Privacy

cross-posted from: https://programming.dev/post/30465777

cross-posted from: https://lemmy.world/post/29777938

More than half of Americans reported receiving at least one scam call per day in 2024. To combat the rise of sophisticated conversational scams that deceive victims over the course of a phone call, we introduced Scam Detection late last year to U.S.-based English-speaking Phone by Google public beta users on Pixel phones.

We use AI models processed on-device to analyze conversations in real-time and warn users of potential scams. If a caller, for example, tries to get you to provide payment via gift cards to complete a delivery, Scam Detection will alert you through audio and haptic notifications and display a warning on your phone that the call may be a scam.

cross-posted from: https://feddit.org/post/12486187

cross-posted from: https://lemmus.org/post/12894810

cross-posted from: https://lemm.ee/post/63592070

Article 1(3) of the General Data Protection Regulation (GDPR) ensures that the free movement of personal data within the European Union (EU) is neither restricted nor prohibited on grounds related to the protection of personal data. This provision primarily targets Member States, which might otherwise be inclined to enact data localisation laws that could impede the free flow of data.

The scope of this free movement is confined to the European Economic Area (EEA), which encompasses all EU Member States along with Iceland, Liechtenstein, and Norway. It is important to note that the status of various special territories associated with EU Member States requires careful consideration, as some are included within the EEA while others are not.

Countries outside the EU/EEA do not enjoy the benefits of the free flow of personal data. The Court of Justice of the European Union (CJEU) has established stringent standards for international data transfers. The free flow of personal data is explicitly limited to the EEA, with rules governing transfers to non-EU/EEA countries, referred to as 'third countries,' detailed in Chapter V of the GDPR.

For instance, when a data controller based in Italy stores personal data with a cloud service provider in Norway, there are no concerns regarding international data flows because the GDPR prohibits restrictions on such flows within the EEA. Conversely, if the Italian data controller utilises a service provider in the UK, an additional legal basis is required to legitimise these data flows.

There is an ongoing debate regarding whether the free flow of personal data solely applies to data transfers between systems located within the EEA or if it also extends to systems outside the EEA that are under the effective control of an EEA-based controller or processor. The European Commission has recently adopted an entity-based approach, focusing on whether the controlling entity falls within the territorial scope outlined in Article 3 of the GDPR, rather than a data-based approach, which would consider whether the data remains physically within the EEA. However, the wording of the GDPR does not appear to support this entity-based approach. Nevertheless, the definition of the GDPR's territorial scope of application is explicitly decoupled from the question of whether the data processing occurs within the Union or not, as stated in Article 3(1).

cross-posted from: https://lemmy.ml/post/29712598

This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.

Transcription (for the visually impaired)

(I tried my best)

The background is an iceberg with 6 levels, denoting 6 different levels of privacy.

The tip of the iceberg is titled "The Brainwashed" with a quote beside it that says "I have nothing to hide". The logos depicted in this section are:

• Instagram
• Apple
• TikTok
• PayPal
• Google Chrome
• CashApp
• WhatsApp
• Samsung
• Steam
• Microsoft Windows
• Ring (Security Camera)
• YouTube
• Amazon
• Discord
• Gmail
• ChatGPT

The surface section of the iceberg is titled "As seen on TV" with a quote beside it that says "This video is sponsored by...". The logos depicted in this section are:

• NordVPN
• Bitdefender
• Incogni
• Malwarebytes
• Opera GX
• ExpressVPN

An underwater section of the iceberg is titled "The Beginner" with a quote beside it that says "I don't like hackers and spying". The logos depicted in this section are:

• Telegram
• Authy
• Brave Browser
• Privacy.com (Virtual Cards)
• DuckDuckGo
• iMessage
• Proton Mail
• AdBlock (Browser Extension)

A lower section of the iceberg is titled "The Privacy Enthusiast" with a quote beside it that says "I have nothing I want to show". The logos depicted in this section are:

• Signal (Messenger)
• Tuta
• addy.io
• Linux
• Bitwarden
• uBlock Origin
• Tor and Tor Browser
• ProtonVPN

