Uber concealed breach of 57M users for more than a year

(Nov 22, 2017) Bloomberg reports hackers stole the personal information of 57 million Uber customers and drivers, an incident the company concealed from the public for more than a year. Uber, which was negotiating with the Federal Trade Commission for other privacy violations at the time of the breach, also paid the hackers $100,000 to keep the breach quiet. Compromised information includes names, email addresses and phone numbers of 50 million users; the personal information of 7 million Uber drivers; and the... Read More

Google using devices to obtain location data despite settings

(Nov 22, 2017) Quartz reports on Google's ability to collect the location data of anyone using an Android device, even if they have location services disabled. Android devices have been collecting the addresses of nearby cellular towers and delivering the information to Google since the beginning of the year. A Google spokesperson said the cell tower addresses are incorporated into the system the tech company uses to send push notifications and messages on Android devices. The company plans on ending the pract... Read More

Ontario's drone highway-monitoring program raises privacy concerns

(Nov 17, 2017) The Ontario government has reached an agreement with The Sky Guys drone technology company to have drones monitor sections of highway, The Globe and Mail Reports. The Ontario government sought to find a technology to help enforce the rules of high-occupancy toll lanes. The Sky Guys said its software will obscure identifying details about drivers, while the office of Ontario’s Minister of Economic Development and Growth released a statement saying "all solutions developed will need to adhere to t... Read More

Will ePrivacy reg abolish surveillance-driven advertising?

(Nov 9, 2017) The EU General Data Protection Regulation has been a front-and-center issue for privacy pros and businesses for some time now, but major regulatory issues appear to be just getting started. That was made clear Thursday at the IAPP Europe Data Protection Congress by German MEP Birgit Sippel during her first public speech as the European Parliament's Special Rapporteur for the proposed ePrivacy Regulation. With former MEP and Special Rapporter Marju Lauristin winning an election for her local coun... Read More

Sippel: ePrivacy reg should 'abolish surveillance-driven advertising'

(Nov 9, 2017) The EU General Data Protection Regulation has been a front-and-center issue for privacy pros and businesses for some time now, but major regulatory issues appear to be just getting started. That was made clear Thursday at the IAPP Europe Data Protection Congress by German MEP Birgit Sippel during her first public speech as the European Parliament's Special Rapporteur for the proposed ePrivacy Regulation. "Would you allow a stranger to go into your bedroom or look through your drawers without yo... Read More

WhatsApp new location-sharing feature provides encryption

(Oct 20, 2017) WhatsApp announced that a new feature will allow users to share their precise location in real time with other users on their contact list, The Verge reports. Live Location is a feature borrowed from WhatsApp's parent company, Facebook, and will provide users the ability to share location data with end-to-end encryption, just like all other messaging functions in the app. The user will control how long the location is shared and who will be able to see the data. Full Story... Read More

Report: Anonymous location tracking proves difficult for individual privacy

(Oct 10, 2017) A Freedom of Information request for London's transport regulator to release "anonymized" data from a four-week trial to map travel flows, demonstrates the difficulty of tracking location data without risking individual privacy, TechCrunch reports. Transport for London has assured its pilot program, which followed Wi-Fi nodes and MAC addresses of users' smartphones, would "automatically de-personalize" data. However, in an email seen by TechCrunch, it appears the TfL has turned down the FOI requ... Read More

Illinois Geolocation Privacy Protection Act sponsor working on overriding governor's veto

(Sep 29, 2017) After Illinois Gov. Bruce Rauner vetoed the state’s Geolocation Privacy Protection Act, the bill’s sponsor, Rep. Ann Williams, is working on a strategy to override the governor’s decision, Bloomberg BNA reports. In order to reach the three-fifths majority needed to override Rauner’s veto, the bill’s supporters will need to pick up three votes in the state Senate and eight in the House. Two sessions have been scheduled by the legislature in October and November to consider vetoed legislation. Chi... Read More

Breach exposes 540,000 records from vehicle tracking company

(Sep 22, 2017) The Kromtech Security Center recently found roughly 540,000 records belonging to SVR Tracking, a company that specializes in “vehicle recovery,” in a publicly accessible online Amazon S3 bucket, Gizmodo reports. The records contained information including email addresses and passwords, as well as some license plate and vehicle identification numbers. The SVR passwords were stored using a cryptographic hash function, SHA-1, though one that’s 20 years old and with known weaknesses. The company tra... Read More

Apple's iOS 11 rollout pushes Uber to change location-tracking settings

(Sep 21, 2017) Uber has updated its iOS app to give users the option to only share location data when the app is in use, The Verge reports. Uber previously announced its intention to remove the feature but now makes the change as Apple rolls out iOS 11. The new operating system gives users the ability to choose whether apps can only access location information when in use, regardless of the developer’s intentions. The changes will also be in effect for Uber users still on iOS 10.Full Story ... Read More