Privacy Roundup #0077 • December 2012
December 2012 saw user data turned into advertising fuel, from Instagram's photo grab to a Verizon camera patent, while lawmakers reauthorised warrantless surveillance and China and Britain pushed competing visions of state control over the network.
1. Instagram rewrites its terms to sell user photos for adverts
Instagram published new terms of service that appeared to let it use members' photographs in paid adverts without consent or payment. The change triggered a fierce backlash, a trending boycott and a swift retreat by the Facebook-owned firm.
2. Instagram hit with a class action over the terms change
A California user sued Instagram in the Northern District of California, accusing the company of breaching its contract with members over the revised terms. The suit argued that users lost rights to their own images even after deleting their accounts.
3. Senate reauthorises the FISA Amendments Act for five years
The Senate voted 73 to 23 to extend the warrantless surveillance powers of the FISA Amendments Act through 2017. Amendments seeking transparency about how many Americans were swept up were rejected before the bill passed.
4. United States refuses to sign the new ITU treaty in Dubai
At the World Conference on International Telecommunications, the United States and dozens of allies declined to sign a revised treaty they feared opened the door to internet regulation and surveillance. Around a third of attending states walked away rather than endorse the text.
→ phys.org
5. Facebook scraps the user vote on its policies
After members failed to reach the 30 per cent turnout needed to make their ballot binding, Facebook moved to end the site governance vote altogether. Future changes to its data use policy would no longer be put to users.
6. Nationwide discloses a breach affecting 1.1 million people
Nationwide and Allied Insurance told more than 1.1 million people that an attack on a shared network may have exposed their personal data. The stolen information included names, dates of birth, Social Security numbers and driving licence numbers.
7. FTC finds children's apps still leak data without disclosure
A new Federal Trade Commission staff report found that only a fifth of children's apps disclosed anything about their privacy practices. Nearly 60 per cent quietly transmitted device data to developers, advertisers or analytics firms.
8. FTC strengthens the children's online privacy rule
The Commission adopted final amendments to the Children's Online Privacy Protection Rule, widening the definition of personal data to cover cookies, location, photos and audio. The changes also closed loopholes for plug-ins and cross-site tracking identifiers.
9. Google Maps for iOS arrives with a pre-ticked location box
The long-awaited Google Maps app for iPhone shipped with a pre-checked option to collect and send anonymised location data. Critics noted the tiny checkbox and the five layers of menus needed to switch the setting off later.
10. China mandates real-name registration for internet users
The Standing Committee of the National People's Congress passed a decision requiring service providers to collect users' real identities at sign-up. Officials framed it as data protection, but critics saw a tool to strip online anonymity and ease surveillance.
11. Verizon patents a set-top box that watches the living room
A Verizon patent application described a cable box using cameras and microphones to detect what viewers do, then serve targeted adverts to match. The system could note conversations, arguments and even cuddling to pick its pitches.
12. Facebook Poke App: Messages Self-Destruct Within 10 Seconds
Facebook released a standalone Poke app on 21 December that let people send photos, videos and text that vanished within seconds of being opened. It was a direct response to the rise of Snapchat and the appeal of ephemeral, less trackable messaging, although recipients could still grab a screenshot before the timer ran out.
13. Twitter starts letting users download their tweet archive
Twitter began rolling out a feature to download every tweet a user had ever posted in a single file. The move brought Twitter into line with Google and Facebook in giving people a copy of their own data.
14. Photo metadata exposes the fugitive John McAfee's location
A photograph of John McAfee published by Vice carried EXIF data pinpointing his coordinates in Guatemala, contradicting his own claims. The slip turned a careless upload into a textbook lesson in how images leak location.
15. MPs savage the UK snooper's charter
A joint parliamentary committee condemned the draft Communications Data Bill as too sweeping and told ministers to go back to the drawing board. The report singled out a clause letting the Home Secretary expand surveillance powers without fresh parliamentary approval.
16. A worm defaces thousands of Tumblr blogs
A self-spreading worm written by the trolling group GNAA forced anyone who viewed an infected page to reblog an abusive message. Thousands of blogs, including those of news outlets, were defaced before Tumblr contained it.
17. Senate passes Netflix-backed change to the Video Privacy Protection Act
The Senate approved a revision to the 1988 video privacy law, letting streaming firms obtain a single ongoing consent to share viewing records on social networks. The change cleared the way for Netflix to plug its catalogue into Facebook.
18. Twitter hands over Occupy Wall Street protestor's updates under pressure
Facing a court deadline and the threat of a fine, Twitter surrendered the tweets of Occupy activist Malcolm Harris to New York prosecutors over his objections. The handover became a landmark moment in the fight over who controls social media data sought by the state, and it cleared the way for his disorderly conduct case to proceed.
19. Internet Explorer flaw may let ad firms track mouse input
Researchers at Spider.io disclosed that every version of Internet Explorer leaked the position of a user's mouse cursor to websites, even when the browser was minimised or sitting on an inactive tab. Two advertising analytics firms were already exploiting the hole across billions of page impressions, raising the prospect that movements over virtual keyboards could betray passwords.
20. Court dismisses address book privacy case against Apple
A judge threw out Pirozzi v. Apple, a class action claiming apps uploaded users' contacts without consent, ruling the plaintiff had not shown concrete harm. The decision underlined how hard it remained to win privacy suits over quietly harvested data.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: