Press

Announcements

New Collaborations on Exposing Tracking

December 24, 2017, F-Droid

“Researchers at Exodus Privacy and Yale Privacy Lab are working on taking the next big step, by creating tools for automating the process of finding all the various forms of tracking that apps can include. F-Droid will work with them to merge efforts, increasing the effectiveness of volunteers, and exposing the inner workings of software in daily use worldwide.”
Read More…

ISP Privacy Lab Publishes Research on Hidden Trackers

November 28, 2017, Yale Law School

Privacy Lab found that marketers are increasing the scope of their real-world surveillance through precise location tracking in physical space. Companies are making use of WiFi, Bluetooth, and in some instances, ultrasonic sound inaudible to the human ear, in order to track users’ geolocations in real time. Major players like Google and Oath now offer services to track in-store behavior, while smaller players like Fidzup have developed cutting-edge technologies for WiFi and ultrasonic solutions, according to the data.
Read More…

Android Trackers: #BlackFriday Announcement from Privacy Lab

November 24, 2017, Sean O’Brien and Michael Kwet

Privacy Lab has published details from its research into 25 trackers hidden inside popular Google Play apps such as Uber, Tinder, Skype, Twitter, Spotify, and Snapchat. Publication of this information is in the public interest, as it reveals clandestine surveillance software that is unknown to Android users at the time of app installation. These trackers vary in their features and purpose, but are primarily utilized for targeted advertising, behavioral analytics, and location tracking.
Read More…


Articles featuring Privacy Lab

The Secret Sharers: Are Your Favorite Apps Watching You?

March 6, 2018 by for Yale Alumni Magazine

“Many of the most popular apps in the Google Play store contain trackers: you download the app, and the trackers sweep up a variety of data… Such tactics create a ‘power asymmetry’ for marketers, say Michael Kwet and Sean O’Brien, authors of the study…”
Read More at Yale Alumni Magazine

Bad Aadhaar Cybersecurity Tramples on the Right to Privacy

February 11, 2018 by for Business Today

“Whenever a security researcher looks at an official government Aadhaar app, there are blatant privacy problems and sloppy cybersecurity, such as sending data over the Internet unencrypted . To compound this, Web portals linked to Aadhaar are left open for exploitation…’”
Read More at Business Today

Reviving the Independence of Cyberspace

February 8, 2018 by for BoingBoing

“In the 1990’s, you’d be forgiven for assuming that the Internet could become an endless, infinite library. Yet we’ve passively allowed intermediaries to lock it down and wall us off from each other, and our collective culture, in ever more creative ways. With John Perry Barlow’s recent passing, maybe it’s time to reread his manifesto and revive the concept of the Independence of Cyberspace…’”
Read More at BoingBoing

Love, Sex, and Trackers - Tinder and Other Dating Apps Are Spies In Your Bedroom

January 24, 2018 by for BoingBoing

“In a bombshell report on Tuesday, it was revealed that Tinder users are left vulnerable to voyeurs, blackmail, and targeted surveillance. Researchers at security firm Checkmarx demonstrated that Tinder doesn’t encrypt photos, allowing someone on the same network to copy these files or even insert their own photos into the app. Worse, the data that is encrypted by Tinder is predictable, allowing the researchers to decipher ‘exactly what the user sees on his or her screen… What they’re doing, what their sexual preferences are, a lot of information.’”
Read More at BoingBoing

F-Droid: A Free, Open, Privacy-Oriented Android App Store That Corrects Android’s “Original Sin”

January 22, 2018 by for BoingBoing

“They argue that the proliferation of spyware in Android stems from the project’s ‘original sin’ ”: a directive to create an alternative Linux ecosystem that eliminated the ‘GNU’ part of ‘GNU/Linux’: that is, the part of the licensing regime that required programmers who modified open projects to make their projects open, too. In so doing, Google created a constellation of apps and tools that can be trojanized without violating the software license and without any way to audit the modifications and spot the malicious code.”
Read More at BoingBoing

Android Users: To Avoid Malware, Ditch Google’s App Store

January 21, 2018 by for WIRED

“Android’s privacy and security woes are amplified by cellphone companies and hardware vendors, which bolt on dodgy Android apps and hardware drivers. Sure, most of Android is still open-source, but the door is wide open to all manners of software trickery you won’t find in an operating system like Debian GNU/Linux, which goes to great length to audit its software packages and protect user security.”
Read More at WIRED

Apple Health Data Is Being Used as Evidence in a Rape and Murder Investigation

January 11, 2018 by for Motherboard/VICE

“I asked Michael Kwet and Sean O’Brien, both researchers at Yale Privacy Lab who have previously written on the topic of privacy and health apps for Motherboard, whether we should expect more of these kinds of cases—where someone’s own phone essentially testifies against them—in the US.”
Read More at Motherboard

Is It Safe to Send Your Child to School in 2018?

January 6, 2018 by for Saturday Star

“If none of that is enough to scare you into joining the current home-education boom, Michael Kwet from Yale Law School Privacy Lab has just blown the whistle on a whole new hazard. According to his paper published in Internet-related Journal First Monday, on December 4, 2017, significant details of Operation Phakisa for Education (OPE), initiated by President Zuma, have been kept secret.”
Read More at Saturday Star

How And Why Apple, Google, And Facebook Follow You Around In Real Life

December 22, 2017 by for Fast Company

“The trackers found by the Yale researchers include some of the most popular apps on the Google Play Store, including Tinder, Spotify, Uber, and OKCupid. Many of these apps rely on a service owned by Google, Crashlytics, that primarily tracks app crash reports, but can also provide the ability to ‘get insight into your users, what they’re doing, and inject live social content to delight them.’ The researchers didn’t study iOS apps, but they warned that the problem may also exist on Apple’s App Store, noting that many of the tracker companies used on Android apps also distribute apps via Apple.”
Read More at Fast Company

The Targets of Mobile Apps: Your Health, Your Ancestors, and Your Baby

December 14, 2017 by for Motherboard/VICE

“As we travel through our lives, smartphones in pocket, we are building detailed data profiles. When we install an app, we’re not informed about the potential consequences of this surveillance. Some day, our digital “shadows” may affect our insurance rates, our credit, and the opportunities of our children.”
Read More at Motherboard

Gillette Knows Whether You Shave Because Tinder Told It About You

December 10, 2017 by for CBC Spark

Sean says this is leading us towards a future like that shown in the film Minority Report, where advertisements in malls and on streets address people individually, by name. ‘It could happen,’ he says. Mostly, the tracking apps are collecting our location data, which is granular enough that some can figure out where we live, where our family lives, and where we work. One tracker in particular can do this by sending out tones at subsonic frequencies, which are picked up by our phone’s microphone, which then relays its position - right down to the aisle we might be perusing in a particular store.”
Read More at CBC Spark

From Tinder to Uber, Most Top Apps Are Tracking You

November 30, 2017 by Devika Singh for Business Today

A few days ago, a friend had an eerie experience. Minutes after talking to her husband about a possible trip to Indonesia in the living room of her home, advertisements of holiday packages for Bali started appearing on her social media and search feed.”
Read More at Business Today

Over 75% of Android Apps Are Secretly Tracking Users

November 29, 2017 by Brandon Vigliarolo for Tech Republic

“Yale Privacy Lab (YPL) has just published the results of research that should be startling to any Android user: Over 75% of Android apps tested contain trackers that are unknown to their users.Android apps tracking users aren’t just small timers looking to make a buck selling data — it’s apps like Tinder, Spotify, Uber, PayPal, Twitter, and Snapchat. YPL adds that there are likely many more that haven’t been detected, as tracking users via mobile apps is an entire industry. Android users with privacy concerns are right to be worried about these findings.”
Read More at Tech Republic

Google, Android Developers Called Out for Another Privacy and Security Issue

November 29, 2017 by Mario Manlupig, Jr. for International Business Times

Yale University’s Privacy Lab has called the attention of Google Inc and Android developers to be more transparent in their privacy and security practice. This comes after the venerable institution’s study found that more than three in four Android applications contain at least one third-party tracker. Hundreds of apps were analysed by Privacy Lab in cooperation with French research group Exodus Privacy and discovered signatures of 25 known trackers in three-quarters of Android apps on the Play Store. Trackers are used to extracting information about users to optimise targeting of advertisements and other services.”
Read More at IB Times

Three Quarters of Android Apps Track Users with Third Party Tools – Study

November 28, 2017 by Alex Hern for The Guardian

Yale Privacy Lab is using its research to call on developers, as well as Google, ‘for increased transparency into privacy and security practice as it relates to these trackers.’ The researchers added: ‘Android users, and users of all app stores, deserve a trusted chain of software development, distribution, and installation that does not include unknown or masked third-party code. Scholars, privacy advocates and security researchers should be alarmed by the data, and can provide further analysis now that these findings and the Exodus platform have been made public.’”
Read More at The Guardian

Uber, Tinder, Snapchat and Other Top Apps Include Trackers That Secretly Watch Everything Users Do

November 28, 2017 by Aatif Sulleyman for The Independent

To demonstrate how easy it can be to make a tracking app available to users, the researchers developed an app called FaceGrok, which recognises faces in view of the camera, and launched it on Google Play. ‘Though FaceGrok does not transmit any facial recognition data, it could do so with simple modifications,’ they wrote.”
Read More at The Independent

Surprise: Android Apps Are Riddled with Trackers

November 28, 2017 by Richard Chirgwin for The Register

In case you’re wondering, yes, there’s a good chance at least some of your Android apps have tracked you rather more than you expect. That’s the conclusion of a joint project between Yale University’s Privacy Lab and French non-profit Exodus Privacy, which has this month documented snoopware features in apps from Uber, Tinder, Skype, Twitter, Spotify, and Snapchat, the university said.”
Read More at The Register

Study: Vast Majority of Google Play Apps Are Covertly Tracking Users

November 28, 2017 by Tom McKay for Gizmodo

It’s not hard to surmise why the trackers are so widespread — users are easily suckered into downloading apps, especially free ones, and including trackers turns every user’s data into a monetizable commodity — and the ubiquity of the tracking software only underscores how widespread spying on users is in the digital era. The researchers were particularly concerned that the individual streams of data could be merged to build intimate profiles of users.”
Read More at Gizmodo

Researchers Craft Android App That Reveals Menagerie of Hidden Spyware; Legally Barred from Doing the Same with iOS

November 25, 2017 by Cory Doctorow for BoingBoing

Yale Privacy Lab and Exodus Privacy’s devastating report on the dozens of invasive, dangerous ‘trackers’ hidden in common Android apps was generated by writing code that spied on their target devices’ internal operations, uncovering all manner of sneaking trickery.”
Read More at BoingBoing

Les mouchards des applications mobiles - nous rapprochent d’un monde à la “Minority Report”

November 24, 2017 by Martin Untersinger for Le Monde

Mike Kwet and Sean O’Brien are researchers at the Privacy Lab at the prestigious American university Yale. They worked on some trackers revealed by Exodus. They revisit the lessons they have learned for Le Monde.”
Read More at Le Monde [French language]

Staggering Variety of Clandestine Trackers Found in Popular Android Apps

November 24, 2017 by Yael Grauer for The Intercept

Researchers at Yale Privacy Lab and French nonprofit Exodus Privacy have documented the proliferation of tracking software on smartphones, finding that weather, flashlight, ride-sharing, and dating apps, among others, are infested with dozens of different types of trackers collecting vast amounts of information to better target advertising.”
Read More at The Intercept

Moglen On Privacy And ‘The Machine’: This Is Not Over Yet

September 29, 2017 by for Intellectual Property Watch

“NEW HAVEN — In an arresting presentation framed in a first-hand account of the creation of the early internet and focused on the hyper-sophisticated sensors we carry everywhere in the form of our smartphone, marking our every behaviour and element of our life for commercial and state use, Free Software legend and privacy advocate Prof. Eben Moglen gave a speech this week at Yale Law School on privacy, the “machine,” and the jarring threat humanity is facing. There is at least one sign of hope, he said: the FreedomBox.”
Read More at IP Watch | Archived PDF version

More Articles by Our Team

BSNL Cyber Security Could Have Been Fixed Two Years Ago

March 6, 2018 by for Business Today

“If India is to meet the challenge of cyber security as Prime Minister Modi has proposed, the challenge must be met with honesty, even if it is brutal and exposes flaws in administration or implementation…”
Read More at Business Today

Big Brother Set to Watch Each Pupil

December 8, 2017 by for Mail & Guardian

“These interviews have made clear that ‘big data analytics’ is coming to the public school system, through the detailed study of pupils’ behaviour. Computer network services are a central feature of OPE, designed to collect detailed records of each pupil’s activity on government-subsidised computers. Corporate partners will provide expertise and software for the analysis of the schoolchild’s records.”
Read More at Mail & Guardian

Operation Phakisa Education: Why a secret? Mass surveillance, inequality, and race in South Africa’s emerging national e-education system

December 4, 2017 by

“This paper investigates several human rights concerns with respect to the South African government’s secretive plan to transform basic education, Operation Phakisa Education. The first concern is the influence of digital surveillance on education and society by government and corporate institutions. This is evaluated in light of electronic foreign and domestic government and corporate surveillance, as well as the context of socioeconomic inequality. Another is the likelihood of a chilling effect on free speech and inquiry. A third issue is the monitoring and evaluation of teachers and the associated limits on teacher autonomy. Last, it considers democratic process and informed consent. It concludes that Operation Phakisa Education poses serious problems for education and society, and contradicts principles of democratic transparency endorsed in education policy.”
Read More at First Monday

Apartheid in the Shadows: the USA, IBM and South Africa’s Digital Police State

May 3, 2017 by for CounterPunch

“Beggars and vagrants” are not welcome in Parkhurst, a mostly white suburb of about 5,000 in Johannesburg, South Africa.  Criminals of “increasing sophistication and aggression” are on the prowl, residents claim.  To combat local crime, community members proposed a solution: put surveillance everywhere.  Their proposal, however, was not for “traditional” surveillance.  Thanks to the digital revolution, Parkhurst could now integrate facial recognition, thermal sensors, infrared tracking, and data analytics.  Armed with powerful new tech, poor black “vagrants” can be watched, flagged, policed, and intimidated into submission.
Read More at CounterPunch | Archived PDF version

Cmore: South Africa’s New Smart Policing Surveillance Engine

January 27, 2017 by for CounterPunch

“Ever watched a crime drama or spy film…where a team of technicians are sitting in a darkened room full of big, fancy monitors that enable them to constantly track and follow a Jason Bourne-like assailant with great precision, in real-time, while being in constant communication with a team of operatives and controlling traffic lights and surveillance cameras seemingly at will?  That is the kind of advanced shared situational awareness that the Cmore system can enable.”
Read More at CounterPunch | Archived PDF version