If you have ever used 23andMe, they have now filed for bankruptcy and will be asset stripped. Delete your account information as soon as possible.

Data privacy refers to the protection of personal and sensitive information collected, processed, and stored by individuals, organizations, or entities. It encompasses the set of practices, policies, regulations, and technologies designed to ensure that individuals have control over their personal data and that this data is handled in a way that respects their rights, maintains its confidentiality, integrity, and availability, and prevents unauthorized access, use, or disclosure.

Data privacy encompasses a range of concepts and principles that collectively aim to safeguard individuals' rights and interests in their personal information. It involves understanding and implementing measures to control who has access to your data, how it is used, and for what purposes. This extends to both online and offline contexts, as more and more of our activities and interactions occur in the digital realm.

Key aspects of data privacy include: Data Collection: Organizations collect various types of data from individuals, including names, addresses, phone numbers, email addresses, and more. Data privacy emphasizes the need for transparent and informed consent before collecting personal data, ensuring individuals are aware of how their data will be used.

Data Storage and Security: Personal data should be securely stored to prevent unauthorized access, breaches, or leaks. Organizations are expected to implement robust cybersecurity measures to safeguard sensitive information.

Data Processing: When organizations process personal data, such as analyzing it to gain insights or using it for targeted advertising, they must do so within the bounds of applicable laws and regulations. Individuals have the right to know what processing is taking place and to object to certain types of processing.

Data Sharing: Personal data should not be shared with third parties without explicit consent from the individual. This includes sharing data with advertisers, marketers, or other businesses.

User Control: Individuals should have the ability to access their own data, correct inaccuracies, and, in some cases, request the deletion of their data. This principle is enshrined in regulations like the European Union's General Data Protection Regulation (GDPR).

Understanding your digital rights in terms of data privacy empowers you to make informed decisions about sharing your personal information, using online services, and interacting in the digital world while maintaining a reasonable level of control over your own data.

What is Data Privacy? Understanding Your Digital Rights

Data privacy refers to the protection of personal and sensitive information collected, processed, and stored by individuals, organizations, or entities. It encompasses the set of practices, policies, regulations, and technologies designed to ensure that individuals have control over their personal data and that this data is handled in a way that respects their rights, maintains its confidentiality, integrity, and availability, and prevents unauthorized access, use, or disclosure.

Data privacy encompasses a range of concepts and principles that collectively aim to safeguard individuals' rights and interests in their personal information. It involves understanding and implementing measures to control who has access to your data, how it is used, and for what purposes. This extends to both online and offline contexts, as more and more of our activities and interactions occur in the digital realm.

Key aspects of data privacy include: Data Collection: Organizations collect various types of data from individuals, including names, addresses, phone numbers, email addresses, and more. Data privacy emphasizes the need for transparent and informed consent before collecting personal data, ensuring individuals are aware of how their data will be used.

Data Storage and Security: Personal data should be securely stored to prevent unauthorized access, breaches, or leaks. Organizations are expected to implement robust cybersecurity measures to safeguard sensitive information.

Data Processing: When organizations process personal data, such as analyzing it to gain insights or using it for targeted advertising, they must do so within the bounds of applicable laws and regulations. Individuals have the right to know what processing is taking place and to object to certain types of processing.

Data Sharing: Personal data should not be shared with third parties without explicit consent from the individual. This includes sharing data with advertisers, marketers, or other businesses.

User Control: Individuals should have the ability to access their own data, correct inaccuracies, and, in some cases, request the deletion of their data. This principle is enshrined in regulations like the European Union's General Data Protection Regulation (GDPR).

Laws and regulations related to data privacy vary by country, with some of the most prominent ones being the GDPR in Europe, the California Consumer Privacy Act (CCPA) in the United States, and various other regional and national regulations.

Understanding your digital rights in terms of data privacy empowers you to make informed decisions about sharing your personal information, using online services, and interacting in the digital world while maintaining a reasonable level of control over your own data.

#dataprivacy#dataprotection#digitalrights#datasecurity#limitlesstech#dataprivacydefinition#onlineprivacy#internetprivacy#techprivacy#dataprivacyandsecurity#dataandprivacy#dataprivacyexplained#dataprivacypolicy#dataprivacyawarness

What is Data Privacy? Understanding Your Digital Rights

Ad-tech targeting is an existential threat

I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me TORONTO on SUNDAY (Feb 23) at Another Story Books, and in NYC on WEDNESDAY (26 Feb) with JOHN HODGMAN. More tour dates here.

The commercial surveillance industry is almost totally unregulated. Data brokers, ad-tech, and everyone in between – they harvest, store, analyze, sell and rent every intimate, sensitive, potentially compromising fact about your life.

Late last year, I testified at a Consumer Finance Protection Bureau hearing about a proposed new rule to kill off data brokers, who are the lynchpin of the industry:

https://pluralistic.net/2023/08/16/the-second-best-time-is-now/#the-point-of-a-system-is-what-it-does

The other witnesses were fascinating – and chilling, There was a lawyer from the AARP who explained how data-brokers would let you target ads to categories like "seniors with dementia." Then there was someone from the Pentagon, discussing how anyone could do an ad-buy targeting "people enlisted in the armed forces who have gambling problems." Sure, I thought, and you don't even need these explicit categories: if you served an ad to "people 25-40 with Ivy League/Big Ten law or political science degrees within 5 miles of Congress," you could serve an ad with a malicious payload to every Congressional staffer.

Now, that's just the data brokers. The real action is in ad-tech, a sector dominated by two giant companies, Meta and Google. These companies claim that they are better than the unregulated data-broker cowboys at the bottom of the food-chain. They say they're responsible wielders of unregulated monopoly surveillance power. Reader, they are not.

Meta has been repeatedly caught offering ad-targeting like "depressed teenagers" (great for your next incel recruiting drive):

https://www.technologyreview.com/2017/05/01/105987/is-facebook-targeting-ads-at-sad-teens/

And Google? They just keep on getting caught with both hands in the creepy commercial surveillance cookie-jar. Today, Wired's Dell Cameron and Dhruv Mehrotra report on a way to use Google to target people with chronic illnesses, people in financial distress, and national security "decision makers":

https://www.wired.com/story/google-dv360-banned-audience-segments-national-security/

Google doesn't offer these categories itself, they just allow data-brokers to assemble them and offer them for sale via Google. Just as it's possible to generate a target of "Congressional staffers" by using location and education data, it's possible to target people with chronic illnesses based on things like whether they regularly travel to clinics that treat HIV, asthma, chronic pain, etc.

Google claims that this violates their policies, and that they have best-of-breed technical measures to prevent this from happening, but when Wired asked how this data-broker was able to sell these audiences – including people in menopause, or with "chronic pain, fibromyalgia, psoriasis, arthritis, high cholesterol, and hypertension" – Google did not reply.

The data broker in the report also sold access to people based on which medications they took (including Ambien), people who abuse opioids or are recovering from opioid addiction, people with endocrine disorders, and "contractors with access to restricted US defense-related technologies."

It's easy to see how these categories could enable blackmail, spear-phishing, scams, malvertising, and many other crimes that threaten individuals, groups, and the nation as a whole. The US Office of Naval Intelligence has already published details of how "anonymous" people targeted by ads can be identified:

https://www.odni.gov/files/ODNI/documents/assessments/ODNI-Declassified-Report-on-CAI-January2022.pdf

The most amazing part is how the 33,000 targeting segments came to public light: an activist just pretended to be an ad buyer, and the data-broker sent him the whole package, no questions asked. Johnny Ryan is a brilliant Irish privacy activist with the Irish Council for Civil Liberties. He created a fake data analytics website for a company that wasn't registered anywhere, then sent out a sales query to a brokerage (the brokerage isn't identified in the piece, to prevent bad actors from using it to attack targeted categories of people).

