Tag: Data Privacy

  • Facebook Accused of Spying on Users Even When App Is Closed

    Facebook Accused of Spying on Users Even When App Is Closed

    Key Takeaways

    1. Facebook is facing controversy for how it manages personal information, specifically regarding data transfer from Google Chrome to the Facebook app.
    2. Facebook’s tracking tools collect unique browser identifiers, allowing access to users’ complete browsing history, even in private mode or after deleting cookies.
    3. Over 5.8 million websites use the tracking tool “Pixel Meta,” with a similar method employed by Yandex on over 3 million sites.
    4. The tracking technique violates Android’s usage regulations, and Google has confirmed that measures are being taken to address the issue.
    5. Meta attributed the issue to a “communication error” with Google policies, while Yandex claims it does not collect sensitive information.


    Facebook is currently embroiled in a significant controversy regarding the way it manages personal information. Several specialists from the IMDEA Networks Institute have discovered pieces of code that facilitate the transfer of data from Google Chrome to the Facebook app, aiming to recover and scrutinize potentially sensitive data.

    Simple but Concerning Technique

    Delving deeper into the matter, the method appears rather straightforward. Facebook’s tracking tools, found on numerous websites with the intention of analyzing innocuous elements like ad effectiveness, collect the unique identifier of your web browser. This information is then sent to the Meta app installed on your device. Consequently, even if you’re not logged into Facebook via Chrome, the app can still access your complete browsing history. Alarmingly, this also holds true when you’re using private browsing or have deleted your cookies.

    Widespread Use of Tracking Tools

    The IMDEA Networks Institute estimates that more than 5.8 million websites utilize this tracking tool known as “Pixel Meta.” Additionally, Yandex, a search engine from Russia, reportedly employs a similar method, with tracking algorithms present on over 3 million sites.

    Violations of Android Rules

    Even if you don’t feel personally affected by this recent revelation, it’s crucial to recognize that it breaches Android’s usage regulations, as reported by Ars Technica. The sharing of data is governed by various rules on the Android platform.

    Ars Technica reached out to Google for their take on the situation, and the American tech giant confirmed that the tracking technique used by Meta’s affiliate contravenes their guidelines. Reportedly, measures are already in the works to curb further misuse. Since the unveiling of this troubling finding, no interactions between Google Chrome and the Facebook app have been detected.

    Meta and Yandex Respond

    In closing, Meta has commented on the issue, citing a “communication error regarding the application of certain Google policies.” On the other hand, Yandex claims it does not gather sensitive information and emphasizes that its practices help enhance the personalization of its services.

    Source:
    Link


     

  • South Korea Halts DeepSeek AI Downloads Over Privacy Concerns

    South Korea Halts DeepSeek AI Downloads Over Privacy Concerns

    Key Takeaways

    1. South Korea has halted new downloads of the Chinese AI chatbot DeepSeek due to data privacy concerns, effective February 15, 2025.
    2. The Personal Information Protection Commission (PIPC) found weaknesses in DeepSeek’s communication features and management of personal information with third parties.
    3. Users are advised to refrain from entering personal information into the chatbot until issues are resolved and compliance with South Korean laws is ensured.
    4. Other countries, including the U.S., Italy, and Australia, have also imposed restrictions on DeepSeek due to security threats and excessive data collection.
    5. DeepSeek faces significant challenges in rebuilding trust and complying with regulations as global scrutiny of its data handling practices increases.


    South Korea has put a stop to new downloads of the Chinese AI chatbot DeepSeek, citing worries about data privacy breaches. This decision was made public by the Personal Information Protection Commission (PIPC) and became effective on February 15, 2025, at 6:00 p.m. local time. Although the app is no longer available for download, users can still access the web version while the company works on fulfilling the necessary regulatory conditions.

    South Korea Takes Action Against DeepSeek AI

    The PIPC stated that its investigation into DeepSeek, which began shortly after the chatbot’s introduction, revealed weaknesses in its communication features and how it manages personal information with third-party providers. The commission made it clear that until these problems are fixed in accordance with South Korea’s Personal Information Protection Act, new downloads of the app will not be permitted. Current users have been told to avoid entering any personal information into the chatbot’s prompts until further notice.

    DeepSeek has admitted that it did not adequately consider South Korean data protection laws prior to its launch and has since appointed a local representative to help ensure compliance with regulations. The government intends to use this situation as a model to enhance guidance and oversight, aiming to prevent similar issues from happening again in the future.

