A Review of the Best News of the Week on Identity Management & Web Fraud

Court Rules Govt Can’t Search Your Phone at the Airport for No Reason (VICE, Nov 12 2019)
The ruling is a significant win for privacy rights of Americans and tourists traveling to the United States.

Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans (WSJ, Nov 14 2019)
Google is teaming with one of the country’s largest health-care systems on an ambitious project named “Project Nightingale” to collect and crunch detailed health information of millions of Americans across 21 states.

Your DNA Profile is Private? A Florida Judge Just Said Otherwise (The New York Times, Nov 14 2019)
Privacy experts say a warrant granted in Florida could set a precedent, opening up all consumer DNA sites to law enforcement agencies across the country.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Microsoft to Extend California Privacy Law US-Wide (Infosecurity Magazine, Nov 12 2019)
The California Consumer Privacy Act (CCPA) comes into effect on January 1, 2020. It’s set to offer more GDPR-like protections and rights to the Golden State’s citizens, such as the ability to find out what personal information of theirs companies are collecting and to prevent it from being sold to third parties.

Colorado Driver’s Licenses Go Digital (WSJ, Nov 13 2019)
Colorado residents who download a special app can use their phones as a form of ID in places like bars, restaurants and banks, but it is up to the establishments to decide whether they accept the new format.

Ping Identity provides the identity verification solution for myColorado (Help Net Security, Nov 13 2019)
Ping Intelligent Identity platform provides the identity verification solution for the State of Colorado’s official mobile application, myColorado, which contains the new Colorado Digital ID.

Huge Airbnb scam leads to promise to vet every host, every listing (Naked Security – Sophos, Nov 11 2019)
Shuffling people into – surprise! – cobwebby rat traps has been a snap. Actual vetting may help, plus a new guarantee of 100% refunds.

5G Race Could Leave Personal Privacy in the Dust (WSJ, Nov 13 2019)
New networks will collect more data on the physical world. Experts warn public policy hasn’t caught up.

Apple details new Safari, Location Services, Sign in with Apple privacy features (Help Net Security, Nov 07 2019)
three new white papers and tech briefs on how Safari, Location Services, and Sign in with Apple protect user privacy.

Tech Firms React to Netizens’ Digital Privacy Concerns (SecurityWeek, Nov 08 2019)
a slew of tech entrepreneurs are bidding to turn growing consciousness about the problem into a money-making industry and many showcased their skills at this week’s Web Summit in Lisbon.

Please Stop Trying to Pay Me to Advertise Fake iOS Jailbreak Websites (VICE, Nov 08 2019)
An internet marketing firm asked me to promote a series of fake iOS jailbreak sites, including ones for jailbreaks that don’t actually exist.

Florida Police Want Access to Controversial Facial Recognition Network (Infosecurity Magazine, Nov 08 2019)
Miami-Dade cops are making eyes at Pinellas County Sheriff’s FACES

WhatsApp Cofounder Brian Acton on Why Privacy Matters (Wired, Nov 08 2019)
The cofounder of the messaging service and the current chair of the Signal Foundation talks about the proliferation of end-to-end encryption in personal communications.

Tech Support Scammers Exploiting Unpatched Firefox Bug (SecurityWeek, Nov 12 2019)
Mozilla is working on addressing a Firefox bug that has been exploited by tech support scammers to lock the browser when users visit specially crafted websites.

The persuasiveness of a remote job (Forcepoint, Nov 12 2019)
We have recently encountered two methods attempting to scam people linked to this trend of home working. The first is an attempt at cybersquatting, and the second is a small scale botnet pushing out home-working related lures.

Cardplanet Operator Extradited for Facilitating Credit Card Fraud (Dark Reading, Nov 13 2019)
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.

The Myths of Multifactor Authentication (Dark Reading, Nov 12 2019)
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What’s holding them back?

Privacy Rights Group Sues DHS Over ‘Coercive’ DNA Tests at the Border (VICE, Nov 14 2019)
The EFF argues that DNA collection is a surefire way to violate privacy and human rights.

This Bank Had the Worst Password Policy We’ve Ever Seen (VICE, Nov 14 2019)
A European bank makes customers pay to change their passwords, and suggests they Google their password to check if it is secure.