After a few weeks off for the holidays, welcome back to This Week in Privacy in the new year! This is our weekly series where we cover the latest updates with what we're working on within the Privacy Guides community, and this week's top stories in the data privacy and cybersecurity space.
Privacy Guides is a non-profit which researches and shares privacy-related information, and facilitates a community on our forum and Matrix where people can ask questions and get advice about staying private online and preserving their digital rights.
Privacy Guides Updates
We're looking into an issue with Crowdin, which we use for translations. A recent update on their end has prevented us from downloading translations in the correct format, which has made it difficult to make any changes to the website at all. We're waiting for a response from them, and we may start looking at alternatives if we don't hear back from them soon.
(submitted by @jonah)
More U.S. states are losing access to some adult content websites as their owners protest digital new age verification requirements:
Rather than try to make its users jump through hoops to view its content, Pornhub’s parent company has blocked viewers in Montana and North Carolina altogether, as it has in other states with similar legislation. [...] Critics of these laws say they’re too vague to be useful, and will only have a chilling effect on porn sites that do have good moderation practices, while pushing people to use less responsible sites or use virtual private networks (VPNs) to make it seem like they’re in a different location.
Privacy Guides team member Jonah Aragon wrote an article about age verification laws in response to this latest news:
We are rapidly building a future in which the devices we own actively work against us, and have frightening control over our access to content which powerful stakeholders might deem unsuitable. [...] Device-based age verification is not a solution, because age verification in general is not the solution to children accessing inappropriate content in the first place.
In more age-verification-related reporting by 404 Media, Google is apparently paying "parents $50 to scan their childrens' faces":
Google is having parents film their children wearing hats and sunglasses, with the collected data to include eyelid shape and skin tone. [...] Google told 404 Media the collection was part of the company’s efforts to verify users’ age.
Britain's government wants to build on its landmark Investigatory Powers Act, a controversial piece of legislation dubbed the "snooper's charter" by critics when introduced back in 2016. [...] “Using this power, the government could prevent the implementation of new end-to-end encryption, or stop developers from patching vulnerabilities in code that the government or their partners would like to exploit,” Meredith Whittaker, president of secure messaging app Signal, told POLITICO when the bill was first unveiled.
In more legislative news, Mother Jones reports that Section 702 of FISA was quietly renewed, extending it with a "short-term" extension until 2025:
On December 22, President Joe Biden signed a $886 billion defense bill that renewed one of the US government’s most controversial spy programs. [...] Under Section 702 of FISA, federal investigators do not need a warrant to tap the phone calls, texts, and emails of foreigners outside of the country. But a loophole also lets them access messages that Americans exchange with targets abroad. [...] Numerous reports have documented the FBI’s “persistent and widespread” misuse of this authority to spy on Americans, running unauthorized searches on Black Lives Matter protesters, for instance, or January 6 rioters, and even a US senator.
In news which should surprise nobody, Facebook is tracking all the links you click. This is already common knowledge, but a new setting lets you view those statistics yourself:
Facebook recently rolled out a new “Link History” setting that creates a special repository of all the links you click on in the Facebook mobile app. You can opt out if you’re proactive, but the company is pushing Link History on users, and the data is used for targeted ads.
Finally, The Guardian reports that the NYPD is facing backlash "as it prepares to encrypt radio communications":
The New York police department (NYPD) is facing serious backlash after announcing additional details about its plan to encrypt its radio communications system, which experts warn will limit transparency and accountability. NYPD radio signals have been publicly accessible since 1932, allowing journalists and civilians to listen to police communications, Gothamist reported. The NYPD will now be encrypting its radio channels for the first time ever.
TechCrunch reports that "23andMe tells victims it’s their fault that their data was breached":
Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility [...] 23andMe said that “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe.” “Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures,” the letter reads.
Divested Computing Group, which develops privacy/security projects such as DivestOS and Mull Browser, posted a fundraiser with a $12,000 goal to fund future development, stating:
DivestOS and the Divested projects as they currently stand are ultimately unsustainable. My goal for 2023 was to acquire a grant to continue my work, I was unsuccessful. Today I am announcing a fundraiser of raising $12,000 USD by end of February. It may be a stretch to ask, but I hope you all have found sufficient value in my work to keep these projects going. If it is unsuccessful I will switch to a full-time job and the Divested projects will take a backseat.
Headlines from the Holidays
We missed coverage from a few weeks during the holidays. In case you missed them, check out some of these highlight stories:
- Business Insider: Google will no longer hold onto people's location data in Google Maps — meaning it can't turn that info over to the police
- The Record: Cars have become computers on wheels — and police have easy access to their data
- CBS News: Rite Aid "covert surveillance program" falsely ID'd customers as shoplifters, FTC says
- The Salt Lake Tribune: Utah charter schools want student data from school districts — so they can advertise to families
- Michael Geist: The Most Dangerous Canadian Internet Bill You’ve Never Heard Of Is a Step Closer to Becoming Law
TWIP Live 🔴
All the updates from This Week in Privacy will be shared here on the blog every week, so subscribe with your favorite RSS reader if you want to stay tuned. However, for people who prefer audio, we're going to be trying out a podcast-style recording of these updates every week, livestreamed on our YouTube channel.
We're trialing This Week in Privacy for a month to see whether we and the community finds these sorts of updates to actually be valuable. If we do continue to publish these updates after that, we'll publish the audio version of the show as a standard RSS feed outside of YouTube separately.
In the next TWIP
Will we continue to publish these updates? We'll see! We are hoping to publish a new TWIP update every Saturday, but we won't be able to do so without your help. If you find a news story you'd like us to share, or you're working on anything in the privacy space which our community would be interested in, please get in touch on our forum to share your update and be featured in next week's publication.