Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Tracking. Show all posts
Tracking
Cyber Security Healthcare legislation Location Privacy surveillance Tracking

Why Location Data Privacy Laws Are Urgently Needed

 

Your location data is more than a simple point on a map—it’s a revealing digital fingerprint. It can show where you live, where you work, where you worship, and even where you access healthcare. In today’s hyper-connected environment, these movements are silently collected, packaged, and sold to the highest bidder. For those seeking reproductive or gender-affirming care, attending protests, or visiting immigration clinics, this data can become a dangerous weapon.

Last year, privacy advocates raised urgent concerns, calling on lawmakers to address the risks posed by unchecked location tracking technologies. These tools are now increasingly used to surveil and criminalize individuals for accessing fundamental services like reproductive healthcare.

There is hope. States such as California, Massachusetts, and Illinois are now moving forward with legislation designed to limit the misuse of this data and protect individuals from digital surveillance. These bills aim to preserve the right to privacy and ensure safe access to healthcare and other essential rights.

Imagine a woman in Alabama—where abortion is entirely banned—dropping her children at daycare and driving to Florida for a clinic visit. She uses a GPS app to navigate and a free radio app along the way. Without her knowledge, the apps track her entire route, which is then sold by a data broker. Privacy researchers demonstrated how this could happen using Locate X, a tool developed by Babel Street, which mapped a user’s journey from Alabama to Florida.

Despite its marketing as a law enforcement tool, Locate X was accessed by private investigators who falsely claimed affiliation with authorities. This loophole highlights the deeply flawed nature of current data protections and how they can be exploited by anyone posing as law enforcement.

The data broker ecosystem remains largely unregulated, enabling a range of actors—from law enforcement to ideological groups—to access and weaponize this information. Near Intelligence, a broker, reportedly sold location data from visitors to Planned Parenthood to an anti-abortion organization. Meanwhile, in Idaho, cell phone location data was used to charge a mother and her son with aiding an abortion, proving how this data can be misused not only against patients but also those supporting them.

The Massachusetts bill proposes a protected zone of 1,850 feet around sensitive locations, while California takes a broader stance with a five-mile radius. These efforts are gaining support from privacy advocates, including the Electronic Frontier Foundation.

“A ‘permissible purpose’ (which is key to the minimization rule) should be narrowly defined to include only: (1) delivering a product or service that the data subject asked for, (2) fulfilling an order, (3) complying with federal or state law, or (4) responding to an imminent threat to life.”

Time and again, we’ve seen location data weaponized to monitor immigrants, LGBTQ+ individuals, and those seeking reproductive care. In response, state legislatures are advancing bills focused on curbing this misuse. These proposals are grounded in long-standing privacy principles such as informed consent and data minimization—ensuring that only necessary data is collected and stored securely.

These laws don’t just protect residents. They also give peace of mind to travelers from other states, allowing them to exercise their rights without fear of being tracked, surveilled, or retaliated against.

To help guide new legislation, this post outlines essential recommendations for protecting communities through smart policy design. These include:
  • Strong definitions,
  • Clear rules,
  • Affirmation that all location data is sensitive,
  • Empowerment of consumers through a strong private right of action,
  • Prohibition of “pay-for-privacy” schemes, and
  • Transparency through clear privacy policies.
These protections are not just legal reforms—they’re necessary steps toward reclaiming control over our digital movements and ensuring no one is punished for seeking care, support, or safety.
Read more »
Tracking
Ads Analytics AppleTV Chromecast control Cyber Security Data device FireTV personalization Roku settings smartTV streaming surveillance Tracking

Your Streaming Devices Are Watching You—Here's How to Stop It

Streaming devices like Roku, Fire TV, Apple TV, and Chromecast make binge-watching easy—but they’re also tracking your habits behind the scenes.

Most smart TVs and platforms collect data on what you watch, when, and how you use their apps. While this helps with personalised recommendations and ads, it also means your privacy is at stake.


