This is a huge condemnation of the data broker industry — and has the hallmarks of a future @FTC investigation:

Blogger @PillarCatholic purchases ‘anonymous’ location data from unnamed data brokers and uses it to out a catholic priest.

WaPo story: washingtonpost.com/religion/2021/…
The @PillarCatholic doesn't reveal the data broker they obtained data from, but analysis by the Consumer Council of Norway in 2020 shows that @Grindr sells location data to multiple ad networks incl @mopub @AppNexus @OpenX which then share further...

conpolicy.de/en/news-detail…
The Norwegian DPA already fined @grindr $11.7M for illegally disclosing private details about its users to advertising companies for fear that “If someone finds out that they are gay and knows their movements, they may be harmed"

Spot on.

nytimes.com/2021/01/25/bus…
I truly hope (and expect) regulators go after the data brokers who traffic in sensitive personal information about individuals under the provably false fiction that it is 'anonymous'

For further proof see @josephfcox's piece on 'Unmasking People at Scale'
vice.com/en/article/epn…
Thankfully @FTC has backing from @POTUS to finally regulate troublesome "surveillance" business models (hopefully Congress will step up too)

"In the Order, the President: Encourages the FTC to establish rules on surveillance and the accumulation of data"

whitehouse.gov/briefing-room/…
What would be really helpful here is a strongly worded letter from Congress and/or civil society urging @FTC to go after the data broker that sold this data under an unfairness, rather than another vanilla deception case against @Grindr

There's real harm here, not just deception

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ashkan soltani

ashkan soltani Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ashk4n

1 Jul
This should be good…

“From the Toilet Seat of Donald Trump”

politico.com/news/2021/07/0…
Looks like #GETTR is already well setup to be a haven for bots & fake accounts.
Even with such basic functionality, GETTR already has a small privacy issue whereby you can indiscriminately query whether an email address has been used to register (with no rate limiting or token required)

api.gettr.com/m/email/exists…
Read 9 tweets
7 May
Warning all: @Twitter's new "Tip Jar" feature reveals the recipient's email address that's linked to their account, even when you don't send them any actual money

(I got permission from @jason_kint to show his email in this video)

Thread here:
Buried in @Twitter’s “Tip Jar FAQ”:

“Info about you, incl your full name or addr and your tip may be shared with the recipient or others”

It *doesn’t* say the your email addr will be shared with the sender, even when they don’t send a payment/tip…

help.twitter.com/en/using-twitt…
That’s the only disclosure I can find regarding ‘Tip Jar’. Nothing in their privacy statement about broadcasting your email address as a function of enabling this feature.

/me thinks someone @twitter is in trouble
Read 4 tweets
30 Apr
And it begins. @Facebook / @Instagram explore additional scare tactics to combat @Apple iOS14 #ATT privacy changes.

“Help keep Facebook free of charge”
NOTE: The Internet existed ‘free of charge’ well before the ‘ad supported web’ and will continue well after…

#Adtech’s revisionist history that ‘big tech’ brought you the web is total fiction.

oko.uk/blog/the-histo…
Read 4 tweets
21 Apr
Fun writeup by @moxie showing how vulns in the software that law enforcement use to search smartphones can be exploited by "simply by including a specially formatted but otherwise innocuous file"

TL:DR: download a file to modify future reports & falsely incriminate someone else. ImageImage
For background, highly recommend @TeamUpturn's report on 'Mass Extraction' showing that..

Over 2000 law enforcement agencies across the country... in all 50 states and DC have purchased mobile device forensic tools like @Cellebrite_UFED

upturn.org/reports/2020/m…
Joking aside, @moxie ’s finding has the potential to invalidate digital evidence used in civil and criminal cases all across the country.

I could see defense attorneys argue evidence obtained from @Cellebrite_UFED devices can’t be relied upon as it can be easily tampered with ImageImage
Read 5 tweets
5 Apr
Facebook confirms that a sample of the 533M data is related to a ‘contact importers vulnerability’ which was fixed in Aug 2019

While there was some reporting of a ‘contact importer vuln’ in 2019, @Facebook never actually disclosed any details or notified affected users (1/6)
In 2019 @UKZak wrote about a vulnerability in @Instagram’s contact importer which @Facebook considered “low risk” and confirmed “the [Facebook Security] team were already aware of” (2/6)

forbes.com/sites/zakdoffm…
The Canada @OPC also previously filed a complaint against @Facebook for a breach involving the “disclosure of contact information uploaded by Facebook users through the 'Contact Importer' process” — so @Facebook is has experience with this issue. (3/6)

priv.gc.ca/en/opc-actions…
Read 19 tweets
2 Apr
Yesterday, @ACLU updated their privacy statement to finally disclose that they share constituent information with ‘service providers’ like @Facebook for targeted advertising, flying in the face of the org’s public advocacy and statements. (1/11)

aclu.org/about/privacy/…
In fact, I was retained by @ACLU last summer to perform a privacy audit after concerns were raised internally regarding their data sharing practices. I only agreed to do this work on the promisee by ACLU’s Executive Director that the findings would be made public. (2/11)
Unfortunately, after reviewing my findings, the ACLU decided against publishing my report and instead sat on it for ~6 months before quietly updating their terms of service and privacy policy without explanation for the context or motivations for doing so. (3/11)
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(