@Cyberop5@KatM@br00t4c The law that stated license plate reader scans couldnt be shared out of state has been widely ignored for 8 years. Sacranento is one of many. By sharing, they mean letting other agencies look through their scans in the cloud. New bill #ab1463 aims to restate the law more clearly, put in audit requirements and dump all the non crime data after 30 days. #ALPR#privacy
#privacy
«#Threads (Android, Apple) potentially collects a wide assortment of personal data that remains connected to you, based on the information available in Apple’s App Store, from your purchase history and physical address to your browsing history and health information. “Sensitive information” is also listed as a type of data collected by the Threads app. Some information this could include is your race, sexual orientation, pregnancy status, and religion as well as your biometric data.»
🤔
When you say “breach”, this implies legal noncompliance which depends on where you are. In Europe the data collection you describe would be a breach. In the US, it’d be a lawful attack on your privacy.
Is location sensitive?
Of course your timestamped realtime location history is sensitive information. If you think having your realtime whereabouts tracked doesn’t matter then you most likely have little interest in privacy in the first place¹. In which case I’d say fair enough, but then what are you doing in the cybersecurity magazine?
Boycotts are a thing, not just privacy
Some of us boycott surveillance capitalists (#GAFAM). There’s a lot of data that we might not give a shit if they collected in the absence of our boycott (though not location tracking- that’s sensitive anyway). Boycotting does not just mean not paying them. It means not recklessly disclosing profitable data to them. In principle I don’t give a shit if Microsoft records my favourite color. But if MS figures out how to profit from that info in some way, then I’m interested in witholding it from MS. And indeed that’s still a privacy matter nontheless because #privacy is about control.
footnotes (TL;DR: why location history is sensitive info)
Further elaboration: Everyone decides for themselves what info is sensitive to their operations which then serves as input to the threat model. It’s not for you to speak for everyone in saying “info X is not sensitive”. Some people who live quite simple lives may not regard time and location history as sensitive, but this flies in the face of those who deem it sensitive. You should first consider the obvious cases which trivially disprove your claim: Bin Ladin, Edward Snowden, anyone wanted by law enforcement. But to be clear, you need not be high profile or even be a refugee/undocumented immigrant for realtime location to matter. Someone might be an abortion client whose location was recorded in the parking lot of an abortion clinic in a state that has banned it. Someone’s location might be that of where their extramarital affair takes place. There are countless examples. Let me know if you need more.
(edit) Know your audience
I fixated on your #falseAnalogy fallacy and overlooked this:
because it’s the users themselves that have chosen to use WiFi and to broadcast the SSID
Even if you do not broadcast your #SSID it’s still publicly available. It’s in that air traffic Google was caught overcollecting. If someone chooses to hide their SSID, you could say that’s an expression of intent & collection of that data is thus a breach. Even in the US, if someone uses a weak WEP they still at least get legal protections from intrusions. Generally, legal protections in the US kick in when expression of intent or authority is disclosed.
Most importantly, you’ve missed the thesis. The article is not for those who are happy to disclose their SSID & all the associated tracking of their phone then searching for that SSID wherever they are. The article is for those who specifically opt not to disclose. You are using the intent of audience A to falsely imply intentions of audience B. Audience A would have skipped this article just based on the title alone.
You can, even when you're abroad, thanks to roaming.
According to the latest Eurobarometer survey, more than 81% of EU travellers are enjoying the freedom of calling, texting, and using #mobile#data without extra charges when exploring the EU and EEA countries.
The #EU Roaming rules have been in place since June 2017 and got extended last year until 2032.
@simonbs@gruber and they didn’t have to. Cookie banners are intentionally designed to get people to click “accept”. The ethically correct thing is to not collect identifying data at all until it is required for your user, then ask. Instead we get this. I spend part of my professional life helping companies suck less in this area. It’s an uphill struggle. Most don’t want to understand. Easier to throw a cookie banner at it and pretend you’ve acted ethically. #privacy#consent
So #Meta's new #Threads app needs your health and fitness info. It also needs your browsing history and your location, and your purchases, and...well, it seems to need everything. If you want to get fully creeped out, here's the whole #privacy policy: https://privacycenter.instagram.com/policy/.
@protonmail Our society lost sense of individuality. Everybody wants to imic or be onboard the next big thing even if that is the most ignorant and ridiculous thing to do. People live in FOMO and behave like flocks of sheep. We are raising younger generations uneducated about principles of individuality, privacy, self-preservation and self-respect, and even worst, disrespect for others’ very same fundamental rights. Ignorance is bliss, they say #FOMO#threads#meta#socialmedia#privacy
Since my post about the #DuckDuckGo app and #Threads is still getting lots of attention, I want to be clear about how I actually feel about #DataPrivacy.
It's a lot like #recycling. Yeah it's a good thing to protect your own personal data, but if we're being honest, it's not effective on an individual scale. We need good legislation at a national level to meaningfully change the game for the benefit of us all. Until then, no matter how careful you are, you're still being negatively affected.
@kreig@mkj Absolutely, legislation would definitely have a greater positive impact on everyone.
I’d like to point out something about your recycling analogy though. If I do my recycling properly while everyone else doesn’t care, yes the overall benefit would be negligible. But with online #privacy, individual actions aren’t meant to impact the organization as a whole or their entire user base. They’re individual measures meant for individual benefits.
I’m not going to sit here and pretend like the current #fediverse without Threads is “perfect” for #privacy … But just look at the data #threads collects.
