You Gave Facebook Your Number For Security. They Used It For Ads.

Two-Factor Authentication Is Not The Problem

First, when a user gives Facebook their number for security purposes—to set up 2FA, or to receive alerts about new logins to their account—that phone number can become fair game for advertisers within weeks. (This is not the first time Facebook has misused 2FA phone numbers.)

But the important message for users is: this is not a reason to turn off or avoid 2FA. The problem is not with two-factor authentication. It’s not even a problem with the inherent weaknesses of SMS-based 2FA in particular. Instead, this is a problem with how Facebook has handled users’ information and violated their reasonable security and privacy expectations.

https://www.eff.org/deeplinks/2018/09/you-gave-facebook-your-number-security-they-used-it-ads

How does DuckDuckGo know where I am?

Searching the web with DuckDuckGo is completely anonymous; we simply never collect or share any personal information, in line with our strict privacy policy. For example, we don’t store IP addresses or any other unique identifiers in our server logs. As a result, we don’t even have the ability to create search histories or sessions for any individual. It’s privacy by design.

When you hit the search button, your computer sends your search request to us. In that request, your computer embeds additional information. For example, if you opt-in to location sharing for a site, this information includes your approximate location. And even if you don’t, your request includes your IP address, and an approximate location can be inferred from it, though it isn’t always accurate.

What we do is read that embedded information, use the location contained within it to display the weather or other local information requested, and then immediately throw it away – without storing any of your personal information. In that way, we can serve localized results (weather, restaurants, maps, etc.) without tracking you. For all the nitty-gritty technical details, check out our help page

https://www.quora.com/How-does-DuckDuckGo-know-where-I-am/answer/Gabriel-Weinberg

How To Protect Your Privacy On iPhone

Follow these easy steps to protect the personal data on your iPhone or iPad. (details and how to if you follow the link in the bottom)

You might also be interested in our privacy tips for Android.

1. Lock your device with a passcode longer than 4 digits.
2. Enable “Erase Data” to delete data after 10 failed passcode attempts.
3. Don’t show notifications in the lock screen for sensitive apps.
4. Turn off “Share My Location.”
5. Turn off location services for things that don’t need them.
6. Turn off access to sensitive data for apps that don’t need it.
7. Review your installed apps.
8. Turn off read receipts so people are not notified when you see their messages.
9. Turn on “Limit ad tracking”.
10.From time-to-time, reset your advertising identifier.
11. Set DuckDuckGo as your default search engine.
12. Install the DuckDuckGo Privacy Browser.

https://spreadprivacy.com/iphone-privacy-tips/

US, UK, and other governments asks tech companies to build backdoors into encrypted devices

The US, UK, and three other governments have called on tech companies to build backdoors into their encrypted products, so that law enforcement will always be able to obtain access. If companies don’t, the governments say they “may pursue technological, enforcement, legislative, or other measures” in order to get into locked devices and services.

Tech companies have (also) been wary to comply. Adding a backdoor into their products would inherently mean that their promise of data privacy is broken. It would also open them up to similar requests from other countries, which could use the backdoor access for spying in inappropriate circumstances.

https://www.theverge.com/2018/9/3/17815196/five-eyes-encryption-backdoors-us-uk-australia-nz-canada

Google Secretly Tracks What You Buy Offline Using Mastercard Data

Over a week after Google admitted the company tracks users’ location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline.

Google has paid Mastercard millions of dollars in exchange to access this information.

Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg.

https://thehackernews.com/2018/09/google-mastercard-advertising.html

What Attorneys and Their Clients Need to Know About Windows 10 and Microsoft’s New Privacy Policies

August 1, 2015

In short, according to Zach Epstein of BGR.com, “Windows 10 is … spying on nearly everything you do.” According to Microsoft, its “consumer products, websites and services” collect information such as

  • your full name, email address, mailing address, and phone number
  • passwords and password hints
  • your age, gender, and occupation
  • the stocks you track
  • credit card numbers and security codes
  • “data about how you interact with [Microsoft’s] services,” such as “the features you use, the items you purchase, the web pages you visit, and the search terms you enter”
  • “data about your contacts and relationships” – but only if you use a Microsoft service “to manage contacts, or to communicate or interact with other people or organizations.” (I’m not sure there’s anyone using a Microsoft system who doesn’t use it to “communicate or interact.”)

It gets worse. Microsoft “collect[s] content of your files and communications” including “the content of your documents, photos, music or video…. It also includes the content of your communications sent or received using Microsoft services, such as the subject line and body of an email, text or other content of an instant message, audio and video recording of a video message, and audio recording and transcript of a voice message you receive or a text message you dictate.” Microsoft “systematically scan[s]” this content “in an automated manner…”

What Attorneys and Their Clients Need to Know About Windows 10 and Microsoft’s New Privacy Policies

Finland ska bli ”en mumindal” för persondata som motvikt till de stora IT-jättarna – My data-rörelsen växer

I dagens läge samlar företag och myndigheter in en hel del data om dig som konsument och medborgare, och använder sig sedan av den utan att du kan påverka situationen desto mer. En ny internationell organisation med hemort i Finland vill ändå ändra på det här.

My Data-rörelsen startade år 2014 efter en datautredning som gjordes vid Kommunikationsministeriet.

https://svenska.yle.fi/artikel/2018/09/02/finland-ska-bli-en-mumindal-for-persondata-som-motvikt-till-de-stora-it-jattarna

Handboken Personlig säkerhet (2018)

Genom riskanalyser, aktiva val och medvetna förhållningssätt kan du värna om din personliga säkerhet. I handboken ges exempel på förebyggande åtgärder och skyddsåtgärder som kan användas för att förhindra eller avstyra hotfulla situationer om de skulle uppstå.

Här behandlas allt från hur du kan tänka kring sociala medier till hur du ska agera vid ett eventuellt terrorattentat. Boken är primärt skriven för politiskt aktiva, men råden fungerar lika väl för andra utsatta yrkesgrupper.

http://www.sakerhetspolisen.se/publikationer/personskydd/personlig-sakerhet.html

Enabling trust for connected vehicles

New technologies for vehicle-to-vehicle (V2V, Car2Car) and vehicle-to-everything (V2X, Car2X) communication enable assisted and autonomous driving, road safety applications, better road utilization and environment protection. Security is crucial for this communication, for safety and privacy reasons. Cyber attacks can threaten the privacy of the driver, damage the physical equipment, and even risk the lives of persons in and around the vehicle.

https://www.nexusgroup.com/solutions/public-key-infrastructure-pki/internet-of-things-iot-security