<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (jm)</title>
    <link>https://pinboard.in/u:jm/public/</link>
    <description>recent bookmarks from jm</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="https://chaos.social/@thunfisch/116414098310170847"/>
	<rdf:li rdf:resource="https://arstechnica.com/tech-policy/2026/03/okcupid-match-pay-no-fine-for-sharing-user-photos-with-facial-recognition-firm/"/>
	<rdf:li rdf:resource="https://desfontain.es/blog/cliopatra.html#fn:caveat"/>
	<rdf:li rdf:resource="https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/"/>
	<rdf:li rdf:resource="https://news.ycombinator.com/item?id=45055604"/>
	<rdf:li rdf:resource="https://ppc.land/microsoft-cant-protect-french-data-from-us-government-access/"/>
	<rdf:li rdf:resource="https://fortune.com/2025/07/16/delta-moves-toward-eliminating-set-prices-in-favor-of-ai-that-determines-how-much-you-personally-will-pay-for-a-ticket/"/>
	<rdf:li rdf:resource="https://f-droid.org/packages/it.rignanese.leo.slimfacebook/"/>
	<rdf:li rdf:resource="https://localmess.github.io/"/>
	<rdf:li rdf:resource="https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/"/>
	<rdf:li rdf:resource="https://desfontain.es/blog/privacy-in-ai.html"/>
	<rdf:li rdf:resource="https://insights.priva.cat/p/privacy-disasters-facehuggers-are"/>
	<rdf:li rdf:resource="https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-launches-inquiry-google-ai-model"/>
	<rdf:li rdf:resource="https://european-alternatives.eu/"/>
	<rdf:li rdf:resource="https://www.historynewsnetwork.org/article/overexposed"/>
	<rdf:li rdf:resource="https://www.politico.com/news/magazine/2024/02/28/government-buying-your-data-00143742"/>
	<rdf:li rdf:resource="https://gist.github.com/velzie/053ffedeaecea1a801a2769ab86ab376"/>
	<rdf:li rdf:resource="https://arstechnica.com/tech-policy/2024/06/ai-trained-on-photos-from-kids-entire-childhood-without-their-consent/"/>
	<rdf:li rdf:resource="https://security.apple.com/blog/private-cloud-compute/"/>
	<rdf:li rdf:resource="https://arxiv.org/abs/2405.14975"/>
	<rdf:li rdf:resource="https://noyb.eu/en/chatgpt-provides-false-information-about-people-and-openai-cant-correct-it"/>
	<rdf:li rdf:resource="https://takes.jamesomalley.co.uk/p/how-to-use-nhs-data-for-scientific?r=2bac6x&amp;triedRedirect=true"/>
	<rdf:li rdf:resource="https://www.nytimes.com/2024/04/06/technology/tech-giants-harvest-data-artificial-intelligence.html"/>
	<rdf:li rdf:resource="https://mastodon.social/@gvwilson/112012277852906749"/>
	<rdf:li rdf:resource="https://blog.zgp.org/google-chrome-checklist/"/>
	<rdf:li rdf:resource="https://practical-tech.com/2023/06/13/how-an-amazon-fire-kids-tablet-was-allegedly-used-to-stalk-a-security-pro/"/>
	<rdf:li rdf:resource="https://themarkup.org/privacy/2023/06/08/from-heavy-purchasers-of-pregnancy-tests-to-the-depression-prone-we-found-650000-ways-advertisers-label-you"/>
	<rdf:li rdf:resource="https://twitter.com/mer__edith/status/1664057265958055939"/>
	<rdf:li rdf:resource="https://www.technologyreview.com/2023/04/19/1071789/openais-hunger-for-data-is-coming-back-to-bite-it/?truid=8c8f2699f50eb3b9985a111121cfee47&amp;mc_cid=8f246dd37f&amp;mc_eid=eaf496ebe1"/>
	<rdf:li rdf:resource="https://www.politico.com/newsletters/digital-future-daily/2023/04/11/timnit-gebrus-anti-ai-pause-00091450"/>
	<rdf:li rdf:resource="https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears"/>
	<rdf:li rdf:resource="https://www.politico.com/news/2023/03/07/privacy-loophole-ring-doorbell-00084979"/>
	<rdf:li rdf:resource="https://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/"/>
	<rdf:li rdf:resource="https://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/"/>
	<rdf:li rdf:resource="https://theintercept.com/2022/09/07/facebook-personal-data-no-accountability/"/>
	<rdf:li rdf:resource="https://www.eff.org/deeplinks/2022/06/what-fog-data-science-why-surveillance-company-so-dangerous"/>
	<rdf:li rdf:resource="https://gizmodo.com/right-wing-troll-chuck-johnson-claims-he-cofounded-faci-1846506909"/>
	<rdf:li rdf:resource="https://www.patrick-breyer.de/en/posts/messaging-and-chat-control/"/>
	<rdf:li rdf:resource="https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthood"/>
	<rdf:li rdf:resource="https://www.iccl.ie/news/iccl-data-complaint-an-post-osi-company-profiles-irish-peoples-income-and-homes-and-sells-data-to-data-brokers-and-insurance-companies/"/>
	<rdf:li rdf:resource="https://twitter.com/WolfieChristl/status/1467927612626550786"/>
	<rdf:li rdf:resource="https://www.linkedin.com/pulse/nightmare-letter-subject-access-request-under-gdpr-karbaliotis/"/>
	<rdf:li rdf:resource="https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru"/>
	<rdf:li rdf:resource="https://github.com/google/fully-homomorphic-encryption"/>
	<rdf:li rdf:resource="https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/"/>
	<rdf:li rdf:resource="https://www.buzzfeednews.com/article/carolinehaskins1/training-documents-palantir-lapd"/>
	<rdf:li rdf:resource="https://crypto.stanford.edu/prio/paper.pdf"/>
	<rdf:li rdf:resource="https://hroy.eu/posts/gdprExplainedByUS/"/>
	<rdf:li rdf:resource="https://www.nytimes.com/2020/06/24/technology/facial-recognition-arrest.html"/>
	<rdf:li rdf:resource="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/"/>
	<rdf:li rdf:resource="https://drive.google.com/file/d/1uB4LcQHMVP-oLzIIHA9SjKj1uMd3erGu/view"/>
	<rdf:li rdf:resource="http://progcity.maynoothuniversity.ie/2020/04/will-covidtracker-ireland-work/"/>
	<rdf:li rdf:resource="https://edpb.europa.eu/sites/edpb/files/files/file1/edpbletterecadvisecodiv-appguidance_final.pdf"/>
	<rdf:li rdf:resource="https://github.com/DP-3T/"/>
	<rdf:li rdf:resource="https://www.zfnd.org/blog/private-contact-tracing-protocols-compared/"/>
	<rdf:li rdf:resource="https://www.ccc.de/en/updates/2020/contact-tracing-requirements"/>
	<rdf:li rdf:resource="https://docs.google.com/document/d/16Kh4_Q_tmyRh0-v452wiul9oQAiTRj8AdZ5vcOJum9Y/edit"/>
	<rdf:li rdf:resource="https://www.pepp-pt.org/"/>
	<rdf:li rdf:resource="https://www.technologyreview.com/s/615372/coronavirus-infection-tests-app-pandemic-location-privacy/"/>
	<rdf:li rdf:resource="https://www.covid19risk.com/about.html"/>
	<rdf:li rdf:resource="http://twitter-likes-deleter.glitch.me/"/>
	<rdf:li rdf:resource="https://www.thetimes.co.uk/article/revealed-betting-firms-use-schools-data-on-28m-children-dn37nwgd5"/>
	<rdf:li rdf:resource="https://nelsonslog.wordpress.com/2020/01/07/facial-recognition-for-the-public-yandex/"/>
	<rdf:li rdf:resource="https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html?te=1&amp;nl=the-privacy%20project&amp;emc=edit_priv_20191219?campaign_id=0&amp;instance_id=0&amp;segment_id=0&amp;user_id=7c8ff3fc774920a57c39e5d6cb28327e&amp;regi_id=020191219"/>
	<rdf:li rdf:resource="https://www.icij.org/investigations/china-cables/exposed-chinas-operating-manuals-for-mass-internment-and-arrest-by-algorithm/"/>
	<rdf:li rdf:resource="https://www.nytimes.com/2019/10/02/magazine/ice-surveillance-deportation.html#click=https://t.co/106daANqmy"/>
	<rdf:li rdf:resource="https://idlewords.com/talks/hk_stanford.html"/>
	<rdf:li rdf:resource="https://developers.googleblog.com/2019/09/enabling-developers-and-organizations.html"/>
	<rdf:li rdf:resource="https://www.forbes.com/sites/bradtempleton/2019/08/29/well-networked-self-driving-cars-become-a-surveillance-nightmare/#7e27bd14612f"/>
	<rdf:li rdf:resource="https://twitter.com/Pinboard/status/1166946106321670144"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="https://chaos.social/@thunfisch/116414098310170847">
    <title>Microsoft runs out of capacity, routes requests outside the GDPR region</title>
    <dc:date>2026-04-16T13:18:55+00:00</dc:date>
    <link>https://chaos.social/@thunfisch/116414098310170847</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Oh dear, this is an absolute GDPR no-no:

<blockquote>Apparently #Microsoft is not able to get enough compute within EU datacenters to handle #Copilot requests.

Instead, it will do "Flex-Routing", which processes some requests in non-EU datacenters. This is Opt-Out. The only notification was an e-mail to Admins. If they missed that, companies might be leaking PII outside of the EU from tomorrow on.

Get your GDPR Nightmare letters ready!</blockquote>

]]></description>
<dc:subject>fail microsoft gdpr regulation security copilot eu flex-routing pii privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:e0414b8f8629/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fail"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:microsoft"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:regulation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:copilot"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:eu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:flex-routing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:pii"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://arstechnica.com/tech-policy/2026/03/okcupid-match-pay-no-fine-for-sharing-user-photos-with-facial-recognition-firm/">
    <title>OkCupid gave 3 million dating-app photos to facial recognition firm, FTC says</title>
    <dc:date>2026-04-01T10:12:21+00:00</dc:date>
    <link>https://arstechnica.com/tech-policy/2026/03/okcupid-match-pay-no-fine-for-sharing-user-photos-with-facial-recognition-firm/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[This is a staggering breach of privacy.  At this stage one has to assume that any data uploaded to a US company will be shared with whichever scumbag pays them the most.

<blockquote>OkCupid and its owner Match Group reached a settlement with the Trump administration for not telling dating-app customers that nearly 3 million user photos were shared with [Clarifai], an [AI] company making a facial recognition system. OkCupid also gave the facial recognition firm access to user location information and other details without customers’ consent, the Federal Trade Commission said.</blockquote>

]]></description>
<dc:subject>us-politics data-protection privacy dating-apps okcupid match.com clarifai ftc</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:7848c1547a27/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:us-politics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dating-apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:okcupid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:match.com"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:clarifai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ftc"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://desfontain.es/blog/cliopatra.html#fn:caveat">
    <title>Research highlight: Cliopatra: Extracting Private Information from LLM Insights</title>
    <dc:date>2026-03-18T10:50:26+00:00</dc:date>
    <link>https://desfontain.es/blog/cliopatra.html#fn:caveat</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Research highlight: Cliopatra: Extracting Private Information from LLM Insights:

<blockquote>When Anthropic came up with a new "privacy-preserving analysis system" to gain insights into AI use, and didn't use any provably robust notion to back up their privacy claims, I was mildly surprised. Surely they have both the money and the scientific maturity level to do better?

But Clio, the system in question, sounded relatively reasonable, with multiple layers of risk mitigation built-in. Maybe adding differential privacy would have been overkill. I also didn't want to publicly criticize their approach in the absence of demonstrated real-world risk. So I didn't comment on their approach.

