Tag: Data Privacy

  • Union: MindsEye Studio Build A Rocket Boy Used Keyloggers, Violating Data Laws

    Union: MindsEye Studio Build A Rocket Boy Used Keyloggers, Violating Data Laws

    Key Takeaway

    1. Build A Rocket Boy employees have unionized and are taking legal action over alleged unauthorized installation of surveillance software, including keyloggers, on their work and home systems.
    2. The company allegedly used the software, Teramind, to monitor employee activity without consent, and refused to disclose data collection details after its removal.
    3. The union claims the surveillance violates data protection laws and employee dignity, amidst ongoing disputes over layoffs and workplace culture.

    Build A Rocket Boy faces serious allegations over privacy violations

    The developers and employees at the studio seem to be having a rough time lately, with accusations flying about illegal spying practices. The employees claim that the management secretly put surveillance programs on their work computers without telling them. These programs, especially a tool called Teramind, allegedly tracked their actions and even recorded them at home, which is causing a big outrage among the staff.

    Details about the surveillance practices and employee reactions

    People working there mention that the management installed Teramind secretly without getting approval beforehand. This software was used to monitor keystrokes, capture what employees see on their screens, and even record sounds through microphones during their work hours. After a wave of complaints, the company was said to have removed the software in March, but the employees are still angry because they don’t know where the data collected is stored or why it was even installed in the first place.

    Union steps in amid growing concerns

    The union representing the workers, the IWGB Game Workers Union, is now taking action. They claim that the company’s secretiveness and illegal monitoring break the laws meant to protect workers’ privacy and dignity. The union criticizes that the surveillance went beyond normal security measures, intruding into employees’ personal space at home without their permission, which is a huge violation.

    Legal actions and broader workplace issues

    Besides the privacy issues, the union filed a separate claim in April, accusing BARB of unfairly handling layoffs last summer. According to them, 300 workers were terminated improperly, and the company is also accused of blacklisting some employees unlawfully and not talking properly during the consultation process. If these claims hold up in court, they could cost Build A Rocket Boy a lot of money, potentially in the millions.

    Workplace culture and employee testimonies

    One of the visual artists working at BARB shared some insights about the working environment, describing it as extremely toxic, filled with secrecy and micromanagement. He said that such a culture is among the worst he has seen in his two decades working in the game industry, highlighting the serious problems employees face.

    Sources
    Tags: , , ,
  • EU Rejects Extension for Voluntary Scans from Google, Meta, Microsoft, and Snapchat

    EU Rejects Extension for Voluntary Scans from Google, Meta, Microsoft, and Snapchat

    Key Takeaway

    1. The temporary exemption allowing detection of child sexual abuse material expired on 3 April 2026, after the European Parliament rejected its extension.
    2. Tech companies favor using hash-matching technology for content detection, arguing it is essential for law enforcement, while the Parliament prioritizes privacy and proportionality.
    3. The decision emphasizes the protection of private communication from automated scans, reinforcing data privacy as a fundamental right over automated content control.

    The temporary exemption to the e-Privacy Directive that had been in place, allowed companies to scan for child sexual abuse material (CSAM), expired on 3 April 2026. This regulation was originally meant to help fight illegal content online, but its end comes after a significant voting decision. The European Parliament chose not to extend this transitional period; with 311 votes against it and 228 in favor, they decided to stop the practice of automatic detection measures.

    Tech Giants Warning About Child Protection Risks

    Major players like Google, Meta, Microsoft, and Snapchat have warned that the ending of this exemption could be a serious problem for child safety efforts. They prefer to use hash-matching tech for detection. During this process, content isn’t directly read but turned into a digital code called ‘hash’, which is a kind of fingerprint. These unique hashes are stored in a secure database to identify known abusive content quickly, making sure illegal material can be found and removed fast. The industry insist that this method is crucial for law enforcement to fight the spread of illegal content effectively.

    Privacy and Rights Take Front Seat

    Meanwhile, the European Parliament emphasizes safeguarding personal privacy and fairness. They rejected extending the exemption because they want to prevent overreaching surveillance and automattic scans of private conversations. Many Members of European Parliament believe that such widespread or permanent monitoring could unfairly infringe on individual rights and threaten personal freedoms. Automated searches without proper oversight compromise privacy and might disadvantage private communication rights.

