Signal App - New Usernames Keeps Cops Out of Your Data

Ephemeral usernames instead of phone numbers safeguard privacy — and makes Signal even harder to subpoena...

Signal is the gold standard for secure messaging apps because not only are messages encrypted, but so is pretty much everything else. Signal doesn’t know your name or profile photo, who any of your contacts are, which Signal groups you’re in, or who you talk to and when...

With the long-awaited announcement that usernames are coming to Signal — over four years in the making — Signal employed the same careful cryptography engineering it’s famous for, ensuring that the service continues to learn as little information about its users as possible. more

Your Doctor’s Office Might Be Bugged

It used to be safe to assume your doctor’s visit was a completely private affair between you and your physician. This is changing with ambient artificial intelligence, a new technology that listens to your conversation and processes information. Think Amazon’s Alexa, but in your doctor’s office. 

An early use case is ambient AI scribing: it listens, then writes a clinical note summarizing your visit. Clinical notes are used to communicate diagnostic and treatment plans within electronic health records, and as a basis to generate your bill...

Okay, your conversation just got recorded. But where does it go? Is it stored somewhere? How is it used beyond writing my note? The AI technology companies need to address these questions and comply with Health Insurance Portability and Accountability Act laws. Additionally, new regulations may be needed as the technology evolves. more

Intel Patent Addresses Privacy Issues with Voice Assistants

Intel wants to give you peace of mind when talking to your digital assistant.
The company filed a patent application for a “privacy preserving digital personal assistant.” Rather than sending your raw voice data to the cloud for processing, Intel’s tech encrypts that data to keep your personal information and identity from being shared in that environment.

“Existing digital personal assistant technologies force users to surrender the content of their voice commands to their digital personal assistance provider, and most actions of the available digital personal assistants are performed in the cloud,” Intel said in the filing. “This presents a large privacy and security concern that will only grow (over time) with increased adoption.” more

Ford has a better idea?

Ford is seeking to patent a system for “anonymizing speech data” that’s collected by a voice recognition system in a vehicle. (wait, what?!?!)

This system removes “speaker-identifying characteristics” from speech data collected from in-car voice commands. It then uses machine learning to generate a “random vector,” or randomized data in place of the previously identifiable characteristics, to apply to the speech data.

...While Ford may be keeping your road rage anonymous, the company may also want to use your voice to sell you stuff. The company filed a patent application for a system for “providing targeted content to users.”  more

The First Digital Security Rule of Traveling

(We know our clients already know this, but reminders help.)

The first digital security rule of traveling is to leave your usual personal devices at home. Go on your trip with “burner” travel devices instead.

Aside from the potential for compromise or seizure by authorities, you also run the gamut of risks ranging from having your devices lost or stolen during your trip. It’s typically way less dangerous to just leave your usual devices behind, and to bring along devices you only use when traveling. This doesn’t need to be cost prohibitive: You can buy cheap laptops and either inexpensive new phones or refurbished versions of pricier models. (And also get privacy screens for your new phones and laptops, to reduce the information that’s visible to any onlookers.)

Your travel devices should not have anything sensitive on them. If you’re ever coerced to provide passwords or at risk of otherwise having the devices be taken away from you, you can readily hand over the credentials without compromising anything important. more

Arizona Bill to Make Drone Spying a Crime Moves Forward

AZ - State lawmakers are moving to ensure people don’t get too nosy with their new drones.

In a party-line vote on Wednesday, members of the House Commerce Committee approved legislation that would make it a criminal offense to intentionally photograph, tape or otherwise observe someone else in a private place where that person has a “reasonable expectation of privacy.”

The only thing is that there hasn’t been a consensus as to when exactly someone crosses that line. more

Non-Disclosure Agreements That End Up in the Toilet

The need for a Non-Disclosure Agreement used to be a hard pill to swallow. Not anymore. NDA is an edible confidentiality agreement that protects all information exchanged within 30 minutes of ingestion.

