Search Results for “Natasha Singer”


April 20, 2020
Natasha Singer, Nicole Perlroth / New York Times

Natasha Singer, Nicole Perlroth / New York Times  
Dropbox Engineers Were So Concerned About Zoom’s Security in 2019 That The Company Launched a Bug Bounty Program to Find Holes in the Video Conference App, Report

Despite what Zoom and some of its advisers say, the meteoric video conferencing app’s security woes don’t solely stem from the company’s scorching growth since the coronavirus crisis hit. Former Dropbox engineers say the company’s current security plight can be traced back two years or more, and they argue that the company’s failure to overhaul its security practices back then put its business clients at risk. The Dropbox engineers grew so concerned that vulnerabilities in the videoconferencing system might compromise its corporate security that the file-hosting giant took on the unusual step of policing Zoom’s security practices itself, launching in early 2019 a bug bounty program through a HackerOne Singapore to find holes in Zoom’s software code and that of a few other companies.  The engineers say they were “stunned” by the volume of bugs the bounty program uncovered in Zoom’s system.

Related: Sydney Morning Herald, MobileSyrup.com, Tech Insider

Tweets:@karaswisher @natashanyt @kimzetter


March 23, 2020
Natasha Singer and Choe Sang-Hun / New York Times

Natasha Singer and Choe Sang-Hun / New York Times  
Surveillance Systems Set Up to Track Coronavirus Victims’ Movement Could Become Permanent After Pandemic Ends

From South Korea to Lombardy, Italy to Israel, government agencies are harnessing surveillance-camera footage, smartphone location data and credit card purchase records in surveillance systems designed to trace the movement of coronavirus victims to stop transmission of the deadly virus. Expanding surveillance now to combat the pandemic now could permanently open the doors to more invasive forms of snooping later, as was the case after 9/11. An example of such a potentially overreaching law is one adopted in New York state this month that gives Gov. Andrew M. Cuomo unlimited authority to rule by executive order during state crises like pandemics and hurricanes. The law allows him to issue emergency response directives that could overrule any local regulations.

Related: The Verge, Verdict, EFF, FOX News, Futurism, Tech Insider

Tweets:@torproject @natashanyt @freedomhouse @evanchill @fightfortheftr @mims

The Verge: Governments are increasingly using cellphone location data to manage the coronavirus
Verdict: Location data: How telecom providers are helping to track Covid-19
EFF: Governments Haven’t Shown Location Surveillance Would Help Contain COVID-19
FOX News: European countries considering tracking phone data to help stop coronavirus spread, report says
Futurism: A Growing Number of Countries Tap Phone Data to Track COVID-19
Tech Insider: 11 countries are now using people’s phones to track the coronavirus pandemic, and it heralds a massive increase in surveillance

@torproject: "ratcheting up surveillance to combat the pandemic now could permanently open the doors to more invasive forms of snooping later. It is a lesson Americans learned after the terrorist attacks of Sept. 11, 2001..." https://nytimes.com/2020/03/23/technology/coronavirus-surveillance-tracking-privacy.html .onion: https://nytimes3xbfgragh.onion/2020/03/23/tec
@natashanyt: Disclosures of personal data about coronavirus patients around the world have drastically eroded people’s ability to keep their health status private.
@freedomhouse: Racheting up surveillance to combat the pandemic now could permanently open the doors to more invasive snooping later (as Americans learned in the wake of 9/11 terrorism investigations).
@evanchill: The fine-tuned surveillance that allows a country like South Korea to drastically slow coronavirus could leave in place a new network of control ripe for to authoritarian abuse
@fightfortheftr: More surveillance is not the answer. More surveillance is not the answer. More surveillance is not the answer. More surveillance is not the answer. More surveillance is not the answer. More surveillance is not the answer.
@mims: A critical discussion right now and for the next, well, forever: How Surveillance Could Save Lives Amid a Public Health Crisis https://wired.com/story/surveillance-save-lives-amid-public-health-crisis/ vs. As Coronavirus Surveillance Escalates, Personal Privacy Plummets


March 31, 2020
Danny Hakim and Natasha Singer / New York Times

Danny Hakim and Natasha Singer / New York Times  
New York Attorney General Asks Zoom Whether Its Security Practices Are Sufficient to Detect Hackers

