Search
Content type: Examples
In 2012, Google announced it would condense 70 different privacy policies into a single one that would allow the company to merge the data collected across all its services, including Maps, search, Android, Books, Chrome, Wallet, Gmail, and the advertising service provided by its DoubleClick subsidiary into a single database. The company claimed the purpose was to enable a better, more unified experience - for example, it said it would be able to deliver better search results by combining…
Content type: Examples
In 2010, increasing adoption of social media sites such as blogs, Facebook, Twitter, and Flickr led Google to develop Buzz, an attempt to incorporate status updates and media-sharing into its Gmail service. Users could link their various social media feeds, including Picasa (Google's photo-sharing service) and Reader (Google's RSS news reader), directly into Gmail. Via the integrated feed, Gmail users could see not only the content produced by those they followed, but those they didn't if their…
Content type: Examples
In July 2011, the established writer GrrlScientist tried to log into her Google account and found that it was suspended, barring her access to Gmail, Google Docs, YouTube, Google Reader, and the newly launched social network Google+. It turned out that the reason was then when Google launched its Google+ social network in June 2011, it included among its terms and conditions a requirement to use "the name your friends, family, or co-workers call you". In July 2011, Google began suspending the…
Content type: Examples
In 2010, Google revealed that a data audit required by Germany's data protection authority had revealed that since 2007 the cars deployed to capture images for its Street View project had accidentally captured 600GB of data from local wifi networks, including personal web browsing histories. Google said it used network names (SSIDs) and router identifiers (MAC addresses) to use for its location services, but did not use any of the payload data, which the company said consisted only of fragments…
Content type: Examples
Google launched its first version of Android in 2009. Based on a modified Linux kernel and other open source software, Android provides the operating system for mobile phones, tablets, televisions, cars, wrist watches, and many other devices including digital cameras, game consoles, PCs, and personal video recorders. By 2017, Android had become the best-selling operating system in the world, with over 2 billion monthly active users. Even in 2009, critics warned that the operating system, which…
Content type: Examples
In May 2007, Google launched Street View, an add-on to its Maps service that allows users to see and "drive" through images of streets and buildings. Almost immediately, the service provoked controversy when users realised that these images included pictures looking through the windows of their homes and images of license plates, or that caught them in embarrassing or even illegal situations on the street. Google argued that Street View only captured images taken on public property. In August,…
Content type: Examples
To personalise the services it offers, Google retains user data such as search histories and as well as the Internet Protocol (IP) addresses and other digital identifiers that enable the company to link search queries to the specific computer where they were generated. Until March 2007, the company kept this data indefinitely. At that point, it announced that in response to privacy advocates' concerns it would begin anonymising the data after 18 to 24 months. While some welcomed the change,…
Content type: Examples
When Google launched Gmail in 2004, the new service rapidly gained acceptance because it offered far more storage space than any other comparable service. From the beginning, however, Gmail scanned the contents of emails to help the company generate contextual ads. Scanning has never applied to the email service it offers paying corporate customers as part of G Suite. In 2017, Google announced it would end scanning email in the consumer service, largely to end confusion among the corporate…
Content type: Examples
The first example of internet users being blindsided by the retention of information they had thought was ephemeral was Usenet, a worldwide collection of discussion groups ("newsgroups") created in 1979. At the beginning, computers called each other directly to swap and distribute new postings; as the internet became available it became the primary medium for propagating Usenet's burgeoning collection of newsgroups. At its peak in the 1990s Usenet was a huge open system used by millions of…
Content type: Examples
In 2005, Google launched its web analytics service, which tracks and reports website traffic. The most widely-used analytics service on the web, Google Analytics comes in three versions: free, the subscription enterprise service 360, and a mobile service that collects analytics from both iOS and Android apps. The service works by storing cookies on computers that visit the websites on which Google Analytics is installed; the cookies contain a unique "cookie ID" identifier; this enables website…
Content type: Long Read
Privacy and data protection are currently being debated more intensively than ever before. In this interview, Frederike Kaltheuner from the civil rights organisation Privacy International explains why those terms have become so fundamentally important to us. The article was first published in the newly launched magazine ROM. The interview was conducted by ROM publisher Khesrau Behroz and writers Patrick Stegemann and Milosz Paul Rosinski.
