Dark mode: ON

Infosec Decoded Season 4 #85: Location Tracking

With @sambowne@infosec.exchange

Recorded Fri, Oct 25, 2024

Sam Bowne

The Global Surveillance Free-for-All in Mobile Ad Data
Atlas Data Privacy Corp. helps its users remove their personal information from the clutches of consumer data brokers. Atlas has sued 151 consumer data brokers on behalf of New Jersey law enforcement officers whose information should have been completely removed from commercial data brokers.

One defendant, Babel Street, allows customers to draw a digital polygon around nearly any location on a map of the world, and view a history of the mobile devices seen coming in and out of the specified area. Using a trial version of it, an investigator was able to track visitors to a mosque and employees at an abortion clinic, as well as law enforcement officers.

How is the data collected? Location data also is shared when a smartphone visits a web page with ads. In the few milliseconds before those ads load, the website will send a “bid request” to various ad exchanges, where advertisers can bid on the chance to place their ad in front of users who match the consumer profiles they’re seeking. That bid request contains location data and it's broadcast in the clear to hundreds of entities around the world.

Data brokers can locate roughly 80 percent of Android-based devices, and about 25 percent of Apple phones. The difference comes from Apple's App Tracking Transparency (ATT) that requires apps to get affirmative consent before they can track users.

Sen. Ron Wyden (D-Ore.) said Congress’ failure to regulate data brokers, and the administration’s continued opposition to bipartisan legislation that would limit data sales to law enforcement, have created this current privacy crisis.

Phone users can disable this tracking--instructions are at the end of the article.

Ransomware's ripple effect felt across ERs as patient care suffers
Ransomware infected 389 US healthcare organizations this fiscal year, putting patients' lives at risk and costing facilities up to $900,000 a day in downtime alone, according to Microsoft. Stroke code activation at hospitals close to one suffering from a ransomware infection jumped from 59 to 103, cardiac arrests increased 81 percent, and survival rates for out-of-hospital cardiac arrests with favorable neurological outcomes plummeted, from 40 percent pre-ransomware infection to 4.5 percent.

Google’s DeepMind is building an AI to keep us from hating each other
The AI did better than professional mediators at getting people to reach agreement.

Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
This year, we have experienced an astonishing surge in ransomware payments, with the average payment increasing by a staggering 500%. The leading vulnerability across all organizations is the widespread reliance on legacy Multifactor Authentication, which is proving ineffective against modern threats. According to CISA, 90% of successful ransomware attacks start with phishing.

APISEC University: Free, Real-World ‍API Security Training

Ford CEO admits he drives a Chinese electric vehicle and doesn't want to give it up
" I drive the Xiaomi," he said. "We flew one from Shanghai to Chicago, and I've been driving it for six months now, and I don't want to give it up." "70 percent of all electric cars made on the globe are made in one country, China," he said.

Google offers its AI watermarking tech as free open source toolkit
SynthID provides a hidden way to mark LLM output as artificial. It works by biasing the probability of selecting a word (actually a token) so there's a pattern in the words that can be detected, without significantly lowering the quality of the results.

New Claude update introduces problem-solving tool — and it looks like a game changer
The 'code sandbox' allows Claude to write and run JavaScript code. This release moves Claude from relying solely on abstract reasoning to becoming a more versatile data analyst. Now Claude has the ability to write and execute code in real-time as well as process and visualize data from CSV files, offer step-by-step insights and verify answers mathematically.