October 16, 2022
Pawn Shop | The Cat Herder, Volume 5, Issue 40
| |
| October 16 · Issue #202 · View online |
|
|
Surveillance as a nifty motoring accessory, darker and darker patterns, maybe we shouldn’t be giving law enforcement unsupervised and unlimited access to powerful surveillance tools. Yet again, most data breaches are the result of human error, not super-sophisticated hackers. 😼
|
|
|
City resident Brian Zink discovered the data after he bought the thumb drive at a pawn shop. “I spotted some USBs, like a wicker basket just with loose USBs. There’s roughly five or six USBs just sitting there,” he told CBC.
|
|
|
|
|
The simplest tricks are the best ones. Ask users for permission to do multiple unrelated things all in one go. The lesson from this short thread is that unscrupulous organisations which are determined to circumvent the law with skeevy growth hacking tricks such as this will find a way to do so.
|
|
|
|
(1/7) is obsessed with . They just send their notifications to the wrong person as I write my Ph.D. about dark patterns & fairness in . Let's take a look at this one (which is actually a cluster of dark patterns): https://t.co/oKmkEwTBQz
|
|
|
|
|
|
According to a sentencing memorandum, Bryan Wilson used his law enforcement access to Accurint, a powerful data-combing software used by police departments to assist in investigations, to obtain information about potential victims. He would then share that information with a hacker, who would hack into private Snapchat accounts to obtain sexually explicit photos and videos.
|
Feds: Ex Louisville Police Officer Used Law Enforcement Tech To Help Hack Sexually Explicit Photos From Women
A former Louisville Metro Police Department officer used law enforcement technology as part of a scheme that involved hacking the Snapchat accounts of young women and using sexually explicit photos and videos they had taken to extort them, federal prosecutors said in court documents filed on Tuesday. According to a sentencing memorandum, Bryan Wilson used … Continued
|
|
|
Dalziel said: “It is standard that we are passed immigration papers from Dungavel – we can find that people are in all sorts of situations. But when we saw that this information had been gathered using his geolocation the whole team was shocked. “It appears to be that they have taken his phone without consent, and ordered him to provide his passcode without legal advice. There was no evidence presented that they had any suspicion on which to act. “It really seems that no matter what happens the Home Office finds ways to exceed expectations of how low they can stoop.”
|
Home Office accused of breaching privacy laws after cancelling international student’s visa
The Home Office used location data from an international student’s mobile phone to detain him for allegedly breaking his visa conditions, The Ferret can reveal.
|
|
|
An ideal device for the employer who would like to surveil and track their employees but is feeling a bit reluctant to baldly say “I’m installing a surveillance device in your vehicle”.
|
The company’s so-called RPlate can be equipped with GPS and allows users, including employers, to track a vehicle’s location and mileage.
|
California drivers can now sport digital license plates on their cars : NPR
The license plate-sized screens display a plate number and allow drivers to renew their registration. They also allow users to track a vehicle with GPS and display a warning if the car is stolen.
|
|
|
The EDPB published a letter it has sent to the EU Commission on “procedural aspects that could be harmonised at EU level”, which has some good stuff in it and could certainly have come a bit sooner than four and a half years after the GDPR became enforceable. [ direct link to PDF] |
|
|
The Garante fined Senseonics Inc. €45,000 for unlawfully disclosing “email accounts and health data relating to about 2,000 Italian diabetic patients” and also committing “additional infringements of data protection laws”. TL;DR - someone put all the addresses of the recipients of a marketing email in the CC field rather than the BCC field. |
|
|
|
|
-
“When privacy comes with a price tag, the brief history of the web indicates that most people won’t break out their credit cards to protect their data. That lax approach could undermine the entire purpose of laws like the GDPR. Coercing people into giving up their privacy with a financial penalty doesn’t make for meaningful, freely given consent, said Santos, the co-author of the research. “We could see this practice being spread around and legitimized. The business model here can surely be replicated.” From ‘Some EU Websites Make You Pay to Reject Cookies—the US Could Be Next’ by Thomas Germain for Gizmodo.
-
"Schools might also use AI tools to track social media posts. This is particularly relevant for college students. While colleges generally don’t use content monitoring software, it’s likely they’ll monitor students’ social media for potential risk of violence or protest. Just as you would assume that anything you type on your school-issued device can be seen and scanned by an algorithm, assume that your public social profiles can be, too. Even private accounts aren’t completely safe, says Kelley. (Yes, even your super-locked-down Finsta.) If you comment on a public account, for example, that might be scanned and subjected to social-media-monitoring algorithms as well.” From ‘How to Protect Yourself If Your School Uses Surveillance Tech’ by Pia Geres for Wired. In a more reasonable world a story with tips on how to protect yourself from the educational institutions you attend probably shouldn’t have to be written, but here we are.
-
“The lawsuit was filed by truck driver Richard Rogers, who alleged that he was required to scan his fingerprint to confirm his identity and access BNSF facilities. The company failed to disclose the purpose of collecting fingerprints and did not publish a data retention or destruction policy as required by law, Rogers alleged. BNSF argued in subsequent filings that it should not be held liable for biometric data collection conducted on its behalf by a third-party contractor, Remprex LLC., an argument Judge Matthew Kennelly of the US District Court for the Northern District of Illinois rejected in September. After a five-day trial, the jury found that BNSF had recklessly or intentionally violated BIPA 45,600 times, one violation per class action member. The decision subjects BNSF to the maximum BIPA penalty of $5,000 per violation.” From ‘First Illinois Biometric Privacy Trial Ends in BNSF Loss’ by Skye Witley for Bloomberg Law.
—
|
|
|
|
|
If you know someone who might enjoy this newsletter do please forward it on to them.
|
|
https://www.cbc.ca/news/canada/north/yukon-government-data-breach-1.6617217
|
|
https://www.cbc.ca/news/canada/north/yukon-government-data-breach-1.6617217
|
|
Did you enjoy this issue?
|
|
|
|
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
|
|
|
|
Privacy Kit, Made with 💚 in Dublin, Ireland
|
|
|
Surveillance as a nifty motoring accessory, darker and darker patterns, maybe we shouldn’t be giving law enforcement unsupervised and unlimited access to powerful surveillance tools. Yet again, most data breaches are the result of human error, not super-sophisticated hackers.
😼
CBC: ‘Thumb drive with confidential Yukon gov’t case files found in Whitehorse pawn shop’
—
The simplest tricks are the best ones. Ask users for permission to do multiple unrelated things all in one go. The lesson from this short thread is that unscrupulous organisations which are determined to circumvent the law with skeevy growth hacking tricks such as this will find a way to do so.
A former Louisville Metro Police Department officer used law enforcement technology as part of a scheme that involved hacking the Snapchat accounts of young women and using sexually explicit photos and videos they had taken to extort them, federal prosecutors said in court documents filed on Tuesday. According to a sentencing memorandum, Bryan Wilson used … Continued
—
The Home Office used location data from an international student’s mobile phone to detain him for allegedly breaking his visa conditions, The Ferret can reveal.
An ideal device for the employer who would like to surveil and track their employees but is feeling a bit reluctant to baldly say “I’m installing a surveillance device in your vehicle”.
The license plate-sized screens display a plate number and allow drivers to renew their registration. They also allow users to track a vehicle with GPS and display a warning if the car is stolen.
The EDPB published a letter it has sent to the EU Commission on “procedural aspects that could be harmonised at EU level”, which has some good stuff in it and could certainly have come a bit sooner than four and a half years after the GDPR became enforceable. [direct link to PDF]
—
The Garante fined Senseonics Inc. €45,000 for unlawfully disclosing “email accounts and health data relating to about 2,000 Italian diabetic patients” and also committing “additional infringements of data protection laws”. TL;DR - someone put all the addresses of the recipients of a marketing email in the CC field rather than the BCC field.
—
-
“When privacy comes with a price tag, the brief history of the web indicates that most people won’t break out their credit cards to protect their data. That lax approach could undermine the entire purpose of laws like the GDPR. Coercing people into giving up their privacy with a financial penalty doesn’t make for meaningful, freely given consent, said Santos, the co-author of the research. “We could see this practice being spread around and legitimized. The business model here can surely be replicated.” From ‘Some EU Websites Make You Pay to Reject Cookies—the US Could Be Next’ by Thomas Germain for Gizmodo.
-
"Schools might also use AI tools to track social media posts. This is particularly relevant for college students. While colleges generally don’t use content monitoring software, it’s likely they’ll monitor students’ social media for potential risk of violence or protest. Just as you would assume that anything you type on your school-issued device can be seen and scanned by an algorithm, assume that your public social profiles can be, too. Even private accounts aren’t completely safe, says Kelley. (Yes, even your super-locked-down Finsta.) If you comment on a public account, for example, that might be scanned and subjected to social-media-monitoring algorithms as well.” From ‘How to Protect Yourself If Your School Uses Surveillance Tech’ by Pia Geres for Wired. In a more reasonable world a story with tips on how to protect yourself from the educational institutions you attend probably shouldn’t have to be written, but here we are.
-
“The lawsuit was filed by truck driver Richard Rogers, who alleged that he was required to scan his fingerprint to confirm his identity and access BNSF facilities. The company failed to disclose the purpose of collecting fingerprints and did not publish a data retention or destruction policy as required by law, Rogers alleged. BNSF argued in subsequent filings that it should not be held liable for biometric data collection conducted on its behalf by a third-party contractor, Remprex LLC., an argument Judge Matthew Kennelly of the US District Court for the Northern District of Illinois rejected in September. After a five-day trial, the jury found that BNSF had recklessly or intentionally violated BIPA 45,600 times, one violation per class action member. The decision subjects BNSF to the maximum BIPA penalty of $5,000 per violation.” From ‘First Illinois Biometric Privacy Trial Ends in BNSF Loss’ by Skye Witley for Bloomberg Law.
—
Endnotes & Credits
Find us on the web at myprivacykit.com and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
