Étiquette : privacy (Page 7 of 45)

10 février 2022 / noflux

Retourner à l’accueil CNIL.FR

“Google Analytics permet de disposer de statistiques de fréquentation d’un site web. Saisie de plaintes par l’association NOYB, la CNIL, en coopération avec ses homologues européens, a analysé les conditions dans lesquelles les données collectées grâce à cet outil sont transférées vers les États-Unis. La CNIL estime que ces transferts sont illégaux et impose à un gestionnaire du site web français de se conformer au RGPD et, si nécessaire, de ne plus utiliser cet outil dans les conditions actuelles.”

Source : Utilisation de Google Analytics et transferts de données vers les États-Unis : la CNIL met en demeure un gestionnaire de site web | CNIL

Statistical Imaginaries – by danah boyd

17 décembre 2021 / noflux

“People are afraid to engage with uncertainty. They don’t know how to engage with uncertainty. And they worry about the politicization of uncertainty. But we’re hitting a tipping point. By not engaging with uncertainty, statistical imaginaries are increasingly disconnected from statistical practice, which is increasingly undermining statistical practice. And that threatens the ability to do statistical work in the first place. If we want data to matter, the science community must help push past the politicization of data and uncertainty to create a statistical imaginary that can engage the limitations of data.
The statistical imaginary of precise, perfect, and neutral data has been ruptured. There is no way to put the proverbial genie back in the bottle. Nothing good will come from attempting to find a new way to ignore uncertainty, noise, and error. The answer to responsible data use is not to repair an illusion. It’s to constructively envision and project a new statistical imaginary with eyes wide open. And this means that all who care about the future of data need to help ground our statistical imaginary in practice, in tools, and in knowledge. Responsible data science isn’t just about what you do, it’s about what you ensure all who work with data do.”

Source : Statistical Imaginaries – by danah boyd

Web2 vs Web3 | ethereum.org

17 décembre 2021 / noflux

“Web2 refers to the version of the internet most of us know today. An internet dominated by companies that provide services in exchange for your personal data. Web3, in the context of Ethereum, refers to decentralized apps that run on the blockchain. These are apps that allow anyone to participate without monetising their personal data. Web3 benefits Many Web3 developers have chosen to build dapps because of Ethereum’s inherent decentralization: Anyone who is on the network has permission to use the service – or in other words, permission isn’t required. No one can block you or deny you access to the service. Payments are built in via the native token, ether (ETH). Ethereum is turing-complete, meaning you can pretty much program anything”

Source : Web2 vs Web3 | ethereum.org

Reconnaissance faciale : la CNIL met en demeure Clearview AI de cesser la réutilisation de photographies accessibles sur internet | CNIL

16 décembre 2021 / noflux

“La société CLEARVIEW AI a développé un logiciel de reconnaissance faciale dont la base de données repose sur l’aspiration de photographies et de vidéos publiquement accessibles sur internet. La présidente de la CNIL l’a mise en demeure de cesser ce traitement illicite et de supprimer les données dans un délai de 2 mois.”

Source : Reconnaissance faciale : la CNIL met en demeure CLEARVIEW AI de cesser la réutilisation de photographies accessibles sur internet | CNIL

Expanding Our Bug Bounty Program to Address Scraping | Meta

16 décembre 2021 / noflux

“We know that automated activity designed to scrape people’s public and private data targets every website or service. We also know that it is a highly adversarial space where scrapers — be it malicious apps, websites or scripts — constantly adapt their tactics to evade detection in response to the defenses we build and improve. As part of our larger security strategy to make scraping harder and more costly for the attackers, today we are beginning to reward valid reports of scraping bugs in our platform.
Starting today, our data bounty program will also cover scraped datasets found online. We will reward reports of unprotected or openly public databases containing at least 100,000 unique Facebook user records with PII or sensitive data (e.g. email, phone number, physical address, religious or political affiliation). The reported dataset must be unique and not previously known or reported to Meta. We aim to learn from this effort so we can expand the scope to smaller datasets over time.”

Source : Expanding Our Bug Bounty Program to Address Scraping | Meta

Tor : qui est le mystérieux acteur malveillant qui a mis en place des centaines de serveurs vérolés ?

