Google ‘colluded’ with Facebook to bypass Apple privacy • The Register:

The alleged Jedi Blue partnership between Google and Facebook, outlined in the initial complaint, is explained in more detail in the latest filing. The two companies, it’s said, have been working closely to help Facebook “recognize users in auctions and bid and win more often.”

“For example, Google and Facebook have integrated their software development kits (SDKs) so that Google can pass Facebook data for user ID cookie matching,” the amended complaint says. “They also coordinated with each other to harm publishers through the adoption of Unified Pricing rules…”

Don’t be… Something? That sounds familiar, but who was it about…

Daring Fireball: Apple’s New ‘Child Safety’ Initiatives, and the Slippery Slope:

All of these features are fairly grouped together under a “child safety” umbrella, but I can’t help but wonder if it was a mistake to announce them together. Many people are clearly conflating them, including those reporting on the initiative for the news media. E.g. The Washington Post’s “never met an Apple story that couldn’t be painted in the worst possible light” Reed Albergotti’s report, the first three paragraphs of which are simply wrong1 and the headline for which is grossing misleading (“Apple Is Prying Into iPhones to Find Sexual Predators, but Privacy Activists Worry Governments Could Weaponize the Feature”).

Not surprisingly, this is the first really good, non-hyperbolic summary of everything Apple announced they’re doing on the topic.

  • On-device, in the Messages app, neural analysis of images for possible sensitive content sent or recieved… If the user is under 12, parents can opt-in to recieve a warning, over 12 the user can be notified but parents won’t be… And none of this is ever reported to any kind of authories, nor is any content sent to Apple or anyone else.
  • Likewise on-device updates to Siri and Search around sensitive content, with the same kind of parental opt-in notifications for under 12 users, or just the users otherwise, similar to above.

  • Most misunderstood… CSAM image fingerprint comparisons. Not sending images, not even scanning content of images, but creating a verifiable hash of images which can be compared with fingerprints in the National Center for Missing and Exploited Children (NCMEC) systems… And if enough of those match the MCMEC system triggering a human review of those fingerprints for confirmation, before finally potentially raising further alarms. These cryptographic hashes, depending on the algorythm, should be entirely unique to any given image and so should be worse than lottery odds of ever creating a single false positive that a photo in your library matches a sensitive image in the NCMEC database, much less enough to trigger further action.

These seem to be exteremely well thought out, best compromise answers to really difficult problems and by far the most pprivacy forward answers of anyone in the tech world so far.

CWE – 2021 CWE Top 25 Most Dangerous Software Weaknesses:

The 2021 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses (CWE Top 25) is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working. The CWE Top 25 is a valuable community resource that can help developers, testers, and users — as well as project managers, security researchers, and educators — provide insight into the most severe and current security weaknesses.

To create the 2021 list, the CWE Team leveraged Common Vulnerabilities and Exposures (CVE®) data found within the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), as well as the Common Vulnerability Scoring System (CVSS) scores associated with each CVE record. A formula was applied to the data to score each weakness based on prevalence and severity.

via – bleepingcomputer.com
via – /.

Why You Shouldn’t Use Google Maps On Your iPhone After Update:

Clearly, the issue here is that all the data Google Maps says it may collect is linked back to your personal identity. This is how Google works. Everything links together to build your profile, your timeline. And while you can fish around in Google’s account settings to delete some of this data, most don’t bother and why should you need to?

The Rotting Internet Is a Collective Hallucination – The Atlantic:

Rather than a single centralized network modeled after the legacy telephone system, operated by a government or a few massive utilities, the internet was designed to allow any device anywhere to interoperate with any other device, allowing any provider able to bring whatever networking capacity it had to the growing party. And because the network’s creators did not mean to monetize, much less monopolize, any of it, the key was for desirable content to be provided naturally by the network’s users, some of whom would act as content producers or hosts, setting up watering holes for others to frequent.

If you care about The Internet, capital I, this is worth a read and think… The systems that underpin everything outside the corporate theme parks of Facebook and Google have stayed alive almost miraculously, but need help…

And yet… The fact that this was posted on The Atlantic may well mean that some visitors will be paywalled from seeing it, one of the great harms that I didn’t see in the essay.

Millions Choose Simple Privacy Protection with DuckDuckGo:

Will people take action to protect their online privacy? Duck yes.

Privacy skeptics have dominated the discussion about online privacy for too long. “Sure people care about privacy, but they’ll never do anything about it.” It’s time to lay this bad take to rest.

Not only will consumers act to protect their privacy – they already are. Since the launch of iOS 14.5 in April, 84% of people in the U.S. have actively opted-out of tracking after seeing the new prompt being shown on Apple devices.

When made simple and without sacrifice, most people will choose privacy.

via – /.