Realize this data wouldn’t exist in a vacuum or even as a “single data point.”
Meta has many avenues for data collection for users on its platforms (WhatsApp, Facebook, Instagram, etc) and off (Facebook Pixel and buying/using third party data). If just by interacting with #threads users, you are now subject to their (Meta’s) policies… how crazy is that?
It looks like Meta could use the #fediverse to collect metadata on… a lot of people. In my opinion, it’s similar to the Facebook Pixel - which allows Meta to collect data on users who are off its platforms.
This could seem like no big deal (and I guess it could be), but let’s face it: Meta isn’t exactly #privacy friendly and has been accused (with proof) of abusing collected information.
There’s a section, “Information From Third Party Services and Users,” where it states “we collect information about Third Party Services and Third Party Users who interact with Threads.”
(Third Parties would naturally include other Fediverse instances and their users.)
Federated Fediverse platforms share some data, but this seems to be a whole other level.
In this section of their #privacy policy, it’s stated “We collect information about the Third Party Services and a third party users who interact with threads…”
Interaction includes following #threads users, interacting with threads content, and especially threads users following/interacting with your “third party” content.
Data collected includes IP address, instance info, profile information
So, in theory, any interaction with a Threads user would subject you to this data collection…
I agree with you Mastodon is not private, but it lends itself more to #privacy than traditional social media.
There is still absolutely the threat of #metadata collection from #threads - just not first-party collection (if you are not on their platform.)
Similar context: you may not use WhatsApp, but I do. I have your contact info... and I share that info with WhatsApp. Well, now WhatsApp has it too. And they can infer we interact.
Tensions are running high over the imminent entry of InstaGrope into the verse, via Meta's Threads server. Some of you may have noticed me speaking up against the Anti-Fedi Meta Pact, and I want to clarify a few things I think are important.
I'm not arguing against admins moderating their servers' relationships with others. That's nobody's business but theirs. If an admin makes a case-by-case decision to defederate from Threads, well, that's fediverse moderation working as intended.
@strypey This is good to boost, lots of misinformation regarding this bit. HOWEVER, what I'm most concerned about, is people from my past/IRL finding me from #Threads and doxxing me, putting me at real risk of harm.
"Mastodon does not broadcast private data like e-mail or IP address outside of the server your account is hosted on. Our software is built on the reasonable assumption that third party servers cannot be trusted... A server you are not signed up with and logged into cannot get your private data or track you across the web. What it can get are your public profile and public posts, which are publicly accessible."
I can't believe how everyone is falling for the #privacy#gaslighting from Mastodon in their App Store description. Even Wired, now. Points to Bluesky for being honest. Eugen will be getting none whatsoever.
Product launch specialist here: the App Store list is self-declared. Apple does flag if you don't say you're collecting something their automatic checks see your app is linking a dev kit for (such as location data), but that review isn't comprehensive.
1/2
Das 40,00€ teurer gewordene Nachfolgeticket zum 9-Euro-Ticket soll Daten melken. Zwar solle das Ticket übergangsweise nicht nur für Smartphones erhältlich sein sondern auch auf Chip-Karten und kurzzeitig auf Papier mit QR-Code, aber wichtig scheint es den Regierenden vor allem anderen, dass mit dem 49€-Ticket Echtzeit-Verkehrsdaten erhoben werden können.
Positiv klingt zunächst: "Es werde nicht gespeichert, wer von A nach B fährt, sondern nur, wie stark die Verkehrsmittel ausgelastet sind. Für die Fahrgäste könnte das ein Nutzen sein, weil die Verkehrsunternehmen so für ausreichend Kapazitäten sorgen könnten."
Allerdings: Das Ticket wird wohl nur als Abo personalisiert erworben werden können, so dass darüber anfallende Personendaten zukünftig schnell integriert werden könnten. Mit Hinblick auf den aktuellen massiven Ausbau des Überwachungsstaats und der Kontrollgesellschaft in Deutschland und der EU (digitale Personenkennziffer/RegMod, Chatkontrolle, Identifizierungspflicht, Biometrie, eIDAS uvm) ist es doch auch gar nicht die Frage ob, sondern nur wann und mit welchem Vorwand (Anschläge, Pandemie, Jugendschutz, Wahlkampf) personalisierte Datenerfassung und Polizeizugriffe kommen werden, sobald die digitale Kontrollinfrastruktur erst einmal errichtet wurde.
Consumer advocacy group CHOICE has revealed stadiums including the Melbourne Cricket Ground, Sydney Cricket Ground and Qudos Bank Arena include FRT use within their conditions of entry.
There are community concerns over privacy and human rights issues arising from the growing use of the technology which collects an individual's biometric data."
Why has Threads, Meta’s answer to Twitter, not launched in the EU?
Meta’s new app has been listed in the US and the UK, but has no foreseeable launch date in the EU yet as the company worries about the bloc’s privacy regulations.
It’s not the EU that blocked the launch of the app, rather it’s Meta who’s being preemptively careful.
Me da migraña cada que @protonmail se pone a decir que el cliente de #ProtonDrive ya está por salir, y sin embargo pasan semanas y semanas y nada pasa. El equipo de marketing necesita un baño de agua fría, hablen cuando ya tengan una fecha concreta!
Android forces us to run a WiFi hotspot. Not good. OpenVPN workaround… (fedia.io)
(article linked from m/Android)