Privacy Roundup #0045 • April 2010
April 2010 was dominated by social networks: Facebook opened the web with Open Graph and Instant Personalization while regulators and senators rounded on Google Buzz and the rest.
1. Ten national privacy authorities scold Google over Buzz
The privacy commissioners of ten countries wrote jointly to Eric Schmidt, saying Google Buzz had shown a disappointing disregard for fundamental privacy norms. They urged Google to build privacy into its products from the design stage onwards.
2. Google launches its first Government Requests tool
Google became the first large internet company to publish figures on how often governments asked it to hand over user data or remove content. The tool was a useful first step, although it excluded national security letters and counted requests rather than affected accounts.
3. Facebook unveils Open Graph and the Like button
At its f8 conference Facebook launched social plugins and the Like button, letting any website report a visitor's activity back to a Facebook profile. Marketers were quick to see the value of the data, and privacy watchers were quick to worry about tracking across the web.
4. Facebook switches on Instant Personalization by default
Facebook handed some profile data to partner sites such as Yelp and Pandora the moment a user visited them, with everyone opted in by default. Bloggers and security writers criticised the opt-out approach as the wrong way round.
5. EFF warns Facebook has cut user control over personal data
The EFF reported that Facebook had turned profile interests and details into public connections, with deletion as the only alternative to disclosure. The change exposed sensitive interests, from abortion rights to drug use, to anyone who cared to look.
6. EFF publishes a guide to opting out of Instant Personalization
The EFF set out the awkward two-step process needed to switch off Instant Personalization, which involved both unchecking a box and blocking each partner application. It noted that friends could still leak public information about a user unless those applications were blocked too.
7. Four senators challenge Facebook over privacy
Senators Schumer, Bennet, Begich and Franken wrote to Mark Zuckerberg about the wider sharing of profile data, indefinite advertiser retention and Instant Personalization. They argued that such features should require users to opt in rather than to opt out.
8. A timeline of Facebook's eroding privacy policy
The EFF traced how Facebook had moved from promising that no personal information would be shared without permission to making whole categories public by default. The timeline laid bare a steady drift away from the protections users were first offered.
9. ACTA negotiators agree to release the secret treaty text
After years of pressure, negotiators concluding the eighth round of ACTA talks agreed to publish the long-secret text on 21 April. The EFF welcomed the move while warning that the released version would strip out each country's negotiating position.
10. EFF dissects the published ACTA text
Once the text appeared, the EFF warned that ACTA could lock in damaging copyright rules and create new obligations for internet intermediaries to police their users. It cautioned that provisions on three-strikes disconnection and criminal liability threatened privacy and free expression.
11. Blippy leaks users' credit card numbers into Google
The social shopping site Blippy admitted that raw transaction data, including full card numbers for several users, had been exposed and indexed by Google for months. The company was criticised for a slow and quiet response that left most users unaware of the problem.
12. TSA concedes that body scanners can store images
In response to a congressional inquiry, the TSA acknowledged that airport body scanner images could be recorded for testing, training and evaluation. The admission contradicted earlier assurances that the machines could not store or transmit pictures of travellers.
13. EPIC reveals the government holds 2,000 body scanner images
Through a freedom of information lawsuit, EPIC obtained documents showing that the Department of Homeland Security held about 2,000 stored body scanner images. The papers also set out machine specifications and hundreds of pages of traveller complaints.
14. School worker argues spied-on pupil had no privacy
In the Lower Merion webcam case, a technology coordinator claimed a pupil had no expectation of privacy because he was not authorised to take the laptop home. The district had secretly captured tens of thousands of webcam images and screenshots of students.
15. WikiLeaks releases the Collateral Murder video
WikiLeaks published gun-camera footage of a 2007 Apache helicopter attack in Baghdad that killed civilians and two Reuters staff. The release brought the organisation to global attention and raised hard questions about secrecy and accountability.
→ collateralmurder.wikileaks.org
16. Hundreds of WordPress blogs hijacked at Network Solutions
Attackers altered database settings to redirect visitors of WordPress blogs hosted at Network Solutions towards malicious code. The root cause lay in configuration files that left database credentials readable on shared servers.
17. Researcher uncovers a Facebook session-hijacking flaw
A security engineer showed how a malicious site could hijack the session of an authorised application such as Farmville and quietly siphon a victim's profile data. The proof of concept exposed photos, messages and wall posts without any consent from the user.
18. Sarah Palin's email hacker is found guilty
A federal jury convicted David Kernell over the 2008 break-in of Sarah Palin's Yahoo email account during the presidential campaign. He was found guilty of obstruction and unauthorised computer access, while the jury split on the identity theft charge.
19. Irish court rules an IP address is not personal data
The Irish High Court upheld a three-strikes settlement between Eircom and the record labels, despite the data protection commissioner's concerns. The judge held that the IP addresses of suspected file sharers were neither personal nor sensitive data.
20. Apple adds per-app location controls in iPhone OS 4
At its iPhone OS 4 event Apple promised a status bar arrow to show when an app was using location and per-application controls to switch tracking on or off. A second indicator would flag any app that had requested a user's location in the previous day.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: