4 min read

ICYMI: May 31 - June 6

ICYMI: May 31 - June 6

ICYMI is posted every Monday recapping privacy news over the last week from around the web.

Suit Claims Google’s Tracking Violates Federal Wiretap Law

Google violated federal wiretap laws when it continued to collect information about what users were doing on the internet without their permission even though they were browsing in so-called private browsing mode, according to a potential class-action lawsuit filed against the internet giant on Tuesday.

The lawsuit, filed in U.S. District Court for the Northern District of California, said Google tracked and collected consumer browsing history even if users took steps to maintain their privacy. The suit said Google also violated a California law that requires consent of all parties to read or learn the contents of private communication.

We just saw Arizona bring a lawsuit to Google's doorstep last week for this issue and now we have another one on the books in California.  This isn't the first time Google has collected data when users took steps to maintain their privacy either.  

Zoom’s CEO says he won’t encrypt free calls so Zoom can work more with law enforcement

Nico Grant (@NicoAGrant)
Zoom’s CEO says he won’t encrypt free calls so Zoom can work more with law enforcement: “Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Yuan said. $ZM

Pay us if you want to commit crimes on our service.

Privacy Implications of Accelerometer Data:  A Review of Possible Inferences

This sentiment is reflected in protection policies of current mobile operating systems, where third-party apps can access accelerometer data without requiring security permission. It has been shown in experiments, however, that seemingly innocuous sensors can be used as a side channel to infer highly sensitive information about people in their vicinity. Drawing from existing literature, we found that accelerometer data alone may be sufficient to obtain information about a device holder’s location, activities, health condition, body features, gender, age, personality traits, and emotional state. Acceleration signals can even be used to uniquely identify a person based on biometric movement patterns and to reconstruct sequences of text entered into a device, including passwords.

Connections can be formed from the most unexpected things.

Blur tools for Signal

The latest version of Signal for Android and iOS introduces a new blur feature in the image editor that can help protect the privacy of the people in the photos you share. Now it’s easy to give every face a hiding place, or draw a fuzzy trace over something you want to erase. Simply tap on the new blur tool icon to get started.
[...] We want to do something outside of the app too, so we’ll be distributing versatile face coverings to the community free of charge. We’ve been working to find a manufacturer capable of producing high volumes of face coverings in the current global circumstances. We’re finalizing a few remaining details and will provide more information soon.

Pretty cool stuff.

Why printers add secret tracking dots

At that point, experts began taking a closer look at the document, now publicly available on the web. They discovered something else of interest: yellow dots in a roughly rectangular pattern repeated throughout the page. They were barely visible to the naked eye, but formed a coded design. After some quick analysis, they seemed to reveal the exact date and time that the pages in question were printed: 06:20 on 9 May, 2017 – at least, this is likely to be the time on the printer’s internal clock at that moment. The dots also encode a serial number for the printer.

These “microdots” are well known to security researchers and civil liberties campaigners. Many colour printers add them to documents without people ever knowing they’re there.

This has been around for decades but it's great to see this being talked about since the majority of people don't know this exists.

Federal Court Says Sneaking A Warrantless Peek At A Cellphone Lock Screen Violates The Fourth Amendment

The government tried to argue a lock screen contains no privacy interests. The court disagrees. Even though the information gleaned might be minimal (the FBI agent was likely looking to verify the phone was still in "airplane" mode), the expectation of privacy remains… as does the warrant requirement. It's the intrusion that matters -- not the government's subjective beliefs about the contours of privacy protections.

Good news

Brave was caught adding their own affiliate codes to specific URLs

So when you are using the @brave browser and type in "binance[.]us" you end up getting redirected to "binance[.]us/en?ref=35089877" - I see what you did there mates 😂

Brave certainly has spending their goodwill liberally as of late.  Read more about Brave and some of their shenanigans over here.

Want to join the discussion?  Check out this post, and others, over at the CupWire subreddit and leave a comment.