privacy

Intelligence Services and General Warrants

By Dave McKay in privacy

February 2, 2021

GCHQ and MI5 Cannot Rely on General Warrants The High Court ruled on January 8th, 2021 that it was unlawful for the GCHQ and MI5 to use warrants issued under Section 5 of the Intelligence Services Act 1994 (ISA) to interfere with the property—including computers—of multitudes of people based on a single warrant. The High Court quashed a 2016 decision by the Investigatory Powers Tribunal (IPT), and ruled that section 5 of the Intelligence Services Act (ISA) 1994 does not permit the issuing of general or thematic warrants to authorise property interference and certain forms of computer bugging, monitoring and hacking.

Continue reading

Signal Messenger, WhatsApp, and Privacy

By Dave McKay in privacy

January 23, 2021

Signal Secure Messenger Signal is a secure messenger app published by the Signal Foundation and Signal Messenger LLC. These are not-for-profit organizations based in Mountain View, California. They were founded by Matthew Rosenfeld aka ‘Moxie Marlinspike’ and Brian Acton, to build on the work of one of Rosenfeld’s earlier start-ups Open Whisper Systems. Signal is free and open source. One of the glories of open source is that absolutely anyone can review the source code.

Continue reading

Complaint Filed Against Address Broker in Vienna

By Dave McKay in privacy

December 3, 2020

On Tuesday, My Privacy is None of Your Business (NOYB) filed a GDPR complaint against AZ Direct Österreich GmbH. They are an address broker—they sell personal data—based in Vienna. They refused to reveal where they get their data from and with whom it had been shared. They claimed they didn’t know because they didn’t bother recording it. It would have been “too burdensome”. A data subject had sent a data subject data access request and asked from where the address publisher had collected his data and to whom it had been sold.

Continue reading

Warner Music Group Hacked Personal Data Leaked

By Dave McKay in cybersecurity

September 6, 2020

Warner Music Group (WMG) has suffered a data breach that has compromised the personal and financial information of thousands of its customers. Its e-commerce sites have been attacked and breached by a group of alleged Magecart operators. Magecart attacks are based on injecting malicious scripts into JavaScript-based websites in order to “skim” sensitive information such as financial and payment details. WMG has c. 4,000 employees and operates in 70 countries, so the number of affected data subjects could run into the millions.

Continue reading

Age Appropriate Design for Online Services

By Dave McKay in privacy

August 30, 2020

New Code of Practice for Online Services The Age Appropriate Design Code drawn up by the Information Commissioner’s Office (ICO) will come into force in the UK on 2nd September 2020. The much-anticipated has a 12-month transition period. The code is based on 15 flexible standards to ensure a high level of privacy settings by default. They affect website designers and mobile application developers. “We want coders, UX designers and system engineers to engage with these standards in their day-to-day work and we’re setting up a package of support to help,” said the ICO.

Continue reading

Oracle and Salesforce Face £900 million Class Action

By Dave McKay in privacy

August 22, 2020

PECR and GDPR Gotchas Catch Oracle and Salesforce The Privacy and Electronic Communications Regulations govern electronic marketing in the UK. They were not changed when the General Data Protection Regulations came into force, but they were affected by them. That’s because when the PECR talks about consent, it says that the consent required must be that of the current data protection regulations. And, of course, the acceptable means of securing and recording consent changed when the GDPR superseded the 1998 Data Protection Act.

Continue reading

Intel Data Breach and Poor Passwords

By Dave McKay in privacy

August 8, 2020

Intel Data Protected By Worthless Passwords Intel: “We believe an individual with access downloaded and shared this data” McKay Consulting: No shock, Sherlock. Intel has suffered a data breach of sensitive and company-confidential information related to its as yet unlreased Tiger Lake platform. This is design level data including source code, development and debugging tools, schematics, roadmaps and other similar information. A misconfigured Akamai content delivery network (CDN) server seems to have been the entry point for the hackers.

Continue reading

US Bans Tiktok and Wechat

By Dave McKay in privacy

August 7, 2020

US Bans TikTok and WeChat Mobile Apps It has long been known that free mobile apps make their money by selling your data to advertisers. That’s what funds most of the mobile apps in existence and, for that matter, many of the websites around the world. That’s the economics of the digital world. What is more sinister is the collection of data for surveillance, or the censoring of messages that pass through those apps.

Continue reading

386 Million User Records Offered for Free

By Dave McKay in cybersecurity

July 29, 2020

Personal Data from 18 Data Breaches Offered to Hackers - At no cost! A threat actor has offered the databases from 18 breaches to other hackers without cost. The figures are mind-boggling—386 million personal records. Usually the data is sold to other cybercriminals. They buy it to perpetrate identity and fraud based crimes, and to use it in phishing campaigns and other email-based scams. The databases came from breaches at these companies:

Continue reading

Substack Privacy Policy Update Email Blunder

By Dave McKay in privacy

July 29, 2020

A Simple Human Error Exposes Email Addresses Substack, a subscription newsletter service sent an email to its users telling of them of a change of terms, and an updated privacy policy. Which is fine, that’s required practice. But they pasted about 500 emails into the cc field, instead of the bcc field. That meant that everyone on the email saw all of the other recipients’ email addresses. In an email about a privacy policy - whoops.

Continue reading

Categories

Tags