If that makes you uncomfortable, here’s how to take back control:

1. Amazon Fire TV Stick
Amazon collects "frequency and duration of use of apps on Fire TV" to improve services but says, “We don’t collect information about what customers watch in third-party apps on Fire TV.”
To limit tracking:
  • Go to Settings > Preferences > Privacy Settings
  • Turn off Device Usage Data
  • Turn off Collect App Usage Data
  • Turn off Interest-based Ads

2. Google Chromecast with Google TV
Google collects data across its platforms including search history, YouTube views, voice commands, and third-party app activity. However, “Google Chromecast as a platform does not perform ACR.”
To limit tracking:
  • Go to Settings > Privacy
  • Turn off Usage & Diagnostics
  • Opt out of Ads Personalization
  • Visit myactivity.google.com to manage other data

3. Roku
Roku tracks “search history, audio inputs, channels you access” and shares this with advertisers.
To reduce tracking:
  • Go to Settings > Privacy > Advertising
  • Enable Limit Ad Tracking
  • Adjust Microphone and Channel Permissions under Privacy settings
4. Apple TV
Apple links activity to your Apple ID and tracks viewing history. It also shares some data with partners. However, it asks permission before allowing apps to track.
To improve privacy:

  • Go to Settings > General > Privacy
  • Enable Allow Apps to Ask to Track
  • Turn off Share Apple TV Analytics
  • Turn off Improve Siri and Dictation

While streaming devices offer unmatched convenience, they come at the cost of data privacy. Fortunately, each platform allows users to tweak their settings and regain some control over what’s being shared. A few minutes in the settings menu can go a long way in protecting your personal viewing habits from constant surveillance.
Read more »
Tracking
Apple Chrome Cookies Google Privacy Tracking

Google Delays Plan to Replace Cookies, Leaving Users and Industry in Limbo


In unexpected turn of events, Google has delayed its plan to replace tracking cookies in its Chrome browser, affecting its three billion users worldwide. The company had intended to transition to new, anonymised tracking methods to enhance user privacy, but these alternatives have faced regulatory and privacy challenges.

Cookie Controversy and Privacy Concerns

Originally, Google aimed to retire cookies and introduce Privacy Sandbox, which would use less invasive tracking methods by grouping users into like-minded cohorts. However, this initiative encountered significant pushback due to concerns over its effectiveness and potential industry impact. Critics argue that these new methods might still compromise user privacy and could harm the digital advertising ecosystem.

Google's Alex Cone, Product Manager for Privacy Sandbox, recently acknowledged the lack of progress, stating, “We’re at work on those [new] designs, and we’ll discuss those with regulators as we advance… there’s no new information to provide.” This indefinite delay has left many in the industry frustrated and uncertain about the future of digital tracking.

Reports indicate that Google is now in "damage control mode," attempting to soothe the industry's nerves. Meetings, forums, and panels have been held to address concerns, but concrete solutions remain elusive. Many ad tech executives feel like they're at the mercy of Google's decisions, which immensely impact their operations.

The Privacy Sandbox was seen as a necessary evolution from cookies, but now, with no clear timeline, the advertising industry is left in limbo. This delay means that the status quo of invasive tracking will continue for the foreseeable future, much to the dismay of privacy advocates.

Google vs. Apple: A Privacy Battle

The timing of these developments is noteworthy. Apple's recent ad campaign criticised Chrome's privacy practices, aligning closely with Google’s announcement of cookie delays. Apple has been a strong proponent of privacy, introducing features like App Tracking Transparency (ATT) that significantly restrict user tracking. The effectiveness of Apple's approach has been debated, with opt-in rates for tracking remaining low.

Google’s struggle with Privacy Sandbox could lead to similar outcomes as Apple’s ATT, where user tracking becomes more transparent but less prevalent. However, this shift requires careful consideration and regulatory approval, which is currently lacking.

The Future of Digital Tracking

The UK's Competition and Markets Authority (CMA) is closely watching Google's revised approach, emphasising the need for balanced solutions that protect consumers and market dynamics. The Electronic Frontier Foundation (EFF) has long advocated for banning behavioural advertising based on online activity, underscoring the urgent need for robust privacy legislation.

The advertising industry, having prepared for a post-cookie world, now faces uncertainty. Investments in Privacy Sandbox-related technologies may stall, and the transition to new tracking methods could be delayed indefinitely.

For Chrome users, this means continued exposure to current tracking practices, with no immediate improvements in privacy. Meanwhile, the digital advertising industry grapples with Google's unpredictable policy changes. As the debate over user privacy and tracking continues, the need for clear, effective, and timely solutions becomes ever more critical.

Read more »
Tracking
Cyber Crime DNS DNS Hacking Network Tracking

Hackers Tracking Victims with DNS Tricks


 


Cybercriminals have adopted a highly intricate technique known as DNS tunnelling to carry out malicious activities such as tracking victims and scanning network vulnerabilities, posing a significant threat to cybersecurity. DNS tunnelling involves the encoding of data or commands within DNS queries, effectively transforming DNS into a covert communication channel, which can be challenging for traditional security measures to detect.

