cross-posted from: https://lemmy.bestiver.se/post/613592

Comments

cross-posted from: https://piefed.social/post/1254526

cross-posted from: https://programming.dev/post/37262246

More than twenty countries have signed on to the nonbinding Pall Mall Process Code of Practice for States since it was launched in April 2025 by the United Kingdom (UK) and France. Its focus is to “tackle the challenges posed by the proliferation and irresponsible use of commercial cyber intrusion capabilities (CCICs).” CCICs encompass a broad array of tools, including spyware—a kind of malicious software that allows “unauthorized remote access to an internet-enabled target device” for surveillance and/or data extraction. One of the pillars of the Code of Practice for States is accountability, under which countries are encouraged to establish or apply national frameworks to regulate the “development, facilitation, purchase, transfer, and use of” spyware.

Establishing new domestic frameworks or even analyzing which existing national or international frameworks apply to spyware-related activity will take significant time, likely years. Meanwhile, new instances of spyware abuses against journalists and other human rights defenders continue. It is therefore not surprising that the Code of Practice for States also recommends measures to incentivize responsible activity, encourage the use of export control and licensing frameworks, and provide support for victims. It is on one such measure for victim support that this report focuses: “procedures for those claiming redress as a result of the irresponsible use of CCICs, including ensuring access to effective judicial or non-judicial remedies.” Specifically, this report explores how existing tort law relating to abnormally dangerous activities in the United States and the UK could provide a ground for bringing cases related to spyware abuses.

Tort law allows individuals to take accountability into their own hands, which is especially important when processes to enact binding obligations on actors involved in developing and selling spyware can take years and there is no guarantee they will be successful. However, tort law differs by country and, within the United States, even by state. This makes research difficult and, at a larger scale, inconsistent. Additionally, litigation is very resource intensive both in terms of money and time and governments are typically shielded from civil liability. It is simply not possible for every victim of a spyware abuse to bring a case against the actor(s) responsible. In that sense, it is not recommended to rely exclusively on tort law for accountability, but to use it as a supplementary measure while continuing to pursue parallel efforts at regulation.

With that framing, this report looks at the possibility of bringing cases under strict liability for abnormally dangerous activities in California and the UK. These two jurisdictions were chosen because of the similarities in their legal systems, the fact that civil cases have been brought in California against spyware developers, and since the UK is one of the countries that launched the Pall Mall Process. The author is not aware of any previous cases brought under this theory of liability with respect to spyware. Given the six-factor definition of abnormally dangerous activities in California, the fact that a court decides whether an activity qualifies, and recent developments regarding jurisdiction over foreign defendants and significant damages awards, it could be possible, although still difficult, to bring a case there under this theory related to spyware harms. The development of the same doctrine in the UK, however, cautions against attempting this novel argument there. For UK plaintiffs, more research is needed on alternative grounds under tort.

cross-posted from: https://programming.dev/post/37194712

Technical Report.

Under pressure from Mark Zuckerberg and Sheryl Sandberg to monetize WhatsApp, he pushed back as Facebook questioned the encryption he'd helped build and laid the groundwork to show targeted ads and facilitate commercial messaging. Acton also walked away from Facebook a year before his final tranche of stock grants vested. "It was like, okay, well, you want to do these things I don"t want to do," Acton says. "It's better if I get out of your way. And I did." It was perhaps the most expensive moral stand in history. Acton took a screenshot of the stock price on his way out the door—the decision cost him $850 million.

cross-posted from: https://programming.dev/post/37120773

Complaint.

cross-posted from: https://lemmy.dbzer0.com/post/52719863

This consolidation of power is a dream come true for the Big Tech platforms, but it’s a nightmare for users. While the megacorporations get more traffic and a whole lot more user data (read: profit), users are left with far fewer community options and a bland, corporate surveillance machine instead of a vibrant public sphere. The internet we all fell in love with is a diverse and colorful place, full of innovation, connection, and unique opportunities for self-expression. That internet—our internet—is worth defending.

Macrodroid has been a favourite of mine for automating things on my phone. This is no longer the case.

It has been silently updated at some point to become a data mining and leaking nightmare. At the time of writing these lines, this app contains 30 trackers from various third party telemetry services according to the latest Exodus report. This is an extremely high number of trackers and there definitely weren't that many a few years back. Even most junk free mobile games can’t manage to contain this many. It appears that the owner of the app has sold out and turned it into spyware to sell your data to as many companies as possible.

This is particularly worrying considering the level of access and permissions the app requires to function. If you are using the app still, I’m urging you to reconsider.

Spread the word.

