"So I feel the issues here are ultimately systemic policy problems that need to be fixed with regulation (such as enact national right to repair laws, de-fang the DMCA, implement US national privacy protections, somehow limit the massive seemingly untouchable influence of big tech companies, and probably tax down tech billionaires).

That’s a big ask that feels insurmountable at this moment, but it’s a movement can start now with people who are fed up with our current de facto abusive tech business models. I think eventually we will get there anyway, because the I am not sure the current extractive model is sustainable without encountering massive social unrest within the next decade. The alternative to change, if taken to an extreme, may be the collapse of personal liberty for everyone.

In the meantime, while these lofty goals simmer and take shape, you can also continue to take personal steps to preserve your own tech liberty. Support nonprofits like the EFF that fight for privacy and user rights, strong encryption, open source, use local storage, and so on. I highly encourage it.

Ultimately I hope these thoughts can be a starting point for others to pick up the torch and build off of. I will also be thinking of constructive solutions for a future follow-up."

<https://www.vintagecomputing.com/index.php/archives/3292/the-pc-is-dead-its-time-to-make-computing-personal-again>

#USA #Privacy #BigTech #SurveillanceCapitalism #DMCA #RightToRepair #Oligopolies

"The Federal Trade Commission announced a proposed settlement agreeing that General Motors and its subsidiary, OnStar, will be banned from selling geolocation and driver behavior data to credit agencies for five years. That’s good news for G.M. owners. Every car owner and driver deserves to be protected.

Last year, a New York Times investigation highlighted how G.M. was sharing information with insurance companies without clear knowledge from the driver. This resulted in people’s insurance premiums increasing, sometimes without them realizing why that was happening. This data sharing problem was common amongst many carmakers, not just G.M., but figuring out what your car was sharing was often a Sisyphean task, somehow managing to be more complicated than trying to learn similar details about apps or websites."

<https://www.eff.org/deeplinks/2025/01/ftcs-ban-gm-and-onstar-selling-driver-behavior-good-first-step>

#USA #FTC #GM #OnStar #Privacy #LocationData #GeoLocation #DataProtection

"This decision sheds light on the government’s liberal use of what is essential a “finders keepers” rule regarding your communication data. As a legal authority, FISA Section 702 allows the intelligence community to collect a massive amount of communications data from overseas in the name of “national security.” But, in cases where one side of that conversation is a person on US soil, that data is still collected and retained in large databases searchable by federal law enforcement. Because the US-side of these communications is already collected and just sitting there, the government has claimed that law enforcement agencies do not need a warrant to sift through them. EFF argued for over a decade that this is unconstitutional, and now a federal court agrees with us."

<https://www.eff.org/deeplinks/2025/01/victory-federal-court-finally-rules-backdoor-searches-702-data-unconstitutional>

#USA #Surveillance #PoliceState #Section702 #Backdoors #CyberSecurity #Privacy

"I actually had to go to account, account settings, and “Smart features and personalization” where an administrator can set a default value for users. The spokesperson clarified that individual end users can go turn it off themselves in their own Gmail settings. They pointed to these instructions where users disable “smart features.”

But it looks like it’s all or nothing. You can’t turn off just the new Gemini stuff without also disabling things like Gmail nudging you about an email you received a few days ago, or automatic filtering when Gmail puts emails into primary, social, and promotion tabs, which are features that Gmail has had for years and which many users are probably used to.

On iOS, you go to settings, data privacy, then turn off “Smart features and personalization.” A warning then says you’re about to turn off all the other stuff too that I mentioned above and much more. On Android, you go to settings, general, and then “Google Workspace smart features.”"

<https://www.404media.co/opting-out-of-gmails-gemini-ai-summaries-is-a-mess-heres-how-to-do-it-we-think/?ref=daily-stories-newsletter>

#AI #GenerativeAI #Google #Gmail #Gemini #Privacy #DataProtection

"What we have today is an entire economic system built on this instrumentarian power. If capitalism is a system built on the production and sale of commodities, our personal data is one of the most sought out. It is mined and refined just like oil, and it has become almost as valuable. The ability to influence behavior at such an enormous scale is coveted by all sorts of third parties, particularly e-commerce businesses and political campaigns. So the US Supreme Court may well have reason to fear that TikTok could grant a powerful few undue influence over the behavior of many American citizens, even if politicians’ claims that TikTok — a private company — is funneling user data to the Chinese government are misguided. If the Chinese wanted the data, they could just buy it. Rather, the Supreme Court has decided that the free speech of American users of TikTok is a small price to pay to protect US tech hegemony, not Americans’ data or privacy.

