Anti-Party Technology | The Cat Herder, Volume 5, Issue 32

At some point in the near future we may be able to determine what happens when someone wearing a conn   August 21 · Issue #194 · View online At some point in the near future we may be able to determine what happens when someone wearing a connected scarf from Cisco attends an illicit party in a rented AirBnB. 😼 No possibility of bias creeping into this opaque profiling tool, no sirree. drnick 🗳️² X 🏴 @DrNickA Anti-party technology is here and fun is officially banned. We’re now in a world where algorithmic snitching is used to pre-detect it you’re even thinking about having a party and will cancel you from booking somewhere. https://t.co/bJrSL2GFjq 8:31 PM - 17 Aug 2022 Airbnb really wants to shut down parties in its rentals. On Tuesday, the company announced the deployment of “anti-party tools” that it claims will help identify users who are likely to throw a party and prevent them from renting a property. Airbnb is launching the tools in the US and Canada, it said. The tools use an algorithm that flags “potentially high-risk reservations” by looking at user characteristics like “history of positive reviews (or lack of positive reviews), length of time the guest has been on Airbnb, length of the trip, distance to the listing, weekend vs. weekday, among many others.” Airbnb’s party-pooper tech claims to stop likely party-throwers from renting | Ars Technica arstechnica.com – Share Pilot program reduced banned parties in Australia by 35 percent, company says. Lara O'Reilly @larakiara Can’t wait until the adtech companies get their hands on that anti-party data https://t.co/RTSiPfQJHv 10:26 PM - 16 Aug 2022 — Cisco and Manchester City FC have announced something many thought impossible, an upgrade to the humble scarf. This is really showing up those of us foolish enough to assume the design of the scarf was a reasonably settled matter. It turns out you can put a moderately uncomfortable-looking lump of plastic with sensors in it into the scarf and produce a whole marketing micro site with charts and displays and stuff. we are excited to share an innovative upgrade to the scarf that allows us to measure those ups and downs and get a better understanding of the emotion at the heart of the world’s beautiful game. Tracking a range of physiological indicators, The Connected Scarf shows us just how deeply fans are impacted by the action on the field. Cisco x Man City | The Connected Scarf www.mancity.com – Share This again. Loughlin O'Nolan @loughlin As I did years ago when the CSO was making *repeated* attempts to do this, I will yet again suggest that becoming known as the country which tracks tourists' mobile phones is likely to do reputational damage which far outweighs any perceived benefit. https://t.co/0uHRNm8643 https://t.co/rgik6nXoCM 6:38 PM - 16 Aug 2022 Five years ago in July 2017 The Irish Times described the Central Statistics Office as having been in “a stand-off with the Data Protection Commissioner for almost nine years on the legality of the proposal”. So, rounding down, it’s at least thirteen years since this began. The proposal in question being seemingly identical to what has been floated again this week, “a plan to use overseas tourists’ mobile phone data to build a database on their movements in Ireland, as well as how long they stay here” (€) as well as tracking Irish people leaving Ireland. One wonders if the people behind this proposal keep abreast of current affairs at all, or have considered the uses to which location data can be put, or have any idea how much more aware of the sensitivity of this information the average smartphone user is than they were five years ago. Or even thirteen years ago when the CSO began this misguided surveillance adventure. For example, from just last month: Google will delete location history data for abortion clinic visits | Google | The Guardian www.theguardian.com – Share The company said that sensitive places including fertility centers, clinics and addiction treatment facilities will be erased No entity, whether it be Fáilte Ireland, the CSO or one of your neighbours, is entitled to get its hands on personal data simply because the data exists, is being collected and they’re interested in having a look at it. When looking at the coverage of this project from 2017 I came across this magnificent sentence in a piece on the Newstalk website: “[The mobile operators] would then send the CSO anonymized versions of this data, which would once again be anonymised by the CSO.” If it had been anonymised fully the first time then why the need to anonymise it a second time? Unless everybody involved knows they’re not actually anonymising the data, merely pseudonymising it. After Felix Krause published a blog post on Thursday about the in-app browser in the TikTok app on iOS, TikTok responded, letting us know that while it is not stealing your passwords at this time it certainly could if it felt like it. TikTok Says, No, It Isn't Stealing Your Passwords www.vice.com – Share A developer warned that TikTok’s iPhone app could scrape passwords and other sensitive data with its in-app browser. But there is no evidence the app is doing that. If you don’t want to be subjected to this sort of tracking then you should avoid using in-app browsers wherever possible. As the app developers are making this increasingly difficult to do we can only presume they really don’t want you to be able to do this, and they really do want to track you in as many intrusive ways as possible. EricaJoy @EricaJoy the only way to avoid this is to manually type the URL you’re attempting to go to in a separate browser (tiktok does not allow you to open the URL in an external browser or copy the URL to paste into an external browser). 5:13 PM - 19 Aug 2022 Hands up those of you who have ever sent an email to over eighteen hundred recipients, let alone one with someone’s medical records attached. An insecure email attachment containing the patient’s confidential health details was sent to 1,870 recipients. Manx Care faces £170k fine over patient data breach - BBC News www.bbc.com – Share The health care provider is given until the end of the year to put measures in place or pay the fine. The EDPB published its Article 65 dispute resolution Binding Decision concerning hospitality giant Accor. This resolved “a dispute between the French DPA as the lead supervisory authority (LSA), and one of the concerned supervisory authorities (CSA), namely the Polish DPA, with regard to the amount of the fine against ACCOR SA, the controller, for their failure to respect the right to object to marketing activities and difficulties encountered in exercising the right of access.” This Twitter thread by Serge Egelman on the disparity between a data broker’s marketing materials and its court filings, location data, advertising IDs and persistent identifiers, and the grey area between personal data as defined in the GDPR and the common understanding of Personally Identifiable Information in the United in which data brokers and data controllers like to play. “This is what we call in scientific circles, "bullshit.” They are claiming that the FTC is incorrect, that they do not collect identifiable data alongside location data, in literally the same paragraph that they admit to collecting identifiable data alongside location data.“ “The lack of dissuasive or public enforcement of data protection law by the ICO means the law is a paper tiger with no teeth,” said Jen Persson, director of Defend Digital Me, a UK-based civil liberties group that focuses on children’s rights to privacy and free expression. The wording of GDPR states that fines and penalties should be dissuasive, but the lack of transparency over ICO investigations and their outcomes contributes to the sense among advocacy groups that the regulator has yet to follow through on enforcing its recommendations.” From ‘UK’s Data Regulator Yet to Enforce Single Child Protection Case’ by Olivia Solon for Bloomberg. “In the books and podcast apps, publishers could pay for their work to appear higher in results—or in ads placed throughout the apps. Publishers have long been able to sell books inside of the Apple Books app, and subscribing to podcasts could be tied to advertising as well. An ad-supported TV+, meanwhile, could offer older shows for a lower price—and help promote the paid offering. Now the only question is whether the customers of Apple—a champion of privacy and clean interfaces—are ready to live with a lot more ads.” From ‘Apple Set to Expand Advertising, Bringing Ads to Maps, TV and Books Apps’ by Mark Gurman for Bloomberg. — Endnotes & Credits The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds. As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”. The image used in the header is by Krystian Tambur on Unsplash. Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running. Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can. Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn. If you know someone who might enjoy this newsletter do please forward it on to them. Did you enjoy this issue? In order to unsubscribe, click here. If you were forwarded this newsletter and you like it, you can subscribe here. Powered by Revue Privacy Kit, Made with 💚 in Dublin, Ireland

