The SDK: The Privacy Edition: 2016.05.12

The last couple weeks have been some big ones in privacy, so here you go:

If you use Waze, hackers can stalk you
[Fusion, Kashmir Hill]
“Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of “ghost drivers” that can monitor the drivers around them—an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas over a three-day period.”

Continue reading

The SDK: The Privacy Edition 2015.04.08

For Realz
Measuring Social ‘Trust’ to Make Loans, NYTimes, April 7, 2015

“Vouch borrowers reach out to friends and family members to vouch for them, and typically to commit money if the borrower does not repay.”

“Alternative consumer lenders tend to fit into one of two camps: peer-to-peer marketplaces like Lending Tree and Prosper, and start-ups using data science to parse credit risk, like Affirm, Earnest and Zest Finance.. . . Vouch Financial, which is emerging from its pilot testing phase this week, has an unusual spin on the data science approach.. . . Vouch wants you to construct a social network of people who trust you financially — people who will, yes, vouch for you.. . . and typically to commit some amount of money” if you do not repay your loan.
Via @NYTimes @SteveLohr @Vouch
Note: This is mind-boggling. If you do this, promise me you will be super careful. As a “voucher”, you “sign an electronic agreement to pay, if necessary, that is legally enforceable [and] agree to have [your] own credit history[y] looked up.” Vouch is not messing around, and this is not monopoly money.
Continue reading

The SDK: The Privacy Edition 2015.04.06

So Much For Working In Your Pajamas
Online Test-Takers Feel Anti-Cheating Software’s Uneasy Glare, NYTimes, April 6, 2015

“Betsy Chao on Proctortrack’s facial-recognition software. It requires students to sit upright directly in front of the webcam. Credit Bryan Anselm for The New York Times”

“Once her exam started, Ms. Chao said, a red warning band appeared on the computer screen indicating that Proctortrack was monitoring her computer and recording video of her. To constantly remind her that she was being watched, the program also showed a live image of her in miniature on her screen.”
See So Much For Working In Your Pajamas (Cont.) further down this in this piece for my full article summary and analysis.
Continue reading

The SDK: The Privacy Edition 2015.04.01

Hack Updates Uber denies security breach despite reports of logins for sale online, The Guardian, March 30, 2015 “Technology site Motherboard was able to verify that some of the stolen credentials were valid and included names, usernames, passwords, partial credit card numbers and telephone numbers for Uber users.” In the past, “Uber has been criticised in the past for the way it handles customer data and the ability of staff to access a “god mode”, which allowed employees to track riders using the GPS in their smartphones and the Uber app.. . . Uber now enforces a “strict policy prohibiting all employees at every level from accessing a rider or driver’s data” except for “legitimate business purposes”, although what constitutes a business purpose is not defined.” Via @GuardianTech @SamuelGibbs Note: Have you heard of Uber ETA? Because it’s the creepiest thing ever. Once you start your ride, you’re given a link to share with your friends showing your ride in real time.
Continue reading

The SDK: The Privacy Edition 2015.03.30

The Good, the Bad, & The We’re Trying
Get a Warrant! Senate Committee Approves E-Privacy Bill, ACLU Northern California, March 24, 2014
On March 24, 2015 “[t]he California legislature today took an important step toward updating the laws that protect our electronic information when the state Senate’s Committee on Public Safety approved the California Electronic Privacy Act (CalECPA).”
Note: Shameless plug: sign on as a citizen cosponsor of the California Electronic Communications Privacy Act (CalECPA) here.
Via @ACLU_NorCal @NicoleOzer
Continue reading

Do Today’s Bioethics Laws Even Apply in the Face of Modern Genetic Research?

