Search
Content type: News & Analysis
2nd November 2016
The connectivity afforded by the internet has changed the world forever. While the increasing ‘corporatization’ of what many still feel is an open, non-hierarchical, largely uncensored and unfiltered ecosystem, this is increasingly not the case. The emergence of the ‘Internet of Things’ will soon throw into sharp relief who owns the internet and who owns the data we all generate when using the internet. Companies today have a vested interest in portraying their products as safe and secure with…
Content type: Report
25th January 2017
This investigation looks at how surveillance is being conducted in Thailand. The first part of the investigation focuses on the ties between telecommunication companies and the state, and the second part of the investigation focuses on attacks conducted in order to attempt to circumvent encryption.
Content type: News & Analysis
1st December 2017
There are three good reasons why security is so hard for NGOs. First, we are afraid to speak about meaningful security. Second, we focus on the wrong areas of security and in turn spend money and prioritise the wrong things. Third, we struggle to separate the world we want from the worlds we build within our own organisations. At PI we have failed and struggled with each of these for over 20 years. Out of exhaustion, we decided to do something about it: we are building an open framework, a…
Content type: News & Analysis
8th January 2020
Privacy shouldn’t be a luxury.
Google claim to agree with us - we know that because Sundar Pichai, their CEO, said so this May in the New York Times. And yet, Google are enabling an ecosystem that exploits people who own low-cost phones.
Today we, along with over 50 organisations including Amnesty International, DuckDuckGo, and the ACLU are asking Google to step up, and we’re asking you to join us in pressuring them to do the right thing.
Sign the petition
Google has the power to…
Content type: Long Read
7th May 2020
This week saw the release of a coronavirus tracking app within the United Kingdom, initially to be trialled in the Isle of Wight. Privacy International has been following this closely, along with other ‘track and trace’ apps like those seen in over 30 other countries.
The UK’s app is no different. It is a small part of a public health response to this pandemic. As with all the other apps, it is vital that it be integrated with a comprehensive healthcare response, prioritise people, and…
Content type: News & Analysis
16th May 2017
This guest piece was written by Leandro Ucciferri of the Association for Civil Rights (Asociación por los Derechos Civiles). It does not necessarily reflect the views or position of Privacy International.
We look at our smartphone first thing in the morning to check the weather, and our to-do list for the day. During breakfast, we read the news and learn about what is going on in the rest of the world. In our commute to work or college, we scroll through our social media feeds to check on our…
Content type: Explainer
21st April 2020
In a scramble to track, and thereby stem the flow of new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to leverage the metadata held by mobile service providers (telecommunications companies - "Telcos" - such as Hutchison 3 (Also known as Three), Telefonica (Also known as O2), Vodafone, and Orange) in order to track the movements of a population, as seen in Italy, Germany and Austria, and with the European…
Content type: News & Analysis
1st August 2016
Privacy can be seen as a reflex of innovation. One of the seminal pieces on the right to privacy as the 'right to be let alone emerged in response to the camera and its use by the tabloid media. Seminal jurisprudence is in response to new surveillance innovations... though often with significant delays.
While one approach would be to say that privacy is a norm and that with modern technologies the norm must be reconsidered and if necessary, abandoned; I think there’s an interesting idea around…
Content type: Long Read
3rd September 2019
A new study by Privacy International reveals how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
This article is part of a research led by Privacy International on mental health websites and tracking. Read our full report…
Content type: Press release
Press Release: New report shows how car rental companies are failing to protect drivers' information
5th December 2017
A new report by Privacy International shows how car rental companies and car-share schemes are failing to protect drivers' personal information, such as their location, smart phone contents, and place of residence.
The report is here: https://privacyinternational.org/node/987
Key points
Privacy International (PI) rented a series of internet-connected cars and examined the information which was collected and retained on the rental cars' infotainment system*. Every car PI rented contained…
Content type: News & Analysis
24th November 2017
This is the story of Privacy International's journey to building more secure services. Data collection and administering sensitive data on the open web is risky, and PI had to learn this the hard way.
Many companies say that the privacy of their audiences is their top priority. But do they mean it? Do they invest in it? Doing security on tight budgets is incredibly hard. But it is the natural state of the non-profit sector. We learned this through challenging experiences. But it is worth all…
Content type: Long Read
24th February 2020
In 2018, following the Cambridge Analytica scandal, Facebook announced the “Download Your Information” feature allowing users to download all the information that the company have on them since the creation of the account. All of it? It doesn’t seem so. Concerns were quickly raised when Facebook released the feature, that the information was inaccurate and incomplete.
Privacy International recently tested the feature to download all ‘Ads and Business’ related information (You can accessed it…
Content type: Long Read
9th September 2019
In December 2018, Privacy international exposed the dubious practices of some of the most popular apps in the world.
Out of the 36 apps we tested, we found that 61% automatically transfer data to Facebook the moment a user opens the app. This happens whether the user has a Facebook account or not, and whether they are logged into Facebook or not. We also found that some of those apps routinely send Facebook incredibly detailed and sometimes sensitive personal data. Again, it didn’t matter if…
Content type: Report
6th February 2020
The changes discussed in this article are based on a second analysis performed in late November, 3 months after the original study Your Mental Health is for Sale and following the exact same methodology. All data collected can be found at the bottom of this page.