Exodus report

cross-posted from: https://sh.itjust.works/post/45402993

The Ministry of Communication and Information Technology of Nepal has issued an order requiring all social media platforms to be registered in Nepal.

Based on this, the Nepal Telecommunications Authority (NTA) has instructed all network service providers to deactivate 26 platforms, including Signal, Facebook, Instagram, WhatsApp, YouTube, and others.

To lift the ban and operate legally in Nepal, each platform must:

1. Register with the Ministry of Communication and Information Technology.

2. Appoint in Nepal:

   • A Point of Contact
   • A Resident Grievance Handling Officer
   • An Officer responsible for monitoring compliance with self-regulation [1]

3. Submit an application in the prescribed format along with required documents, as per the Directives on Managing the Use of Social Media Networks (2080 B.S.). [2]

Reference:

[1] Notice by the Ministry of Communication and Information Technology on Managing the Social Networking Platform Usage in Nepal

[2] Directives for Managing the Use of Social Networks, 2023

Apparently the previous owner of my current phone number gave his phone number to a lot of gambling sites and now i recieve spam SMSes DAILY. Do i need to get a new line? Or is there some secret way i can get my phone number out of nobody knows how many sites?

(The number is from turkey, if that helps.)

I'm looking for studies that either say that Digital ID/Age verification can be done in a truly private manner or not.

I have read a bunch of stuff, there is a lot of noise about this subject.

I want to be able to submit something to politicians as to how this system is going to be a huge target; and the dangers around it. But I also want to be able to know if is technically possible to do it properly.

I know they're all bad for privacy to an extent, which is why I specified "least bad."

This is for casual use, as someone concerned about surveillance capitalism, digital privacy, social cooling and the like. I do not have a high threat model. I am looking to balance privacy and convenience. I am not going to teach my grandma how to use monero, and it isn't always a reasonable option to use cash or mail a check.

The big services in the US I know of are:

• PayPal: shares your data with 600+ companies
• Venmo: owned by PayPal
• Apple Cash: Requires an Apple device, not an option for many
• Google Pay: it's Google, and it doesn't work on custom ROMs like GrapheneOS
• Facebook Messenger: apparently you can send money on there, but I think "there's zero chance I'm making a Facebook account and I'm especially not linking my bank to it" needs no explanation in this community
• Cash App: owned by Square, might be a decent option?
• Zelle: Not supported by all banks (I don't think it's supported by mine and I definitely have friends that use unsupported banks)

If anyone knows of better options, or tips to minimize shared data while using any of the above options, please elaborate.

cross-posted from: https://lemmy.world/post/35231913

cross-posted from: https://programming.dev/post/36575333

Main Page.

• Full Report- 33 Pages.
• Highlights 1 Page.
• Accessible PDF-28 pages.

Property technology broadly refers to the use of software, digital platforms, and other digital tools used in the housing market. Property owners and renters use these technologies for functions including advertising, touring, leasing, and financial management of rental housing. These tools may incorporate computer algorithms and artificial intelligence.

Selected Property Technology Tools Used in Rental Housing

Property technology tools used for advertising, tenant screening, rent-setting, and facial recognition have both benefits and risks. For example, facial recognition technology can enhance safety, according to three industry associations and all 10 of the public housing agencies in GAO's review. However, these tools also may pose risks related to transparency, discriminatory outcomes, and privacy. For instance, potential renters may struggle to understand, and owners to explain, the basis for screening decisions made by algorithms. Facial recognition systems also might misidentify individuals from certain demographic groups, and property owners might use surveillance information without renter consent, according to advocacy groups GAO interviewed.

The four federal agencies took several actions to address these risks. To combat alleged misleading and discriminatory advertising on rental platforms, agencies pursued legal action and obtained settlements requiring changes to advertising practices and improved compliance with the Fair Housing Act. They also took enforcement actions against tenant screening companies for using inaccurate or outdated data.

However, all 10 public housing agencies stated public housing agencies would benefit from additional direction on use of facial recognition technology. The Department of Housing and Urban Development's (HUD) current guidance to these agencies is high-level and does not provide specific direction on key operational issues, such as managing privacy risks or sharing data with law enforcement. More detailed written direction could provide public housing agencies additional clarity on the use of facial recognition technology and better address tenant privacy concerns.

cross-posted from: https://lemmy.ca/post/50665455

cross-posted from: https://infosec.pub/post/33877538

A court filing states that a government order against Apple would give it the capability to access communications and metadata of customers using the iCloud service anywhere in the world

cross-posted from: https://programming.dev/post/36487769

Comments

• Lobsters.