Contract Summary
NDA is an edible non-disclosure agreement that protects in perpetuity all information exchanged within 30 minutes of ingestion. Every NDA is comprised of a size 00 gelatin capsule imprinted with a QR code leading to this website and filled with powder made from copies of this agreement printed onto rice paper with ingestible ink. NDA can be executed by any number of people at once. Simply provide every party with their own capsule before executing the agreement. Parties can extend the duration of effect by consuming additional NDA. more

"Well, shut my mouth!"

In the name of protecting your conversations...

Shiftall's Mutalk believes it can help.

The device looks like an eerie tech version of a mouth gag, but it's actually meant to help you talk more easily in the virtual and work worlds you may be interacting with. It calls itself a "soundproof Bluetooth microphone that makes it difficult for others to hear your voice and at the same time, makes it difficult for ambient noise to enter the microphone."

French startup Skyted created a similarly sound-absorbing mask to ensure privacy on calls while in crowded and noisy places. It looks more like a bulky version of the reusable masks we've all grown accustomed to during the pandemic, but Skyted says it absorbs 80% of voice vibration and directs it instead through a wireless Bluetooth connection to our phones or computers.

"My original concept was from a transportation perspective, as I focused on how we could keep the human voice from traveling to keep calls private, silent and confidential," Skyted CEO Stéphane Hersen said in a statement when announcing his device. more

EXTRA CREDIT

Covenant Eyes: God isn't the only one watching you...

Churches are using invasive phone-monitoring tech to discourage “sinful” behavior. Some software is seeing more than congregants realize.

GRACEPOINT is (an) evangelical Southern Baptist church... when Grant Hao-Wei Lin came out to a Gracepoint church leader during their weekly one-on-one session, he was surprised to learn that he wasn’t going to be kicked out. According to his church leader, Hao-Wei Lin says, God still loved him in spite of his “struggle with same-sex attraction.”

But Gracepoint did not leave the matter in God’s hands alone. At their next one-on-one the following week, Hao-Wei Lin says the church leader asked him to install an app called Covenant Eyes on his phone...

Covenant Eyes is part of a multimillion-dollar ecosystem of so-called accountability apps that are marketed to both churches and parents as tools to police online activity. For a monthly fee, some of these apps monitor everything their users see and do on their devices, even taking screenshots (at least one per minute, in the case of Covenant Eyes) and eavesdropping on web traffic, WIRED found. The apps then report a feed of all of the users’ online activity directly to a chaperone—an “accountability partner,” in the apps’ parlance. When WIRED presented its findings to Google, however, the company determined that two of the top accountability apps—Covenant Eyes and Accountable2You—violate its policies. more

Researchers Develop Anti-Eavesdropping Algorithm for Smartphone Mics

At Columbia University, a team of researchers has successfully created a program that can block out audio spying through microphones found in smartphones and connected audio devices that require voice use.

This algorithm works by using predictive voice technology: that is, it can recognize human speech and instinctively generate audible background noise like muffling or whispers in order to camouflage the user’s words.

The technology works in real-time as the algorithm is able to create the obstruction while a person is speaking to a voice-controlled device or conversing with a friend.

But why create such an algorithm in the first place?

The problem stems from advertiser eavesdropping. While this is an issue that has not been proved or disproved, there is plenty of anecdotal evidence that backs it up. more

Personal Security: Remove Your House from Apple Maps, Google Maps & Bing Maps

If you’d like to opt out of a property you own or rent appearing in one of these street-level views, you can use a reporting or request method in each service:

• Apple: Apple requires that you email them “to request that a face, license plate, or your own house be censored.” The address is MapsImageCollection@apple.com.
• Google: Visit maps.google.com and go to the address of concern. Expand the side panel on the left, then click the photo in the side panel to have it enlarge in your browser. Look for an info box in the upper left of the photo and click on the icon of the three vertical dots. In the pop-up that appears, click “Report a problem” and select what you would like to have blurred from the “Request blurring” list of options. You can also submit via the Google Maps app.
• Microsoft: Visit Bing Maps, click “Report a privacy concern with this image” at the lower-left corner of the page, and select House (or another option) from “What kind of concern do you have?” You can describe in the text box below that you want to have your house blurred. more

Tips for Closing Hard-to-Delete Online Accounts

 via Consumer Reports

Tips for Deleting Old Accounts

Deleting your old accounts can be a time-consuming and sometimes frustrating process. Some guidelines to speed things along...