You can probably guess where this is going.

Fast forward to last week, and a new paper: Cliopatra: Extracting Private Information from LLM Insights, by Meenatchi Sundaram Muthu Selva Annamalai, Emiliano De Cristofaro, and Peter Kairouz. The authors show that with carefully designed attacks on Clio, they can bypass all the ad hoc mitigations, and successfully extract users' medical histories (1), in a way that provides 100% attacker certainty for some records.

This is a new and clever take on an old attack. We've known for decades that k-anonymity is vulnerable to active attacks. Here, this is combined with prompt injection to encourage the LLM "summarizer" to actually include information from unique records. Perhaps more surprisingly, the authors find that some defensive layers are simply ineffective: the "LLM auditors" systematically report low privacy risk, and entirely fail to detect the attacks.</blockquote>
]]></description>
<dc:subject>privacy differential-privacy anonymity data-protection claude llms cliopatra infosec leakage</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:fe149dbf6a35/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:differential-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:anonymity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:claude"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:llms"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cliopatra"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:leakage"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/">
    <title>Persona identity verification is a GDPR nightmare</title>
    <dc:date>2026-02-24T13:16:07+00:00</dc:date>
    <link>https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[LinkedIn are using a Peter Thiel-linked company called Persona as an identity-verification service. (Discord also tried them out for age verification, but are now apparently ditching them.) This is all a bit of a nightmare for EU based users, however:

"When you click “verify” on LinkedIn, you’re not giving your passport to LinkedIn. You get redirected to a company called Persona. Full name: Persona Identities, Inc. Based in San Francisco, California."

<blockquote>
For a three-minute identity check, this is what Persona collected:

- My full name — first, middle, last
- My passport photo — the full document, both sides, all data on the face of it
- My selfie — a photo of my face taken in real-time
- My facial geometry — biometric data extracted from both images, used to match the selfie to the passport
- My NFC chip data — the digital info stored on the chip inside my passport
- My national ID number
- My nationality, sex, birthdate, age
- My email, phone number, postal address
- My IP address, device type, MAC address, browser, OS version, language
- My geolocation — inferred from my IP

And then there’s the weird stuff:

- Hesitation detection — they tracked whether I paused during the process
- Copy and paste detection — they tracked whether I was pasting information instead of typing it

Behavioral biometrics. On top of the physical biometrics. For a LinkedIn badge.

Persona didn’t just use what I gave them. They went and cross-referenced me against what they call their “global network of trusted third-party data sources”:

- Government databases
- National ID registries
- Consumer credit agencies
- Utility companies
- Mobile network providers
- Postal address databases

They use uploaded images of identity documents — that’s my passport — to train their AI. They’re teaching their system to recognize what passports look like in different countries. They also use your selfie to “identify improvements in the Service.”

The legal basis? Not consent. Legitimate interest. Meaning they decided on their own that it’s fine. Under GDPR, they’re supposed to balance their “interest” against your fundamental rights. Whether feeding European passports into machine learning models passes that test — well, that’s a question worth asking.

I came for a badge. I stayed as training data.

The whole thing took three minutes. Scan, selfie, done.

Understanding what I actually agreed to took me an entire weekend reading 34 pages of legal documents.

I handed a US company my passport, my face, and the mathematical geometry of my skull. They cross-referenced me against credit agencies and government databases. They’ll use my documents to train their AI. And if the US government comes knocking, they’ll hand it all over — even if it’s stored in Europe, even if I’m European, and possibly without ever telling me.
</blockquote>

It seems they are also linked to Roblox and Reddit as an age verification provider, which is worrying -- this level of deeply-intrusive background check is massive overkill for a simple age verification process.

ORG are calling for regulation of the age verification industry, BTW: https://www.openrightsgroup.org/press-releases/online-safety-act-org-calls-for-regulation-of-age-assurance-industry/

]]></description>
<dc:subject>age-verification discord reddit roblox linkedin tech peter-thiel org persona gdpr privacy data-protection data-privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:9170ebca7ec9/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:age-verification"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:discord"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:reddit"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:roblox"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:linkedin"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tech"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:peter-thiel"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:org"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:persona"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://news.ycombinator.com/item?id=45055604">
    <title>censorship circumvention via VPN</title>
    <dc:date>2025-09-02T15:25:29+00:00</dc:date>
    <link>https://news.ycombinator.com/item?id=45055604</link>
    <dc:creator>jm</dc:creator><description><![CDATA["I've got experience working on censorship circumvention for a major VPN provider" -- good HN comment on this ever-more-relevant topic.  Mullvad gets a thumbs up]]></description>
<dc:subject>censorship vpns networking privacy politics</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:27c9c09d5677/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:censorship"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:vpns"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:networking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:politics"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://ppc.land/microsoft-cant-protect-french-data-from-us-government-access/">
    <title>Microsoft can't protect French data from US government access</title>
    <dc:date>2025-07-21T10:55:10+00:00</dc:date>
    <link>https://ppc.land/microsoft-cant-protect-french-data-from-us-government-access/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[We've known this for years, but it's significant to see Microsoft admit this under oath in a European court. When the US Government issues an NSL, Microsoft cannot say no:

<blockquote>Microsoft France's legal director conceded under sworn testimony that the company cannot guarantee French citizen data stored in EU datacenters remains protected from US agency access. The June 10, 2025 French Senate hearing marked a significant moment in European digital sovereignty discussions as Microsoft executives addressed concerns over extraterritorial data access.

During proceedings before the Senate inquiry commission investigating public procurement's role in promoting digital sovereignty, Anton Carniaux, Microsoft France's director of public and legal affairs, admitted fundamental limitations regarding data protection guarantees. When asked directly whether he could guarantee under oath that French citizen data would never be transmitted to US authorities without explicit French authorization, Carniaux responded: "No, I cannot guarantee it."

The testimony contradicts years of Microsoft's security assurances regarding European data hosting. Despite implementing encryption and technical safeguards, the company acknowledged that US legislation ultimately supersedes protective measures when federal agencies issue valid data requests.</blockquote>

So much for the EU Sovereign Cloud, eh.]]></description>
<dc:subject>cloud-computing microsoft eu us-politics sovereignty data-protection privacy via:davey_cakes</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:1cf52abd966f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cloud-computing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:microsoft"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:eu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:us-politics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:sovereignty"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:via:davey_cakes"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://fortune.com/2025/07/16/delta-moves-toward-eliminating-set-prices-in-favor-of-ai-that-determines-how-much-you-personally-will-pay-for-a-ticket/">
    <title>Delta moves toward eliminating set prices in favor of AI</title>
    <dc:date>2025-07-17T11:20:58+00:00</dc:date>
    <link>https://fortune.com/2025/07/16/delta-moves-toward-eliminating-set-prices-in-favor-of-ai-that-determines-how-much-you-personally-will-pay-for-a-ticket/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Delta's going to start charging based on "AI", through "a partnership with Fetcherr, a six-year-old Israeli company that also counts Azul, WestJet, Virgin Atlantic, and VivaAerobus as clients. And it has its sights set beyond flying. “Once we will be established in the airline industry, we will move to hospitality, car rentals, cruises, whatever,” cofounder Robby Nissan said at a travel conference in 2022."

Prediction: this is going to be absolutely terrible for consumers, with predatory pricing based on race, sex, income classes, and other illegal inputs, laundered via opaque "AI".  I can only hope they won't be legally permitted to apply this for EU-based customers.]]></description>
<dc:subject>pricing delta consumer ai privacy data-protection grim capitalism travel fetcherr</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:39b74132ba30/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:pricing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:delta"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:consumer"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:grim"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:capitalism"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:travel"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fetcherr"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://f-droid.org/packages/it.rignanese.leo.slimfacebook/">
    <title>SlimSocial for Facebook</title>
    <dc:date>2025-06-11T09:43:07+00:00</dc:date>
    <link>https://f-droid.org/packages/it.rignanese.leo.slimfacebook/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[an Android wrapper app to insulate your phone from Meta's snooping, if you really have to use Facebook on a mobile device]]></description>
<dc:subject>facebook meta privacy android f-droid apps</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:3f1e83d5a000/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:facebook"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:meta"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:f-droid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://localmess.github.io/">
    <title>Covert Web-to-App Tracking via Localhost on Android</title>
    <dc:date>2025-06-04T09:52:48+00:00</dc:date>
    <link>https://localmess.github.io/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Meta -- never not At It.

Facebook/Instagram used a sneaky localhost socket connection to correlate web visits with Meta user ids and track web/app user identity without any explicit permission.

"the novel tracking method works even if the user:

- Is not logged in to Facebook, Instagram or Yandex on their mobile browsers
- Uses Incognito Mode
- Clears their cookies or other browsing data

This tracking method defeats Android's inter-process isolation and tracking protections based on partitioning, sandboxing, or clearing client-side state."]]></description>
<dc:subject>privacy meta facebook instagram apps android</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:4132d4d78200/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:meta"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:facebook"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:instagram"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:android"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/">
    <title>O2 VoLTE: locating any customer with a phone call</title>
    <dc:date>2025-05-20T09:13:35+00:00</dc:date>
    <link>https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Using VoLTE to route phone calls via SIP from mobile phones, using O2 in the UK, exposed cell site triangulation info on both ends of the connection, allowing a remote phone number's location to be discovered.

This was investigated using "an application known as Network Signal Guru (NSG) on [a] rooted Google Pixel 8".]]></description>
<dc:subject>phone privacy security infosec o2 volte sip phones mobile</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:7a0b46ec5a1c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:phone"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:o2"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:volte"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:sip"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:phones"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:mobile"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://desfontain.es/blog/privacy-in-ai.html">
    <title>Five things privacy experts know about AI</title>
    <dc:date>2025-01-14T12:35:38+00:00</dc:date>
    <link>https://desfontain.es/blog/privacy-in-ai.html</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Damien Desfontaines writes some really interesting stuff about Differential Privacy in AI training, and how bad the current situation is with large language models
]]></description>
<dc:subject>llms ai differential-privacy damien-desfontaines privacy training anonymisation memorization</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:56a10be8e10b/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:llms"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:differential-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:damien-desfontaines"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:training"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:anonymisation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:memorization"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://insights.priva.cat/p/privacy-disasters-facehuggers-are">
    <title>Privacy Disasters: FaceHuggers Are Eating Your Skeets</title>
    <dc:date>2024-12-02T12:36:41+00:00</dc:date>
    <link>https://insights.priva.cat/p/privacy-disasters-facehuggers-are</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Good take from Carey Lening on the recent Hugging Face release of a million-BlueSky-post dataset:

<blockquote>Once again, we’ve got a collective action problem that’s being ignored in favor of technological progress, big money, data extraction, and libertarian notions of ‘public data’.

It’s a shitty look. Both Bluesky and HF are acting like the host who’s egging the dickheads on, and it’s really disappointing as a user to know that this is probably what we should have expected all along.</blockquote>

]]></description>
<dc:subject>data hugging-face ai training bluesky public data-protection privacy datasets scraping</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:3db238684d6e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:hugging-face"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:training"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:bluesky"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:public"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:datasets"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:scraping"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-launches-inquiry-google-ai-model">
    <title>Irish Data Protection Commission launches inquiry into Google AI</title>
    <dc:date>2024-09-12T09:36:22+00:00</dc:date>
    <link>https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-launches-inquiry-google-ai-model</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>The Data Protection Commission (DPC) today announced that it has commenced a Cross-Border[1] statutory inquiry into Google Ireland Limited (Google) under Section 110 of the Data Protection Act 2018. The statutory inquiry concerns the question of whether Google has complied with any obligations that it may have had to undertake an assessment, pursuant to Article 35[2] of the General Data Protection Regulation (Data Protection Impact Assessment), prior to engaging in the processing of the personal data of EU/EEA data subjects associated with the development of its foundational AI model, Pathways Language Model 2 (PaLM 2).

A Data Protection Impact Assessment (DPIA)[3], where required, is of crucial importance in ensuring that the fundamental rights and freedoms of individuals are adequately considered and protected when processing of personal data is likely to result in a high risk.
</blockquote>

Great to see this. If this inquiry results in some brakes on the widespread misuse of "fair use" in AI scraping, particularly where it concerns European citizens, I'm all in favour.
]]></description>
<dc:subject>eu law scraping fair-use ai dpia dpc data-protection privacy gdpr</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:44a04f4a54d6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:eu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:law"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:scraping"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fair-use"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dpia"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dpc"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://european-alternatives.eu/">
    <title>European Alternatives</title>
    <dc:date>2024-08-27T08:12:57+00:00</dc:date>
    <link>https://european-alternatives.eu/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Interesting: "We help you find European alternatives for digital service and products, like cloud services and SaaS products."]]></description>
<dc:subject>eu europe privacy saas infrastructure ops gdpr dsa</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:046da05e1270/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:eu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:europe"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:saas"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:infrastructure"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ops"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dsa"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.historynewsnetwork.org/article/overexposed">
    <title>Invasions of privacy during the early years of the photographic camera</title>
    <dc:date>2024-07-16T16:46:16+00:00</dc:date>
    <link>https://www.historynewsnetwork.org/article/overexposed</link>
    <dc:creator>jm</dc:creator><description><![CDATA["Overexposed", at the History News Network:

<blockquote>In 1904, a widow named Elizabeth Peck had her portrait taken at a studio in a small Iowa town. The photographer sold the negatives to Duffy’s Pure Malt Whiskey, a company that avoided liquor taxes for years by falsely advertising its product as medicinal. Duffy’s ads claimed the fantastical: that it cured everything from influenza to consumption; that it was endorsed by clergymen; that it could help you live until the age of 106. The portrait of Elizabeth Peck ended up in one of these dubious ads, published in newspapers across the country alongside what appeared to be her unqualified praise: “After years of constant use of your Pure Malt Whiskey, both by myself and as given to patients in my capacity as nurse, I have no hesitation in recommending it.” Duffy’s lies were numerous. Elizabeth Peck was not a nurse, and she had not spent years constantly slinging back malt beverages. In fact, she fully abstained from alcohol. Peck never consented to the ad. 

The camera’s first great age — which began in 1888 when George Eastman debuted the Kodak — is full of stories like this one. Beyond the wonders of a quickly developing artform and technology lay widespread lack of control over one’s own image, perverse incentives to make a quick buck, and generalized fear at the prospect of humiliation and the invasion of privacy.</blockquote>

Fantastic story, and interesting to see parallels with the modern experience of AI.]]></description>
<dc:subject>ai future history photography privacy camera</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:797d8d6854b4/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:future"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:history"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:photography"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:camera"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.politico.com/news/magazine/2024/02/28/government-buying-your-data-00143742">
    <title>Phone geodata is being widely collected by US government agencies</title>
    <dc:date>2024-07-16T15:34:48+00:00</dc:date>
    <link>https://www.politico.com/news/magazine/2024/02/28/government-buying-your-data-00143742</link>
    <dc:creator>jm</dc:creator><description><![CDATA[More info on the current state of the post-Snowden geodata scraping:

<blockquote>[Byron Tau was told] the government was buying up reams of consumer data — information scraped from cellphones, social media profiles, internet ad exchanges and other open sources — and deploying it for often-clandestine purposes like law enforcement and national security in the U.S. and abroad. The places you go, the websites you visit, the opinions you post — all collected and legally sold to federal agencies.

In his new book, _Means of Control_, Tau details everything he’s learned since that dinner: An opaque network of government contractors is peddling troves of data, a legal but shadowy use of American citizens’ information that troubles even some of the officials involved. And attempts by Congress to pass privacy protections fit for the digital era have largely stalled, though reforms to a major surveillance program are now being debated.</blockquote>

Great quote:

<blockquote>
Politico: You compare to some degree the state of surveillance in China versus the U.S. You write that China wants its citizens to know that they’re being tracked, whereas in the U.S., “the success lies in the secrecy.” What did you mean by that?

That was a line that came in an email from a police officer in the United States who got access to a geolocation tool that allowed him to look at the movement of phones. And he was essentially talking about how great this tool was because it wasn’t widely, publicly known. The police could buy up your geolocation movements and look at them without a warrant. And so he was essentially saying that the success lies in the secrecy, that if people were to know that this was what the police department was doing, they would ditch their phones or they would not download certain apps.</blockquote>

Based on Wolfie Christl's research in Germany, the same data is being scraped here, too, regardless of any protection the GDPR might supposedly provide: https://x.com/WolfieChristl/status/1813221172927975722]]></description>
<dc:subject>government privacy surveillance geodata phones mobile us-politics data-protection gdpr</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:88a788492c39/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:government"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:geodata"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:phones"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:mobile"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:us-politics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://gist.github.com/velzie/053ffedeaecea1a801a2769ab86ab376">
    <title>How to keep using adblockers on chrome and chromium</title>
    <dc:date>2024-06-12T13:18:05+00:00</dc:date>
    <link>https://gist.github.com/velzie/053ffedeaecea1a801a2769ab86ab376</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>Google's manifest v3 has no analouge [sic] to the webRequestBlocking API, which is neccesary for (effective) adblockers to work
starting in chrome version 127, the transition to mv3 will start cutting off the use of mv2 extensions alltogether
this will inevitably piss of enterprises when their extensions don't work, so the ExtensionManifestV2Availability key was added and will presumably stay forever after enterprises complain enough
You can use this as a regular user, which will let you keep your mv2 extensions even after they're supposed to stop working.</blockquote>

]]></description>
<dc:subject>google chrome chromium adblockers extensions via:micktwomey privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:d0b78a909b24/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chromium"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:adblockers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:extensions"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:via:micktwomey"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://arstechnica.com/tech-policy/2024/06/ai-trained-on-photos-from-kids-entire-childhood-without-their-consent/">
    <title>AI trained on photos from kids’ entire childhood without their consent</title>
    <dc:date>2024-06-11T13:32:14+00:00</dc:date>
    <link>https://arstechnica.com/tech-policy/2024/06/ai-trained-on-photos-from-kids-entire-childhood-without-their-consent/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Here's the terrible thing about AI model training sets --

<blockquote>LAION began removing links to photos from the dataset while also advising that "children and their guardians were responsible for removing children’s personal photos from the Internet." That, LAION said, would be "the most effective protection against misuse."

[Hye Jung Han] told Wired that she disagreed, arguing that previously, most of the people in these photos enjoyed "a measure of privacy" because their photos were mostly "not possible to find online through a reverse image search.” Likely the people posting never anticipated their rarely clicked family photos would one day, sometimes more than a decade later, become fuel for AI engines.</blockquote>

And indeed, here we are, with our family photos ingested long ago into many, many models, mainly hosted in jurisdictions outside the GDPR, and with no practical way to avoid it. Is there a genuine way to opt out, at this stage?  Even if we do it for LAION, what about all the other model scrapes that have gone into OpenAI, Apple, Google, et al?

Ugh, what a mess.

]]></description>
<dc:subject>privacy data-protection kids children family laion web-scraping ai models photos</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:14b96bcdcbaf/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:kids"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:children"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:family"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:laion"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:web-scraping"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:models"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:photos"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://security.apple.com/blog/private-cloud-compute/">
    <title>Apple Private Cloud Compute</title>
    <dc:date>2024-06-11T12:54:55+00:00</dc:date>
    <link>https://security.apple.com/blog/private-cloud-compute/</link>
    <dc:creator>jm</dc:creator><description><![CDATA["A new frontier for AI privacy in the cloud" -- the core models are not built on user data; they're custom, built with licensed data ( https://machinelearning.apple.com/research/introducing-apple-foundation-models ) plus some scraping of the "public web", and hosted in Apple DCs. The quality of the core hosted models was evaluated against gpt-3.5-turbo-0125, gpt-4-0125-preview, and a bunch of open source (Mistral/Gemma) models, with favourable results on safety and harmfulness and output quality.

The cloud API for devices to call out to are built with a pretty amazing set of steps to validate security and avoid PII leakage (accidental or not). User data is sent alongside each request, and securely wiped immediately afterwards.  Lots more tech details from Matthew Green: https://x.com/matthew_d_green/status/1800291897245835616

This actually looks like a massive step forward, kudos to Apple!  I hope it pans out like this blog post suggests it should.  At the very least it now provides a baseline that other hosted AI systems need to meet -- OpenAI are screwed.

Having said that there's still a very big question about the legal issues of scraping the "public web" for training data relying on opt-outs, and where it meets GDPR rights -- as with all current major AI model scrapes. But this is undoubtedly a step forward.

Also a great point from @lcamtuf:

"three things can simultaneously be true [about the new cloud API system]:
1) It's a major improvement from the infra security standpoint,
2) It doesn't confer any bulletproof assurances to you, the consumer,
3) It's a step back if it blurs the PR line between keeping your stuff local and in the cloud."]]></description>
<dc:subject>ai apple security privacy pii data-protection infosec apis</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:abb3169e51f8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:pii"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apis"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://arxiv.org/abs/2405.14975">
    <title>_Surveilling the Masses with Wi-Fi-Based Positioning Systems_</title>
    <dc:date>2024-05-28T10:53:20+00:00</dc:date>
    <link>https://arxiv.org/abs/2405.14975</link>
    <dc:creator>jm</dc:creator><description><![CDATA[This is pretty crazy stuff, I had no idea the WPSes were fully queryable:

<blockquote>
Wi-Fi-based Positioning Systems (WPSes) are used by modern mobile devices to learn their position using nearby Wi-Fi access points as landmarks. In this work, we show that Apple's WPS can be abused to create a privacy threat on a global scale. We present an attack that allows an unprivileged attacker to amass a worldwide snapshot of Wi-Fi BSSID geolocations in only a matter of days. Our attack makes few assumptions, merely exploiting the fact that there are relatively few dense regions of allocated MAC address space. Applying this technique over the course of a year, we learned the precise locations of over 2 billion BSSIDs around the world.

The privacy implications of such massive datasets become more stark when taken longitudinally, allowing the attacker to track devices' movements. While most Wi-Fi access points do not move for long periods of time, many devices -- like compact travel routers -- are specifically designed to be mobile. We present several case studies that demonstrate the types of attacks on privacy that Apple's WPS enables: We track devices moving in and out of war zones (specifically Ukraine and Gaza), the effects of natural disasters (specifically the fires in Maui), and the possibility of targeted individual tracking by proxy -- all by remotely geolocating wireless access points. We provide recommendations to WPS operators and Wi-Fi access point manufacturers to enhance the privacy of hundreds of millions of users worldwide. Finally, we detail our efforts at responsibly disclosing this privacy vulnerability, and outline some mitigations that Apple and Wi-Fi access point manufacturers have implemented both independently and as a result of our work.</blockquote>]]></description>
<dc:subject>geolocation location wifi wps apple google infosec privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:277b19975935/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:geolocation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:location"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:wifi"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:wps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://noyb.eu/en/chatgpt-provides-false-information-about-people-and-openai-cant-correct-it">
    <title>ChatGPT provides false information about people, and OpenAI can’t correct it</title>
    <dc:date>2024-04-29T10:46:23+00:00</dc:date>
    <link>https://noyb.eu/en/chatgpt-provides-false-information-about-people-and-openai-cant-correct-it</link>
    <dc:creator>jm</dc:creator><description><![CDATA[NOYB.EU are initiating proceedings against OpenAI.  Here we go!]]></description>
<dc:subject>noyb.eu ai ethics ml privacy gdpr data-protection data-privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:df157426c691/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:noyb.eu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ethics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ml"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://takes.jamesomalley.co.uk/p/how-to-use-nhs-data-for-scientific?r=2bac6x&amp;triedRedirect=true">
    <title>NHS and OpenSAFELY</title>
    <dc:date>2024-04-19T10:05:47+00:00</dc:date>
    <link>https://takes.jamesomalley.co.uk/p/how-to-use-nhs-data-for-scientific?r=2bac6x&amp;triedRedirect=true</link>
    <dc:creator>jm</dc:creator><description><![CDATA[It seems the UK have created a "Trusted Research Environment" for working with the extremely privacy-sensitive datasets around NHS users' health data, using OpenSAFELY; it is basically a hosting environment allowing the execution of user-submitted Python query code, which must be open source, hosted on Github, designed with care to avoid releasing user-identifying sensitive data, and of course fully auditable.  This looks like a decent advance in privacy-sensitive technology!

Example code, from the OpenSAFELY tutorial docs:

```
from ehrql import create_dataset
from ehrql.tables.core import patients, medications

dataset = create_dataset()

dataset.define_population(patients.date_of_birth.is_on_or_before("1999-12-31"))

asthma_codes = ["39113311000001107", "39113611000001102"]
latest_asthma_med = (
    medications.where(medications.dmd_code.is_in(asthma_codes))
    .sort_by(medications.date)
    .last_for_patient()
)

dataset.asthma_med_date = latest_asthma_med.date
dataset.asthma_med_code = latest_asthma_med.dmd_code
```
]]></description>
<dc:subject>privacy data-protection nhs medical-records medicine research python sql opensafely uk</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:5500273f58a5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nhs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:medical-records"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:medicine"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:research"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:python"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:sql"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:opensafely"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:uk"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.nytimes.com/2024/04/06/technology/tech-giants-harvest-data-artificial-intelligence.html">
    <title>How Tech Giants Cut Corners to Harvest Data for A.I. - The New York Times</title>
    <dc:date>2024-04-08T13:06:43+00:00</dc:date>
    <link>https://www.nytimes.com/2024/04/06/technology/tech-giants-harvest-data-artificial-intelligence.html</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Can't wait for all the lawsuits around this stuff.

<blockquote>Meta could not match ChatGPT unless it got more data, Mr. Al-Dahle told colleagues. In March and April 2023, some of the company’s business development leaders, engineers and lawyers met nearly daily to tackle the problem. [....]

They also talked about how they had summarized books, essays and other works from the internet without permission and discussed sucking up more, even if that meant facing lawsuits. One lawyer warned of “ethical” concerns around taking intellectual property from artists but was met with silence, according to the recordings.</blockquote>

]]></description>
<dc:subject>ai copyright data training openai meta google privacy surveillance data-protection ip</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:72d55c3af228/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:copyright"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:training"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:openai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:meta"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ip"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://mastodon.social/@gvwilson/112012277852906749">
    <title>DocuSign admit to training AI on customer data</title>
    <dc:date>2024-03-01T17:19:40+00:00</dc:date>
    <link>https://mastodon.social/@gvwilson/112012277852906749</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>DocuSign just admitted that they use customer data (i.e., all those contracts, affidavits, and other confidential documents we send them) to train AI: 

https://support.docusign.com/s/document-item?language=en_US&bundleId=fzd1707173174972&topicId=uss1707173279973.html

They state that customers "contractually consent" to such use, but good luck finding it in their Terms of Service. There also doesn't appear to be a way to withdraw consent, but I may have missed that.</blockquote>

Gotta say, I find this fairly jaw-dropping.  The data in question is "Contract Lifecycle Management, Contract Lifecycle Management AI Extension, and eSignature (for select eSignature customers)".

"DocuSign may utilize, at its discretion, a customizable version of Microsoft’s Azure OpenAI Service trained on anonymized customer's data." -- so not running locally, and you have to trust their anonymization. It's known that some anonymization algorithms can be reversed.  This also relies on OpenAI keeping their data partitioned from other customers' data, and I'm not sure I'd rush to trust that.

One key skill DocuSign should be good at is keeping confidential documents confidential. This isn't it.

This is precisely what the EU AI Act should have dealt with (but won't, unfortunately).  Still, GDPR may be relevant.  And I'm sure there are a lot of lawyers now looking at their use of DocuSign with unease.

(via Mark Dennehy)]]></description>
<dc:subject>ai privacy data-protection data-privacy openai docusign contracts fail</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:86dca90befd9/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:openai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:docusign"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contracts"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fail"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://blog.zgp.org/google-chrome-checklist/">
    <title>Google Chrome ad features checklist</title>
    <dc:date>2023-10-04T16:40:20+00:00</dc:date>
    <link>https://blog.zgp.org/google-chrome-checklist/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[a list of ad-surveillance and AI-training features to turn off, both on our personal browsing and on your websites, courtesy of Don Marti]]></description>
<dc:subject>browsers chrome privacy data-privacy google</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:b8a9db5ae318/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:browsers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:google"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://practical-tech.com/2023/06/13/how-an-amazon-fire-kids-tablet-was-allegedly-used-to-stalk-a-security-pro/">
    <title>Massive Alexa hole used to stalk Richard Morrell</title>
    <dc:date>2023-06-29T12:44:40+00:00</dc:date>
    <link>https://practical-tech.com/2023/06/13/how-an-amazon-fire-kids-tablet-was-allegedly-used-to-stalk-a-security-pro/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[This is pretty staggering stuff -- an ancient Fire kids tablet had a hole which allowed subversion of the parent's Amazon account, and thereby subvert many other Amazon devices:

<blockquote>In Morrell’s case, he says an Amazon Fire 7 Kids tablet was been used to turn his Echo gadgets in his house into listening devices. ... When he found himself the target of a sophisticated stalking attack via an Amazon Fire 7 Kids tablet that he didn’t know was still connected to his account, he was shocked. Someone was listening in to him and looked into his activities and records for approximately two years. 

This came even after he changed his Amazon account, refactored his two-factor authentication, and used a secure password generator to create a complex password. He assumed he was safe. He wasn’t. Because the adult account on the Amazon Fire 7 Kids tablet was his, this gave the person who had the tablet full access to his Amazon accounts and data. 

Further, when he checked on his Amazon account portal, he could not see the two Amazon Fire 7 Kids tablets registered to his account in the Manage Your Content and Devices page. Here, you’re supposed to find your Fire tablets, Echo devices, and other Alexa API-enabled devices. But the two tablets were not listed. Had they appeared, he would have deregistered them. Morrell felt safe from unauthorized snooping. 

He wasn’t. The Amazon Fire 7 Kids tablet acted as a trusted software token — a skeleton key to his Amazon records and devices. With it, this person could obtain access not just to his Alexa devices, but to his Alexa Auto and the Alexa instance on his Android and Apple phones as well. 

Amazon replied that the company has been unable to discern how this could have happened, but it is looking into the issue. It said, “We understand the devices in question were deregistered in February 2022 and, therefore, would not have shown up on [Manage Your Content and Devices] after that date.”</blockquote>

]]></description>
<dc:subject>amazon privacy security fail alexa infosec dick-morrell fire-tablets</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:425dbb9f0361/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:amazon"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fail"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:alexa"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dick-morrell"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fire-tablets"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://themarkup.org/privacy/2023/06/08/from-heavy-purchasers-of-pregnancy-tests-to-the-depression-prone-we-found-650000-ways-advertisers-label-you">
    <title>Xandr's online-ads segment list</title>
    <dc:date>2023-06-08T12:11:24+00:00</dc:date>
    <link>https://themarkup.org/privacy/2023/06/08/from-heavy-purchasers-of-pregnancy-tests-to-the-depression-prone-we-found-650000-ways-advertisers-label-you</link>
    <dc:creator>jm</dc:creator><description><![CDATA["From “Heavy Purchasers” of Pregnancy Tests to the Depression-Prone: We Found 650,000 Ways Advertisers Label You" – The Markup:

<blockquote>If you spend any time online, you probably have some idea that the digital ad industry is constantly collecting data about you, including a lot of personal information, and sorting you into specialized categories so you’re more likely to buy the things they advertise to you. But in a rare look at just how deep—and weird—the rabbit hole of targeted advertising gets, The Markup has analyzed a database of 650,000 of these audience segments, newly unearthed on the website of Microsoft’s ad platform Xandr. The trove of data indicates that advertisers could also target people based on sensitive information like being “heavy purchasers” of pregnancy test kits, having an interest in brain tumors, being prone to depression, visiting places of worship, or feeling “easily deflated” or that they “get a raw deal out of life.”</blockquote>

(Via Johnny Ryan)]]></description>
<dc:subject>ads data-privacy xandr microsoft segmentation advertising privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:b60728398830/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ads"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:xandr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:microsoft"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:segmentation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:advertising"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://twitter.com/mer__edith/status/1664057265958055939">
    <title>&quot;Data protection IS AI regulation&quot;</title>
    <dc:date>2023-06-01T14:15:40+00:00</dc:date>
    <link>https://twitter.com/mer__edith/status/1664057265958055939</link>
    <dc:creator>jm</dc:creator><description><![CDATA[The FTC have proposed a judgement against Amazon/Ring:

"FTC says Ring employees illegally surveilled customers, failed to stop hackers from taking control of users' cameras. Under proposed order, Ring will be prohibited from profiting from unlawfully collected consumer videos, pay $5.8M in consumer refunds."

Meredith Whittaker on Twitter, responding:

"Speaking of real AI regulation grounded in reality! The part about Amazon being "prohibited from profiting from unlawfully collected consumer videos" is huge. Data protection IS AI regulation. & in this case will likely mean undoing datasets, retraining/disposing of models, etc."

Retraining/discarding datasets is a HUGE deal for AI/ML companies. This is the big stick for regulators.  I hope the EU DPCs are paying attention to this judgement.]]></description>
<dc:subject>regulation ai ml training data-protection privacy ring amazon ftc</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:238381e75a4a/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:regulation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ml"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:training"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ring"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:amazon"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ftc"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.technologyreview.com/2023/04/19/1071789/openais-hunger-for-data-is-coming-back-to-bite-it/?truid=8c8f2699f50eb3b9985a111121cfee47&amp;mc_cid=8f246dd37f&amp;mc_eid=eaf496ebe1">
    <title>OpenAI’s hunger for data is coming back to bite it</title>
    <dc:date>2023-04-20T09:56:55+00:00</dc:date>
    <link>https://www.technologyreview.com/2023/04/19/1071789/openais-hunger-for-data-is-coming-back-to-bite-it/?truid=8c8f2699f50eb3b9985a111121cfee47&amp;mc_cid=8f246dd37f&amp;mc_eid=eaf496ebe1</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Spot on:

<blockquote>The company could have saved itself a giant headache by building in robust data record-keeping from the start, she says. Instead, it is common in the AI industry to build data sets for AI models by scraping the web indiscriminately and then outsourcing the work of removing duplicates or irrelevant data points, filtering unwanted things, and fixing typos. These methods, and the sheer size of the data set, mean tech companies tend to have a very limited understanding of what has gone into training their models. </blockquote>

]]></description>
<dc:subject>training data provenance ai ml common-crawl openai chatgpt data-protection privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:8a1016bb2d53/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:training"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:provenance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ml"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:common-crawl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:openai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chatgpt"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.politico.com/newsletters/digital-future-daily/2023/04/11/timnit-gebrus-anti-ai-pause-00091450">
    <title>Timnit Gebru's anti-'AI pause'</title>
    <dc:date>2023-04-14T21:59:25+00:00</dc:date>
    <link>https://www.politico.com/newsletters/digital-future-daily/2023/04/11/timnit-gebrus-anti-ai-pause-00091450</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Couldn't agree more with Timnit Gebru's comments here:

<blockquote>What is your appeal to policymakers? What would you want Congress and regulators to do now to address the concerns you outline in the open letter?

