Chinese government could coerce the platform’s Chinese owner, ByteDance, into amplifying or suppressing certain narratives on TikTok. TikTok has acknowledged that it previously censored content critical of China, and last year, former ByteDance employees told BuzzFeed News that another ByteDance app, a now-defunct news aggregator called TopBuzz, had pinned “pro-China messages” to the top of its news feed for U.S. consumers. ByteDance denied the report.

TikTok declined to answer questions about whether employees located in China have ever heated content, or whether the company has ever heated content produced by the Chinese government or Chinese state media.


Musk Oversaw Video That Exaggerated Tesla’s Self-Driving Capabilities

Elon Musk oversaw the creation of a 2016 video that exaggerated the abilities of Tesla Inc.’s driver-assistance system Autopilot, even dictating the opening text that claimed the company’s car drove itself, according to internal emails viewed by Bloomberg.

...Seconds later, an engineer hops into the vehicle — a Model X — and The Rolling Stones’ Paint It Black begins to play. The engineer keeps his hands off the steering wheel as the car pulls forward from a driveway, turns left and travels to Tesla’s former headquarters in Palo Alto, California. The engineer steps out of the vehicle, the driver-side door appears to shut itself, and the vehicle parallel parks in a space with no one at the wheel.

...Tesla and Musk didn’t disclose when releasing the video that engineers had created a three-dimensional digital map for the route the Model X took, Elluswamy said during his deposition. Musk said years after the demo that the company doesn’t rely on high-definition maps for automated driving systems, and argued systems that do are less able to adapt to their surroundings.


Inside Elon’s “extremely hardcore” Twitter

Only a small inner circle knew Musk had invited the journalist Matt Taibbi to comb through internal documents and publish what he called “the Twitter Files.” The intention seemed to be to give ­credence to the notion that Twitter is in bed with the deep state, beholden to the clandestine conspiracies of Democrats. “Twitter is both a social media company and a crime scene,” Musk tweeted.

In an impossible-to-follow tweet thread that unfolded over several hours, Taibbi published the names and emails of rank-and-file ex-employees involved in communications with government officials, insinuating that Twitter had suppressed the New York Post story about Hunter Biden’s laptop. After it was pointed out that Taibbi had published the personal email of Jack Dorsey, that tweet was deleted, but not the tweets naming low-level employees or the personal email of a sitting congressman.

“What a shitty thing to do,” one worker wrote in a large Slack channel of former employees. “The names of rank and file members being revealed is fucked,” wrote another. Employees rushed to warn a Twitter operations analyst whom Taibbi had doxxed to privatize her social-media accounts, knowing she was about to face a deluge of abuse.


Saudi prosecutors seek death penalty for academic over social media use

A prominent pro-reform law professor in Saudi Arabia is facing the death penalty for alleged crimes including having a Twitter account and using WhatsApp to share news considered “hostile” to the kingdom, according to court documents seen by the Guardian.

...Human rights advocates and Saudi dissidents living in exile have warned that authorities in the kingdom are engaged in a new and severe crackdown on individuals who are perceived to be critics of the Saudi government. Last year, Salma al-Shehab, a Leeds PhD student and mother of two, received a 34-year sentence for having a Twitter account and for following and retweeting dissidents and activists. Another woman, Noura al-Qahtani, was sentenced to 45 years in prison for using Twitter.

...The Saudi government and state-controlled investors have recently increased their financial stake in US social media platforms, including Twitter and Facebook, and entertainment companies such as Disney. Prince Alwaleed bin Talal, a Saudi investor, is the second-largest investor in Twitter after Elon Musk’s takeover of the social media platform. The investor was himself detained for 83 days during a so-called anti-corruption purge in 2017. Prince Alwaleed has acknowledged that he was released after he had reached an “understanding” with the kingdom that was “confidential and secret between me and the government”.


This highlighted just how wasteful bitcoin mining is... it’s instructive to think of all the failed guesses that the machines make—quintillions of them every second, creating nothing but heat and carbon

“You have a pretty big industry consuming as much power as a country like Argentina, just for generating random numbers that get thrown out right away … That’s something that you can’t really do sustainably,” he says. “We’re in an energy crisis and a climate crisis, and we’re using fossil fuels to run the world’s biggest random-number generator.”

...The global competition to be the home for crypto trading has echoes of the nomadic mining business. Crypto exchanges have tended to gravitate to lightly regulated jurisdictions, such as the Bahamas, the Cayman Islands, and Dubai, often moving from place to place in response to regulatory changes—“A floating pirate empire,” in the words of Stephen Diehl, a software engineer and prominent critic of the crypto industry. 


Highway surveillance footage from Thanksgiving Day shows a Tesla Model S vehicle changing lanes and then abruptly braking in the far-left lane of the San Francisco Bay Bridge, resulting in an eight-vehicle crash

Just hours before the crash, Tesla CEO Elon Musk had triumphantly announced that Tesla’s “Full Self-Driving” capability was available in North America, congratulating Tesla employees on a “major milestone.” By the end of last year, Tesla had rolled out the feature to over 285,000 people in North America, according to the company.

...The National Highway Traffic Safety Administration, or NHTSA, has said that it is launching an investigation into the incident. Tesla vehicles using its “Autopilot” driver assistance system — “Full Self-Driving” mode has an expanded set of features atop “Autopilot” — were involved in 273 known crashes from July 2021 to June of last year, according to NHTSA data. Teslas accounted for almost 70 percent of 329 crashes in which advanced driver assistance systems were involved, as well as a majority of fatalities and serious injuries associated with them, the data shows. Since 2016, the federal agency has investigated a total of 35 crashes in which Tesla’s “Full Self-Driving” or “Autopilot” systems were likely in use. Together, these accidents have killed 19 people.

In recent months, a surge of reports have emerged in which Tesla drivers complained of sudden “phantom braking,” causing the vehicle to slam on its brakes at high speeds. More than 100 such complaints were filed with NHTSA in a three-month period, according to the Washington Post.


Work carried on as usual in the facility as workers were not informed of colleague’s death even as the body lay on the floor

“What gets me is the lack of respect for human life. We shut down for maintenance. Do you think we could not have had a little respect and shut down long enough to at least get the body out of the facility and clean up after him before people are milling around like nothing’s happening?” the worker said.

“It’s not the first death at an Amazon facility. Amazon is a huge corporation. There should be protocols. It doesn’t matter if this is the first death or the 10th death. There should be protocols on how you handle that. Maybe while the investigation is going on, you don’t let the day shift in, you postpone it until at least until the body’s gone.”

Numerous worker deaths have been reported at Amazon in recent years, including three deaths in New Jersey and one in Pennsylvania over summer 2022. Amazon has faced intense scrutiny over working conditions due to the company’s high injury rates, mishandled human resource errors and high employee turnover.


Microsoft’s new AI can simulate anyone’s voice with 3 seconds of audio

On Thursday, Microsoft researchers announced a new text-to-speech AI model called VALL-E that can closely simulate a person's voice when given a three-second audio sample. Once it learns a specific voice, VALL-E can synthesize audio of that person saying anything—and do it in a way that attempts to preserve the speaker's emotional tone.

Its creators speculate that VALL-E could be used for high-quality text-to-speech applications, speech editing where a recording of a person could be edited and changed from a text transcript (making them say something they originally didn't), and audio content creation when combined with other generative AI models like GPT-3.

...In addition to preserving a speaker's vocal timbre and emotional tone, VALL-E can also imitate the "acoustic environment" of the sample audio. For example, if the sample came from a telephone call, the audio output will simulate the acoustic and frequency properties of a telephone call in its synthesized output (that's a fancy way of saying it will sound like a telephone call, too). And Microsoft's samples (in the "Synthesis of Diversity" section) demonstrate that VALL-E can generate variations in voice tone by changing the random seed used in the generation process.


The public school district in Seattle has filed a novel lawsuit against the tech giants behind TikTok, Instagram, Facebook, YouTube and Snapchat, seeking to hold them accountable for the mental health crisis among youth

“Defendants have successfully exploited the vulnerable brains of youth, hooking tens of millions of students across the country into positive feedback loops of excessive use and abuse of Defendants’ social media platforms,” the complaint said. “Worse, the content Defendants curate and direct to youth is too often harmful and exploitive ....”

...Internal studies revealed by Facebook whistleblower Frances Haugen in 2021 showed that the company knew that Instagram negatively affected teenagers by harming their body image and making eating disorders and thoughts of suicide worse. She alleged that the platform prioritized profits over safety and hid its own research from investors and the public.


A European Union ruling against Meta marks the beginning of the end of targeted ads

Surveillance capitalism just got a kicking. In an ultimatum, the European Union has demanded that Meta reform its approach to personalized advertising—a seemingly unremarkable regulatory ruling that could have profound consequences for a company that has grown impressively rich by, as Mark Zuckerberg once put it, running ads.

...To appreciate why, you need to understand how Meta makes its billions. Right now, Meta users opt in to personalized advertising by agreeing to the company’s terms of service—a lengthy contract users must accept to use its products. In a ruling yesterday, Ireland’s data watchdog, which oversees Meta because the company’s EU headquarters are based in Dublin, said bundling personalized ads with terms of service in this way was a violation of GDPR. The ruling is a response to two complaints, both made on the day GDPR came into force in 2018.

...Apple’s 2021 privacy change was a huge blow for companies that rely on user data for advertising revenue—Meta especially. In February 2022, Meta told investors Apple’s move would decrease the company’s 2022 sales by around $10 billion. Research shows that when given the choice, a large chunk of Apple users (between 54 and 96 percent, according to different estimates) declined to be tracked. If Meta was forced to introduce a similar system, it would threaten one of the company’s main revenue streams.


Letitia James accused the founder of Celsius Network, Alex Mashinsky, of a scheme to defraud hundreds of thousands of investors

The lawsuit stems from Celsius’s implosion this summer, when the company filed for bankruptcy and its customers lost billions of dollars in deposits. For years, the Celsius founder, Alex Mashinsky, 57, misled customers into depositing their crypto savings on the platform, promising that it was as safe as a traditional bank, the lawsuit claimed. The lawsuit seeks to bar him from conducting business in New York and force him to pay damages.

...Some of Celsius’s risky loans went to Alameda Research, the crypto hedge fund founded by Mr. Bankman-Fried. Between 2020 and 2022, the lawsuit said, Celsius lent Alameda roughly $1 billion. As collateral for the loans, Celsius accepted a crypto token that Mr. Bankman-Fried had invented, called FTT. The price of FTT plummeted this fall, contributing to the downfall of Alameda and FTX.


More than 200 million Twitter users' information is now available for anyone to download for free

This latest data dump, which includes account names, handles, creation dates, follower counts, and email addresses, turns out to the be same — albeit cleaned up — leak reported last month that affected more than 400 million Twitter accounts, according to Privacy Affairs' security researchers, who verified the database that's now posted on a breach forum. 

...the published email addresses can also be used by spammers or scam markers, and all they need to do is convince one victim to click on a malicious link.


The Hidden Cost of Cheap TVs

The companies that manufacture televisions call this “post-purchase monetization,” and it means they can sell TVs almost at cost and still make money over the long term by sharing viewing data. In addition to selling your viewing information to advertisers, smart TVs also show ads in the interface. Roku, for example, prominently features a given TV show or streaming service on the right-hand side of its home screen—that’s a paid advertisement. Roku also has its own ad-supported channel, the Roku Channel, and gets a cut of the video ads shown on other channels on Roku devices.

This can all add up to a lot of money. Roku earned $2.7 billion in 2021. Almost 83 percent of that came from what Roku calls “platform revenue,” which includes ads shown in the interface. And Roku isn’t the only company offering such software: Google, Amazon, LG, and Samsung all have smart-TV-operating systems with similar revenue models.

This all means that, whatever you’re watching on your smart TV, algorithms are tracking your habits. This influences the ads you see on your TV, yes, but if you connect your Google or Facebook account to your TV, it will also affect the ads you see while browsing the web on your computer or phone. In a sense, your TV now isn’t that different from your Instagram timeline or your TikTok recommendations. There’s an old joke: “In America, you watch television; in Soviet Russia, television watches you!” In 2022, TVs track your activity to an extent the Soviets could only dream of. But hey, at least that television is really, really cheap.


Ellison wrote in March 2022 that she didn’t get into crypto as a “true believer.” “It’s mostly scams and memes when you get down to it,”

Last month, Ellison, 28, pleaded guilty to charges alleging that she, Bankman-Fried and other FTX executives conspired to steal their customers’ money to invest in other companies, make political donations and buy expensive real estate — charges that carry a maximum sentence of 110 years in prison

...And when investors asked questions, she, Bankman-Fried and other colleagues agreed to lie, covering up the company’s true financial state and the special arrangements for Alameda to use customer assets freely, Ellison told the judge.

“I agreed with Mr. Bankman-Fried and others to provide materially misleading financial statements to Alameda’s lenders,” she said. “I am truly sorry for what I did. I knew that it was wrong.”


Elon Musk Fires Twitter Janitors, Reportedly Forcing Staff To Bring Own Toilet Paper

“The smell of leftover takeout food and body odor has lingered on the floors ... bathrooms have grown dirty” and with janitors gone some “workers have resorted to bringing their own rolls of toilet paper from home,” The New York Times reported Thursday, citing accounts from employees.

Musk suddenly canceled janitorial services early this month at the headquarters, NBC News reported. Janitors said they were locked out with no warning just weeks before the holidays after they had sought better wages, and the company terminated a cleaning contract.

