Europe’s privacy watchdog probes Google over data used for AI training
Meta and X have already paused some AI training over same set of concerns.
Light on Safety
To attract users across the Global Majority, many technology companies have introduced “lite” versions of their products: Applications that are designed for lower-bandwidth contexts. TikTok is no exception, with TikTok Lite estimated to have more than 1 billion users. Mozilla and AI Forensics research reveals that TikTok Lite doesn’t just reduce required bandwidth, however. In our opinion, it also reduces trust and safety. In comparing TikTok Lite with the classic TikTok app, we found several discrepancies between trust and safety features that could have potentially dangerous consequences in the context of elections and public health. Our research revealed TikTok Lite lacks basic protections that are afforded to other TikTok users, including content labels for graphic, AI-generated, misinformation, and dangerous acts videos. TikTok Lite users also encounter arbitrarily shortened video descriptions that can easily eliminate crucial context. Further, TikTok Lite users have fewer proactive controls at their disposal. Unlike traditional TikTok users, they cannot filter offensive keywords or implement screen management practices. Our findings are concerning, and reinforce patterns of double-standard. Technology platforms have a history of neglecting users outside of the US and EU, where there is markedly less potential for constraining regulation and enforcement. As part of our research, we discuss the implications of this pattern and also offer concrete recommendations for TikTok Lite to improve.
Apple’s AI promise: “Your data is never stored or made accessible to Apple”
And publicly reviewable server code means experts can "verify this privacy promise."
Private Cloud Compute: A new frontier for AI privacy in the cloud
Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. Built with custom Apple silicon and a hardened operating system, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. We believe Private Cloud Compute is the most advanced security architecture ever deployed for cloud AI compute at scale.
Microsoft hit with EU privacy complaints over schools' use of 365 Education suite
Microsoft's education-focused flavor of its cloud productivity suite, Microsoft 365 Education, is facing investigation in the European Union. Privacy
Google Leak Reveals Thousands of Privacy Incidents
An internal Google database obtained by 404 Media shows Google recording childrens' voices, saving license plates from Street View, and many other self-reported incidents, large and small.
Why Your Wi-Fi Router Doubles as an Apple AirTag
Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available…
How Apple Wi-Fi Positioning System can be abused to track people around the globe
Academics have suggested that Apple's Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare. In a paper titled, "Surveilling the Masses with Wi-Fi-Based Positioning Systems," Erik Rye, a PhD student at the University of Maryland (UMD) in the US, and Dave Levin, associate professor at UMD, describe how the design of Apple's WPS facilitates mass surveillance, even of those not using Apple devices.
When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains
Cybersecurity has always been transient: what is deemed to be secure today, may be considered easily hackable tomorrow. Domain names in web and e-mail addresses, such as info@inti.io, are leased in time. This means that if nobody thinks of renewing them after they expire, they will be put up for sale. It made me wonder what would happen to the graveyard of cloud accounts attached to the e-mail addresses that once belonged to these expired domains.
Proton Mail Discloses User Data Leading to Arrest in Spain
Proton Mail came under scrutiny for its role in a legal request by the Spanish authorities leading to the identification and arrest of a user.
Facebook snooped on users’ Snapchat traffic in secret project, documents reveal | TechCrunch
A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.
Jeffrey Epstein's Island Visitors Exposed by Data Broker
A WIRED investigation uncovered coordinates collected by a controversial data broker that reveal sensitive information about visitors to an island once owned by Epstein, the notorious sex offender.
Apple Sued for Prioritizing Market Dominance Over Security
The U.S. Department of Justice in a lawsuit filed Thursday is accusing Apple of discarding user security and privacy protections as part of a broader effort to
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and…
Google Chrome gets real-time phishing protection later this month
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.
Civil society complaint raises concern that LinkedIn is violating DSA ad targeting restrictions
On 26 February, EDRi and its partners Global Witness, Gesellschaft für Freiheitsrechte and Bits of Freedom have submitted a complaint to the European Commission regarding a potential infringement of the Digital Services Act (DSA). Specifically, we have raised concerns that LinkedIn, a designated Very Large Online Platform (VLOP) under the DSA, infringes the DSA’s new prohibition of targeting online adverts based on profiling using sensitive categories of personal data such as sexuality, political opinions, or race.
How your sensitive data can be sold after a data broker goes bankrupt
Sensitive location data could be sold off to the highest bidder.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F23318437%2Fakrales_220309_4977_0292.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data
Avast, the cybersecurity software company, is facing a $16.5 million fine from the FTC after its privacy extensions and antivirus software harvested and sold user data.
Apple iOS 17.4: iMessage Gets Post-Quantum Encryption in New Update
Useful quantum computers aren’t a reality—yet. But in one of the biggest deployments of post-quantum encryption so far, Apple is bringing the technology to iMessage. #apple #computing #encryption #privacy #quantum #security
Denmark orders schools to stop sending student data to Google
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.