Many Software-as-a-Service companies from abroad are currently setting up European data centers, often together with European partners. With this, they hope to ease the growing European concerns around privacy, data protection and complying with existing and upcoming regulations like the EU General Data Protection Regulation (GDPR). But recent developments in US courts show this to be a risky proposition: the problem of privacy is far from resolved by ‘just’ putting data in Europe. For companies betting on Privacy Shield, using services from US companies directly or through an intermediary storing data in Europe, all this is very bad news.
The idea is for devices like televisions to play ultrasonic codes in advertisements and for nearby smartphones to detect them.
Quoting from the linked article:
We spot ultrasonic beacons in various web media content and detect signals in 4 of 35 stores in two European cities that are used for location tracking. While we do not find ultrasonic beacons in TV streams from 7 countries, we spot 234 Android applications that are constantly listening for ultrasonic beacons in the background without the user’s knowledge.
Wonderful: a doll that records everything it hears, sends it to a company in the US that also does voice recognition for spy agencies, and sells it to companies so they can let the doll talk back to your kids about for instances Disney movies they should see.
The doll Cayla looks like an everyday toy and gives no notice that it collects and transmits everything it hears, German regulators say.
Good to spread the manual… leaking is pretty much a “standardised process” by now:
One quick download and a codename: If I can use SecureDrop, you can do it too.
They link to a video explaining the same thing:
It’s #privacyweek in The Netherlands, and a major argument to ask people to switch from Whatsapp to Signal has to do with metadata: with whom you have contact, when, where. But not the content of your email, chat or conversation.
The Electronic Frontier Foundation lists some great examples of what metadata can do:
- They know you rang a phone sex line at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.
- They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
- They know you got an email from an HIV testing service, then called your doctor, then visited an HIV support group website in the same hour. But they don’t know what was in the email or what you talked about on the phone.
- They know you received an email from a digital rights activist group with the subject line “52 hours left to stop SOPA” and then called your elected representative immediately after. But the content of those communications remains safe from government intrusion.
- They know you called a gynecologist, spoke for a half hour, and then searched online for the local abortion clinic’s number later that day. But nobody knows what you spoke about.
The complete lack of security of airline passenger information, demonstrated by Karsten Nohl and Nemanja Nikodijevic at the 33th Chaos Communication Congress [33c3] of the Chaos Computer Club [CCC], last month.