August 20, Another Day, Another Data Breach

MoviePass got caught exposing 161 million unencrypted user records, including debit and credit card details (card numbers, balance and expiry dates) and billing information of customers. The unencrypted database was online for months.

Start-ups that grow too fast forget to put money in cyber-security. This is not a luxury. Think of encryption as your medieval fortress. It should be impossible to access with an added layer of disinformation (my favorite), i.e. have at least one fake database (with scrambled records) lying around that is easy to hack. Keep the real ones safe in the fortress.

Disinformation is horrible when propagated by the state, but is super efficient as a security measure in private matters. Layers of disinformation can also help with identifying who hacked you.

August 14, Biostar 2's leak of millions of fingerprints collected by 5700 law enforcement agencies in 83 countries is the biggest ever to date.

Biometric data, mainly your fingerprints, iris, and sound of voice, are considered the strongest of identifiers, as they're unique to each individual and cannot be changed.

Source: Guardian and Privacy activists discovery report

...

August 2, 2019, According to Apple's privacy agreement, snippets of recordings that our phones send to Apple are protected by end-to-end encryption, stripped of all identifiers. Turns out recordings are not snippets and they're totally accompanied by user data showing location, contact details, and screen activity. There are even transcripts of these recordings... yay!

The only good news is that there is no need to waste time reading apps' user agreements, as they're officially full of shit.

And yet, Siri is not half as depressing as our privacy statutes. For example, Canada's PIPEDA, s.4(2)(c) allows organizations, like Apple, Google, Amazon, to collect use and disclose user's personal information for "artistic" purposes. So, if you want to be a total dirtbag, call yourself an artist.

July 31, 2019, Opt-Out Misery

You likely didn't know that you already consent to data sharing, unless you've opted out and it is legal. This is how you opt out http://simpleoptout.com/. A long list it is. Some institutions, like Capital One and Costco, make it a little harder to opt out, requiring a phone call.

Also, the university has access to all your Office 365 documents and you can't opt out. It is how their license works. You can buy your own license if you care. Btw, Office 365, Google Docs, and iWork are banned in German schools.

Many others are not on this list, such as your Inspire Card that communicates your drinking habits to insurance companies. No free lunch people..

Data sharing sucks, but data tracking is not all bad. I see how it can revolutionize legal evidence and looking forward to it. Plenty of corroboration in data. For example, no need to find a living witness to have physically spent time with you, to confirm an alibi. The "home alone" theory is so 20th century. Nobody is ever alone.

Even your fingerprints are on the record, along with time stamp, location and each device model you log into. Yes, they can be easily hacked and sold on the dark web, but that's not your problem. Data can be your best friend (or enemy) because it can be cross-referenced for whatever you need to prove.

July 28, 2019, A few years ago, every university had someone doing exactly what Cambridge Analytica is being diabolized for at the moment... I even took a political science course on how it's done. Where do you think we got the data from? Watching the Great Hack was like reliving my course, minus the investigations. It was all the hype in 2016. But then...

"Oops, we won!" (Brittany Kaiser)

Cambridge's strategy of targeting only "persuadables" is at the very least impressive, as there is no point in barking at the wrong trees, in other words wasting effort on ultra-polarized rigid users, firmly entrenched in algorithmic bubbles of like-mindedness, filtering out all shreds of dissident opinion. Once you're in such a bubble of your own making (through likes and online conduct), it becomes very hard to understand why events in the real world don't match the reality of your bubble.

I was one of the first humans to contend that users should receive royalties for the commercial sharing of their data, but playing with data for political purposes is not commercial. Last time I checked, it's not even illegal. Some authors even think that data mining is the real face of democracy.

rs@rossitastoyanova.com