1. Home
  2. News
  3. Tech News
  4. Privacy

Privacy

FTC announces crackdown on education companies that track children online

The agency is taking a stronger stand to protect children's privacy

The Federal Trade Commission (FTC) is taking a giant leap forward in the protection of children's privacy. The agency announced on Monday that it will strengthen the Children’s Online Privacy Protection Act (COPPA) by cracking down on any education technology company that monitors children illegally.

The FTC’s new policy statement reinforces that it is illegal for companies to force parents and schools to surrender their children’s privacy rights in order to do schoolwor...

Not sure how to choose?

Get expert buying tips about Privacy delivered to your inbox.

    By entering your email, you agree to sign up for consumer news, tips and giveaways from ConsumerAffairs. Unsubscribe at any time.

    Thank you, you have successfully subscribed to our newsletter! Enjoy reading our tips and recommendations.

    Recent Articles

    Newest
    • Newest
    • Oldest

    Consumers keep adding their names to the FTC’s Do Not Call Registry

    The agency says it’s getting ready for any new technology challenges telemarketers may try and throw at it

    The Federal Trade Commission (FTC) has handed Congress its latest National Do Not Call (DNC) Registry report, which focuses on how consumers and businesses alike have been impacted by unwanted sales pitches and robocalls. 

    If you guessed that there are more and more people who want to be added to the list, you’d be right. There was an uptick of more than 4.1 million registrations from the previous fiscal year, bringing the DNC Registry close to 239 million consumer registrations.

    Making companies put their money where their mouth is

    Many consumers might be surprised to know that businesses and other entities pay to access the registry. The reason is that any U.S. telemarketing company that wants to call a consumer is required to download the phone numbers on the National Do Not Call Registry every single year to ensure they do not call consumers who have registered their phone numbers. 

    The telemarketers are given access to five area codes for free, but they have to pay up to get the other 330 area codes. Some charitable organizations get the list for free.

    Consumer complaints about telemarketing calls aren’t going away any time soon, but with the new TRACED Act hopefully putting a lid on runaway robocalls, there’s a little bit of hope. Nonetheless, the FTC figures that there’ll always be some company somewhere that is going to try and find a new way to get consumers on the phone without playing by the rules.

    “As new technology provides new challenges, the FTC actively seeks to address and confront them by, among other things, encouraging private industry, other government agencies, academia, and other interested parties to create and develop new strategies to help consumers avoid unwanted telemarketing calls,” the Commission wrote in its Registry update.

    The Federal Trade Commission (FTC) has handed Congress its latest National Do Not Call (DNC) Registry report, which focuses on how consumers and businesses...
    Read lessRead more

    Laser pointers can trick smart speakers into following voice commands

    A team of researchers have found a vulnerability in the microphones of many popular smart speakers

    Researchers from Tokyo and the University of Michigan have found that laser pointers are capable of “hijacking” smart speakers. 

    In a paper titled “Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems,” the researchers said they found that voice-enabled devices could be tricked into following voice commands by beaming a laser at them. 

    The team tested the effect of laser pointers on smart speakers that included Google Assistant, Apple Siri, and Amazon Alexa. They found that these devices interpreted the light of the laser as sound. 

    “We have identified a semantic gap between the physics and specifications of MEMS (microelectro-mechanical systems) microphones, where such microphones unintentionally respond to light as if it was sound,” they wrote. “Exploiting this effect, we can inject sound into microphones by simply modulating the amplitude of a laser light.” 

    Privacy threat

    The effect produced “an attack that is capable of covertly injecting commands into voice-controllable systems” at distances of 230 to 350 away. In one instance, the team successfully commanded a Google Home device that was in a room in another building to open a garage door simply by shining a light that had the “OK Google” command encoded in it. 

    The list of devices that were tested and found to be vulnerable to light commands includes Google Home; Google Nest Cam IQ; multiple Amazon Echo, Echo Dot, and Echo Show devices; Facebook's Portal Mini; the iPhone XR; and the sixth-generation iPad.

    The researchers said they have already notified Tesla, Ford, Amazon, Apple, and Google about the weakness. They said that mitigating the flaw would require a redesign of most microphones. Lead author Takeshi Sugawara said one possible way to get rid of the vulnerability in microphones would be to create an obstacle that would block a line of sight to the microphone's diaphragm.

    Researchers from Tokyo and the University of Michigan have found that laser pointers are capable of “hijacking” smart speakers. In a paper titled “Ligh...
    Read lessRead more

    Report finds very little anonymity on the internet

    Most websites track your browsing habits

    If you’re doing anything online that you don’t want anyone to know about, you’re probably out of luck.

