"“I’m here to tell you if you’ve ever been on a dating app that wanted your location, or if you ever granted a weather app permission to know where you are 24/7, there’s a good chance a detailed log of your precise movement patterns has been vacuumed up and saved in some data bank somewhere that tens of thousands of total strangers have access to,” writes Tau.

Unraveling the story of how these strangers—everyone from government intelligence agents and local law enforcement officers to private investigators and employees of ad tech companies—gained access to our personal information is the ambitious task Tau sets for himself, and he begins where you might expect: the immediate aftermath of 9/11.

At no other point in US history was the government’s appetite for data more voracious than in the days after the attacks, says Tau. It was a hunger that just so happened to coincide with the advent of new technologies, devices, and platforms that excelled at harvesting and serving up personal information that had zero legal privacy protections.

Over the course of 22 chapters, Tau gives readers a rare glimpse inside the shadowy industry, “built by corporate America and blessed by government lawyers,” that emerged in the years and decades following the 9/11 attacks. In the hands of a less skilled reporter, this labyrinthine world of shell companies, data vendors, and intelligence agencies could easily become overwhelming or incomprehensible. But Tau goes to great lengths to connect dots and plots, explaining how a perfect storm of business motivations, technological breakthroughs, government paranoia, and lax or nonexistent privacy laws combined to produce the “digital panopticon” we are all now living in."

https://www.technologyreview.com/2025/06/23/1118401/privacy-book-reviews-surveillance-higher-education/

#Surveillance #Privacy #DataProtection SurveillanceCapitalism #AdTech #DataBrokers

"Also at odds with the G7 statement is Canada’s own proposed border-security bill (C-2), which has been widely condemned by this author and numerous other rights groups for the ways it may open up transborder surveillance by foreign governments into Canada. As written, the bill might actually facilitate further transnational repression.

As my Citizen Lab colleague Kate Robertson noted in a recent analysis, Bill C-2 “contains several areas where proposed powers appear designed to roll out a welcome mat for expanded data-sharing treaties or agreements with the United States, and other foreign law-enforcement authorities.” In light of the authoritarian train wreck unfolding in the U.S., and the prospect of high-risk individuals fleeing that country for Canada, such data-sharing could conceivably become a tool of transnational repression used by our closest neighbour, not to mention other repressive regimes.

Pledges are important and the Canadian-backed G7 statement on countering transnational repression and abuse of spyware is certainly a very welcome one. But for Canada to actually translate those pledges into meaningful laws and policies will require some serious self-reckoning about how our own past and current practices are actually implicated in the very acts we have once again condemned."

https://www.theglobeandmail.com/opinion/article-g7-transnational-repression-bill-c-2-carney/

"EU law enforcement bodies could be capable of decrypting your private data by 2030.

This is one of the ambitious goals the EU Commission presented in its Roadmap on June 24, 2025. A plan on how the bloc intends to ensure police officers' "lawful and effective" access to citizens' data.

The Roadmap is the first step forward in the ProtectEU strategy, first unveiled in April 2025 – but privacy experts have already begun raising the alarm."

https://www.techradar.com/vpn/vpn-privacy-security/the-eu-wants-to-decrypt-your-private-data-by-2030

Laut einem Bericht des Bundesrechnungshofs würden weniger als 10% der 100 Rechenzentren des Bundes die Mindeststandards des #BSI erfüllen, in Krisenzeiten sei nicht einmal der Notstrom garantiert. Das Sicherheitsniveau der Rechenzentren sei insgesamt "unzureichend" und der Zustand der IT-Sicherheit in der Bundesverwaltung "unverändert defizitär", urteilen die Prüfer.

Keine Überraschung leider.

https://www.heise.de/news/Bundesrechnungshof-Sicherheitsniveau-der-Bundes-IT-unzureichend-10475018.html

Steve Jackson wants you to know the Secret Masters care about your online data safety:

https://www.sjgames.com/ill/archive/July_05_2025/Surveillance_Bytes

If you know anyone in the European Union who is seriously considering buying Meta's spyglasses, please remind them that using those privacy nightmares would make them a controller according to the GDPR. They'd be responsible for ensuring full compliance with our privacy laws, which - surprise, surprise - will be impossible.

