This month you’re in a police line up and your DNA information is held offshore by a third party. Well, maybe neither of those things are true yet, but they’re certainly perfectly possible. Google and Facebook are still profiling you, but are entirely determined to profile you more, and harder.
1. DNA Genealogy
There was a lot of coverage of the Back To Our Past event held in the RDS during October. For the first time in Ireland, attendees could have DNA testing done at this genealogy show. The benefits of using your DNA to better research your ancestors were extolled in several publications and on RTE radio. Volunteers were sought to contribute their DNA to a database of Irish DNA held by a private company, with a lifetime membership offered as an enticement.
Notes for humans
Do be careful who you give your genetic information to. It’s probably best not to give it to strangers, or companies you’re not familiar with. At a minimum, carefully read their privacy policy and be aware that these companies you’re dealing with may well be acquired by other companies (see below regarding Google and Doubleclick, and Facebook and WhatsApp) who will not abide by these existing privacy policies. In fact, they may acquire the original company you have shared your information with specifically to gain access to this type of information so they can link it with other information they may have about you. Then they can sell this combined information to a health insurance company who would just love to increase your premium, because that’s the mundane reality of where a lot of this is leading. Check where the company is headquartered, and where your data will be stored and processed. Be aware that there are differences between European and US laws in this area, and that the current arrangement to ensure European standards of data protection for European citizens is, well, not ideal.
Most important of all, read this thread on Twitter to find out how your relatives can merrily compromise your privacy using these online genealogical services.
A relative set me up on ancestry dot com to view her family history research. I am now hyperventilating into a data protection paper bag.
— Heather Burns (@WebDevLaw) October 29, 2016
2. Google drops ban On Personally Identifiable Web Tracking
Way back in 2007 when there were no cookie notifications on any websites besides those that were exceptionally upfront with their users about what was being done with their data, Google bought Doubleclick for over three billion dollars. At that time Doubleclick more than likely held the world record for numbers of cookies placed on devices around the world. Doubleclick’s cookies tracked browsing habits across the Web in order to place relevant advertising on sites users visited. Until earlier this year, Google had kept a wall between this huge store of behavioural information that Doubleclick held and the equally huge store of information Google held about users and their interests, acquired via the provision of free services such as Gmail. Now that wall is gone, with the stroke of a pen across a policy.
Notes for humans
Now you’re totally connected, but not in a way you asked to be. Google really, really wants to know everything about you. Where you go, who you know, what you search for late at night on the Web. This is profiling on a scale never seen before. Here are a few things you can do to opt out, for the moment at least.
+ ‘Google’s ad tracking is as creepy as Facebook’s. Here’s how to disable it’
+ ‘How to Get Google to Stop Personally Tracking You’
3. The Internet Of Things Continues To Break The Internet
Remember in September well known security writer Brian Krebs’ website was taken down by a botnet comprised of a large number of connected CCTV cameras and other motley Internet of Things devices? Maybe you missed that one, but you probably didn’t miss the large outage in October when a similar, larger army of connected devices was used to take down the Dyn DNS service, making many large websites unavailable for millions. Here’s Krebs himself on the outage
Until then, these insecure IoT devices are going to stick around like a bad rash — unless and until there is a major, global effort to recall and remove vulnerable systems from the Internet. In my humble opinion, this global cleanup effort should be funded mainly by the companies that are dumping these cheap, poorly-secured hardware devices onto the market in an apparent bid to own the market. Well, they should be made to own the cleanup efforts as well.
Notes for humans
This is going to happen with increasing regularity. Devices that can easily be remotely controlled and yoked together into botnets which allow moderately competent people to carry out these attacks are being brought online at an alarming rate. As long as the peculiar impulse to connect things to the Internet that have no real business being connected to the Internet continues, device manufacturers will continue to ship devices with next to no security features built in.
+ ‘Nice Internet You’ve Got There… You Wouldn’t Want Something To Happen To It…’
4. Article 29 Working Party Gives Facebook and WhatsApp A Stern Talking To
Continuing on a theme from last month, and the month before that, Facebook is still drawing the ire and scrutiny of privacy watchdogs after it linked WhatsApp user data with Facebook user data. This, of course, after specifically stating when it acquired WhatsApp in 2014 that it wouldn’t link the two sets of user data.
Notes for humans
In typically dry and dull EU naming fashion, the Article 29 Data Protection Working Party (WP29 for short) is the name of a group made up of a representative from the data protection authority of each EU member state, one from the European Data Protection Supervisor and one from the European Commission. What they say is important for privacy and data protection issues across Europe and the world. If they’re not happy with Facebook’s behaviour in this situation then Facebook might just have to moderate its data-grabbing ways.
+ The full text of the letter sent to Facebook is available here.
5. The Perpetual Line Up. You Might Soon Be A Part Of It
The Georgetown Law Center on Privacy & Technology published this beautiful and stark visualisation and description of the implications of law enforcement agencies deploying face recognition technologies.
Notes for humans
Although the Perpetual Line Up covers only the US, you can be sure that law enforcement agencies are working on similar projects using the same technologies in Europe. So, probably not a case of if but rather a case of when we’ll have to deal with the ramifications of this.
Honourable Mentions
- This month it was shown that DIY drones are pretty damn easy to hack if some of their components have been made in a 3D printer connected to a compromised home PC. A few days later it turned out that commercially manufactured ones are also pretty damn easy to hack. In Sweden, a court has decided that drones with mounted cameras are legally equivalent to CCTV cameras. If you want to fly one of these in a public place you need a permit.
- Apple has a patent on a system that uses the configuration of your veins to identify you. Yes, your veins inside your body. Once you’ve used your veins to unlock your phone which you use to unlock self-driving your car which is programmed to run over pedestrians in an emergency, you might cruise past a few billboards which have been tracking you since you left home in order to serve you up an advertisement tailored just for you. Yahoo!
- Amnesty International launched an awareness campaign to inform people about the security or, in some cases, the lack of security built in to popular messaging apps. This is obviously something we were delighted to see around these parts. ‘6 really practical ways to protect your privacy online’ is well worth a look too.
- Digital Rights Ireland served proceedings on the Irish State, challenging whether the Data Protection Commissioner is as independent from the Government as it is required to be under EU law. This one will be fun to watch.
[Title image credit: Elisabetta Foco on Unsplash]
2 Comments Add yours