ICYMI is posted every Monday recapping privacy news over the last week from around the web.
The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a "level" app that can be used to help, for example, install shelves in a bedroom.
Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.
Prime example on why you should deny any permissions and access that aren't critical for the application to function.
Google said today it plans to add a new section on the Chrome Web Store where extension developers will be able to disclose what user data they're collecting from users and what they plan to do with the information.
The new section is set to go into effect on January 18, 2021, and will appear as a "Privacy practices" button on each extension's Web Store listing.
I'm always rooting for additional transparency.
PS: don't use Chrome. If you do currently use Chrome, find an alternative.
Just as importantly, Google has announced that it’s finally beginning to enable a key privacy feature: end-to-end encryption. For Android users who use Android Messages, one-on-one chats will eventually be end-to-end encrypted by default, meaning neither carriers nor Google will be able to read the content of those messages.
Even though encryption is only beginning to roll out to people who sign up for the public beta for Android Messages, turning on encryption for RCS is a very big deal. It’s a massive privacy win, as it could mean that the de facto replacement for SMS will, by default, be private on the smartphone platform used by the vast majority of people worldwide.
This is good but Google still maintains access to a ton of metadata. You should still attempt the switch to something more private, such as Signal, Threema, or another privacy centric communication service. You can read more about that over here.
Want to join the discussion? Check out this post, and others, over at the CupWire subreddit and leave a comment.