Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label surveillance. Show all posts
Waymo
Cyber Crime Footage Robotaxi San Francisco Shooting surveillance Waymo

Waymo Robotaxi Films Deadly San Francisco Shooting

 

A Waymo autonomous vehicle may have captured video footage of a fatal shooting incident in San Francisco's Mission neighborhood over the weekend, highlighting the emerging role of self-driving cars as potential witnesses in criminal investigations. The incident resulted in one man's death and left another person critically injured.

The incident and arrest

According to 9-1-1 dispatcher calls cited by the San Francisco Standard, a Waymo robotaxi was parked near the crime scene during the shooting. Police have identified the suspect as 23-year-old Larry Hudgson Jr., who was subsequently arrested without incident in a nearby neighborhood and booked into county jail. It remains unclear whether law enforcement has formally requested footage from the autonomous vehicle.

Privacy concerns

Waymo vehicles are equipped with extensive surveillance technology, featuring at least 29 cameras on their interiors and exteriors that continuously monitor their surroundings. This comprehensive camera coverage has drawn criticism from privacy advocates who describe the vehicles as "little mobile narcs" capable of widespread surveillance. The company maintains it does not routinely share data with law enforcement without proper legal requests.

Company policy on law enforcement access

Waymo co-CEO Tekedra Mawakana explained the company's approach during an interview with the New York Times podcast Hard Fork, emphasizing transparency in their privacy policy. The company follows legal processes when responding to footage requests and narrows the scope as necessary. Waymo representatives have stated they actively challenge data requests lacking valid legal basis or those considered overbroad.

This incident exemplifies how smart devices increasingly contribute to the surveillance economy and criminal investigations. Similar cases include Amazon being ordered to provide Echo device data for a 2017 New Hampshire murder investigation, Tesla cameras assisting in hate crime arrests in 2021, and Uber Eats delivery bot footage used in an abduction case. As autonomous vehicles become more prevalent in American cities, their role as digital witnesses in criminal cases appears inevitable.
Read more »
Technology
attacks Iran Israel surveillance Technology

Iran Attacks Israeli Cybersecurity Infrastructure


The National Cyber Directorate found a series of cyberattacks that targeted Israeli organisations that offer IT services to companies in the country, and might be linked to Iran.

Earlier this month, the failed cyberattack against Shamir Medical Center on Yom Kippur leaked emails that contained sensitive patient information. The directorate found it to be an Iranian attack disrupting the hospital's functions.

Fortunately, the attack was mitigated before it could do any damage to the hospital's medical record system.

The directorate found that threat actors used stolen data to get access to the targeted infrastructure. Most attacks didn't do any damage, some however, caused data leaks. Due to immediate communications and response, the incidents were addressed quickly. “In the case of Shamir Medical Center, beyond the data leak, the very attempt to harm a hospital in Israel is a red line that could have endangered lives,” the directorate said. 

European gang behind the attack

First, a ransomwware gang based out of Eastern Europe claimed responsibility and posted a ransom demand with a 72-hour window. But Israeli officials later discovered that Iranian threat actors launched the attack. 

According to officials, the incident was connected to a wider campaign against Israeli organisations and critical service providers recently. Over 10 forms suffered cyberattacks and exploited bugs in digital service providers inside supply chains. 

According to Jerusalem Post, "Since the start of 2025, Israel has thwarted dozens of Iranian cyberattacks targeting prominent civilians, including security officials, politicians, academics, journalists, and media professionals. The Shin Bet security agency said these operations aim to collect sensitive personal data that could later be used in physical attacks within Israel, potentially carried out by locally recruited operatives."

Read more »
Technology
Artificial Intelligence Data digital tracking FTC Pricing surveillance Technology

Surveillance Pricing: How Technology Decides What You Pay




Imagine walking into your local supermarket to buy a two-litre bottle of milk. You pay $3, but the person ahead of you pays $3.50, and the next shopper pays only $2. While this might sound strange, it reflects a growing practice known as surveillance pricing, where companies use personal data and artificial intelligence (AI) to determine how much each customer should pay. It is a regular practice and we must comprehend the ins and outs since we are directly subjected to it.


What is surveillance pricing?

Surveillance pricing refers to the use of digital tracking and AI to set individualised prices based on consumer behaviour. By analysing a person’s online activity, shopping habits, and even technical details like their device or location, retailers estimate each customer’s “pain point”, the maximum amount they are likely to pay for a product or service.

A recent report from the U.S. Federal Trade Commission (FTC) highlighted that businesses can collect such information through website pixels, cookies, account registrations, or email sign-ups. These tools allow them to observe browsing time, clicks, scrolling speed, and even mouse movements. Together, these insights reveal how interested a shopper is in a product, how urgent their need may be, and how much they can be charged without hesitation.


Growing concerns about fairness

In mid-2024, Delta Air Lines disclosed that a small percentage of its domestic ticket pricing was already determined using AI, with plans to expand this method to more routes. The revelation led U.S. lawmakers to question whether customer data was being used to charge certain passengers higher fares. Although Delta stated that it does not use AI for “predatory or discriminatory” pricing, the issue drew attention to how such technology could reshape consumer costs.

Former FTC Chair Lina Khan has also warned that some businesses can predict each consumer’s willingness to pay by analysing their digital patterns. This ability, she said, could allow companies to push prices to the upper limit of what individuals can afford, often without their knowledge.


How does it work?

AI-driven pricing systems use vast amounts of data, including login details, purchase history, device type, and location to classify shoppers by “price sensitivity.” The software then tests different price levels to see which one yields the highest profit.

The FTC’s surveillance pricing study revealed several real-world examples of this practice:

  1. Encouraging hesitant users: A betting website might detect when a visitor is about to leave and display new offers to convince them to stay.
  2. Targeting new buyers: A car dealership might identify first-time buyers and offer them different financing options or deals.
  3. Detecting urgency: A parent choosing fast delivery for baby products may be deemed less price-sensitive and offered fewer discounts.
  4. Withholding offers from loyal customers: Regular shoppers might be excluded from promotions because the system expects them to buy anyway.
  5. Monitoring engagement: If a user watches a product video for longer, the system might interpret it as a sign they are willing to pay more.


