Privacy

Apple’s known for its push for privacy by stating this is a “fundamental human right.” Different from most Big Tech companies, Apple says it’s not a company driven by ads, which means it doesn’t need to collect your data to sell products. Now, a new study shows that, in fact, Apple is the company that collects less data compared to other companies.

A Twitter investigation has been announced by the Senate Judiciary Committee, following claims of “extreme” security failings at the social network. The claims were made in an 84-page report by the company’s former head of security, Peiter Zatko.

Concerns have been expressed about the national security risks of bad actors being able to fake tweets from the accounts of world leaders and major media organizations …

Update: Elon Musk’s lawyers have now issued a subpoena to speak to Zatko about the claims.

Former Twitter security head Peiter Zatko has filed a formal complaint that the company has “extreme, egregious deficiencies” in its protections against hackers, and has done little to defeat spam.

He accuses the company of deceiving the Federal Trade Commission (FTC), following promises made back in 2011 after hackers twice took full control of Twitter …

The British government has backed a call by the country’s security services for client-side scanning for child sexual abuse material – aka Apple’s CSAM approach.

Home Secretary Priti Patel has written an op-ed in which she indicates government support for the stance, while also attacking Facebook’s plans to make all Messenger chats end-to-end encrypted by default …

Spyware company NSO, whose Pegasus app can be used to give attackers almost full remote access to an iPhone, has announced that it is downsizing, and losing its CEO.

Bizarrely, the company argues that this is in order to prepare for growth …

A few days ago, developer Felix Krause shared a detailed report on how mobile apps can use their own in-app web browser to track user data. Now Krause is back with a new tool that lets anyone see JavaScript commands injected through an in-app browser.

A Hide My Email Ventura feature for third-party apps has been removed from Apple’s website. The disposable email address feature now appears to remain limited to the company’s own Mail and Safari apps.

The feature has been removed from the Ventura preview page sometime in the past week or so …

An AirTag stalker has been handed a prison sentence and subjected to a restraining order after he was found to have planted the tracking device in his former girlfriend’s car.

Not being the brightest of criminals, the stalker revealed his knowledge of the victim’s whereabouts by sending her a text message …

One of the more annoying things some apps do is incorporate their own in-app browser, opening that for web links instead of respecting your chosen default browser.

This has long been a nuisance, but a developer has now explained the security risks of doing so, especially when dealing with companies not noted for their privacy standards – like Facebook …

An FTC privacy push could begin as soon as today, says a new report, thanks to the determination of chair Lina Khan to make this a key issue for the commission.

However, insiders say that the process of drawing up FTC privacy rules is likely to be a slow one, and it could be years before the commission is in a position to enforce them …

Update: Twitter has rather belatedly confirmed that a hacker was able to expose the account details, though the company has not commented on the 5.4M number. See statement at the end of the piece.

A Twitter data breach has allowed an attacker to get access to the contact details of 5.4M accounts. Twitter has confirmed the security vulnerability which allowed the data to be extracted.

The data – which ties Twitter handles to phone numbers and email addresses – has been offered for sale on a hacking forum, for $30,000 …

A European court ruling could result in ad tracking rules becoming much stricter in future. The court essentially set a precedent that inferred data is still personal data.

This means that if a company can work out things about you, then that information is protected every bit as much as personal data you provided directly …

Security researchers have discovered a developer error in more than 3,200 mobile apps, which make possible full or partial Twitter account hijacks.

In the worst examples, affecting around 320 apps, it enables an attacker to gain complete control of a Twitter account …

Congress is set to vote on The Intelligence Authorization Act, intended to further punish spyware makers like NSO. It follows evidence that the company’s Pegasus spyware was used to hack iPhones used by American diplomats.

The Commerce Department had already named NSO as a threat to US national security, and banned the import and use of Pegasus, but the bill would take things further …

The Federal Communications Commission (FCC) is again investigating the collection and use of carrier location data – the information mobile networks have about where your mobile devices are, as well as your movement patterns.

It follows a previous investigation which last year found that wireless carriers broke federal law by selling this private data to a number of third-party companies …

An Apple Indonesia agreement could force the company to hand over to the government the personal data of iCloud users.

Other tech companies also signed the agreement after the government set a deadline to avoid fines or even being banned from operating in the country.

A nasty piece of Mac malware is being actively used in the wild to capture personal data from Macs. Security researchers say that CloudMensis spyware can allow an attacker to download files, capture keystrokes, take screengrabs, and more.

Cybersecurity firm ESET says that the spyware has been in active use since February, and appears to be targeting specific individuals …

The latest Pegasus iPhone hack to come to light targeted more than 30 pro-democracy protestors. Apple detected that their phones had been infected by NSO’s spyware, and alerted them.

Thailand has been the subject of multiple military coups over the years, the most recent of which was in 2014, with an army-backed leader still in power today after elections widely believed to have been fraudulent …

Update: The vote on the bill is now expected to be delayed until the fall – see end for more details.

A proposed new CSAM law in the UK could force all messaging companies to use the type of client-side scanning approach that Apple planned to launch to detect child sexual abuse material (CSAM) on iPhones.

An amendment to the Online Safety Bill has been put forward that would require tech companies to identify and remove CSAM, even in end-to-end encrypted private messages …