    The Washington Post reports a number of websites, from mainstream news outlets to porn sites, are using a hidden code to run a check to find out who you are. Accessing or deploying browsing features like “private browsing” may make no difference at all. In fact, because you’ve turned on a feature like “do not track” may make you more likely to be tracked, security experts say.

    Some of these programs that track you online don’t appear to be that intrusive at first glance. The programs extract mostly innocent-looking data about your computer, such as your screen resolution or the version of the operating system your device is running.

    It’s called “fingerprinting,” with the web taking a photograph of your browsing habits. With this information, a program can know what sites you’ve accessed in the past and create profiles of your behavior. It’s one of the reasons that ads seem to follow you around on the internet.

    The Post report says most of the sites it contacted said “fingerprinting” web users is now  industry standard practice. But one analyst told the Post that “fingerprinting” is user-hostile, with the fact that web users who ask not to be tracked become even more valuable tracking commodities.

    ‘Growing threat’

    According to the Post, Google, Apple, and Mozilla have all agreed that “fingerprinting” is a growing threat to consumers.

    It’s not that websites you’ve visited have your name, address, or any other personal information about you in a database. It’s all a matter of putting information into a pattern.

    As internet users access a website, the site’s code begins asking your computer for things that aren’t part of the usual process of pulling up a page. Knowing what operating system you’re running, what fonts you have installed or what your address is on your internal network distinguishing characteristics.

    If you have turned on “do not track” the site may take a special interest in you. Different websites use different data points to assemble your fingerprint, which is part of what makes it so hard to control. 

    Some websites say they use fingerprinting to protect their customers. They contend that fingerprinting lets them improve online security, such as fighting attempts to use stolen credit cards or passwords.

    If you’re doing anything online that you don’t want anyone to know about, you’re probably out of luck.The Washington Post reports a number of websites,...
    Read lessRead more

    Google, YouTube hit with $170 million penalty for violating children’s privacy law

    The video platform says it’s taking steps to address privacy concerns

    Federal regulators have slapped Google’s YouTube platform with a $170 million penalty for pulling in millions of advertising dollars through the improper collection of children’s personal information. 

    The settlement announced Wednesday requires that Google and YouTube pay $136 million to the Federal Trade Commission (FTC) and $34 million to New York for allegedly violating the Children’s Online Privacy Protection Act (COPPA). 

    “YouTube touted its popularity with children to prospective corporate clients,” wrote FTC Chairman Joe Simons. “Yet when it came to complying with COPPA, the company refused to acknowledge that portions of its platform were clearly directed to kids. There’s no excuse for YouTube’s violations of the law.”

    New York Attorney General Letitia James said that the companies “put children at risk and abused their power” through illegally monitoring and tracking kids’ behaviors in order to serve them targeted ads. James noted that the settlement is “one of the largest settlements for a privacy matter in U.S. history.”

    Settlement also requires reform

    Under the settlement, Google and YouTube are also required to “develop, implement, and maintain a system that permits channel owners to identify their child-directed content on the YouTube platform” in order to ensure compliance with COPPA.

    Additionally, YouTube must “obtain verifiable parental consent” before collecting personal information from children.

    YouTube said in a blog post that it’s working on developing ways to address the privacy concerns that have cropped up in conjunction with “a boom in family content and the rise of shared devices.” 

    In the coming months, YouTube said it will be restricting data collection on videos likely to be watched by children and treating data from anyone watching children’s content on the platform as “coming from a child, regardless of the age of the user.” 

    YouTube said it will also cease its practice of serving targeted ads on videos aimed at young audiences and turn off comments and notifications for those videos. The company has recommended that parents use its YouTube Kids app when letting children under 13 watch videos without adult supervision. 

    Federal regulators have slapped Google’s YouTube platform with a $170 million penalty for pulling in millions of advertising dollars through the improper c...
    Read lessRead more

    YouTube may stop serving targeted ads on videos aimed at children

    The site is trying to appease regulators following the FTC’s privacy violation charge

    YouTube is considering putting an end to its practice of allowing “targeted” ads on videos that are more likely to be viewed by children, Bloomberg reports, citing people “familiar with the discussion.”

    The video streaming platform was recently hit with a multimillion dollar fine after the FTC found that it had violated children’s privacy laws by collecting data on children under the age of 13. It’s not clear if YouTube’s changes -- which, at this point, may or may not be implemented -- are a direct result of the settlement, Bloomberg noted. 

