A Review of the Best News of the Week on Identity Management & Web Fraud

Facebook pays teens to install VPN that spies on them (TechCrunch, Jan 29 2019)
Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August.

Taxpayers Demand HMRC Deletes Voice IDs (Infosecurity Magazine, Jan 28 2019)
Over 160,000 UK taxpayers have demanded that the HMRC delete biometric voice recordings collected without their informed consent.

Internet Society Publishes Privacy Code of Conduct (SecurityWeek, Jan 30 2019)
The Internet Society published on Monday (International Privacy Day) its Privacy Code of Conduct (PDF) — nine steps that all companies should take to ensure data privacy.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

Microsoft Chief Calls for ‘Global Standard’ on Privacy (SecurityWeek, Jan 25 2019)
In an interview this week at the World Economic Forum Annual Meeting in Davos, Switzerland, Microsoft CEO Satya Nadella praised the EU’s GDPR and called it a “fantastic start on really treating privacy as a human right.”

Undercover Agents Target Cybersecurity Watchdog (SecurityWeek, Jan 26 2019)
The researchers who reported that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi’s inner circle before his gruesome death are being targeted in turn by international undercover operatives, The Associated Press has found.

The Pitfalls of Facebook Merging Messenger, Instagram, and WhatsApp Chats (Wired, Jan 25 2019)
Facebook’s effort to combine its major chat platforms could create minefields for users who rely on end-to-end encryption.

Privacy Groups Claim Online Ads Can Target Abuse Victims (Wired, Jan 27 2019)
Complaints filed in Europe claim internet companies categorize users based on potentially sensitive browsing habits, and then use those labels to target ads.

Facebook to shut down iOS app that allowed for near total data access (Help Net Security, Jan 30 2019)
After Apple banned Facebook’s Onavo VPN app from its App Store, the company repackaged it, named it “Facebook Research” and offered it through three app beta testing services.

Google is also monitoring iPhone usage with a private app (The Verge, Jan 30 2019)
Facebook’s not the only company violating Apple’s App Store policies.

Hackers Are Passing Around a Megaleak of 2.2 Billion Records (Wired, Jan 30 2019)
The so-called Collections #1-5 represent a gargantuan, patched-together Frankenstein of rotting personal data.

Illinois Supreme Court: Six Flags violated state’s Biometric Information Privacy Act (SC Magazine, Jan 25 2019)
In a test of the enforceability of the Illinois Biometric Information Privacy Act, the Illinois Supreme Court ruled that a 14-year-old boy was entitled to statutory damages – between $1,000 to $5,000 – after a Six Flags amusement park issuing a season pass didn’t get his express permission before fingerprinting him.

Has the fight over privacy changed at all in 2019? (TechCrunch, Jan 26 2019)
Eight experts weigh-in for our latest TechCrunch debate

Understand More About Phishing Techniques to Reduce Your Digital Risk (SecurityWeek, Jan 24 2019)
According to Phishing.org, the practice of phishing started around 1995. Nearly 25 years later, phishing is still used by attackers of all levels of sophistication. The 2018 Verizon Data Breach Investigations Report (VDBIR) ranks it as the third most common technique used in incidents and confirmed breaches and finds that 70 percent of breaches associated with nation-state or state-affiliated actors involved phishing.

Twitter scammers jump in on real-time complaints to companies (Naked Security – Sophos, Jan 28 2019)
”Hi there,” said the polite (and fake) help desk, leading to a back-and-forth between a lying scammer and a lying security analyst.

Facebook debuts scam ads reporting tool (Naked Security – Sophos, Jan 25 2019)
Adverts on Facebook featuring fake celebrity endorsements scam people out of their savings, and Facebook is now doing something about it.

Colorado police encrypt *all* their radio communications, frustrating journalists (Graham Cluley, Jan 25 2019)
“Sure, I can see how this is a nuisance for crime beat reporters as they can’t snoop on police communications. It makes it harder for journalists to respond rapidly to breaking news. And it can be argued that it reduces transparency. But, if we value our privacy, encrypted communications should be the default not the exception. For all of us.”

$1.7 billion in cryptocurrency was stolen and scammed in 2018 (Help Net Security, Jan 30 2019)
$1.7 billion in cryptocurrency was stolen and scammed in 2018 — a dramatic rise in criminal activity despite a slump in the market, according to CipherTrace. Criminals need to launder all these funds in order to cash out before a wave of regulations go into effect in 2019.

Canadian Telecom Giant Bell Wanted NAFTA to Ban Some VPNs (Motherboard, Jan 30 2019)
Bell wanted the privacy tools—which can also be used to access geo-blocked media—to be made unlawful under NAFTA.

Mozilla Improves Privacy Controls in Firefox 65 (eWEEK, Jan 30 2019)
New release of the Firefox web browser makes it easier for users to configure controls that can help to protect online privacy.

Facebook Hires Up Three of Its Biggest Privacy Critics (Wired, Jan 30 2019)
Can a trio of privacy advocates effect change from within Facebook—or will they be stifled by corporate bureaucracy?