Hackers leverage various encoding methods, such as Base16 or Base64, to conceal their digital footprints within DNS records, including TXT, MX, CNAME, and Address records. This covert communication method allows them to bypass network firewalls and filters, using it for command and control operations and VPN activities, thereby upgrading their ability to evade detection by security tools.

The Palo Alto Networks' Unit 42 security research team has recently exposed two distinct campaigns that exploit DNS tunnelling for malicious purposes. The first campaign, dubbed "TrkCdn," focuses on tracking victim interactions with phishing emails, enabling attackers to evaluate their strategies and confirm the delivery of malicious payloads. Additionally, a similar campaign named "SpamTracker" utilises DNS tunnelling to track the delivery of spam messages, highlighting the versatility of this technique in cybercriminal operations.

Furthermore, the second campaign, identified as "SecShow," employs DNS tunnelling for network scanning purposes. Attackers embed IP addresses and timestamps into DNS queries to map out network layouts and identify potential configuration flaws that can be exploited for infiltration, data theft, or denial-of-service attacks. This demonstrates the advancing tactics of cybercriminals in exploiting DNS tunnelling for a wide range of fraudulent activities. 

DNS tunnelling provides threat actors with several advantages, including bypassing security tools, avoiding detection, and maintaining operational flexibility, making it a preferred method for carrying out cyber-attacks. To alleviate this growing threat, organisations are advised to implement DNS monitoring and analysis tools to detect unusual traffic patterns and peculiarities promptly. Additionally, limiting DNS resolvers to handle only necessary queries can reduce the risk of DNS tunnelling misuse, enhancing overall cybersecurity defences.

The discovery of hackers exploiting DNS tunnelling focuses on the importance of staying careful against the pervasive nature of cyber threats and implementing robust cybersecurity measures to protect against potential attacks. By understanding the risks posed by DNS tunnelling and taking the required steps to mitigate them, organisations can effectively safeguard their networks and data.


Read more »
Tracking
Android Apps Data Devices Google Information Location Mobile monitoring personalization Privacy Security Smartphone Tech Technology Tracking

Is Your Android Device Tracking You? Understanding its Monitoring Methods

 

In general discussions about how Android phones might collect location and personal data, the focus often falls on third-party apps rather than Google's built-in apps. This awareness has grown due to numerous apps gathering significant information about users, leading to concerns, especially when targeted ads start appearing. The worry persists about whether apps, despite OS permissions, eavesdrop on private in-person conversations, a concern even addressed by Instagram's head in a 2019 CBS News interview.

However, attention to third-party apps tends to overshadow the fact that Android and its integrated apps track users extensively. While much of this tracking aligns with user preferences, it results in a substantial accumulation of sensitive personal data on phones. Even for those trusting Google with their information, understanding the collected data and its usage remains crucial, especially considering the limited options available to opt out of this data collection.

For instance, a lesser-known feature involves Google Assistant's ability to identify a parked car and send a notification regarding its location. This functionality, primarily guesswork, varies in accuracy and isn't widely publicized by Google, reflecting how tech companies leverage personal data for results that might raise concerns about potential eavesdropping.

The ways Android phones track users were highlighted in an October 2021 Kaspersky blog post referencing a study by researchers from the University of Edinburgh and Trinity College. While seemingly innocuous, the compilation of installed apps, when coupled with other personal data, can reveal intimate details about users, such as their religion or mental health status. This fusion of app presence with location data exposes highly personal information through AI-based assumptions.

Another focal point was the extensive collection of unique identifiers by Google and OEMs, tying users to specific handsets. While standard data collection aids app troubleshooting, these unique identifiers, including Google Advertising IDs, device serial numbers, and SIM card details, can potentially associate users even after phone number changes, factory resets, or ROM installations.

The study also emphasized the potential invasiveness of data collection methods, such as Xiaomi uploading app window histories and Huawei's keyboard logging app usage. Details like call durations and keyboard activity could lead to inferences about users' activities and health, reflecting the extensive and often unnoticed data collection practices by smartphones, as highlighted by Trinity College's Prof. Doug Leith.
Read more »
Tracking
Cyberattacks CyberCrime Cybersecurity GoodRx Healthcare Medication Technology Tracking

Tech Meets Healthcare: GoodRx's Rewarding 'Medicine Cabinet' Promotes Medication Adherence

 


To help people keep track of the medications they are taking, GoodRx is launching a digital medicine cabinet. As stated earlier, this app has been developed to increase medication adherence, or how well you comply with your doctor's orders regarding medication intake. A section of the website called the Action Center provides you with a daily summary of what you need to do every day. This is to ensure your treatment is up to date. 

