At a glance.
- Report: Twitter’s ad pixel shares user data.
- Security design changes at Apple.
- Data breach at US publishing house.
Report: Twitter’s ad pixel shares user data.
A study from digital ad analysis firm Adalytics has revealed that at least 70,000 websites belonging to government agencies, leading companies, and other organizations using Twitter’s advertising pixel are allowing visitor information to be sent to the social media company. Among the websites in question are studentaid.gov, a Department of Education-operated application site for college financial aid, and the leadership website for House Minority Leader Kevin McCarthy of California. While Twitter provides a feature that restricts how the company uses the collected data, virtually none of the organizations in question have actually taken advantage of the option. Adalytics founder Krzysztof Franaszek explains, “Government agencies, hospitals, over half of all U.S. members of Congress, media publishers, and brands may not be aware that they are sharing terabytes of their visitors’ and audience’s data with Twitter.” And Elon Musk’s recent purchase of the platform has only worsened matters, as the terms of Musk’s purchase give large foreign investors special privileges allowing them access to more information than lower-level investors. Cadillac and other competitors Musk-owned automaker Tesla were also among the users of the Twitter pixel. John Davisson, director of litigation and senior counsel at the Electronic Privacy Information Center, told the Washington Post, “It’s dangerous for any firm to collect this kind of … data about our browsing habits, but given that Twitter has a spotty privacy and data security history, it’s particularly alarming for Twitter to have that information.”
Security design changes at Apple.
The Wall Street Journal reports that on Wednesday Apple announced plans to significantly expand its data-encryption practices with an optional feature called Advanced Data Protection. By offering fully encrypted backups of photos, chat histories, and other sensitive user data in its cloud storage system, Apple’s intent is to protect such data from hackers. Hosever, the feature will also place the data out of the reach of law enforcement and intelligence agencies, even with a warrant. Last year Apple responded to thousands of legal requests from US authorities like the Federal Bureau of Investigation (FBI) seeking data stored in iCloud backups, and the new security enhancements will make this an impossibility. As the Washington Post notes, the FBI released a statement saying it was “deeply concerned with the threat end-to-end and user-only-access encryption pose…This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism.” Apple says Advanced Data Protection will be available to public software testers immediately, and to all customers by year’s end, and the company will start offering the feature to other countries in the new year.
Meanwhile, Apple has announced it’s scrapping plans for a tool intended to scan photos stored on iCloud for child sexual abuse material (CSAM). Announced last year, the goal was to prevent the dissemination of such harmful content, but security experts and digital rights activists have expressed concerns that the surveillance capability could be abused to violate the privacy of iCloud users. “We have further decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos. Children can be protected without companies combing through personal data, and we will continue working with governments, child advocates, and other companies to help protect young people, preserve their right to privacy, and make the internet a safer place for children and for us all.” Apple told WIRED it will instead focus its anti-CSAM efforts on its “Communication Safety” features, which give caregivers the option to set up protections in family iCloud accounts that will warn if someone is attempting to view CSAM and provide resources for reporting.
Data breach at US publishing house.
US publishing firm MacMillan has disclosed a data breach in which an unauthorized party bypassed its data security system and gained access to sensitive customer data. JDSupra reports that MacMillan first detected the intrusion around June 25, 2022, after learning that some network files had been encrypted. Macmillan took the impacted servers offline, and the subsequent investigation revealed that customer information had been accessed.The compromised data includes consumer names, addresses, Social Security numbers, driver’s license numbers, and financial account information, and although the exact number of victims has not yet been determined, the Texas Attorney General reports that there are over one thousand victims in the state of Texas. Macmillan Publishers began sending data breach notification letters to impacted individuals last week.