This is substantiated by the astonishing lack of government oversight of homegrown apps and tech companies. The Supreme Court obviously has few qualms about the undue power to manipulate the behavior of citizens that US policy has granted to corporations, private players who have no concern for the greater interests of their users beyond their ability to target them with ads and political messaging."

<https://jacobin.com/2025/01/tiktok-ban-china-data-surveillance>

#USA #SociaMedia #TikTok #Censorship #Privacy #Surveillance #DataProtection #China

"Within this context, it is no surprise that Google searches for VPNs in Florida have skyrocketed. But as more states and countries pass age verification laws, it is crucial to recognize the broader implications these measures have on privacy, free speech, and access to information. While VPNs may be able to disguise the source of your internet activity, they are not foolproof—nor should they be necessary to access legally protected speech.

A VPN routes all your network traffic through an "encrypted tunnel" between your devices and the VPN server. The traffic then leaves the VPN to its ultimate destination, masking your original IP address. From a website's point of view, it appears your location is wherever the VPN server is. A VPN should not be seen as a tool for anonymity. While it can protect your location from some companies, a disreputable VPN service might deliberately collect personal information or other valuable data. There are many other ways companies may track you while you use a VPN, including GPS, web cookies, mobile ad IDs, tracking pixels, or fingerprinting.

With varying mandates across different regions, it will become increasingly difficult for VPNs to effectively circumvent these age verification requirements because each state or country may have different methods of enforcement and different types of identification checks, such as government-issued IDs, third-party verification systems, or biometric data. As a result, VPN providers will struggle to keep up with these constantly changing laws and ensure users can bypass the restrictions, especially as more sophisticated detection systems are introduced to identify and block VPN traffic."

<https://www.eff.org/deeplinks/2025/01/vpns-are-not-solution-age-verification-laws>

#USA #AgeVerification #Censorship #Florida #VPNs #Surveillance #Privacy #Pornhub #DataProtection

" Now I invite you to imagine a world where we voluntarily go ahead and build general-purpose agents that are capable of all of these tasks and more. You might do everything in your technical power to keep them under the user’s control, but can you guarantee that they will remain that way?

Or put differently: would you even blame governments for demanding access to a resource like this? And how would you stop them? After all, think about how much time and money a law enforcement agency could save by asking your agent sophisticated questions about your behavior and data, questions like: “does this user have any potential CSAM,” or “have they written anything that could potentially be hate speech in their private notes,” or “do you think maybe they’re cheating on their taxes?” You might even convince yourself that these questions are “privacy preserving,” since no human police officer would ever rummage through your papers, and law enforcement would only learn the answer if you were (probably) doing something illegal.

This future worries me because it doesn’t really matter what technical choices we make around privacy. It does not matter if your model is running locally, or if it uses trusted cloud hardware — once a sufficiently-powerful general-purpose agent has been deployed on your phone, the only question that remains is who is given access to talk to it. Will it be only you? Or will we prioritize the government’s interest in monitoring its citizens over various fuddy-duddy notions of individual privacy.

And while I’d like to hope that we, as a society, will make the right political choice in this instance, frankly I’m just not that confident."

<https://blog.cryptographyengineering.com/2025/01/17/lets-talk-about-ai-and-end-to-end-encryption/>

#AI #GenerativeAI #AIAgents #Privacy #Encryption #Surveillance

"Stopping a company you distrust from profiting off your personal data shouldn’t require tinkering with hidden settings and installing browser extensions. Instead, your data should be private by default. That’s why we need strong federal privacy legislation that puts you—not Meta—in control of your information.

Without strong privacy legislation, Meta will keep finding ways to bypass your privacy protections and monetize your personal data. Privacy is about more than safeguarding your sensitive information—it’s about having the power to prevent companies like Meta from exploiting your personal data for profit."

<https://www.eff.org/deeplinks/2025/01/mad-meta-dont-let-them-collect-and-monetize-your-personal-data>

#SocialMedia #Meta #Facebook #Instagram #Privacy #Surveillance #DataProtection

"Today, noyb has filed GDPR complaints against TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi for unlawful data transfers to China. While four of them openly admit to sending Europeans’ personal data to China, the other two say that they transfer data to undisclosed “third countries”. As none of the companies responded adequately to the complainants’ access requests, we have to assume that this includes China. But EU law is clear: data transfers outside the EU are only allowed if the destination country doesn’t undermine the protection of data. Given that China is an authoritarian surveillance state, companies can’t realistically shield EU users’ data from access by the Chinese government. After issues around US government access, the rise of Chinese apps opens a new front for EU data protection law."