Videoconferencing app Zoom, which has skyrocketed in use during the coronavirus crisis, is under scrutiny by the office of New York’s attorney general, Letitia James, for its data privacy and security practices. James’ office sent Zoom a letter asking what, if any, new security measures the company has put in place to handle increased traffic on its network and to detect hackers. Among the concerns raised In the letter is that Zoom had been slow to address security flaws such as vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams.” Internet trolls have recently been capable of exploiting a screen sharing feature on Zoom leading to a phenomenon called Zoombombing. The suit also follows a report by Motherboard that Zoom had been sharing customer data from its iOS app with Facebook. Zoom updated its privacy policy on Sunday to reflect the mounting concern.

December 10, 2018
The Daily / New York Times

The Daily / New York Times  
The Business of Selling Your Location

Companies are using location data to cater to advertisers, retail outlets and even hedge funds. They say the information is anonymous, but a database reviewed by The Times revealed people’s movements in startling detail. Jennifer Valentino-DeVries, Natasha Singer, Michael H. Keller and Gabriel J.X. Dance investigated location tracking companies for this startling story.

May 21, 2019
Natasha Singer / New York Times

Natasha Singer / New York Times  
Amazon Shareholders to Vote on Two Proposals Regarding Company’s Sale of Its Facial Recognition Technology and Whether It Facilitates Human Rights Violations

At Amazon’s annual meeting in Seattle today, investors will vote on whether the tech giant’s push to spread surveillance software threatens civil rights and, as a consequence, the company’s reputation and profits. Shareholders have introduced two proposals on facial recognition for a vote, one that asks the company to prohibit sales of its facial recognition system, called Amazon Rekognition, to government agencies, unless its board concludes that the technology does not facilitate human rights violations. The other asks the company to commission an independent report examining the extent to which Rekognition may threaten civil, human and privacy rights, and the company’s finances. Both proposals are nonbinding, which means Amazon isn’t required to take any actions even if they receive a majority of votes.

Related: CNET, PYMNTS.com, We Live SecurityTechnology News, SC Magazine, TechCrunch, USA Today, ET news, Verdict, Ecns, Tech Insider


May 9, 2019
Natasha Singer / New York Times

Natasha Singer / New York Times  
Prominent Advocacy Groups File Complaint With FTC Alleging That Amazon’s Echo Dot Kids Violates COPPA By Allowing Children to Divulge Intimate Data Including Addresses, Social Security Numbers

The Campaign for a Commercial-Free Childhood and the Center for Digital Democracy joined more than a dozen other consumer and privacy groups in lodging a complaint with the Federal Trade Commission alleging that Amazon violated the Children’s Online Privacy Protection Act (COPPA) because the company’s Echo Dot Kids Edition is enabling children to easily divulge their names, home addresses, Social Security numbers and other intimate information to Alexa. Research commissioned by the two prominent advocacy groups also suggests that Amazon made it cumbersome for parents to delete their child’s personal details from the system. The complaint further alleges that Amazon had failed to obtain verified consent from parents before collecting their children’s voice recordings and had kept such records unnecessarily after extracting the data to respond to children. Amazon said in a statement that the device and a related subscription service for children, called FreeTime Unlimited, “are compliant with the Children’s Online Privacy Protection Act” and that before children’s services can be used on Alexa, a user must consent and provide a credit card number or a code number sent by Amazon via text message.

Related: NDTV, Echo Kids Privacy, TechCrunch, The Sun,, The Intercept, AP Breaking News, Courthouse News Service, Tech Insider, CNET, Digital Trends, Engadget,  Stars and Stripes, WRAL Tech Wire, USA Today, NewsBytes AppCBSNews.com, Reuters, ET news, Appuals.com, GeekWire, Gizmodo, Mashable, The Verge, Futurism, PYMNTS.com

