• chevron_right

    Facebook is receiving sensitive medical information from hospital websites / ArsTechnica · Thursday, 16 June - 14:53

Facebook is receiving sensitive medical information from hospital websites

Enlarge (credit: Aurich Lawson | Getty Images)

A tracking tool installed on many hospitals’ websites has been collecting patients’ sensitive health information—including details about their medical conditions, prescriptions, and doctor’s appointments—and sending it to Facebook.

The Markup tested the websites of Newsweek’s top 100 hospitals in America. On 33 of them we found the tracker, called the Meta Pixel, sending Facebook a packet of data whenever a person clicked a button to schedule a doctor’s appointment. The data is connected to an IP address—an identifier that’s like a computer’s mailing address and can generally be linked to a specific individual or household—creating an intimate receipt of the appointment request for Facebook.

Read 65 remaining paragraphs | Comments

  • Sc chevron_right

    Tracking People via Bluetooth on Their Phones / Schneier · Tuesday, 14 June - 20:11 · 1 minute

We’ve always known that phones—and the people carrying them—can be uniquely identified from their Bluetooth signatures, and that we need security techniques to prevent that. This new research shows that that’s not enough.

Computer scientists at the University of California San Diego proved in a study published May 24 that minute imperfections in phones caused during manufacturing create a unique Bluetooth beacon , one that establishes a digital signature or fingerprint distinct from any other device. Though phones’ Bluetooth uses cryptographic technology that limits trackability, using a radio receiver, these distortions in the Bluetooth signal can be discerned to track individual devices.


The study’s scientists conducted tests to show whether multiple phones being in one place could disrupt their ability to track individual signals. Results in an initial experiment showed they managed to discern individual signals for 40% of 162 devices in public. Another, scaled-up experiment showed they could discern 47% of 647 devices in a public hallway across two days.

The tracking range depends on device and the environment, and it could be several hundred feet, but in a crowded location it might only be 10 or so feet. Scientists were able to follow a volunteer’s signal as they went to and from their house. Certain environmental factors can disrupt a Bluetooth signal, including changes in environment temperature, and some devices send signals with more power and range than others.

One might say “well, I’ll just keep Bluetooth turned off when not in use,” but the researchers said they found that some devices, especially iPhones, don’t actually turn off Bluetooth unless a user goes directly into settings to turn off the signal. Most people might not even realize their Bluetooth is being constantly emitted by many smart devices.

  • chevron_right

    A year after Apple enforces app tracking policy, covert iOS tracking remains / ArsTechnica · Monday, 18 April - 21:10 · 1 minute

A year after Apple enforces app tracking policy, covert iOS tracking remains

Enlarge (credit: Getty Images)

Last year, Apple enacted App Tracking Transparency, a mandatory policy that forbids app makers from tracking user activity across other apps without first receiving those users’ explicit permission. Privacy advocates praised the initiative, and Facebook warned it would spell certain doom for companies that rely on targeted advertising. However, research published last week suggests that ATT, as it’s usually abbreviated, doesn’t always curb the surreptitious collection of personal data or the fingerprinting of users.

At the heart of ATT is the requirement that users must click an “allow” button that appears when an app is installed. It asks: “Allow [app] to track your activity across other companies’ apps and websites?” Without that consent, the app can’t access the so-called IDFA (Identifier for Advertisers), a unique identifier iOS or iPadOS assigns so they can track users across other installed apps. At the same time, Apple also started requiring app makers to provide “privacy nutrition labels” that declared the types of user and device data they collect and how that data is used.

Loopholes, bypasses, and outright violations

Last week’s research paper said that while ATT in many ways works as intended, loopholes in the framework also provided the opportunity for companies, particularly large ones like Google and Facebook, to work around the protections and stockpile even more data. The paper also warned that despite Apple’s promise for more transparency, ATT might give many users a false sense of security.

Read 8 remaining paragraphs | Comments

  • Ga chevron_right

    Google may soon add a built-in Bluetooth tracker detection feature in Android

    Danie van der Merwe · / gadgeteerza-tech-blog · Wednesday, 30 March - 18:08 · 1 minute

Bluetooth trackers have quickly become a hot tech commodity. While companies like Tile have offered Bluetooth-powered tags for years, it was Apple’s AirTags that helped these tiny devices achieve mainstream popularity. If you’re on Android, you usually have to download a separate app from the tag manufacturer to monitor, scan and control your device. But it appears that Google may soon let you scan for nearby trackers without downloading a third-party app.

