A former executive at TikTok’s parent company ByteDance has claimed in court documents that the Chinese Communist Party (CCP) had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco Superior Court.

In France, the Senate just approved a controversial provision to a justice bill that would allow law enforcement to secretly activate cameras and microphones on a suspect’s devices.

This type of surveillance would be activated without notifying the owner of the device. The same provision would also allow agencies easier access to geolocation data to track suspected criminals.

Even though officials say they would only use the new update to the so-called “Keeper of the Seals” justice bill to capture sound and images of suspects of certain crimes such as delinquency, organized crime, and terrorism, the critics say this would still be disproportionate.

And it’s not only politicians – widespread concern has engulfed civil rights advocates and organizations, too. For instance, the Observatory of Digital Freedoms has denounced such a “security overkill” – it says any subject would risk being turned into a potential snitch.

La Quadrature du Net, another French advocacy group promoting digital rights and freedoms, has also expressed concern about the threat to privacy. According to the organization, investigators could, in theory, be allowed to remotely activate all connected devices, such as televisions or baby monitors.

“If this text were definitively adopted, it would dangerously increase the possibilities of police intrusion by transforming all our IT tools into potential spies,” the group warned in a press release.

Lawyers are also unhappy. The Paris Bar, representing almost 30 000 lawyers, said in a statement that it “deplored” the fact that the initiators of the provision – the government – didn’t consult them.

“This new possibility of remotely activating any electronic device constitutes a particularly serious breach of respect for privacy which cannot be justified by the protection of the public order,” said the Paris Bar.

“In addition, the project does not prohibit listening to conversations between the lawyer and her client in the lawyer’s office – even if it is prohibited. This is an inadmissible breach of professional secrecy and the rights of defense.”

Critics are urging French parliamentarians to dismiss the controversial provisions. And it’s not too late – the update to the bill must still be approved in the National Assembly, the more powerful lower house of the Parliament.

Eric Dupond-Moretti, the justice minister, argues that all the necessary safeguards are in place – for example, every surveillance operation would have to be approved by a judge.

Since 2015, when terrorist attacks rocked France, the country has increased its surveillance powers, and the “Keeper of the Seal” bill has been likened to the infamous US Patriot Act.

Activating cameras and microphones on a suspect’s device might not be allowed for now. But the French law allows the government to monitor phone calls and emails of terrorism suspects without obtaining a warrant. Paris is now planning to go one step further.

cross-posted from: https://lemmy.ml/post/1183313

Privacy International and UCL student exposes how productivity suite like Office 365 offers features that can enable employers to access all communications and activities on Microsoft services without the employees' knowledge

cross-posted from: https://lemmy.ml/post/1181011

We want the right to privacy over our medical records. This means having control over our personal health information, who has access to this information and for what purpose.

We demand you to amend the European Health Data Space by:

• Requiring explicit consent from patients regarding sharing of medical records for purposes not directly related to treatment(aka for secondary use)
• Limiting the extensive categories of ‘health data’
• Narrowing the scope of how this information can be used, and who can access it

Also a good conversation here: https://news.ycombinator.com/item?id=36227166

EDIT: Changed the link to an archive.org version.

on r/privacy

Crossposted from: https://lemmy.ml/post/1137769

Just because software is open source does not mean someone is actually looking at the code. But depending on the software there are incentives to do so. Some people might be technologically interested on the way a software does something and look at the source code for that. Some people might want to check the benignity for themselves and actively check the source code for malicious features. With community maintained software there are often many different independent people working on the software. Also many open source software projects allow code commits to the software. Many eyes on the software due to many people working on it increases the chance of malicious features or vulnerabilities being discovered. A great thing about FOSS is the possibility to fork it or to use the FOS software of someone else in your software. FOSS allows and even encourages everyone to work with the software of others for ones own purpose and to modify, adapt or embed it. This leads to more people having an eye on the source code just for purely practical purposes. Open source just means publishing the source code, but FOSS is about actively reusing, improving and adapting other people's work in your own work. Security researchers might also have a look on open source software purely for their own research. Another great important aspect are bug bounties. Many developers pay bounties to people who report vulnerabilities to them. That creates an incentive to audit the code. But obviously not every project, especially smaller ones, have bug bounty programs. But you could probably sponsor one for some software you like.
Lastly there are independent third party audits. Those can be done for a number of reasons. There can be community paid audits through donations. VeraCrypt had one for example. Then there might also be other organizations who want to use the software and have an interest in its security. VeraCrypt is also an example for that. The German government paid the Frauenhofer Institute for an audit of VeraCrypt.

In the end it comes down to the specific software. If someone implements a malicious feature in their software it is not necessarily going to be found just because the source code is open. If you find some random unknown software it is not secure just for being open source, but the chance of malicious features or vulnerabilities being discovered is definitely higher if it is possible to look for them in the first place.

Security critical software should be open source and audited.

This work is licensed under CC BY-SA 4.0. To view a copy of this license, visit https://creativecommons.org/licenses/by-sa/4.0/

Oh look, that thing they said definitely wasn't happening was happening...

Caught this is on one of the piped instance. Every video on this instance has the same warning. Piped is an opensource privacy frontend for YouTube, which uses NewPipe's youtube extractor.

r/privacy

• ByteDance allowed a Chinese Communist Party unit to censor content and access data, a new lawsuit alleges.
• The unit, referred to as the "Committee," even had a "death switch" to turn off certain apps.
• ByteDance built a "backdoor channel" to enable CCP access to US user data, the suit alleges.

I hope this app gets picked apart and investigated thoroughly. If the claims in the lawsuit are true, then it will have confirmed what probably a lot of privacy minded people have long been suspecting.

Tries to remove tracking https://12ft.io/proxy?q=https%3A%2F%2Fwww.heise.de%2Fhintergrund%2FEU-Plaene-zur-Chatkontrolle-Buergerrechte-ade-8984863.html

Original article https://www.heise.de/hintergrund/EU-Plaene-zur-Chatkontrolle-Buergerrechte-ade-8984863.html

r/privacy

r/PrivacyGuides