Real-world examples and evidence

Ride-hailing platforms have long faced questions about this kind of data-driven pricing. In 2016, Uber’s former head of economic research noted that users with low battery life were more likely to accept surge pricing. A 2023 Belgian newspaper investigation later reported small differences in Uber fares depending on a phone’s battery level. Uber denied that battery status affects fares, saying its prices depend only on driver supply and ride demand.


Is this new?

The concept itself isn’t new. Dynamic pricing has existed for decades, but digital surveillance has made it far more sophisticated. In the early 2000s, Amazon experimented with varying prices for DVDs based on browsing data, sparking backlash from consumers who discovered the differences. Similarly, the UK’s Norwich Union once used satellite tracking for a “Pay As You Drive” car insurance model, which was discontinued after privacy concerns.


The future of pricing

Today’s combination of big data and AI allows retailers to create precise, individualised pricing models that adjust instantly. Experts warn this could undermine fair competition, reduce transparency, and widen inequality between consumers. Regulators like the FTC are now studying these systems closely to understand their impact on market fairness and consumer privacy.

For shoppers, awareness is key. Comparing prices across devices, clearing cookies, and using privacy tools can help reduce personal data tracking. As AI continues to shape how businesses price their products, understanding surveillance pricing is becoming essential to protect both privacy and pocket.


Read more »
surveillance
Cybersecurity messages military information Phone Call Privacy Satellite surveillance

Satellites Found Broadcasting Sensitive Data Without Encryption

 



A recent academic study has revealed alarming security gaps in global satellite communications, exposing sensitive personal, corporate, and even military information to potential interception. Researchers from the University of California, San Diego, and the University of Maryland discovered that a large portion of geostationary satellites transmit unencrypted data, leaving them open to eavesdropping by anyone with inexpensive receiving equipment.

Over a three-year investigation, the research team assembled an $800 receiver setup using readily available components and placed it on the roof of a university building in La Jolla, California. By adjusting their dish toward various satellites visible from their location, the team intercepted streams of data routinely transmitted from orbit to ground-based receivers. To their surprise, much of this information was sent without any encryption or protective measures.

The intercepted traffic included mobile phone calls and text messages linked to thousands of users, in-flight Wi-Fi data from airlines, internal communications from energy and transportation systems, and certain military and law enforcement transmissions revealing positional details of personnel and assets. These findings demonstrate that many critical operations rely on satellite systems that fail to protect private or classified data from unauthorized access.

According to the researchers, nearly half of all geostationary satellite signals they analyzed carried unencrypted content. However, their setup could only access about 15 percent of the satellites in orbit, suggesting that the scale of exposure could be significantly higher. They presented their findings in a paper titled “Don’t Look Up,” which highlights how the satellite industry has long relied on the assumption that no one would actively monitor satellite traffic from Earth.

After identifying the vulnerabilities, the researchers spent months notifying affected organizations. Several companies, including major telecom providers, responded quickly by introducing encryption and tightening their satellite communications. Others, particularly operators of older or specialized systems, have yet to implement necessary protections.

Experts in cybersecurity have called the study a wake-up call for both industry and government agencies. They stress that satellite networks often act as the communication backbone for remote locations, from offshore platforms to rural cell towers, and unprotected data transmitted through these systems poses a serious privacy and security risk.

The findings underline the pressing need for standardized encryption protocols across satellite networks. As the reliance on space-based communication continues to grow, ensuring the confidentiality and integrity of transmitted data will be vital for national security, business operations, and personal privacy alike.




Read more »
US
Data ICE phones surveillance Technology US

ICE Uses Fake Tower Cells to Spy on Users

Federal contract to spy

Earlier this year, the US Immigration and Customs Enforcement (ICE) paid $825,000 to a manufacturing company that makes vehicles installed with tech for law enforcement, which also included fake cellphone towers called "cell-site" simulators used to surveil phones. 

The contract was made with a Maryland-based company called TechOps Specialty Vehicles (TOSV). TOSV signed another contract with ICE for $818,000 last year during the Biden administration. 

The latest federal contract shows how few technologies are being used to support the Trump administration's crackdown on deportation. 

In September 2025, Forbes discovered an unsealed search warrant that revealed ICE used a cell-site simulator to spy on a person who was allegedly a member of a criminal gang in the US, and was asked to leave the US in 2023.  Forbes also reported on finding a contract for "cell site simulator." 

About ICE

Cell-site simulators were also called "stingrays." Over time, they are now known as International Mobile Subscriber Identity (IMSI) catchers, a unique number used to track every cellphone user in the world.

These tools can mimic a cellphone tower and can fool every device in the nearby range to connect to the device, allowing law enforcement to identify the real-world location of phone owners. Few cell-site simulators can also hack texts, internet traffic, and regular calls. 

Authorities have been using Stingray devices for more than a decade. It is controversial as authorities sometimes don't get a warrant for their use. 

According to experts, these devices trap innocent people; their use is secret as the authorities are under strict non-disclosure agreements not to disclose how these devices work. ICE has been infamous for using cell-site simulators. In 2020, a document revealed that ICE used them 466 times between 2017 and 2019. 

Read more »
surveillance
CSAM Denmark EU Privacy Regulation Software surveillance

Danish Developer’s Website Sparks EU Debate on Online Privacy and Child Protection

 



In August, a 30-year-old developer from Aalborg, identified only as Joachim, built a platform called Fight Chat Control to oppose a proposed European Union regulation aimed at tackling the spread of child sexual abuse material (CSAM) online. The EU bill seeks to give law enforcement agencies new tools to identify and remove illegal content, but critics argue it would compromise encrypted communication and pave the way for mass surveillance.

Joachim’s website allows visitors to automatically generate and send emails to European officials expressing concerns about the proposal. What began as a weekend project has now evolved into a continent-wide campaign, with members of the European Parliament and national representatives receiving hundreds of emails daily. Some offices in Brussels have even reported difficulties managing the flood of messages, which has disrupted regular communication with advocacy groups and policymakers.

The campaign’s influence has extended beyond Brussels. In Denmark, a petition supported by Fight Chat Control gained more than 50,000 signatures, qualifying it for parliamentary discussion. Similar debates have surfaced across Europe, with lawmakers in countries such as Ireland and Poland referencing the controversy in national assemblies. Joachim said his website has drawn over 2.5 million visitors, though he declined to disclose his full name or employer to avoid associating his workplace with the initiative.

While privacy advocates applaud the campaign for sparking public awareness, others believe the mass email tactic undermines productive dialogue. Some lawmakers described the influx of identical messages as “one-sided communication,” limiting space for constructive debate. Child rights organisations, including Eurochild, have also voiced frustration, saying their outreach to officials has been drowned out by the surge of citizen emails.

Meanwhile, the European Union continues to deliberate the CSAM regulation. The European Commission first proposed the law in 2022, arguing that stronger detection measures are vital as online privacy technologies expand and artificial intelligence generates increasingly realistic harmful content. Denmark, which currently holds the rotating presidency of the EU Council, has introduced a revised version of the bill and hopes to secure support at an upcoming ministerial meeting in Luxembourg.

Danish Justice Minister Peter Hummelgaard maintains that the new draft is more balanced than the initial proposal, stating that content scanning would only be used as a last resort. However, several EU member states remain cautious, citing privacy concerns and the potential misuse of surveillance powers.

As European nations prepare to vote, the controversy continues to reflect a broader struggle: finding a balance between protecting children from online exploitation and safeguarding citizens’ right to digital privacy.



Read more »
Trump Administration
Deportation ICE surveillance Technology Trump Administration

Trump's ICE Expands Surveillance Tech for Deportation Crackdown

 

Immigration and Customs Enforcement (ICE) has assembled an extensive digital arsenal to support President Trump's mass deportation campaign, which has resulted in approximately 350,000 deportations in the first eight months of his administration . The agency utilizes sophisticated surveillance and identification technologies to locate and track undocumented immigrants across the United States . 

Facial recognition technology

ICE has significantly expanded its relationship with Clearview AI, signing a $3.75 million contract in September 2025 to support Homeland Security Investigations (HSI) with facial recognition capabilities . 

This follows previous contracts totaling nearly $2 million since 2023 for forensic software and enterprise licenses . Clearview AI maintains a massive database of photos scraped from the internet, enabling identification of individuals through facial recognition searches . 

Spyware and phone surveillance 

The agency reactivated a $2 million contract with Israeli spyware maker Paragon Solutions after the Trump administration lifted a Biden-era stop work order in September 2025 . This contract provides ICE with proprietary surveillance solutions including hardware, software, and training capabilities . 

Additionally, ICE's HSI division signed a $3 million contract with Magnet Forensics for phone hacking technology, specifically Graykey devices that can unlock encrypted smartphones and extract digital evidence . 

Data analytics and surveillance 

Palantir Technologies serves as ICE's primary data analytics partner through multiple contracts totaling over $140 million . The company's Investigative Case Management (ICM) database allows ICE to filter individuals based on immigration status, physical characteristics, criminal affiliations, and location data . 

Palantir is also developing "ImmigrationOS," designed to streamline deportation operations and provide real-time visibility into immigration activities .

Public records access

ICE maintains a $4.7 million annual subscription to LexisNexis databases, providing access to public records and commercial data through the Accurint Virtual Crime Center . Documents revealed that ICE conducted over 1.2 million searches in seven months during 2022, using the system for background checks and predictive surveillance of migrants before crimes are committed . 

This technological infrastructure enables ICE to conduct comprehensive surveillance operations, from facial recognition identification to detailed data analytics, supporting the administration's expanded immigration enforcement efforts .
Read more »
wiretapping
Cyber Security keystroke Privacy surveillance Tracking wiretapping

Study Reveals 40% of Websites Secretly Track User Keystrokes Before Form Submission

 

Researchers from UC Davis, Maastricht University, and other institutions have uncovered widespread silent keystroke interception across websites, revealing that many sites collect user typing data before forms are ever submitted. The study examined how third-party scripts capture and share information in ways that may constitute wiretapping under California law. 

Research methodology 

The research team analyzed 15,000 websites using a custom web crawler and discovered alarming privacy practices. They found that 91 percent of sites used event listeners—JavaScript code that detects user actions like typing, clicking, or scrolling. While most event listeners serve basic functions, a significant portion monitor typing activities in real time. 

Key findings revealed that 38.5 percent of websites had third-party scripts capable of intercepting keystrokes. More concerning, 3.18 percent of sites actually transmitted intercepted keystrokes to remote servers, behavior that researchers note matches the technical definition of wiretapping under California's Invasion of Privacy Act (CIPA). 

Data collection and privacy violations 

The captured data included email addresses, phone numbers, and free text entered into forms. In documented cases, email addresses typed into forms were later used for unsolicited marketing emails, even when users never submitted the forms. Co-author Shaoor Munir emphasized that email addresses serve as stable identifiers, enabling cross-site tracking and data broker enrichment. 

Legal implications 

Legal implications center on CIPA's strict two-party consent requirement, unlike federal wiretapping laws requiring only one-party consent. The study provides evidence that some tracking practices could qualify as wiretapping, potentially enabling private lawsuits since enforcement doesn't rely solely on government action. 

Privacy risks and recommendations

Privacy risks extend beyond legal compliance. Users have minimal control over data once it leaves their browsers, with sensitive information collected and shared without disclosure. Munir highlighted scenarios where users type private information then delete it without submitting, unaware that data was still captured and transmitted to third parties. 

