Shut the barn door: UK data watchdog tells MPs mass slurping by firms is a huge risk to privacy Regulators and campaign groups have warned a UK Parliamentary inquiry that the increasing collection, use and storage of data by corporations poses a serious risk to privacy and security. The Human Rights Committee hearing into the right to privacy and the "digital revolution" follows the scandal last year of 87 million …
Apparently, the plan for AgeID rollout has been suspended indefinitely and is facing cancellation. Surprised not to have spotted an El Reg article on this so far.
https://news.sky.com/story/government-delays-new-pornography-regulation-as-it-works-out-kinks-11288064
Also yes, MPs are exempted from the tracking elements under the GDPR regulations that surround the planned block.
I'm surprised you didn't spot an article on it either, because they published one yesterday.
On a related matter though, kudos to the Sky headline writer for managing to get that 'kink' gag past the editors. We expect such innuendos from elReg, but it must be harder for writers at other publications to slip one in. As it were.
Most people who I talk to say something like "it doesn't bother me, why should I care ?". I try to explain but they get bored*.
The ICO producing a report that few will read is not the way to get changed, most will still continue to not care.
The ICO must produce short, easy to read publicity with several good examples that explain why - how the data sharing & profile building is to their disadvantage. This should then be pushed to the media.
I suspect that the media will try to bury such a report as their data slurping advertisers will want to keep everyone in ignorance.
* It might just be me, but I suspect that other el-reg readers get the same reaction.
At this stage, I expect the world to continue marching towards dataslavery(TM) no matter what is done. There are too many ways around even the most expertly crafted legislation, which we all know isn't going to be that well written to begin with and we must rely on the conscience and commitment of the management of every company that can scrape this data.
All I want to know is whether they will be happy once they've taken over the world.
"me too" !
Family are all addicted to Faecesborg & Whatsapp. I've tried the simple step of asking them to use Signal - but no, don't want to be installing anything else. It's annoying not just because of the obvious data slurping stuff, but also because pretty well all the information, photo, and video sharing is being done via them and so I'm missing out on a lot of the grandchildrens' stuff.
But I feel doubly for the grandchildren. The parents are sharing all their details on their behalf - so by the time they have any say in things, it'll be far too late. They say privacy is like virginity - you can never get it back - but these youngsters stopped being privacy virgins within minutes or hours of birth.
And yes, there's an Alexa in their house.
Same here. Its that or "I have nothing to hide". Unfortunately I already have a FB account created back in 2007, I hardly use it but its too late they already have details. I've told folk that the Cambridge Analytica scandal is not a one off, its the norm. Every thing they did FB were told to stop doing years before. You tell them how does FB afford to give them that service for free? Don't care.
Spend half my time telling folk to check privacy settings, app permissions, data farming etc. Speak to folk about Alexa and youget the stock, "it only listens when I say Alexa". Youask then if thays the case how does it know you've said "Alexa"? Youcan almost see the struggle to work that one out! The average punter simply doesn't care,the corporates know that. If the public looks like starting to care, just watch the new trinkets come out.
We are basically at the stage of wondering how to stop a big boulder coming down the hill with a few pointy sticks, sadly.
We are basically at the stage of wondering how to stop a big boulder coming down the hill with a few pointy sticks, sadly.
At that stage, you are not suppose to stop the big boulder from crushing the pointy sticks. Instead, you are suppose save those who are willing to step aside.
"I have nothing to hide".
I hear your pain. I'm an evangelist for this, telling people about aggregate data all the time. I've had some success by making this comparison:
"I have nothing to say, so we don't need laws that protect our free speech, right?"
"I have nothing to hide, so its fine for the police to come and search my house whenever they like, right?"
"I have nothing to fear, so its ok for government employees to read all my emails, texts, letters, bank statements...."
But, I just get called a conspiracy nutcase most of the time.
When i hear the 'i have nothing to hide' idiocy, i usually respond with one of the following
"Cool, can i have the access details for your bank account please"
or
"Cool, can i put a webcam in your bedroom then please"
Then i explain that 'nothing to hide doesn't mean nothing i want to keep private'
I usually follow that with "besides, if it was just the police and GCHQ accessing your data, i'd probably see your point, but its all of government, including the jobsworths in local council who want to spy on your bin usage. Do you think they've been properly vetted to make sure they are decent people who won't misuse their power to get one over on a neighbour they don't like?"
"I have nothing to hide"
You could point out that they almost certainly have stuff which they're contractually obliged to hide. Pretty well any log-in credentials that access anything that deals with money and especially banking sites will, if they check the T&Cs, have to be kept confidential. How do they propose to do that if HMG have a back door into the communication? Avoid the online access altogether?
1984 is here, yet somehow it's all OK with the majority of people because it is private enterprise doing the mass surveillance, not the state per se. I say "per se" because the governments kowtow to the corporations anyway, and happily legally request, err subpoena, I mean confiscate without proper procedures the information when they damn well please, making said corporations a de facto extension of the governments when it suits said government's needs.
But, again, everyone is OK with this. As long as they get their cat photos and lunch selfies as soon as they are posted to Faceplant or Twatter, everything is fine. They allow Alexa into their homes and when confronted with the privacy questions you get a "Who cares, as long as it plays music when I want!"; they remain signed in to their Google account while they surf the entire web and watch YouTube videos, with a "Why would I sign out? I'll lose the convenience of Google recommending a playlist!".
Let them burn. With no children of my own and my days on planet Hell Earth counting down, I'm enjoying the anticipated schadenfreude before it even arrives.
My boss recently brought Alexa into our office. That killed all conversation, even work conversation, until he left the office when we'd turn it off & unplug it. He asked who turned it off a few times and after getting each of us as an answer on different days he eventually removed it.
confiscate without proper procedures the information when they damn well please, making said corporations a de facto extension of the governments when it suits said government's needs
This is a serious upcoming problem.
We have seen just this week, the FBI demanding to know everything about everyone who responded to the Christchurch gunman's post on 8chan. Not just people who indicated they were keen to emulate him, or even those who supported him, but everyone. Including those who condemned the post. They want real names, IP addresses, posting history, etc.
The way this should work is that 8chan should be served with a warrant to provide the entire post dialog (including, probably, any deleted or "private" comments, if such a thing exists on 8chan -- I don't know). Then, after reading the dialog, the FBI should identify any commenters who might need further investigation. And then have to go again to a judge to get a warrant for more information about each of these suspects - presenting the evidence of the comment they made - and get the judge to agree this makes them suspicious enough to be investigated.
But they can't be bothered with due process: they just want all the information on everyone who interacted at all and expect to be trusted not to either act on, or record, information about people who do not need investigating.
Presumably anyone who commented will now be recorded on a database forever as an "associate" of the shooter. Good luck with that (cf. John Catt, here in the UK)!
Not surprisingly, a lot of the submissions found folk don't understand what happens to their data and therefore do not give meaningful consent when using online services.
Requiring them to give their reasons for consent in no less than 50 words on each occasion before consent was processed would fix that.
"...folk don't understand what happens to their data and therefore do not give meaningful consent..."
And, as long as companies can hide the truth behind the masses of distinctly unique EULA's that are obfuscated with a tangle of technical jargon--either by way of lazy lawyers or an intent to deceive, even those of us who understand that there is a problem will grow ever more ignorant of the hidden details--simply because we can't keep track remember them all.
A privacy bill of rights to set minimum standards for EULA transparency and minimum standards for privacy protection will be unavoidably necessary sometime very soon. Otherwise, the ever increasing melange of click through will devour us all.
They could make the EULAs clear and transparent but still just about no one would read them... most will still instantly scroll to the bottom to click 'AGREED'
You could even mandate a minimum 2 minute timeout to try and force people to pay attention but they would just be waiting at the bottom of the page for 1m59s for AGREED to become live.
Quote: "....he increasing collection, use and storage of data by corporations poses a serious risk to privacy and security..."
"by corporations".....huh? No mention of the STASI in Cheltenham? No requirement for Jeremy (Fleming) to turn up and explain "use and storage of data" by the STASI?
Another quote, this time from William Burroughs: "The paranoid is a person who knows a little of what is going on."
I've got soul but I'm not a soldier
so , anyway, I managed to find enough cash to buy an Apple iPhone SE. Bought it in the applestore, then asked if I could use their wi-fi to set it up.
30 minutes later, I had a crowd of apple sales droids around me asking what I was doing, as I was drilling down into every single decision tree of the "Settings"
I then gave a mini-lecture on how their product was not inherently bad, just needed a bit of tweaking to get it almost privacy enhancing, and that the overpriced iPhone was better than the competition, which I still judge true, since my Nexus One days of being a nice - but not secureable alternative OS, others may be able to handle slurpOS better than me.
in iOS, try Settings/Privacy/Location Services/System Services/ for fun things to configure, Significant Locations is very helpful!
still some questions remain:Why do iMessages need their crypto enabling silent SMS from a UK based server? why not a German or RU or US server?
Why do I keep getting "Suggestions" enabled, when I regularly lock them down...iCloud Notes, Game Centre, iCloud Keychain recently auto-turned ON
anyway , enough of the Fruit, who *almost* allow a bit of privacy, and over to The Slurp, the richest data mining entity that I have ever seen
I regularly update Chrome, as one should, but each update apparently tweaks the user privacy in usually a negative way, obfuscated way?
I'm currently at v.75.0.3770.100, which allows as default many suspicious items, typically a new hazard for every little update on desktop Chrome at least
quickly looking at a few glaring examples of 'mass slurping' at the start of chrome://settings/
"Other Search Engines" - long list (are they 'accidentally' BCC'd with any search queries to default Search provider?)
Then, in Advanced of "chrome://settings/", the fun really starts
"send usage statistics" telemetry = everything, or just 'nearly everything'?
"Continue running background apps when Google Chrome is closed", "background sites continuing to send & receive data", "unsandboxed plug-ins"/apps & TSR's? "install handling protocols", e.g. P2P almost trojan behaviour, whilst "your clipboard" ctrl C+V is being regularly scanned for text and images, (and they will be likely scanned for facial rec and location & other metadata) and any "payment cards" remotely backed-up in case you need further badverts & profiling of your entire life
"Site Settings" "Microphone", "Camera", "Location", NEW: "any sensors data" (which might have the granularity to reveal which letter/number is being typed, even when you are not using Chrome)
imho 'ASK first' is not sufficient protection as can get double-tap 'ask+yes' background pop-unders, historically, and at least Chrome still works when everything is locked down tightly
who even needs an Alexa with anything running stock Chrome in the room, potentially slurping everything, then sharing covertly VERY widely
Firefox , if you look closely, in their settings can even "run studies" on your machine, when they feel like it , we all know what study "pref-flip-screenshots-release-xxxx" study did on my PC, yes/no/maybe?
"Mass slurping by firms" say the ICO is not only a huge risk to privacy, it is a war, against the general public, and you can lose actual money
locking things down does have an effect - I checked with a mate, in May 2019, his vanilla undefended iP6 against my iPSE, we went to vodafoe's website at same time on same wi-fi AP, we were both offered a new home fibre/ADSL service pop-over as we landed, but strangely my price was a tenner a month cheaper than his offer - beware data driven surge pricing... I think it has already started - but the endpoint is quite scary. Go (underfunded) ICO
/rant
Microsoft's current privacy statement is over 32,600 words long. Many are longer than 5000 words. Most are extremely unclear as to what processing is actually performed, the lawful bases for the processing and the data subject's rights in respect of the processing. The Twitter landing page currently states "By using Twitter’s services you agree to our Cookie Use and Data Transfer outside the EU. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads. " and Facebook's states By clicking on or navigating the site, you agree to allow us to collect information on and off Facebook through cookies. which are both probably unlawful in the EU and UK on several counts.
These are at best examples of "compliance" in quotes. It's not intended to fulfil the regulation's specified obligations to the data subject - witness the excessive use of "legitimate interest", which is [a] supposed to be explained in respect of each specific processing activity and be supported by a documented assessment of balance of interests between the business and the data subject.
We should start challenging businesses for even minor infractions - only public pressure and penalties will drive change.
"I have no idea why no government (anywhere in the world, as far as I know) has introduced an opt-in law for this crap."
Cough. GDPR. It's going to be a while before enough cases work through enforcement and appeals to make the offenders really sit up and take notice but it is opt-in.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