Ethics Rules Keep DeCode Genetics From Revealing Cancer Risks, MIT Technology Review, March 25, 2015
Kári Stefánsson, the CEO of [DeCode Genetics. . . owned by the U.S. biotechnology company Amgen,] an Icelandic gene-hunting company says he is able to identify everyone from that country who has a deadly cancer risk.” How, you ask? “[I]t has collected full DNA sequences on 10,000 individuals”, all of which are Icelandic. The trick is that “because people on the island are closely related, DeCode says it can now also extrapolate to accurately guess the DNA makeup of nearly all other 320,000 citizens of that country, including those who never participated in its studies.” Whoa. The CEO “has been unable to warn people of the danger because of ethics rules governing DNA research.” Darn ethics.
Continue reading

The SDK: The Privacy Edition 2015.03.25

The SDK: The Privacy Edition 2015.03.25 discusses the Student Digital Privacy and Parental Rights Act (the latest attempt to keep schools from tracking everything students do, including on social media…), the creation of the “Office of Technology Research and Investigation” (intended to protect you from many things, including the Internet of Things); updates on the latest hacks (smartphone scandals, Twitch, and CANtack); opt-outing of behavioral advertising on your TV; the Nextdoor App compared to the BART Watch App; and finally, includes a philosophical discussion as to whether today’s citizen can truly choose to “opt-out” of social media entirely.
Continue reading

The SDK: The Privacy Edition 2015.03.23

The SDK: The Privacy Edition 2015.03.23 includes stories about your current civic duties, a Hilton breach, a gene that could start a revolution, and our future in a technological wonderland.
Continue reading

The SDK: The Privacy Edition 2015.03.18

The Data Leaks Are Just Getting Started
Premera cyberattack could have exposed information for 11 million customers, Ars Technica, March 17, 2015
Premera’s statement available here. “Health care provider Premera Blue Cross said on Tuesday that the identifying [including social security numbers], financial, and medical information, and medical information for millions of customers could have been revealed in a cyberattack.. . . Besides customers, Premera said that the e-mail addresses, bank information, and social security numbers for business partners may have also been affected in the breach.. . . So far, the company said that there is no evidence that information was removed from their network or that information was stolen and used in any harmful way.” To prevent phishing attacks, Premera warns customers that it will be be communicating via mail, and for customers to ignore any e-mails that appear to be from Premera.
Via @ArsTechnica @TiffMKelly
Note: This is a super short article, and I essentially copy/pasted the whole thing. The only real reason to go look at the actual article would be to read the statement in more detail.

Divergent Abnegation clothing - grey is not my color.
Divergent Abnegation clothing – grey is not my color.

Further: I know I should be more shocked/horrified. But after Anthem, iCloud (I know, nude “pics” aren’t the same), Target, and countless other breaches, the phrase “data breach” almost doesn’t mean anything anymore. It makes the public (and me) feel like the companies are either 1) crying Chicken Little, or 2) are the worst ever at keeping anything secure. Something in the process needs to change. We need to either simply move over to a dystopian society where everything is shared and public and there are no secrets, or actually get solid privacy protections in place (preferably the latter – dystopian societies tend to make bad fashion choices – see Insurgent.)
Continue reading

The SDK: The Privacy Edition 2015.03.16

Stop The Presses!
Hertz puts cameras in its rental cars, says it has no plans to use them, Fusion, March 13, 2015
“This week I got an angry email from a friend who had just rented a car from Hertz: ‘Did you know Hertz is putting cameras in rental cars!? This is bullsh*t. I wonder if it says they can tape me in my Hertz contract.’ . . . ‘Hertz added the camera as a feature of the NeverLost 6 in the event it was decided, in the future, to activate live agent connectivity to customers by video. In that plan the customer would have needed to turn on the camera by pushing a button (while stationary),’ [Hertz spokesperson Evelin Imperatrice] explained. ‘The camera feature has not been launched, cannot be operated and we have no current plans to do so.’” Also, Hertz cries lack of ability to even utilize these cameras, explaining that only “one in 8 Hertz cars has a camera inside” and that they “do not have adequate bandwidth capabilities to the car to support streaming video at this time.”
If Hertz were to officially enable the feature, the FTC would be likely to get involved quickly: “Not notifying customers that they might be on candid camera is generally frowned upon legally.” The FTC has already had to crack down on both a rent-to-own company which “failed to warn customers that it had put spyware on their laptops” and caught some, um, personal activity, as well as force GM to warn consumers when GM installed “nanny cam”s in its vehicles, since it’s “legally problematic to spy on people in your car without their knowing about it.”
Via @Fusion @TheRealFuture @KashHill
Note: Yeah, even if right now I’m only facing 1 in 8 odds, and Hertz claims they’re not spying on me, the Evil Hackers sure might be and I’m therefore never renting from Hertz again…
Continue reading