Here are this week’s surveil-links: reading and summarizing the latest news in digital privacy so you don’t have to.
You can easily, and slightly more privately, navigate to each link by browsing to “surveil.link/” followed by the link’s corresponding number. For example, surveil-link #12 can be found at surveil.link/12.
ExpressVPN Digital Security Lab released research that shows X-Mode, software that enables mobile applications to easily track users’ location, is still present in hundreds of apps despite being banned by both Apple and Google last December. X-Mode provides code an application may legitimately need to provide location-based features with the condition that the data will likely be sold to third parties.
Perhaps the most well known instance of X-Mode was Muslim Pro, a prayer app that sends notifications to users reminding them to pray and what direction to face towards Mecca based on their location. Last November, Motherboard reported the presence of X-Mode in Muslim Pro and dozens of other applications, including many others meant for the Muslim community. The danger lies in that the U.S. military consistently purchases data from X-Mode, as Motherboard was able to prove through “public records request, interviews with developers, and technical analysis.”
Google and Apple announced the ban of all applications using X-Mode code last December, but, as the research shows, many are still slipping through the cracks. As such, be careful what apps you’re sharing your location with.
In 2021, most internet citizens are familiar with “cookies” or user-unique data that sites put in your browser so they remember who you are when you close your browser and come back later. Often sites will employ third-party cookies to give other sites — such as Facebook and Google — the ability to know where you’ve browsed to. Third-party cookies have long been viewed as a privacy nightmare and perhaps the most common surveillance tool employed on the web today. But have you heard of supercookies?
Third-party cookies, though hellish, are easy to identify, remove, and subsequently block. Supercookies on the other hand, take advantage of web page features, such as the image cache, making them much harder to block. While impossible to block every single supercookie, Firefox has taken measures to do so, following in the steps of Safari and Chrome.
Note: Surveillance Today originally reported that Firefox was the first browser to block supercookies. That is not true and we regret the error.
Surveil-link #8: If you ever used Flickr, your pictures were probably used to train facial recognition algorithms
Last Sunday, the New York Times highlighted a website known as Exposing.AI which allows users to search through pictures that are known to have been used to train various facial recognition tools. The database is composed of photos uploaded to Flickr over the years and is only searchable using a Flickr username or specific URL. The Times highlighted one person who was surprised to see his 15-year-old honeymoon photos on the site.
According to the New York Times, popular women’s health app Flo previously promised to not share its users “cycles, pregnancy, symptoms notes and other information that is entered by [the user].” But a lawsuit filed by the Federal Trade Commission earlier this month alleges that is not the case and claims from 2016 to 2019 exactly that type of data was shared to analytics companies including Facebook and Google.
Though not admitting to wrongdoing, Flo has already settled the charges and agreed to obtain users’ consent before sharing any data as well as conduct an independent audit of their privacy processes.
Speaking at an international privacy conference last Thursday, Apple CEO Tim Cook, said “The fact is that an interconnected ecosystem of companies and data brokers, of purveyors of fake news and peddlers of division, of trackers and hucksters just looking to make a quick buck, is more present in our lives than it has ever been.” He went on to ask “What are the consequences of seeing thousands of users join extremist groups, and then perpetuating an algorithm that recommends even more?” While not mentioning the social media giant by name, he left little doubt that he was referring specifically to Facebook.
While not perfect, Apple has taken many steps to protect user privacy over the years. Perhaps the most recent being a new feature to be rolled out on iPhone that will surely affect Facebook’s ability to target ads as accurately as before. Now when a user installs an app that shares user data with third parties, the user will have the option to “Allow Tracking” or “Ask App Not to Track”. Cook’s remarks against Facebook come just one day after Zuckerberg, Facebook’s CEO, attacked the feature in their public earnings call.
Note: Surveillance Today originally reported that this feature in iPhones had already been rolled out. That is not the case and we regret the error.
Author of the bestselling book The Age of Surveillance Capitalism, Shoshana Zuboff wrote an opinion piece in the New York Times last Friday carrying the headline of “The Coup We Are Not Talking About”. The Harvard professor emerita argues that what she calls “surveillance economics” has played a tremendous role in the recent threats to U.S. democracy. She says “We may have democracy, or we may have surveillance society, but we cannot have both.” As can always be expected of Professor Zuboff, the piece is both beautifully written and lengthy. This small summary cannot begin to do it justice and readers are strongly recommended to read it in its entirety.
Surveil-link #12: Chinese police records show extensive surveillance employed against the country’s Uyghur population
The Intercept obtained a 52 gigabyte database of police records from Ürümqi, capital of China’s Xinjiang province and published their findings from the records last Friday. According to the article, invasive surveillance is often deployed against individuals simply for their religious affiliations, most notably the Uyghur people, an ethnic minority native to Xinjiang that has largely been practicing Islam since the 16th century. This reporting uncovered the following most notable findings:
- Chinese law enforcement is actively collecting “text messages, phone contacts, call records, as well as e-commerce and banking records, from Muslim minorities in Xianjiang.”
- “Religious enthusiasm [is] equated with extremism.”
- Biometric data gathered with surveillance technology originally deployed as a public health initiative is also being used in police investigations.
- Police are actively using community informants to gather intelligence on the Uyghur population.
- Simply applying for asylum in a foreign country can classify one as a terrorist.
- Facial recognition is used widely, primarily across police “convenience stations” across the province.
Like Zuboff’s opinion piece, this summary cannot completely capture both the brilliant reporting and its harrowing implications, so please go read it for yourself.
Happy Black History Month
Lastly, Surveillance Today would like to wish you happy Black History Month. Surveillance, and thus the technology enabling it, has historically targeted Black individuals disproportionately. This publication unequivocally believes that Black lives matter and condemns racially motivated policing and surveillance.