NDTV: Amazon Accused of Using Echo Dot Kids to Illegally Collect Data on Children
Echo Kids Privacy: Echo Dot Kids Edition Violates COPPA|
TechCrunch: Alexa, does the Echo Dot Kids protect children’s privacy?
The Sun: Amazon accused of ‘spying on your kids’ with Alexa speakers by saving recordings of their conversations
The Intercept: Privacy Experts, Senators Demand Investigation of Amazon’s Child Data Collection Practices
AP Breaking News: FTC urged by child advocates to investigate Amazon’s Alexa
Courthouse News Service: Child Advocates Ask FTC to Investigate Amazon’s Alexa
Tech Insider: Amazon’s Echo Dot Kids Edition is illegally recording your children, 19 privacy advocates warn
CNET: Amazon’s Echo Dot Kids violates privacy regulations, child advocates say
Digital Trends: Amazon retains text data on users even when audio recordings are deleted
Engadget: FTC complaint alleges Amazon’s Echo Dot Kids violates child privacy law
Stars and Stripes: Parents can’t delete what kids tell Amazon voice assistant
WRAL Tech Wire: Hey, Alexa – why won’t you erase what my kids tell you? Parents upset, go to FTC
USA Today: Amazon secretly recording and storing what your kids say, complaint says
NewsBytes App: Amazon accused of spying on children via Echo Dot Kids
CBSNews.com: Amazon’s Echo Dot Kids puts kids at risk, privacy advocates allege
Reuters: U.S. senators say Amazon smart speaker for kids violates privacy law
ET news: Amazon violating child privacy laws with Echo Dot Kids smart speaker
Appuals.com: How to Delete Amazon Order History?
GeekWire: Consumer groups accuse Amazon of illegal voice recording on Echo Dot Kids speaker
Gizmodo: Privacy Advocates Demand That the FTC Investigate Amazon’s Digital Assistant for Kids
Mashable: Amazon Echo Dot Kids Edition violated children’s privacy law, say advocacy groups
The Verge: Amazon’s kid-friendly Echo Dot is under scrutiny for alleged child privacy violations
Futurism: Amazon Alexa: Illegally Recording Kids, Privacy Advocates Allege
PYMNTS.com: Privacy Groups Accuse Amazon Of Storing Kids’ Convos


January 14, 2020
Natasha Singer and Aaron Krolik / New York Times

Natasha Singer and Aaron Krolik / New York Times  
Grindr, OkCupid, and Tinder Send Detailed User Information Including Dating Choices, Locations to Advertising and Marketing Companies

Top dating services like Grindr, OkCupid and Tinder are spreading user information like dating choices and precise location to advertising and marketing companies in ways that may violate privacy laws, according to a report by the Norwegian Consumer Council, a government-funded nonprofit organization in Oslo. The most popular gay dating app Grindr transmitted user-tracking codes and the app’s name to more than a dozen companies, essentially tagging individuals with their sexual orientation. Grindr also sent users’ locations to multiple companies. OkCupid sent a user’s ethnicity and answers to personal profile questions to a firm that helps companies tailor marketing messages to users. The Norwegian group filed complaints on Tuesday, asking regulators in Oslo to investigate Grindr and five ad tech companies for possible violations of the European data protection law. A coalition of U.S. consumer groups sent letters to American regulators, including the Attorney General of California, asking for them to investigate. The report by the Norwegian Consumer Council was prepared with the help of Mnemonic, a cybersecurity firm in Oslo.

Related: The Mac Observer, TechCrunch, EFF, Forbruker Radet (PDF), Mnemonic, RAPPLER, AFP

Tweets:@privacyproject @CenDemTech @SecRecon @birnbaum_e


September 3, 2019
Dell Cameron / Gizmodo

Dell Cameron / Gizmodo  
Imprisoned Hacktivist Jeremy Hammond Called to Testify Before Grand Jury in Virginia Raising Questions About Whether U.S. Is Expanding Scope of Charges Against Julian Assange

Imprisoned hacktivist Jeremy Hammond, a former WikiLeaks source and once the FBI’s most-wanted cybercriminal, has been called to testify before a federal grand jury in the Eastern District of Virginia. The Jeremy Hammond Support Committee doesn’t know the nature or scope of the grand jury’s investigation but believes it is the same grand jury that Chelsea Manning is currently being incarcerated for refusing to testify before, raising new questions about whether the U.S. government is expanding the scope of the government’s criminal case against WikiLeaks and Julian Assange. It’s unclear how Hammond connects to the government’s probe of Assange, but WikiLeaks had provided Hammond and his AntiSec hacking crew with access to a custom search engine tool in early 2012 in an effort to aid the hackers in searching a batch of more than 5 million emails of Austin, TX-based global intelligence firm, Stratfor. Hammond pleaded guilty in 2013 to hacking Stratfor, which counted at the time a string of powerful clients including the Departments of Homeland Security and Defense, employees of the National Security Agency, countless police agency heads, and, among other notable figures, former Secretary of State Henry Kissinger.