One janitor, who told the BBC that he had worked at Twitter for 10 years, said he was told by Musk’s team that eventually his job wouldn’t even exist because robots would replace human cleaners.


In 2023, we may well see our first death by chatbot

Causality will be hard to prove—was it really the words of the chatbot that put the murderer over the edge? Nobody will know for sure. But the perpetrator will have spoken to the chatbot, and the chatbot will have encouraged the act. Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life? (Already, some chatbots are making their users depressed.) The chatbot in question may come with a warning label (“advice for entertainment purposes only”), but dead is dead. In 2023, we may well see our first death by chatbot.

...Meanwhile, the ELIZA effect, in which humans mistake unthinking chat from machines for that of a human, looms more strongly than ever, as evidenced from the recent case of now-fired Google engineer Blake Lemoine, who alleged that Google’s large language model LaMDA was sentient. That a trained engineer could believe such a thing goes to show how credulous some humans can be. In reality, large language models are little more than autocomplete on steroids, but because they mimic vast databases of human interaction, they can easily fool the uninitiated.


What’s Gone at Twitter? A Data Center, Janitors, Some Toilet Paper

The data center shutdown was one of many drastic steps Mr. Musk has undertaken to stabilize Twitter’s finances. Over the past few weeks, Twitter had stopped paying millions of dollars in rent and services, and Mr. Musk had told his subordinates to renegotiate those agreements or simply end them. The company has stopped paying rent at its Seattle office, leading it to face eviction, two people familiar with the matter said. Janitorial and security services have been cut, and in some cases employees have resorted to bringing their own toilet paper to the office.

...Mr. Musk has also brought in dozens of engineers from his other companies, including Tesla and SpaceX, to work at Twitter. While Tesla engineers are not on Twitter’s payroll, the automaker has billed the social media firm for some of their services as if they were contractors, according to documents seen by a former Twitter manager.


Without more forceful global laws, tech will continue to cause harm to marginalized communities

The Supreme Court’s ruling in particular has brought the lack of privacy protections in the US to the forefront of conversation. It demonstrates how law enforcement officials can access incriminating data on location, internet searches, and communication history. There are growing concerns that this data has the potential to be weaponized and used as “evidence” in states where abortion is illegal. In Nebraska, for example, a teenager and her mother are facing criminal charges for allegedly inducing an abortion, after Facebook released their private messages upon request from an investigator.

...Anytime you minimize a right, the impacts fall most on the people who come from minority groups. The Supreme Court’s decision doesn’t mean that the only thing in danger is a woman’s physical body—it’s a greater attack on minorities, civil rights, and their entire digital footprint. It hurts women, people of color, people with lower incomes, the LGBTQIA+ community, and more. The willingness of the court to overturn precedent could suggest other federally protected rights of minorities may be in jeopardy too, such as same-sex marriage.


Big Tech’s Big Flops of 2022

Meta laid off more than 11,000 employees in November as its stock continued to plummet to historic lows. That reduction also meant saying goodbye to some of its non-metaverse hardware, a division that has never done much for Meta anyway. RIP Portal, the camera Facebook put in your kitchen. Also the smartwatch that never got a chance to see the world. Could Meta’s smart sunglasses be next? Also getting cut was the newsletter service Bulletin, which never caught on like Substack did (Twitter cut its own newsletter, Revue, although it’s not clear if the economy is to blame for that or whether Twitter’s new owner, Elon Musk, is). Meta’s experimental product arm is now reportedly shrinking to focus just on short videos (very TikTok!) and it recently shut down its connectivity division, which developed or improved ways to access the internet.

Google and its parent company, Alphabet, fared better than Meta in 2022. But things still weren’t great, and there are rumors that Google is due for some layoffs soon, too. Its famed “moonshot factory,” X, has a track record of flops even in the best of times. One X project, Loon, which tried to use weather balloons to beam internet to remote areas and was shut down in 2021, was spun off into an independent company. Area 120, Google’s incubator where employees got to work on experimental ideas for the company, has been scaled back. The Pixelbook, Google’s attempt to make an expensive Chromebook, has been discontinued. There are big cuts in the Google Assistant team. And Stadia, Google’s cloud gaming service, will be shutting down in January. Google also just pulled out of building a long-planned data center (Meta has also canceled work on data centers).


2022’s badly handled data breaches

The food delivery giant confirmed to TechCrunch that attackers accessed the names, email addresses, delivery addresses and phone numbers of DoorDash customers, along with partial payment card information for a smaller subset of users. It also confirmed that for DoorDash delivery drivers, or Dashers, hackers accessed data that “primarily included name and phone number or email address.”

...Hours before a long July 4 holiday, Samsung quietly dropped notice that its U.S. systems were breached weeks earlier and that hackers had stolen customers’ personal information. In its bare-bones breach notice, Samsung confirmed unspecified “demographic” data, which likely included customers’ precise geolocation data, browsing and other device data from customers’ Samsung phones and smart TVs, was also taken.

...Advanced, an IT service provider for the U.K.’s NHS, confirmed in October that attackers stole data from its systems during an August ransomware attack. The incident downed a number of the organization’s services, including its Adastra patient management system, which helps non-emergency call handlers dispatch ambulances and helps doctors access patient records, and Carenotes, which is used by mental health trusts for patient information.


"one of the biggest financial frauds in US history" announcing eight criminal charges, including wire fraud, money laundering and campaign finance violations

Mr Bankman-Fried's release requires him to surrender his passport and submit to location monitoring and detention at his parents' home in California. He also agreed to regular mental health treatment. His parents will co-sign the $250m bond, Mr Bankman-Fried's attorney, Mark Cohen said.


“I’ve been writing critically about billionaire Elon Musk since he took over Twitter — particularly about his “free speech” hypocrisy and his censorship of left-wing accounts”

After a firestorm of controversy following Elon Musk’s Twitter action booting several journalists off Twitter earlier this month, Musk announced he would agree to allow reporters back on. But they had to eliminate certain tweets. Reporters who won’t comply remain banned, the journalists have revealed.


Madison Square Garden Uses Facial Recognition to Ban Its Owner’s Enemies

The guards had identified her using a facial recognition system. They showed her a sheet saying she was on an “attorney exclusion list” created this year by MSG Entertainment, which is controlled by the Dolan family. The company owns Radio City and some of New York’s other famous performance spaces, including the Beacon Theater and Madison Square Garden, where basketball’s Knicks and hockey’s Rangers play.

...“This is punitive as opposed to protective. It sets a precedent for other businesses to identify their critics and punish them,” Mr. Schwartz said. “It raises the question of what’s going to come next. Will companies use facial recognition to keep out all the people who have picketed the business or criticized them online with a negative Yelp review?”

