Search
Content type: Long Read
24th February 2020
Valentine’s Day is traditionally a day to celebrate relationships, but many relationships that begin romantically can quickly become controlling, with partners reading emails, checking texts and locations of social media posts. This can be just the beginning.
Today, Friday 14th February, Privacy International and Women’s Aid are launching a series of digital social media cards giving women practical information on how to help stay safe digitally from control and abuse.
Did you know that…
Content type: Examples
1st April 2020
In a widely circulated animated heat map, the geospatial visualisation company Tectonix GEO in partnership with the location technology company X-Mode used the secondary locations of anonymised mobile devices that were active on a single beach in in Ft Lauderdale, FL during spring break to show how the beach-goers fanned out across the US afterwards, potentially carrying infection with them. Although the visualisation was instructive in showing how contagion spreads, it was unclear whether any…
Content type: Long Read
20th April 2020
‘Let’s build an app for that’ has become the response to so many things. It’s no surprise it’s happening now.
Apps are notorious for their lack of security and privacy safeguards, exploiting people’s data and devices. Now we’re being asked to trust governments with their proposed apps -- of which there are many. These are the very same governments who have been keen to exploit data in the past. For instance, PI currently has four outstanding legal cases arising from the last times governments…
Content type: Examples
19th March 2020
Thailand's National Broadcasting and Telecommunication Commission (NBTC) provided a SIM card to every foreigner and Thai who had travelled from countries that have have been designated as "high risk" for COVID-19 infections (at the time, China, Hong Kong, South Korea, Italy, and Macau). According to NBTC secretary-general Thakorn Tanthasit, the AoT Airports' new application had more than 7,000 downloads in its first five days. The sim card will be used together with the AoT Airports application…
Content type: Examples
28th April 2020
By May 11, the Swiss Federal Office of Public Health, working with EFPL and ETH Zurich, will launch a secure, decentralised system for contact tracing developed by the Decentralised Privacy-Preserving-Proximity Tracing (DP-3T) international consortium, whose Swiss partners are Ubique and PocketCampus. Other international partners include UCl, KU Leuven, TU Delft, the University of Oxford, and the Universirty of Torino. The system has been posted to Github as an open source protocol and will…
Content type: Examples
8th April 2020
The global secure solutions integrator SuperCom has begun piloting a modified version of the company's PureHeath platform, which incorporates a specially designed "PureCare" smartphone and "PureTag" ankle bracelet, aimed at ensuring that people comply with quarantine requirements during the coronavirus pandemic. The expectation is that the smartphones, which are easier to distribute at scale, will be used widely, while the ankle bracelets will be reserved for high-risk individuals. The company…
Content type: Examples
1st April 2020
Although the alerts about contacts with people infected by the coronavirus sent out via SMS by the South Korean government do not include names, the information included about people who tested positive for coronavirus, and their past locations can be revealingly detailed in some cases. Those who have been identified by this means have suffered offline and/or online harassment; others, without being specifically identified by name, have been mocked. A survey has found that as a result people…
Content type: Examples
19th March 2020
With 6,300 COVID-19 cases and more than 40 reported deaths, the South Korean government launched a smarphone app (Android first, iPhone due on March 20) to monitor citizens on lockdown as part of its "maximum" action to contain the outbreak. The app keeps patients in touch with care workers and uses GPS to keep track of their location to ensure they don't break quarantine. The government said the tracking was essential to manage the case load (at the time, 30,000 people) and prevent "super…
Content type: Examples
26th March 2020
The new Singaporean app, TraceTogether, developed by the Government Technology Agency in collaboration with the Ministry of Health was launched on March 20 after eight weeks of development. The app, which can be downloaded by anyone with a Singapore mobile number and a Bluetooth-enabled smartphone, asks users to turn on Bluetooth and location services, and enable push notifications. The app works by exchanging short-distance Bluetooth signals between phones to detect other users within two…
Content type: News & Analysis
13th January 2020
Maddie Stone, formally a Senior reverse engineer and tech lead on the Android security team, shockingly revealed a number of examples of how pre-installed apps on Android devices can undermine users privacy and security in her BlackHat USA talk in August 2019. The video of the talk only recently became available to the public in late December 2019.