This practice violates user expectations on two levels: that only first-party websites access provided information, and that only submitted information reaches different parties. For organizations, customer trust erosion poses significant risks when users discover silent keystroke capture. 

The researchers recommend regulatory clarity, treating embedded analytics and session-replay vendors as third parties unless users expressly consent. They also advocate updating federal consent requirements to mirror CIPA's two-party protection standards, ensuring nationwide user privacy protection.
Read more »
Windows
Artificial Intelligence DevilsTongue Internet malware Microsoft Spyware surveillance Windows

DevilsTongue Spyware Attacking Windows System, Linked to Saudi Arabia, Hungary


Cybersecurity experts have discovered a new infrastructure suspected to be used by spyware company Candiru to target computers via Windows malware.

DevilsTongue spyware targets Windows systems

The research by Recorded Future’s Insikt Group disclosed eight different operational clusters associated with the spyware, which is termed as DevilsTongue. Five are highly active, including clusters linked to Hungary and Saudi Arabia. 

About Candiru’ spyware

According to the report, the “infrastructure includes both victim-facing components likely used in the deployment and [command and control] of Candiru’s DevilsTongue spyware, and higher-tier infrastructure used by the spyware operators.” While a few clusters directly handle their victim-facing infrastructure, others follow an intermediary infrastructure layers approach or through the Tor network, which allows threat actors to use the dark web.

Additionally, experts discovered another cluster linked to Indonesia that seemed to be active until November 2024. Experts couldn’t assess whether the two extra clusters linked with Azerbaijan are still active.

Mode of operation

Mercenary spyware such as DevilsTongue is infamous worldwide, known for use in serious crimes and counterterrorism operations. However, it also poses various legal, privacy, and safety risks to targets, their companies, and even the reporter, according to Recorded Future.

Windows itself has termed the spyware Devil's Tongue. There is not much reporting on its deployment techniques, but the leaked materials suggest it can be delivered via malicious links, man-in-the-middle attacks, physical access to a Windows device, and weaponized files. DevilsTongue has been installed via both threat actor-controlled URLs that are found in spearphishing emails and via strategic website attacks known as ‘watering hole,’ which exploit bugs in the web browser.

Insikt Group has also found a new agent inside Candiru’s network that is suspected to have been released during the time when Candiru’s assets were acquired by Integrity Partners, a US-based investment fund. Experts believe that a different company might have been involved in the acquisition.

How to stay safe?

In the short term, experts from Recorded Future advise defenders to “implement security best practices, including regular software updates, hunting for known indicators, pre-travel security briefings, and strict separation of personal and corporate devices.” In the long term, organizations are advised to invest in robust risk assessments to create effective policies.

Read more »
Terrorism
Banking CERT-In Cybe Security Cyberattack DDoS defacement Digital Finance India Infrastructure Misinformation Pahalgam SocialMedia surveillance Terrorism

India Strengthens Cybersecurity Measures Amid Rising Threats Post-Pahalgam Attack

 

In response to a surge in cyberattacks targeting Indian digital infrastructure following the Pahalgam terror incident, the Indian government has directed financial institutions and critical infrastructure sectors to enhance their cybersecurity protocols. These instructions were issued by the Computer Emergency Response Team (CERT-In), according to a source familiar with the development, Moneycontrol reported.

The precautionary push isn’t limited to government networks — private sector entities are also actively reinforcing their systems against potential cyber threats. “We have been extra alert right from the Pahalgam attack, in terms of ensuring cyber security speedily not just by government agencies but also by the private sector,” the source stated.

CERT-In, India’s central agency for cyber defense, has released advisories to banking institutions and other essential sectors, urging them to tighten their digital safeguards. In addition, the government has engaged with organizations like NASSCOM to facilitate a collaborative cyber alert framework.

Recent attacks primarily involved DDoS, or distributed denial-of-service incidents, which overwhelm servers with excessive traffic, rendering websites inaccessible and potentially causing financial damage. Attempts to deface websites — typically for political messaging — were also reported.

This intensified focus on digital defense follows India’s military action against terrorist hideouts in Pakistan, occurring nearly two weeks after the Pahalgam incident, which resulted in the deaths of Indian tourists in Kashmir.

Moneycontrol previously highlighted that cyber surveillance across India's vital digital infrastructure is being ramped up following the Pahalgam attack and the subsequent Operation Sindoor. Critical sectors and strategic installations are under strict scrutiny to ensure adherence to robust cybersecurity practices.

Amid these developments, misinformation remains a parallel concern. Daily takedown requests under Section 69A of the IT Act have surpassed 1,000, as the government works with social media platforms to curb the spread of fake news, the source noted.
Read more »
Trust
AI Automation Biometrics consent Cybersecurity Data Ethics Intelligence Privacy Regulation Security surveillance Technology Transparency Trust

Public Wary of AI-Powered Data Use by National Security Agencies, Study Finds

 

A new report released alongside the Centre for Emerging Technology and Security (CETaS) 2025 event sheds light on growing public unease around automated data processing in national security. Titled UK Public Attitudes to National Security Data Processing: Assessing Human and Machine Intrusion, the research reveals limited public awareness and rising concern over how surveillance technologies—especially AI—are shaping intelligence operations.

The study, conducted by CETaS in partnership with Savanta and Hopkins Van Mil, surveyed 3,554 adults and included insights from a 33-member citizens’ panel. While findings suggest that more people support than oppose data use by national security agencies, especially when it comes to sensitive datasets like medical records, significant concerns persist.

During a panel discussion, investigatory powers commissioner Brian Leveson, who chaired the session, addressed the implications of fast-paced technological change. “We are facing new and growing challenges,” he said. “Rapid technological developments, especially in AI [artificial intelligence], are transforming our public authorities.”

Leveson warned that AI is shifting how intelligence gathering and analysis is performed. “AI could soon underpin the investigatory cycle,” he noted. But the benefits also come with risks. “AI could enable investigations to cover far more individuals than was ever previously possible, which raises concerns about privacy, proportionality and collateral intrusion.”

