A new feature touted as a privacy tool sees Facebook automatically identifying users in photographs that are uploaded. It uses the same technology already employed to make image tagging suggestions.

The social networking giant is using facial recognition to alert people when someone uploads a photo of them, regardless of whether they have been tagged in the image. For the feature to work, Facebook users will have to agree to the company keeping a record of them in a facial database.

Continue reading →

A French privacy watchdog has ordered WhatsApp to stop sharing user data with Facebook. The CNIL (National Data Protection Commission) issued the Facebook-owned company with formal notice to cease violations of the French Data Protection Act, suggesting that user consent was not properly obtained.

A change to WhatsApp's privacy policy last year saw the app transferring data to its parent company for the purposes of "business intelligence" and security purposes. It is the business intelligence side of things -- which analyses user behaviour -- that France considers illegal.

Continue reading →

New research from cyber exposure company Tenable reveals a widespread lack of consumer awareness surrounding the impact of data breaches.

The results based on an online Harris Poll of more than 2000 US adults show that only 12 percent think their data has been stolen over the past year. But given the Equifax breach exposed up to 143 million Americans, that number is statistically impossible.

Continue reading →

If you have an HP laptop, there's a reasonable chance that you have an keylogger installed. The tool is embedded in Synaptics touchpad drivers.

Before you start panicking too much, it's worth noting that the keylogging capabilities of the tool are disabled by default, but that's not to say there's no cause for alarm. This may all sound slightly familiar; back in May, HP hit the headlines for a keylogger that was buried in an audio driver. If you want to check if you are affected by the latest privacy violation -- and what you can do about it -- read on...

Continue reading →

The General Data Protection Regulation (GDPR) is set to extensively change data privacy rules in the EU in May, yet a new survey from compliance solution PORT.im shows 70 percent of consumers are completely unaware of their new rights and haven't even heard of the legislation.

The study also finds that 78 percent of consumers have recently had unsolicited contact from UK-based businesses.

Continue reading →

Third-party Android and iOS keyboard ai-type is at the center of something of a privacy nightmare after a misconfigured database leaked the personal details of more than 31 million of its users.

Researchers at Kromtech Security Center discovered an unprotected database had been exposed by developers, revealing incredibly detailed information about its users. The database was found to be freely available for anyone to download, with no password required to access a treasure trove of information.

Continue reading →

With the deadline of May 2018 looming closer, a new survey shows 60 percent of respondents in the EU and 50 percent in the US say they face some serious challenges in being GDPR compliant.

The study by data protection specialist Varonis polled 500 cyber security professionals in organizations with over 1000 employees in the UK, Germany, France and the US and finds more than half (57 percent) of professionals are concerned about compliance with the standard.

Continue reading →

Google is introducing changes to its Safe Browsing policies, requiring Android apps to display their own privacy warning if they collect users' personal data. The company says that if app developers refuse to comply, Google will display a warning of its own.

Developers have been given 60 days to comply with what is described as an expansion of Google's existing Unwanted Software Policy. Interestingly, it does not matter whether apps are featured in Google Play or they come via other marketplaces.

Continue reading →

The highly controversial Snooper's Charter -- also known as the Investigatory Powers Act -- is, the government has been forced to admit, illegal under European law in its current form.

The Brexit process may well be underway, but at the moment, the UK is still subject to EU law. As such, the government is making changes to the law. While the tweaks will not change the level of surveillance people are subjected to, they will restrict who has automatic access to that information.

Continue reading →

A group going by the name Google You Owe Us is taking Google to court in the UK, complaining that the company harvested personal data from 5.4 million iPhone users.

The group is led by Richard Lloyd, director of consumer group Which?, and it alleges that Google bypassed privacy settings on iPhones between June 2011 and February 2012. The lawsuit seeks compensation for those affected by what is described as a "violation of trust."

Continue reading →

Some Facebook users have reported that the social network is asking them to upload a selfie as a means of verifying their identity.

It seems that the company is testing out a new form of captcha as it asks that you "upload a photo of yourself that clearly shows your face." Just like Facebook's recent idea that users could protect themselves against revenge porn by uploading naked images of themselves, the test is likely to raise concerns about privacy.

Continue reading →

A joint research project between Yale University's Privacy Lab and French non-profit Exodus Privacy has uncovered widescale tracking in a large number of Android apps. The likes of Tinder, Spotify, Uber, Twitter and Snapchat -- as well as masses of lesser-known apps -- were found to be riddled with snooping components relating to no less than 25 well-known trackers.

In all, around three quarters of apps were found to gather personal information about users via a variety of third-party tracking techniques. Researchers have published their findings online so Android users can check if their favorite apps are snooping on them.

Continue reading →

For those concerned about their privacy, location services is just one more setting to disable on their phone. But Google has now revealed that it is not only able to, but actually does track the location of Android users even if location services are disabled.

More than this, Google records the addresses of nearby cell towers -- thereby giving a very good idea of location -- even when there is no SIM card in a phone and no apps are used. This data has been collected since the beginning of the year.

Continue reading →

The idea that what you do online is not a secret is something that we have all -- just about -- come to terms with. That said, most people still expect a modicum of privacy, and they certainly don’t expect literally every keystroke they type to be logged by the websites they visit.

But, say researchers at Princeton University, this is exactly what is happening. Hundreds of the most popular websites are using "session replay scripts" that record every single thing a visitor does. They are designed to monitor how visitors interact with a site to help gather information that could improve page design, and the incredibly extensive data that is collected is sent off to a third party for analysis.

Continue reading →

More than three quarters of Android phones are vulnerable to screen and audio recording by attackers. By exploiting the MediaProjection service, an attacker can easily trick a user into granting the relevant rights to a malicious app.

Although the vulnerability has been fixed in Android 8 Oreo, users running Lollipop, Marshmallow or Nougat remain at risk. MediaProjection is -- by design -- able to capture screen activity and audio, and it does have legitimate uses, but by using a technique known as tap-jacking permission can be given for it to be used for more nefarious things.

Continue reading →