Articles about Privacy

The system used by millions of travelers each day to share data between travel agencies, airlines, passengers and websites is incredibly insecure. Security researchers have presented details that highlight just how easy it is to hack flight bookings.

German security firm SR Labs says that using nothing more than a traveler's surname and a six-digit Passenger Name Record (PNR), it is possible to not only gather personal information about people, but also make changes to bookings.

Continue reading →

It's no secret that despite being billed as a great way to download large Linux distros and copyright free software, BitTorrent is primarily used to download the latest Star Wars movie, episodes of The Grand Tour, and illicit copies of Photoshop.

A new website -- unsophisticatedly named 'I Know What You Download' -- does exactly what you might expect: it exposes the torrents you have downloaded. More than this, it can be used to check what has been downloaded by any IP address, and there is even an option to trick people you know into letting you spy on what they are torrenting.

Continue reading →

The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. The group has just published its end-of-year report summarizing months of meetings, analysis and debate.

The report makes four key observations, starting off with: "Any measure that weakens encryption works against the national interest". This is certainly not a new argument against encryption backdoors for the likes of the FBI, but it is an important one. EWG goes on to urge congress not to do anything to weaken encryption.

Continue reading →

In a move that has drawn criticisms from privacy groups, the US government this week started to ask some foreign travelers arriving in the country to hand over their social media account details.

Since Tuesday, visitors to the US arriving under the visa waiver program have been asked if they will provide "information associated with your online presence". Travellers are prompted to provide their usernames for the likes of Facebook, Google+, Instagram, LinkedIn and YouTube, and while the handing over of information is currently marked as "optional", it's not clear what the consequences of failing to provide it may be, or if there are plans to make it mandatory.

Continue reading →

Facebook has released its Global Government Requests Report for H1 2016, and it shows that there has been a significant increase in the number of government requests for account data.

Compared to the first half of 2015, Facebook received 27 percent more requests globally. Most of these 59,229 requests came from the US government, and more than half of them (56 percent) included a gagging order preventing Facebook from notifying the affected users.

Continue reading →

The UK government's Investigatory Powers Act 2016 (also known as the Snooper's Charter) has been dealt a blow after the European Court of Justice ruled that the "general and indiscriminate retention" of internet data and communication is illegal.

This is a serious setback for Theresa May's government which introduced legislations that not only requires ISPs to store customers' browsing history for a year, but also make this data available to a large number of agencies. The European court made the ruling following a legal challenge made by MPs David Davis and Tom Watson which gained the support of privacy groups.

Continue reading →

With the end of the year approaching, many people are looking back over 2016 and picking out the highlights. Others, however, are looking back to see what can be learned for 2017; this is exactly what digital rights group Electronic Frontier Foundation is doing.

EFF has drawn up a wishlist for 2017, outlining some of the things it hopes technology companies like Google, Twitter, Apple and Facebook will take action on. There are lots of familiar names on the list, and while some of the requests might seem a little hopeful, there is certainly scope for some of the changes to be implemented.

Continue reading →

The European Commission could hit Facebook with a colossal fine for providing misleading information during its $19bn takeover of WhatsApp.

The social networking giant could be hit with a fine equivalent to 1 percent of annual sales (around $125m) for failing to correctly communicate planned changes to privacy policies. The data sharing between WhatsApp and Facebook is already the subject of investigations, but this latest accusation comes as a fresh blow.

Continue reading →

The data processing landscape has seen huge changes since 1995, in May 2018 the EU is replacing the Directive with a new regulation, the General Data Protection Regulation (GDPR). Enforceable from May 2018, organizations have had to take account of their responsibilities under the DPA for many years now.

Many have mature and well-considered data management policies in place that already address elements of the GDPR. Nonetheless, with the threat of significant penalties for data breaches under the GDPR it would be prudent to reexamine procedures and to consider how these can be enhanced to ensure compliance when GDPR comes into effect in May 2018.

Continue reading →

With the world so focused on privacy, Evernote should really not have been surprised when there was something of a backlash at an update to its privacy policy that said company employees would be able to access users' unencrypted notes.

Forced to clarify the situation, CEO Chris O'Neill issued an apology for any "confusion" and "angst" the announcement caused, but this was seemingly not enough. Faced with mounting pressure and criticism, the company admits it "messed up" and has now announced that employees will only be able to access notes if users opt-in to allow this. Furthermore, Evernote "will not implement the previously announced Privacy Policy changes that were scheduled to go into effect January 23, 2017".

Continue reading →

There has been great concern over the last day or so following an update to Evernote's Privacy Policy. The update said that Evernote employees might be able to access unencrypted notes as part of a human review of machine learning technologies. Users were unsurprisingly rather concerned, and there was much talk online of a mass exodus to OneNote and other alternatives.

In the face of a user backlash, Evernote CEO Chris O'Neill has issued an apology for any "angst we may have caused" and stressed that "privacy has always been at the heart" of the company. He concedes that the changes to the Privacy Policy were "communicated poorly"... but then managed to half-shift the blame for upset back onto users by saying the change "resulted in some understandable confusion".

Continue reading →

The fact that Google scans the contents of emails sent and received through Gmail has been known for some time now. It's just one of the ways in which the company gathers information about users to help deliver targeted advertising. Faced with a lawsuit over the privacy implications of this technique, Google has agreed to change its scanning systems.

Before you check to see whether hell has indeed frozen over, this is hardly a dramatic change of heart for Google. The change is only very slight, and in practice it will make little -- if any difference -- to end users.

Continue reading →

Evernote has published an update to its Privacy Policy, revealing that as of 23 January 2017, employees will be able to access unencrypted notes. The change is being wheeled in because of the apparent failings of machine learning.

Perhaps more worrying is the fact that Evernote says that it is not possible to opt out of having employees possibly accessing your unencrypted notes. The only way to fully protect your privacy is to delete all your notes and close your Evernote account.

Continue reading →

In the second decade of the 21st century, the blind excitement about the internet has worn off -- now users are aware of the dangers and are concerned about privacy. Cookies have been around for just about as long as web connections, but there are all manner of ways to track people and spy on online activity. This is something that Privacy Badger 2.0 aims to help with.

Coming from the digital rights group Electronic Frontier Foundation, the tool takes the form of a browser extension -- available for Chrome, Opera and Firefox. It blocks online trackers that can be used to monitor your activity, ensuring your privacy.

Continue reading →

The European Union’s General Data Protection Regulation (GDPR) is due to come into force on May 25, 2018. This means that IT teams have more than a year to audit their IT systems, check existing customer records and data, and ensure that these systems respect the new set of rules that will be in place.

However, the gap between intentions and actions can be a big one. So what do I predict will happen around GDPR in 2017?

Continue reading →