Foreign states, including China – a favorite boogeyman of the US national security establishment – can buy Google's data and target users based on Google ad-tech stack. In the past, Chinese spies have used malvertising – serving targeted ads loaded with malware – to attack their adversaries. Chinese firms spend billions every year to target ads to Americans:

https://www.nytimes.com/2024/03/06/business/google-meta-temu-shein.html

Google and Meta have no meaningful checks to prevent anyone from establishing a shell company that buys and targets ads with their services, and the data-brokers that feed into those services are even less well-protected against fraud and other malicious act.

All of this is only possible because Congress has failed to act on privacy since 1988. That's the year that Congress passed the Video Privacy Protection Act, which bans video store clerks from telling the newspapers which VHS cassettes you have at home. That's also the last time Congress passed a federal consumer privacy law:

https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act

The legislative history of the VPPA is telling: it was passed after a newspaper published the leaked video-rental history of a far-right judge named Robert Bork, whom Reagan hoped to elevate to the Supreme Court. Bork failed his Senate confirmation hearings, but not because of his video rentals (he actually had pretty good taste in movies). Rather, it was because he was a Nixonite criminal and virulent loudmouth racist whose record was strewn with the most disgusting nonsense imaginable).

But the leak of Bork's video-rental history gave Congress the cold grue. His video rental history wasn't embarrassing, but it sure seemed like Congress had some stuff in its video-rental records that they didn't want voters finding out about. They beat all land-speed records in making it a crime to tell anyone what kind of movies they (and we) were watching.

And that was it. For 37 years, Congress has completely failed to pass another consumer privacy law. Which is how we got here – to this moment where you can target ads to suicidal teens, gambling addicted soldiers in Minuteman silos, grannies with Alzheimer's, and every Congressional staffer on the Hill.

Some people think the problem with mass surveillance is a kind of machine-driven, automated mind-control ray. They believe the self-aggrandizing claims of tech bros to have finally perfected the elusive mind-control ray, using big data and machine learning.

But you don't need to accept these outlandish claims – which come from Big Tech's sales literature, wherein they boast to potential advertisers that surveillance ads are devastatingly effective – to understand how and why this is harmful. If you're struggling with opioid addiction and I target an ad to you for a fake cure or rehab center, I haven't brainwashed you – I've just tricked you. We don't have to believe in mind-control to believe that targeted lies can cause unlimited harms.

And those harms are indeed grave. Stein's Law predicts that "anything that can't go on forever eventually stops." Congress's failure on privacy has put us all at risk – including Congress. It's only a matter of time until the commercial surveillance industry is responsible for a massive leak, targeted phishing campaign, or a ghastly national security incident involving Congress. Perhaps then we will get action.

In the meantime, the coalition of people whose problems can be blamed on the failure to update privacy law continues to grow. That coalition includes protesters whose identities were served up to cops, teenagers who were tracked to out-of-state abortion clinics, people of color who were discriminated against in hiring and lending, and anyone who's been harassed with deepfake porn:

https://pluralistic.net/2023/12/06/privacy-first/#but-not-just-privacy

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/02/20/privacy-first-second-third/#malvertising

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

Websites that demand you give them extremely private information to "verify your age"

reminder not to do what i almost did just now and tell tumblr what your high school mascot is/was just because someone made a fun poll about it, because that's a SECURITY QUESTION ON A BUNCH OF YOUR PASSWORD-PROTECTED PLATFORMS

Hey everyone,

Today is the last day to possibly opt out of Meta (Facebook/Instagram)'s AI program and there is a way to opt out if you are trying to protect your data privacy.

Please do what you can to save your art and data before it's too late. Edit/Update: It may not be applicable to the US because people living in Europe have the direct ability to opt out-- but US citizens can still submit the form for consideration.

DOGE Is Planning a Hackathon at the IRS. It Wants Easier Access to Taxpayer Data | WIRED

If you've ever used 23andMe to learn more about your family ancestry, you could be eligible for compensation due to a class-action lawsuit against the company.

Law firms in Toronto and Vancouver launched a class-action lawsuit against 23andMe this week in response to a data breach that exposed users’ highly sensitive and valuable personal information earlier this year.

"The action alleges that contrary to their promises, statements and representations, as well as the privacy regulation and industry standards applicable to them, [23andMe] did not introduce, implement or maintain proper or adequate data retention and data protection practices," reads the lawsuit.

Full article

Tagging: @politicsofcanada

The UK no longer has end to end encryption thanks to Keir Starmer’s Labour government reanimating the zombie policy that is the Snoopers Charter, first peddled by Theresa May’s Tory government and rejected by the public.

Apple withdrawing end-to-end encrypted backups from the UK "creates a dangerous precedent which authoritarian countries will surely follow".

UK now likened to authoritarian regimes and why Starmer won’t challenge Trump since he is in lock step with US policies, openly goes after sick, disabled, pensioners and poorest, increasing their hardship rather than tax the mega rich. US policy is UK policy.

So what does this mean for Apple users in the UK?

All your data in the cloud is no longer secure in comparison to having ADP enabled and can be accessed by the government upon request. The GDPR is all but dead in the UK, there are now so many government policies that snoop on us by the back door with even news outlets online now charging us for access without *cookies enabled (data farming you whilst you read with no option to opt out unless you pay)

I checked with the ICO myself and it is a fully approved policy despite its contradiction to the rights of consent, removed in the process.

If you want a workaround here are my suggestions

Cancel your iCloud storage, your data will stay on the cloud until the renewal date, use that time to back it up locally or on a flash drive.

Change your iMessage settings to delete audio messages after 2 minutes and permanently delete messages after 30 days.

Alternatively, use a third party messaging app with a delete on read feature and disable Apple iMessage altogether.

If you are tech savvy you can set up a USB drive or flash drive directly into your router hub (you should have at least one USB slot, some have two) and use FTP to back up over wifi, you can do this on any device, you don’t need a desktop.

Use a VPN service or set one up. If you’re really technical you can use a Raspberry Pi to do this, but you will need to hard code it. Think Mr Robot.

This change does not impact sensitive data like medical details which remain end to end encrypted.

If you want to learn more on the sweeping bills being pushed through government and any action your can take visit Big Brother Watch: https://bigbrotherwatch.org.uk

*If you want to read news articles without paying for the privilege of not handing over your cookie data, simply disable javascript within your browsers settings and refresh the browser page. Remember to turn it back on when your done. Alternatively disable all cookies but know this will impact your online experience and access.

As we enter back into an era where technology is used primarily as a weapon against you by the United States and Russian governments, (welcome back 1980s! 😍) let’s go over some tips to consider if you are a queer, bipoc, or otherwise an “enemy from within” as trump so lovingly and hypocritically put it, to protecting your identity and privacy through the internet so that you can continue to resist this cultural shift safely and resiliently!

• stop posting identifying information on social media like your full name, place of residence, and pictures of yourself or other at risk people, and go back and delete posts in which you might’ve already.

• disable location tracking services and camera and mic access to apps, services, or websites that you know to be compromised by the influence of shady overseers, such as X, Instagram, Facebook, Google, and TikTok. I know it’s convenient to use these but it’s a MAJOR security hazard.

• Turn your phone COMPLETELY off when discussing sensitive subjects with friends or when you are making plans of resistance and gathering your communities, or when you are discussing personal feelings on such subjects with family, friends, or a doctor/therapist. Basically all mobile phones now have live mics that are constantly listening to you.

• Create a new email under a fake name if you haven’t already to use as your primary email address, in order to further protect your true identity.

• use an alternative browser like DuckDuckGo or brave in place of google, preferably with a VPN on top of it to even further secure your browsing history and to bypass potential IP blocks of websites from the government.

• if you want to watch YouTube and don’t want a recording of your watch history, log out of your account and watch that way, preferably you would just delete your account entirely but I understand why some might not want to.

• pirate content from streaming services via piracy websites, again so that your watch history can’t be used to make assumptions about you if that data were ever sold to the government.

These are obviously just some of the ways to bypass data collection and ti protect your real identity online, but there are many others I’m sure I’m not aware of. Please add to this if you can, and stay safe out there, because anything you say can and will be used against you in the future of this country. But: We have survived this kind of shit before, we can again, if we are careful. Loose lips sink ships, and that goes for the internet as well.

Reverse engineers bust sleazy gig work platform

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/11/23/hack-the-class-war/#robo-boss

A COMPUTER CAN NEVER BE HELD ACCOUNTABLE

THEREFORE A COMPUTER MUST NEVER MAKE A MANAGEMENT DECISION

Supposedly, these lines were included in a 1979 internal presentation at IBM; screenshots of them routinely go viral:

https://twitter.com/SwiftOnSecurity/status/1385565737167724545?lang=en

The reason for their newfound popularity is obvious: the rise and rise of algorithmic management tools, in which your boss is an app. That IBM slide is right: turning an app into your boss allows your actual boss to create an "accountability sink" in which there is no obvious way to blame a human or even a company for your maltreatment:

https://profilebooks.com/work/the-unaccountability-machine/

App-based management-by-bossware treats the bug identified by the unknown author of that IBM slide into a feature. When an app is your boss, it can force you to scab:

https://pluralistic.net/2023/07/30/computer-says-scab/#instawork

Or it can steal your wages:

https://pluralistic.net/2023/04/12/algorithmic-wage-discrimination/#fishers-of-men

But tech giveth and tech taketh away. Digital technology is infinitely flexible: the program that spies on you can be defeated by another program that defeats spying. Every time your algorithmic boss hacks you, you can hack your boss back:

https://pluralistic.net/2022/12/02/not-what-it-does/#who-it-does-it-to

Technologists and labor organizers need one another. Even the most precarious and abused workers can team up with hackers to disenshittify their robo-bosses:

https://pluralistic.net/2021/07/08/tuyul-apps/#gojek

For every abuse technology brings to the workplace, there is a liberating use of technology that workers unleash by seizing the means of computation:

https://pluralistic.net/2024/01/13/solidarity-forever/#tech-unions

One tech-savvy group on the cutting edge of dismantling the Torment Nexus is Algorithms Exposed, a tiny, scrappy group of EU hacker/academics who recruit volunteers to reverse engineer and modify the algorithms that rule our lives as workers and as customers:

https://pluralistic.net/2022/12/10/e2e/#the-censors-pen

Algorithms Exposed have an admirable supply of seemingly boundless energy. Every time I check in with them, I learn that they've spun out yet another special-purpose subgroup. Today, I learned about Reversing Works, a hacking team that reverse engineers gig work apps, revealing corporate wrongdoing that leads to multimillion euro fines for especially sleazy companies.

One such company is Foodinho, an Italian subsidiary of the Spanish food delivery company Glovo. Foodinho/Glovo has been in the crosshairs of Italian labor enforcers since before the pandemic, racking up millions in fines – first for failing to file the proper privacy paperwork disclosing the nature of the data processing in the app that Foodinho riders use to book jobs. Then, after the Italian data commission investigated Foodinho, the company attracted new, much larger fines for its out-of-control surveillance conduct.

As all of this was underway, Reversing Works was conducting its own research into Glovo/Foodinho's app, running it on a simulated Android handset inside a PC so they could peer into app's data collection and processing. They discovered a nightmarish world of pervasive, illegal worker surveillance, and published their findings a year ago in November, 2023:

https://www.etui.org/sites/default/files/2023-10/Exercising%20workers%20rights%20in%20algorithmic%20management%20systems_Lessons%20learned%20from%20the%20Glovo-Foodinho%20digital%20labour%20platform%20case_2023.pdf

That report reveals all kinds of extremely illegal behavior. Glovo/Foodinho makes its riders' data accessible across national borders, so Glovo managers outside of Italy can access fine-grained surveillance information and sensitive personal information – a major data protection no-no.

Worse, Glovo's app embeds trackers from a huge number of other tech platforms (for chat, analytics, and more), making it impossible for the company to account for all the ways that its riders' data is collected – again, a requirement under Italian and EU data protection law.

All this data collection continues even when riders have clocked out for the day – its as though your boss followed you home after quitting time and spied on you.

