Étiquette : privacy (Page 15 of 46)

The iPhone 11’s U1 chip necessitates constant geolocation checks

10 décembre 2019 /

Multiple smartphones on table.

“ Ultra-wideband technology is an industry-standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations… iOS uses Location Services to help determine if iPhone is in these prohibited locations in order to disable ultra-wideband and comply with regulations… The management of ultra-wideband compliance and its use of location data is done entirely on the device, and Apple is not collecting user location data. When Apple introduced the iPhone 11 and iPhone 11 Pro this fall, it included a new chip called the U1 that enables ultra-wideband (UWB) for locating other devices in immediate proximity. Presently, it is only used for the phone’s AirDrop file-sharing feature, but it is expected to be used for other features such as augmented reality and the company’s rumored upcoming Tile competitor in the future. The brief flash of controversy on Twitter and tech blogs over this issue illustrates the challenges Apple faces with its privacy-oriente”

Source : The iPhone 11’s U1 chip necessitates constant geolocation checks, Apple says | Ars Technica

3 décembre 2019 /

“All mobile phone users in China registering new SIM cards must submit to facial recognition scans, according to a new rule that went into effect across the country on Sunday […].

China’s education ministry said in September it would “curb and regulate” the use of facial recognition after parents grew angry when facial recognition software was installed without their knowledge at a university in Nanjing to monitor students’ attendance and focus during class.”

Source : China brings in mandatory facial recognition for mobile phone users | World news | The Guardian

How top health websites are sharing sensitive data with advertisers

3 décembre 2019 /

A network diagram showing how ad tracker patterns vary for the same website from country to country. Using the example of health.com, it shows 113 nodes with 246 connections in the US, but only 39 nodes and 39 connections in the UK

“The data shared included:

  • drug names entered into Drugs.com were sent to Google’s ad unit DoubleClick.
  • symptoms inputted into WebMD’s symptom checker, and diagnoses received, including “drug overdose”, were shared with Facebook.
  • menstrual and ovulation cycle information from BabyCentre ended up with Amazon Marketing, among others.
  • keywords such as “heart disease” and “considering abortion” were shared from sites like the British Heart Foundation, Bupa and Healthline to companies including Scorecard Research and Blue Kai (owned by software giant Oracle).

In eight cases (with the exception of Healthline and Mind), a specific identifier linked to the web browser was also transmitted — potentially allowing the information to be tied to an individual — and tracker cookies were dropped before consent was given. Healthline confirmed that it also shared unique identifiers with third parties.

None of the websites tested asked for this type of explicit and detailed consent.”

Source : How top health websites are sharing sensitive data with advertisers | Financial Times

26 novembre 2019 /

“Rares sont les pays à oser, sur internet, faire ce que la Russie tente de mettre en place. La semaine passée, la Douma, soit la Chambre basse du parlement russe, a adopté en troisième et dernière lecture un projet de loi qui impose l’installation de logiciels conçus par des entreprises locales sur les appareils électroniques vendus en Russie.”

Source : Comment le pouvoir russe s’infiltre dans les smartphones – Le Temps

26 novembre 2019 /

Google Amnesty Surveillance

“Nous avons déjà constaté que la vaste architecture publicitaire de Google et Facebook est une arme puissante entre de mauvaises mains. Elle peut être détournée à des fins politiques, au risque de conséquences désastreuses pour la société, et laisse le champ libre à toutes sortes de nouvelles stratégies publicitaires aux relents d’exploitation, comme le fait de s’en prendre à des personnes vulnérables qui luttent contre la maladie, les troubles mentaux ou l’addiction. Parce que ces publicités sont faites sur mesure pour des individus, elles échappent à l’examen public”

Source : La surveillance intrusive exercée par Facebook et Google : un danger sans précédent pour les droits humains | Amnesty International

12 novembre 2019 /

Project Nightingale

“Neither patients nor doctors have been notified. At least 150 Google employees already have access to much of the data on tens of millions of patients, according to a person familiar with the matter and the documents. In a news release issued after The Wall Street Journal reported on Project Nightingale on Monday, the companies said the initiative is compliant with federal health law and includes robust protections for patient data. Some Ascension employees have raised questions about the way the data is being collected and shared, both from a technological and ethical perspective, according to the people familiar with the project. But privacy experts said it appeared to be permissible under federal law. That law, the Health Insurance Portability and Accountability Act of 1996, generally allows hospitals to share data with business partners without telling patients, as long as the information is used “only to help the covered entity carry out its health care functions.””

Source : Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans – WSJ

29 octobre 2019 /

“Contrairement à des pays comme l’Australie, où le gouvernement local a adopté une loi obligeant les entreprises de haute technologie à amoindrir la sécurité du chiffrement, la police suédoise empruntera la bonne approche : la voie allemande. Depuis plus de dix ans, les autorités allemandes ont commencé à déployer une souche de logiciels malveillants appelée Bundestrojaner (cheval de Troie fédéral) dans le cadre de leurs enquêtes. Le plan de la police suédoise est similaire et prévoit de déployer des logiciels malveillants dotés de fonctionnalités semblables à celles des logiciels espions sur les appareils des suspects. L’idée est d’écouter des appels audio ou vidéo chiffrés en temps réel ou d’extraire des journaux de discussion à partir d’applications de messagerie instantanée chiffrées.”

Source : La police suédoise pourra déployer des malwares dans ses enquêtes – ZDNet

22 octobre 2019 /

https://no-flux.beaude.net/wp-content/uploads/2019/10/SmartSpies.jpg

“Smart speakers from Amazon and Google offer simple access to information through voice commands. The capability of the speakers can be extended by third-party developers through small apps. These smart speaker voice apps are called Skills for Alexa and Actions on Google Home. The apps currently create privacy issues: They can be abused to listen in on users or vish (voice-phish) their passwords. As the functionality of smart speakers grows so too does the attack surface for hackers to exploit them. SRLabs research found two possible hacking scenarios that apply to both Amazon Alexa and Google Home. The flaws allow a hacker to phish for sensitive information and eavesdrop on users. We created voice applications to demonstrate both hacks on both device platforms, turning the assistants into ‘Smart Spies’.”

Source : Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping – Security Research Labs

« Older posts Newer posts »

Archives

Catégories

© 2025 no-Flux

Theme by Anders NorenUp ↑