    Increased Scrutiny and Security Concerns

    The suspension comes after increased scrutiny from South Korea’s National Intelligence Service (NIS), which had previously alerted that DeepSeek was collecting user data excessively and might be using it to train its AI models. Furthermore, security analysts found that both the Android and iOS versions of the app were sending certain user data to its servers without encryption, raising even more red flags.

    This situation is part of a larger trend, as global concerns about DeepSeek’s data handling practices have surged. Countries like the United States, Italy, Australia, and Taiwan have already placed restrictions on the AI service for government use, citing security threats. NASA has blocked DeepSeek from its systems, and the U.S. Navy has cautioned its personnel against using the app due to potential data risks.

    Challenges Ahead for DeepSeek

    In the midst of these escalating worries, Beijing claims that it allows international internet firms to operate in China while adhering to local laws and asserts it does not force companies to unlawfully collect or store data. However, as regulatory scrutiny grows around the globe, DeepSeek now faces significant challenges in rebuilding trust and adhering to regulations in various regions.

    Source:
    Link

  • PayPal to Share User Data with Third Parties Next Summer

    PayPal to Share User Data with Third Parties Next Summer

    While the seemingly negative news today may appear shocking at first glance, it’s important for readers to remember that PayPal has over seven months to rectify the situation. Currently, the issue revolves around the automatic sharing of data with external parties, as the well-known digital payment platform has introduced a "Personalized shopping" option and opted to activate data sharing by default, rather than leaving it unchecked.

    Understanding the New Setting

    The new setting described above is clearly highlighted with the statement, "Let us share products, offers, and rewards you might like with participating stores." It also notes that PayPal aims to create "more personal experiences" for users "starting early summer 2025." Additionally, users are informed that they can choose to opt in or out "at any time by adjusting this setting," which begs the fundamental question: Why not have this setting turned off by default?

    Managing Data Sharing

    At present, users can easily navigate to Settings > Data & Privacy > Manage shared info > Personalized shopping to disable the data sharing for personalized shopping experiences. However, a significant issue still exists. According to PayPal’s Privacy Policy, any information shared with third parties that is deemed necessary for completing transactions can be used according to those third parties’ privacy policies, regardless of the settings users have chosen in their PayPal accounts.

    The Privacy Concern

    Ultimately, it seems that no matter what unfolds with the personalized experience offered by the digital payment service, users who are concerned about their data privacy must also review the privacy policies of the third parties they decide to transact with through PayPal.

    For those interested in learning more about PayPal’s background, they can currently find "The Founders: The Story of Paypal and the Entrepreneurs Who Shaped Silicon Valley" available in four formats (audiobook, Kindle, hardcover, and paperback), starting at just $0.99 for the audiobook with membership.

    404 Media

  • Keyboard Flaw Exposes Keystrokes on Samsung, Xiaomi, Oppo, Vivo, and Honor Devices

    Keyboard Flaw Exposes Keystrokes on Samsung, Xiaomi, Oppo, Vivo, and Honor Devices

    A recent investigation conducted by cybersecurity experts at Citizen Lab highlights a significant security vulnerability present in various popular keyboard applications designed for smartphones. This flaw exposes the communications of almost a billion users to potential unauthorized access.

    Vulnerable Keyboard Apps

    The study identifies that keyboard apps developed by well-known companies such as Tencent (QQ Pinyin), Baidu (IME), iFlytek (IME), Samsung (Android Keyboard), Xiaomi (utilizing keyboards from Baidu, iFlytek, and Sogou), OPPO, Vivo, and Honor are all susceptible to this security risk.

    The critical issue lies in these keyboards transmitting user keystrokes without encryption, essentially sending user input as plain text. This means that anyone with the ability to intercept this data could potentially intercept and read all the information a user types while in transit.

    Data Compromise Risk

    The information at risk ranges from ordinary text messages to highly sensitive data like passwords and credit card information. Consequently, the potential scale and impact of the compromised data could be substantial.

    The research team noted that Huawei was the sole manufacturer whose keyboard application did not exhibit this vulnerability. They were unable to evaluate the security of Apple and Google's keyboards due to the absence of cloud-based communication functionalities in these applications.

    Manufacturer Responses

    Most manufacturers have reportedly taken steps to address this issue by April 1st, following notification from the investigating firm. However, Honor and Tencent's QQ Pinyin keyboards are still undergoing updates to rectify the problem.

    It is strongly recommended that users promptly update their devices if they have not done so recently. Furthermore, opting for a keyboard app developed by a reputable company, such as Google Keyboard, is advised to enhance security measures.