At a glance.
- Apple disables Clearview's iOS app for violating rules about app distribution.
- FCC fines mobile carriers for improper user location-sharing practices.
- Robot vacuum does double duty as a security camera, but fails to secure its video.
Apple disables Clearview AI's iOS app.
Apple found that Clearview AI had violated Cupertino's rules about app distribution, essentially bypassing Apple's App Store by encouraging its customers (mostly law enforcement agencies) to download Clearview's software through the Apple Developer Enterprise Program, which is reserved for developers. Apple suspended the developer account associated with Clearview, BuzzFeed reports, and has asked Clearview to explain itself within fourteen days. The terms of service for the Apple Developer Enterprise Program preclude making internal-use applications available to third parties. Clearview AI is the facial recognition company whose list of customers was exposed online last week. Its image database was not exposed, but the customer list suggested that Clearview had achieved significant penetration into both law enforcement and corporate markets. Retailers in particular were surprisingly well-represented on the customer list, although several of those who appeared there denied that they were in fact clients of the facial recognition shop.
Clearview used a variety of open sources to compile its database of facial images. A Motherboard reporter used the California Consumer Privacy Act to see what Clearview had on her and where they got the images. She found the sources were a mixed bag, including some scrapers the reporter describes as "sketchy," like Insta Stalker, which sweeps up images from Instagram.
Should you feel Clearview was harshly used by Apple for the things Clearview did with its Apple Developer Enterprise Program account, don't feel bad because they've been singled out unfairly. They're not the first. As BuzzFeed points out, Apple has given two mom-and-pops--Google and Facebook--the same treatment for similar behavior.
FCC fines big wireless carriers for questionable sharing of user location data.
As expected, the US Federal Communications Commission (FCC) fined four large mobile carriers for their user location-data sharing, Axios reports. T-Mobile took the biggest hit, with a fine of roughly $91 million. AT&T was fined $57 million, Verizon $48 million, and Sprint $12 million. T-Mobile has said, according to the Wall Street Journal, that it intends to fight the judgment. All of the companies fined said when the complaints first surfaced that they would suspend the practices the FCC found objectionable, but the FCC's press release indicates that some at least of those practices continued.
Your vacuum cleaner may be oversharing what it sees in your home.
A robot vacuum cleaner that combines a video camera for home security surveillance may be sharing too much of what it sees, Naked Security says. Trifo's Ironpie vacuum cleaner is touted as helping keep an eye out for intruders: "I am always alert and never sleep on the job," are the words Trifo puts into Ironpie's robotic mouth. Unfortunately researchers at Checkmarx have found that the video feed from Ironpie can be intercepted by unauthorized third parties. There are several issues with Ironpie, but the basic security problem comes down to faulty encryption. Checkmarx reported its findings on its blog.