The research also revealed evidence of a secretive worker scoring system that ranked workers based on undisclosed criteria and reserved the best jobs for workers with high scores. This kind of thing is pervasive in algorithmic management, from gig work to Youtube and Tiktok, where performers' videos are routinely suppressed because they crossed some undisclosed line. When an app is your boss, your every paycheck is docked because you violated a policy you're not allowed to know about, because if you knew why your boss was giving you shitty jobs, or refusing to show the video you spent thousands of dollars making to the subscribers who asked to see it, then maybe you could figure out how to keep your boss from detecting your rulebreaking next time.

All this data-collection and processing is bad enough, but what makes it all a thousand times worse is Glovo's data retention policy – they're storing this data on their workers for four years after the worker leaves their employ. That means that mountains of sensitive, potentially ruinous data on gig workers is just lying around, waiting to be stolen by the next hacker that breaks into the company's servers.

Reversing Works's report made quite a splash. A year after its publication, the Italian data protection agency fined Glovo another 5 million euros and ordered them to cut this shit out:

https://reversing.works/posts/2024/11/press-release-reversing.works-investigation-exposes-glovos-data-privacy-violations-marking-a-milestone-for-worker-rights-and-technology-accountability/

As the report points out, Italy is extremely well set up to defend workers' rights from this kind of bossware abuse. Not only do Italian enforcers have all the privacy tools created by the GDPR, the EU's flagship privacy regulation – they also have the benefit of Italy's 1970 Workers' Statute. The Workers Statute is a visionary piece of legislation that protects workers from automated management practices. Combined with later privacy regulation, it gave Italy's data regulators sweeping powers to defend Italian workers, like Glovo's riders.

Italy is also a leader in recognizing gig workers as de facto employees, despite the tissue-thin pretense that adding an app to your employment means that you aren't entitled to any labor protections. In the case of Glovo, the fine-grained surveillance and reputation scoring were deemed proof that Glovo was employer to its riders.

Reversing Works' report is a fascinating read, especially the sections detailing how the researchers recruited a Glovo rider who allowed them to log in to Glovo's platform on their account.

As Reversing Works points out, this bottom-up approach – where apps are subjected to technical analysis – has real potential for labor organizations seeking to protect workers. Their report established multiple grounds on which a union could seek to hold an abusive employer to account.

But this bottom-up approach also holds out the potential for developing direct-action tools that let workers flex their power, by modifying apps, or coordinating their actions to wring concessions out of their bosses.

After all, the whole reason for the gig economy is to slash wage-bills, by transforming workers into contractors, and by eliminating managers in favor of algorithms. This leaves companies extremely vulnerable, because when workers come together to exercise power, their employer can't rely on middle managers to pressure workers, deal with irate customers, or step in to fill the gap themselves:

https://projects.itforchange.net/state-of-big-tech/changing-dynamics-of-labor-and-capital/

Only by seizing the means of computation, workers and organized labor can turn the tables on bossware – both by directly altering the conditions of their employment, and by producing the evidence and tools that regulators can use to force employers to make those alterations permanent.

Image: EFF (modified) https://www.eff.org/files/issues/eu-flag-11_1.png

CC BY 3.0 http://creativecommons.org/licenses/by/3.0/us/

Round UP of Weaponized Xenophobia to Try to Justify Abuse of Power: Published 4/47/25

Illegal Detention of Immigrants and Related Issues Round UP

Deportation to El Salvador and Related Issues

The Arrest of a Judge (Related)

This is terrifying.

At least a judge is intervening here:

They have started illegally deporting American citizens with no due process, as they promised to do.

They were denied access to a lawyer, presumably because a preschooler with cancer is such a danger to society that ICE had to throw out the entire constitution.

Bet they ignored all evidence, them lied when they got caught.

Carole Cadwalladr - Broligarchs, AI, and a Techno-Authoritarian Surveillance State | The Daily Show

IRS Lawyer Ousted as Elon Musk’s DOGE Plans Even More Cuts | The New Republic