The apps in question come preloaded on a device when it is purchased and often can't be removed. Stone reveals a litany of abuses carried out by…
Content type: Examples
19th March 2020
Russian authorities are using surveillance cameras, facial recognition systems, and geolocation to enforce a two-week quarantine regime affecting 2,500 people. Chinese citizens are banned from entering Russia; Russians and citizens of other countries who arrive from China are required to go through two weeks of quarantine. Police raid hotels to find Chinese citizens who arrived before border controls began, and bus drivers have been ordered to call their dispatchers if they see Chinese citizens…
Content type: Examples
21st March 2020
The Polish government has developed the free Home Quarantine app for both iPhone and Android, which allows the police to check that individuals do not break quarantine; those who do may be fined up to PLN 5,000 and also offers support to those who are quarantined. Once users activate the app by entering a phone number and a code sent via SMS, they send a reference photo. Every so often the app sends an unscheduled request for a new photo to be sent within 20 minutes. The system checks both the…
Content type: Video
10th February 2020
Find out why 53 organisations from all over the world are telling Google it's time they take action on pre-installed apps (bloatware).
You can listen and subscribe to the podcast where ever you normally find your podcasts:
Spotify
Apple podcasts
Google podcasts
Castbox
Overcast
Pocket Casts
Peertube
Youtube
Music by Glass Boy, find more of their work here: glassboy.bandcamp.com/album/enjoy
(creativecommons.org/licenses/by-nd/3.0/)
Content type: Advocacy
17th June 2020
Privacy International (PI), Fundaciòn Datos Protegidos, Red en Defensa de los Derechos Digitales (R3D) and Statewatch responded to the call for submission of the UN Special Rapporteur on contemporary forms of racism, xenophobia and related intolerance on how digital technologies deployed in the context of border enforcement and administration reproduce, reinforce, and compound racial discrimination.
This submission provides information on specific digital technologies in service of border…
Content type: Examples
9th April 2020
Led by Germany's Fraunhofer Heinrich Hertz Institute for Telecoms, technologists and scientists from at least eight countries, are working on a proximity-based contact tracing technology that complies with GDPR. The Pan-European Privacy-Preserving Proximity Tracing project (PEPP-PT) is intended to leverage smartphones to help disrupt the spread of infection by notifying individuals when their smartphones are near enough to to that of another person to carry out a Bluetooth handshake - thereby…
Content type: Examples
26th March 2020
After Pakistani residents queried whether messages labelled "CoronaALERT" sent out via SMS were legitimate, telecom authorities confirmed that it was authentic, being sent to selected individuals at the request of the Ministry of Health under the Digital Parkistan programme. Individuals were chosen because they might have come in contact with infected individuals during travel or in specific locations. It is not clear, however, what the criteria were for selecting individuals at risk,…
Content type: Examples
30th March 2020
Together with Norwegian company Simula the Norwegian Institute of Public Health is developping a voluntary app to track users geolocation and slow the spread of Covid-19. Running in the background, the app will collect GPS and Bluetooth location data and store them on a server for 30 days. If a user is diagnosed with the virus, its location data can be user to trace all the phones that have been in close contact with the person. Authorities will use this data to send an SMS only to those phones…
Content type: Examples
16th April 2020
The Norwegian contact tracing app, Infection Stop, relies on a centralised database to store users' GPS locations for 30 days, like its Chinese counterpart. Sumula, the company that developed the app, claims is necessary because of technical limitations in Apple's smartphone operating system iOS. Simula has rejected using Bluetooth, like Singapore's TraceTogether, because to work on Apple's iPhones the tracker app would have to be in the forefront in order to be able to use Bluetooth to send,…
Content type: Advocacy
7th January 2020
Vous pouvez trouver la lettre ci-dessous. Ajoutez votre voix à cette campagne en signant notre pétition si vous pensez qu'il est temps que Google cesse d'activer l'exploitation.
Ce contenu est également disponible en anglais et en espagnol.