    Negotiations and Future Legal Framework

    Attempts to find a common ground between the Parliament and the Council failed. The European Commission had hoped to prolong the transitional period to give more time for talks. But the Parliament pushed for stricter and more specific limits, proposing to keep measures under review until August 2027, to guarantee they stay targeted and do not overreach. Since no consensus was reached and the transitional measures expired, the legal basis for automated scans is no longer valid. However, the companies involved say they will continue to use voluntary measures on their own initiative, despite the new legal situation.

    Impact on Data Protection and Rights

    This shift in law favors data protection and privacy rights, highlighting that protecting private communications from unwarranted surveillance is a fundamental right. The decision reflects a strong stance that privacy should be prioritized over automated content control demands. Though significant for child safety, the current rules make it clear that individual privacy is a key concern that cannot be compromised lightly. The debate remains ongoing about how best to protect children without sacrificing privacy rights.

    Sources
    Tags: , , ,
  • Discord Delays Global Age Verification to Late 2026 for More Options

    Discord Delays Global Age Verification to Late 2026 for More Options

    Key Takeaways

    1. Discord’s age verification announcement faced backlash due to privacy concerns, especially after a previous data breach affecting 70,000 users.
    2. The global implementation of the age verification system has been delayed until the latter half of 2026 in response to community pushback.
    3. CTO Stanislav Vishnevskiy admitted that Discord mishandled the communication regarding the new system and clarified that not all users would need to provide ID or facial scans.
    4. Over 90% of users would not need to verify their age, as Discord can already estimate age groups based on account activity without accessing private messages.
    5. For users requiring manual verification, alternatives like credit card verification will be offered, and Discord plans to increase transparency about the verification process and its vendors.

    Discord’s recent age verification announcement has not been received well by everyone. A lot of users felt uneasy about the thought of having to upload government IDs or use facial recognition technology, especially after a data breach in October last year that exposed the IDs of about 70,000 Discord users. In light of the significant pushback from the community, it appears Discord has chosen to delay the global implementation of this system until the latter half of 2026.

    CTO Acknowledges Mistakes

    In a new update, CTO Stanislav Vishnevskiy recognized that the company erred in how it rolled out the change. He mentioned that Discord did not effectively communicate what the new system would actually entail. Many users thought that everyone would have to provide face scans or ID documents just to keep using the platform. He clarified that this was not the intention but admitted that the company failed to convey this message clearly.

    Age Verification Process Explained

    Vishnevskiy pointed out that more than 90% of users would not have to verify their age at all. Discord already possesses internal mechanisms that can identify age groups based on account-level signals, like the duration of an account’s existence or if a payment method is connected. Importantly, these systems do not access messages or scrutinize private chats.

    For the small number of users who might need manual verification, Discord stated it will present several alternatives, including credit card verification. This method would enable users to confirm they are adults without needing to provide biometric data or government IDs. Additionally, Discord committed to enhancing transparency by planning to release information about its verification vendors, explain the functioning of its automated systems, and include age verification statistics in its transparency reports.

    Source:
    Link

     

    Tags: , ,
  • Facebook Accused of Spying on Users Even When App Is Closed

    Facebook Accused of Spying on Users Even When App Is Closed

    Key Takeaways

    1. Facebook is facing controversy for how it manages personal information, specifically regarding data transfer from Google Chrome to the Facebook app.
    2. Facebook’s tracking tools collect unique browser identifiers, allowing access to users’ complete browsing history, even in private mode or after deleting cookies.
    3. Over 5.8 million websites use the tracking tool “Pixel Meta,” with a similar method employed by Yandex on over 3 million sites.
    4. The tracking technique violates Android’s usage regulations, and Google has confirmed that measures are being taken to address the issue.
    5. Meta attributed the issue to a “communication error” with Google policies, while Yandex claims it does not collect sensitive information.