Change is possible
Back in September 2019 we published the report Your Mental Health is for Sale exposing how a majority of the top websites related to mental health in France, Germany and the UK share data for advertising purposes.…
Content type: Examples
1st April 2020
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum encryption key…
Content type: News & Analysis
3rd April 2017
For as long as automobiles have been around, manufacturers have been trying to find ways of putting more technology inside of cars, oftentimes sold as value-added services for their customers, whether that be 8-tracks of the 1960s and 1970s, the enhancement to security of central locking of the 1980s and 1990s, or the introduction of satellite navigation in the 2000s.
Today, as our technologies become ‘smarter’, so do the risks to our personal privacy. This especially true as society is on the…
Content type: Explainer
30th July 2020
At first glance, infrared temperature checks would appear to provide much-needed reassurance for people concerned about their own health, as well as that of loved ones and colleagues, as the lockdown is lifted. More people are beginning to travel, and are re-entering offices, airports, and other contained public and private spaces. Thermal imaging cameras are presented as an effective way to detect if someone has one of the symptoms of the coronavirus - a temperature.
However, there is little…
Content type: News & Analysis
12th October 2016
As of October 1st, it has become impossible for the public to see footage from North Carolina police body cameras as a result of new law HB 972. This should be of concern to anyone who cares about police accountability and the balance of power in the new digital surveillance era. Increasingly, we are seeing law enforcement use new technology to respond not only to unrest and crime but also to collect and monitor data about individuals who are not suspected of any criminal involvement, such as…
Content type: News & Analysis
2nd May 2017
Why would we ever let anyone hack anything, ever? Why are hacking tools that can patently be used for harm considered helpful? Let's try to address this in eight distinct points:
1) Ethical hacking is a counter proof to corporate claims of security.
Companies make products and claim they are secure, or privacy preserving. An ethical hack shows they are not. Ethical hackers produce counter-proofs to government or corporate claims of security, and thus defend us, piece by tiny piece.In other…
Content type: News & Analysis
5th April 2018
We found the image here.
You’d be hard pressed to find an issue relating to human rights or the rule of law that wouldn’t benefit from a greater appreciation of the role of technology plays. Increasingly the practice of law, the waging of politics, and the conduct of social and economic affairs all are altered, modified, and even conducted through technological means. So to is the accumulation and use of power.
This is why at Privacy International, technology is at the core of what we do as…
Content type: News & Analysis
5th March 2019
In December 2018, we revealed how some of the most widely used apps in the Google Play Store automatically send personal data to Facebook the moment they are launched. That happens even if you don't have a Facebook account or are logged out of the Facebook platform (watch our talk at the Chaos Communication Congress (CCC) in Leipzig or read our full legal analysis here).
Today, we have some good news for you: we retested all the apps from our report and it seems as if we have made some impact…
Content type: Explainer
7th May 2020
In a scramble to track, and thereby stem the flow of, new cases of COVID-19, governments around the world are rushing to track the locations of their populace.
In this third installment of our Covid-19 tracking technology primers, we look at Satellite Navigation technology. In Part 1 of our mini-series on we discussed apps that use Bluetooth for proximity tracking. Telecommunications operators ('telcos'), which we discussed in Part 2, are also handing over customer data, showing the cell towers…
Content type: Examples
1st April 2020
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content type: News & Analysis
1st February 2017
Technologists hoped the “Crypto Wars” of the 1990s – which ended with cryptographers gaining the right to legally develop strong encryption that governments could not break – was behind them once and for all. Encryption is a fundamental part of our modern life, heavily relied on by everything from online banking and online shopping services to the security our energy infrastructure.
However, from comments by the French and German governments about creating a European initiative to circumvent…
Content type: Examples
1st April 2020
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…
Content type: Report
6th December 2017
When you rent a car at the airport, use a car-share for a family day trip, one of the first things you are likely to do before setting off on your journey, is to connect your phone to the car. You switch on the Bluetooth and see a list of other people’s phones that were previously connected - Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.
Seems fairly innocuous? Wrong. Your name and…
Content type: News & Analysis
20th October 2017
The short answer is yes.
I'm sure many of you have seen people with stickers over their webcams and wondered why (probably writing that person off as paranoid). But it's well known in tech circles that a camera in a computer or smartphone can be turned on remotely by an attacker with the resources, time, and motivation.
Security is hard, and our defences are weak. The capability of an adversary to attack your devices doesn't necessarily hinge upon a consumer choice of which computer or phone…
Content type: Report
5th October 1995
The explosion of telecommunications services has improved the ability for human rights groups to disseminate information worldwide. New telephone, facsimile and computer communications have created opportunities for human rights groups to improve organizing and to promote human rights faster and at a lower cost than ever before. However, these new technologies can be monitored by governments and other groups seeking to monitor the activities of human rights advocates. For this reason, human…
Content type: Explainer
31st March 2020
In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. We have seen such examples in Singapore and emerging plans in the UK.
Apps that use Bluetooth are just one way to track location. There are several different technologies in a smartphone…
Content type: Examples
1st April 2020
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted…