The hacks, data breaches, uncanny smart devices, panoptical social media, and government surveillance that happened in a single year. Yay!!
This happens in a lot of little ways: feeling more comfortable letting a smart device into our home, giving more access to information about ourselves to social media platforms (or discovering to our shock how much info they had been collecting this whole time), or being victim to a big data breach. Each of these little things doesn't feel like a lot when it happens – we might be shocked or surprised, but eventually we get used to it. Tech pushes the limits of what we feel okay with just a few inches at a time, and we don't notice until we look back that "the line" has moved miles.
This year was no exception. Let's look back and see all the ways big companies chipped away at our privacy bit by bit in 2017.
Equifax had a data breach that affected 145 million Americans, lol.
Hackers were able to obtain names, addresses, social security numbers, and birthdays of people. The CEO of Equifax testified before Congress about the hack, admitting it was "human error" where they knew about a software vulnerability but didn't fix it. He later resigned (with a $18.4 million pension).
This was a bad one. Real bad.
Mark Wilson / Getty Images
Oh yeah, and the camera for the Amazon Key? It can be hacked.
Cloud Cam is the monitor that allows you to watch your delivery take place, creating a sense of security that a delivery person isn't going to rob you. But researchers discovered that it could be disabled through WiFi, meaning a delivery person could disable the camera, get inside, and ravage your toilet.
Amazon
Google Maps for iPhone has been keeping a log of everywhere you go throughout the day on your "Timeline".
It's actually kind of cool to look through – it can tell you exactly where you went at exactly what times on any specific day. It also shows you which photos you took at the place you went to. Which is very cool! But... also... you know, FRIGHTENING.
You can totally turn this off in the Settings in the app.
Google Home Mini had a flaw that caused it to always listen to you.
Instead of only starting to listen and record when you say "Ok, Google", the Mini was actually recording all the time. The flaw was only in the Mini, and a software patch fixed it.
Uber had a massive customer data breech, and didn't tell anyone for a year.
Data from 57 million users was compromised back in 2016, but Uber didn't disclose it until November 2017. The hackers were paid a "bug bounty" of $100,000 by Uber. Bug bounties are common – a way of rewarding people who report software vulnerabilities. But this was usually large, and it skirted Uber's legal obligation to inform its customers there was a hack.
Uber's new CEO, Dara Khosrowshahi only found out about the hack, which happened under disgraced former CEO Travis Kalanick, and was doing an investigation. The New York Attorney General, Eric Schneiderman, is also investigating.
Sergio Lima / AFP / Getty Images
Apple asked us to teach our iPhone X's to recognize our face.
Welcome to the future, may I scan your face? Face ID launched for the iPhone X – you can unlock your phone just by looking at it. People might have had some qualms about it, but plenty went ahead and bought the phone and are happily using it. Apple says it's more secure than the finger Touch ID. And until true Face/Off technology is perfected we're ok. Oh wait...
Getty
Someone says they can hack the iPhone X's FaceID using a mask.
So we don't even need to wait for Face/Off surgery! A Vietnamese cybersecurity firm did a test using a silicon mask. While the mask worked successfully in a demo for reporters at Reuters, the researcher said he couldn't do it on a new blank phone, because it would take too long to set up. So, take it with a tiny bit of skepticism.
Kham / Reuters
Marketers on Facebook are using "psychographic" techniques to target ads.
Vice's Motherboard reports that based on just a few "likes", marketers can analyze your psychology, and serve you ads based on that. For example, they can tell if you're an introvert or extrovert, which can be used to more effectively get you to click on ads. Let's say a travel agency advertises packages to Las Vegas to extroverts, and secluded bed and breakfasts to introverts.
Max Halberstadt / Public Domain
Cloudflare had a bug that leaked passwords from Okcupid, Yelp, Medium, Fitbit, and more.
Over 5.5 million sites use the security and web performance company Cloudflare, including some incredibly huge and popular sites like Yelp. A bug in HTTPS caused some data to be pushed to the wrong place – dating site messages and hotel bookings ended up on search results, or Fitbit info was pushed to a site in the Philippines. Basically: change your password, everyone!
Dave Kotinsky / Getty Images
TV ads hijacked Google Home smart speakers to sell you burgers.
Burger King made a TV ad where a pitchman says "Ok, Google, what is the Whopper burger?" If you owned a Google Home smart speaker, your device would be prompted by the voice on TV to start reading the Wikipedia entry for the Whopper.
Pretty clever! The ad even went on to win a major advertising industry award. But it is a little scary that marketers can use your smart devices to deliver ads to you this way.
India finally made its fingerprint and retina scanning ID system mandatory for everyone.
Aadhaar is the identification system for India, similar to Social Security numbers, but with a biometric ID. It started as a voluntary system, but in early 2017 a new law made it essentially mandatory. BuzzFeed tech reporter Pranav Dixit explains:
"Last month, the government passed a finance bill making it mandatory for every Indian who files tax returns to input their Aadhaar number. Asked if the government was forcing citizens to get Aadhaar despite the Supreme Court mandate, finance minister Arun Jaitley replied simply, 'Yes, we are.'
In the future, Indians may be required to use Aadhaar to log on to public Wi-Fi hotspots, buy train tickets, access bank accounts, withdraw pension money, use matrimonial websites, and buy tickets for cricket matches — among other things.
Critics paint a grim picture of India with mandatory Aadhaar: an Orwellian state with every action of every citizen under constant scrutiny at all times."a
BuzzFeed News
Amazon in India wants to use that biometric ID to track packages.
BuzzFeed News obtained chats between customers in India and customer service agents from Amazon telling them that if they didn't upload their biometric ID (called Aadhaar), it might delay being able to track their packages. It's one thing to give the government your biometric ID; it's another to give it to Amazon.
Screenshot / BuzzFeed News
So do Uber and Airbnb....
Airbnb is considering using Aadhaar for hosts, and Uber and Ola are thinking of using it to verify drivers.
Noah Seelam / AFP / Getty Images
US intelligence has been illegally overreaching by snooping into citizens' financial records.
Under law, banks have to report suspicious transactions over $10,000, and hand over lists of these transactions to a government agency every day. But FinCEN, the agency that has the legal access to these lists of transactions says that another agency – the Treasury's intelligence department – has been accessing the information. Sources told BuzzFeed News that this is effectively a backdoor for the CIA and other intelligence agencies to snoop on Americans' finances.
Mandel Ngan / AFP / Getty Images
Facebook wants you to send it your nudes, so it can block other people from posting those nudes as revenge porn.
As a revenge-porn prevention measure, you can upload your nudes to Facebook through Messenger, then Facebook will digitally scan them using machine learning and block anyone else from uploading that exact same photo. Facebook says they're not storing the photos anywhere; they'll only store a digital "hash" of it (basically a 1s and 0s version). Buuuut...at least one employee has to see the photos to moderate it and verify it's actually a nude and not like, a photo of Trump.
Facebook has been using your phone's contacts to create a "shadow profile" with people who have you in their email or phones.
You know how the "People You May Know" section is eerily creepy? Like, it might find your old landlord, or a family friend you've never emailed or don't have mutual friends with? A Gizmodo investigation showed how Facebook creates a network of contacts far beyond what you'd expect when you allow them access to your contacts list on your phone. You might never realize how much Facebook knows about you from access to your contacts until that one moment a really uncanny person shows up in your suggested friends.
Screenshot / BuzzFeed News
And ICE is asking tech companies like Microsoft to build tools to let them track visa holder's social media.
ProPublica reported that at a conference for government technology contractors like Microsoft, Deloitte, Accenture, and Motorola, a representative from Immigration and Customs Enforcement said in a presentation that they were looking for tools that could monitor immigrants' social media and monitor for potential threats.
Drew Angerer / Getty Images
Google introduced Clips, a camera that is ALWAYS ON and automatically takes photos.
The camera is always on and can sense using AI when it's time to take a great pic – like when you're looking at it or subjects are in view. It's apparently great for kids and pets, who are hard to get to sit still when you pull out a camera. All the pics are stored on the machine locally. But still...
Amazon introduced Show, which makes video call "drop ins" to other people with a Show.
Here's how BuzzFeed's Mat Honan describes how it works:
"Let’s say my father has activated Drop In for me on his Echo Show. All I have to do is say, 'Alexa, drop in on Dad.' It then turns on the microphone and camera on my father’s device and starts broadcasting that to me. For the several seconds of the call, my father’s video screen would appear fogged over. But then there he’ll be. And to be clear: This happens even if he doesn’t answer. Unless he declines the call, audibly or by tapping on the screen, it goes through. It just starts. Hello, you look nice today."
Creepy!
Amazon
Turns out Android phones were tracking your location, even if you had location services turned off.
To send push alerts and messages, Android had been collecting cell tower info on phones who had locations services turned off. That's enough to let someone know roughly where you are – what city, for example. After Google was contacted by Quartz about this, they said they would stop doing it.
Afp / AFP / Getty Images
Hinge created a matchmaking app, and it means that anyone can download it and see which of their Facebook friends are using Hinge.
The idea is to helpfully suggest matches for your friends looking for love. But what it can do is allow someone who isn't on regular Hinge to be able to view all of their Facebook friends who are on the dating app.
While it's always been possible to accidentally find someone you know on an dating app, this is an instant way to find out who you know is single and dating. It could embarrass someone who doesn't want coworkers or family to know they're dating, or even out someone interested in same sex dating.
Hinge
Australia will add driver's license photos to a national facial recognition system to find people on security cameras.
Drivers' licenses photos will be pool across states and territories and to make one big database of photos, which will be scanned with facial recognition software. It will be used by law enforcement for cases of identity theft, and prevent people from getting two licenses.
Prime minister Malcolm Trumbull said that the government could also use it to identify people on CCTV footage. G'day, surveillance state!
Getty
E-commerce app Wish makes your wish lists public.
Wish is the number one advertiser on Facebook, and is valued at $8.5 billion. And yet, for some reason they give all shoppers public "profiles" and don't have an option to make their wishlists or saved items lists private. So think twice before adding some of their very weird sex toys to your wish lists.
Wish
Mattel announced plans to make a smart speaker for babies (but then canceled it).
After consumers and lawmakers expressed concern about about how the device will record children and how it will protect and store the information, Mattel decided it didn't "fully align with Mattel's new technology strategy." The Aristotle was supposed to be a smart baby monitor, that would play soothing music if an infant was crying, and for toddlers it would read stories or teach manners.
nabi / Via shop.nabitablet.com
Roomba is planning on selling maps of your home.
The smart vacuum has been collecting data about your home and now connects to Alexa. Roomba sees selling this data as a new business model where it can connect your data (if you opt in) to Apple, Google, or Amazon.
from BuzzFeed - Tech https://www.buzzfeed.com/katienotopoulos/35-times-privacy-was-a-lie-in-2017?utm_term=4ldqpia
No comments:
Post a Comment