The report shows a divide in public opinion based on how and by whom data is used. While people largely support the police and national agencies accessing personal data for security operations, that support drops when it comes to regional law enforcement. The public is particularly uncomfortable with personal data being shared with political parties or private companies.

Marion Oswald, co-author and senior visiting fellow at CETaS, emphasized the intrusive nature of data collection—automated or not. “Data collection without consent will always be intrusive, even if the subsequent analysis is automated and no one sees the data,” she said.

She pointed out that predictive data tools, in particular, face strong opposition. “Panel members, in particular, had concerns around accuracy and fairness, and wanted to see safeguards,” Oswald said, highlighting the demand for stronger oversight and regulation of technology in this space.

Despite efforts by national security bodies to enhance public engagement, the study found that a majority of respondents (61%) still feel they understand “slightly” or “not at all” what these agencies actually do. Only 7% claimed a strong understanding.

Rosamund Powell, research associate at CETaS and co-author of the report, said: “Previous studies have suggested that the public’s conceptions of national security are really influenced by some James Bond-style fictions.”

She added that transparency significantly affects public trust. “There’s more support for agencies analysing data in the public sphere like posts on social media compared to private data like messages or medical data.”
Read more »
Tracking
Cyber Security Healthcare legislation Location Privacy surveillance Tracking

Why Location Data Privacy Laws Are Urgently Needed

 

Your location data is more than a simple point on a map—it’s a revealing digital fingerprint. It can show where you live, where you work, where you worship, and even where you access healthcare. In today’s hyper-connected environment, these movements are silently collected, packaged, and sold to the highest bidder. For those seeking reproductive or gender-affirming care, attending protests, or visiting immigration clinics, this data can become a dangerous weapon.

Last year, privacy advocates raised urgent concerns, calling on lawmakers to address the risks posed by unchecked location tracking technologies. These tools are now increasingly used to surveil and criminalize individuals for accessing fundamental services like reproductive healthcare.

There is hope. States such as California, Massachusetts, and Illinois are now moving forward with legislation designed to limit the misuse of this data and protect individuals from digital surveillance. These bills aim to preserve the right to privacy and ensure safe access to healthcare and other essential rights.

Imagine a woman in Alabama—where abortion is entirely banned—dropping her children at daycare and driving to Florida for a clinic visit. She uses a GPS app to navigate and a free radio app along the way. Without her knowledge, the apps track her entire route, which is then sold by a data broker. Privacy researchers demonstrated how this could happen using Locate X, a tool developed by Babel Street, which mapped a user’s journey from Alabama to Florida.

Despite its marketing as a law enforcement tool, Locate X was accessed by private investigators who falsely claimed affiliation with authorities. This loophole highlights the deeply flawed nature of current data protections and how they can be exploited by anyone posing as law enforcement.

The data broker ecosystem remains largely unregulated, enabling a range of actors—from law enforcement to ideological groups—to access and weaponize this information. Near Intelligence, a broker, reportedly sold location data from visitors to Planned Parenthood to an anti-abortion organization. Meanwhile, in Idaho, cell phone location data was used to charge a mother and her son with aiding an abortion, proving how this data can be misused not only against patients but also those supporting them.

The Massachusetts bill proposes a protected zone of 1,850 feet around sensitive locations, while California takes a broader stance with a five-mile radius. These efforts are gaining support from privacy advocates, including the Electronic Frontier Foundation.

“A ‘permissible purpose’ (which is key to the minimization rule) should be narrowly defined to include only: (1) delivering a product or service that the data subject asked for, (2) fulfilling an order, (3) complying with federal or state law, or (4) responding to an imminent threat to life.”

Time and again, we’ve seen location data weaponized to monitor immigrants, LGBTQ+ individuals, and those seeking reproductive care. In response, state legislatures are advancing bills focused on curbing this misuse. These proposals are grounded in long-standing privacy principles such as informed consent and data minimization—ensuring that only necessary data is collected and stored securely.

These laws don’t just protect residents. They also give peace of mind to travelers from other states, allowing them to exercise their rights without fear of being tracked, surveilled, or retaliated against.

To help guide new legislation, this post outlines essential recommendations for protecting communities through smart policy design. These include:
  • Strong definitions,
  • Clear rules,
  • Affirmation that all location data is sensitive,
  • Empowerment of consumers through a strong private right of action,
  • Prohibition of “pay-for-privacy” schemes, and
  • Transparency through clear privacy policies.
These protections are not just legal reforms—they’re necessary steps toward reclaiming control over our digital movements and ensuring no one is punished for seeking care, support, or safety.
Read more »
Tracking
Ads Analytics AppleTV Chromecast control Cyber Security Data device FireTV personalization Roku settings smartTV streaming surveillance Tracking

Your Streaming Devices Are Watching You—Here's How to Stop It

Streaming devices like Roku, Fire TV, Apple TV, and Chromecast make binge-watching easy—but they’re also tracking your habits behind the scenes.

Most smart TVs and platforms collect data on what you watch, when, and how you use their apps. While this helps with personalised recommendations and ads, it also means your privacy is at stake.