An even lower section of the iceberg is titled "The Privacy Activist" with a quote beside it that says "Privacy is a human right". The logos depicted in this section are:

• Monero
• GrapheneOS
• Vanadium (Web Browser)
• KeePassDX
• SimpleX Chat
• Accrescent
• SearXNG
• Aegis Authenticator
• OpenWrt
• Mullvad VPN
• An illustration of physical cash

The lowest portion of the iceberg is titled "The Ghost". There is a quote beside it that has been intentionally redacted. The images depicted in this section are:

• A cancel sign over a mobile phone, symbolizing "no electronics"
• An illustration of a log cabin, symbolizing "living in a log cabin in the woods"
• A picture of gold bars, symbolizing "paying only in gold"
• A picture of a death certificate, symbolizing "faking your own death"
• An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing "hiding ones identity in public"

End of transcription.

cross-posted from: https://lemmy.zip/post/37221170

cross-posted from: https://lemm.ee/post/62277390

The UN Convention on the Rights of the Child clearly expresses that minors have rights to freedom of expression and access to information online, as well as the right to privacy.

These rights would be steamrolled by age verification requirements.

cross-posted from: https://lemm.ee/post/62164276

https://archive.ph/BKwhw

cross-posted from: https://lemmy.ml/post/29040796

cross-posted from: https://metawire.eu/post/39770

Smarter TV operating systems come with new privacy risks - chief among them is automatic content recognition (ACR), a feature that tracks what you watch.

cross-posted from: https://lemm.ee/post/60408809

ProtectEU

Additionally, the Commission envisions expanding Europol's role, effectively transforming it into a European equivalent of the FBI, with enhanced operational capabilities.

Granting Europol the ability to access encrypted data can only mean one thing: Brussels is proposing some form of government-mandated backdoor for communication platforms protected by end-to-end encryption.

cross-posted from: https://lemm.ee/post/60408809

ProtectEU

Additionally, the Commission envisions expanding Europol's role, effectively transforming it into a European equivalent of the FBI, with enhanced operational capabilities.

Granting Europol the ability to access encrypted data can only mean one thing: Brussels is proposing some form of government-mandated backdoor for communication platforms protected by end-to-end encryption.

cross-posted from: https://lemm.ee/post/60263799

Europe's most famous technology law, the GDPR, is next on the hit list as the European Union pushes ahead with its regulatory killing spree to slash laws it reckons are weighing down its businesses.

The European Commission plans to present a proposal to cut back the General Data Protection Regulation, or GDPR for short, in the next couple of weeks. Slashing regulation is a key focus for Commission President Ursula von der Leyen, as part of an attempt to make businesses in Europe more competitive with rivals in the United States, China and elsewhere.

cross-posted from: https://europe.pub/post/80658

https://www.vox.com/technology/405879/roku-amazon-netflix-moana-disney

Don't Connect your TV to the internet!

cross-posted from: https://europe.pub/post/65367

cross-posted from: https://lemmy.world/post/27344091

1. Persistent Device Identifiers

My id is (1 digit changed to preserve my privacy):

38400000-8cf0-11bd-b23e-30b96e40000d

Android assigns Advertising IDs, unique identifiers that apps and advertisers use to track users across installations and account changes. Google explicitly states:

“The advertising ID is a unique, user-resettable ID for advertising, provided by Google Play services. It gives users better controls and provides developers with a simple, standard system to continue to monetize their apps.” Source: Google Android Developer Documentation

This ID allows apps to rebuild user profiles even after resets, enabling persistent tracking.

