Search
Content type: Long Read
Period tracking apps and the rollback of reproductive rightsThe aftermath of the overturning of Roe v. Wade in the United States (US) sparked widespread debate and concern that data from period tracking apps could be use to criminalise those seeking abortion care.While the surveillance and criminalisation of reproductive choices are neither new nor unique to the US, the scale and intensity of today’s crisis continue to grow. To put it into perspective, 22 million women and girls of reproductive…
Content type: Long Read
Go back to the report page Methodology We looked at the top period tracking apps downloaded in the Google Play Store, some of which we had examined in our original research, and some of which are newly emerging apps that have since grown in popularity. The top period-tracking apps with the most downloads included Flo; Period Tracker by Simple Design; and apps we'd tested in our previous research that still exist such as Maya, Period Tracker by GP Apps, as well as several apps popular…
Content type: Long Read
The security of our devices, applications and infrastructure is paramount to the safe functioning of our digital lives. Good security enables trust in our systems, it is fundamental to protecting the critical information we store and exchange through networks and devices. Similar to how we physically secure our homes, offices and schools, securing devices and software allows us to operate in safe and trusted environments where our security is guaranteed and protected.Security for information…
Content type: Long Read
“Hey [enter AI assistant name here], can you book me a table at the nearest good tapas restaurant next week, and invite everyone from the book club?” Billions of dollars are invested in companies to deliver on this. While this is a dream that their marketing departments want to sell, this is a potential nightmare in the making.Major tech companies have all announced flavours of such assistants: Amazon’s Alexa+, Google’s Gemini inspired by Project Astra, Microsoft’s Copilot AI companion and…
Content type: Long Read
IntroductionWith the ongoing expansion of GPS tagging under the UK Home Office's electronic monitoring programme, it has increasingly deployed non-fitted devices (NFDs) that track a person's GPS location and request frequent biometric verification in the form of fingerprint scans.The NFDs deployed by the UK Home Office are small handheld devices with a fingerprint scanner that record a person's location 24/7 (referred to as their trail data). They alert the person at random intervals throughout…
Content type: Explainer
Many democracies, particularly younger democracies, are increasingly looking to employ technology - including biometrics - to coordinate the running of their electoral processes. Governments give various reasons for the use of these technologies, such as transparency, voter identification, and fighting corrupt practices in attempts to increase confidence in election results.
These databases and the devices used to access and edit them are susceptible to abuse, manipulation, and theft. Moreover…
Content type: Long Read
With the introduction of GPS tracking of people on immigration bail, the UK has recently put GPS ankle tags, and their potential privacy and security issues, under the spotlight. PI has exposed the intrusive nature and shortcomings of these devices through technical explainers and complaints to the UK data protection and forensic science regulators.
But, what better way to understand the risks associated with a device than to actually use one? In order to further consolidate our understanding…
Content type: Report
Privacy International’s submissions for the Independent Chief Inspector of Borders and Immigration inspection of the Home Office Satellite Tracking Service Programme
The Home Office have introduced 24/7 electronic monitoring and collection of the location data of migrants via GPS ankle tags. This seismic change cannot be overstated. The use of GPS tags and intention to use location data, kept for six years after the tag is removed, in immigration decision-making goes far beyond the mere…
Content type: Explainer
Bluetooth
The majority of apps settled on using Bluetooth for proximity tracing.
Just what is Bluetooth?
Named after the 10th Century King Harald "Bluetooth" Gormsson who unified Scandinavia — and whose runic initials comprise the logo — Bluetooth is a wireless, low-power, and therefore short-distance, set of protocols used primarily to connect devices directly to each other in order to transfer data, such as video and audio.
Bluetooth for tracking?
Most of us who've encountered Bluetooth use…
Content type: Case Study
Overview
Estonia is widely considered one of the most digitally advanced countries in the world. Its e-ID is the gateway through which e-citizens are able to access most public services. Estonia's e-ID is both designed and operated by a collection of private companies, and overseen by the Police and Border Guard agency.
X-Road® (implemented in Estonia as X-tee) is the free and open-source data exchange layer which provides a standardised method for transferring information between the data…
Content type: Case Study
This written piece is part of PI's wider research into the tech behind ID systems around the world. Click here to learn more.
Overview
Aadhaar (Hindi for ‘foundation’) is India’s ID programme, the largest in the world, surpassing 1 billion sign ups in just under 6 years. This programme aims to give every citizen a unique, biometrically-verifiable identification number. Each user receives a card with their number on it, which can be cross-referenced with the biometric data held in a government…
Content type: Case Study
This written piece is part of PI's wider research into the tech behind ID systems around the world. Click here to learn more.
Overview
The Modular Open Source Identity Platform (MOSIP) is an open source, open standards based foundational identity platform. MOSIP is an API first platform that can be used by user organisations such as Governments to build their own foundational national ID platforms. MOSIP offers ID life-cycle management features and identity verification capabilities out of the…
Content type: Long Read
When you buy a brand-new low-cost phone, it’s likely to come pre-installed with insecure apps and an outdated operating system. What this means is that you or your loved ones could be left vulnerable to security risks or to having their data exploited. Privacy shouldn’t be a luxury. That’s why we advocate for companies to provide the latest security features and privacy protections for both low- and high-cost phones.
Content type: Explainer
An array of digital technologies are being deployed in the context of border enforcement. Satellite and aerial surveillance are part of the surveillance toolkit and yet, they are also used by organisations seeking to hold government actions to account and improve efficacy of their own work. To effectively critique state use and delve into potential benefits of satellite and aerial surveillance, we must first understand it.
