21 matches found
A Common Pool of Privacy Problems: Legal and Technical Lessons from a Large-Scale Web-Scraped Machine Learning Dataset
We investigate the contents of web-scraped data for training AI systems, at sizes where human dataset curators and compilers no longer manually annotate every sample. Building off of prior privacy concerns in machine learning models, we ask: What are the legal privacy implications of web-scraped...
Gambling firms are secretly sharing your data with Facebook
While you might think you’re hitting the jackpot, whether you’ve consented to it or not, online gambling sites are playing with your data. Users’ data, including details of webpages they visited and buttons they clicked, are being shared with Meta, Facebook’s parent company. The Observer reports...
Our Santa wishlist: Stronger identity security for kids
Sorry for the headline, but we have to get creative to get anyone to read an article on a Friday like this one, even if it is an important story. As we enter the holidays and parents begin to rest after another hectic year of shopping for their kids, Malwarebytes Labs wants to draw some attention...
Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09
This week on the Lock and Code podcast… Our Lock and Code host, David Ruiz, has a bit of an apology to make: “Sorry for all the depressing episodes.” When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to lo...
How to Improve Your API Security Posture
APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even ta...
France Rules That Using Google Analytics Violates GDPR Data Protection Law
French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation GDPR laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and...
VPNs and Trust
TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Most interesting to me is the home countries of these companies. Express VPN is incorporated i...
Authorities Eye Using Mobile Phone Tracking COVID-19's Spread
Authorities in the United States and Israel are eyeing ways to use mobile-phone and other location-based data to help control the spread of the new coronavirus COVID-19, raising serious privacy concerns about the practice of using and sharing people’s personal data during the time of a global...
Changing the Monolith—Part 3: What’s your process?
In my 25-year journey, I have led security and privacy programs for corporations and provided professional advisory services for organizations of all types. Often, I encounter teams frantically running around in their own silos, trying to connect the dots and yet unsure if those are the right dot...
How Can Akamai Identity Cloud Help With Regulatory Compliance?
Regulatory compliance related to personal identifiable information PII is continuously being enacted around the world as the amount of breaches and data abuse continues to grow. Understanding the variances between the many different privacy and data protection laws can be challenging for companie...
Maciej Cegłowski on Privacy in the Information Age
Maciej Cegłowski has a really good essay explaining how to think about privacy today: For the purposes of this essay, I'll call it "ambient privacy" -- the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the...
NIST’s privacy framework lets privacy tell its own story
Online privacy remains unsolved. Congress prods at it, some companies fumble with it while a small handful excel, and the public demands it. But one government agency is trying to bring everyone together to fix it. As the Senate sits on no fewer than four data privacy bills that their own members...
Consumers have few legal options for protecting privacy
There are no promises in the words, “We care about user privacy.” Yet, these words appear on privacy policy after privacy policy, serving as disingenuous banners to hide potentially invasive corporate practices, including clandestine data collection, sharing, and selling. This is no accident. It ...
Privacy for Tigers
Ross Anderson has some new work: As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow...
Russia Threatens to Ban Telegram Messaging App, Says It Was Used By Terrorists
Russia has threatened to ban Telegram end-to-end encrypted messaging app, after Pavel Durov, its founder, refused to sign up to the country's new data protection laws. Russian intelligence service, the FSB, said on Monday that the terrorists that killed 15 people in Saint Petersburg in April had...
WannaCry Highlights Major Security Shortcomings Ahead of GDPR D-Day
For all the panic it caused, WannaCry looks finally to have been contained by organisations round the globe. But this isn’t the time to forget about it and move on. There are valuable lessons to be learned about this attack, why it was so successful and what can be done to prevent it happening...
M-Trends 2017: A View From the Front Lines
Every year Mandiant responds to a large number of cyber attacks, and 2016 was no exception. For our M-Trends 2017 report, we took a look at the incidents we investigated last year and provided a global and regional the Americas, APAC and EMEA analysis focused on attack trends, and defensive and...
WhatsApp Blasted by EU Data Protection Group Over Facebook Sharing
Yet another privacy coalition is urging WhatsApp to clarify that user information shared between the company and Facebook is compliant with data protection laws on the books in Europe. The Article 29 Working Party, comprised of representatives from data protection authorities from each EU member...
Google Privacy Director Alma Whitten Leaving
Alma Whitten, the director of privacy at Google, is stepping down from that role and leaves behind her a complicated legacy in regards to user privacy. Whitten has been the company’s top product and engineering privacy official since 2010 and was at the helm as the company navigated a number of...
meetOne Insecure Transport / Information Disclosure
SUMMARY meetOne, currently in Germany in the Top 50 social apps of the iTunes Store, has multiple vulnerabilities and has been found guilty of stealing Apple iPhone address books and abusing the e-mail addresses there for spam. Apple Inc. is ignoring the data theft and it seems even supressing...