Congress needs to focus on regulating corporations and their practices, rather than playing into their hype of “powerful digital minds.” This, by design, ascribes agency to the products rather than the organizations building them. This language obfuscates the amount of data that is being collected — and the amount of worker exploitation involved with those who are labeling and supplying the datasets, and moderating model outputs.

Congress needs to ensure corporations are not using people’s data without their consent, and hold them responsible for the synthetic media they produce — whether it is text or media spewing disinformation, hate speech or other types of harmful content. Regulations need to put the onus on corporations, rather than understaffed agencies. There are probably existing regulations these organizations are breaking. There are mundane “AI” systems being used daily; we just heard about another Black man being wrongfully arrested because of the use of automated facial analysis systems. But that’s not what we’re talking about, because of the hype.</blockquote>

]]></description>
<dc:subject>data privacy ai ml openai monopoly</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:c02b89d4a2b8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ml"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:openai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:monopoly"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears">
    <title>Employees Are Feeding Sensitive Business Data to ChatGPT</title>
    <dc:date>2023-03-27T20:55:14+00:00</dc:date>
    <link>https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears</link>
    <dc:creator>jm</dc:creator><description><![CDATA[How unsurprising is this? And needless to say, a bunch of that is being reused for training:

<blockquote>In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential information, client data, source code, or regulated information to the LLM. 

In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.</blockquote>

]]></description>
<dc:subject>chatgpt openai ip privacy data-protection security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:c3190be3e0ad/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chatgpt"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:openai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ip"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.politico.com/news/2023/03/07/privacy-loophole-ring-doorbell-00084979">
    <title>The privacy loophole in your doorbell</title>
    <dc:date>2023-03-10T10:28:33+00:00</dc:date>
    <link>https://www.politico.com/news/2023/03/07/privacy-loophole-ring-doorbell-00084979</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Here's why you never install internet-connected cameras inside your house:

'Police were investigating his neighbor. A judge gave officers access to all his security-camera footage, including inside his home.']]></description>
<dc:subject>amazon police privacy surveillance dystopia us-politics</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:f88e33e127c0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:amazon"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:police"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dystopia"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:us-politics"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/">
    <title>This app will self-destruct: How Belarusian hackers created an alternative Telegram</title>
    <dc:date>2023-01-11T17:57:14+00:00</dc:date>
    <link>https://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Great idea:

<blockquote>
When a 25-year-old activist from Minsk who goes by Pavlo was detained by Belarusian KGB security forces last summer, he knew they would search his phone, looking for evidence of his involvement in anti-government protests. 

The police officer asked for Pavlo’s password to Telegram, the most popular messenger app among Belarusian activists, which he gave him. The officer entered it and... found nothing. All secret chats and news channels had disappeared, and after a few minutes of questioning Pavlo was released. 

Pavlo’s secret? A secure version of Telegram, developed by a hacktivist group from Belarus called the Cyber Partisans. Partisan Telegram, or P-Telegram, automatically deletes pre-selected chats when someone enters the so-called SOS password.
</blockquote>

<blockquote>
... after entering a fake [SOS] password, P-Telegram can automatically log out of the account, delete selected chats and channels, and even send a notification about the arrest of the account owners to their friends or families.

P-Telegram also allows other activists to remotely activate the SOS password on the detainee’s phone. For this, they need to send a code word to any of the shared Telegram chats.

Another feature on P-Telegram automatically takes photos of law enforcement officers on the front camera when they enter a fake password. “We warn users that this can be dangerous, as this photo will be stored on the phone, revealing that a person may use Partisan Telegram,” Shemetovets said. 

Cyber Partisans are constantly updating their app, fixing bugs, and adding new features. They also regularly conduct independent audits to ensure that P-Telegram complies with all security measures.

A recent audit by Open Technology Fund’s Red Team Lab proved that it is almost impossible for “casual observers without technical knowledge and specialized equipment” to identify the existence of P-Telegram on a device.</blockquote>

]]></description>
<dc:subject>p-telegram hacktivism security telegram messaging privacy activism duress-passwords</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:fb64152bf54b/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:p-telegram"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:hacktivism"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:telegram"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:messaging"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:activism"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:duress-passwords"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/">
    <title>A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?</title>
    <dc:date>2022-12-20T10:19:05+00:00</dc:date>
    <link>https://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Yikes this is bad. A robot vacuum recorded video, uploaded it to iRobot, then that video was sent to teams of data-labelling gig workers in Venezuela, where they picked out some "highlights" and shared it on Facebook]]></description>
<dc:subject>ai privacy surveillance ml roomba irobot</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:b7db8007bf8c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ml"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:roomba"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:irobot"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://theintercept.com/2022/09/07/facebook-personal-data-no-accountability/">
    <title>Facebook Engineers Don’t Know Where They Keep Your Data</title>
    <dc:date>2022-09-08T10:56:35+00:00</dc:date>
    <link>https://theintercept.com/2022/09/07/facebook-personal-data-no-accountability/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[LOL, this is madness. Move fast and forget everything:

<blockquote>In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within. The hearing amounted to two high-ranking engineers at one of the most powerful and resource-flush engineering outfits in history describing their product as an unknowable machine. [...]

The fundamental problem, according to the engineers in the hearing, is that [...] the company never bothered to cultivate institutional knowledge of how each of these component systems works, what they do, or who’s using them.
</blockquote>

]]></description>
<dc:subject>data engineering facebook meta privacy fail culture work</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:f425923a47a2/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:engineering"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:facebook"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:meta"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fail"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:culture"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:work"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.eff.org/deeplinks/2022/06/what-fog-data-science-why-surveillance-company-so-dangerous">
    <title>What is Fog Data Science?</title>
    <dc:date>2022-09-06T08:50:20+00:00</dc:date>
    <link>https://www.eff.org/deeplinks/2022/06/what-fog-data-science-why-surveillance-company-so-dangerous</link>
    <dc:creator>jm</dc:creator><description><![CDATA[EFF post on a data broker being misused by US police for warrantless "dragnet" surveillance:

<blockquote>Fog claims that their product is made of [location] data willingly given by people. But people did not hand their geolocation data over to Fog or the police, willingly or even knowingly. Rather, they gave it over, for example, to a weather app so that they could see if it will rain in their town today. When they downloaded the app, they may have clicked a box purporting to grant various so-called “consents,” but no reasonable person expects this will result in the app tracking all their movements, the app developer selling this sensitive information to a data broker, and police ultimately buying it.</blockquote>

and this is why the GDPR is so valuable.

]]></description>
<dc:subject>fog police surveillance gdpr privacy data-privacy location</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:582ef18d2a24/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fog"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:police"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:location"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://gizmodo.com/right-wing-troll-chuck-johnson-claims-he-cofounded-faci-1846506909">
    <title>Chuck Johnson Claims He Cofounded Clearview AI</title>
    <dc:date>2022-05-25T09:56:55+00:00</dc:date>
    <link>https://gizmodo.com/right-wing-troll-chuck-johnson-claims-he-cofounded-faci-1846506909</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Notorious far-right US troll Charles Johnson was apparently involved in the illegal-in-Europe surveillance company.

<blockquote>While Johnson and Ton-That hung out .... they mused about discredited sciences that could be explored in the modern age with new technologies. At one point, the conversation turned to physiognomy, the pseudoscientific judgment of a person’s character based on their facial features. .... Johnson claims he set up a meeting between Thiel and Ton-That; he then introduced him to Schwartz via email. Approximately seven months later, Schwartz apparently emailed Johnson “draft formation documents” for a new company called Smartchekr which “granted equal ownership to Schwartz, Ton-That, and Johnson.”</blockquote>

]]></description>
<dc:subject>clearview gdpr privacy facial-recognition chuck-johnson charles-johnson nazis us-politics</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:ec679b36b121/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:clearview"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:facial-recognition"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chuck-johnson"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:charles-johnson"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nazis"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:us-politics"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.patrick-breyer.de/en/posts/messaging-and-chat-control/">
    <title>Chat Control</title>
    <dc:date>2022-05-13T09:50:56+00:00</dc:date>
    <link>https://www.patrick-breyer.de/en/posts/messaging-and-chat-control/</link>
    <dc:creator>jm</dc:creator><description><![CDATA["The End of the Privacy of Digital Correspondence":

<blockquote>
The EU wants to oblige providers to search all private chats, messages, and emails automatically for suspicious content – generally and indiscriminately. The stated aim: To prosecute child pornography. The result: Mass surveillance by means of fully automated real-time messaging and chat control and the end of secrecy of digital correspondence.

Other consequences of the proposal are ineffective network blocking, screening of person cloud storage including private photos, mandatory age verification leading to the end of anonymous communication, censorship in Appstores and the paternalism and exclusion of minors in the digital world.
</blockquote>]]></description>
<dc:subject>surveillance censorship chat-control eu laws messaging apps privacy data-privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:133f804a604c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:censorship"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:chat-control"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:eu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:laws"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:messaging"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthood">
    <title>Data Broker Is Selling Location Data of People Who Visit Abortion Clinics</title>
    <dc:date>2022-05-04T10:03:59+00:00</dc:date>
    <link>https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthood</link>
    <dc:creator>jm</dc:creator><description><![CDATA["It costs just over $160 to get a week's worth of data on where people who visited Planned Parenthood came from, and where they went afterwards."

...and this is why the GDPR is needed. grim

]]></description>
<dc:subject>abortion capitalism data data-privacy privacy location safegraph</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:785d2d9cd559/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:abortion"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:capitalism"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:location"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:safegraph"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.iccl.ie/news/iccl-data-complaint-an-post-osi-company-profiles-irish-peoples-income-and-homes-and-sells-data-to-data-brokers-and-insurance-companies/">
    <title>An Post &amp; OSI company “GeoDirectory” uses Census data to profile every Irish home</title>
    <dc:date>2022-05-03T08:39:42+00:00</dc:date>
    <link>https://www.iccl.ie/news/iccl-data-complaint-an-post-osi-company-profiles-irish-peoples-income-and-homes-and-sells-data-to-data-brokers-and-insurance-companies/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[This is unpleasant stuff:

<blockquote>The Irish Council for Civil Liberties (ICCL) reveals that An Post & OSI use Census data to profile every Irish home and sell ‘location intelligence’ to data brokers and insurance companies. ICCL has lodged a complaint with the Data Protection Commission.</blockquote>

In particular, buyers include Experian, one of the world's biggest data brokers.  There's no way this meets the spirit, if not the word, of the GDPR, there's no data privacy here.]]></description>
<dc:subject>data-privacy data-protection iccl experian an-post osi census data privacy ireland</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:f47b892b723f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:iccl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:experian"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:an-post"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:osi"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:census"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ireland"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://twitter.com/WolfieChristl/status/1467927612626550786">
    <title>Life360 sells kids' location data to &quot;approximately a dozen data brokers&quot;</title>
    <dc:date>2021-12-07T14:47:21+00:00</dc:date>
    <link>https://twitter.com/WolfieChristl/status/1467927612626550786</link>
    <dc:creator>jm</dc:creator><description><![CDATA[This is shocking:

Wolfie Christl says "Life360, a popular family safety app used by 33 million people worldwide, has been marketed as a great way for parents to track their children’s movements." Also, it sells "data on kids’ and families’ whereabouts to approximately a dozen data brokers".

Former employees of data brokers "described Life360 as one of the largest sources of data for the industry" -- "A former X-Mode engineer said the raw location data the company received from Life360 was among X-Mode’s most valuable offerings".  X-Mode sold data to the US military.

An app that claims to be a family safety service selling exact location data to several other companies, this is a total disaster.  It would be a problem if it’s any other app, and it’s even more a problem when it’s an app that claims to be a family safety service. Selling data on children to companies who sell to the military is probably the most extreme form of decontextualizing sensitive data for profit."

Life360 are now planning to buy Tile.]]></description>
<dc:subject>refractive-surveillance surveillance children privacy data-privacy location gps life360 tile data-brokers</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:b6bb8b12bba3/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:refractive-surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:children"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:location"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:life360"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tile"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-brokers"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.linkedin.com/pulse/nightmare-letter-subject-access-request-under-gdpr-karbaliotis/">
    <title>A sample GDPR Data Subject Access Request</title>
    <dc:date>2021-11-05T10:49:21+00:00</dc:date>
    <link>https://www.linkedin.com/pulse/nightmare-letter-subject-access-request-under-gdpr-karbaliotis/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Boilerplate text, via ITC Slack]]></description>
<dc:subject>eu europe gdpr privacy dsar letters boilerplate</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:cf18f3e484b9/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:eu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:europe"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dsar"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:letters"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:boilerplate"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru">
    <title>How Data Brokers Sell Access to the Backbone of the Internet</title>
    <dc:date>2021-08-26T10:45:16+00:00</dc:date>
    <link>https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Interesting, didn't realise this data was being resold....

<blockquote>"I'm concerned that netflow data being offered for commercial purposes is a path to a dark fucking place," one source familiar with the data told Motherboard. [...]

At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other things, tracking traffic through virtual private networks, which are used to mask where someone is connecting to a server from, and by extension, their approximate physical location.

Team Cymru, one threat intelligence firm, works with ISPs to access that netflow data, three sources said. Keith Chu, communications director for the office of Senator Ron Wyden which has been conducting its own investigations into the sale of sensitive data, added that Team Cymru told the office "it obtains netflow data from third parties in exchange for threat intelligence."

Companies that may source Team Cymru's data include cybersecurity firms hired to respond to data breaches or proactively hunt out hackers. On its website, Team Cymru says it works with both public and private sector teams to "to help identify, track and stop bad actors both in cyber space and on the ground."

"I'm less worried about a bad guy hacker and more worried about a bad guy government or company or politician," one source familiar with the data said. A source in the threat intelligence industry added that they "always thought it was kinda bonkers," referring to Team Cymru's sale of netflow data.</blockquote>

]]></description>
<dc:subject>vpns surveillance web privacy team-cymru netflow isps threat-intelligence</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:0f8dc0c59e69/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:vpns"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:web"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:team-cymru"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:netflow"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:isps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:threat-intelligence"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/google/fully-homomorphic-encryption">
    <title>google/fully-homomorphic-encryption</title>
    <dc:date>2021-06-16T08:49:04+00:00</dc:date>
    <link>https://github.com/google/fully-homomorphic-encryption</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>This repository contains open-source libraries and tools to perform fully homomorphic encryption (FHE) operations on an encrypted data set. [...]

Fully Homomorphic Encryption (FHE) is an emerging data processing paradigm that allows developers to perform transformations on encrypted data. FHE can change the way computations are performed by preserving privacy end-to-end, thereby giving users even greater confidence that their information will remain private and secure.</blockquote>

]]></description>
<dc:subject>cryptography encryption google security fhe homomorphic privacy data-privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:533ecf4cf2e5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cryptography"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:encryption"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fhe"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:homomorphic"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/">
    <title>US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps</title>
    <dc:date>2021-05-28T15:53:11+00:00</dc:date>
    <link>https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>For US soldiers tasked with the custody of nuclear weapons in Europe, the stakes are high. Security protocols are lengthy, detailed and need to be known by heart. To simplify this process, some service members have been using publicly visible flashcard learning apps — inadvertently revealing a multitude of sensitive security protocols about US nuclear weapons and the bases at which they are stored. [...]

the flashcards studied by soldiers tasked with guarding these devices reveal not just the bases, but even identify the exact shelters with “hot” vaults that likely contain nuclear weapons.

They also detail intricate security details and protocols such as the positions of cameras, the frequency of patrols around the vaults, secret duress words that signal when a guard is being threatened and the unique identifiers that a restricted area badge needs to have. </blockquote>

omgwtf!]]></description>
<dc:subject>army dystopia nuclear nukes privacy flashcards apps security weapons</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:49cce505e1ff/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:army"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dystopia"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nuclear"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nukes"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:flashcards"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:weapons"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.buzzfeednews.com/article/carolinehaskins1/training-documents-palantir-lapd">
    <title>inside the LAPD/LASD usage of Palantir</title>
    <dc:date>2020-09-30T09:33:08+00:00</dc:date>
    <link>https://www.buzzfeednews.com/article/carolinehaskins1/training-documents-palantir-lapd</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>Much of the LAPD data consists of the names of people arrested for, convicted of, or even suspected of committing crimes, but that’s just where it starts. Palantir also ingests the bycatch of daily law enforcement activity. Maybe a police officer was told a person knew a suspected gang member. Maybe an officer spoke to a person who lived near a crime “hot spot,” or was in the area when a crime happened. Maybe a police officer simply had a hunch. The context is immaterial. Once the LAPD adds a name to Palantir’s database, that person becomes a data point in a massive police surveillance system. [...] At great taxpayer expense, and without public oversight or regulation, Palantir helped the LAPD construct a vast database that indiscriminately lists the names, addresses, phone numbers, license plates, friendships, romances, jobs of Angelenos — the guilty, innocent, and those in between.</blockquote>

This is absolute garbage -- total bias built-in. No evidence required to get a person in the firing line:

“The focus of a data-driven surveillance system is to put a lot of innocent people in the system,” Ferguson said. “And that means that many folks who end up in the Palantir system are predominantly poor people of color, and who have already been identified by the gaze of police.”]]></description>
<dc:subject>palantir databases privacy law lapd lasd los-angeles surveillance big-brother police crime gangs</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:414f0c4a714e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:palantir"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:databases"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:law"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:lapd"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:lasd"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:los-angeles"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:big-brother"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:police"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:crime"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gangs"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://crypto.stanford.edu/prio/paper.pdf">
    <title>Prio</title>
    <dc:date>2020-09-24T11:23:08+00:00</dc:date>
    <link>https://crypto.stanford.edu/prio/paper.pdf</link>
    <dc:creator>jm</dc:creator><description><![CDATA['Prio allows a set of servers to compute aggregate statistics over client-provided data while maintaining client privacy, defending against client misbehavior, and performing nearly as well as data-collection platforms that exhibit neither of these security properties.'

Aggregation operations include: integer sum and mean; variance and std dev; boolean OR/AND; min/max; sets; frequency count and percentiles/quantiles.]]></description>
<dc:subject>nizk zero-knowledge snark prio crypto privacy data-privacy statistics quantiles percentiles aggregation</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:2aa675a6dbfc/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nizk"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:zero-knowledge"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:snark"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:prio"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:statistics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:quantiles"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:percentiles"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:aggregation"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://hroy.eu/posts/gdprExplainedByUS/">
    <title>The EU General Data Protection Regulation explained by Americans</title>
    <dc:date>2020-07-13T11:47:33+00:00</dc:date>
    <link>https://hroy.eu/posts/gdprExplainedByUS/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>Bashing the European Union’s General Data Protection Regulation (GDPR) seems to have become one of American activists’ favourite hobbies in the tech field. Some criticism is entirely justified. But many claims that the GDPR is “counterproductive” or “misses the point” are based on misconceptions, rather than an accurate understanding of European data protection laws.
As a result, several US privacy advocates have therefore suggested alternative principles or rules… many of which, actually, have been part of EU data protection law since 1995.</blockquote>

]]></description>
<dc:subject>gdpr privacy data-protection eu data-privacy us-politics</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:7499f520b9c7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:eu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:us-politics"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.nytimes.com/2020/06/24/technology/facial-recognition-arrest.html">
    <title>Facial recognition technology is racist</title>
    <dc:date>2020-06-24T10:21:07+00:00</dc:date>
    <link>https://www.nytimes.com/2020/06/24/technology/facial-recognition-arrest.html</link>
    <dc:creator>jm</dc:creator><description><![CDATA[This may be the first known case of its kind -- a faulty facial recognition match led to a Michigan man's arrest for a crime he didn't commit. Needless to say -- he's black.

]]></description>
<dc:subject>facial-recognition law justice privacy faces racism technology future bias machine</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:ddabdefd71ad/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:facial-recognition"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:law"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:justice"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:faces"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:racism"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:technology"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:future"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:bias"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:machine"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
    <title>The Trump 2020 app is a voter surveillance tool of extraordinary power | MIT Technology Review</title>
    <dc:date>2020-06-23T09:44:52+00:00</dc:date>
    <link>https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>Trump’s casino-like campaign app seems to be his own attempt to create a “one-way tool of propaganda.” Its deployment is part of a global trend, piggybacking on years of unresolved privacy and security issues within the app ecosystem. As researchers studying the intersection of technology and propaganda, we understand that political groups tend to lag behind the commercial ad industry. But when they catch up, the consequences to truth and civil discourse can be devastating. 

The array of data-gathering tools the Trump and Modi apps use are a legacy of a “freemium” social-media and app landscape that is manipulative, non-transparent, and purposefully addictive, with a mentality of “collect data first and ask question later.” For the last five to 10 years, the pervasiveness of these tools and their use in data scooping has been well documented. Sporadic, state-by-state data regulations have been the only response. In Europe, the GDPR was a big step toward meaningful consent and transparency, but the Official Trump 2020 App does not fall under its jurisdiction. A global perspective is now critical to understanding the implications of data-fueled political manipulation and preparing for the next wave of disinformation. Countries must work together to create effective regulation, and citizens must demand this of them.

It took about five years for Modi’s strategies to jump from India to the US, and in the next few years we are on track to see the arrival of strategies used in the dark-money disinformation campaigns of Mexico and Latin America. The Mexican journalist we'd interviewed for our study put it this way: “I think what’s coming all around the world is going to be very chaotic, at least in [the US], I think you’re on the brink of a sort of civil war in one or two years ... You’re going to have a lot of work to do.”</blockquote>

]]></description>
<dc:subject>trump politics apps surveillance advertising voting modi gdpr privacy data-privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:add5fa6051a6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:trump"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:politics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:advertising"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:voting"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:modi"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://drive.google.com/file/d/1uB4LcQHMVP-oLzIIHA9SjKj1uMd3erGu/view">
    <title>Joint Statement regarding the NHSX contact tracing app</title>
    <dc:date>2020-04-29T15:03:31+00:00</dc:date>
    <link>https://drive.google.com/file/d/1uB4LcQHMVP-oLzIIHA9SjKj1uMd3erGu/view</link>
    <dc:creator>jm</dc:creator><description><![CDATA[From over 170 UK infosec and privacy scientists and researchers --

<blockquote>It has been reported that NHSX is discussing an approach which records centrally the de-anonymised
ID of someone who is infected and also the IDs of all those with whom the infected person has been
in contact. This facility would enable (via mission creep) a form of surveillance. Echoing the letter
signed by 300 international leading researchers, we note that it is vital that, when we come out of the
current crisis, we have not created a tool that enables data collection on the population, or on targeted
sections of society, for surveillance. Thus, solutions which allow reconstructing invasive information
about individuals must be fully justified. Such invasive information can include the “social graph” of
who someone has physically met over a period of time. With access to the social graph, a bad actor
(state, private sector, or hacker) could spy on citizens' real-world activities. We are particularly
unnerved by a declaration that such a social graph is indeed aimed for by NHSX.
We understand that the current proposed design is intended to meet the requirements set out by the
public health teams, but we have seen conflicting advice from different groups about how much data
the public health teams need. We hold that the usual data protection principles should apply: collect
the minimum data necessary to achieve the objective of the application. We hold it is vital that if you
are to build the necessary trust in the application the level of data being collected is justified publicly
by the public health teams demonstrating why this is truly necessary rather than simply the easiest
way, or a “nice to have”, given the dangers involved and invasive nature of the technology.</blockquote>

]]></description>
<dc:subject>nhs nhsx privacy data-privacy security contact-tracing covid-19 surveillance</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:e282a2426f1a/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nhs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nhsx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://progcity.maynoothuniversity.ie/2020/04/will-covidtracker-ireland-work/">
    <title>Will CovidTracker Ireland work?</title>
    <dc:date>2020-04-22T20:00:32+00:00</dc:date>
    <link>http://progcity.maynoothuniversity.ie/2020/04/will-covidtracker-ireland-work/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Rob Kitchin writes:

<blockquote>It is essential that the government follow the guidance of the European Data Protection Board that recommends that strong measures are put in place to protect privacy, data minimization is practised, the source code is published and regularly reviewed, there is clear oversight and accountability, and there is purpose limitation that stops control creep.

If implemented poorly, the app could have a profound chilling effect on public trust and public health measures that might be counterproductive. As a consequence, the Ada Lovelace Institute, a leading UK centre for artificial intelligence research, is advising governments to be cautious, ethical and transparent in their use of app-based contact tracing. Ireland might do well to heed their advice.</blockquote>

]]></description>
<dc:subject>data-privacy privacy covid-19 hse apps ireland contact-tracing</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:29dcbc692710/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:hse"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ireland"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://edpb.europa.eu/sites/edpb/files/files/file1/edpbletterecadvisecodiv-appguidance_final.pdf">
    <title>EDPB on COVID-19 contact tracing apps</title>
    <dc:date>2020-04-15T11:11:33+00:00</dc:date>
    <link>https://edpb.europa.eu/sites/edpb/files/files/file1/edpbletterecadvisecodiv-appguidance_final.pdf</link>
    <dc:creator>jm</dc:creator><description><![CDATA[European Data Protection Board: Letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic]]></description>
<dc:subject>edpb data-privacy privacy covid-19 eu ec contact-tracing</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:a50c5b028683/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:edpb"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:eu"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://github.com/DP-3T/">
    <title>DP^3T</title>
    <dc:date>2020-04-14T14:28:07+00:00</dc:date>
    <link>https://github.com/DP-3T/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Marcel Salathe says: 'Decentralized Privacy-Preserving Proximity Tracing (#DP3T): SDK and calibration app for iOS and Android, and a backend implementation, are now open source. Actual app with nice UI will follow soon']]></description>
<dc:subject>open-source dp3t privacy data-privacy covid-19 contact-tracing</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:2a8f9336fd08/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:open-source"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dp3t"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.zfnd.org/blog/private-contact-tracing-protocols-compared/">
    <title>Private Contact Tracing Protocols Compared: DP-3T and CEN</title>
    <dc:date>2020-04-07T18:02:30+00:00</dc:date>
    <link>https://www.zfnd.org/blog/private-contact-tracing-protocols-compared/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>it’s critically important to prevent the creation of new surveillance infrastructure [...] But contact tracing will be a critical part of COVID-19 recovery, particularly in the period after the surge of cases, but before widespread immunity prevents transmission.

So it’s been incredibly exciting to see how many people have been working on this problem in a spirit of radical collaboration. Some of these projects are mentioned in our previous post on design tradeoffs in contact tracing systems. At the Zcash Foundation, we’ve been collaborating with existing efforts on the CEN Protocol, originally started as a joint effort between two projects, CoEpi and Covid-Watch. And earlier this week, a group of European academics from eight universities announced a new effort called DP-3T. These protocols are very similar, and it would be great if they could both evolve towards a common standard. To support that goal, this post will compare and contrast the current designs of the DP-3T and CEN protocols.</blockquote>

]]></description>
<dc:subject>contact-tracing protocols crypto covid-19 dp-3t cen security privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:b7ee60b3c99e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:protocols"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:crypto"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dp-3t"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cen"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.ccc.de/en/updates/2020/contact-tracing-requirements">
    <title>CCC's 10 requirements for the evaluation of &quot;Contact Tracing&quot; apps</title>
    <dc:date>2020-04-06T20:27:59+00:00</dc:date>
    <link>https://www.ccc.de/en/updates/2020/contact-tracing-requirements</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>"Corona apps" are on everyone's lips as a way to contain the SARS-CoV-2 epidemic. CCC publishes 10 requirements for their evaluation from a technical and societal perspective.

Currently, technically supported "contact tracing" is being considered as means to counteract the spread of SARS-CoV-2 in a more targeted manner. The general motivation is to allow greater freedom of movement for the broad spectrum of society by allowing quick tracing and interruption of infection chains. Contacts of infected persons should be alerted more quickly and thus be able to quarantine themselves more quickly. This, in turn, should prevent further infections. A "corona app" could therefore protect neither ourselves nor our contacts: It would be designed to break chains of infection by protecting the contacts of our contacts.</blockquote>

]]></description>
<dc:subject>covid-19 pandemics contact-tracing ccc privacy data-privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:4344f9c0f634/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:pandemics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ccc"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://docs.google.com/document/d/16Kh4_Q_tmyRh0-v452wiul9oQAiTRj8AdZ5vcOJum9Y/edit">
    <title>Unified research on privacy-preserving contact tracing and exposure notification for COVID-19 - Google Docs</title>
    <dc:date>2020-04-03T16:57:26+00:00</dc:date>
    <link>https://docs.google.com/document/d/16Kh4_Q_tmyRh0-v452wiul9oQAiTRj8AdZ5vcOJum9Y/edit</link>
    <dc:creator>jm</dc:creator><description><![CDATA['This document has been created to share information across the numerous projects that are working to create mobile apps to help contact tracers fight COVID-19. Many technologists who are designing privacy-preserving apps and tools for this process are new to contact tracing, and want to ensure that their work is solidly grounded in the work that public health professionals are doing around the world. This document aims to collate questions, statistics and experiences to ensure that apps are relevant and well-designed.']]></description>
<dc:subject>docs gdocs contact-tracing privacy apps coding tech covid-19 collaboration</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:404df94aa455/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:docs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdocs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:coding"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tech"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:collaboration"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.pepp-pt.org/">
    <title>PEPP-PT</title>
    <dc:date>2020-04-01T19:46:10+00:00</dc:date>
    <link>https://www.pepp-pt.org/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Yet another privacy-preserving contact tracing app system, this time from a pan-European consortium:

<blockquote>Pan-European Privacy-Preserving Proximity Tracing
(PEPP-PT) makes it possible to interrupt new chains of SARS-CoV-2 transmission rapidly and effectively by informing potentially exposed people. We are a large and inclusive European team. We provide standards, technology, and services to countries and developers. We embrace a fully privacy-preserving approach. We build on well-tested, fully implemented proximity measurement and scalable backend service. We enable tracing of infection chains across national borders. </blockquote>

(via Cory)
]]></description>
<dc:subject>coronavirus tracing gdpr covid-19 privacy contact-tracing apps europe via:doctorow</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:e8e1d90b3f4b/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:coronavirus"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tracing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gdpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:europe"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:via:doctorow"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.technologyreview.com/s/615372/coronavirus-infection-tests-app-pandemic-location-privacy/">
    <title>Safe Paths</title>
    <dc:date>2020-03-18T18:04:26+00:00</dc:date>
    <link>https://www.technologyreview.com/s/615372/coronavirus-infection-tests-app-pandemic-location-privacy/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Another privacy-preserving COVID-19 contact-tracing app, this one from MIT:

<blockquote>The news: An app that tracks where you have been and who you have crossed paths with—and then shares this personal data with other users in a privacy-preserving way—could help curb the spread of Covid-19, says Ramesh Raskar at the MIT Media Lab, who leads the team behind it. Called Private Kit: Safe Paths, the free and open-source app was developed by people at MIT and Harvard, as well as software engineers at companies such as Facebook and Uber, who worked on it in their free time.  </blockquote>
]]></description>
<dc:subject>mit contact-tracing privacy apps smartphones android ios covid-19 epidemics pandemics</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:ca9d8a70f22c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:mit"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:smartphones"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ios"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:epidemics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:pandemics"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.covid19risk.com/about.html">
    <title>COVID-19 Risk App</title>
    <dc:date>2020-03-17T23:02:56+00:00</dc:date>
    <link>https://www.covid19risk.com/about.html</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>
COVID-19 has a relatively long infectious incubation period, averaging five days but potentially up to two weeks, during which there may be asymptomatic transmission. In other words, there may be a period of time in which people who carry COVID-19 don't necessarily show symptoms and may not even realise they are infected, but are still capable of infecting others. This makes it harder for health professionals and epidemiologists to trace who has come into contact with infected persons ('contact tracing'), which in turn makes the virus more difficult to effectively contain.

Many people, however, now carry GPS-enabled smartphones which already track their location over time - most mapping apps, like Google Maps or MapQuest, already collect this data by default. We believe that this information could be used to rapidly and automatically perform a type of contact tracing, helping limit the spread of COVID-19 and other infectious diseases. These phones are usually also Bluetooth-enabled, allowing them to track and record which other phones they're in proximity to.

We believe that together, these two pieces of information can be used to inform and empower our users in a range of ways. Firstly, we can generate heatmaps of high-risk areas from demographic data, known cases, and epidemiological modelling, allowing users to adjust their behaviour accordingly. Secondly, we can use Bluetooth connections between users to enact cryptographically secure contact tracing and alerting them if we learn that they have been exposed to COVID-19, without revealing the identities or infection status of any other users.</blockquote>

]]></description>
<dc:subject>covid-19 contact-tracing apps android ios smartphones privacy location</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:e56e9084f32f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:contact-tracing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:apps"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ios"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:smartphones"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:location"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://twitter-likes-deleter.glitch.me/">
    <title>Twitter Likes Deleter</title>
    <dc:date>2020-02-03T14:41:28+00:00</dc:date>
    <link>http://twitter-likes-deleter.glitch.me/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Now that there are creepy companies tracking every tweet you've "liked", here's a Glitch app which will revert those Likes en masse]]></description>
<dc:subject>likes twitter social-media snooping via:anildash privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:911668910adf/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:likes"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:twitter"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:social-media"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:snooping"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:via:anildash"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.thetimes.co.uk/article/revealed-betting-firms-use-schools-data-on-28m-children-dn37nwgd5">
    <title>Revealed: betting firms use schools data on 28m UK children</title>
    <dc:date>2020-01-20T10:22:18+00:00</dc:date>
    <link>https://www.thetimes.co.uk/article/revealed-betting-firms-use-schools-data-on-28m-children-dn37nwgd5</link>
    <dc:creator>jm</dc:creator><description><![CDATA[So much for "strict privacy rules":

<blockquote>Betting companies have been given access to an educational database containing names, ages and addresses of 28 million children and students in one of the biggest breaches of government data.  They have used it to help increase the proportion of young people who gamble online. It contains details of children age 14 and above in state schools, private schools and colleges in England, Wales and Northern Ireland.</blockquote>