Related: SparrowMedia, CNN, Washington Post, Daily Beast

Tweets:@dellcam @dellcam @dellcam @dellcam @dellcam @kevincollier @kevincollier @NatashaBertrand @FreedomofPress @rachelweinerwp @woodruffbets

SparrowMedia: Imprisoned Activist Jeremy Hammond Called Against His Will to Testify Before Federal Grand Jury in the EDVA
CNN: Incarcerated Anonymous hacker called before grand jury, sparking WikiLeaks questions
Washington Post: Hacker linked to WikiLeaks says he’s been brought to Virginia for testimony
Daily Beast: DOJ Wants To Question Wikileaks Associate Jeremy Hammond, His Supporters Claim

@dellcam: NEW: Jeremy Hammond, Anonymous hacker and one-time WikiLeaks source, has been called to testify before a federal grand jury, signaling the scope of DOJ’s criminal investigation into WL may be far wider than previously reported.
@dellcam: I included a refresher here on AntiSec’s exploits and on my own prior investigation into the Stratfor hack and how FBI’s claims about the attack to the @nytimes and elsewhere are misleading & do not align with the sealed evidence in its possession. https://gizmodo.com/jeremy-hammond-anonymous-hacker-and-wikileaks-source-1837830636
@dellcam: Things to remember: (a) FBI had intel that Stratfor had been hacked a full day before Hammond knew the company even existed; (b) WikiLeaks entered the scene after the hack was already public knowledge. https://gizmodo.com/jeremy-hammond-anonymous-hacker-and-wikileaks-source-1837830636
@dellcam: (c) In the post-Equifax world, Stratfor would be crucified. A leaked report I published in 2014 proved it enabled the attack. Root access to its servers required no password. It had no antivirus & no firewall.
@dellcam: Related: In Nov, Giz reported that WikiLeaks provided Hammond and potentially other Stratfor hackers w/ access to a search-engine tool to help them comb through the emails. (Perhaps a parallel here to Assange charge for allegedly trying to assist Manning)
@kevincollier: We don't currently have reporting why exactly Hammond's called. But as @dellcam reported last year, Hammond said in a private 2011 chat that Assange had offered him a tool to help w/hacked Stratfor emails. Echoes how the US charged him w/helping Manning:
@kevincollier: Anonymous hacktivist Jeremy Hammond, who's spent the past 7 years behind bars, called to testify before a grand jury. Believed to be related to Assange investigation and Chelsea Manning's similar grand jury call:
@NatashaBertrand: NEW: A potential development in the Assange case. Jeremy Hammond, who was convicted of computer fraud in 2013 for hacking the private intel firm Stratfor and releasing data to WikiLeaks, has been subpoenaed to testify before a grand jury in the Eastern District of Virginia.
@FreedomofPress: Ominous signs the Trump admin is expanding its case against WikiLeaks founder Julian Assange, who is already under an indictment that would have unprecedented consequences for press freedom.
@rachelweinerwp: Jeremy Hammond, serving 10-year sentence for Stratfor hack shared with Wikileaks, says he's been brought to Virginia for grand jury but won't testify
@woodruffbets: News: A grand jury in EDVA has called in Jeremy Hammond, who was involved in the Stratfor hack. His supporters say they believe it's to question him about Wikileaks.


