At a glance.
- Apple blocks 3rd-party cookies in Safari.
- Oxford's contact-tracking app.
- Fear of unemployment as an incentive to give up personal data.
- A secure cloud data storage service inadvertently exposes an AWS S3 bucket.
No more cookies on Safari, thanks.
Apple has now blocked third-party cookies in Safari by default, which will make online behavior more difficult to track and analyze, the Verge reports.
Oxford University researchers continue to advocate a pan-European COVID-19 tracking app.
Oxford is working on a tracking app it hopes will enable European governments to identify possible COVID-19 exposure at earlier stages of infection. Once someone was diagnosed with the virus, a warning would be sent to people who had recently come into contact with them, phone geolocation proximity serving as a surrogate for personal physical encounters. The university's Big Data Institute, in its announcement of the project, does some hand-waving about the importance of protecting user privacy (along with attention to other ethical matters like access to care and so on) but it's clear from their statements that they believe the pandemic has grown beyond the ability of conventional contact tracking, and that an automated system of the kind they propose is indicated as an emergency measure.
The intentions of the Oxford researchers are surely benign, but many have expressed concerns that surveillance technologies and practices introduced as temporary emergency measures may become effectively permanent. The National Law Review offers a summary of pandemic surveillance across several countries.
Fear of unemployment fills targeted ad databases.
With the insecurity, layoffs, and tough business conditions the coronavirus pandemic is generating, people's concerns are manifesting themselves in Google's search bar, and unscrupulous data collectors know this. Dubious ads targeting the unemployed and those who fear they're about to be unemployed are proliferating in Google results, Gizmodo reports. Google's in-market audiences tool compiles the results of search histories in ways that unscrupulous data brokers can use to entice people to answer such ads and complete surveys, the results of which can be sold for marketing use.
Secure cloud storage provider inadvertently exposes AWS S3 bucket.
vpnMentor says it'd found an unsecured AWS S3 bucket with data belonging to secure cloud storage provider Data Deposit Box. About two-hundred-seventy-thousand files were exposed in the incident. In this case vpnMentor gives Data Deposit Box high marks for responsiveness. "Data Deposit Box responded quickly to secure the data. The company assured us that they are currently working with their customers to ensure their data is safe going forward."
While any unsecured online database is always regrettable, this sort of misconfiguration does happen, and it often happens because of configuration drift, as discussed in the CyberWire Daily Podcast. A bucket might well be properly secured when it's first established, but over time, as people work with it for entirely legitimate purposes, there's a tendency for it to be flipped open to the Internet. And sometimes the administrators forget to flip it back. It's not known whether this occurred in the Data Deposit Box incident, but the possibility is worth bearing in mind, and guarding against, in any cloud environment.