Welcome back to This Week in Privacy, our weekly series where we cover the latest updates with what we're working on within the Privacy Guides community, and this week's top stories in the data privacy and cybersecurity space.
Privacy Guides is a non-profit which researches and shares privacy-related information, and facilitates a community on our forum and Matrix where people can ask questions and get advice about staying private online and preserving their digital rights.
Privacy Guides Updates
No new updates from the team to share this week!
We want to highlight Brave Browser's Forgetful Browsing feature. This allows Brave users to always clear cookies and other site storage every single time a website is closed, while also setting per-site exceptions for the few sites you do want to stay logged in to. Read more about this upcoming change in PR #2344.
In a follow up to last week's news, Reuters reports that Apple will require a court order before handing over push notification information:
Apple has said it now requires a judge's order to hand over information about its customers' push notification to law enforcement, putting the iPhone maker's policy in line with rival Google and raising the hurdle officials must clear to get app data about users. [...] Google said in a statement it had always required judicial approval to hand over this kind of information.
Reported by Ars Technica. CVS, Rite Aid, Walgreens hand out medical records to cops without warrants:
All of the big pharmacy chains in the US hand over sensitive medical records to law enforcement without a warrant—and some will do so without even running the requests by a legal professional, according to a congressional investigation. [...] They include the seven largest pharmacy chains in the country: CVS Health, Walgreens Boots Alliance, Cigna, Optum Rx, Walmart Stores, Inc., The Kroger Company, and Rite Aid Corporation. The lawmakers also spoke with Amazon Pharmacy.
Also reported by Ars Technica, courts in the U.S have ruled that suspects may refuse to provide phone passcodes to police:
Criminal suspects can refuse to provide phone passcodes to police under the US Constitution's Fifth Amendment privilege against self-incrimination, according to a unanimous ruling issued today by Utah's state Supreme Court.
The House of Representatives will not vote on two proposed surveillance bills, one of which would massively expand one of the government’s most powerful mass surveillance tools, after the Rules Committee pulled both bills. The bills, one by the Intelligence Committee and the other by the Judiciary Committee, would reform and reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), through which the U.S. government can compel domestic communications companies to assist in surveilling non-U.S. individuals who are outside the country by providing access to their communications streams.
In reporting from Ars Technica, just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack:
Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms.
For iPhone users, Contact Key Verification in iMessage released in this week's iOS 17.2 update.
This feature, announced a year ago, promises to drastically improve the security of your iMessages through two technologies: Key Transparency, and Contact Key Verification. This is something that iPhone users should take advantage of by opting-in to Verification in iMessage in their Apple ID settings, because this non-default feature stll adds additional, automatic security protections even if you never perform manual key verification yourself.
Proton launched their annual raffle for lifetime accounts this week, as well as an auction for rare single-letter account usernames.
All proceeds, along with a $100,000 contribution from Proton, will go to 10 organizations that were nominated by the Proton community, with a portion of the funds also going to support some of the organizations that [Proton has] previously supported.
Finally, @rollsicecream from the Privacy Guides forum posted a DNS script for Linux that they've been working on in our project showcase category. According to them:
This very simple but very easy to use CLI script allows you to choose Quad9, Mullvad DNS and NextDNS (more coming soon!) and use them on Linux with the systemd-resolved package (which is nowadays installed on all Linux distros).
...as well as additional features. This isn't something we've checked out in depth, but we want to shine a light on people working on new stuff in the privacy space, so if you have any feedback or questions for this developer, you can certainly ask in the forum thread linked above.
TWIP Live 🔴
All the updates from This Week in Privacy will be shared here on the blog every week, so subscribe with your favorite RSS reader if you want to stay tuned. However, for people who prefer audio, we're going to be trying out a podcast-style recording of these updates every week, livestreamed on our YouTube channel.
We're trialing This Week in Privacy for a month to see whether we and the community finds these sorts of updates to actually be valuable. If we do continue to publish these updates after that, we'll publish the audio version of the show as a standard RSS feed outside of YouTube separately.
In the next TWIP
Will we continue to publish these updates? We'll see! We are hoping to publish a new TWIP update every Saturday, but we won't be able to do so without your help. If you find a news story you'd like us to share, or you're working on anything in the privacy space which our community would be interested in, please get in touch on our forum to share your update and be featured in next week's publication.