...High-tech surveillance by government is already common in New York City. The Police Department relies on a toolbox that includes not only facial recognition, but drones and mobile X-ray vans, and this month the department said it would join Neighbors, a public neighborhood-watch platform owned by Amazon. Neighbors allows video doorbell owners to post clips online, and police officers can enlist the help of residents in investigations.


An internal investigation by ByteDance, the parent company of video-sharing platform TikTok, found that employees tracked multiple journalists covering the company, improperly gaining access to their IP addresses and user data in an attempt to identify whether they had been in the same locales as ByteDance employees

According to materials reviewed by Forbes, ByteDance tracked multiple Forbes journalists as part of this covert surveillance campaign, which was designed to unearth the source of leaks inside the company following a drumbeat of stories exposing the company’s ongoing links to China. As a result of the investigation into the surveillance tactics, ByteDance fired Chris Lepitak, its chief internal auditor who led the team responsible for them. The China-based executive Song Ye, who Lepitak reported to and who reports directly to ByteDance CEO Rubo Liang, resigned.

...The investigation, internally known as Project Raven, began this summer after BuzzFeed News published a story revealing that China-based ByteDance employees had repeatedly accessed U.S. user data, based on more than 80 hours of audio recordings of internal TikTok meetings. According to internal ByteDance documents reviewed by Forbes, Project Raven involved the company’s Chief Security and Privacy Office, was known to TikTok’s Head of Global Legal Compliance, and was approved by ByteDance employees in China. It tracked Emily Baker-White, Katharine Schwab and Richard Nieva, three Forbes journalists that formerly worked at BuzzFeed News.


The Guardian hit by "ransomware attack"

a newspaper with that many subscribers would make for a huge target. Not too mention the possible sensitive information that could be found in ongoing investigations that the journalists are working on. It could be devastating to see that sort of information published on a leak site. The same would be true for any scoops the journalists might be working on.


confused by the $250 million no-upfront-cost bail conditions, questioning how Sam Bankman-Fried was able to post the $250 million bail figure after he previously claimed he had less than $100,000 in his bank account

Steven McClurg tweeted a statement implying that SBF’s parents shouldn’t be allowed to put up their home as collateral on the $250 million bail as the home was bought with “stolen FTX funds.”


Carolyn Ellison, the 28-year-old former CEO of Alameda Research, a trading firm started by Bankman-Fried, and Gary Wang, the 29-year-old who co-founded FTX, pleaded guilty to charges including wire fraud, securities fraud and commodities fraud

Without such a deal, Ellison, who also faces a money laundering conspiracy charge, could face up to 110 years in prison. Wang could get up to 50 years.

...At a congressional hearing last week, the new FTX CEO John Ray III, who is tasked with taking the company through bankruptcy, bluntly disputed those assertions: “We will never get all these assets back,” Ray said.


The two biggest antitrust bills in more than 50 years are dead after they were not included in year-end congressional spending legislation released Tuesday, angering anti-monopolists who believe Senate Majority Leader Chuck Schumer (D-N.Y.) killed the best chance for this Congress to meaningfully limit corporate power

“He’s flat out an asset for Big Tech,” said one progressive who worked on the legislation. “It’s like Russia and Trump. Things don’t make sense unless you assume he’s just totally compromised.”

As much as Schumer has courted those on the left in recent years, they’ve long been suspicious of his intentions around Big Tech companies. The businesses are a major source of campaign funding, and the electorally conscious Schumer would be wary of losing access to their cash or having the money turned against vulnerable Democratic incumbents.


A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

When a company says it will never sell your data, that doesn’t mean it won’t use it or share it with others for analysis.

...Most companies’ privacy policies do not even mention the audiovisual data being captured, with a few exceptions. iRobot’s privacy policy notes that it collects audiovisual data only if an individual shares images via its mobile app. LG’s privacy policy for the camera- and AI-enabled Hom-Bot Turbo+ explains that its app collects audiovisual data, including “audio, electronic, visual, or similar information, such as profile photos, voice recordings, and video recordings.” And the privacy policy for Samsung’s Jet Bot AI+ Robot Vacuum with lidar and Powerbot R7070, both of which have cameras, will collect “information you store on your device, such as photos, contacts, text logs, touch interactions, settings, and calendar information” and “recordings of your voice when you use voice commands to control a Service or contact our Customer Service team.” Meanwhile, Roborock’s privacy policy makes no mention of audiovisual data, though company representatives tell MIT Technology Review that consumers in China have the option to share it. 

...And if iRobot’s $1.7 billion acquisition by Amazon moves forward—pending approval by the FTC, which is considering the merger’s effect on competition in the smart-home marketplace—Roombas are likely to become even more integrated into Amazon’s vision for the always-on smart home of the future.


How Sam Bankman-Fried Spent His First Week Behind Bars

But then SBF served a few days at the Fox Hill correctional center. After the judge denied his request to be released on $250,000 cash bail with an ankle monitor, he was moved to the Bahamas’ only prison, where he will stay until his February 8 extradition hearing. According to a human-rights report issued by the U.S. State Department in 2021, Fox Hill is a rough place: Its cells are infested with vermin like rats and maggots, its medical care is inadequate, and some inmates are forced to sleep directly on the ground in cells where the only toilet is a bucket.

In his week or so of detention, Bankman-Fried doesn’t appear to have experienced these conditions himself. According to a report from Bloomberg News, he has his own room in the medical block of the maximum-security wing, and his family even reportedly called in to ask if he could receive vegan meals. The Washington Post reports that he has plenty of amenities: He has been watching movies and reading articles about himself, which suggests he may have access to a phone. Still, he remains on edge. When other inmates reportedly asked as a joke how he made so much money, he did not laugh.


Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived.

In June 2021, an 18-year-old serial swatter from Tennessee was sentenced to five years in prison for his role in a fraudulent swatting attack that led to the death of a 60-year-old man.


Twitter Suspends Reporters From WashPost, NYT, Others Who Wrote About Elon Musk

The accounts for The New York Times’ Ryan Mac, The Washington Post’s Drew Harwell, CNN’s Donie O’Sullivan, Mashable’s Matt Binder and independent journalist Aaron Rupar all disappeared Thursday evening, as did several others. All of those reporters have written about Musk’s $44 billion takeover of Twitter, the fallout after he laid off half of its employees and the company’s decision to ban, then un-ban, then re-ban an account that tracked Musk’s private plane flights.


These ‘Luddite’ Teens Are Abstaining From Social Media

On a brisk recent Sunday, a band of teenagers met on the steps of Central Library on Grand Army Plaza in Brooklyn to start the weekly meeting of the Luddite Club, a high school group that promotes a lifestyle of self-liberation from social media and technology. As the dozen teens headed into Prospect Park, they hid away their iPhones — or, in the case of the most devout members, their flip phones, which some had decorated with stickers and nail polish.

