3 min read

ICYMI: Aug 17 - Aug 23

ICYMI: Aug 17 - Aug 23

ICYMI is posted every Monday recapping privacy news over the last week from around the web.

College contact-tracing app readily leaked personal data, report finds

Aura, however, goes all in on real-time location-tracking instead, as TechCrunch reports. The app collects students' names, location, and COVID-19 status, then generates a QR code containing that information. The code either comes up "certified" if the data indicates a student has tested negative, or "denied" if the student has a positive test or no test data. In addition to tracking students' COVID-19 status, the app will also lock a student's ID card and revoke access to campus buildings if it detects that a student has left campus "without permission."

TechCrunch used a network analysis tool to discover that the code was not generated on a device but rather on a hidden Aura website—and that TechCrunch could then easily change the account number in the URL to generate new QR codes for other accounts and receive access to other individuals' personal data.

A student at Albion, looking into the app's source code, also found hard-coded security keys for the app's backend servers. A researcher took a look and verified that those keys gave access to "patient data, including COVID-19 test results with names, addresses, and dates of birth," TechCrunch reports.

No need to install any contact tracing apps.  Wear a mask (gloves aren't a terrible idea either), wash your hands, and don't congregate in areas where there's large groups of people and you'll be ahead of the game.

License plate tracking for police set to go nationwide

Documents obtained by the American Civil Liberties Union in March 2019 showed that Immigration and Customs Enforcement agents used license plate readers to track people's movements, accessing a database that logs 150 million to 200 million scans every month.

An Electronic Frontier Foundation study in 2015 also found that Black and Latino residents were more likely to be scanned by license plate readers, raising concerns about racial injustice regarding the surveillance technology.
In early August, Aurora police blamed a faulty license plate reader for misidentifying a vehicle as stolen, which led to officers holding a Black family, with children as young as 6, at gunpoint.

Flock Safety has also faced criticism from privacy experts for its consumer offers -- where residents in richer neighborhoods in at least 30 states pay up to $2,000 a camera to track cars that pass through their communities.

The technology is also used by repossession companies and by landlords who don't want unauthorized cars parking in their lots.

Secret Service buys location data that would otherwise need a warrant

The Secret Service paid about $2 million in 2017-2018 to a firm called Babel Street to use its service Locate X, according to a document (PDF) Vice Motherboard obtained. The contract outlines what kind of content, training, and customer support Babel Street is required to provide to the Secret Service.

Locate X provides location data harvested and collated from a wide variety of other apps, tech site Protocol reported earlier this year. Users can "draw a digital fence around an address or area, pinpoint mobile devices that were within that area, and see where else those devices have traveled" in the past several months, Protocol explained.
Private companies can gather up, buy, sell, and trade all kinds of sensitive user data more or less however they want, with very few limitations—and they do.

All kinds of mobile apps collect location data, both legitimately and illegitimately, and then sell it to data brokers. The data brokers then pass on is theoretically anonymized—but in practice, it's easily identifiable.

The New York Times in 2018 demonstrated in a multimedia feature how easy it is to follow an individual around her whole daily life using a snapshot obtained from just one data aggregation firm. "The database reviewed by The Times—a sample of information gathered in 2017 and held by one company—reveals people's travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day," the paper wrote at the time.

Always a good idea to keep settings such as bluetooth, wifi, and location settings turned off when they aren't needed and applications have restricted permissions and access.  You can still be tracked by cell phone towers but if your cell phone isn't in your name, it's much harder to pin this type of information to you.

Chicago Police Will Monitor Social Media to Prevent ‘Looting’

Amidst weeks of unrest in Chicago, Mayor Lori Lightfoot has announced the creation of a “task force” to monitor protesters’ social media activity and prevent “looting,” NBC Chicago reports.

If you have to use social media, make sure you cull your friends list, crank up the privacy settings, and make sure you're watching what you post.

Want to join the discussion?  Check out this post, and others, over at the CupWire subreddit and leave a comment.