    Facebook is currently embroiled in a significant controversy regarding the way it manages personal information. Several specialists from the IMDEA Networks Institute have discovered pieces of code that facilitate the transfer of data from Google Chrome to the Facebook app, aiming to recover and scrutinize potentially sensitive data.

    Simple but Concerning Technique

    Delving deeper into the matter, the method appears rather straightforward. Facebook’s tracking tools, found on numerous websites with the intention of analyzing innocuous elements like ad effectiveness, collect the unique identifier of your web browser. This information is then sent to the Meta app installed on your device. Consequently, even if you’re not logged into Facebook via Chrome, the app can still access your complete browsing history. Alarmingly, this also holds true when you’re using private browsing or have deleted your cookies.

    Widespread Use of Tracking Tools

    The IMDEA Networks Institute estimates that more than 5.8 million websites utilize this tracking tool known as “Pixel Meta.” Additionally, Yandex, a search engine from Russia, reportedly employs a similar method, with tracking algorithms present on over 3 million sites.

    Violations of Android Rules

    Even if you don’t feel personally affected by this recent revelation, it’s crucial to recognize that it breaches Android’s usage regulations, as reported by Ars Technica. The sharing of data is governed by various rules on the Android platform.

    Ars Technica reached out to Google for their take on the situation, and the American tech giant confirmed that the tracking technique used by Meta’s affiliate contravenes their guidelines. Reportedly, measures are already in the works to curb further misuse. Since the unveiling of this troubling finding, no interactions between Google Chrome and the Facebook app have been detected.

    Meta and Yandex Respond

    In closing, Meta has commented on the issue, citing a “communication error regarding the application of certain Google policies.” On the other hand, Yandex claims it does not gather sensitive information and emphasizes that its practices help enhance the personalization of its services.

    Source:
    Link

    Facebook Accused of Spying on Users Even When App Is Closed

     

    Tags: , ,
  • South Korea Halts DeepSeek AI Downloads Over Privacy Concerns

    South Korea Halts DeepSeek AI Downloads Over Privacy Concerns

    Key Takeaways

    1. South Korea has halted new downloads of the Chinese AI chatbot DeepSeek due to data privacy concerns, effective February 15, 2025.
    2. The Personal Information Protection Commission (PIPC) found weaknesses in DeepSeek’s communication features and management of personal information with third parties.
    3. Users are advised to refrain from entering personal information into the chatbot until issues are resolved and compliance with South Korean laws is ensured.
    4. Other countries, including the U.S., Italy, and Australia, have also imposed restrictions on DeepSeek due to security threats and excessive data collection.
    5. DeepSeek faces significant challenges in rebuilding trust and complying with regulations as global scrutiny of its data handling practices increases.

    South Korea has put a stop to new downloads of the Chinese AI chatbot DeepSeek, citing worries about data privacy breaches. This decision was made public by the Personal Information Protection Commission (PIPC) and became effective on February 15, 2025, at 6:00 p.m. local time. Although the app is no longer available for download, users can still access the web version while the company works on fulfilling the necessary regulatory conditions.

    South Korea Takes Action Against DeepSeek AI

    The PIPC stated that its investigation into DeepSeek, which began shortly after the chatbot’s introduction, revealed weaknesses in its communication features and how it manages personal information with third-party providers. The commission made it clear that until these problems are fixed in accordance with South Korea’s Personal Information Protection Act, new downloads of the app will not be permitted. Current users have been told to avoid entering any personal information into the chatbot’s prompts until further notice.

    DeepSeek has admitted that it did not adequately consider South Korean data protection laws prior to its launch and has since appointed a local representative to help ensure compliance with regulations. The government intends to use this situation as a model to enhance guidance and oversight, aiming to prevent similar issues from happening again in the future.

    Increased Scrutiny and Security Concerns

    The suspension comes after increased scrutiny from South Korea’s National Intelligence Service (NIS), which had previously alerted that DeepSeek was collecting user data excessively and might be using it to train its AI models. Furthermore, security analysts found that both the Android and iOS versions of the app were sending certain user data to its servers without encryption, raising even more red flags.