<https://noyb.eu/en/tiktok-aliexpress-shein-co-surrender-europeans-data-authoritarian-china>

#EU #DataProtection #Privacy #China #TikTok #Surveillance #AlixExpress #SHEIN #Temu #WeChat #Xiaomi

"To prevent AI models from memorizing their input, we know exactly one robust method: differential privacy (DP). But crucially, DP requires you to precisely define what you want to protect. For example, to protect individual people, you must know which piece of data comes from which person in your dataset. If you have a dataset with identifiers, that's easy. If you want to use a humongous pile of data crawled from the open Web, that's not just hard: that's fundamentally impossible.

In practice, this means that for massive AI models, you can't really protect the massive pile of training data. This probably doesn't matter to you: chances are, you can't afford to train one from scratch anyway. But you may want to use sensitive data to fine-tune them, so they can perform better on some task. There, you may be able to use DP to mitigate the memorization risks on your sensitive data.

This still requires you to be OK with the inherent risk of the off-the-shelf LLMs, whose privacy and compliance story boils down to "everyone else is doing it, so it's probably fine?".

To avoid this last problem, and get robust protection, and probably get better results… Why not train a reasonably-sized model entirely on data that you fully understand instead?"

<https://desfontain.es/blog/privacy-in-ai.html>

#AI #GenerativeAI #LLMs #SLMs #Privacy #DifferentialPrivacy #Memorization

"Apart from Palm Beach Networks (as it was known at the time), Barcelona is home to several other exploit and spyware makers that are also making the most of the city’s sunny, temperate weather, fresh seafood, and vibrant expat community.

Among them are Paradigm Shift, which was founded by former employees of Variston in the aftermath of the company’s collapse last year; and Epsilon, which is led by Jeremy Fetiveau, an industry veteran who used to work for a division within U.S. defense giant L3Harris that was created after the company acquired the Australian startup Azimuth. Fetiveau did not return a request for comment.

The city is said to also be home to an unnamed group of Israeli researchers who moved to Barcelona from Singapore to work on developing zero-day exploits. The existence of this unnamed team as well as Epsilon’s presence in Barcelona was first reported by Israeli newspaper Haaretz, whose article sparked coverage in local newspapers and news websites.

Other cybersecurity companies have a presence in Barcelona, even if they are not headquartered there. Andrijana Šekularac, the chief executive of Austrian cybersecurity company SAFA, lives in the city, according to her public LinkedIn profile. SAFA has sponsored offensive cybersecurity conferences, including OffensiveCon and Hexacon, and employs at least two security researchers with past experience at spyware companies, according to their public LinkedIn profiles. Šekularac also did not respond to a request for comment.

These zero-day and spyware companies are part of a broader cybersecurity and startup ecosystem in Barcelona. As of last year, according to the Catalan regional government, there were more than 10,000 people working for more than 500 cybersecurity companies in Barcelona, or around 50% more workers than five years earlier."

<https://techcrunch.com/2025/01/13/how-barcelona-became-an-unlikely-hub-for-spyware-startups/>

#EU #Spain #Barcelona #CyberSecurity #Spyware #israel #ZeroDay #StartUps

"TL;DR — Email addresses in stealer logs can now be queried in HIBP to discover which websites they've had credentials exposed against. Individuals can see this by verifying their address using the notification service and organisations monitoring domains can pull a list back via a new API."

<https://www.troyhunt.com/experimenting-with-stealer-logs-in-have-i-been-pwned/>

#CyberSecurity #StealerLogs #Privacy #DataBreaches

"The Supreme Court will hear arguments on Wednesday in a case that will determine whether states can violate adults’ First Amendment rights to access sexual content online by requiring them to verify their age.

The case, Free Speech Coalition v. Paxton, could have far-reaching effects for every internet users’ free speech, anonymity, and privacy rights. The Supreme Court will decide whether a Texas law, HB1181, is constitutional. HB 1811 requires a huge swath of websites—many that would likely not consider themselves adult content websites—to implement age verification.

The plaintiff in this case is the Free Speech Coalition, the nonprofit non-partisan trade association for the adult industry, and the Defendant is Texas, represented by Ken Paxton, the state’s Attorney General. But this case is about much more than adult content or the adult content industry. State and federal lawmakers across the country have recently turned to ill-conceived, unconstitutional, and dangerous censorship legislation that would force websites to determine the identity of users before allowing them access to protected speech—in some cases, social media. If the Supreme Court were to side with Texas, it would open the door to a slew of state laws that frustrate internet users’ First Amendment rights and make them less secure online. Here's what you need to know about the upcoming arguments, and why it’s critical for the Supreme Court to get this case right."

