online data privacy

mozilla’s-privacy-service-drops-a-provider-with-ties-to-people-search-sites

Mozilla’s privacy service drops a provider with ties to people-search sites

brian krebs, data brokers, data privacy, dimitri shelest, Firefox, krebs on security, mozilla, mozilla monitor, mozilla monitor plus, onerep, online data privacy, people search, Tech / /

People search —

Owner of Onerep removal service launched “dozens of people-search services.”

Mozilla Monitor Plus dashboard

Mozilla

Mozilla’s Monitor Plus, a service launched by the privacy-minded tech firm in February, notes on its pitch page that there is “a $240 billion industry of data brokers selling your private information for profit” and that its offering can “take back your privacy.”

Mozilla’s most recent move to protect privacy has been to cut out one of the key providers of Monitor Plus’ people-search protections, Onerep. That comes after reporting from security reporter Brian Krebs, who uncovered Onerep CEO and founder Dimitri Shelest as the founder of “dozens of people-search services since 2010,” including one, Nuwber, that still sells the very kind of “background reports” that Monitor Plus seeks to curb.

Shelest told Krebs in a statement (PDF) that he did have an ownership stake in Nuwber, but that Nuwber has “zero cross-over or information-sharing with Onerep” and that he no longer operates any other people-search sites. Shelest admitted the bad look but said that his experience with people search gave Onerep “the best tech and team in the space.”

Brandon Borrman, vice president of communications at Mozilla, said in a statement that while “customer data was never at risk, the outside financial interests and activities of Onerep’s CEO do not align with our values.” Mozilla is “working now to solidify a transition plan,” Borrman said. A Mozilla spokesperson confirmed to Ars today that Mozilla is continuing to offer Monitor Plus, suggesting no pause in subscriptions, at least for the moment.

Monitor Plus also kept track of a user’s potential data breach exposures in partnership with HaveIBeenPwned. Troy Hunt, founder of HaveIBeenPwned, told Krebs that aside from Onerep’s potential conflict of interest, broker removal services tend to be inherently fraught. “[R]emoving your data from legally operating services has minimal impact, and you can’t remove it from the outright illegal ones who are doing the genuine damage.”

Still, every bit—including removing yourself from the first page of search results—likely counts. Beyond sites that scrape public records and court documents for your information, there are the other data brokers selling barely anonymized data from web browsing, app sign-ups, and other activity. A recent FTC settlement with antivirus and security firm Avast highlighted the depth of identifying information that often is available for sale to both commercial and government entities.

Mozilla’s privacy service drops a provider with ties to people-search sites Read More »

ftc-suggests-new-rules-to-shift-parents’-burden-of-protecting-kids-to-websites

FTC suggests new rules to shift parents’ burden of protecting kids to websites

biometric data, children's online privacy protection act, children's privacy law, COPPA, federal trade commission, ftc, online data privacy, Policy / /

Ending the endless tracking of kids —

FTC seeking public comments on new rules to expand children’s privacy law.

FTC suggests new rules to shift parents’ burden of protecting kids to websites

The Federal Trade Commission (FTC) is currently seeking comments on new rules that would further restrict platforms’ efforts to monetize children’s data.

Through the Children’s Online Privacy Protection Act (COPPA), the FTC initially sought to give parents more control over what kinds of information that various websites and apps can collect from their kids. Now, the FTC wants to update COPPA and “shift the burden from parents to providers to ensure that digital services are safe and secure for children,” the FTC’s press release said.

“By requiring firms to better safeguard kids’ data, our proposal places affirmative obligations on service providers and prohibits them from outsourcing their responsibilities to parents,” FTC chair Lina Khan said.

Among proposed rules, the FTC would require websites to turn off targeted advertising by default and prohibit sending push notifications to encourage kids to use services more than they want to. Surveillance in schools would be further restricted, so that data is only collected for educational purposes. And data security would be strengthened by mandating that websites and apps “establish, implement, and maintain a written children’s personal information security program that contains safeguards that are appropriate to the sensitivity of the personal information collected from children.”

Perhaps most significantly, COPPA would also be updated to stop companies from retaining children’s data forever, explicitly stating that “operators cannot retain the information indefinitely.” In a statement, commissioner Alvaro Bedoya called this a “critical protection” at a time when “new, machine learning-fueled systems require ever larger amounts of training data.”

These proposed changes were designed to address “the evolving ways personal information is being collected, used, and disclosed, including to monetize children’s data,” the FTC said.

Keeping up with advancing technology, the FTC said, also requires expanding COPPA’s definition of “personal information” to include biometric identifiers. That change was likely inspired by charges brought against Amazon earlier this year, when the FTC accused Amazon of violating COPPA by retaining tens of thousands of children’s Alexa voice recordings forever.

Once the notice of proposed rulemaking is published to the Federal Register, the public will have 60 days to submit comments. The FTC likely anticipates thousands of parents and stakeholders to weigh in, noting that the last time COPPA was updated in 2019, more than 175,000 comments were submitted.

Endless tracking of kids not a “victimless crime”

Bedoya said that updating the already-expansive children’s privacy law would prevent known harms. He also expressed concern that increasingly these harms are being overlooked, citing a federal judge in California who preliminarily enjoined California’s Age-Appropriate Design Code” in September. That judge had suggested that California’s law was “actually likely to exacerbate” online harm to kids, but Bedoya challenged that decision as reinforcing a “critique that has quietly proliferated around children’s privacy: the idea that many privacy invasions do not actually hurt children.”

For decades, COPPA has protected against the unauthorized or unnecessary collection, use, retention, and disclosure of children’s information, which Bedoya said “endangers children’s safety,” “exposes children and families to hacks and data breaches,” and “allows third-party companies to develop commercial relationships with children that prey on their trust and vulnerability.”

“I think each of these harms, particularly the latter, undermines the idea that the pervasive tracking of children online is [a] ‘victimless crime,'” Bedoya said, adding that “the harms that COPPA sought to prevent remain real, and COPPA remains relevant and profoundly important.”

According to Bedoya, COPPA is more vital than ever, as “we are only at the beginning of an era of biometric fraud.”

Khan characterized the proposed changes as “much-needed” in an “era where online tools are essential for navigating daily life—and where firms are deploying increasingly sophisticated digital tools to surveil children.”

“Kids must be able to play and learn online without being endlessly tracked by companies looking to hoard and monetize their personal data,” Khan said.

FTC suggests new rules to shift parents’ burden of protecting kids to websites Read More »