Friday Digest #5: Everyday Privacy Threats, AdTech Surveillance & Internet Shutdowns in The Americas
Hi, it’s Sam. With the holidays fast approaching, many of us are looking forward to taking a well-earned break from work and spending some quality time with family. Maybe for some strange reason you actually enjoy Christmas shopping or, like me, you’re just looking forward to lounging around reading a book or watching Netflix.
Unfortunately whatever you decide to do, it’s likely to put your privacy at risk. This week we’ll be focusing on the ways your personal data is harvested by corporations every day; from your favorite hobbies to the most mundane tasks imaginable.
If there’s something you think I should include in next week’s newsletter, please get in touch at sam@top10vpn.com
This week, Fight for the Future’s Lia Holland and Jade Pfaefflin Bounds wrote an incredible story for Fast Company on how e-books have become tools of corporate surveillance.
Their work aims to help “revive the right to read without fear of having your interests used against you. Because unfortunately, that right is on life support when it comes to digital books.”
In truth, I’d never considered the privacy implications of reading. But like anything else, if it’s connected to the internet then your activity can be monitored, harvested and sold to the murky world of data brokers.
For a comprehensive overview of data brokers’ role in surveillance capitalism, I highly recommend Urbano Reviglio’s article: The untamed and discreet role of data brokers in surveillance capitalism: a transnational and interdisciplinary overview.
Holland and Bound’s article shows it’s not just our reading habits that are up for grabs, users’ internet browsing activity could also be tracked, with little-to-no meaningful laws regulating the practice.
It’s easy to dismiss these mundane privacy infringements that occur on a near-daily basis but it’s vital to not lose sight of their real world implications — particularly for those already marginalized or facing persecution.
In the US, for example, there is now a legitimate threat that searching for or reading books about abortion could lead to criminalization. While elsewhere, material critical of authoritarian governments or on LGBTQ+ identities could lead to significant real-world harm.
So, what’s the solution?
You could try and avoid reading anything online ever again, though that’s not exactly feasible, particularly for those in education. Instead, legislation is needed to bolster our right to privacy and safeguard how our data is monitored and used by companies and governments alike. And the first step to achieve that is raising awareness of exactly how we’re being tracked online — something many of the companies responsible are actively trying to stop.
Unfortunately, it’s not just what we do online that’s being monitored in this way. A report from The Times (paywall) this week showed that two of the biggest supermarkets in the UK earned an estimated £300 million annually by selling data about their customers’ shopping habits.
This data, collected via loyalty card programs, can reveal a significant amount of information about someone: from family size to dietary preferences and lifestyle choices. It’s then sold to TV channels and food and drink brands for targeted advertising.
Retailers and those harvesting our data are quick to claim the practice isn’t a threat to our privacy because of techniques like anonymization and pseudonymization. But numerous studies have shown these can easily be reversed and de-anonymized.
What’s worse, supermarkets in the UK have been encouraging sign-ups for their loyalty cards by offering discounts on products. During a cost of living crisis, this makes the right to opt-out almost non-existent.
Whether it’s our reading or shopping habits, there’s money to be made from monitoring our day-to-day life and with that, the incentive to commodify even the most mundane activities will remain. None of this is new, but with increased transparency, there’s still hope it could change in the future.
What We’ve Been Reading
Fight for the Future, 25+ Human Rights Organizations Call on 2024 Congress to Investigate Big Tech and Publishing’s Stranglehold over Digital Books
Read the full open letter published by 25 human rights organizations urging Congress to investigate the dominance of Big Tech and Big Publishing over digital books and the surveillance of their readers. It highlights concerns about discriminatory practices in publishing, risks to reader privacy, and its broader impact on democracy and freedom of expression.
IFEX: Digging into the reality of shutdowns in the Americas: An insidious threat
The article by Laura Vidal for IFEX examines internet shutdowns in the Americas, highlighting their subtle and insidious nature. It details how these shutdowns, often implemented by authoritarian regimes during sensitive times like protests or elections, vary across countries like Colombia, Cuba, Paraguay, and Venezuela, affecting freedom of expression and access to information.
404 Media: The Navy Bought ‘Global’ Surveillance Data Through Adtech Company Owned by Military Contractor
The U.S. Navy purchased access to global surveillance data through nContext, an adtech company owned by the military contractor Sierra Nevada Corporation, as revealed by a Navy contract obtained by 404 Media. The purchase shows how online advertising data is used by military agencies for surveillance and is a stark warning for the ways our online activity can be used against us by governments.
The Verge: Google Maps gives you more control from the blue dot
In an overdue but positive step, Google Maps has introduced some privacy-focused updates, allowing users more control over their location data. Users can now change their device location and location history settings, store location history locally on their device, and soon will be able to delete data related to specific locations directly in Maps.
CNBC: How to stop Dropbox from sharing your personal files with OpenAI
In a more concerning development, it was reported that Dropbox's AI tools may share user documents and files with OpenAI servers unless users opt out in their account settings. Dropbox CEO Drew Houston stated that the transfer of data only occurs when users actively use AI features, and Dropbox does not use customer data to train or fine-tune OpenAI's language models.
Tools of the Week
Cloudflare: Cloudflare 2023 Year in Review
The 2023 Cloudflare Radar Year in Review is the fourth annual report providing insights into global and regional Internet trends and patterns. Key findings include a 25% growth in global Internet traffic, the dominance of Google and Android in their respective categories, significant use of HTTP/2 and HTTP/3, and security challenges like the prevalence of Log4j attacks and increased mitigation of potentially malicious traffic.
BishopFox: Introducing Swagger Jacker: Auditing OpenAPI Definition Files
Swagger Jacker, a new open-source tool developed for auditing OpenAPI definition files, helps offensive security professionals identify potential vulnerabilities in API routes. The tool automates the process of analyzing response codes for defined API routes, reducing the time required for auditing and preparing for manual testing, and can generate word lists for further penetration testing.
Access Now: NGAO: Building Digital Resilience Comic Strip
This comic strip created by Core23Lab provides accessible and important information on how to prepare for a potential internet shutdown ahead of elections. It includes information on VPN, Tor, and OONI for circumventing and measuring internet restrictions.