• Check to see if anyone has figured out the steps. Google “how to delete [company name] account” and you’ll often find instructions. (A step-by-step guide to deleting two dozen common accounts.)
  
• Go to the Settings page first. Companies sometimes put the delete button in settings, account menus, or pages to edit your profile; it varies by company.
• Try the privacy policy. Privacy policies often include instructions, and you can search for words like “account,” “delete,” “close,” or “deletion.”
• Explore the Help menus. If there’s a Help menu or an FAQ section on a website, you can often find deletion instructions there.
• Try customer service. When available, text chats are usually faster than phone calls in my experience.
• Take advantage of privacy laws. California’s privacy law, the CCPA, requires most businesses to let state residents delete data collected from them. Companies don’t have to fulfill a deletion request if you’re not a resident, but some honor requests from anyone. Look for “California” or “CCPA” in privacy policies for details.
• Don’t forget the accounts you’ve forgotten. You may have registered for accounts years ago that have slipped your mind. A whole article with detailed instructions on how to find them. Some tips to get started: Google your email address and old usernames; check for saved log-ins in your web browser or password manager; search your email inbox for old “welcome” messages. Try variations on phrases like “welcome to,” “new account,” “password,” or “confirm your email.” more
  

FutureWatch - Super Microphones Coming to Eavesdropping Devices and...

... more mundane items like smart speakers and cell phones...  

 A KAIST research team ... has developed a bioinspired flexible piezoelectric acoustic sensor with multi-resonant ultrathin piezoelectric membrane mimicking the basilar membrane of the human cochlea. The flexible acoustic sensor has been miniaturized ... is ready for accurate and far-distant voice detection. more

PimEyes: Cool New PI Tool or Privacy Alert - You Decide

You probably haven't seen PimEyes, a mysterious facial-recognition search engine, but it may have spotted you... Anyone can use this powerful facial-recognition tool — and that's a problem.

If you upload a picture of your face to PimEyes' website, it will immediately show you any pictures of yourself that the company has found around the internet. You might recognize all of them, or be surprised (or, perhaps, even horrified) by some; these images may include anything from wedding or vacation snapshots to pornographic images.

PimEyes is open to anyone with internet access. more

PI Alert: Samsung is Crippling Your Latest Surveillance Trick

Samsung has announced that customers will soon be able to scan for unknown Galaxy SmartTags trackers using Samsung’s SmartThings Find service. The feature, called Unknown Tag Search, will be coming to the SmartThings app starting next week. 

Users will be able to scan the nearby area for any SmartTags that don’t belong to them but that are moving along with them. This feature could be a big win for safety, providing an easy way to make sure that nobody’s tracking you with a tiny SmartTag that they slipped in your backpack, purse, coat pocket, etc. It’s a nice feature if you’re concerned about the privacy or security implications of Tile-like tracking devices. more

Privoro Launches Audio Masking Chamber & RF Shield for Mobile Devices

(Press release) 
Privoro, today revealed its latest product, Vault, a first-of-its-kind defense against remote data capture. The Vault case is a two-in-one portable Faraday enclosure and audio masking chamber for smartphones, providing unsurpassed protection against not only wireless attacks and location tracking but also eavesdropping and spying.

Vault eliminates smartphone signals more effectively than portable, fabric-based Faraday products, delivering a minimum of 100 dB of radio frequency (RF) attenuation – 10 billion times signal reduction. When a smartphone is placed in the Vault case, the smartphone can no longer be reached via cellular, WiFi, Bluetooth, near-field communication (NFC) and radio-frequency identification (RFID).

In addition to RF shielding, Vault's user-controlled audio masking prevents the extraction of intelligible speech up to voice levels of 90 dBA through independent noise signals. Users will have the assurance that conversations in the vicinity of Vault cannot be deliberately captured by bad actors through the enclosed smartphone's cameras and microphones.

Privoro developed Vault to meet the requirements of nation-state customers seeking to tackle the long-standing unique and critical security risks that mobile devices pose. more

 

Google Jumps into Your Nest with its Own New Nest

Google has launched a new ‘Nest Hub’ home assistant that tracks its owners’ sleep.

It comes in a range of colors, and can be ordered today. Like the existing Nest Hub, it can show photos and videos from Google’s owner services like YouTube and Google Photos, integrates with other services such as Netflix, and can be used to control the home.

But its standout feature is its new sleep tracking technology. To use it, the Nest Hub is supposed to be placed on a bedside table, so that it can monitor its owners as they sleep. 

It can not only track the amount of sleep, and how deep it is, but also other things that might disturb that sleep – as well as other people sharing the bed – such as coughing and snoring. more

Interesting points...
• Google says the recorded audio and raw Soli data stays on the device and does not get sent to Google, though extrapolated sleep event data is sent to the company’s servers.
• Sleep Sensing (Google’s name for sleep tracking) is completely opt-in and can be disabled at any time.
• This will be a paid feature.
For some people this will be helpful and worth it. For others, it is AI creepy creep.
Hackers, on your mark! ...

Privacy and the Clubhouse App

Clubhouse might be the hottest app that's not even publicly available yet, but privacy issues are already being discussed online. Some of the people who are particularly upset? Those who say they have profiles without even having used the app before...

Clubhouse reportedly requests access to your phone's contacts, under the pretense that you can connect with other users of the social network. But people are claiming that Clubhouse takes information from your contact list and builds "shadow profiles" of people who have never signed up...

If you allow Clubhouse to use your contact list, the app then reportedly has access to your contacts' names, phone numbers and how many friends they have on Clubhouse. But that's not all. Privacy advocates note Clubhouse records voice chats of the virtual rooms, which also doesn't sit well with some current users of the app.

Clubhouse's Community Guidelines states: "Solely for the purpose of supporting incident investigations, we temporarily record the audio in a room while the room is live." more

More privacy considerations...
• Clubhouse app technology runs on the platform of Agora.io, an audio tech startup in Shanghai, China.
• Voice recordings may be paired with personal account details, and transferred into a government dossier for future voice identification surveillance purposes.
• What is said using the app may not be very private given hackers, lurkers and government interests. Not a good way to communicate confidentially.

“I refuse to join any club that would have me as a member” ― Groucho Marx

 

The Most Secure and Anonymous Communication Tools Available

 via David Koff, Tech Talk - The Technology Newsletter for Everyone...

What I’m about to share with you here is… kind of fringe. Like, “Edward Snowden” fringe.

Hopefully, that got your attention.

For some years now, the hacker, privacy, and journalism communities have all been debating, discussing, and using the tools I’m about to share with you in this installment. These tools are used not only to lock down your security and anonymity on the known internet, but also to access the portions of the internet that are normally hidden — “The Dark Web.” 

Despite their usefulness, I haven’t really seen information about these tools shared with the general public in a straightforward, easy-to-understand way. I think it’s worth changing that; while most of us don’t need the same high-privacy, high-security tools that confidential informants, journalists, and whistleblowers use, we should all know about these tools in case the time comes when we actually need them. more

Pretty Good Phone Privacy - Protects Both User Identity and Location

Abstract

To receive service in today’s cellular architecture phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations as operators sell and leak identity and location data of hundreds of millions of mobile users. 

In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators. 

We describe Pretty Good Phone Privacy (PGPP) and demonstrate how our modified back end stack (NGC) works with real phones to provide ordinary yet privacy-preserving connectivity. We explore inherent privacy and efficiency trade-offs in a simulation of a large metropolitan region. We show how PGPP maintains today’s control overheads while significantly improving user identity and location privacy. more

BONUS... "It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers." a good summary explanation