In this explainer we dig into a technology which many are aware of for…
Content type: Explainer
At first glance, infrared temperature checks would appear to provide much-needed reassurance for people concerned about their own health, as well as that of loved ones and colleagues, as the lockdown is lifted. More people are beginning to travel, and are re-entering offices, airports, and other contained public and private spaces. Thermal imaging cameras are presented as an effective way to detect if someone has one of the symptoms of the coronavirus - a temperature.
However, there is little…
Content type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of COVID-19, governments around the world are rushing to track the locations of their populace.
In this third installment of our Covid-19 tracking technology primers, we look at Satellite Navigation technology. In Part 1 of our mini-series on we discussed apps that use Bluetooth for proximity tracking. Telecommunications operators ('telcos'), which we discussed in Part 2, are also handing over customer data, showing the cell towers…
Content type: Long Read
This week saw the release of a coronavirus tracking app within the United Kingdom, initially to be trialled in the Isle of Wight. Privacy International has been following this closely, along with other ‘track and trace’ apps like those seen in over 30 other countries.
The UK’s app is no different. It is a small part of a public health response to this pandemic. As with all the other apps, it is vital that it be integrated with a comprehensive healthcare response, prioritise people, and…
Content type: Explainer
In a scramble to track, and thereby stem the flow of new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to leverage the metadata held by mobile service providers (telecommunications companies - "Telcos" - such as Hutchison 3 (Also known as Three), Telefonica (Also known as O2), Vodafone, and Orange) in order to track the movements of a population, as seen in Italy, Germany and Austria, and with the European Commission…
Content type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. We have seen such examples in Singapore and emerging plans in the UK.
Apps that use Bluetooth are just one way to track location. There are several different technologies in a smartphone…
Content type: Long Read
In 2018, following the Cambridge Analytica scandal, Facebook announced the “Download Your Information” feature allowing users to download all the information that the company have on them since the creation of the account. All of it? It doesn’t seem so. Concerns were quickly raised when Facebook released the feature, that the information was inaccurate and incomplete.
Privacy International recently tested the feature to download all ‘Ads and Business’ related information (You can accessed it…
Content type: Report
The changes discussed in this article are based on a second analysis performed in late November, 3 months after the original study Your Mental Health is for Sale and following the exact same methodology. All data collected can be found at the bottom of this page.
Change is possible
Back in September 2019 we published the report Your Mental Health is for Sale exposing how a majority of the top websites related to mental health in France, Germany and the UK share data for advertising purposes.…
Content type: News & Analysis
Privacy shouldn’t be a luxury.
Google claim to agree with us - we know that because Sundar Pichai, their CEO, said so this May in the New York Times. And yet, Google are enabling an ecosystem that exploits people who own low-cost phones.
Today we, along with over 50 organisations including Amnesty International, DuckDuckGo, and the ACLU are asking Google to step up, and we’re asking you to join us in pressuring them to do the right thing.
Sign the petition
Google has the power to…
Content type: Video
Christopher Weatherhead and Eva Blum-Dumontet Discuss the finding of Privacy International's report on the MyPhone MYA2 from the Philippines
Content type: Long Read
In December 2018, Privacy international exposed the dubious practices of some of the most popular apps in the world.Out of the 36 apps we tested, we found that 61% automatically transfer data to Facebook the moment a user opens the app. This happens whether the user has a Facebook account or not, and whether they are logged into Facebook or not. We also found that some of those apps routinely send Facebook incredibly detailed and sometimes sensitive personal data. Again, it didn’t matter if…
Content type: Long Read
A new study by Privacy International reveals how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
This article is part of a research led by Privacy International on mental health websites and tracking. Read our…
Content type: News & Analysis
In December 2018, we revealed how some of the most widely used apps in the Google Play Store automatically send personal data to Facebook the moment they are launched. That happens even if you don't have a Facebook account or are logged out of the Facebook platform (watch our talk at the Chaos Communication Congress (CCC) in Leipzig or read our full legal analysis here).Today, we have some good news for you: we retested all the apps from our report and it seems as if we…
Content type: News & Analysis
We found the above image here.
Background
Email is hard to secure. For years we've been trying to build security on top of email, such as through technologies like Pretty Good Privacy (PGP) and the open source implementation: GnuPG (GPG).
What happened
In the past 48 hours, there have been very scary looking reports recommending people switch off PGP in their email clients.
The TL;DR version of this post is:
PGP is not broken by this attack
You absolutely should not stop…
Content type: News & Analysis
We found the image here.
You’d be hard pressed to find an issue relating to human rights or the rule of law that wouldn’t benefit from a greater appreciation of the role of technology plays. Increasingly the practice of law, the waging of politics, and the conduct of social and economic affairs all are altered, modified, and even conducted through technological means. So to is the accumulation and use of power.
This is why at Privacy International, technology is at the core of what we do as…
Content type: Report
When you rent a car at the airport, use a car-share for a family day trip, one of the first things you are likely to do before setting off on your journey, is to connect your phone to the car. You switch on the Bluetooth and see a list of other people’s phones that were previously connected - Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.
Seems fairly innocuous? Wrong. Your name and…
Content type: Press release
Press Release: New report shows how car rental companies are failing to protect drivers' information
A new report by Privacy International shows how car rental companies and car-share schemes are failing to protect drivers' personal information, such as their location, smart phone contents, and place of residence.
The report is here: https://privacyinternational.org/node/987
Key points
Privacy International (PI) rented a series of internet-connected cars and examined the information which was collected and retained on the rental cars' infotainment system*. Every car PI rented…