...“Lots of us have read this book called ‘Into the Wild,’” said Lola Shub, a senior at Essex Street Academy, referring to Jon Krakauer’s 1996 nonfiction book about the nomad Chris McCandless, who died while trying to live off the land in the Alaskan wilderness. “We’ve all got this theory that we’re not just meant to be confined to buildings and work. And that guy was experiencing life. Real life. Social media and phones are not real life.”

“When I got my flip phone, things instantly changed,” Lola continued. “I started using my brain. It made me observe myself as a person. I’ve been trying to write a book, too. It’s like 12 pages now.”


Uber is facing a new cybersecurity incident after threat actors stole some of its data from Teqtivity, a third-party vendor that provides asset management and tracking services

UberLeaks claimed the data came from Uber and Uber Eats. However, the leaks are said to have included archives containing source code associated with mobile device management (MDM) platforms for Uber, Uber Eats, and Teqtivity. The leaks also had employee email addresses, corporate reports, data destruction reports, IT asset management reports, Windows domain login names and email addresses, and other corporate information.

...Uber has had its share of data breaches and controversies. In September, a purported teen hacker breached its network, compromised an employee's access, and gained access to its internal Slack chat app. Six years before that, the personal data of 7 million drivers were exposed, including 600,000 driver's license numbers. In July of this year, Uber confessed to a cover-up of the 2016 data breach with the help of its former chief security officer (CSO), Joe Sullivan. Sullivan was charged with obstruction of justice.


In September, the FTC released a report on dark patterns that included a number of e-commerce tactics that count, including false activity messages (saying a certain number of people are viewing a product at the same time), false low stock messages, and “baseless” countdown timers that just go away and reset

A travel website tells you there are only three hotel rooms left at a certain price ahead of your next vacation, or an e-commerce platform tells you that you only have 10 minutes to buy that dress in your shopping cart. Sellers and marketers know that fomenting a sort of fear of missing out will indeed push you to act, whether or not it’s true. The same goes for showing ratings and reviews, for marking something as a top seller, for indicating someone else in your network bought the same item before. Sometimes what you’re being shown is real, sometimes it’s not, and oftentimes, it’s impossible to know what’s actually the case.


As this Congress’ final days tick away, Schumer has yet to deliver a promised vote on the legislation, prompting pressure campaigns and pleading with the White House to intervene with the apparently recalcitrant New Yorker, who advocates believe is willing ― or maybe even eager ― to let the clock run out on the legislation

Schumer has also elicited some suspicion for his personal ties to the industry. His daughter Allison is a product manager for Meta, Facebook’s parent company, and his daughter Jessica is a registered lobbyist for Amazon in New York state.

Big Tech executives specifically targeted him over the spring and summer in their successful efforts to delay a floor vote on the bills. He fielded phone calls from the CEOs of Google and Amazon in June. And in August, Bloomberg reported that Schumer had received $30,000 in donations from top lobbyists for Apple, Amazon and Alphabet after receiving no comparable sums in the two preceding election cycles.


Indiana sues TikTok, describes it as "Chinese Trojan Horse"

"In addition to TikTok's statements that some China-based employees may access unencrypted US user data, which includes Indiana consumers' data, TikTok's privacy policy permits TikTok to share information with ByteDance' or 'other affiliate of our corporate group,''" the suit claims. "ByteDance and any affiliates and their employees who are located in China or are Chinese citizens are subject to Chinese law and the oppressive Chinese regime, including but not limited to laws requiring cooperation with national intelligence institutions and cybersecurity regulators."


TikTok’s algorithms are promoting videos about self-harm and eating disorders to vulnerable teens

Ahmed noted that the version of TikTok offered to domestic Chinese audiences is designed to promote content about math and science to young users, and limits how long 13- and 14-year-olds can be on the site each day.


"Ms. Hughes continues to fear for her safety—at minimum, her stalker has evidenced a commitment to continuing to use AirTags to track, harass, and threaten her, and continues to use AirTags to find her location," the suit said

The second plaintiff, referred to as Jane Doe in the court papers, alleged that her ex-husband was stalking her when she found an AirTag planted in her child's backpack. She got rid of it, but it was replaced with another.

"In the wake of a contentious divorce, she found her former spouse harassing her, challenging her about where she went and when, particularly when she was with the couple's child," the suit said.

Apple introduced the AirTag in April 2021, with executives and publicists actively portraying the AirTag as a "harmless—indeed 'stalker-proof'"—product, the suit said. It's been a controversial product since its release and has raised concerns among privacy advocates and law enforcement that it could be misused to track people. And, true enough, AirTags have been used in stalking incidents, even murder, and theft of luxury cars.


Uber’s facial recognition is locking Indian drivers out of their accounts

The software may be especially brittle in India. In December 2021, tech policy researchers Smriti Parsheera (a fellow with the CyberBRICS project) and Gaurav Jain (an economist with the International Finance Corporation) posted a preprint paper that audited four commercial facial processing tools—Amazon’s Rekognition, Microsoft Azure’s Face, Face++, and FaceX—for their performance on Indian faces. When the software was applied to a database of 32,184 election candidates, Microsoft’s Face failed to even detect the presence of a face in more than 1,000 images, throwing an error rate of more than 3%—the worst among the four.

...The problems don’t end with the algorithm’s decision. Drivers say the grievance redress mechanism that Uber follows is tedious, time-consuming, frustrating, and mostly unhelpful. They say they sometimes spend weeks trying to get their issues resolved. “We have to keep calling their help line incessantly before they unlock our accounts, constantly telling us that the server is down,” said Taqi, with a tone of frustration—but mostly a sense of defeat—in his voice. “It’s like their server is always down.”

...Samantha Dalal, who studies how workers understand algorithmic systems, says there could be more transparency about how the AI made a decision. “Including some explanation that goes beyond ‘You are deactivated’” would help, says Dalal, a doctoral candidate at the University of Colorado Boulder. “Such capabilities exist.”


In the UK most police drones have thermal cameras that can be used to detect how many people are inside houses

“Nobody is even asking the question: Is this technology going to do more harm than good?” says Aziz Huq, a law professor at the University of Chicago, who is not involved in the research. 

...“The companies that are producing drones have an interest in saying that [the drones] are working and they are helping, but because no one has assessed it, it is very difficult to say [if they are right],” he says. 


Eufy "no cloud" security cameras streaming data to the cloud

Many folks would err on the side of caution where cameras are concerned, choosing not to go down the road of internet connectivity or footage being placed in the cloud. Now, security researcher Paul Moore has discovered that a system he chose for those reasons was in fact placing data in the cloud anyway.


calling modern cars “surveillance on wheels” - Cops Can Extract Data From 10,000 Different Car Models’ Infotainment Systems

As cops dive into information pouring out of modern cars, privacy defenders are anxious. In October, the Surveillance Technology Oversight Project (S.T.O.P.) released a report warning, “Cars collect much more detailed data than our cellphones, but they receive fewer legal and technological protections.”