]]></description>
<dc:subject>privacy data-protection children kids schools uk betting gambling</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:fc4aac3bf7fe/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:children"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:kids"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:schools"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:uk"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:betting"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gambling"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://nelsonslog.wordpress.com/2020/01/07/facial-recognition-for-the-public-yandex/">
    <title>Facial recognition for the public: Yandex</title>
    <dc:date>2020-01-08T20:58:09+00:00</dc:date>
    <link>https://nelsonslog.wordpress.com/2020/01/07/facial-recognition-for-the-public-yandex/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[not such much via, as from, Nelson:

<blockquote>You can use Yandex Image Search right now as a pretty good facial recognition system for anyone who has labelled photos on the Web. I believe this is the first generally accessible facial recognition system with a large database. Yandex isn’t designed for this purpose. The trick is to upload photos cropped to a face and it’ll work more or less to find similar faces.</blockquote>

this is really odd. Definitely seems like they designed the image similarity engine to support faces as a special case.]]></description>
<dc:subject>privacy face-recognition yandex search similarity images web</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:3a385d71b7b1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:face-recognition"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:yandex"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:search"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:similarity"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:images"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:web"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html?te=1&amp;nl=the-privacy%20project&amp;emc=edit_priv_20191219?campaign_id=0&amp;instance_id=0&amp;segment_id=0&amp;user_id=7c8ff3fc774920a57c39e5d6cb28327e&amp;regi_id=020191219">
    <title>Opinion | Twelve Million Phones, One Dataset, Zero Privacy - The New York Times</title>
    <dc:date>2019-12-19T14:55:14+00:00</dc:date>
    <link>https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html?te=1&amp;nl=the-privacy%20project&amp;emc=edit_priv_20191219?campaign_id=0&amp;instance_id=0&amp;segment_id=0&amp;user_id=7c8ff3fc774920a57c39e5d6cb28327e&amp;regi_id=020191219</link>
    <dc:creator>jm</dc:creator><description><![CDATA['We identified people at political rallies and protests, in one case from 2016 we saw a Seattle-based Microsoft employee take a day off and visit Amazon's campus...when we found him on LinkedIn in 2019 he was an Amazon employee. Turns out his phone had given away his job interview.  In recent months we’ve spoken with people we’ve found in the data. Their reaction is surprising — a blend of contradictory emotions like outrage and apathy. We don't have the language to talk about this stuff. And part of the reason is...we adopted this tech so fast.

A big takeaway from my experience with this reporting: This is the decade we were brainwashed into surveilling ourselves. In just over 10 years we were sold a future of personalization and convenience and paid for it with little pieces of ourselves that we can never get back.']]></description>
<dc:subject>technology privacy surveillance phones mobile location location-tracking tracking geo</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:2f425d3391e7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:technology"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:phones"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:mobile"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:location"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:location-tracking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tracking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:geo"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.icij.org/investigations/china-cables/exposed-chinas-operating-manuals-for-mass-internment-and-arrest-by-algorithm/">
    <title>China’s Operating Manuals for Mass Internment and Arrest by Algorithm - ICIJ</title>
    <dc:date>2019-11-25T14:07:55+00:00</dc:date>
    <link>https://www.icij.org/investigations/china-cables/exposed-chinas-operating-manuals-for-mass-internment-and-arrest-by-algorithm/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>“The Chinese have bought into a model of policing where they believe that through the collection of large-scale data run through artificial intelligence and machine learning that they can, in fact, predict ahead of time where possible incidents might take place, as well as identify possible populations that have the propensity to engage in anti-state anti-regime action,” said Mulvenon, the SOS International document expert and director of intelligence integration. “And then they are preemptively going after those people using that data.”

Mulvenon said IJOP is more than a “pre-crime” platform, but a “machine-learning, artificial intelligence, command and control” platform that substitutes artificial intelligence for human judgment. He described it as a “cybernetic brain” central to China’s most advanced police and military strategies. Such a system “infantilizes” those tasked with implementing it, said Mulvenon, creating the conditions for policies that could spin out of control with catastrophic results.

The program collects and interprets data without regard to privacy, and flags ordinary people for investigation based on seemingly innocuous criteria, such as daily prayer, travel abroad, or frequently using the back door of their home.

Perhaps even more significant than the actual data collected are the grinding psychological effects of living under such a system.  With batteries of facial-recognition cameras on street corners, endless checkpoints and webs of informants, IJOP generates a sense of an omniscient, omnipresent state that can peer into the most intimate aspects of daily life.  As neighbors disappear based on the workings of unknown algorithms, Xinjiang lives in a perpetual state of terror.

The seeming randomness of investigations resulting from IJOP isn’t a bug but a feature, said Samantha Hoffman, an analyst at the Australian Strategic Policy Institute whose research focuses on China’s use of data collection for social control.  “That’s how state terror works,” Hoffman said. “Part of the fear that this instills is that you don’t know when you’re not OK.”</blockquote>

]]></description>
<dc:subject>terror dystopia china algorithms ijop future policing grim-meathook-future privacy data-privacy uighurs</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:56d5edb57106/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:terror"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:dystopia"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:china"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:algorithms"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ijop"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:future"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:policing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:grim-meathook-future"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:uighurs"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.nytimes.com/2019/10/02/magazine/ice-surveillance-deportation.html#click=https://t.co/106daANqmy">
    <title>How ICE Picks Its Targets in the Surveillance Age - The New York Times</title>
    <dc:date>2019-10-03T10:12:45+00:00</dc:date>
    <link>https://www.nytimes.com/2019/10/02/magazine/ice-surveillance-deportation.html#click=https://t.co/106daANqmy</link>
    <dc:creator>jm</dc:creator><description><![CDATA[This article is terrifying.

<blockquote>Tracking immigrants in this country is an increasingly trivial exercise because it’s an increasingly trivial exercise to track any of us. [...] Over the course of more than a year, I tried to reverse-engineer individual ICE officers’ use of America’s vast post-Sept. 11 domestic-surveillance apparatus, retracing their hunt for targets down to the very searches they entered into their computers.</blockquote>

The scale of domestic surveillance of the general population in the US is huge.  We need more friction:

'What may be most unusual about Washington State is not what it collects and not what it has shared but the degree to which it has been forced to become transparent about the vast quantity of personal data that courses through its bureaucracy. For decades, the overriding objective of American business and government has been to remove friction from the tracking system, by linking networks, by speeding connections, by eliminating barriers. But friction is the only thing that has ever made privacy, let alone obscurity, possible. If there’s no friction, if we can all be profiled instantly and intimately, then there’s nothing to stop any of our neighbors from being targeted — nothing, that is, except our priorities.']]></description>
<dc:subject>ice privacy data-protection data-privacy immigration us-politics trump surveillance palantir great-oak tracking</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:b5462c83960f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ice"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-protection"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:immigration"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:us-politics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:trump"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:palantir"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:great-oak"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tracking"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://idlewords.com/talks/hk_stanford.html">
    <title>Observations on Technology Use in Hong Kong Protests</title>
    <dc:date>2019-09-19T16:12:46+00:00</dc:date>
    <link>https://idlewords.com/talks/hk_stanford.html</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Very interesting. Good to see Telegram in the app list:

'Telegram is the preferred messenger app among protesters. It’s used for one-on-one messaging between people, among small groups of people to coordinate, and among very large groups to amplify and disseminate information. The polls feature in Telegram is also a way of affirming consensus in group decision making. Several features of Telegram make it attractive to protesters:

Disappearing messages. If the police force you to unlock your phone, you don’t give up your friends.

Groups with very large membership (tens of thousands, or even a hundred thousand members). This allows for quick, rapid amplification of news.

Built-in polls. Since the protest is decentralized, some mechanism is needed for decisionmaking. 
Polls in practice are used to ratify decisions where a consensus has become clear.
Ease of use.']]></description>
<dc:subject>china communication hong-kong protests protesting privacy telegram future messaging</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:d171a80f0dd1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:china"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:communication"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:hong-kong"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:protests"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:protesting"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:telegram"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:future"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:messaging"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://developers.googleblog.com/2019/09/enabling-developers-and-organizations.html">
    <title>Google release an open-source differential-privacy lib</title>
    <dc:date>2019-09-09T14:24:03+00:00</dc:date>
    <link>https://developers.googleblog.com/2019/09/enabling-developers-and-organizations.html</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>Differentially-private data analysis is a principled approach that enables organizations to learn from the majority of their data while simultaneously ensuring that those results do not allow any individual's data to be distinguished or re-identified. This type of analysis can be implemented in a wide variety of ways and for many different purposes. For example, if you are a health researcher, you may want to compare the average amount of time patients remain admitted across various hospitals in order to determine if there are differences in care. Differential privacy is a high-assurance, analytic means of ensuring that use cases like this are addressed in a privacy-preserving manner.

Currently, we provide algorithms to compute the following:

Count
Sum
Mean
Variance
Standard deviation
Order statistics (including min, max, and median)</blockquote>

]]></description>
<dc:subject>analytics google ml privacy differential-privacy aggregation statistics obfuscation approximation algorithms</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:98439e468432/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:analytics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ml"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:differential-privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:aggregation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:statistics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:obfuscation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:approximation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:algorithms"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.forbes.com/sites/bradtempleton/2019/08/29/well-networked-self-driving-cars-become-a-surveillance-nightmare/#7e27bd14612f">
    <title>Well Networked Self-Driving Cars Become A Surveillance Nightmare?</title>
    <dc:date>2019-08-29T13:04:06+00:00</dc:date>
    <link>https://www.forbes.com/sites/bradtempleton/2019/08/29/well-networked-self-driving-cars-become-a-surveillance-nightmare/#7e27bd14612f</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>It's time to establish precedents that the fleets of advanced cars on the road do not become a giant surveillance apparatus. That it should be illegal for police to request that car fleets perform surveillance for them. That companies operating fleets resist such requests when they come, in the courts if they have to.</blockquote>

]]></description>
<dc:subject>cars driving future surveillance cctv anpr alpr police privacy</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:0fddeb24bf6b/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cars"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:driving"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:future"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:surveillance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cctv"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:anpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:alpr"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:police"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://twitter.com/Pinboard/status/1166946106321670144">
    <title>Solid advice on what to do in case the government shuts down the internet</title>
    <dc:date>2019-08-29T11:54:08+00:00</dc:date>
    <link>https://twitter.com/Pinboard/status/1166946106321670144</link>
    <dc:creator>jm</dc:creator><description><![CDATA[....as is feared will happen right now in Hong Kong.

<blockquote>Dear Hong Kong friends: as people are worried about an internet shutdown, do not be afraid to make plans now. Find a VPN that you like and test it out. If Telegram is unusable, use Signal or WhatsApp (both are safe). If LIHGK is not usable, use Reddit or Facebook groups.
Above all, please remember that one of the biggest enemies you face are rumors. These will get worse if Internet access is curtailed; be careful about unverified news. As a general rule, you are best served by using a very big site (like Facebook or Google) than something small.
The very big sites are harder to shut down and to attack. They also have security teams that make it harder for people to interfere with them. Whatever backup plan you have, test it while things are still working, so you don't have to learn it when under lots of stress.
Twitter is another good choice for sharing information quickly. Google is also a safe option for chat/messages. All of these companies have experience fighting Chinese interference and will fight for you in case there is an effort to limit internet access in Hong Kong.
My biggest piece of advice: do not forget to look at cat pictures once in a while to reduce anxiety and stress!</blockquote>

VPN recommendations, via Zeynep Tufekci: 'the three I heard most about were: @getcloak (now encrypt.me), @theTunnelBear (PAID) and @FreedomeVPN. Don't use free ones.']]></description>
<dc:subject>security privacy internet shutdown via:pinboard via:zeynep hong-kong</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:852e7f16b3ba/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:internet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:shutdown"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:via:pinboard"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:via:zeynep"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:hong-kong"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>