A recent APK teardown from 9to5Google reveals that Google is working on integrating Bluetooth tracker detection capability right into Android. The feature will be part of the Google Play Services, so it should allow Google to bring it to the masses with minimum effort. Within the latest version of the Play Services, 9to5Google has found strings related to “Unfamiliar device alerts” and an “Unfamiliar Tag Detected Notification” for Bluetooth Low Energy tags.

In addition to detecting, it looks like Google will also allow Android users to ring an identified tag. This will be similar to how Apple lets you play a sound on unknown AirTags.

It's not confirmed yet, so even though it's appearing inside source code, it is not known when it may go live.


#technology #tracking #android #airtags

  • Ga chevron_right

    Brave Browser takes the spring out of creepy bounce tracking, also known as redirect tracking

    Danie van der Merwe · / gadgeteerza-tech-blog · Wednesday, 9 March - 17:47

Browser maker Brave has developed a new way to ground "bounce tracking," a sneaky technique for bypassing privacy defenses in order to track people across different websites.

Bounce tracking, also known as redirect tracking, dates back at least to 2014 when ad companies were looking for ways to avoid third-party cookie blocking defenses. "Bounce tracking is a way for trackers to track you even if browser-level privacy protections are in place," explained Peter Synder, senior director of privacy at Brave, on Tuesday.

To curtail privacy intrusions of this sort, Brave software engineer Aleksey Khoroshilov and senior software engineer Ivan Efremov devised a defense called Unlinkable Bouncing. Unlinkable Bouncing is available in Brave Nightly, the company's experimental build, and is expected in the upcoming version 1.37 release.


#technology #privacy #bravebrowser #tracking

  • Ga chevron_right

    AirGuard - Free and Open Source Android app lets users detect Apple AirTag tracking

    Danie van der Merwe · / gadgeteerza-tech-blog · Sunday, 27 February - 10:28

A small team of researchers at the Darmstadt University in Germany have published a report illustrating how their AirGuard app for Android provides better protection from stealthy AirTag stalking than other apps. In summary, their approach was found to be superior to the iOS system, let alone Apple's own anti-tracking app for Android.

Apart from serving the tracking warnings faster, AirGuard can also detect trackers placed on cars, which is the most difficult for other solutions to unearth, and the best tracker placement option for malicious actors. It can detect all Find My devices, including self-made ones like the cloned or modified AirTags, as the ultimate stealthy tracking tool.


#technology #airtags #tracking #privacy

  • Ga chevron_right

    Chipolo's Find My-Enabled 'CARD Spot' is Ideal for Keeping Tabs on a Wallet, but Needs to be Replaced Every 2 Years

    Danie van der Merwe · / gadgeteerza-tech-blog · Friday, 25 February - 13:22

The CARD Spot isn't much to look at because it's a simple credit card-sized black plastic insert that's meant to fit inside a wallet. It's about 3x the thickness of a credit card, but may fit into many wallets better than a much thicker AirTag. Apart from that, it will work basically identically to an AirTag as far as connecting to the Find My network goes.

The downside is the battery is not replaceable, and will last about two years. So the device would cost about US$35 to buy, and with the discounted replacement program (outside of the USA too?), that would add about US$17.50 every two years.


#technology #airtag #findmy #chipolo #tracking

  • Ga chevron_right

    Find You: Building a stealth AirTag clone - Because AirTags can warn a Thief if they steal your Item?

    Danie van der Merwe · / gadgeteerza-tech-blog · Wednesday, 23 February - 09:28 · 1 minute

The linked article discusses each anti-stalking feature and how it can be bypassed in theory. Fabian then goes on to describe how he implemented those ideas to build a stealth AirTag and successfully tracked an iPhone user (with their consent of course) for over 5 days without triggering a tracking notification.

The goal of this blog post is to raise awareness of these issues, to hopefully also guide future changes. In particular, Apple needs to incorporate non-genuine AirTags into their threat model, thus implementing security and anti-stalking features into the Find My protocol and ecosystem instead of in the AirTag itself, which can run modified firmware or not be an AirTag at all (Apple devices currently have no way to distinguish genuine AirTags from clones via Bluetooth).

AirTags have certainly posed a dilemma between owners abusing the use of their own AirTags, but also with warning a thief if they have deliberately stolen an item you are tracking. I do have my AirTags set to alert me if I'm parted from them when away from home, but I must say I don't normally hear the alert tone, and only realise I have left the item behind a little later when I actually look at the visual notifications. Of course, anyone wanting to track someone without their knowledge could use Samsung or Tile tags, or one of the miniature GPS transmitters. But nevertheless, this is still an interesting article.


#technology #privacy #airtag #tracking #findyou