S.T.O.P. research director Eleni Manis told Forbes that CBP and ICE were “weaponizing car data.” (Neither CBP nor ICE had provided comment at the time of publication.)

“Berla devices position CBP and ICE to perform sweeping searches of passengers’ lives, with easy access to cars' location history and most visited places and to passengers’ family and social contacts, their call logs, and even their social media feeds,” she said. “While we don’t know how many cars CBP and ICE have hacked, we do know that nearly every new car is vulnerable.”


There’s some bad news for Meta, in the form of a $277 million fine related to a data breach which impacted no fewer than 500 million users. The fine, issued by the Irish Data Protection Commission, is a result of the fallout from scraped data posted to a hacking forum in 2019. As The Guardian notes, this brings the current running tally of fines to close to a billion dollars in fines from the EU since September 2021.

Will these fines have any lasting impact on social media giants to change behaviour and proactively shore up the defences which are breached time and again? Or will the increasingly visible phrase “Just the cost of doing business here” become the norm as big business sets aside large amounts for a rainy and fine laden day?


Googling abortion? Your details aren’t as private as you think

Google responds to tens of thousands of requests each year from law enforcement agencies seeking access to the vast troves of data collected on its users. In one six-month period in 2021, the most recent data publicly available, Google received nearly 47,000 law enforcement requests, affecting more than 100,000 accounts, and responded with some amount of data to 80% of them. The Dobbs decision sparked concerns that such data could be used to prosecute people seeking abortions in states where it is banned – for instance, if they searched for or traveled to an abortion clinic.

...“They’re operating under the mindset of: ‘We need to collect as much information as possible to facilitate advertising,’” Kemp said. “But they have a business model that can be perverted by foreign actors and other people that want to weaponize that behavioral information.”

...“The truth is we cannot expect an advertising giant like Google, who has become powerful by monetizing the collection of our data, to neatly tailor its many complex systems to avoid surveilling particular populations of people, such as those seeking information about abortion,” wrote Singh, who formerly served as a cybersecurity staffer on the Joe Biden campaign. “Unfortunately, the nature of surveillance and the complexities of the data broker ecosystem form a broad harm which we can only solve with legislation.”


Eufy Cameras Have Been Uploading Unencrypted Footage to Cloud Without Owners Knowing

Eufy, the company behind a series of affordable security cameras I’ve previously suggested over the expensive stuff, is currently in a bit of hot water for its security practices. The company, owned by Anker, purports its products to be one of the few security devices that allow for locally-stored media and don’t need a cloud account to work efficiently. But over the turkey-eating holiday, a noted security researcher across the pond discovered a security hole in Eufy’s mobile app that threatens that whole premise.

Paul Moore relayed the issue in a tweeted screengrab. Moore had purchased the Eufy Doorbell Dual Camera for its promise of a local storage option, only to discover that the doorbell’s cameras had been storing thumbnails of faces on the cloud, along with identifiable user information, despite Moore not even having a Eufy Cloud Storage account.


Sensitive police records stolen and published by ransomware gang

According to Belgian news outlet Het Nieuwsblad, a ransomware gang has stolen information from police computers and published that information. The exfiltrated information includes police records about license plates, speeding tickets, and at least one case of child abuse in Zwijndrecht, a municipality in the province of Antwerp.


Meta has been fined €265 million ($275.5 million) by the Irish data protection commission (DPC) for a massive 2021 Facebook data leak exposing the information of hundreds of million users worldwide

The exposed data included personal information, such as mobile numbers, Facebook IDs, names, genders, locations, relationship statuses, occupations, dates of birth, and email addresses.

...Data scrapers are automated bots that exploit open network APIs of platforms that hold user data, like Facebook, to extract publicly available information and create massive databases of user profiles.


Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol

The FBI’s biggest-ever investigation included the biggest-ever haul of phones from controversial geofence warrants, court records show. A filing in the case of one of the January 6 suspects, David Rhine, shows that Google initially identified 5,723 devices as being in or near the US Capitol during the riot. Only around 900 people have so far been charged with offenses relating to the siege.

...Geofence search warrants are intended to locate anyone in a given area using digital services. Because Google’s Location History system is both powerful and widely used, the company is served about 10,000 geofence warrants in the US each year. Location History leverages GPS, Wi-Fi, and Bluetooth signals to pinpoint a phone within a few yards. Although the final location is still subject to some uncertainty, it is usually much more precise than triangulating signals from cell towers. Location History is turned off by default, but around a third of Google users switch it on, enabling services like real-time traffic prediction. 

...Andrew Ferguson, a professor of law at American University, agrees. “And that worries me because the January 6 cases are going to be used to build a doctrine that will essentially enable police to find almost anyone with a cellphone or a smart device in ways that we, as a society, haven’t quite grasped yet,” he says. “That is going to undermine the work of journalists, it’s going to undermine political dissenters, and it's going to harm women who are trying to get abortion services.”


AI experts are increasingly afraid of what they’re creating

The systems we’re designing are increasingly powerful and increasingly general, with many tech companies explicitly naming their target as artificial general intelligence (AGI) — systems that can do everything a human can do. But creating something smarter than us, which may have the ability to deceive and mislead us — and then just hoping it doesn’t want to hurt us — is a terrible plan. We need to design systems whose internals we understand and whose goals we are able to shape to be safe ones. However, we currently don’t understand the systems we’re building well enough to know if we’ve designed them safely before it’s too late.

...“The worry is that if we create and lose control of such agents, and their objectives are problematic, the result won’t just be damage of the type that occurs, for example, when a plane crashes, or a nuclear plant melts down — damage which, for all its costs, remains passive,” Joseph Carlsmith, a research analyst at the Open Philanthropy Project studying artificial intelligence, argues in a recent paper. “Rather, the result will be highly-capable, non-human agents actively working to gain and maintain power over their environment —agents in an adversarial relationship with humans who don’t want them to succeed. Nuclear contamination is hard to clean up, and to stop from spreading. But it isn’t trying to not get cleaned up, or trying to spread — and especially not with greater intelligence than the humans trying to contain it.”

Carlsmith’s conclusion — that one very real possibility is that the systems we create will permanently seize control from humans, potentially killing almost everyone alive — is quite literally the stuff of science fiction. But that’s because science fiction has taken cues from what leading computer scientists have been warning about since the dawn of AI — not the other way around.


Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car

We could execute commands on vehicles and fetch user information from the accounts by only knowing the victim's VIN number, something that was on the windshield.

...With the account takeover, you could access everything on the user’s SiriusXM account where you could enroll/unenroll from the service, but if I remember correctly the API calls for telematic services would work regardless of whether there was an active subscription.


Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum

In addition to the 5.4 million records for sale, there were also an additional 1.4 million Twitter profiles for suspended users collected using a different API, bringing the total to almost 7 million Twitter profiles containing private information.


Telehealth Sites Put Addiction Patient Data at Risk

“This is how small tech businesses work, and absent anyone telling you that you’re not allowed to do that, you’re allowed to do that,” she says, questioning whether the sites’ use of ad trackers and outside software boils down to finances. Clark, too, expresses concerns that the use of data collection is financially motivated and, for the right price, could be sold or leased to law enforcement or other parties. “When there’s monetary incentives, people make the changes. When there are no monetary incentives, they don’t,” he says. In short, data privacy experts don’t anticipate that mHealth companies will stop collecting data unless forced.

The opinions of cybersecurity professionals and telehealth company CEOs are relevant, but perhaps most important are the opinions of individuals with substance abuse disorders, the people who stand to lose the most if experts’ fears are realized and for whom Part 2 was designed. After being shown the data from the analysis, one patient who utilizes brick-and-mortar health care providers said via direct message, “Thank you for reaffirming why I don’t use telehealth.” He added that he wasn’t sure the findings would stop anyone from using telehealth if that were the only way they could get treatment. Those patients would simply have to trust their providers act in their best interest.


Russian software disguised as American finds its way into U.S. Army, CDC apps

The Centers for Disease Control and Prevention (CDC), the United States' main agency for fighting major health threats, said it had been deceived into believing Pushwoosh was based in the U.S. capital. After learning about its Russian roots from Reuters, it removed Pushwoosh software from seven public-facing apps, citing security concerns.

...Pushwoosh provides code and data processing support for software developers, enabling them to profile the online activity of smartphone app users and send tailor-made push notifications from Pushwoosh servers.

...Pushwoosh code was installed in the apps of a wide array of international companies, influential non-profits and government agencies from global consumer goods company Unilever Plc (ULVR.L) and the Union of European Football Associations (UEFA) to the politically powerful U.S. gun lobby, the National Rifle Association (NRA), and Britain's Labour Party.


Tencent wants you to pay with your palm. What could go wrong?

“Retailers get hacked all the time. When most retailers get hacked, at worst you have to change your credit card number. But you can’t change your palm print if that gets compromised,” says Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project (STOP). “So we look at this as a way for people to potentially save a couple of minutes in line at the price of their biometric privacy for the rest of their lives.”

...The government collection of palm-print data of course creates clear potential for additional abuses by the Chinese surveillance state. In fact, Melux, another Chinese palm-print recognition tech company that built the devices used in the Shenzhen subway line, was founded by Xie Qinglu, who also built a data processing system called YISA OmniEye for China’s mass policing surveillance infrastructure Skynet. The company publicly says its palm-print scanners, which will be part of an “unnoticeable governance” system, have already been used for local government offices, public services, customs, financial services, and more. Melux did not respond to an interview request by MIT Technology Review.

“The thing that I’d worry about is, we’ve seen how QR codes have gone from something that generate a lot of financial freedom for the Chinese, to something that you have to scan anytime you go anywhere so the government can lock you down for covid controls,” says Chorzempa, noting there’s a real fear of the nascent palm-print recognition tech repeating that trajectory from payment tool to surveillance tool. “It can be a slippery slope. Once something becomes ubiquitous and convenient, then it also becomes an [alluring] tool for the government to increase social control.”


China’s Muslim minority used to have its own budding cluster of websites, forums, and social media. Now that’s been erased

Within a year, Bagdax and other popular Uyghur websites—such as Misranim, Bozqir, and Ana Tuprak—permanently stopped updating. And they weren’t the only ones. As Beijing’s crackdown in the Xinjiang region unfolded, the vast majority of independent Uyghur-run websites ceased to exist, according to local tech industry insiders and academics tracking the online Uyghur-language sphere.

“It’s like erasing the life work of thousands and thousands of people to build something—a future for their own society,” says Darren Byler, assistant professor of international studies at Simon Fraser University in Vancouver and an author of several books on China’s treatment of Uyghurs.

Many of the people behind the websites have also disappeared into China’s detention camp system. Developers, computer scientists, and IT experts—especially those working on Uyghur-language products—have been detained, according to members of the minority living abroad.


US banks report more than $1 billion in potential ransomware payments in 2021

The five hacking tools that accounted for the most payments during the last half of 2021 are all connected to Russian hackers, according to the report from Treasury’s Financial Crimes Enforcement Network (FinCEN).

...US officials have long complained that a lack of requirements for companies to report ransomware attacks to the government has left officials in the dark about the scope and cost of the problem. That is starting to change through a March law that requires certain companies to report ransomware attacks and payments to the Department of Homeland Security.


China’s Muslim minority used to have its own budding cluster of websites, forums, and social media. Now that’s been erased

Within a year, Bagdax and other popular Uyghur websites—such as Misranim, Bozqir, and Ana Tuprak—permanently stopped updating. And they weren’t the only ones. As Beijing’s crackdown in the Xinjiang region unfolded, the vast majority of independent Uyghur-run websites ceased to exist, according to local tech industry insiders and academics tracking the online Uyghur-language sphere.

“It’s like erasing the life work of thousands and thousands of people to build something—a future for their own society,” says Darren Byler, assistant professor of international studies at Simon Fraser University in Vancouver and an author of several books on China’s treatment of Uyghurs.

Many of the people behind the websites have also disappeared into China’s detention camp system. Developers, computer scientists, and IT experts—especially those working on Uyghur-language products—have been detained, according to members of the minority living abroad.


A China-based ByteDance team led multiple audits and investigations into TikTok's U.S.-based former Global Chief Security Officer, who had been responsible for overseeing efforts to minimize China-based employees' access to American user data

BuzzFeed News reported in June that U.S. user data had been repeatedly accessed by employees in China into at least January 2022. Forbes reported last week that ByteDance’s Internal Audit department — the same one that investigated Cloutier — planned to monitor individual U.S. citizens’ locations using the TikTok app.

...At the press conference, Deputy Attorney General Lisa Monaco, who is reportedly among the officials reviewing the deal between TikTok and CFIUS, said about the Huawei case: “This case exposes the interconnection between PRC intelligence officers and Chinese companies. And it demonstrates once again why such companies, especially in the telecommunications industry, shouldn't be trusted to securely handle our sensitive personal data and communications.”


TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens

But the material reviewed by Forbes indicates that ByteDance's Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources. TikTok and ByteDance did not answer questions about whether Internal Audit has specifically targeted any members of the U.S. government, activists, public figures or journalists.