September 4, 2019
Natasha Singer and Kate Conger / New York Times

Natasha Singer and Kate Conger / New York Times  
Google and YouTube to Pay $170 Million to Settle Allegations by FTC, New York Attorney General That YouTube Violated COPPA by Illegally Collecting Children’s Personal Information

In the largest penalty paid to date for violation of a key children’s online protection law, Google and its subsidiary YouTube will pay a record $170 million to settle allegations by the Federal Trade Commission and the New York Attorney General that YouTube illegally collected personal information from children without their parents’ consent. Google and YouTube will pay $136 million to the FTC and $34 million to New York for allegedly violating the Children’s Online Privacy Protection Act (COPPA) Rule. The FTC and the New York Attorney General allege that YouTube collected personal information in the form of persistent identifiers that are used to track users across the Internet from viewers of child-directed channels, without first notifying parents and getting their consent. YouTube also agreed to create a system that asks video channel owners to identify the children’s content they post so that targeted ads are not placed in such videos. YouTube must also now obtain consent from parents before collecting or sharing personal details like a child’s name or photos. Critics, including Senator Ed Markey (D-MA), who sponsored COPPA back in 1998, say the settlement is merely slap on the wrist for Google given the Internet company’s massive financial resources and revenues.

Related: Financial Times, AppleInsider, CNBC, Bloomberg, New York PostBBC News – Home, ITWeb.co.za latest news, FOX News, The Verge, Technology News | Boston.com, City A.M. – Technology, Ars Technica, AP Breaking News, VentureBeat, TIME, POLITICO EU, Tech Insider, Axios, RT News, WRAL Tech Wire, Federal Trade Commission, New York Attorney General

Tweets:@alfredwkng

Financial Times: Google and YouTube pay $170m to settle child privacy claims
AppleInsider: Google fined $170M for violating children’s privacy
CNBC: YouTube will pay $170 million to settle claims it violated child privacy laws
Bloomberg: Google to Pay $170 Million for YouTube Child Privacy Breaches
New York Post: Google fined $170M for YouTube’s violation of child privacy laws
BBC News – Home: YouTube fined $170m in US over children’s privacy violation
ITWeb.co.za latest news: Google to spend $200m on YouTube settlement
FOX News: YouTube to pay massive $170M fine as it settles claims it violated children’s privacy laws
The Verge: Google will pay $170 million for YouTube’s child privacy violations
Technology News | Boston.com: The Latest: Advocacy groups disappointed in YouTube-FTC deal
City A.M. – Technology: Google accused of sharing personal data with advertisers
Ars Technica: YouTube fined $170 million for violations of children’s privacy
AP Breaking News: YouTube to pay $170M fine after violating kids’ privacy law
VentureBeat: FTC fines YouTube $170 million for alleged child privacy violations
TIME: YouTube Fined $170 Million for Collecting Kids’ Data Without Parental Consent
POLITICO EU: Google’s YouTube hit with $170M fine over children’s privacy
Tech Insider: Google will pay $170 million to settle allegations that YouTube illegally collected kids’ data without their parents consent (GOOGL, GOOG)
Axios: Google to pay $170 million over claim that YouTube violated child privacy law
RT News: YouTube to cough up $170mn in fines over charge of grabbing kids’ data
WRAL Tech Wire: Feds fine YouTube $170M for collecting kids’ data without parents’ consent
Federal Trade Commission: Google and YouTube Will Pay Record $170 Million for Alleged Violations of Children’s Privacy Law
New York Attorney General: AG James: Google And Youtube To Pay Record Figure For Illegally Tracking And Collecting Personal Information From Children

@alfredwkng: . @SenMarkey was the author of COPPA back in 1998. On today's settlement with YouTube, he says: "This settlement makes clear that this FTC stands for ‘Forgetting Teens and Children’."


December 30, 2019
Natasha Singer / New York Times

Natasha Singer / New York Times  
California’s Privacy Law Is About to Go Into Effect With Companies Adopting Various Interpretations of the Law’s Provisions

The California Consumer Privacy Act (CCPA), enacted in 2018 and slated to go into effect on January 1, 2020, was intended to give consumers greater control over and insight into how companies collect and use their personal data. But many of the legislation’s new requirements are so novel that some companies disagree about how to comply with them. A provision in the CCPA about selling data, for example, applies to companies that exchange the data for money or other compensation. Some companies give their customers the ability to opt out of this sale while others require account deletion if customers don’t consent. Google, Facebook, Microsoft, Apple, Twitter, Uber, and other tech-heavy companies have arrived at their differing interpretations of the Act’s various provisions.