If that makes you uncomfortable, here’s how to take back control:

1. Amazon Fire TV Stick
Amazon collects "frequency and duration of use of apps on Fire TV" to improve services but says, “We don’t collect information about what customers watch in third-party apps on Fire TV.”
To limit tracking:
  • Go to Settings > Preferences > Privacy Settings
  • Turn off Device Usage Data
  • Turn off Collect App Usage Data
  • Turn off Interest-based Ads

2. Google Chromecast with Google TV
Google collects data across its platforms including search history, YouTube views, voice commands, and third-party app activity. However, “Google Chromecast as a platform does not perform ACR.”
To limit tracking:
  • Go to Settings > Privacy
  • Turn off Usage & Diagnostics
  • Opt out of Ads Personalization
  • Visit myactivity.google.com to manage other data

3. Roku
Roku tracks “search history, audio inputs, channels you access” and shares this with advertisers.
To reduce tracking:
  • Go to Settings > Privacy > Advertising
  • Enable Limit Ad Tracking
  • Adjust Microphone and Channel Permissions under Privacy settings
4. Apple TV
Apple links activity to your Apple ID and tracks viewing history. It also shares some data with partners. However, it asks permission before allowing apps to track.
To improve privacy:

  • Go to Settings > General > Privacy
  • Enable Allow Apps to Ask to Track
  • Turn off Share Apple TV Analytics
  • Turn off Improve Siri and Dictation

While streaming devices offer unmatched convenience, they come at the cost of data privacy. Fortunately, each platform allows users to tweak their settings and regain some control over what’s being shared. A few minutes in the settings menu can go a long way in protecting your personal viewing habits from constant surveillance.
Read more »
WhatsApp
New Media Privacy Social Media Spyware surveillance WhatsApp

WhatsApp Says Spyware Company Paragon Hacked 90 Users

WhatsApp Says Spyware Company Paragon Hacked 90 Users

Attempts to censor opposition voices are not new. Since the advent of new media, few Governments and nations have used spyware to keep tabs on the public, and sometimes target individuals that the government considers a threat. All this is done under the guise of national security, but in a few cases, it is aimed to suppress opposition and is a breach of privacy. 

Zero-click Spyware for WhatsApp

One such interesting incident is the recent WhatsApp “zero-click” hacking incident. In a conversation with Reuters, a WhatsApp official disclosed that Israeli spyware company Paragon Solutions was targeting its users, victims include journalists and civil society members. Earlier this week, the official told Reuters that Whatsapp had sent Paragon a cease-and-desist notice after the surveillance hack. In its official statement, WhatsApp stressed it will “continue to protect people's ability to communicate privately."

Paragon refused to comment

According to Reuters, WhatsApp had noticed an attempt to hack around 90 users. The official didn’t disclose the identity of the targets but hinted that the victims belonged to more than a dozen countries, mostly from Europe. WhatsApp users were sent infected files that didn’t require any user interaction to hack their targets, the technique is called the “zero-click” hack, known for its stealth 

“The official said WhatsApp had since disrupted the hacking effort and was referring targets to Canadian internet watchdog group Citizen Lab,” Reuter reports. He didn’t discuss how it was decided that Paragon was the culprit but added that law enforcement agencies and industry partners had been notified, and didn’t give any further details.

FBI didn’t respond immediately

“The FBI did not immediately return a message seeking comment,” Reuter said. Citizen Lab researcher John Scott-Railton said the finding of Paragon spyware attacking WhatsApp is a “reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Citizen Lab researcher John Scott-Railton said the discovery of Paragon spyware targeting WhatsApp users "is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Ethical implications concerning spying software

Spyware businesses like Paragaon trade advanced surveillance software to government clients, and project their services as “critical to fighting crime and protecting national security,” Reuter mentions. However, history suggests that such surveillance tools have largely been used for spying, and in this case- journalists, activists, opposition politicians, and around 50 U.S officials. This raises questions about the lawless use of technology.

Paragon - which was reportedly acquired by Florida-based investment group AE Industrial Partners last month - has tried to position itself publicly as one of the industry's more responsible players. On its website, Paragon advertises the software as “ethically based tools, teams, and insights to disrupt intractable threats” On its website, and media reports mentioning people acquainted with the company “say Paragon only sells to governments in stable democratic countries,” Reuter mentions.

Read more »
surveillance
China Cyber Security Cyber Security Cyberattacks CyberCrime CyberThreat surveillance

China's Surveillance System: Cracks in a Digital Panopticon

 


China's expansive surveillance network monitors over 1.4 billion citizens, blending advanced technology with minimal legal checks on state control. However, cracks are emerging in this highly complex system.

Overview of Surveillance 
 
China's surveillance infrastructure leverages technologies such as:
  • Facial Recognition: Identifies individuals through advanced cameras.
  • Gait Recognition: Detects people based on movement patterns.
  • Mobile Apps: Platforms like WeChat and Alipay track transactions, communications, and movements.
A hallmark of this system is the Social Credit System, rewarding or penalizing citizens based on monitored behavior. 
 
Emergence of Data Exploitation 

Despite its sophistication, China's surveillance system suffers from internal misuse:
  • Insider Corruption: Government employees sell sensitive data on black markets.
  • Telegram Markets: Personal information, such as banking records and passport scans, is sold openly.
  • Cryptocurrency Payments: Transactions ensure anonymity for buyers and sellers.
SpyCloud reported that privileged access to government data is routinely exploited for profit, undermining the system's integrity. 

Privacy Concerns and Repressive Measures 

Surveillance extends beyond public spaces into private homes under the guise of security. Over 700 million surveillance cameras are operational, equivalent to two lenses per two citizens. COVID-19 expanded surveillance through apps and "digital health codes." In addition, Cameras monitor everything from tourist sites to repressive policing measures.

Citizens have voiced discomfort with the invasive measures, but dissent remains muted under strict state control. 

Challenges in Maintaining Control 

China's monitoring network highlights the paradox of technological sophistication undermined by human corruption. The Chinese Communist Party's (CCP) inability to control insider threats erodes public trust. The cycle of data exploitation leaves millions vulnerable to harm.

As China expands its surveillance capabilities, it faces a dual challenge: securing its data infrastructure while curbing internal corruption. This serves as a cautionary tale that no system, however advanced, is immune to human flaws.
Read more »
User Tracking
Data DEA FBI FTC Location Privacy surveillance User Tracking

FTC Stops Data Brokers from Unlawful User Location Tracking

FTC Stops Data Brokers from Unlawful User Location Tracking


Data Brokers Accused of Illegal User Tracking

The US Federal Trade Commission (FTC) has filed actions against two US-based data brokers for allegedly engaging in illegal tracking of users' location data. The data was reportedly used to trace individuals in sensitive locations such as hospitals, churches, military bases, and other protected areas. It was then sold for purposes including advertising, political campaigns, immigration enforcement, and government use.