Several apps are available to help people remember to take their medications daily. There's an emerging trend among online pharmacies and telehealth apps called GoodRx, but one company is taking things a step further by creating a digital medicine cabinet for its users. By creating a one-stop shop for comparisons, reminders, and refills, the idea is to provide an easy way for people to earn financial rewards for taking their medication on time. 

Medicine Cabinet, an innovative solution designed to help consumers manage their medications, is the latest addition to GoodRx, a resource for healthcare savings and information. With Medicine Cabinet, people can manage their prescriptions easily. They can get refills and daily pill reminders through the app. They can also search for low-priced prescriptions, find low prices, and earn rewards for staying on track with their prescriptions. Medicine Cabinet's capabilities will make it easier to adhere to treatment plans by making prescription management easier, smarter, and more relevant. Their overall healthcare costs will be handled more cost-effectively due to this, according to the company. 

To improve medication adherence, you will want to increase your ability to follow your doctor's directions and take the medication effectively. Many things can contribute to low blood pressure, high cholesterol, or stress, such as taking antidepressants or antibiotics regularly. According to the pharmaceutical journal US Pharmacist, the best results can be obtained when adherence rates are in the 80 percent range for those using lifelong medications. It may sound as if that is not a challenge, but studies show that half of all patients who suffer from chronic diseases have trouble taking their medications in the manner prescribed to them. Approximately $300 billion is spent on health care in the United States every year as a result of that. 

To improve health outcomes, manage chronic conditions, and reduce healthcare costs, medication adherence is one of the main determinants of healthcare system effectiveness. A study by the National Institutes of Health estimates that 50% of all American adults do not take their medications as prescribed and one of the reasons for this is the lack of affordability. Twenty to thirty percent of prescriptions never get filled because of this. In addition to having multiple prescriptions, the company noted that it becomes more challenging for patients to adhere to their treatment regimen. 

Most medication apps indeed provide you with notifications when it is time to take your medication, but this service is just one part of the solution. Even the most diligent patients may find it difficult to stick to their treatments for a variety of reasons, such as medical costs or a lack of health insurance. 

GoodRx's Medicine Cabinet feature has one interesting feature that makes it stand out. It also addresses barriers beyond forgetfulness, which is worth mentioning. This is why GoodRx's Medicine Cabinet incorporates an Action Center which, in conjunction with your prescription, makes it easy for you to keep on top of your treatments on the day in question. 

As an additional feature, you can set regular reminders for taking your medications and getting refills set up. This can be combined with recommendations for the pharmacies that have the best price on a specific medication, so you always know when to take your medication. As part of this, there is also a prescription dashboard that displays the previous prescriptions that have already been filled by GoodRx. This means that any new prescriptions will automatically populate so the existing GoodRx users do not have to enter any data manually. 

Medicine Cabinet is designed to help consumers throughout their patient journey. This is not just at the doctor's office, but at the pharmacy and home too, enabling them to seamlessly manage their prescriptions across their entire healthcare journey. 

With GoodRx, customers are offered prescription assistance along with personalized tools that keep them involved in their health care. These tools will help them keep track of their prescriptions. There is some preliminary data from GoodRx which indicates that users who engage with Medicine Cabinet are four times more likely to claim a prescription at the pharmacy as non-registered users, based on early data from the platform. 

The GoodRx mobile app allows users to manage more prescriptions. This results in a 40% higher prescription filling rate in the first half-year following the date on which the patient first filled a medication, compared to non-registered users. Until now, these data points have been used to illustrate the value of Medicine Cabinet in terms of giving GoodRx users the ability to remain on top of medications and keep them under control. 

A nice way to encourage people to fill out prescriptions that aren't filled as often is to give them small financial incentives, and Hull reports that early beta tests of Medicine Cabinet say that users who are enrolled in the feature claim prescriptions 400 percent more often than users who are not enrolled. Nevertheless, there is a lot of uncertainty regarding whether or not financial incentives are effective in developing and maintaining healthy habits. In some circumstances, these incentives are beneficial, but in other circumstances, they have been shown to not be viable for long-term change when it comes to long-term rewards. 

The Medicine Cabinet from GoodRx, however, also illustrates the tensions that are currently prevailing within the health tech industry. The use of large datasets is one of the greatest advantages of using features that rely on them. It's neat, for instance, that Medicine Cabinet does not require users to enter prescription information manually since it draws from previous claims to automatically populate prescription information for the next prescription. 

