< ciso
brief />
Tag Banner

All news with #privacy engineering tag

138 articles

Regulating Corporate Responsibility for AI Privacy

🛡️ Daniel Solove argues in the Wall Street Journal that individual control over personal data is insufficient to protect privacy in the AI era. He urges shifting regulatory focus to hold companies accountable—similar to food and drug oversight—through measures like data minimization, fiduciary duties, and liability for negligent design. Solove also recommends liability for harmful algorithms and multi-stakeholder review of technologies to ensure safer outcomes.
read more →

23andMe to Pay $18M After Massive Genetic Data Breach

🔒 A coalition of 43 state attorneys general reached an $18 million settlement with 23andMe (now Chrome Holding Co.) over a 2023 data breach that exposed genetic data of 6.9 million customers. Investigators found the company lacked basic protections against credential-stuffing attacks, including multifactor authentication, password blocklisting, and adequate monitoring. The settlement imposes new security requirements, governance measures, and preserves consumer deletion rights while following prior lawsuits and fines.
read more →

Meta’s Muse Image Sparks Privacy Backlash

🎯 Meta launched Muse Image on July 7, 2026 — an AI image generator that reasons through prompts and scrapes the web for context. Journalists found it could reference any public Instagram account without notifying creators, enabling use of others’ content without permission. Meta disabled the feature on July 10 after criticism, offering no clear commitments on future safeguards or data use policies.
read more →

Study Reveals Browser Wallets Enable Cross‑Site Tracking

🔎 Researchers at KU Leuven analyzed 85 popular browser-based crypto wallet extensions and found systemic privacy leaks that can link and de-anonymize users. The wallets reveal addresses in clear text to external servers, announce installed wallets to sites, and often fail to revoke access on logout. These behaviors allow separate addresses to be correlated, stale permissions to persist across sessions, and authorized wallets to expose addresses inside embedded frames, enabling cross-site tracking and potential deanonymization.
read more →

Meta patents always-on AI to infer emotions from voice

📰 Meta filed a patent for an AI system that listens to users' voices throughout the day, timestamps emotional readings, and links them to context like location and device usage. The application, published July 2, 2026, describes devices from phones to smart glasses transcribing speech and tagging segments with emotional labels, and optionally combining biometrics and eye-tracking. A related set of claims describes a mood-aware fitness coach that adjusts guidance based on inferred emotional state. The filing is a claim on the idea rather than an announced product, and raises regulatory and privacy questions.
read more →

EU extends controversial message scanning through 2028

🔎 Members of the European Parliament failed to block an interim measure that extends mass scanning of private communications through 2028. The motion to reject and an amendment requiring warrants both secured more votes in favor than against, but neither reached the necessary absolute majority due to many absences. The extension permits service providers to scan DMs and emails on platforms like Discord, Instagram, Gmail and iCloud without warrants, while end-to-end encrypted services remain unaffected. Supporters argue it combats child sexual abuse; critics warn it threatens privacy and could lead to false positives affecting enterprises.
read more →

AI Surveillance Threatens Social Freedom and Progress

🔍 AI-powered surveillance will soon monitor and penalize public and private behavior in real time, combining advanced facial recognition, mass databases, and personalized enforcement. These systems, already widespread in China and being trialed globally, can produce chilling effects on personal freedoms, democracy, and social progress by encouraging conformity and self-censorship. Policy interventions like bans, privacy protections, and AI regulation are proposed to prevent such outcomes.
read more →

Meta’s NameTag controversy raises privacy alarms

🕶️ Meta’s Ray‑Ban smart glasses, boosted by AI, have sparked privacy concerns after leaked documents revealed a facial‑recognition feature called NameTag. The tool could match faces seen by the glasses to contacts or public profiles across Meta platforms and store unmatched faces in a “Pending” folder. Wired later reported that NameTag code and third‑party facial recognition components from Rank One Computing were embedded in the Meta AI companion app before being partially removed following public outcry.
read more →

Smashing Security Podcast 475: AI Risks and Privacy Gaps

🎧 This episode of Smashing Security discusses a rash of recent cybersecurity incidents, including a 15-year-old who used a chatbot to cancel nearly 47,000 anime subscriptions and the first documented agentic ransomware, JadePuffer. The hosts also examine Apple’s problematic Hide My Email feature, which has been known to leak addresses for over a year. Guest Zoë Rose joins Graham Cluley to assess implications for security and privacy.
read more →

Flock’s Vehicle Fingerprinting Enables Plateless Surveillance

🚨 A 2024 company presentation reveals that Flock uses a so-called “Vehicle Fingerprint” combining decals, bumper stickers, racks and temporary tags to identify cars when license plates are incomplete or absent. The system enables officers to search that dataset, perform multi-geo queries and locate vehicles believed to be traveling together. Bruce Schneier notes this capability echoes older surveillance practices and warns that similar outcomes are possible with broad access to cell phone location data.
read more →

Papa John’s Uses Shopping Data to Target Ads

🍕Papa John’s partnered with NBCUniversal, Instacart, and media agency Carat to target consumers when they’re likely low on groceries by analyzing Instacart purchase patterns. The campaign creates custom audiences based on purchases of staples like eggs, milk, and produce, then serves tailored creatives on NBCU streaming with prompts such as “Light on groceries?” and QR codes. Carat framed the approach as learning what’s in consumers’ fridges without being “too creepy.” The author notes historical parallels and ethical concerns about such predictive advertising.
read more →

AWS Clean Rooms adds intermediate tables for SQL

🧩 AWS Clean Rooms now supports writing SQL query results to intermediate tables within a collaboration, enabling multi-step analytical workflows between partners. These intermediate tables allow reuse of complex joins and creation of shared ID mapping tables for downstream analyses, all within the collaboration’s privacy boundary. The feature helps reduce costs and improve performance for subsequent analyses such as reach, frequency, and attribution.
read more →

WhatsApp introduces usernames to protect phone numbers

🔒 WhatsApp is introducing reserved usernames so users can hide their phone numbers from people who are not in their contacts. The company says reservations are open now and the feature will roll out globally later this year, with an optional username key that others must know to message you for the first time. Users can change or delete reserved usernames, while certain names are reserved for governments, public figures, and businesses.
read more →

WhatsApp introduces usernames to protect privacy

🔐 WhatsApp has begun global reservations for usernames to let users connect without sharing phone numbers. The optional feature allows creation and reservation of a unique username now, ahead of a wider rollout later this year. Users can also set a username key for extra protection, requiring both the exact username and key to message someone initially. Content creators and businesses may claim matching Instagram or Facebook names, and once enabled others cannot view a user's phone number.
read more →

Meta Prototypes Facial Recognition for Authorities

🔎 Meta is prototyping facial recognition systems intended for use by police and military, reportedly working with a Pentagon supplier to develop tools that can identify people in real time. The project follows longstanding interest from agencies like ICE in deploying camera-equipped eyewear and other devices for live identification. Concerns persist about privacy, accuracy, and potential misuse as the company explores real-time identification capabilities.
read more →

Ten years of the GDPR: mixed outcomes and lessons

📄 Ten years after the GDPR came into force, data protection is far more established across Europe and beyond, raising consumer awareness and making privacy a competitive factor for businesses. Record fines against major tech firms underline enforcement seriousness, even as many penalties remain disputed. Companies increasingly view the regulation as burdensome and legally uncertain, complicating innovation, notably in AI development.
read more →

Google expands privacy controls for Search and Play

🔒 Google announced new privacy controls that separate saved history and personalization for Search services and Google Play, rolling out in users' Google Accounts in the coming days. The update creates distinct Search Services History and Personalized Recommendations settings, and similarly splits Play History and Personalization in Play. If Web & App Activity is on, the new Search Services History and its Save Media subsetting will be enabled after transition, but users can disable or delete saved media later.
read more →

Professional athletes, wearables, and privacy risks

🔒 Wearables raise acute privacy concerns for professional athletes because biometric data can directly affect livelihoods. While such data can aid training and injury prevention, access by coaches, teams, or leagues risks misuse in discipline, contract negotiations, and betting markets. Experts warn commercialization could enable gamblers and teams to exploit sensitive signals like sleep or heart rate, and aging or injured players may be most vulnerable. Legal and ethical safeguards remain unresolved.
read more →

UK Information Commissioner Resigns After Probe

📰 The UK’s information commissioner, John Edwards, resigned on June 19 after an internal HR investigation concluded there was a case to answer for conduct that fell short of expected standards. Secretary of state Liz Kendall cited vulgar, sexualized language and thanked those who came forward. The ICO reiterated its commitment to a safe workplace and said it does not accept harassment, bullying or discrimination. Edwards acknowledged poor judgement, described his role as untenable and announced his resignation.
read more →

Apple change to Hide My Email raises privacy concerns

🔒 Apple is changing the domain used for newly generated Hide My Email aliases from "@icloud.com" to "@private.icloud.com", a tweak that has drawn criticism from privacy-minded users. The shift makes generated addresses identifiable as aliases, potentially allowing sites to block anonymous sign-ups. Existing aliases will continue to function, while new ones will be issued on the new domain later this summer. Users warned this could reduce the feature's effectiveness for anonymity.
read more →