Mobilewalla's Allegations

The Georgia-based data broker, Mobilewalla, has been accused of tracking residents of domestic abuse shelters and protestors during the George Floyd demonstrations in 2020. According to the FTC, Mobilewalla allegedly attempted to identify protestors’ racial identities by tracing their smartphones. The company’s actions raise serious privacy and ethical concerns.

Gravy Analytics and Venntel's Accusations

The FTC also suspects Gravy Analytics and its subsidiary Venntel of misusing customer location data without consent. Reports indicate they used this data to “unfairly infer health decisions and religious beliefs,” as highlighted by TechCrunch. These actions have drawn criticism for their potential to exploit sensitive personal information.

Unlawful Data Collection Practices

The FTC revealed that Gravy Analytics collected over 17 billion location signals from more than 1 billion smartphones daily. The data was allegedly sold to federal law enforcement agencies such as the Drug Enforcement Agency (DEA), the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI).

Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, stated, “Surreptitious surveillance by data brokers undermines our civil liberties and puts servicemembers, union workers, religious minorities, and others at risk. This is the FTC’s fourth action this year challenging the sale of sensitive location data, and it’s past time for the industry to get serious about protecting Americans’ privacy.”

FTC's Settlements

As part of two settlements announced by the FTC, Mobilewalla and Gravy Analytics will cease collecting sensitive location data from customers. They are also required to delete the historical data they have amassed about millions of Americans over time.

The settlements mandate that the companies establish a sensitive location data program to identify and restrict tracking and disclosing customer information from specific locations. These protected areas include religious organizations, medical facilities, schools, and other sensitive sites.

Additionally, the FTC’s order requires the companies to maintain a supplier assessment program to ensure consumers have provided consent for the collection and use of data that reveals their precise location or mobile device information.

Read more »
WhatsApp
Cyber Attacks espionage Iran Israel spying surveillance Telegram WhatsApp

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Shin Bet, an Israeli Cybersecurity Service said recently it discovered over 200 Iranian phishing attempts targeting top Israeli diplomats to get personal information. Shin Bet believes the attacks were launched by Iranian actors through Telegram, WhatsApp, and email. 

The threat actors tried to bait targets into downloading infected apps that would give them access to victim devices and leak personal data like location history and residential addresses.

Iran Targeting Israeli Officials

The targeted senior officials include academicians, politicians, media professionals, and others

ShinBet said the stolen information would be used by Iran to launch attacks against Israeli nationals “through Israeli cells they have recruited within the country.” The targets were reached out with an “individually tailored cover story for each victim according to their area of work, so the approach doesn’t seem suspicious.”

In one case, the attacker disguised as a Cabinet Secretary lured the target saying he wanted to coordinate with PM Benjamin Netanyahu. Shin Bet has tracked the targets involved in the campaign and informed them about the phishing attempts. 

“This is another significant threat in the campaign Iran is waging against Israel, aimed at carrying out assassination attacks. We request heightened awareness, as cyberattacks of this type can be avoided before they happen through awareness, caution, suspicion, and proper preventative behavior online,” said a Shin Bet official.

Reasons for attack

Shin Bet “will continue to act to identify Iranian activity and thwart it in advance.” It believes the motive behind the attacks was to manage future attacks on Israeli nationals using information given by Israeli cells recruited by Iran. The campaign is a sign of an escalation between Iran and Israel, the end goal being assassination attempts.

The bigger picture

The recent discovery of phishing campaigns is part of larger targeted campaigns against Israel. In September 2024, 7 Jewish Israelis were arrested for allegedly spying on IDF and Israeli security figures for Iran. 

The Times of Israel reports, “Also in September, a man from the southern city of Ashkelon was arrested on allegations that he was smuggled into Iran twice, received payment to carry out missions on behalf of Tehran, and was recruited to assassinate either Israel’s prime minister, defense minister, or the head of the Shin Bet.”

Read more »
wiretapping
CALEA China Cybersecurity Data Breach Encryption Hackers Privacy surveillance Telecom wiretapping

China-backed Hackers Breach U.S. Telecom Wiretap Systems, Sparking Security Concerns

 

China-backed hackers infiltrated wiretap systems of multiple U.S. telecom and internet providers, reportedly seeking to collect intelligence on American citizens. This revelation has raised alarm in the security community.

Wiretap systems, required by a 30-year-old U.S. federal law, allow a small number of authorized employees access to sensitive customer data, including internet activity and browsing history. These systems, now compromised, highlight long-standing concerns about their vulnerability.

Security experts had long warned about the risks of legal backdoors in telecom systems. Many saw this breach as an inevitable outcome of such vulnerabilities being exploited by malicious actors. Georgetown Law professor Matt Blaze remarked that this scenario was “absolutely inevitable.”

According to the Wall Street Journal, the hacking group, Salt Typhoon, accessed systems used by major U.S. internet providers like AT&T, Lumen, and Verizon. The group reportedly collected large amounts of internet traffic, and a U.S. government investigation is now underway.

The hackers' goals remain unclear, but experts believe the breach could be part of a larger Chinese effort to prepare for potential cyberattacks in the event of conflict, possibly over Taiwan. The intrusion reinforces the dangers of security backdoors.

Riana Pfefferkorn, a Stanford academic, pointed out that this hack exposes the risks of U.S. wiretap systems, arguing that these measures jeopardize citizens’ privacy rather than protecting them. She advocates for increased encryption as a solution to these vulnerabilities.

The compromised wiretap systems are part of the Communications Assistance for Law Enforcement Act (CALEA), a law enacted in 1994 to help the government access telecom data through lawful orders. However, this system has become a target for hackers and malicious actors.