In addition to having a single hub for all of your medications and refills, it plays a very significant role in keeping an individual on track with everything they need to take, reminding you when to take that medication, and rewarding you when you do so consistently. 

Despite the convenience of information sharing between doctors pharmacies and tech companies, it would not be unreasonable if you were to feel leery about the idea of sharing personal data between them.
Read more »
Web Services
CircleCI Cyber Attacks Cybersecurity Software Tracking Web Services

After a Security Incident, CircleCI Urges Customers to Rotate Secrets

 


There has been a security threat affecting CircleCI, an American software development service, and the service has urged its users to rotate their secrets to avoid this kind of catastrophe. 

Security Issue Alerts for CircleCI Users

It has recently been announced that the American DevOps platform CircleCI is urging its users after a security incident to rotate their secrets. CircleCI is one of the most popular CI/CD platforms today, providing developers with continuous integration and delivery, enabling them to create code more quickly. A million people use this tool each year, and thousands of companies rely on it for their business. However, in the wake of this security breach, they have been warned. 

Rob Zuber, the Chief Technology Officer of CircleCI, has stated on the CircleCI blog that all secrets stored in CircleCI should be rotated immediately. This includes variables in the project environment variables and contexts that may contain cryptographic information. This issue was also addressed by CircleCI on Twitter, warning customers to take precautions. 

CircleCI assured its users that building applications with CircleCI was safe and that the company offered a secure platform. 

Besides sharing tools intended to assist teams in tracking down all the potentially compromised secrets, CircleCI has also announced it is working with Amazon Web Services to notify those customers who might have their tokens breached. 

Earlier, CircleCI warned customers regarding the circulation of a credential harvesting scam. This scam was attempting to trick users into entering their GitHub login credentials through what was presented as updated Terms of Service. 

Zuber mentioned in a blog that it would be wise for customers from December 21, 2022, to January 4, 2023, to review their internal logs for their systems and ensure that no unauthorized access was made to them. A further point that Zuber brought up was that all API tokens associated with Projects have been invalidated, and as a result, users will have to replace them. 

Details on CircleCI Security Incident Not Provided

It is imperative to note that CircleCI has notified users of a security issue. It has offered advice on how to protect data. However, further details have yet to be released about what the problem is and what it entails. Despite this, as Rob Zuber stated in the blog post he wrote about CircleCI, it appears that the company intends to provide more details about the incident shortly. 

CircleCI Security Incidents Are Not New

CircleCI has dealt with breaches that have occurred in the past, although it is not clear what the details of the incident were. A breach occurred in 2019 when a third-party analytics vendor gained access to sensitive data through the infiltration of the company's network. 

Furthermore, an attacker gained access to several usernames, email addresses, branch names, repository URLs, and IP addresses that can be used as attack credentials. According to the company, users were warned to review their repository and branch names when the issue occurred.
Read more »
Tracking
Data Data Safety Google Location Security Tech Technology Tracking

Google Reaches an Agreement with 40 States Over Location Tracking Practices

 

Google has consented to a $391.5 million settlement with 40 states over its use of location tracking, according to Oregon Attorney General Ellen Rosenblum. Even when users thought they had turned off location tracking in their account settings, Google continued to collect information about their whereabouts, according to Oregon's Attorney General's office. 

Commencing in 2023, the settlement requires Google to be more transparent with users and provide clearer location-tracking disclosures. The settlement was led by Rosenblum and Nebraska Attorney General Doug Peterson. As per the release, it is the largest consumer privacy settlement ever led by a group of attorneys general.

“Consistent with improvements we’ve made in recent years, we have settled this investigation which was based on outdated product policies that we changed years ago,” said Google spokesperson José Castañeda in a statement.

The basis of the investigation was revealed in a 2018 Associated Press report.

Rosenblum said in the release, “For years Google has prioritized profit over their users’ privacy. They have been crafty and deceptive. Consumers thought they had turned off their location tracking features on Google, but the company continued to secretly record their movements and use that information for advertisers.”

Google paid $85 million to settle a similar lawsuit with Arizona last month, and the company is facing additional location tracking lawsuits in Washington, D.C., Indiana, Texas, and Washington state. According to the four AGs, Google was using location data for its ad business. 

The lawsuits instruct the court to order Google to hand over any algorithms developed with allegedly ill-gotten gains, as well as any monetary profits.
Read more »
Subscribe to: Posts (Atom)