2. Tracking via Cookies

Android’s web and app environments rely on cookies with unique identifiers. The W3C (web standards body) confirms:

“HTTP cookies are used to identify specific users and improve their web experience by storing session data, authentication, and tracking information.” Source: W3C HTTP State Management Mechanism https://www.w3.org/Protocols/rfc2109/rfc2109

Google’s Privacy Sandbox initiative further admits cookies are used for cross-site tracking:

“Third-party cookies have been a cornerstone of the web for decades… but they can also be used to track users across sites.” Source: Google Privacy Sandbox https://privacysandbox.com/intl/en_us/

3. Ad-Driven Data Collection

Google’s ad platforms, like AdMob, collect behavioral data to refine targeting. The FTC found in a 2019 settlement:

“YouTube illegally harvested children’s data without parental consent, using it to target ads to minors.” Source: FTC Press Release https://www.ftc.gov/news-events/press-releases/2019/09/google-youtube-will-pay-record-170-million-settlement-over-claims

A 2022 study by Aarhus University confirmed:

“87% of Android apps share data with third parties.” Source: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies https://dl.acm.org/doi/10.1145/3534593

4. Device Fingerprinting

Android permits fingerprinting by allowing apps to access device metadata. The Electronic Frontier Foundation (EFF) warns:

“Even when users reset their Advertising ID, fingerprinting techniques combine static device attributes (e.g., OS version, hardware specs) to re-identify them.” Source: EFF Technical Analysis https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

5. Hardware-Level Tracking

Google’s Titan M security chip, embedded in Pixel devices, operates independently of software controls. Researchers at Technische Universität Berlin noted:

“Hardware-level components like Titan M can execute processes that users cannot audit or disable, raising concerns about opaque data collection.” Source: TU Berlin Research Paper https://arxiv.org/abs/2105.14442

Regarding Titan M: Lots of its rsearch is being taken down. Very few are remaining online. This is one of them available today.

"In this paper, we provided the first study of the Titan M chip, recently introduced by Google in its Pixel smartphones. Despite being a key element in the security of these devices, no research is available on the subject and very little information is publicly available. We approached the target from different perspectives: we statically reverse-engineered the firmware, we audited the available libraries on the Android repositories, and we dynamically examined its memory layout by exploiting a known vulnerability. Then, we used the knowledge obtained through our study to design and implement a structure-aware black-box fuzzer, mutating valid Protobuf messages to automatically test the firmware. Leveraging our fuzzer, we identified several known vulnerabilities in a recent version of the firmware. Moreover, we discovered a 0-day vulnerability, which we responsibly disclosed to the vendor."

Ref: https://conand.me/publications/melotti-titanm-2021.pdf

6. Notification Overload

A 2021 UC Berkeley study found:

“Android apps send 45% more notifications than iOS apps, often prioritizing engagement over utility. Notifications act as a ‘hook’ to drive app usage and data collection.” Source: Proceedings of the ACM on Human-Computer Interaction https://dl.acm.org/doi/10.1145/3411764.3445589

How can this be used nefariously?

Let's say you are a person who believes in Truth and who searches all over the net for truth. You find some things which are true. You post it somewhere. And you are taken down. You accept it since this is ONLY one time.

But, this is where YOU ARE WRONG.

THEY can easily know your IDs - specifically your advertising ID, or else one of the above. They send this to Google to know which all EMAIL accounts are associated with these IDs. With 99.9% accuracy, AI can know the correct Email because your EMAIL and ID would have SIMULTANEOUSLY logged into Google thousands of times in the past.

Then they can CENSOR you ACROSS the internet - YouTube, Reddit, etc. - because they know your ID. Even if you change your mobile, they still have other IDs like your email, etc. You can't remove all of them. This is how they can use this for CENSORING. (They will shadow ban you, you wont know this.)

"I went to run a rinse cycle, only to find that that, along with features like delayed start and eco mode, require an app.

Not only that, to use the app, you have to connect your dishwasher to WiFi, set up a cloud account in something called Home Connect, and then, and only then, can you start using all the features on the dishwasher."

cross-posted from: https://lemmy.blahaj.zone/post/23696278

cross-posted from: https://europe.pub/post/61500

cross-posted from: https://lemmy.world/post/27424580

cross-posted from: https://sh.itjust.works/post/35049642

cross-posted from: https://kbin.melroy.org/m/privacy@lemmy.ml/t/817467

Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS) around the world.