All news with #privacy engineering tag

🔒 The Fulu Foundation has offered a US $10,000 bounty to anyone who can modify Ring doorbell cameras so they operate locally and stop sending footage to Amazon's servers. The prize requires a demonstrable method to redirect recordings to an owner's own computer or server rather than to cloud services. The initiative follows public privacy backlash over Ring's Super Bowl ad and broader worries about data ownership and consent.

⚠️ Amazon's Ring has canceled its partnership with surveillance analytics firm Flock, a move that underscores how toxic Flock's reputation has become and spotlights risks in third‑party surveillance integrations. The announcement signals growing reputational and operational exposure for vendors that tie consumer devices to controversial surveillance‑tech providers, including possible feature rollbacks and legal scrutiny. Commentators, notably Hamilton Nolan, have gone further and advised consumers to remove their Ring doorbells. The decision sharpens concerns about vendor due diligence, user consent, and the privacy consequences of embedded surveillance capabilities.

🕶 In episode 455 Graham Cluley and guest James Ball discuss whether major online services and cloud providers could become geopolitical leverage, asking if nations might have a viable contingency 'Plan B' for tech sovereignty. They also probe reporting that Meta may be considering facial-recognition features for its smart glasses, raising fresh privacy and surveillance concerns. The conversation blends technical detail with policy implications and public trust.

🔍 Citizen Lab identified indicators that Kenyan authorities used Cellebrite forensic extraction tools on the personal Samsung phone of pro-democracy activist Boniface Mwangi while it was held in police custody in July 2025. The researchers assessed with high confidence that the extraction occurred on or around July 20–21; the device was returned in September and was no longer password-protected. Such access could have enabled full extraction of messages, files, passwords and other sensitive data. The finding compounds other recent reports of commercial spyware and extraction-tool misuse against civil society.

⚖️ A Spanish court has ordered NordVPN and ProtonVPN to block 16 websites and a dynamic set of IP addresses in Spain that facilitate illegal streaming of LaLiga matches. The measures were issued inaudita parte, meaning the providers were not called to a hearing and will have no opportunity to appeal. Rights holders argue VPNs fall under the EU Digital Services Regulation; the vendors say they were not notified and question the efficacy and legality of the order.

🛡️ Apple has added a Limit Precise Location setting in iOS 26.3 and later that restricts the location information mobile carriers receive via cell-tower connections, sharing only an approximate area rather than a precise street address. The toggle applies to specific models — iPhone Air, iPhone 16e, and iPad Pro (M5) Wi‑Fi + Cellular — and requires carrier support; currently supported networks include Telekom (Germany), EE and BT (UK), Boost Mobile (US), and AIS and True (Thailand). Apple says the feature does not affect Location Services or location sharing with friends and family, and it does not change emergency-call location data; users enable it in Settings → Cellular → Cellular Data Options and a restart may be required.

🛈 OpenAI is rolling out a full-screen onboarding experience for ads in ChatGPT on Android, assuring users that sponsored content will be clearly labeled and separated from model answers. The company says ads will not change responses and that it will not sell personal data to advertisers, though current chats may influence which sponsored message appears. Users can hide or report ads, ask ChatGPT about an ad, and manage ad-related data via a new Ads controls setting; paid tiers are exempt.

🤖 This Kaspersky article evaluates safety and privacy risks in consumer AI toys by testing four products—Grok, Kumma, Miko 3, and Robot MINI—using a simulated five‑year‑old. It emphasizes that these devices run on general-purpose LLMs (for example, OpenAI, Anthropic, Google) with inconsistent vendor guardrails. Tests show toys sometimes disclosed locations of dangerous household items, engaged on adult topics, and transmitted or stored voice and biometric data. The piece warns current toys lack reliable safety boundaries and calls for stronger guardrails and clearer data practices.

⚖️ The U.S. Supreme Court is weighing the constitutionality of geofence warrants in the appeal of Okello Chatrie, convicted after a 2019 Richmond-area robbery. Police obtained anonymized location records from Google for devices near the crime scene, which led investigators to Chatrie and evidence seized during a subsequent search. Chatrie’s appeal contends such warrants violate the Fourth Amendment. The Court’s decision could recalibrate the balance between investigative tools and individual location privacy.

🔐 Microsoft complied with a US search warrant in early 2025 and provided BitLocker recovery keys stored on its servers to investigators probing alleged COVID unemployment fraud in Guam. Because many Windows installations back up recovery keys by default to Microsoft cloud services, those keys were retrievable when legally compelled. Experts stress this is a custody and governance issue rather than a cryptographic failure of BitLocker, and recommend restricting default cloud backups, enforcing strict admin controls, and redirecting keys to on‑premises or enterprise key vaults where possible.