...Both Uber and Facebook also reportedly tracked the location of journalists reporting on their apps. A 2015 investigation by the Electronic Privacy Information Center found that Uber had monitored the location of journalists covering the company. Uber did not specifically respond to this claim. The 2021 book An Ugly Truth alleges that Facebook did the same thing, in an effort to identify the journalists’ sources. Facebook did not respond directly to the assertions in the book, but a spokesperson told the San Jose Mercury News in 2018 that, like other companies, Facebook “routinely use[s] business records in workplace investigations.”


TikTok could face a 27 million-pound ($29 million) fine in the U.K. over a possible breach of U.K. data protection law by failing to protect children’s privacy when they are using the video-sharing platform

The U.K. Information Commissioner’s Office said Monday that it has issued the social media company a legal document that precedes a potential fine. It said TikTok may have processed the data of children under 13 without appropriate parental consent, and processed “special category data” without legal grounds to do so.


The Irish Data Protection Commission (DPC) says that it has fined Instagram €405m for breaching the privacy rights of children

The scope of inquiry focused on Facebook allowing child users between the ages of 13 and 17 to operate ‘business accounts’ on the Instagram platform.

"At certain times, the operation of such accounts required and facilitated the publication, to the world-at-large, the child user’s phone number and/or email address,” said the spokesperson.

At other times, Facebook operated a user registration system for the Instagram service whereby the accounts of child users were set to ‘public’ by default, thereby making public the social media content of child users, unless the account was otherwise set to ‘private’ by changing the account privacy settings.


Google, like Amazon, may let police see your video without a warrant

Arlo, Apple, Wyze, and Anker, owner of Eufy, all confirmed to CNET that they won’t give authorities access to your smart home camera’s footage unless they’re shown a warrant or court order. If you’re wondering why they’re specifying that, it’s because we’ve now learned Google and Amazon can do just the opposite: they’ll allow police to get this data without a warrant if police claim there’s been an emergency. And while Google says that it hasn't used this power, Amazon’s admitted to doing it almost a dozen times this year.

...An unnamed Nest spokesperson did tell CNET that the company tries to give its users notice when it provides their data under these circumstances (though it does say that in emergency cases that notice may not come unless Google hears that “the emergency has passed”). Amazon, on the other hand, declined to tell either The Verge or CNET whether it would even let its users know that it let police access their videos.

...“If a situation is urgent enough for law enforcement to request a warrantless search of Arlo’s property then this situation also should be urgent enough for law enforcement or a prosecuting attorney to instead request an immediate hearing from a judge for issuance of a warrant to promptly serve on Arlo,”


Keystroke tracking, screenshots, and facial recognition: The boss may be watching long after the pandemic ends

The adoption of the technology coincides with an increase in companies’ use of more traditional monitoring software, which can track an employee’s computer keystrokes, take screenshots and in some cases record audio or video while they are working from home. Sometimes, this is done without their knowledge, which means companies have the potential to gain access to employees’ private details like banking or health information.

...When David brought the issue up at a company meeting, he found out the firm could listen to his audio at any time, not just during calls that are often monitored for quality purposes. But now David was at home with his wife and children. The situation had changed, but the monitoring had not adapted to the privacy he expected while working from home.

...“I have so much information on my computer: my banking information, my passwords, my email that has stuff from my doctors,” she said. “I just wouldn’t want my employers to have access to this.”

...Attorneys required to use the new face-scanning software while working from home said they understood the need for security because reviewing sensitive documents is part of the job. But many felt the remote-work surveillance had gone too far. The facial recognition systems, they said, felt intrusive, dysfunctional or annoying, booting them out of their work software if they shifted in their seat, rested their eyes, adjusted their glasses, wore a headband or necklace, went to the bathroom or had a child walk through their room.


“They are intentionally deceptive user interfaces that trick people into handing over their data”

“I think about this issue much more as one of data abuses than just data privacy,” Slaughter said. “The first step of collecting your data may not be the immediate harm. But how is that data then aggregated, used, transferred to manipulate your purchases, target advertising, create this surveillance economy that has a lot of downstream harms for users in a way that is less visible to the user or the public?”


Why Politicians Want Your Smart-TV Data

In 2017, the FTC and the state of New Jersey fined Vizio $2.2 million, alleging that the smart-TV manufacturer’s products tracked consumers in minute detail, without their knowledge or consent. “On a second-by-second basis, Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie, and commercial content,” the FTC alleged. “What’s more, Vizio identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts. Add it all up and Vizio captured as many as 100 billion data points each day from millions of TVs.” According to the complaint, Vizio also pushed updates to older TV sets that enabled them to collect data on users, and sold the compiled data to third parties who wanted insight into people’s viewing habits. (Vizio did not respond to two requests for comment from The Atlantic.)

Two years later, we’re still being watched. Three-quarters of American households have at least one internet-connected TV: a smart TV like the ones Vizio makes, or a plug-in player such as Roku or Amazon Fire TV. The FTC settlement doesn’t outlaw collecting our data; it simply says that viewers must opt into it. But in effect, that just means a streamlined series of menus that are easy to click through blindly. If you have a smart TV or connected device, chances are good it has collected data on your viewing habits, location, and device serial numbers

...Campaigns, or third parties working on their behalf, now work with providers such as Vizio, Roku, Dish Network, and DirecTV to match their lists—of voters and customers, respectively—against each other. (Dish Network and DirecTV confirmed their use of such tactics to The Atlantic. Representatives for Roku did not respond to requests for comment, though the company has posted a listing for a political-ad-sales account manager.)

...Matching user databases between IoT devices, phones, laptops, and offline behavior such as voting patterns gives campaigns working with big data significant insight into our lives. That’s likely to continue into 2020 and beyond.


Add smart TVs to the growing list of home appliances guilty of surveilling people’s movements. A new study from Princeton University shows internet-connected TVs, which allow people to stream Netflix and Hulu, are loaded with data-hungry trackers.

That’s true for other smart home technology, too. In a different study, researchers at Northeastern University looked at 81 smart home devices and found that some, including Amazon’s Ring doorbell and Alexa, and the Zmodo doorbell, monitor when a user talks or moves, even when they’re not using the device. “The app used to set up the [Ring] device does not warn the user that the doorbell performs such recording in real time, the doorbell offers no indication that recording is occurring, and the only disclosure is in fine print as part of the privacy policy,” the paper says.

...In total, the study found trackers on 69 percent of Roku channels and 89 percent of Amazon Fire channels. “Some of these are well known, such as Google, while many others are relatively obscure companies that most of us have never heard of,” Narayanan said. Google’s ad service DoubleClick was found on 97 percent of Roku channels.

...“Better privacy controls would certainly help, but they are ultimately band-aids,” Narayanan said. “The business model of targeted advertising on TVs is incompatible with privacy, and we need to confront that reality. To maximize revenue, platforms based on ad targeting will likely turn to data mining and algorithmic personalization/persuasion to keep people glued to the screen as long as possible.”


Leave a Comment