Frederike Kaltheuner, you work for Privacy…
Content type: Examples
In September 2007, Facebook, which from its 2004 founding had stressed the privacy of its user profiles and interactions, opened up its profiles to public search engines such as Google and Bing. Facebook's new "public listing search" allowed anyone to search for a particular person; such searches returned the name and profile picture of all members who had set their search privacy to "Everyone". The benefit to Facebook was to encourage non-users to sign up when they saw their friends and family…
Content type: Examples
In May 2009, University of Cambridge computer science researcher Joseph Bonneau discovered as part of his research that many social network respond to user requests to delete photographs by hiding them while remaining them on their servers. Among the worst offenders were Facebook, MySpace, Bebo, and LiveJournal. A Facebook spokesman explained that while photographs were immediately deleted from the company's own servers, the data would take longer to be removed from Akamai, the Content Delivery…
Content type: Press release
Photo credit: Forbrukerrådet
The Norwegian Consumer Council has today published a report which shows how Facebook and Google appear to push users into sharing personal data, and raises questions around how such practices are GDPR compliant.
Off the back of the analysis, Privacy International is joining NCC and several other consumer and privacy groups in Europe to ask European data protection authorities to investigate whether the companies are acting in accordance with GDPR. Copies of the…
Content type: Course Section
Communications surveillance is where a third party intercepts a communication in the course of its transmission between intended recipients. Interception includes all acts of monitoring, copying, diverting, duplicating and storing communications in the course of their transmission by or for law enforcement or intelligence agencies.[1]
When discussing communications surveillance, there are many debates, distinctions, and terms used. Because of this it is important to know what a term represents…
Content type: Press release
WASHINGTON, D.C. – U.S. companies should adopt the same data protection rules that are poised to go into effect in the European Union on May 25, Public Citizen, the Center for Digital Democracy and Privacy International said today.
In a sign-on letter, 28 groups are calling on some of the world’s largest companies – including Facebook, Google and Amazon, as well as digital advertisers like Nestle, Walmart and JPMorgan Chase – to use Europe’s impending General Data Protection Regulation (GDPR…
Content type: Long Read
If you operate an internet company in Russia, you aren’t necessarily surprised to one day open the door to someone, grasping in one hand a bundle of wires and in the other a letter from a government agency demanding access to your servers, with a black box wedged under one arm.
Internet companies in Russia are required by law to store the content of users’ communications for six months and the metadata of users’ communications for three years, essentially meaning that what a person does…
Content type: Long Read
Hasn't Facebook said it would give European data protection to all of their users?
Yes, but only in very vague language. In an initial reaction to the Cambridge Analytica scandal, Mark Zuckerberg declared that Facebook would apply the EU General Data Protection Regulation (GDPR) “in spirit” to their 2 billion users worldwide. When questioned by members of the US Congress, Zuckerberg declared that "[a]ll the same controls will be available around the world". Representative Green sought…
Content type: Examples
Behind the colourful bicycles and games rooms, Silicon Valley tech giants operate a strict code of secrecy, relying on a combination of cultural pressure, digital and physical surveillance, legal threats, and restricted stock to prevent and detect not only criminal activity and intellectual property theft but also employees and contracts who speak publicly about their working conditions. Apple has long been known for requiring employees to sign project-specific non-disclosure agreements (NDAs…
Content type: Examples
Car companies have long collected data about the consumers who buy their cars. Now, they hope to aggregate and sell customer preferences to outside vendors for marketing purposes much as online tech giants like Google and Facebook already do. The companies say that exploiting this data will help them improve the driving experience, enabling predictive maintenance and enhancing driving intelligence. A study published in July 2017 by the US Government Accountability Office found that none of the…
Content type: Examples
A former Facebook insider explains to Wired Magazine why it's almost certain that the Trump campaign's skill using the site's internal advertising infrastructure was more important in the 2016 US presidential election than Russia's troll farm was. The first was the ads auction; the second a little-known product called Custom Audience and its accompanying Lookalike Audiences. Like Google's equivalent, Facebook's auction has advertisers bid with an ad, an ideal user specification, and a bid for…
Content type: Examples
In a report on mobile security updates, the US Federal Trade Commission finds that because of the complexity of the mobile ecosystem applying security updates to operating system software on some mobile devices is time-consuming and complicated. Based on information gathered from eight device manufacturers - Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung, the FTC recommends that manufacturers should deploy these updates more quickly and suggests that manufacturers should…
Content type: Examples
Princeton University's WebTap - Web Transparency and Accountability - project conducts a monthly automated census of 1 million websites to measure tracking and privacy. The census detects and measures many or most of the known privacy violations researchers have found in the past: circumvention of cookie blocking, leakage of personally identifiable information to third parties, Canvas fingerprinting, and many more. The research also examines the effect of browser privacy tools and cookie…
Content type: Examples
The first signs of the combination of AI and surveillance are beginning to emerge. In December 2017, the digital surveillance manufacturer IC Realtime, launched a web and app platform named Ella that uses AI to analyse video feeds and make them instantly searchable - like a Google for CCTV. Company CEO Matt Sailor demonstrated a version of Ella hooked up to 40 cameras trained on an industrial park that was able to respond with relevant footage to searches such as "a man wearing red" or "UPS…
Content type: Examples
In November 2017, San Francisco-based Strava, maker of a GPS-enabled fitness app, published a heat map showing the activity of all its 27 million users around the world. Upon outside examination, the data visualisation, which was built from 1 billion activities and 3 trillion data points covering 27 billion kilometres of distance travelled over the previous two years, exposed individual jogging routes in remote areas, including those used by soldiers around military bases in war zones, where…
Content type: Examples
EU antitrust regulators are studying how companies gather and use big data with a view to understanding how access to data may close off the market to smaller, newer competitors. Among the companies being scrutinised are the obvious technology companies, such as Google and Facebook, and less obvious companies such as German car maker BMW. The commissioner for competition, Margrethe Vestager, says her office has not yet found cause for concerns, although it fined Facebook for giving misleading…
Content type: Examples
In 2016, the US Federal Trade Coimmission issued a warning to app developers that had installed Silverpush, software that uses device microphones to listen for audio signals inaudible to the human ear that identify the television programmes they are watching. Nonetheless, similar technology continued to spread. In 2017, software from the TV data collection startup Alphonso, began to spread. As many as 1,000 gaming, messaging, and social apps using Alphonso's software, some of them aimed at…
Content type: Examples
A report for the US National Academy of Sciences explains the methods used by a team of computer scientists to derive accurate, neighbourhood-level estimates of the racial, economic, and political characteristics of 200 US cities using the images collected by Google Street View in 2013 and 2014. The key element: the pictures captured of 22 million cars parked along or driving down those streets. The scientists trained a computer algorithm to recognise the make, model, and year of each…
Content type: Examples
Sidewalk Labs, a subsidiary of Alphabet (Google's owner), has signed a deal with the Canadian city of Toronto to redevelop the brownfield Quayside waterfront district and turn it into a technology hub. The deal raises three sets of issues. First (The Guardian) is the essential privatisation of public space by granting Sidewalk Labs over the technology used and the data collected. Second (The Civicist), are the privacy implications, discussed in a public forum, of allowing Sidewalk Labs to…
Content type: Examples
A recent study from the Yale Privacy lab and Exodus Privacy founds dozens of invasive trackers hidden in common Android apps. However, the method the researchers used, which involved writing code to expose the internal workings of the devices they tested, is legally barred under the US Digital Millennium Copyright Act (2000). Apple's iOS operating system is locked with digital rights management (DRM) software, and both the DMCA and the EU's Copyright Directive prohibit circumventing DRM or…