At some point in the near future we may be able to determine what happens when someone wearing a connected scarf from Cisco attends an illicit party in a rented AirBnB.

😼

No possibility of bias creeping into this opaque profiling tool, no sirree.

Pilot program reduced banned parties in Australia by 35 percent, company says.

—

Cisco and Manchester City FC have announced something many thought impossible, an upgrade to the humble scarf. This is really showing up those of us foolish enough to assume the design of the scarf was a reasonably settled matter. It turns out you can put a moderately uncomfortable-looking lump of plastic with sensors in it into the scarf and produce a whole marketing micro site with charts and displays and stuff.

This again.

Five years ago in July 2017 The Irish Times described the Central Statistics Office as having been in “a stand-off with the Data Protection Commissioner for almost nine years on the legality of the proposal”. So, rounding down, it’s at least thirteen years since this began. The proposal in question being seemingly identical to what has been floated again this week, “a plan to use overseas tourists’ mobile phone data to build a database on their movements in Ireland, as well as how long they stay here” (€) as well as tracking Irish people leaving Ireland.

One wonders if the people behind this proposal keep abreast of current affairs at all, or have considered the uses to which location data can be put, or have any idea how much more aware of the sensitivity of this information the average smartphone user is than they were five years ago. Or even thirteen years ago when the CSO began this misguided surveillance adventure. For example, from just last month:

The company said that sensitive places including fertility centers, clinics and addiction treatment facilities will be erased

No entity, whether it be Fáilte Ireland, the CSO or one of your neighbours, is entitled to get its hands on personal data simply because the data exists, is being collected and they’re interested in having a look at it.

When looking at the coverage of this project from 2017 I came across this magnificent sentence in a piece on the Newstalk website: “[The mobile operators] would then send the CSO anonymized versions of this data, which would once again be anonymised by the CSO.”

If it had been anonymised fully the first time then why the need to anonymise it a second time? Unless everybody involved knows they’re not actually anonymising the data, merely pseudonymising it.

After Felix Krause published a blog post on Thursday about the in-app browser in the TikTok app on iOS, TikTok responded, letting us know that while it is not stealing your passwords at this time it certainly could if it felt like it.

A developer warned that TikTok’s iPhone app could scrape passwords and other sensitive data with its in-app browser. But there is no evidence the app is doing that.

If you don’t want to be subjected to this sort of tracking then you should avoid using in-app browsers wherever possible. As the app developers are making this increasingly difficult to do we can only presume they really don’t want you to be able to do this, and they really do want to track you in as many intrusive ways as possible.

Hands up those of you who have ever sent an email to over eighteen hundred recipients, let alone one with someone’s medical records attached.

The health care provider is given until the end of the year to put measures in place or pay the fine.

The EDPB published its Article 65 dispute resolution Binding Decision concerning hospitality giant Accor. This resolved “a dispute between the French DPA as the lead supervisory authority (LSA), and one of the concerned supervisory authorities (CSA), namely the Polish DPA, with regard to the amount of the fine against ACCOR SA, the controller, for their failure to respect the right to object to marketing activities and difficulties encountered in exercising the right of access.”

• This Twitter thread by Serge Egelman on the disparity between a data broker’s marketing materials and its court filings, location data, advertising IDs and persistent identifiers, and the grey area between personal data as defined in the GDPR and the common understanding of Personally Identifiable Information in the United in which data brokers and data controllers like to play. “This is what we call in scientific circles, "bullshit.” They are claiming that the FTC is incorrect, that they do not collect identifiable data alongside location data, in literally the same paragraph that they admit to collecting identifiable data alongside location data.“
• “The lack of dissuasive or public enforcement of data protection law by the ICO means the law is a paper tiger with no teeth,” said Jen Persson, director of Defend Digital Me, a UK-based civil liberties group that focuses on children’s rights to privacy and free expression. The wording of GDPR states that fines and penalties should be dissuasive, but the lack of transparency over ICO investigations and their outcomes contributes to the sense among advocacy groups that the regulator has yet to follow through on enforcing its recommendations.” From ‘UK’s Data Regulator Yet to Enforce Single Child Protection Case’ by Olivia Solon for Bloomberg.
• “In the books and podcast apps, publishers could pay for their work to appear higher in results—or in ads placed throughout the apps. Publishers have long been able to sell books inside of the Apple Books app, and subscribing to podcasts could be tied to advertising as well. An ad-supported TV+, meanwhile, could offer older shows for a lower price—and help promote the paid offering. Now the only question is whether the customers of Apple—a champion of privacy and clean interfaces—are ready to live with a lot more ads.” From ‘Apple Set to Expand Advertising, Bringing Ads to Maps, TV and Books Apps’ by Mark Gurman for Bloomberg.

—

Endnotes & Credits

• The elegant Latin bon mot “Futuendi Gratia” is courtesy of Effin’ Birds.
• As always, a huge thank you to Regina Doherty for giving the world the phrase “mandatory but not compulsory”.
• The image used in the header is by Krystian Tambur on Unsplash.
• Any quotes from the Oireachtas we use are sourced from KildareStreet.com. They’re good people providing a great service. If you can afford to then donate to keep the site running.
• Digital Rights Ireland have a storied history of successfully fighting for individuals’ data privacy rights. You should support them if you can.

Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.

If you know someone who might enjoy this newsletter do please forward it on to them.