This week has been action packed with privacy-related stories, there’s a summary below. It’s a bit of a funny one for us as we’ve been aware of Internet-related privacy issues for a long time now, banging the drum for at least three years across various accounts. Anecdotally, we can tell you how some people simply didn’t care to hear about it all that time ago. Now it’s firmly in the mainstream, every day there’s another data leak or vulnerability discovered. Our recommendation? Use encrypted services, and don’t use the same email address or password for everything.
Here’s what happened this week:
The biggest story of the week has been the Ashley Madison data dump. The infamous website was hacked and select data has been published in the public domain, prompting press to sift through it at a rapid rate. But here’s the big question about the data dump – just because we have access to it, should we go through it? Not many stopped to ask that question, breathlessly writing about how the .gov.uk domain was used by some people signing up to the website.
Which led to a second problem, Ashley Madison didn’t verify email addresses, so it’s actually possible to use a throwaway or even the email address of someone you don’t like. SNP MP Michelle Thomson was forced to issue a denial and former PM, Tony Blair even featured. Underlining the problem though, was the fact Blair’s email address was for a Labour party domain that doesn’t exist.
The more serious side was a Reddit post, claiming to be from a gay man living in a Middle East country which outlaws homosexuality. The very real danger being that if identified, he could be subject to “stoning, beheading, or (most likely) flogging and imprisonment.”
The ever considered security expert Brian Krebs urged caution in reporting, and Tom Fox-Brewster revisited comments made by maverick security innovator John McAfee.
Spotify updated its Terms and Conditions to access more personal data from users. The reaction from press has been pretty negative so far. Some of the changes were fairly innocuous and in-line with other apps, but at the same time it’s fair to ask why a music app needs access to your photos (it’s actually for avatars, but the wording makes it sound much worse). Not-so-recent, but also worth noting how the authorities are adapting to the plethora of personal data captured by apps – Spotify was used to help track down a fugitive in July, who had been on the run for seven months. A search warrant was used to secure data from technology companies, and that in turn helped to discover the location of the IP address being used.
Elsewhere, Buzzfeed landed itself in hot water by publishing a piece on “hot teachers” (the only time you’ll ever click on a link for those words and it’ll be SFW) using creepshots – photos taken without the subject’s permission. These creepshots are all in the classroom as well, making it even more contentious. The comments on the article itself are polarised, with people divided between saying it’s gender equality and others citing privacy issues. The New Statesman managed to secure comment from one of the teachers involved.
Loosely related, how ridiculously bad are the stock images for “encryption” or “privacy”?!