8 décembre 2021 / noflux

“D’après les éléments observés par Nusenu, KAX17 a constamment ajouté des serveurs au réseau de Tor dans des quantités très importantes, avec des localisations diverses qui témoignent de grandes capacités logistiques. Jusqu’à atteindre à son apogée environ 10 % du réseau Tor, avec plus de 900 serveurs en ligne. D’après les chiffres du chercheur, il y avait à un moment donné 16 % de probabilité qu’un utilisateur se connecte au réseau Tor par un serveur de KAX17, 35 % de passer par un relai lui appartenant, et jusqu’à 5 % de sortir à travers.
Cette précision sur la répartition des serveurs en fonction de leurs types, c’est à dire entrants, relais et sortants, n’est pas anodine. Elle indique le type d’informations qui peuvent intéresser KAX17. Nusenu explique avoir observé d’autres acteurs malveillants qui mettaient en ligne des serveurs sortants pour voler les informations de portefeuilles de cryptomonnaies d’utilisateurs et les vider, par exemple.
Les observations du chercheur montrent que KAX17 se concentraient plutôt sur les points entrants et intermédiaires. Ses conclusions sont que cet acteur essaye de capter des informations sur les utilisateurs”

Source : Tor : qui est le mystérieux acteur malveillant qui a mis en place des centaines de serveurs vérolés ? – Numerama

Qualcomm’s new always-on smartphone camera is a potential privacy nightmare

5 décembre 2021 / noflux

“’Your phone’s front camera is always securely looking for your face, even if you don’t touch it or raise to wake it.’ That’s how Qualcomm Technologies vice president of product management Judd Heape introduced the company’s new always-on camera capabilities in the Snapdragon 8 Gen 1 processor set to arrive in top-shelf Android phones early next year.
Depending on who you are, that statement can either be exciting or terrifying. For Qualcomm, it thinks this new feature will enable new use cases, like being able to wake and unlock your phone without having to pick it up or have it instantly lock when it no longer sees your face.
But for those of us with any sense of how modern technology is used to violate our privacy, a camera on our phone that’s always capturing images even when we’re not using it sounds like the stuff of nightmares and has a cost to our privacy that far outweighs any potential convenience benefits.”

Source : Qualcomm’s new always-on smartphone camera is a potential privacy nightmare – The Verge

Apple sues NSO Group to curb the abuse of state-sponsored spyware

24 novembre 2021 / noflux

« Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices ».

Source : Apple sues NSO Group to curb the abuse of state-sponsored spyware – Apple

Facebook’s facial recognition announcement doesn’t apply to the metaverse

5 novembre 2021 / noflux

“Several of Meta’s current projects show that the company has no plans to stop collecting data about peoples’ bodies. Meta is developing hyper-realistic avatars that people will operate as they travel through the metaverse, which requires tracking someone’s facial movements in real time so they can be recreated by their avatar. A new virtual reality headset that Meta plans to release next year will include sensors that track peoples’ eye and facial movements. The company also weighed incorporating facial recognition into its new Ray-Ban smart glasses, which allow the wearer to record their surroundings as they walk around, and Reality Labs, Meta’s hub for studying virtual and augmented reality, is conducting ongoing research into biometrics, according to postings on Facebook’s careers website.”

Source : Facebook’s facial recognition announcement doesn’t apply to the metaverse – Vox

We need to talk about how Apple is normalising surveillance

15 octobre 2021 / noflux

“When it comes to privacy, iOS arguably has a better reputation among consumers than Android, as does Siri vs Alexa, and Safari vs Chrome. But that doesn’t give Apple permission to track our lived experience at all times with its microphones, cameras and sensors. Apple’s groundbreaking devices are pushing the limits of what technology companies can track, and that is not good news for privacy. Thanks to Apple, physical shops can track us through our phones, hackers can potentially access our most sensitive health and biometric details, and now it has developed a technology that can scan content that was supposed to be encrypted. Apple has been playing two games at once – protecting privacy and developing surveillance tools – while only acknowledging the former.”

Source : We need to talk about how Apple is normalising surveillance | WIRED UK