All news with #privacy engineering tag

🔒 Digital assets left after death — from emails and social media to passwords and crypto wallets — can complicate an already traumatic time for families and create new fraud opportunities. The legal landscape is fragmented: RUFADAA in the US, a proposed UK bill and ELI efforts in Europe offer partial solutions, but platform policies remain inconsistent. Practical steps include creating a digital inventory, appointing legacy contacts (e.g., Facebook/Instagram Legacy Contact, Google Inactive Account Manager, Apple Digital Legacy) and using emergency access features in password managers. Also file tax returns, place deceased alerts on credit reports, cancel subscriptions, and be wary of scams targeting grieving relatives.

🔒 Proton has launched Meet, a privacy-focused video conferencing service offering end-to-end encrypted calls as an alternative to mainstream platforms. Meet supports free one-hour meetings with up to 50 participants and offers a Pro tier starting at $7.99/month for longer sessions. The service uses the open-source MLS protocol, WebRTC with SFUs, and client-side encryption; authentication relies on SRP. Meetings are created via links containing an ID and locally held passwords, and Proton says it retains only non-sensitive meeting IDs, minimizing exposure even in server compromises.

🔒 Kent Walker, Google's President of Global Affairs, outlined how rapidly evolving user expectations are shaping AI development at the IAPP Global Summit 2026. He highlighted Personal Intelligence in Search and the Ukraine national assistant Diia.AI as examples of context-aware, task-oriented assistants. Google’s rollout approach emphasizes trusted testers, staged expansion, continuous feedback, and clear controls over agents’ access, while applying guardrails such as Gemini avoiding proactive assumptions. Walker urged investment in privacy-enhancing technologies, new transparency models, and global standards to align data protection with these innovations.

📞 The Information Commissioner’s Office (ICO) fined Birmingham-based monitored alarm provider TMAC £100,000 after staff used false identities on marketing sales calls and the firm made over 260,000 calls to numbers registered on the Telephone Preference Service. The ICO said TMAC deliberately targeted individuals over 60 between February and September 2024, impersonating local crime and fire prevention initiatives to trick recipients. The regulator stressed these actions breached the Privacy and Electronic Communications Regulations and highlighted the importance of public reporting in enabling enforcement.

🔔 Sen. Ron Wyden warned on the Senate floor that a classified, previously undisclosed interpretation of Section 702 is affecting Americans’ privacy and has been withheld from public and congressional debate. He raised the issue while opposing the nomination of Joshua Rudd to lead the NSA, citing Rudd’s unwillingness to accept basic constitutional limits on surveillance. Wyden said he has repeatedly asked administrations to declassify the matter and is still awaiting a response from DNI Gabbard. He urged Congress to openly debate the matter before Section 702 is reauthorized.

🔒 Proton Mail disclosed subscriber payment metadata to Swiss authorities, who in turn shared the records with the FBI. The released material appears to be billing- and payment-related information rather than message contents, but such metadata can still link an account to an individual. The case highlights that privacy-focused services may be compelled by legal process to produce stored user records.

👓 Meta's new AI glasses are a privacy disaster, capturing audio, images, and contextual data in public and private spaces without meaningful consent. Security expert Bruce Schneier warns the technology is inevitable and difficult to regulate effectively. He notes an Android app now claims to detect nearby smart glasses, but detection is limited and insufficient to address broader surveillance and policy challenges.

🔒 WhatsApp has begun rolling out parent-managed accounts for pre-teens, enabling guardians to control who can contact their child and which groups they can join. These managed profiles limit the child to messaging and calling, exclude access to Meta AI, Channels, Status, and location sharing, and preserve end-to-end encryption so messages cannot be read by third parties. Setup requires both devices present: parents verify the child's number, scan a QR code to link accounts, and set a 6-digit PIN to lock parental controls. By default children can message only saved contacts and parents must approve group additions; the child can switch to a standard account at 13.

🔒 This practical guide describes how to disable built‑in AI assistants that vendors are increasingly embedding across consumer products from Microsoft, Google, Apple, and Meta. It summarizes the privacy, security, and performance risks these agents introduce and gives concise, actionable steps to turn off AI features in Gmail and Google Docs, Chrome, Firefox, Edge, Windows (Copilot and Recall), WhatsApp, Android, macOS and iOS. Where uninstalling isn't possible, the article describes flag, settings, and registry workarounds and recommends periodic checks to ensure features haven't been reactivated.

🔒 The OpenID Foundation warns that inconsistent handling of deceased users' digital accounts across platforms and jurisdictions creates systemic gaps that invite fraud and exploitation. The report, titled The Unfinished Digital Estate, highlights the growing risk of AI-driven deepfakes simulating deceased individuals to manipulate relatives, spread disinformation, or extract funds. It urges coordinated action from policymakers, platforms and standards bodies to create interoperable frameworks, verifiable death/incapacity processes, and clear consent, delegation and audit mechanisms to protect posthumous identity autonomy.

🔎 A new study demonstrates that large language models can reliably deanonymize users from a handful of anonymous posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, LLM agents infer location, occupation, and interests and then search the web to find likely identities. The researchers report high precision results that scale to tens of thousands of candidates, showing that automated deanonymization is now practical and widely feasible.

🔒 Samsung and the State of Texas have settled a dispute over allegations that its smart TVs used Automated Content Recognition (ACR) to collect viewing data without users' express consent. Under the agreement, Samsung must halt collection or processing of ACR viewing data from Texas consumers unless they give clear, affirmative consent, and it will update TVs with clearer privacy disclosures and consent screens. Texas AG Ken Paxton said the settlement compels clear, conspicuous notices; Samsung maintains it did not spy on consumers but agreed to strengthen privacy notices.

🔒 App permissions determine which data and device features an app can access, and many users accept prompts without considering the consequences. The article, by Phil Muncaster, explains how modern Android and iOS versions surface sensitive permissions at runtime and distinguishes between benign “normal” permissions and higher-risk “dangerous” ones. It highlights particularly sensitive requests — accessibility, background location, SMS/call logs and overlay — and recommends using Allow once or While using, regularly auditing permissions via App Privacy Report or Privacy Dashboard, and installing apps only from reputable stores.

🔒 The UK Information Commissioner's Office (ICO) has fined Reddit £14.47m for failing to implement robust age verification and for not conducting a required DPIA before January 2025. The regulator found that children under 13 had personal data processed without a lawful basis and were potentially exposed to inappropriate content. Reddit maintains it avoids collecting identity data to protect privacy, while experts warn heavy-handed identity checks could introduce new privacy and security risks.

🔒 The Fulu Foundation has offered a US $10,000 bounty to anyone who can modify Ring doorbell cameras so they operate locally and stop sending footage to Amazon's servers. The prize requires a demonstrable method to redirect recordings to an owner's own computer or server rather than to cloud services. The initiative follows public privacy backlash over Ring's Super Bowl ad and broader worries about data ownership and consent.

⚠️ Amazon's Ring has canceled its partnership with surveillance analytics firm Flock, a move that underscores how toxic Flock's reputation has become and spotlights risks in third‑party surveillance integrations. The announcement signals growing reputational and operational exposure for vendors that tie consumer devices to controversial surveillance‑tech providers, including possible feature rollbacks and legal scrutiny. Commentators, notably Hamilton Nolan, have gone further and advised consumers to remove their Ring doorbells. The decision sharpens concerns about vendor due diligence, user consent, and the privacy consequences of embedded surveillance capabilities.

🕶 In episode 455 Graham Cluley and guest James Ball discuss whether major online services and cloud providers could become geopolitical leverage, asking if nations might have a viable contingency 'Plan B' for tech sovereignty. They also probe reporting that Meta may be considering facial-recognition features for its smart glasses, raising fresh privacy and surveillance concerns. The conversation blends technical detail with policy implications and public trust.

🔍 Citizen Lab identified indicators that Kenyan authorities used Cellebrite forensic extraction tools on the personal Samsung phone of pro-democracy activist Boniface Mwangi while it was held in police custody in July 2025. The researchers assessed with high confidence that the extraction occurred on or around July 20–21; the device was returned in September and was no longer password-protected. Such access could have enabled full extraction of messages, files, passwords and other sensitive data. The finding compounds other recent reports of commercial spyware and extraction-tool misuse against civil society.

⚖️ A Spanish court has ordered NordVPN and ProtonVPN to block 16 websites and a dynamic set of IP addresses in Spain that facilitate illegal streaming of LaLiga matches. The measures were issued inaudita parte, meaning the providers were not called to a hearing and will have no opportunity to appeal. Rights holders argue VPNs fall under the EU Digital Services Regulation; the vendors say they were not notified and question the efficacy and legality of the order.

🛡️ Apple has added a Limit Precise Location setting in iOS 26.3 and later that restricts the location information mobile carriers receive via cell-tower connections, sharing only an approximate area rather than a precise street address. The toggle applies to specific models — iPhone Air, iPhone 16e, and iPad Pro (M5) Wi‑Fi + Cellular — and requires carrier support; currently supported networks include Telekom (Germany), EE and BT (UK), Boost Mobile (US), and AIS and True (Thailand). Apple says the feature does not affect Location Services or location sharing with friends and family, and it does not change emergency-call location data; users enable it in Settings → Cellular → Cellular Data Options and a restart may be required.