Threads now has a Supplemental Privacy Policy (https://help.instagram.com/515230437301944) regarding "Third Party Services" like Mastodon. Should Threads interconnect with Mastodon via #ActivityPub, this addresses what they will do with our data.
Note that they will collect information from anyone "allowing Threads users to follow you or interact with your content". The information they collect will include your profile, your content, and your interactions.
Stories like this remind us why being mindful of protecting one's privacy online is important and that "private" messages in the majority of places aren't private at all without end-to-end encryption.
Be mindful of what sensitive data you're relinquishing to companies.
The Zuck suck is in full swing. In the few short hours since I started using #Threads, #DuckDuckGo has already blocked over 200 data tracking attempts. These include things like "headphone status" and "screen density."
EDIT for clarity: The 200+ attempts may have been overcounted as DDG hadn't tooled their VPN for Threads yet.
Since my post about the #DuckDuckGo app and #Threads is still getting lots of attention, I want to be clear about how I actually feel about #DataPrivacy.
It's a lot like #recycling. Yeah it's a good thing to protect your own personal data, but if we're being honest, it's not effective on an individual scale. We need good legislation at a national level to meaningfully change the game for the benefit of us all. Until then, no matter how careful you are, you're still being negatively affected.
Have you, or do you plan to create a Threads "suckware" account and give Mark permission to hoover up all your personal information?
Data Collected by Threads: Health and Fitness, Financial Information, Contact Info, User Content, Browsing History, Purchases, Location, Contacts, Search History, Identifiers
We are posting here the messages from organizations, institutions, NGOs, etc. that have opened a channel on Mastodon and left #X/Twitter. Many of their arguments cite the same points as mentioned in our open letter calling the universities to become active on Mastodon and fediverse servers.
The messages represent a broad consensus among Internet users who want to bring the choice of social media in line with their mission statements. The first of these is the data protection foundation @DS_Stiftung.
It writes about itself: „Acting independently in the field of #DataPrivacy, Stiftung Datenschutz links politics and the public, academics and business. It complements existing organizations and initiatives while liaising closely with German data protection authorities on state and federal levels.“ https://stiftungdatenschutz.org/english
At the end of September, she drew the consequences and broke away from X/ #Twitter https://twitter.com/DS_Stiftung/status/1704059550335119522
TITLE: Confusion in Text Messaging, Encryption, and HIPAA
A therapist colleague of mine contacted Ring Central (a video and
telephone platform that provides HIPAA BAA subcontractor paperwork upon
request) with questions about their messaging capabilities and
encryption. They were looking for a compliant way to text message with
clients. The support staff directed them to this article:
At first glance, the article would seem to make messaging with clients
golden as a good level of encryption is described and the therapist has
a HIPAA BAA with Ring Central. Right?
Wrong.
A few different topics are getting confused here -- smart phone SMS text
messaging, messaging within Ring Central apps and websites, and HIPAA
BAA subcontractor agreements.
With SMS text messaging by phone it will never be HIPAA compliant (even
if the therapist sends it from within Ring Central) because the client
will get the SMS text message unencrypted on their smartphone.
Messaging within the Ring Central apps and website IS at an excellent
level of encryption -- but won't be covered by the therapist's HIPAA BAA
agreement unless the people messaged are also part of the therapist's
company account or are other therapists with their own Ring Central
accounts with HIPAA BAA subcontractor agreements. This will rarely if
ever cover therapy clients.
This gets confusing. So -- for example -- when I go into my Ring
Central account online and click on "Message" I'm invited to email a
messaging link to anyone I choose. So far so good. But when that
person (like a client for example) goes to that messaging link, Ring
Central REQUIRES them to sign up for their own FREE Ring Central
account. That FREE account WILL NOT be covered by a HIPAA BAA
agreement. So the messages sent to them (inside a Ring Central app or
website) will be encrypted but not HIPAA compliant.
Similar problem with Ring Central video conferencing. As long as the
client DOES NOT sign in with their own free account -- and instead goes
to my anonymous video link -- it will be covered under my BAA agreement
with Ring Central. However, Ring Central invites clients to sign up for
their own FREE account in order to video conference with me. If the
client makes that mistake, then its no longer a HIPAA compliant video
conference session because only one of our two Ring Central accounts is
covered by BAA.