Cher M. Pichai,
Nous, les organisations signataires, sommes d’accord avec vous :
la vie privée n’est pas un luxe, offert seulement à ceux qui en ont les moyens.
Pourtant, les « Android Partners » – qui utilisent la marque déposée Android – fabriquent…
Content type: Examples
1st April 2020
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum encryption key…
Content type: Examples
18th March 2020
A task force at the Italian Ministry of Innovation, in collaboration with the University of Pavia to leverage big data technologies to deal with COVID-19, after the WHO advised governments that lockdowns alone are not enough, and that testing, isolation, and contact tracing are crucial. The effort is beginning with anonymised data provided by Facebook; Italian telcos including Tim, Vodafone, Wind Tre, and FastWeb, via their Asstel trade association, have also offered anonymous datasets…
Content type: Examples
19th March 2020
Ministers have permitted the Shin Bet security service to "use the cellular phone data of carriers of the disease to retrace their steps and identify anyone they may have infected", and will relay the information to the Health Ministry, which will send a message to those who were within two meters (6.6 feet) of the infected person for 10 minutes or more, telling them to go into quarantine. An update to the original order has extended the period during which it is in force from 30 days until the…
Content type: Examples
22nd April 2020
While the agency that manages residence permits, the Coordination of Government Activities in the Territories, is closed, Israel has instructed Palestinians seeking to verify whether their permits to remain in Israel are still valid to download the app Al Munasiq, which grants the military access to their cellphone data. The app would allow the army to track the Palestinians' cellphone location, as well as access their notifications, downloaded and saved files, and the device's camera.
Source…
Content type: Examples
2nd April 2020
The Mumbai police have been asked by the civic governing body to track the movements of people arriving at Mumbai airport through the GPS location of their phones. Arrivals at the airport in Mumbai are also being stamped with “Proud to protect Mumbaikars. Home quarantined” with the date until which they have to remain in home isolation.
Source: https://indianexpress.com/article/india/coronavirus-mumbai-civic-body-turns-to-phone-gps-to-enforce-home-quarantine-rules-6321098/
Writer: Tabassum…
Content type: Examples
22nd April 2020
India's COVID-19 tracker app, Aarogya Setu, was downloaded 50 million times in the first 13 days it was available. Developed by the National Informatics Centre a subsidiary of the Ministry of Electronics and IT, the app is available on both Android and iOS smartphones, and uses GPS and Bluetooth to provide information on whether the phone has been near an infected person. Users provide a mobile number, health status, and other credentials, and must keep both location services and Bluetooth…
Content type: Examples
8th April 2020
On April 1, Iceland launched an app that uses GPS to locate people who may have been in close contact with confirmed COVID-19 patients. A message containing a download link for the app will be sent to all Icelanders; downloading it and then agreeing to disclose GPS data are both voluntary, but for it to work as intended 60% will need to opt in. The app will register all nearby phones, so that if an individual gets infected the authorities will have an accurate record of everyone who came into…
Content type: Examples
26th March 2020
After Asian countries used mass surveillance of smartphones to trace contacts and halt the spread of the coronavirus, Western countries such as the UK and Germany are trying to find less-invasive ways to use phones to collect and share data about infections that would work within data privacy laws and retain public trust. Nearly half of virus transmissions may occur before the individual shows symptoms of the disease. At Oxford researchers are working on a notification app that would notify…
Content type: Examples
28th April 2020
Three days after announcing Germany would adopt the centralised Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) standard for contact tracing, the country's chancellery minister Helge Braun and health minister Jens Spahn announced they would instead use the decentralised approach backed by Apple, Google, and other European countries. While both standards rely on Bluetooth connections between nearby phones, PEPP-PT would have required Apple's cooperation to implement, and the company…
Content type: Examples
1st April 2020
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…
Content type: Examples
19th March 2020
Colombia's has launched the free, Android-only, prevention-focused Colombia-Coronapp developed by the National Health Institute (INS) to help identify and eradicate the virus across the country, as well provide centralisation and transparency. Besides their basic information, users are asked to say if they have participated in any mass events in the prior eight days, a controversial question because of the recent protests across the country. The app also provides safety tips, an updated map of…