🕵️ The Irish government proposes new powers to allow police to intercept communications, including encrypted messages, and to authorize targeted, warrant-backed use of spyware. The draft measures would expand legal authority for interception, compel assistance from service providers and device makers, and define covert access procedures along with oversight obligations. Civil liberties groups and security experts warn the reforms risk weakening encryption, increasing misuse, and eroding privacy without robust independent safeguards.

🧭 OpenAI’s launches of ChatGPT Search and the ChatGPT Atlas browser mark a pivot toward monetizing user attention through advertising. The essay warns this trajectory risks reproducing the ad-driven incentives of search incumbents like Google, enabling conversational AI to influence purchases, opinions, and online behavior more subtly and effectively than traditional ads. Schneier urges caution, greater consumer data control, and public-policy responses to protect trust.

🚨 Inside Beverly Hills High School, an array of AI-driven surveillance tools is being used to monitor students and campus activity. Video cameras run facial recognition and behavior-analysis models, a smoke-detector-shaped device captures audio for distress sounds, drones stand ready for aerial intel, and license-plate readers from Flock Safety track vehicles. The deployment raises questions about privacy, oversight, and the normalization of commercial surveillance in schools.

🔒Most people underestimate how much personal data is publicly available online. Exposed details — names, past addresses, phone numbers, family ties, and old usernames — make individuals easy targets for doxxing, scams, and stalking. The article advises removing data from people-search sites and directories, either manually or by using a data removal service such as Incogni, which automates searches and sends deletion requests. An Unlimited plan lets you submit custom removal links for broader coverage.

📉 ISACA's State of Privacy 2026 report reveals privacy teams are shrinking and underfunded despite mounting regulatory and technological pressures. The median privacy staff size fell to five from eight year-over-year, and technical privacy roles are notably understaffed while demand for those skills rises. Respondents report increased stress—35% say their role is 'significantly more stressful' and 30% 'slightly more stressful'—attributed to rapid tech evolution, compliance complexity and resource shortages. To close skill gaps, organizations are training interested non-privacy staff and increasing reliance on contractors, consultants and planned AI tools for privacy tasks.

📍 The Federal Trade Commission has finalized an order prohibiting General Motors and its OnStar unit from collecting, using, or sharing consumers' precise geolocation and driving-behavior data without express consent. The FTC said GM harvested location data every three seconds through the discontinued Smart Driver feature and sold it to third parties, including consumer reporting agencies, which could affect insurance outcomes. Under the order GM is barred from sharing such data with consumer reporting agencies for five years, must obtain express consent for collection and sharing for 20 years, and must give U.S. customers access, deletion rights, and the ability to disable precise location tracking.

🔐 Australia's 2026 law banning under-16s from social media has reignited debate over whether internet services should require identity verification. Tony Anscombe argues that distinguishing verified and unverified users could reduce abuse, targeted fraud and underage exposure while letting people filter unwanted content. He warns verification methods (biometrics, government ID) carry privacy and data-retention risks and that bans may drive minors to circumvent restrictions, so a balanced regulatory approach is needed.

🔐 In a Deputy CISO post, Terrell Cox explains how Microsoft aligns privacy and security as complementary priorities, treating privacy as a human right across products from Microsoft 365 to Azure. The company enforces rigorous internal compliance—audits, cross‑functional reviews, and executive oversight—and limits data access through controls like Customer Lockbox and zero‑trust access. Microsoft highlights solutions such as Microsoft Entra, Entra ID, and Microsoft Purview to support data residency, classification, protection, and regulatory compliance.

🟢 Apple and Google confirmed a multi-year collaboration that will bring Google's Gemini models and Google Cloud hosting to future versions of Siri and Apple Foundation Models. The move aims to address performance gaps after Apple’s in-house Siri models lagged behind rivals. Apple says Apple Intelligence will run on-device and on its Private Cloud Compute while foundation models are hosted on Google Cloud, and that user privacy remains a priority.

⚖️California privacy regulators have taken enforcement action under the Delete Act, penalizing a marketing firm and a global analytics provider for trading in sensitive consumer profiles without proper registration. The agency fined Rickenbacher Data LLC (operating as Datamasters) $45,000 and ordered it to stop selling and delete California data. Separately, S&P Global was fined $62,600 for failing to register as a data broker. Officials highlighted risks from lists linked to medical conditions, race, age, political views and spending.