Please tell them to save themselves and everyone around them the trouble and give the money to any NGO instead.
--
#privacy #DataProtection #GDPR #Meta #BanRayBan

In response to the increasing power of America’s digital surveillance machine, WIRED asked #security and #privacy experts for their advice for hardening personal privacy protections and resisting #surveillance. Here are their recommendations:

https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/

"Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were idle to passively send information to the company.

The verdict marks an end to a legal class-action complaint that was originally filed in August 2019.

In their lawsuit, the plaintiffs argued that Google's Android operating system leverages users' cellular data to transmit a "variety of information to Google" without their permission, even when their devices are kept in an idle state.

"Although Google could make it so that these transfers happen only when the phones are connected to Wi-Fi, Google instead designed these transfers so they can also take place over a cellular network," they said.

"Google's unauthorized use of their cellular data violates California law and requires Google to compensate Plaintiffs for the value of the cellular data that Google uses for its own benefit without their permission.""

https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html

Thanks @nicol for pointing me to the #BMA #britishMedicalAssociation's resolution not to work with #planatir and to get it out of our #nhs

#privatisation #dataProtection #publicHealth

https://www.bma.org.uk/bma-media-centre/arm-2025-bma-passes-resolution-on-health-information-management-and-information-technology

"Billions of people worldwide use private messaging platforms like Signal, WhatsApp, and iMessage to communicate securely. This is possible thanks to end-to-end encryption (E2EE), which ensures that only the sender and the intended recipient(s) can view the contents of a message, with no access possible for any third party, not even the service provider itself. Despite the widespread adoption of E2EE apps, including by government officials, and the role of encryption in safeguarding human rights, encryption, which can be lifesaving, is under attack around the world. These attacks most often come in the form of client-side scanning (CSS), which is already being pushed in the EU, UK, U.S., and Australia.

CSS involves scanning the photos, videos, and messages on an individual’s device against a database of known objectionable material, before the content is then sent onwards via an encrypted messaging platform. Before an individual uploads a file to an encrypted messaging window, it would be converted into a digital fingerprint, or “hash,” and compared against a database of digital fingerprints of prohibited material. Such a database could be housed on a person’s device, or at the server level.

Proponents of CSS argue that it is a privacy-respecting method of checking content in the interests of online safety, but as we explain in this FAQ piece, CSS undermines the privacy and security enabled by E2EE platforms. It is at odds with the principles of necessity and proportionality, and its implementation would erode the trustworthiness of E2EE channels; the most crucial tool we have for communicating securely and privately in a digital ecosystem dominated by trigger-happy surveillance."

https://www.accessnow.org/why-client-side-scanning-is-lose-lose-proposition/

Don't you know that you're toxic... Meta goes from ghosting to gaslighting.

After our direct action last week, Meta is now replying to 10k requests to opt out of Stalker Ads.

And it's a fudge... they talk about not using personal data for some direct marketing. But don't mention targeted ads!

#StopStalkerAds

Quando un hacker cerca di fare il romantico

I'm not the right partner for you if you're looking for someone to write your privacy notice and be done with it.

I'm a perfect partner for you if you're willing to build a privacy-minded company that sincerely values its customers and their rights.
--
#privacy #DataProtection #GDPR #business #consulting

Whenever you're building new tech, please seek privacy advice right from the start. Not as a last step before deployment.

Privacy people want to make your tech better! For you, your customers, and everybody else. But they can only do so if you make them part of your project, not just some final to-do on your checklist.
--
#privacy #DataProtection #GDPR #tech

PUEDEN VER LA NUEVA #ActividadAcadémica @CPACF!!!️#Conferencia “Caret initio et fine: la efigie de la #proteccióndedatospersonales en #Argentina.” #DataProtection
#Privacidad #Privacy #AAIP #LPDP
Dra. PhD Johanna C. Faliero
23/06 17h
https://www.youtube.com/watch?v=RxkYp-VfzGM