Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Wolfie Christl Profile picture
@WolfieChristl
Sep 14, 2020 15 tweets 6 min read Read on X
"The personal details of millions of people around the world have been swept up in a database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks, according to a trove of leaked data" theguardian.com/world/2020/sep…
Data includes "dates of birth, addresses, marital status, along with photographs, political associations, relatives", data scraped from social media and "information which appears to have been sourced from confidential bank records, job applications".
abc.net.au/news/2020-09-1…
Zhenhua Data looks like the Chinese version of US firms such as Babel Street, which sold its social media monitoring and data analytics products "to nearly every major defense, national-security or law-enforcement agency" in the US.

babelstreet.com
"The database is constructed around numerous existing databases or platforms and harvested into one large database with multiple points of overlap. Significant amounts of data comes from the Dow Jones owned database Factiva"

Summary of findings on SSRN:
papers.ssrn.com/sol3/papers.cf…
"Large amounts of the data was open source data ... 10-20% of the data was not publicly or easily available".

It includes "public sector employee records", "from known politicians to political aides to low level military personnel", as well as data on "organized crime figures".
Zhenhua Data "builds a 'relational database', which records and describes associations between individuals, institutions, and information ... weaving in public or sentiment analysis around these targets, Zhenhua offers 'threat intelligence services'."
Basically, like a combination of social media intel, cybersec/threat intelligence and data aggregation from public records and databases such as World Check, plus perhaps from some other data brokers, in combination with some Palantir-style network analysis capabilities.
"When a Globe and Mail reporter visited [the company's office in Shenzhen], three people sat at desks in what appeared to be a converted studio apartment, with the door open to the bathroom".

Thereafter, the "company’s website became inaccessible".
theglobeandmail.com/world/article-…
"The company, led by a former IBM data centre management expert, has also described its work online in job postings, LinkedIn records, blog articles and software patents. One employee described work 'mining the business needs of military customers for overseas data'."
"Stephanie Carvin, a former national security analyst who viewed the database on behalf of The Globe and Mail ... said it wasn’t clear whether this was a database used by Chinese intelligence – or just a database created by a company hoping to sell it to Chinese intelligence"
Zhenhua Data seems to be a tiny company. However, it is "believed to be owned by China Zhenhua Electronics Group which in turn is owned by state-owned China Electronic Information Industry Group (CETC), a military research company", according to ABC: abc.net.au/news/2020-09-1…
Oh, @Jeremy_Kirk writes "this data was sitting on an unsecured elasticsearch cluster for ages. Hundreds of gigabytes. For anyone to download. Including me in January"
Some more interesting facts in his blog post:
databreachtoday.com/blogs/does-thi…

(I totally disagree with his assessment of gathering and combining publicly accessible personal information as generally not a problem)
❌ "This is nothing new"
❌ "Chinese surveillance omg, we'd never do this"
❌ "Nothing to see here, just China bashing, we're doing the same in the US"

✅ Scrutinize the intersection of govt+commercial surveillance both in China/US, put it into the context of key developments...
(and, of course, not only in the US and Five Eyes countries, but also in the EU and in other regions)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Wolfie Christl

Wolfie Christl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WolfieChristl

Wolfie Christl Profile picture
Sep 5
I took another look at Snowden docs that mention browser/cookie IDs.

It's breathtaking how the surveillance marketing industry has still managed to claim for many years that unique personal IDs processed in the web browser are somehow 'anonymous', and sometimes still does.
Another 2011 doc indicates that the GCHQ operated a kind of probabilistic ID graph that aims to link cookie/browser IDs, device IDs, email addresses and other 'target detection identifiers' (TDIs) based on communication, timing and geolocation behavior:
Btw. What inspired me to revisit these docs is @ByronTau's book Means of Control, which not only details how US agencies buy commercial data from digital marketing but also provides deep historical context, tracing back to early-2000s debates on Total Information Awareness (TIA).
Read 19 tweets
Wolfie Christl Profile picture
Jul 16
Die digitale Werbeindustrie verkauft Smartphone-Standortdaten und Bewegungsprofile von Millionen Menschen in Deutschland, darunter Privatpersonen und sensibles Personal.

Große Recherche von und BR, die einen riesigen Datensatz als "Muster" erhalten haben. netzpolitik.org


Image
Image
Image
Sie haben Menschen identifiziert, die Entzugskliniken, Swinger-Clubs oder Bordelle besucht haben, aber auch Personal von Ministerien, Bundeswehr, BND, Polizei.

Die Recherche auf netzpolitik (7 Artikel):


Visuell aufbereitet vom BR:
netzpolitik.org/tag/databroker…
interaktiv.br.de/ausspioniert-m…
Image
Fast alle Smartphone-Apps sind heute mit zwielichtigen Datensammeltechnologien "verwanzt".

Völlig unkontrollierte Datenmarktplätze, u.a. die Firma Datarade mit Sitz in Berlin, bieten Standort- und andere Verhaltensdaten über ganze Bevölkerungen aus vielen Ländern zum Verkauf an.
Image
Image
Read 12 tweets
Wolfie Christl Profile picture
May 30
So, Microsoft exploits activity data from Outlook, Teams, Word etc across customers for its own promotional purposes, including on meetings, file usage and the seconds until emails are read.

Aggregate analysis but based on massive personal data processing
microsoft.com/en-us/worklab/…

Image
Image
Microsoft states that the analysis on the seconds until emails were read excludes EU data. Activity data from Outlook, Teams, Word etc, however, seems to include EU data.

What's their legal basis? This is also personal data on employees. And, are business customers fine with it?
Should cloud-based software vendors exploit personal data on users of their services, including private persons and employees of business customers, how they see fit?

I don't think so.

Not even for public-interest research, at least not without academic process and IRB review.
Read 4 tweets
Wolfie Christl Profile picture
Feb 29
Some more findings from our investigation of LiveRamp's ID graph system (), which maintains identity records about entire populations in many countries, including name, address, email and phone, and aims to link these records with all kinds of digital IDs:crackedlabs.org/en/identity-su…
Identity data might seem boring, but if a company knows all kinds of identifying info about everyone, from home address to email to device IDs, it is in a powerful position to recognize persons and link profile data scattered across many databases, and this is what LiveRamp does.
LiveRamp aims to provide clients with the ability to recognize a person who left some digital trace in one context as the same person who later left some trace elsewhere.

It has built a sophisticated system to do this, no matter how comprehensive it can recognize the person.
Read 12 tweets
Wolfie Christl Profile picture
Nov 14, 2023
As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national security agencies'.

5 billion user profiles, data from 87 adtech firms. Thread: Image
'Patternz' in the report by @johnnyryan and me published today:


Patternz is operated by a company based in Israel and/or Singapore. I came across it some time ago, received internal docs. Two docs are available online.

Some more details in this thread. iccl.ie/wp-content/upl…
Image
Here's how Patternz can be used to track and profile individuals, their location history, home address, interests, information about 'people nearby', 'co-workers' and even 'family members', according to information available online:

isasecurity.org/patternz
web.archive.org/web/2021062210…
Image
Read 30 tweets
Wolfie Christl Profile picture
Nov 6, 2023
, a 'social risk intelligence platform' that provides digital profiles about named individuals regarding financial strain, food insecurity, housing instability etc for healthcare purposes.

Incredibly intrusive, horrifying that this can exist in the US. sociallydetermined.com
Image
"It calculates risk scores for each risk domain for each person", according to the promotional video, and offers "clarity and granularity for the entire US".

Not redlining, though. They color it green. Image
Making decisions based on these metrics about individuals and groups seems to be highly questionable and irresponsible bs.

Safegraph, a shady location data firm, is among the data providers:
safegraph.com/customers/soci…
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(