Google Drives Man Off Bridge and AI Helps Scammers Impersonate You (Issue 24, 2023)
T-Mobile Users Temporarily Saw Other's Data and Microsoft Accidentally Exposes Terabytes of Passwords
We’re delivering you the hottest internet news that affects all of us. Scroll down to read our full reporting below and if you love what we’re doing, please consider contributing $5 per month so that we can continue providing you with this vital, unique reporting.
Talk Liberation is committed to providing equal access for individuals with disabilities. To view an accessible version of this article, click here.
In this edition:
Google Sued over Fatal Google Maps Error after Man Drove Off Broken Bridge
Microsoft Accidentally Exposes Terabytes of Private Keys and Passwords
Scams Are Impersonating Your Voice Thanks to AI
Los Angeles Sues IBM’s Weather Channel for Use of Location Tracking
T-Mobile Users Saw Other Customers’ Personal Data Due to “System Glitch”
UK Privacy Watchdog Silent as Google Flicks Off Critique that its Topics API Fails to Reform Ad-Tracking
Twitter Takeover May Have Violated Privacy Order
More Details Emerge Related to Massive TikTok Fine
Greater Manchester Police Officers’ Data Hacked in Cyber-Attack
Panquake Releases Tracker-Free Short Link Service ‘Panquake Me’
Google Sued over Fatal Google Maps Error after Man Drove Off Broken Bridge
A woman from North Carolina is suing Google after her husband drove off a broken bridge while following directions from the Google Maps app. According to the filed paperwork, Google received multiple notifications that the bridge had washed away, with the earliest correspondence in November of 2020.
The bridge originally collapsed in 2013 and the owners of the land it occupies are also named in the lawsuit. Despite the notifications, Google Maps continued to direct users across the washed out bridge, culminating in the death of Philip Paxson on September 30th, 2022.
Stating her frustration regarding the death of her spouse, Alicia Paxson believes: "Google ignored the concerned community voices telling them to change its map and directions… I still can't understand how those responsible for the GPS directions, and the bridge, could have acted with so little regard for human life."
Microsoft Accidentally Exposes Terabytes of Private Keys and Passwords
Cloud security company Wiz recently discovered a Github repository associated with Microsoft’s AI research division that was publicly available and granted permission to far more private data than intended. The discovery from Wiz occurred while performing routine work related to accidental exposures of cloud-hosted data.
In total, 38 terabytes of sensitive data were inadvertently exposed including two backups of Microsoft employee’s personal computers. Wiz also found that the data had been available since 2020 due to a misconfigured access token created by a Microsoft Azure “share” link that directed users to the massive trove of data.
Within two days of sharing the findings with Microsoft the issue had been resolved, with the former tech monopoly claiming: “No customer data was exposed, and no other internal services were put at risk because of this issue.”
Scams Are Impersonating Your Voice Thanks to AI
According to a new report by security software company McAfee, the prevalence of scams impersonating your voice using AI is on the rise. The issue is growing quickest in the country of India with nearly half of adults having been a victim or knowing a victim of this new-fangled fraud.
Comparing this percentage with the global average of just 1 in 4 adults exposed to AI voice scams outside the country, Indian’s are losing nearly ₹50,000 (~$600 equiv.) on average to the scammers.
Researchers found that it only takes 3 seconds of your voice to clone it, and the scammers have begun using this ability to establish trust with people in close relationships with the victim. Some of the tactics employed include pretending to have been robbed, needing money while traveling abroad, or claiming to have lost a phone or wallet.
Los Angeles Sues IBM’s Weather Channel for Use of Location Tracking
The Weather Channel is being sued after allegedly misleading users regarding how their location data was being used. In 2015 IBM purchased the digital assets of the Weather Channel which included the app and is the primary focus of the lawsuit.
The complaint is brought by the City of Los Angeles and accuses the Weather Channel of using “…detailed location data from users for targeted advertising and to identify consumer trends that might be useful to hedge funds, while at the same time telling consumers their location would only be used to localize weather forecasts.”
Not included is whether personally identifiable information was sold to 3rd parties, and IBM responded to the suit with a statement from a spokesperson: “The Weather Company has always been transparent with use of location data; the disclosures are fully appropriate, and we will defend them vigorously.”
T-Mobile Users Saw Other Customers’ Personal Data Due to “System Glitch”
A mistake during a planned update from T-Mobile gained attention after some customers where able to see the private data of other users. Details like credit card information, home address and purchase history were improperly shown after logging on to T-Mobile’s system.
While the issue only persisted for a few morning hours on September 20th, it put T-Mobile back into the news again for poor data practices for the 3rd time this year. As the other two headline-grabbing incidents in 2023 were both data breaches, T-Mobile was quick to clarify this was, “A temporary system glitch” and that, “There was no cyberattack or breach at T-Mobile.”
Despite the fast communication from T-Mobile, customers are still concerned about the frequency of cybersecurity incidents at the mobile carrier. Combining worries over this latest mistake and fears from a 2021 data breach that saw the personal information of 49 million users stolen, an anonymous T-Mobile user stated: “And they want me to attach my banking information to get Auto Pay. It'll never happen.”
UK Privacy Watchdog Silent as Google Dismisses Critique that its Topics API Fails to Reform Ad-Tracking
The Technical Architecture Group (TAG), a working group for the World Wide Web Consortium (W3C) has criticized Google’s new targeted-advertising API called Topics for maintaining the status quo of “inappropriate surveillance on the web.”
Adding to the negative opinion’s on Google's Topics, Mozilla stated that Topics is, “…more likely to reduce the usefulness of the information for advertisers than it provides meaningful protection for privacy.”
Despite the concerns of independent non-profits, the UK’s Information Commission’s Office (ICO) has remained silent as Topics continues to move forward and is considered part of Google’s larger plan to create a Privacy Sandbox to evolve the adtech stack.
Responding to the feedback from TAG, Google stated: “While we appreciate the input of TAG, we disagree with their characterization that Topics maintains the status quo. Google is committed to Topics, as it is a significant privacy improvement over third-party cookies, and we’re moving forward.”
Twitter Takeover May Have Violated Privacy Order
The United States Department of Justice (DOJ) has filed legal documents alleging that the “chaotic environment” during Elon Musk’s takeover of Twitter may have caused non-compliance with an order imposed by the Federal Trade Commission (FTC).
Information gained via deposition of former Twitter employee’s gave credence to the DOJ’s concern that X (formerly Twitter) sought to nullify an earlier agreement made with the FTC prior to Musk’s takeover.
The earlier agreement was related to the FTC’s $150M fine imposed in 2011 against Twitter after investigation into whether the social media company was misrepresenting its data privacy and security practices to users. As a result of the investigation and fine, Twitter agreed to update it’s practices and provide transparency over their implementation to the FTC.
More Details Emerge Related to Massive TikTok Fine
We initially reported on the potential fine against TikTok for violations to the GDPR here and recently more details have come to light showing why the social media giant earned an unprecedented fine of €345M.
In a long list of violations, it appears that TikTok was placing child users’ accounts on a public setting by default, allowing any adult with access to a child’s account on the “family pairing” setting to enable direct messaging for over-16s, and made no attempt to negate any of the risks posed to under-13s on the platform even when their account was set to “public”.
The Irish Data Protection Commission (DPC) also stated that users between 13 and 17 years old “Were steered through the sign-up process in a way that resulted in their accounts being set to public – meaning anyone can see an account’s content or comment on it – by default.”
The DPC also disclosed that the “family pairing” scheme, designed to give a parent or guardian control over a child’s account settings, made zero attempt to ensure the adult who “paired” with the child user was actually their parent or guardian.
Greater Manchester Police Officers’ Data Hacked in Cyber-Attack
Personal information on tens of thousands of public servants is likely to have been breached during a recent cyber-attack. Earlier this month over 12,500 Greater Manchester police and staff were told that their private data had been compromised during a hack that also targeted the Metropolitan police.
The UK’s National Crime Agency (NCA) is currently investigating and has determined that a 3rd-party vendor, Digital ID, was compromised during a ransomware attack and is the source of the breached data.
A former incident manager at the National Cyber Security Centre, said it was likely that sensitive information from other companies using Digital ID were also compromised. Going further, the incident manager warned anyone with connections to Digital ID that their staff’s personal data, “…could eventually be leaked online if the company chooses not to pay the ransom.”
Panquake Releases Tracker-Free Short Link Service ‘Panquake Me’
Privacy-focused social media new entrant Panquake recently announced the release of a free, first-of-its-kind link shortening service called Panquake Me.
Featuring a super simple, one-click user interface, Panquake Me cleans, archives and shortens URLs inputted by users, returning them a safer and easier link to share instead.
During this process, Panquake Me cleans the inputted links of Big Tech trackers and cookies, archives the original source content via multiple well-known archiving services (Archive.org and Archive.is) and shortens the link to a more concise pnqk.me domain version.
Panquake Founder and Chief Product Officer, Suzie Dawson said:
"For too long journalists, activists and the general public have had to fear the links they share. Never knowing what was really hidden inside the link or whether the content would still be accessible in the future.
Recognising the urgency, we sliced off a piece of the cake of our Panquake technology to bring forward an early release of our application, in the solution that is Pnqk.me - a simple, free, link sharing and archive tool in one, that's safe for you to use. This is a big win for internet users the world over, reducing the fear of digital profiling from big corporates and governments who map your networks, of who you share content to."
More information about Panquake Me is available in the press release, at the Panquake Press Center and in the Panquake Me FAQ.
(Note for Readers: Panquake are also the publishers of Your Worldwide Internet Report)
That concludes this edition of Your Worldwide INTERNET REPORT!
Remember to SUBSCRIBE and spread the word about this unique news service.
This issue of Your Worldwide INTERNET REPORT was written by Matt Millen of WillenRimer; Edited by Suzie Dawson and Sean O’Brien; Graphics by K4t4rt; with production support by Beth Bracken.
Talk Liberation - Your Worldwide INTERNET REPORT was brought to you by Panquake.com. We Don’t Hope, We Build!
© Talk Liberation Limited. The original content of this article is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license. Please attribute copies of this work to “Talk Liberation” or talkliberation.com. Some of the work(s) that this program incorporates may be separately licensed. For further information or additional permissions, contact licensing@talkliberation.com