    Doing away with targeted ads on videos aimed at children could have a significant impact on YouTube’s ad revenues. An industry analyst cited in the report said the platform could lose as much as 10 percent of its overall intake from kids’ videos, which works out to about $50 million annually. 

    However, this solution would be much smaller in scale than other proposed ways of complying with regulators. Last year, a coalition of advocacy groups suggested that the FTC require YouTube to migrate all of its kids’ content to its YouTube Kids app. FTC chairman Joseph Simons has suggested the possibility of disabling ads on videos likely to be watched by children. 

    Tracking still an issue

    Google hasn’t commented on YouTube’s reported decision to stop serving targeted ads on kids’ videos, and it’s still unclear how YouTube would determine which videos would count as kids’ videos. 

    Complainants have argued that the move would be hard to enforce. Josh Golin, from the Campaign for Commercial-Free Childhood, noted that shutting off the ad-targeting feature for select kids’ videos doesn’t mean YouTube will stop tracking their web habits. 

    “Is Google still going to be collecting all the data and creating marketing profiles?” he asked Bloomberg. “That wouldn’t be satisfactory either.”

    YouTube is considering putting an end to its practice of allowing “targeted” ads on videos that are more likely to be viewed by children, Bloomberg reports...
    Read lessRead more

    New York City bill would ban sales of mobile location data

    Companies wouldn’t be allowed to share users’ location info without their explicit permission

    A bill introduced Tuesday would make it illegal for cell phone and app companies to sell the location data of users in New York City, the New York Times reports

    Companies that break the law would be subject to a steep fine. Additionally, users within city limits would be legally allowed to sue companies that share their data without permission. 

    The Times notes that the bill is likely to face resistance from telecommunications companies because selling location data generates billions of dollars annually. But proponents of the bill say its passage would represent a small step toward mitigating the privacy concerns that stem from the practice of location data sharing.

    Reining in data sharing

    Currently, no law prohibits U.S. companies from selling location data. Earlier this year, FCC Commissioner Geoffrey Starks called for federal action to put an end to the practice. In an op-ed for the New York Times, Starks expressed frustration over the fact that the FCC has yet to use its authority to crack down on the practice of data sharing. 

    If passed, the bill proposed Tuesday would make New York City the first to establish its own set of location data rules. 

    Calling the behavior of selling location data a “dangerous breach of privacy,” Democratic City Council member Justin Brannan said New York City can “lead the way” in banning the practice.

    “Big telecom companies are making millions $$ by selling our location data without our knowledge -- forget about even asking our permission,” he said on Twitter. “It's time to put an end to Big Brother Big Business. And if the federal gov won't do it, NYC will.” 

    A bill introduced Tuesday would make it illegal for cell phone and app companies to sell the location data of users in New York City, the New York Times re...
    Read lessRead more

    NSA unlawfully collected additional call data last year

    The latest over-collection incident happened in October

    The National Security Agency (NSA) improperly collected phone call data just a few months after assuring the public that the glitch that had previously caused it to do so had been fixed, according to documents obtained by the American Civil Liberties Union (ACLU). 

    The agency’s first erroneous record-collection incident happened last May. Upon realizing its mistake, the NSA said it deleted more than 600 million of the call records it had collected from phone companies in error. Now, the ACLU has found that another over-collection incident occured in October 2018. 

    In its report, the ACLU said the NSA obtained information about U.S. consumers’ phone calls in a manner not authorized under section 215 of the Patriot Act. 

    The report said the agency unlawfully collected call record data three times in total: in November 2017, February 2018, and October 2018. The third violation suggests the underlying problem wasn’t mitigated in the first place, or perhaps that the NSA faced new problems that caused the issue to happen again.

    “These documents further confirm that this surveillance program is beyond redemption and a privacy and civil liberties disaster,” Patrick Toomey, staff attorney with the ACLU’s National Security Project, said in a statement. “The NSA’s collection of Americans’ call records is too sweeping, the compliance problems too many, and evidence of the program’s value all but nonexistent. There is no justification for leaving this surveillance power in the NSA’s hands.”

    NSA responds

    In a statement acknowledging its persistent over-collection problem, the NSA said the technical issues to blame for the earlier incidents were fixed. However, it found additional “data integrity and compliance concerns caused by the unique complexities of using company-generated business records for intelligence purposes.”

    “Those data integrity and compliance concerns have also been addressed and reported to NSA’s overseers, including the congressional oversight committees and the Foreign Intelligence Surveillance Court,” the agency added.

    The NSA is now considering shutting down its call data collection system because it “is now viewed by many within the intelligence community as more of a burden than a useful tool, in part due to the compliance issues,” the Wall Street Journal reported. 

    The National Security Agency (NSA) improperly collected phone call data just a few months after assuring the public that the glitch that had previously cau...
    Read lessRead more

    Facebook’s research app collected data on 187,000 users

    The company says 4,300 of that total were U.S. teens

    Facebook says its discontinued research app collected data from about 187,000 users who were paid $20 a month to allow the social media company observe how they used their phones.

    The app made news earlier this year when Apple blocked Facebook from offering the app to iPhone users. At the time, Facebook said it users were paid for their participation, it never tried to hide the program, and none of the information was shared.

    In a letter to members of Congress, Facebook disclosed it had collected data from 31,000 users in the U.S., 4,300 of whom were teenagers. The rest were consumers who lived in India.

    At the time, Facebook said the app was part of an effort to help the company better serve its users.

    “Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate,” a spokesperson said at the time.

    The information may or may not be relevant to the current debate about Facebook’s size and scale, and whether it is a monopoly in need of regulation. The company has defended its discontinued research app as transparent and non-intrusive.

    New research app

    This week, Facebook released a new Android app, available to users who are at least 18 years-old. Facebook says users who download the app will agree to let Facebook analyze the apps on the phone, looking at how much they are used and the device or network that is being used.

    The company says users who agree to participate will still receive compensation for sharing their data and can leave the program at any time.

    As for the new research app, at least one lawmaker thinks it is an ill-conceived move. Sen. Richard Bloomenthan (D-Conn.) told CNET he thinks Facebook should be emphasizing consumer privacy.

    "At a time when the company is under investigation for its data practices and anti-competitive actions, the Facebook Study app is at best tone-deaf and ill-considered," Bloomenthal told CNET.

    Facebook and other tech giants have come under closer government scrutiny in recent weeks and could face antitrust action. For its part, Facebook is attempting to settle a Federal Trade Commission action over its handling of user data.

    Facebook says its discontinued research app collected data from about 187,000 users who were paid $20 a month to allow the social media company observe how...
    Read lessRead more

    Is your cell phone provider selling your location to the highest bidder?

    Democrats claim there is a ‘black market’ in phone-location data

    Federal Communications Commission (FCC) Chairman Ajit Pai was grilled this week about the alleged sale of phone-location data to entities with no clear rights to possess it.

    Appearing before a House committee, the FCC chairman got a scolding and a warning that “lying to Congress is a federal crime.” Rep. Anna Eshoo (D-Calif.) warned Pai that what he told the panel was at odds with what she had heard elsewhere.

    Eshoo aimed pointed questions at Pai asking for details about what she had heard was an FCC probe into the apparently illegal sale of phone-location data to third-party individuals and organizations.

    The Congressional inquiry appeared to expose an intensely partisan divide within the FCC, where Republicans hold three seats and the Democrats control two. Democrats on the FCC board contend there is a “black market” in data that is being used to erode consumers’ privacy protections.

    Democratic lawmakers accused Pai of withholding information from their party members. During the hearing, Pai was noncommittal about whether he would share basic information about the investigation with the FCC’s two Democratic commissioners, Jessica Rosenworcel and Geoffrey Starks.

    Not aware of requests for information

    Pai said he had never withheld information from Democratic FCC commissioners. He said he was not aware of requests for information made by the Democratic commissioners.

    Pai said that in February, just after Starks had joined the FCC, he had offered the new commissioner control of the investigation into how location data was being used. He said the Democrat had turned down the offer.

    Consumers’ location data is extremely valuable knowledge. Advertisers pay handsomely for it because they have found if they can target an advertisement to a consumer who is close to the client’s location, that person is much more likely to become a customer.

    But critics say location information, in the wrong hands, could be dangerous. The technology site Motherboard reports it gave a bounty hunter $300 to track someone’s cell phone and he was able to pinpoint their location within a quarter-mile.

    If a law enforcement agency wants to track the location of a criminal suspect, it must get legal authorization. Last year the Supreme Court ruled 5-4 that law enforcement must obtain a search warrant to get access to cell phone location information.

    Federal Communications Commission (FCC) Chairman Ajit Pai was grilled this week about the alleged sale of phone-location data to entities with no clear rig...
    Read lessRead more