<https://www.eff.org/deeplinks/2025/01/five-things-know-about-supreme-court-case-texas-age-verification-law-free-speech>

#USA #Texas #Censorship #AgeVerification #Surveillance #Anonymity #FreeSpeech #DigitalRights #PoliceState #Privacy #DataProtection

"Today, the CFPB announced that it is seeking public input on strengthening privacy protections and preventing harmful surveillance in digital payments, particularly those offered through large technology platforms. The agency is requesting comment on implementing existing financial privacy law and how to address intrusive data collection and personalized pricing. Additionally, the CFPB requested comment on a proposed interpretive rule outlining how the Electronic Fund Transfer Act, which provides consumers with protections against errors and fraud, applies to new types of digital payment mechanisms, such as those currently offered through large technology companies and video gaming platforms, as well as stablecoins and other digital currencies that are not widely used today in consumer transactions.

“When people pay for their family expenses using new forms of digital payments, they must be confident that their transactions are not tainted by harmful surveillance or errors,” said CFPB Director Rohit Chopra. “The CFPB is seeking public input on how to apply longstanding consumer and privacy protections to new and emerging payment mechanisms.”"

<https://www.consumerfinance.gov/about-us/newsroom/cfpb-seeks-input-on-digital-payment-privacy-and-consumer-protections/>

#USA #CFBP #DigitalPayments #Privacy #FinTech

"I am typically curious about new technology. It took very little experimentation with LLMs for me to want to see if I could extract practical value. There is an allure to a technology that can (at least some of the time) craft sophisticated responses to challenging questions. It is even more exciting to watch a computer attempt to write a piece of a program as requested and make solid progress.

The only technological shift I have experienced that feels similar to me happened in 1995, when we first configured my LAN with a usable default route. I replaced the shared computer in the other room running Trumpet Winsock with a machine that could route a dialup connection, and all at once, I had the Internet on tap. Having the Internet all the time was astonishing and felt like the future. Probably far more to me in that moment than to many who had been on the Internet longer at universities because I was immediately dropped into high Internet technology: web browsers, JPEGs, and millions of people. Access to a powerful LLM feels like that.

So I followed this curiosity to see if a tool that can generate something mostly not wrong most of the time could be a net benefit in my daily work. The answer appears to be "yes"—generative models are useful for me when I program. It has not been easy to get to this point. My underlying fascination with the new technology is the only way I have managed to figure it out, so I am sympathetic when other engineers claim LLMs are “useless.” But as I have been asked more than once how I can possibly use them effectively, this post is my attempt to describe what I have found so far."

<https://arstechnica.com/ai/2025/01/how-i-program-with-llms/>

#AI #GenerativeAI #Chatbots #LLMs #Programming #SoftwareDevelopment

"On Saturday, Triplegangers CEO Oleksandr Tomchuk was alerted that his company’s e-commerce site was down. It looked to be some kind of distributed denial-of-service attack.

He soon discovered the culprit was a bot from OpenAI that was relentlessly attempting to scrape his entire, enormous site.

“We have over 65,000 products, each product has a page,” Tomchuk told TechCrunch. “Each page has at least three photos.”

OpenAI was sending “tens of thousands” of server requests trying to download all of it, hundreds of thousands of photos, along with their detailed descriptions.

“OpenAI used 600 IPs to scrape data, and we are still analyzing logs from last week, perhaps it’s way more,” he said of the IP addresses the bot used to attempt to consume his site.

“Their crawlers were crushing our site,” he said “It was basically a DDoS attack.”

Triplegangers’ website is its business. The seven-employee company has spent over a decade assembling what it calls the largest database of “human digital doubles” on the web, meaning 3D image files scanned from actual human models.

It sells the 3D object files, as well as photos — everything from hands to hair, skin, and full bodies — to 3D artists, video game makers, anyone who needs to digitally recreate authentic human characteristics."

<https://techcrunch.com/2025/01/10/how-openais-bot-crushed-this-seven-person-companys-web-site-like-a-ddos-attack/>

#CyberSecurity #AI #GenerativeAI #OpenAI #WebScraping #DDoS #AITraining

"Without federal legislative action, many US states are taking privacy matters into their own hands.

In 2025, eight new state privacy laws will take effect, making a total of 25 around the country. A number of other states—like Vermont and Massachusetts—are considering passing their own privacy bills next year, and such laws could, in theory, force national legislation, says Woodrow Hartzog, a technology law scholar at Boston University School of Law. “Right now, the statutes are all similar enough that the compliance cost is perhaps expensive but manageable,” he explains. But if one state passed a law that was different enough from the others, a national law could be the only way to resolve the conflict. Additionally, four states—California, Texas, Vermont, and Oregon—already have specific laws regulating data brokers, including the requirement that they register with the state.

Along with new laws, says Justin Brookman, the director of technology policy at Consumer Reports, comes the possibility that “we can put some more teeth on these laws.”

Brookman points to Texas, where some of the most aggressive enforcement action at the state level has taken place under its Republican attorney general, Ken Paxton. Even before the state’s new consumer privacy bill went into effect in July, Paxton announced the creation of a special task force focused on enforcing the state’s privacy laws. He has since targeted a number of data brokers—including National Public Data, which exposed millions of sensitive customer records in a data breach in August, as well as companies that sell to them, like Sirius XM."

<https://www.technologyreview.com/2025/01/07/1109301/privacy-protection-data-brokers-personal-information/>

#USA #Privacy #DataProtection #DataBrokers #DataBrokerage

"Some Motorola automated license plate reader surveillance cameras are live-streaming video and car data to the unsecured internet where anyone can watch and scrape them, a security researcher has found. In a proof-of-concept, a privacy advocate then developed a tool that automatically scans the exposed footage for license plates, and dumps that information into a spreadsheet, allowing someone to track the movements of others in real time.

Matt Brown of Brown Fine Security made a series of YouTube videos showing vulnerabilities in a Motorola Reaper HD ALPR that he bought on eBay. As we have reported previously, these ALPRs are deployed all over the United States by cities and police departments. Brown initially found that it is possible to view the video and data that these cameras are collecting if you join the private networks that they are operating on. But then he found that many of them are misconfigured to stream to the open internet rather than a private network.

“My initial videos were showing that if you’re on the same network, you can access the video stream without authentication,” Brown told 404 Media in a video chat. “But then I asked the question: What if somebody misconfigured this and instead of it being on a private network, some of these found their way onto the public internet?” "

<https://www.404media.co/researcher-turns-insecure-license-plate-cameras-into-open-source-surveillance-tool/>

#CyberSecurity #Privacy #Surveillance #USA #LicensePlateReaders #ALPRs #DataProtection

"Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government. The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.

The news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government, with arms of the military, DHS, the IRS, and FBI using it for various purposes. But collecting that data presents an attractive target to hackers.

“A location data broker like Gravy Analytics getting hacked is the nightmare scenario all privacy advocates have feared and warned about. The potential harms for individuals is haunting, and if all the bulk location data of Americans ends up being sold on underground markets, this will create countless deanonymization risks and tracking concerns for high risk individuals and organizations,” Zach Edwards, senior threat analyst at cybersecurity firm Silent Push, and who has followed the location data industry closely, told 404 Media. “This may be the first major breach of a bulk location data provider, but it won't be the last.”"

<https://www.404media.co/hackers-claim-massive-breach-of-location-data-giant-threaten-to-leak-data/>

#CyberSecurity #USA #Venntel #DataBreaches #LocationData #Surveillance #Privacy #DataProtection

"Having your data tracked in 2025 seems like an inevitability. Regardless of whether you're using an iPhone or Android phone, your carrier is likely gathering all sorts of data about how, where and when you use your cellphone.

Last year T-Mobile quietly began rolling out a new tracking method called "profiling and automated decisions." Spotted by Reddit users and The Mobile Report, the new option is enabled by default. While the company says it isn't using the information it gleans from such tracking today, it could be used later on for "future decisions that produce legal or similarly significant effects about you."

But the self-proclaimed "un-carrier" isn't alone. All three major US wireless providers collect data; here's what they gather and how you can turn it off. It's also worth noting that some of this you should want to keep on, particularly identity verification.

While we're focusing on the three main wireless carriers that make up a bulk of the US wireless market, it is likely smaller providers and even home internet services are engaging in similar collections. Heading to an account's profile or privacy page should help you figure out what is being collected and how you can adjust it.

We recommend checking this regularly just to make sure that you're aware of any changes the carriers may have made or new methods of collection they may have added."

<https://www.cnet.com/tech/mobile/data-privacy-your-carrier-knows-a-lot-about-you-heres-how-to-take-back-control/>

#USA #BigTelco #Surveillance #Privacy #CyberSecurity #DataProtection