    This situation is part of a larger trend, as global concerns about DeepSeek’s data handling practices have surged. Countries like the United States, Italy, Australia, and Taiwan have already placed restrictions on the AI service for government use, citing security threats. NASA has blocked DeepSeek from its systems, and the U.S. Navy has cautioned its personnel against using the app due to potential data risks.

    Challenges Ahead for DeepSeek

    In the midst of these escalating worries, Beijing claims that it allows international internet firms to operate in China while adhering to local laws and asserts it does not force companies to unlawfully collect or store data. However, as regulatory scrutiny grows around the globe, DeepSeek now faces significant challenges in rebuilding trust and adhering to regulations in various regions.

    Source:
    Link

    Tags: , ,
  • PayPal to Share User Data with Third Parties Next Summer

    PayPal to Share User Data with Third Parties Next Summer

    While the seemingly negative news today may appear shocking at first glance, it’s important for readers to remember that PayPal has over seven months to rectify the situation. Currently, the issue revolves around the automatic sharing of data with external parties, as the well-known digital payment platform has introduced a "Personalized shopping" option and opted to activate data sharing by default, rather than leaving it unchecked.

    Understanding the New Setting

    The new setting described above is clearly highlighted with the statement, "Let us share products, offers, and rewards you might like with participating stores." It also notes that PayPal aims to create "more personal experiences" for users "starting early summer 2025." Additionally, users are informed that they can choose to opt in or out "at any time by adjusting this setting," which begs the fundamental question: Why not have this setting turned off by default?

    Managing Data Sharing

    At present, users can easily navigate to Settings > Data & Privacy > Manage shared info > Personalized shopping to disable the data sharing for personalized shopping experiences. However, a significant issue still exists. According to PayPal’s Privacy Policy, any information shared with third parties that is deemed necessary for completing transactions can be used according to those third parties’ privacy policies, regardless of the settings users have chosen in their PayPal accounts.

    The Privacy Concern

    Ultimately, it seems that no matter what unfolds with the personalized experience offered by the digital payment service, users who are concerned about their data privacy must also review the privacy policies of the third parties they decide to transact with through PayPal.

    For those interested in learning more about PayPal’s background, they can currently find "The Founders: The Story of Paypal and the Entrepreneurs Who Shaped Silicon Valley" available in four formats (audiobook, Kindle, hardcover, and paperback), starting at just $0.99 for the audiobook with membership.

    404 Media

    Tags: ,
  • Keyboard Flaw Exposes Keystrokes on Samsung, Xiaomi, Oppo, Vivo, and Honor Devices

    Keyboard Flaw Exposes Keystrokes on Samsung, Xiaomi, Oppo, Vivo, and Honor Devices

    A recent investigation conducted by cybersecurity experts at Citizen Lab highlights a significant security vulnerability present in various popular keyboard applications designed for smartphones. This flaw exposes the communications of almost a billion users to potential unauthorized access.

    Vulnerable Keyboard Apps

    The study identifies that keyboard apps developed by well-known companies such as Tencent (QQ Pinyin), Baidu (IME), iFlytek (IME), Samsung (Android Keyboard), Xiaomi (utilizing keyboards from Baidu, iFlytek, and Sogou), OPPO, Vivo, and Honor are all susceptible to this security risk.

    The critical issue lies in these keyboards transmitting user keystrokes without encryption, essentially sending user input as plain text. This means that anyone with the ability to intercept this data could potentially intercept and read all the information a user types while in transit.

    Data Compromise Risk

    The information at risk ranges from ordinary text messages to highly sensitive data like passwords and credit card information. Consequently, the potential scale and impact of the compromised data could be substantial.

    The research team noted that Huawei was the sole manufacturer whose keyboard application did not exhibit this vulnerability. They were unable to evaluate the security of Apple and Google's keyboards due to the absence of cloud-based communication functionalities in these applications.

    Manufacturer Responses

    Most manufacturers have reportedly taken steps to address this issue by April 1st, following notification from the investigating firm. However, Honor and Tencent's QQ Pinyin keyboards are still undergoing updates to rectify the problem.

    It is strongly recommended that users promptly update their devices if they have not done so recently. Furthermore, opting for a keyboard app developed by a reputable company, such as Google Keyboard, is advised to enhance security measures.

    Tags: