|
|
 |
...lots and lots of people are broadcasting their locations.
- Matt Green, Cryptographer at John Hopkins
|
|
|
Happy New Year! And welcome to the first Snippets of 2024 🥳
If you're new here, Snippets brings you the latest at the intersection of privacy and tech every Thursday morning. If you've been with us a while, we appreciate your support! Either way, privacy is set for another whirlwind year, so let's jump in. Here's what's happening this week:
- Researchers from John Hopkins argue that cryptography could stop AirTag stalking
- State legislators are scrambling to protect children's data as AI tools become more prevalant in schools
- TikTok is facing an inquiry in Australia over pixel tracking
- And so much more!
|
|
|
|
|
Researchers develop new solution for AirTag stalking
|
 |
|
BackyardProduction/Getty Images
|
A group of researchers from John Hopkins University and the University of California have developed a cryptographic solution that theoretically improves Apple’s safeguards against using AirTags as stalking devices.
|
- Following reports of malicious AirTag use, Apple updated its “Find My Device” system to rotate an AirTag’s public identifier every 24 hours when it’s far from the iPhone or iPad that owns it.
- These changes, however, led to the AirTags broadcasting their location to anyone within a 30 to 50-foot radius—offering enough data for potential stalkers to track a target's movements.
- To address this, researchers used two cryptographic strategies: “secret sharing,” which breaks up static device IDs into multiple puzzle pieces, and “error correction coding,” which sorts individual signals from the noise of multiple AirTags in any given space.
|
|
|
|
|
|
|
Expand your network in the new year 🤝
|
|
Join Privacy Pulse to access an invite-only community where privacy professionals can crowdsource solutions to their biggest challenges, share or find a new role, and expand their professional network.
To ensure our community is valuable, thriving, and safe, we ask that everyone submit a brief application to join. All applications will be reviewed within 24 hours.
|
|
|
|
|
|
|
|
State legislators scramble as schools ramp up AI use
|
 |
|
Timothy D. Easley/AP
|
As schools begin deploying AI tools within classrooms, local and state lawmakers are scrambling to implement appropriate safeguards. The rush to bring AI tools for education to market has many experts concerned that children’s data is at risk.
|
- After COVID-19 forced classrooms to go virtual, schools in Arizona began working with 1EdTech, a community that qualifies vendors who have been vetted to work with children.
- But the post-pandemic rise of AI has encouraged new concerns about the technology, with 57% of parents worried their child’s school hasn’t asked for their input on responsible data use.
- The FTC has taken particular interest in this space—warning edtech producers about COPPA compliance in 2022 and suing the now-defunct Edmodo for children’s privacy violations in 2023.
|
|
|
|
|
|
|
|
TikTok faces inquiry in Australia
|
 |
|
ISTOCK
|
Australia’s privacy watchdog has launched an inquiry to determine if TikTok has violated the country’s data protection laws by harvesting Australians’ data without consent.
|
- The investigation comes after several Australian brands removed TikTok’s pixel (which collects email addresses, phone numbers, and browsing data) from their website over privacy concerns.
- When placed on brand websites, the pixel studies visitors’ shopping habits to hit them with targeted ads. Actions taken on these websites are then attributed to TikTok ads.
- Though pixels are commonly deployed by social media platforms, TikTok sends the information, which includes users’ location, back to servers in China.
|
|
|
|
|
|
|
|
- Google settles $5B lawsuit for tracking users in Incognito Mode.
- Trump’s former lawyer, Michael Cohen, admits to citing fake AI-generated court cases.
- Must-know privacy settings for Apple TV, Roku, and Fire Stick.
- 5 Firefox extensions to improve your privacy.
- The New York Times is suing OpenAI for copyright infringement.
|
|
|
|
|
|
OpenAI moves EU data operations to Dublin
|
 |
|
David Paul Morris/Bloomberg / Getty Images
|
After a round of investigations in the European Union (EU) over ChatGPT’s data processing practices, OpenAI updated its privacy policy for the region and began shifting its EU data processing operations to a Dublin office.
|
- The move is meant to capitalize on a GDPR provision that allows data processors to centralize privacy oversight under a single supervisory authority in a member state.
- In this case, that authority is Ireland’s Data Protection Commission, meaning other privacy watchdogs in the bloc can no longer enforce unilateral actions, except in cases of urgent risk.
- The company will still need to meet minimum hiring requirements to obtain "main establishment" status in Ireland under the GDPR, with only five of 100 open positions currently based there.
|
|
|
|
|
|
|
|
Turning to the FTC & CPPA as car privacy concerns increase
|
 |
|
JOEY KYBER VIA UNSPLASH
|
Faye Francy ended up at the home of her new car’s previous owner after plugging her phone into the vehicle’s infotainment system and selecting 'home'—a startling turn of events that once again highlights the vulnerabilities of personal data in modern vehicles.
|
- Car owners are largely unaware they should erase their data before selling a car, as manufacturers’ data disclosures are vague and hidden within unwieldy privacy policies.
- Not syncing your phone to the infotainment system does little to protect privacy, as cars have multiple sensors that can collect data—data which can then be sold to brokers, shared with insurers, or extracted by law enforcement.
- Without federal privacy legislation, experts see two viable alternatives: action from the CPPA, or an FTC investigation into car manufacturers’ data practices.
|
|
|
|
|
|
|
New year, new tools! Explore Transcend's major platform expansion
|
|
Recently, we announced a massive expansion of our product suite—making it even simpler for the world’s best brands to manage complex privacy compliance challenges.
With this new release, we've expanded our proven platform three-fold, aligning along five pillars of most urgent need: Data Asset Intelligence, Data Discovery & Classification, Autonomous Privacy Operations, Risk Intelligence, and AI Governance.
Learn more about this major update below.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
|
|
|
|