I sometimes wonder why this all is left in such a confusing state?
Of course, I'm not a lawyer, so do your own research too.
*
Michael Reeder, LCPC
* Hygeia Counseling Services : Baltimore / Mt. Washington Village location
Zoom Video and Zoom Info are TWO DIFFERENT companies. Sorry everyone.
Still not a bad idea to get out of their database however.
This is Zoom's privacy policy. It is an amazing piece of legal engineering granting them the rights to buy, sell, and gather just about any data about business users they want -- including listing you in a Business or Professional Profile (the "directory"):
<https://www.zoominfo.com/about-zoominfo/privacy-policy>
This is their form to opt-out of all tracking in their database which they use to sell your information to 3rd parties. Somewhat ironically, this page won't work unless you turn-off Privacy Badger and Ghostery web browser plug-ins:
<https://www.zoominfo.com/privacy-center/update/remove>
If you use Zoom at work through a business account and don't wish to be listed, consider opting out. They are also collecting information from around the Web outside of Zoom apparently to help build out your profile.
#psychology #neurology #socialwork #psychiatry @psychology@a.gup.pe @socialwork@a.gup.pe @psychiatry@a.gup.pe #mentalhealth #psychotherapists @psychotherapists@a.gup.pe #cookies #tracking #hacking #3rdpartytrackers #HIPAA #privacy #dataprivacy #webbeacons #videoconference #televideo #telehealth #zoom #databrokers
Google street view is updating its images for Germany (the last round was some 15 years ago) and I am extremely curious to see whether we’ll again have loads of Germans who ask to pixelate their houses. #dataprivacy#surveillancecapitalism
If blocking threads.net functions like a mute, I still need a way to actually block #threads accounts so I don’t fall prey to Meta’s data exploitation.
Anyone? If you don’t know, boosting is appreciated.
After Mozilla publish a report on car brand data privacy and security, it is clear the industry is awful and SO many don't understand it but think they do. We briefly explain more about this on the @motoringpodcast News Show this week.
"Daddy, when I grow up I want to be a Data Broker just like you, so I can help people be more effectively targeted by advertising and political persuasion."
So #Facebook just asked me if I wanted to create a post with some photos I had downloaded onto my phone. It was album artwork I had uploaded to use with some music tracks, they weren't even in my main DCIM album, but evidently, good ol' #Meta has scoured my entire phone looking for pictures. That's not creepy at all! And people are falling over each other to join #Threads SMH :blobcatglance: #DataPrivacy#DataSecurity#GDPR#DataProtection
The amount of PII asked by the gym i'm attending this summer is Insane. (name, mail, fingerprint, phone, bank account, photo, ID Card...)
They also tried me to sign the GDPR document without reading it, because I would receive a copy in my email (after signing it). You can imagine my face...
The conversation with the employee at the counter made me lose the desire to exercise.
Leveraging my #privacy and #ai friends. A super talented and capable undergraduate student graduating at the end of the quarter reached out to me asking for career routes forward, prior to (or perhaps instead of) law school, that would allow for the exploration of #dataprivacy, #compliance, and AI #policy.
I know about IAPP and their training and certification programs, but didn't immediately have any additional resources off the top of my head. Thoughts? Tips? Thanks!
This is one example of why data protection and privacy have to be a community effort. Other people can leak your data even if you are trying to protect it
"Apple was secretly sharing data with law enforcement agencies and left a security backdoor [in iPhones] that may have been exploited by the Chinese government for political repression."
How to protect your privacy on iPhone
Turn on "Advanced Data Protection"
Turn off iCloud services for apps that don't need it like Mail and Calendar
Turn off Location Services for apps that don't need it
What if any Fediverse instance's make this DRM that Facebook has, with posts being locked for users not signed in. This can help with those who are scared of AI “taking over” because let's be real, AI just grabs the information you post online. If we do this, would AI “die”?
I don't personally care so to speak, as AI will not care, or sorry, these companies developing the AI LLM's will counter new strategies to obtain PII from websites.