A Review of the Best News of the Week on Identity Management & Web Fraud

Modern Mass Surveillance: Identify, Correlate, Discriminate (Schneier, Jan 27 2020)
“These efforts are well-intentioned, but facial recognition bans are the wrong way to fight against modern surveillance. Focusing on one particular identification method misconstrues the nature of the surveillance society we’re in the process of building.”

Facial recognition firm sued for scraping 3 billion faceprints (Naked Security – Sophos, Jan 28 2020)
A potential class action says Clearview AI is breaking biometrics privacy law by ransacking social media so police can match photos with IDs.

Leaked Documents Expose the Secretive Market for Your Web Browsing Data (VICE, Jan 27 2020)
An Avast antivirus subsidiary sells ‘Every search. Every click. Every buy. On every site.’ Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Google researchers find serious privacy risks in Safari’s anti-tracking protections (Ars Technica, Jan 23 2020)
Apple’s Intelligent Tracking Prevention can open users to a variety of attacks.

London Police Adopt Facial Recognition Technology as Europe Considers Five-Year Ban (Infosecurity Magazine, Jan 24 2020)
London’s Metropolitan Police Service to start using facial recognition technology within a month

Alphabet CEO supports EU push to temporarily ban facial recognition in public spaces (SC Magazine, Jan 23 2020)
Alphabet CEO Sundar Pichai’s decision to back the EU’s proposal to ban the use of face recognition in public spaces for five years drew praise from rights activists.

The Chrome Web Store is currently facing a wave of fraudulent transactions (ZDNet, Jan 27 2020)
Google temporarily suspends publishing and updating of paid Chrome extensions following a spike in fraudulent transactions.

German Privacy Watchdog Investigates Clothing Retailer H&M (SecurityWeek, Jan 27 2020)
A German privacy watchdog says it has opened an investigation into clothing retailer H&M amid evidence that the Swedish retailer had committed “massive data protection breaches” by spying on its customer service representatives in Germany.

Bernie Sanders Thinks Companies That Sell Your Browser History Are ‘Trampling Over the Rights of Consumers’ (VICE, Jan 28 2020)
“No reasonable person would expect antivirus software to be selling off their private browsing data to the highest bidder.”

Customer Tracking at Ralphs Grocery Store (Schneier on Security, Jan 29 2020)
The reaction from John Votava, a Ralphs spokesman:
“I can understand why it raises eyebrows,” he said. We may need to change the wording on the form.”
That’s the company’s solution. Don’t spy on people less, just change the wording so they don’t realize it.

Online Employment Scams on the Rise, Says FBI (Dark Reading, Jan 24 2020)
Looking to change jobs? Watch out for fraudsters who use legitimate job services, slick websites, and an interview process to convince applicants to part with sensitive personal details.

Weathering the Privacy Storm from GDPR to CCPA & PDPA (Dark Reading, Jan 23 2020)
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.

More authentication and identity tech needed with fraud expected to increase (Help Net Security, Jan 24 2020)
The proliferation of real-time payments platforms, including person-to-person (P2P) transfers and mobile payment platforms across Asia Pacific, has increased fraud losses for the majority of banks.

Zero Trust: Beyond access controls (Help Net Security, Jan 23 2020)
a Zero Trust approach is really an organization-wide architecture. Things aren’t always as they seem, and access controls by themselves are meaningless without a comprehensive, centrally managed infrastructure to back them up.

Privacy watchdog throws wider net to protect children online (Naked Security – Sophos, Jan 24 2020)
A new, comprehensive code will compel online services to put children’s health and safety before data-collecting profits.

9th Methbot suspect arrested in massive clickfraud ring (Naked Security – Sophos, Jan 24 2020)
How Sergey Denisoff described his early ad-buying ventures: buying BS popup traffic and reselling it to buyers demanding BS traffic.

Greater Focus on Privacy Pays Off for Firms (Dark Reading, Jan 27 2020)
Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco’s annual survey.

50% of people would exercise at least one right under the CCPA (Help Net Security, Jan 29 2020)
As state houses and Congress rush to consider new consumer privacy legislation in 2020, ​Americans expect more control over their personal information online, and are concerned with how businesses use the data collected about them, a DataGrail research reveals.

How to better control access to your Windows network (Network World Security, Jan 29 2020)
Take stock of how people and devices access your network and block potential avenues of attack.