Welcome back to This Week in Privacy, our weekly series where we cover the latest updates with what we're working on within the Privacy Guides community, and this week's top stories in the data privacy and cybersecurity space.
Privacy Guides is a non-profit which researches and shares privacy-related information, and facilitates a community on our forum and Matrix where people can ask questions and get advice about staying private online and preserving their digital rights.
Privacy Guides Updates
Unfortunately, Skiff Mail was removed from Privacy Guides's email provider recommendations earlier today, following their announcement that they are being acquired by Notion and shutting down their platform in 6 months.
If you currently use Skiff Mail for your email mailbox or aliasing service, you should switch to another provider such as Proton or Mailbox.org as soon as possible. Obviously, this was not the expectation for Skiff Mail when we added them to the website last year.
The longevity of the products we recommend is important to us, and we are carefully considering how predictable and avoidable this situation was in order to potentially try to prevent recommending other products that end up with this outcome in the future. This discussion is ongoing within our community, and if you have any thoughts on the matter we welcome them in this forum thread:
If we change our criteria to better flag and avoid companies which are likely to be acquired or shut down in the future, we will likely post an update on this blog detailing those changes further.
Mozilla has a new tool, Mozilla Monitor Plus, to automatically remove your information from data broker sites. This is an update to their previous Firefox Monitor tool which monitored your email address in the Have I Been Pwned database. Their new product offering combines that service with paid data broker search and opt-out functionality, powered by Onerep.
New laws in the United Kingdom would make wearing a face mask during a protest (e.g. to protect your identity, protect yourself from an ongoing pandemic, or protect yourself from police smoke screens) illegal:
Police will be given new powers to arrest protesters who wear face coverings under new laws cracking down on disorder, ministers have announced.
Demonstrators flouting an order to remove their mask could be jailed for a month and fined up to £1,000.
EU users on iOS 17.4 can apparently no longer install Progressive Web Apps on their phone following the recent changes to iOS in the EU which allow for browser engines other than WebKit. What this means is that users in the EU will be forced to obtain their apps from centralized app stores rather than the internet for full functionality.
This has a lot of consequences for users. For example, all data stored by these web apps is automatically deleted with the update. Websites can also no longer send push notifications to users.
London Underground is testing our new AI surveillance tools to try and detect crime in weapons.
Thousands of people using the London Underground had their movements, behavior, and body language watched by AI surveillance software designed to see if they were committing crimes or were in unsafe situations, new documents obtained by WIRED reveal. The machine-learning software was combined with live CCTV footage to try to detect aggressive behavior and guns or knives being brandished, as well as looking for people falling onto Tube tracks or dodging fares.
A proposed border policy in the US allocates $170 million towards autonomous surveillance towers and $204 million for "expenses related to the analysis of DNA samples."
“This combination of money for surveillance and surveillance technology, along with the included gutting of asylum, would transform our system and hyper-amplify what’s already happening on the ground,” said Paromita Shah, the executive director of the immigrant rights group Just Futures Law.
The US has already spent hundreds of millions of dollars on these automated surveillance towers, which are primarily made by Anduril Industries – the brainchild of Palmer Luckey, founder of Oculus VR.
Canada is planning to ban the Flipper Zero to curb a "surge in car thefts," despite the fact that the Flipper Zero is unable to be used to steal devices in any vehicle with even the most basic rolling code mechanism, i.e. any vehicle since the 90s. This follows the Flipper Zero being banned on Amazon for being a card skimming device, despite it being unable to skim cards, and being banned in Brazil due to alleged "criminal use."
BleepingComputer reports that Apple allowed a fake version of LastPass on the App Store:
As LastPass is used to store very sensitive information, such as authentication secrets and credentials (username/email and password), the app was likely created to act as a phishing app and steal credentials.
Ars Technica reports that developers are currently patching a "critical vulnerability" in the shim bootloader software, which enables secure boot for many Linux distros. According to Matthew Garrett, a security developer and one of the original shim authors:
An attacker (physically present or who has already compromised root on the system) could use this to subvert secure boot (add a new boot entry to a server they control, compromise shim, execute arbitrary code).
Earlier this week, many tech publications erroneously reported that "3 million toothbrushes" were used in a DDoS attack, despite there clearly being no toothbrush vendors who even make millions of Wi-Fi enabled toothbrushes in the first place (existing smart toothbrushes use Bluetooth and have no internet connectivity), and no actual evidence of any such botnet from any sources. The original source of this story later confirmed that it was a "hypothetical scenario and not a real attack."
Fedora rebranded all their immutable desktops as Fedora Atomic Desktops. Fedora Silverblue (GNOME) and Fedora Kinoite (KDE) are retaining their names because of their brand recognition, but future versions will use a naming convention like "Fedora Sway Atomic" (for the Sway desktop environment).
TWIP Live 🔴
All the updates from This Week in Privacy will be shared here on the blog every week, so subscribe with your favorite RSS reader if you want to stay tuned. However, for people who prefer audio, we're going to be trying out a podcast-style recording of these updates every week, livestreamed on our YouTube channel.
In the next TWIP
Will we continue to publish these updates? We'll see! We are hoping to publish a new TWIP update every Saturday, but we won't be able to do so without your help. If you find a news story you'd like us to share, or you're working on anything in the privacy space which our community would be interested in, please get in touch on our forum to share your update and be featured in next week's publication.