Magnifying glass

When you become the commodity: 9 alarming developments in the fight for digital privacy

These days it seems we need to go to great lengths to protect our digital privacy. But there is such a thing as taking it too far, as one Australian man recently learned.

A 60-year-old electrician in Perth, Australia worked for an electrical company that used GPS tracking via a company-owned PDA to keep tabs on its employees. After protesting what he considered an invasion of his privacy, the man began hiding his PDA inside a mylar snack bag, which acted like a Faraday cage and prevented the PDA’s GPS system from transmitting location information. The fact that he used the technique more than 140 times and spent his “off the grid” time playing golf may have accounted for an Australian labor board ruling against him in his wrongful termination suit.

But with all of the tracking going on, much of it happening without our consent or awareness, there’s a certain satisfaction in securing some hard-won privacy. To help you find the level of privacy and cybersecurity that’s right for you, here is a roundup of 9 recent developments:

1. Researchers from a Chinese university demonstrated that “inaudible ultrasonic voice commands can be used to secretly interact with systems like Siri, Alexa, and Google Now.” The scientists first recorded regular voice commands, then converted them into ultrasonic frequencies that humans cannot hear but that many smart devices can receive and process. Using the technique, they were able to execute voice commands including ‘activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile.’

2. A new Princeton University study revealed that 400 popular websites use tools called session replay scripts designed to record everything you do on the website. This includes even forms that you fill out partially then abandon as well as data pasted into a form field from your computer’s clipboard. The privacy threat is twofold: first, this level of data collection is poorly disclosed, or not disclosed at all; second, on many sites it was learned that the data was linked to specific users’ accounts (rather than anonymized) and transmitted to third-party servers for processing (and who knows what else).

3. Android users alert. Technology website Quartz announced the results of an investigation into Google’s surveillance of Android users. Turns out, even when Android users have Location Services off, Google continues to record a user’s location using cell phone tower triangulation. “Devices with a cellular data or WiFi connection appear to send the data to Google each time they come within range of a new cell tower. When Android devices are connected to a WiFi network, they will send the tower addresses to Google even if they don’t have SIM cards installed.” In response, a Google spokesperson indicated the company was taking steps to end the policy.  

4. The new Apple iPhone X has attracted attention for its new facial recognition technology, features that Apple state are highly secure. But a recent report suggested that there may be a significant privacy loophole to those claims. It turns out that Apple shares that data with third-party developers in exchange for a promise that they will seek customer permission to use and share the data. The challenge is that once that data leaves Apple’s servers, “That remote storage raises questions about how effectively Apple can enforce its privacy rules,” according to advocacy groups like the American Civil Liberties Union and the Center for Democracy and Technology.

5. Section 702 of the Foreign Intelligence Surveillance Act has been interpreted by the Federal government to include the power to demand that a tech company build an encryption “backdoor” into their product if asked to do so by the secret Foreign Intelligence Surveillance Court. With the government involved, it’s hard to predict the future of this legislation.

6. Often, people with moderate views of digital privacy rely on the idea of anonymity to justify the use of services that track them and record their lives. The thinking goes: “What does a giant corporation care about me in particular?” That viewpoint was called into questions after a group of security researchers from the University of Washington demonstrated that they were able to track individuals in real-time using about $1,000 worth of location-based mobile ads. They were able to track location as well as the apps and services a person uses, solely by exploiting flaws in mobile ad networks.

7. Yale Privacy Lab researchers found that over 75% of Android apps are secretly tracking users. They reported that, “Android apps tracking users aren’t just small timers looking to make a buck selling data—it’s apps like Tinder, Spotify, Uber, PayPal, Twitter, and Snapchat.” They shared a warning with Apple iOS users as well, stating that many of the apps in their study are cross-platform and likely to behave the same on other platforms.

8. As anyone who travels during the Christmas holidays knows, lines at security checkpoints can be endless. In an effort to reduce wait times, some airports are tracking travelers’ smartphones to be better able to adjust to moment-by-moment increases in the number of people entering security checkpoints. The challenge, of course, is implementing data tracking without consent or without clear policies disclosing how user data is collected, stored, shared, or even sold.

9. Until forced to end the practice by user complaints, Uber’s iOS app had special permission from Apple to record users’ screens. The ability to record a user’s screen comes from something called an entitlement, which lets a developer use certain resources in the normal functioning of their app or service. The problem, as it so often is, is what happens when this ability is exploited without a user’s knowledge. “Although the entitlement isn’t intended for this, the worry is that Uber—or a hacker who managed to break into Uber’s network—could silently monitor activity on an iPhone user’s screen, harvesting passwords and other personal information.” After the issue was reported, Uber announced that it had stopped using the entitlement.

Entefy regularly publishes roundups like this intended to help you stay informed about developments in the always complicated digital privacy universe. Check out our previous article featuring 10 cybersecurity and privacy threats that will make you miss Nigerian prince and lottery email scams.