After 9/11, U.S. surveillance laws expanded wiretapping to collect intelligence, sparking an entire industry dedicated to facilitating these operations. Yet, the extent of government access to private data was only exposed in 2013 by whistleblower Edward Snowden.

Post-Snowden, tech giants like Apple and Google began encrypting customer data to prevent unauthorized access, even from government agencies. However, telecom companies have been slower to follow suit, leaving much U.S. phone and internet traffic vulnerable to wiretapping.

Governments worldwide continue to push for legal backdoors into encrypted systems. In the EU, for example, proposed laws aim to scan private messages for illegal content, raising security concerns among experts.

Signal, the encrypted messaging app, warned of the dangers of backdoors, pointing to the Chinese hacking incident as an example of why such measures pose severe cybersecurity risks. Meredith Whittaker, Signal’s president, stressed that backdoors cannot be restricted to just "the good guys."

Blaze called the CALEA law a cautionary tale, emphasizing the dangers of building security systems with inherent vulnerabilities.
Read more »
surveillance
APT Cyber Crime GuardZoo Spyware surveillance

Houthi-Aligned APT Targets Mideast Militaries With ‘GuardZoo’ Spyware


Since 2019, surveillance equipment deployed by a Yemeni Shia Islamist organization's partners has been used to target troops throughout the Middle East, according to a new study.

Surveillanceware Targeting Middle Eastern Militaries

A Houthi-aligned threat actor utilized GuardZoo malware to capture images, documents, and other files from compromised devices, according to Lookout researchers in a report released Tuesday.

According to unsecured command and control server logs, the majority of the approximately 450 victims were found in Yemen, Saudi Arabia, Egypt, and Oman, with a tiny number in the United Arab Emirates, Turkey, and Qatar.

The Houthis took possession of Yemen's capital city in 2014, sparking a civil conflict and hunger. According to human rights organizations, a contentious Saudi-led intervention in Yemen began in June 2019 and resulted in a wave of arbitrary arrests, torture, and enforced disappearances.

The Houthi-aligned threat actor was identified by "application lures, exfil data, targeting, and the C2 infrastructure location," according to the report.

The Origins

According to Lookout, the spying tool is named after a fragment of source code that persists on an infected device. In addition to collecting images and documents, the study stated that it can "coordinate data files related to marked locations, routes, and tracks," as well as identify an infected device's location, model, cellular service carrier, and Wi-Fi setup.

GuardZoo can also download and install "arbitrary applications on the device," implying it can offer more destructive abilities once the gadget is infected," according to the paper.

Technical Details

According to Lookout, the spyware has been detected primarily in military-themed applications, with distribution and infections originating primarily in WhatsApp, WhatsApp Business, and browser downloads. In a few other cases, victims were enticed by content with a religious-themed prayer app or an e-book theme.

Researchers initially found GuardZoo in October 2022. Lookout claims the tool is based on Dendroid RAT, a "commodity spyware" that has been in use for at least a decade.

Capabilities

After infecting a device, GuardZoo communicates to the command and control server and sends four commands to each new victim, including deactivating local logging and uploading metadata for all files.

"These extensions are related to maps, GPS and markings showing waypoints, routes and tracks," according to Lookout's findings.

GuardZoo's lures were originally general, but they've evolved to include military themes with titles like "Constitution Of The Armed Forces" and "Restructuring Of The New Armed Forces." Military apps used as a lure featured emblems from numerous Middle Eastern countries, including Yemen and Saudi Arabia.

Operational Impact

After infecting a device, GuardZoo communicates to the command and control server and sends four commands to each new victim, including deactivating local logging and uploading metadata for all files.

"These extensions are related to maps, GPS and markings showing waypoints, routes and tracks," according to Lookout's findings.

GuardZoo's lures were originally general, but they've evolved to include military themes with titles like "Constitution Of The Armed Forces" and "Restructuring Of The New Armed Forces." Military apps used as a lure featured emblems from numerous Middle Eastern countries, including Yemen and Saudi Arabia.
Read more »
USA
Data Privacy Federal Agencies Privacy surveillance Technology Threats USA

Controversial Reverse Searches Spark Legal Debate


In a growing trend, U.S. police departments and federal agencies are employing controversial surveillance tactics known as reverse searches. These methods involve compelling big tech companies like Google to surrender extensive user data with the aim of identifying criminal suspects. 

How Reverse Searches Operate 

Under Reverse Searches Enforce Agencies order digital giant companies such as Google to give them vast reservoirs of user data. Under this law, these agencies have the power to demand information related to specific events or queries which include: 

  • Location Data: Requesting data on individuals present in a particular place at a specific time based on their phone's location. 
  • Keyword Searches: Seeking information about individuals who have searched for specific keywords or queries. 
  • YouTube Video Views: A recent court order disclosed that authorities could access identifiable information on individuals who watched particular YouTube videos. 

In the past, when law enforcement needed information for an investigation, they would usually target specific people they suspected were involved in a crime. But now, because big tech companies like Google have so much data about people's activities online, authorities are taking a different approach. Instead of just focusing on individuals, they are asking for massive amounts of data from these tech companies. This includes information on both people who might be relevant to the investigation and those who are not. They hope that by casting a wider net, they will find more clues to help solve cases. 

Following the news, critics argue that these court-approved orders are overly broad and potentially unconstitutional. They raise concerns that such orders could force companies to disclose information about innocent people unrelated to the alleged crime. There are fears that this could lead to prosecutions based on individuals' online activities or locations. 

Also, last year an application filed in a Kentucky federal court disclosed that federal agencies wanted Google to “provide records and information associated with Google accounts or IP addresses accessing YouTube videos for a one-week period, between January 1, 2023, and January 8, 2023.” 

However, it did not end here, the constitutionality of these orders remains uncertain, paving the way for a probable legal challenge before the U.S. Supreme Court. Despite the controversy, federal investigators continue to push the boundaries of this contentious practice.
Read more »
Subscribe to: Comments (Atom)