Parent organizations call out Facebook and Instagram for gathering kids’ personal information from their online activity. Talk Liberation - Your Worldwide INTERNET REPORT (Issue 12, 2021)

Apple sues to deny makers of Pegasus spyware access to its devices

Facebook and Instagram are gathering data from children

Social media giants Facebook and Instagram are collecting data on users under the age of 18 by using a software system that tracks users’ web browsing activities. Meta, the parent company of both platforms, announced in July that it would allow targeted advertising for younger users based only on their age, gender and location. Meta denies that the data was being utilized by the company’s “algorithm-driven ad delivery system” to target users under the age of 18.

Talk Liberation is committed to providing equal access for individuals with disabilities. To view an accessible version of this article, click here.

However, research indicates Facebook and Instagram are using the software system’s conversion API’s to gather personal information on younger users via their web browsing history. Additionally, the report states, “…Facebook is still using the vast amount of data it collects about young people in order to determine which children are most likely to be vulnerable to a given ad.”

This data gathering practice was discovered by Global Action Plan, Reset Australia and Fairplay — organizations that seek to prevent Big Tech marketing to children. Moreover, 44 advocacy groups participated in an open letter to Facebook CEO Mark Zuckerberg urging for the “surveillance advertising” of young people to be stopped.

According to the report, the researchers found:

“Facebook can collect data from other browser tabs and pages that children open, and harvest information like which buttons they click on, which terms they search or products they purchase or put in their basket (‘conversions’).”

Meta spokesperson Joe Osborne said that to claim Facebook and Instagram deploy targeted advertising to children is “wrong.” Meanwhile, the research maintains that there is no reason to store the conversion data unless it is used for the ad delivery system.

Apple sues NSO group

Tech giant Apple has filed a lawsuit against the Israeli surveillance company NSO Group for targeting Apple devices using its Pegasus spyware. The lawsuit, filed in the Northern District of California, aims to ban NSO Group from using Apple products and services and seeks an unspecified amount in damages, which Apple claims will be given to cybersecurity researchers. According to Gizmodo, “A denial of access to Apple products and services would mark a huge, potentially business-shattering blow for NSO Group in the U.S.”

NSO Group, which claims to target only terrorists and criminals, recently made headlines when it was revealed that the surveillance company was targeting journalists, activists and even world leaders. In its lawsuit, Apple provided additional previously unknown information related to an exploit known as “FORCEDENTRY.”

Apple’s press release states:

“To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge.”

Apple claims its servers were not compromised during the attacks.

FBI email system compromised

Thousands of people received fake emails from the FBI after hackers used “software misconfiguration” and acquired access to the Law Enforcement Enterprise Portal (LEEP). The LEEP software allows law enforcement to share data with local and state authorities during an investigation. According to an FBI press release, the impacted hardware was taken offline immediately after discovering the hack. Additionally, the FBI claims no data or Personally Identifiable Information (PII) was accessed during the breach.

The emails were sent from seemingly authentic FBI email accounts and warned the recipients that they were at risk of a “sophisticated chain attack,” according to the Spamhaus Twitter account.

The Spamhaus Project, which is dedicated to researching cyber threats, told Bleeping Computer that at least 1,000 inboxes were targeted but that the “campaign was potentially much larger.”

In an interview with journalist Brian Krebs, hacker Pompompurin admitted to his involvement in the hack. According to the report, Pompompurin said the purpose was to expose the vulnerability within the FBI’s system.

US seeking extradition of ransomware hacker

The US Department of Justice announced the arrest of 22-year-old Ukrainian citizen Yaroslav Vasinskyi, who has alleged ties to the REvil hacking group, which is reportedly responsible for several attacks on high profile American businesses and companies. According to the court documents, Vasinskyi is suspected to have participated in a “large scale” attack on the IT provider Kaseya in July this year. Vasinskyi was arrested in Poland, which has an extradition agreement with the US. In addition to his arrest, authorities confiscated $6.1 million in cryptocurrencies.

In a press statement, Attorney General Merrick Garland said, “Together, with our partners, the Justice Department is sparing no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack.”

The arrest demonstrates that in cooperation with international officials, US authorities are focused on ransomware hackers. The State Department recently offered a $15 million reward to anyone who can provide information leading to the arrest of additional REvil hackers.

Top EU court cracks down on net neutrality breaches

In two separate rulings, The European Union’s top court found that Telekom Deutschland and Vodafone were in violation of the EU’s net neutrality regulations for “exempting certain services from data caps.” According to the rulings, the “zero tariff” options defy the open internet access regulation. A press release issued by the Court of Justice of the European Union (CJEU) states:

“A ‘zero tariff’ option is a commercial practice whereby an internet access provider applies a ‘zero tariff’, or a tariff that is more advantageous, to all or part of the data traffic associated with an application or category of specific applications, offered by partners of that access provider.”

The CJEU told media outlets that this practice draws a distinction within the internet and goes contrary to the ‘level-playing field’ principle at the core of net neutrality. In a statement to TechCrunch, the European consumer protection association BEUC’s senior digital policy officer, Maryant Fernández Pérezvery, says the ruling is “positive news for consumers and those who want the internet to stay open to all.”

According to Reuters, Vodafone will review the ruling and make the necessary changes, meanwhile Telekom Deutschland claims its StreamOn feature is no longer using data throttling and therefore will not need to make any changes to its business practices.

Start-ups exempt from India’s data privacy law

India’s new data protection bill will provide exemptions for start-ups and “new age” companies by allowing them to use data for algorithms and “innovation.” The provisions under the new legislation will only be in effect after a specified period of time for India’s digital new age firms, according to Rajendra Kumar, additional secretary of Ministry of Electronics and Information Technology (Meity).

According to a top official with Meity, India seeks “to promote start-ups that are tech focused,” which is why new digital start ups can have access to data which will allow the companies to experiment with new algorithms for their own applications. CEO of Data Security Council of India Rama Vedashree told Business Today, “No personal data is mandated to be stored within the boundaries of the country. This only holds true for critical personal data which will be decided by authorities.”

The new data privacy bill, which is expected to be seen before Parliament this winter, is intended to help facilitate the IT industry of India, may bring the country a step closer to fulfilling the data privacy standards upheld in many European countries. In addition, the bill includes a provision to establish a single regulator to ensure data protection policies adhere to international norms.

WhatsApp changes privacy policy

Following a hefty fine of €225m from the Irish Data Protection Commission (DPC) in September, the popular messaging service WhatsApp is making changes to its privacy policy. The company was fined for failing to comply with the General Data Protection Regulation (GDPR) legislation in Europe for lacking transparency in its privacy policy. This was the second-largest fine from the DPC in relation to a GDPR violation.

WhatsApp is now reorganizing its policy to enhance clarity and incorporate additional detail in several areas. In particular, the revised policy will include information on data gathering practices including what data will be collected, why it is collected and how the data is stored and used. Additionally, the update will include information regarding how data is shared across borders.

However, these changes will only apply to users in the UK and Europe. Affected users will receive a banner notification encouraging them to read the updated privacy policy but will not be prompted to agree to the policy as there are no ‘material’ changes.

EU lawmakers push for stricter regulations on personalized ads

Several Big Tech companies are already trying to circumvent the European Union’s crackdown of online tracking of users. Facebook has announced that it will remove its more controversial “ad targeting services,” which rely on personal information including religion, sexuality and political affiliation. Additionally, Google is expected to “phase out” use of third party cookies by 2022. Meanwhile, Apple is already blocking tracking software on its browser and other devices.

However, these changes to Big Tech business practices do not go far enough for some EU lawmakers who want to completely ban targeted advertising and incorporate it into the Digital Services Act. According to the report, the criticism of online ads is a sign that European lawmakers do not think companies such as Facebook and Google are doing enough to protect people’s privacy while using their platforms.

Despite this consensus, lawmakers are reportedly far from an agreement on a proposal as officials disagree on the logistics of an outright ban on targeted advertising.

That concludes Your Worldwide INTERNET REPORT for this week! 

Remember to SUBSCRIBE and spread the word about this amazing news service.

This issue of Your Worldwide INTERNET REPORT was written by Taylor Hudak; Edited by Suzie Dawson and Sean O’Brien; Graphics by Kimber Maddox; with production support by David Sutton.

Talk Liberation - Your Worldwide INTERNET REPORT was brought to you by Panquake.com. We Don’t Hope, We Build! 

© Talk Liberation CIC Limited. The original content of this article is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license. Please attribute copies of this work to “Talk Liberation” or talkliberation.com. Some of the work(s) that this program incorporates may be separately licensed. For further information or additional permissions, contact licensing@talkliberation.com