Source: Proceedings of the Sixteenth Symposium on Usable Privacy and Security via beSpacific
Replication: Why We Still Can’t Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories. Sarah Bird, Ilana Segall, Martin Lopatka – Mozilla. This paper is included in the Proceedings of the Sixteenth Symposium on Usable Privacy and Security.August 10–11, 2020978-1-939133-16-8. “Abstract – We examine the threat to individuals’ privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to websites and third par-ties. This work replicates and extends the 2012 paper Why Johnny Can’t Browse in Peace: On the Uniqueness of Web Browsing History Patterns. The original work demonstrated that browsing profiles are highly distinctive and stable.We reproduce those results and extend the original work to detail the privacy risk posed by the aggregation of browsing histories. Our dataset consists of two weeks of browsing data from ~52,000 Firefox users. Our work replicates the original paper’s core findings by identifying 48,919 distinct browsing profiles, of which 99% are unique. High uniqueness hold seven when histories are truncated to just 100 top sites. Wethen find that for users who visited 50 or more distinct do-mains in the two-week data collection period, ~50% can be reidentified using the top 10k sites. Reidentifiability rose to over 80% for users that browsed 150 or more distinct domains.Finally, we observe numerous third parties pervasive enough to gather web histories sufficient to leverage browsing history as an identifier.
Source: WatchBlog: Official Blog of the U.S. Government Accountability Office
Subject: FBI worried Ring doorbells are spying on police, per leaked report
Source: Business Insider
- The FBI is worried that personal home-security cameras, like Amazon’s Ring doorbell camera, could be used to tip off homeowners to police searches, according to a leaked report.
- Since Ring was bought by Amazon in 2018, the service has become ubiquitous for homeowners looking for an extra layer of security.
- It also has been used widely by law enforcement, with over 600 US police departments partnering with Ring to request footage from the home systems and their owners.
- Motion-detection cameras could show officers’ locations in a standoff, surreptitiously record a search, or capture images of officers that could compromise their individual safety, the report claims.
The report, which was released in the “BlueLeaks” trove of hacked law enforcement documents and first published by The Intercept, highlights the complicated relationship between law enforcement and publicly available surveillance methods, as authorities grapple with being both the surveillers and surveilled.
Source: CNN via beSpacific
CNN describes each of the false videos “A series of deceptively edited and misleading videos shared by prominent Republicans have run up millions of views across Facebook and Twitter in just the past few days. And while both companies have pledged to combat misinformation, their responses to these videos followed a familiar pattern: often they act too late, do too little, or don’t do anything at all. Between Sunday and Monday, high-profile Republicans, including President Donald Trump, shared at least four misleading videos online. One that circulated widely was a false video about Democratic presidential nominee Joe Biden posted to the Twitter account of House Minority Whip Steve Scalise. After an outcry, including from a person in the video who had words put in his mouth in order to distort what Biden was saying, Twitter took the action it takes in such instances, labeling the video as “manipulated media.”
The manipulated media label is just that, however — a label appearing below the video when people look at the specific tweet to which it has been applied. It’s small and potentially missed by users, and though it may potentially make some users pause before sharing a given video, it does not actually stop them if they decide to go ahead anyway…”
Filed in CNN https://edition.cnn.com/business/tech/
Source: U.S. GAO
U.S. Customs and Border Protection uses facial recognition technology for identity checks at borders. As of May 2020, CBP had deployed this technology to 27 U.S. airports.We found that CBP’s privacy notices—which inform the public about its use of this technology—were not always current or available where this technology is being used or on CBP’s website. Also, CBP has only audited one of its 27 airline partners to ensure compliance with its facial recognition privacy policies.We recommended that CBP ensure its privacy notices are complete and available at locations using this technology, and that CBP develop a plan to audit its partners.Example of cameras and display screens used for facial recognition at the Port Canaveral Seaport …
You know that clip of Steve Carell from The Office where he’s shouting “No, God! No, God, please no! No! No! Nooooooooo!” That’s how I feel about Amazon’s announcement that it’s adding a new service to Alexa for landlords. It’s called Alexa for Residential that, according to Amazon, “makes it easy for property managers to set up and manage Alexa-powered smart home experiences throughout their buildings.”Landlords can set special Alexa commands that will let their residents pay rent, submit maintenance requests, and manage other things that normally come with the territory of renting an apartment or other dwelling. And of course, it will still function as a regular smart speaker—dim the lights, get a weather report, all that jazz. Landlords can also remotely reset the device whenever someone moves out to give the device a clean slate for the next person.
Amazon claims in its press release that it’s taken the steps necessary to protect the privacy of residents. There’s just one issue that Amazon doesn’t address in its announcement: the Drop In feature on Amazon Echo devices.
Subject: How can you spot a tech support scam?
Source: FTC Consumer Information
Are you getting pop-up warning messages on your computer screen? Or maybe a phone call that your computer has a virus? That may well be a tech support scam. But how do you know? And what do you do?Start by watching this video on tech support scams.
Subject: This Email Could Wreak Havoc on the 2020 Election
Data—especially at the scale and granularity collected by the federal government—is a powerful tool. But democratic governments that fail to use data ethically run the risk of losing the public’s trust and, in turn, their willingness to give their personal data over to agencies.As part of the 20-point action plan to kick off implementation of the Federal Data Strategy in 2020, the General Services Administration was charged with creating a Data Ethics Framework “to help agency employees, managers and leaders make ethical decisions as they acquire, manage and use data.”“Decisions made with data touch every aspect of American life,” the framework notes, particularly when the data is collected by federal agencies and the decisions being made are on behalf of the entire country. The framework looks to guide federal officials’ decision making on the use of data “with the goal of protecting civil liberties, minimizing risks to individuals and society, and maximizing the public good.”…filed: