Articles tagged with "data-privacy"
Here’s the tech powering ICE’s deportation crackdown
The article details how Immigration and Customs Enforcement (ICE) has leveraged advanced technologies to intensify deportation efforts under President Donald Trump’s administration. ICE has conducted widespread raids targeting undocumented immigrants, using tools that enable extensive surveillance and identification. Among these technologies are cell-site simulators—also known as “stingrays” or IMSI catchers—that mimic cellphone towers to locate and intercept communications from nearby phones. ICE has invested over $1.5 million in customized vehicles equipped with these simulators through contracts with TechOps Specialty Vehicles, which integrates the technology into their vans. The use of cell-site simulators is controversial due to privacy concerns, as they indiscriminately collect data from all phones in the vicinity and have sometimes been deployed without warrants. Additionally, law enforcement agencies have sought to keep their use secret in court to avoid disclosing sensitive information. Facial recognition technology is another key tool in ICE’s arsenal. The agency has signed multimillion-dollar contracts with Clearview AI, a company known for
IoTsurveillance-technologycell-site-simulatorslaw-enforcement-technologydata-privacyIMSI-catchersfacial-recognitionThe FTC’s data-sharing order against GM is finally settled
The Federal Trade Commission (FTC) has finalized an order prohibiting General Motors (GM) and its OnStar telematics service from sharing certain consumer data with consumer reporting agencies. This settlement, reached a year prior but only recently finalized, requires GM to be more transparent about its data collection practices and to obtain explicit consumer consent before collecting, using, or sharing connected vehicle data. The order follows revelations from nearly two years ago that GM and OnStar collected and sold drivers’ precise geolocation and driving behavior data—gathered through GM’s Smart Driver program—to third parties including data brokers like LexisNexis and Verisk, which then sold the information to insurance providers potentially affecting customer rates. Under the finalized order, GM must secure explicit consent from consumers at the point of vehicle purchase, linking the OnStar system to the vehicle’s VIN and asking owners to agree to data collection. While the order bans sharing location data with consumer reporting agencies, exceptions allow GM to share data with emergency responders and
IoTconnected-vehiclesdata-privacytelematicsGM-OnStardata-sharingconsumer-consentInside Uzbekistan’s nationwide license plate surveillance system
Uzbekistan operates a nationwide license plate surveillance system comprising around 100 high-resolution roadside camera banks that continuously scan vehicles and occupants for traffic violations such as running red lights, not wearing seatbelts, and unlicensed night driving. This extensive system, managed by the Department of Public Security under the Ministry of Internal Affairs, collects millions of photos and raw video footage, enabling detailed tracking of individuals’ movements across cities like Tashkent, Chirchiq, and others. The system, described as an “intelligence traffic management system,” is supplied by Maxvision, a Chinese company specializing in internet-connected traffic and surveillance technologies, which exports similar systems globally. A significant security lapse was discovered by researcher Sen, who found the entire Uzbek license plate surveillance database exposed online without password protection, allowing unrestricted access to sensitive data. The database, established in September 2024 with monitoring starting mid-2025, reveals real-time locations of cameras and detailed vehicle tracking information. Despite multiple attempts, neither Uzbek authorities nor
IoTsurveillance-systemslicense-plate-recognitionsmart-traffic-managementcybersecurityconnected-camerasdata-privacyBMW May Finally Do What Auto Industry Has Needed For Decades - CleanTechnica
BMW has filed a patent for a breathalyzer system integrated with a digital key (such as a smartphone or smartwatch) designed to prevent intoxicated individuals from driving. If the driver fails the breathalyzer test, the vehicle will allow operation of non-driving functions like air conditioning and infotainment but will disable the ability to drive. This innovation aims to address the persistent problem of drunk driving, which accounted for approximately 12,429 deaths in the US in 2023, representing about 30% of traffic-related fatalities. While the concept could potentially reduce drunk driving incidents and save lives, the article raises concerns about consumer acceptance and practical implementation. Questions remain about whether drivers would willingly adopt such technology, the possibility of circumventing the system (e.g., having someone else provide the breath sample), and privacy issues related to data sharing with third parties like insurance companies. Despite these uncertainties, the author supports the idea, emphasizing that even saving a single life would justify the effort.
IoTautomotive-technologybreathalyzer-integrationdigital-keydriver-safetydata-privacyvehicle-innovationLawmakers say stolen police logins are exposing Flock surveillance cameras to hackers
Lawmakers Sen. Ron Wyden and Rep. Raja Krishnamoorthi have urged the Federal Trade Commission (FTC) to investigate Flock Safety, a company operating license plate scanning cameras, over cybersecurity concerns. They allege that Flock fails to mandate multi-factor authentication (MFA) for its law enforcement customers, leaving the company’s extensive camera network vulnerable to hackers and foreign spies. Despite offering MFA as an option, Flock confirmed to Congress that it does not require its use, which could allow unauthorized access to sensitive law enforcement areas and billions of license plate photos collected nationwide. Flock Safety operates one of the largest license plate reader networks in the U.S., serving over 5,000 police departments and private businesses. Evidence presented by cybersecurity firm Hudson Rock and independent researcher Benn Jordan suggests that some law enforcement login credentials have been stolen and sold on cybercrime forums, including Russian marketplaces. In response, Flock’s chief legal officer stated that MFA is now enabled by default for all
IoTcybersecuritysurveillance-camerasmulti-factor-authenticationlicense-plate-recognitiondata-privacylaw-enforcement-technologyAnker offered Eufy camera owners $2 per video for AI training
Anker, the maker of Eufy security cameras, launched a campaign earlier this year offering users $2 per video of package or car thefts to help train its AI systems for better theft detection. The initiative encouraged users to submit both real and staged videos, even suggesting users stage theft events to earn more money, with payments made via PayPal. The campaign ran from December 18, 2024, to February 25, 2025, aiming to collect 20,000 videos each of package thefts and car door thefts. Over 120 users reportedly participated, and Eufy has since continued similar programs, including an in-app Video Donation Program that rewards users with badges, gifts, or gift cards for submitting videos involving humans. The company claims the videos are used solely for AI training and are not shared with third parties. However, concerns about privacy and data security persist. Eufy has a history of misleading users about the encryption of their camera streams, as revealed
IoTAIsecurity-camerasvideo-datauser-incentivessmart-home-devicesdata-privacyMeta plans to sell targeted ads based on data in your AI chats
Meta announced that starting December 16, it will use data from user interactions with its AI products to sell targeted ads across its social media platforms, including Facebook and Instagram. This update to its privacy policy applies globally except in South Korea, the UK, and the EU, where privacy laws restrict such data use. Meta plans to incorporate information from conversations with its AI chatbot and other AI features—such as those in Ray-Ban Meta smart glasses, which analyze voice recordings, pictures, and videos—into its ad targeting algorithms. For example, if a user discusses hiking with the AI, they may receive ads for hiking gear. However, sensitive topics like religion, sexual orientation, political views, health, and ethnicity will be excluded from ad targeting. Meta emphasizes that AI interaction data will only influence ads if users are logged into the same account across products, and currently, there is no opt-out option for this data use. This move reflects a broader trend among tech companies to monetize AI products, which are
IoTAItargeted-advertisingsmart-glassesdata-privacyMeta-AIuser-dataOura CEO talks potential IPO and ‘nonnegotiable’ data privacy
Oura Health CEO Tom Hale addressed the company's growth and potential plans for an initial public offering (IPO) amid reports valuing the health-tracking ring maker at nearly $11 billion. While Hale did not confirm any immediate IPO plans, he acknowledged that Oura has reached significant milestones in size, growth, and scale that make going public a viable option. He emphasized that the company will announce any such plans when the timing is appropriate. Oura is on track to generate $1 billion in revenue in 2025, doubling its revenue from the previous year. Hale also discussed data privacy concerns, particularly in relation to government data-sharing initiatives. He clarified that Oura aims to empower customers to share their data only when beneficial, rejecting any notion that data is shared indiscriminately with entities like the Trump administration. He stressed that protecting user data privacy and security is "nonnegotiable," especially given the potential risks if data were misused. Additionally, Hale shared a personal note on his own
IoTwearable-technologyhealth-trackingdata-privacysmart-devicesdigital-healthconsumer-electronicsSmart ring maker Oura’s CEO addresses recent backlash, says future is a ‘cloud of wearables’
Oura CEO Tom Hale addressed recent backlash stemming from misinformation that the company shares user data with the U.S. government. Hale firmly denied these claims, clarifying that Oura’s health data—collected through its smart rings, including metrics like heart rate, sleep, and body temperature—is never shared or sold without explicit user consent. He explained that while Oura participates in a Department of Defense (DoD) program, the enterprise solution operates in a separate, secure environment inaccessible to the government. Hale also dispelled rumors about a significant partnership with Palantir, stating that Oura’s relationship is limited to a small commercial contract related to a DoD certification standard (Impact Level 5) and does not involve data sharing or system integration. Hale emphasized the company’s commitment to user privacy and security, noting that Oura’s terms of service explicitly oppose using user data for surveillance or prosecution. Access to user data is tightly controlled and only permitted with user authorization for specific purposes, such as
IoTwearable-technologysmart-ringdata-privacyhealth-trackingcloud-computingcybersecuritySecurity researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data
Security researcher Seyfullah Kiliç from SwordSec discovered over 1,300 publicly exposed TeslaMate servers, hobbyist dashboards used by Tesla owners to log detailed vehicle data such as location history, battery health, charging sessions, and speed. These servers, likely made public unintentionally and lacking password protection, allowed anyone on the internet to access sensitive Tesla vehicle information. Kiliç scanned and mapped these exposed dashboards, highlighting the significant privacy risks, including revealing owners’ movements, charging habits, and even vacation times. This issue is not new but appears to have worsened since 2022, when a similar exposure was reported. TeslaMate’s founder previously implemented a bug fix to prevent unauthorized access, but users remain responsible for securing their servers. Kiliç emphasized the importance of enabling authentication and firewall protections to prevent data leaks and urged TeslaMate users to secure their publicly accessible dashboards. The research aims to raise awareness within the Tesla owner and open-source communities about the risks of inadvertently exposing sensitive vehicle
IoTTeslavehicle-datacybersecuritydata-privacyopen-sourcesmart-vehiclesSex toy maker Lovense threatens legal action after fixing security flaws that exposed users’ data
Lovense, a manufacturer of internet-connected sex toys, recently addressed security vulnerabilities that exposed users’ private email addresses and allowed remote account takeovers. The company confirmed that these bugs have been fully resolved and now requires users to update their apps to regain full functionality. However, Lovense CEO Dan Liu is reportedly considering legal action in response to what he described as erroneous reports about the security flaws, though it remains unclear whether this refers to media coverage or the security researcher’s disclosure. The security issues were initially revealed by a researcher known as BobDaHacker, who disclosed the vulnerabilities after Lovense indicated it would take 14 months to fully fix them instead of implementing a quicker, one-month fix that would have required notifying users. Despite Lovense’s claim that there is no evidence of data compromise or misuse, TechCrunch independently verified the email exposure bug, raising questions about the company’s assessment. Lovense has not clarified what technical evidence it has to support its claim of no data compromise. The situation highlights
IoTcybersecurityconnected-devicesdata-privacysoftware-vulnerabilitiesuser-securitylegal-issuesSex toy maker Lovense caught leaking users’ email addresses and exposing accounts to takeovers
Security researcher BobDaHacker revealed that sex toy maker Lovense has not fully resolved two critical security vulnerabilities that expose users’ private email addresses and allow account takeovers. Lovense, which has over 20 million users and is known for integrating ChatGPT into its products, was found leaking users’ email addresses through its app’s network traffic. By intercepting and modifying network requests, an attacker could link any Lovense username to its registered email address, posing significant privacy risks—especially for cam models who publicly share usernames but want to keep their emails private. TechCrunch verified this vulnerability, and BobDaHacker demonstrated that automating the process could reveal emails in under a second. The second flaw is even more severe, enabling attackers to take over any Lovense account using just the exposed email address. This vulnerability allows creation of authentication tokens without passwords, granting full remote control of the account. Given that many users rely on Lovense devices for work, such as cam models, this flaw represents a
IoTcybersecurityinternet-connected-devicesdata-privacyvulnerabilityaccount-takeoverbug-bountyUptime Industries wants to boost localized AI usage with an ‘AI-in-a-box’ called Lemony AI
Uptime Industries has developed Lemony AI, a compact “AI-in-a-box” device designed to run large language models (LLMs), AI agents, and workflows locally on-premise. About the size of a sandwich and consuming only 65 watts of power, each Lemony node can support LLMs with up to 75 billion parameters, hosting both open-source and adapted closed models. Multiple devices can be stacked to form clusters, allowing different models to run simultaneously. The company has partnered with IBM and JetBrains to facilitate customer access to various AI models, including IBM’s proprietary ones. The concept originated from a side project by Uptime’s co-founders, who explored distributing language models on small devices like Raspberry Pis. Recognizing the potential for localized AI to enhance adoption—especially among enterprises wary of cloud-based solutions—they focused on creating a small, privacy-centric device that teams could deploy without extensive organizational approval. This approach appeals particularly to regulated sectors such as finance, healthcare, and law, where data privacy is critical since all data and models remain within the device. Uptime has raised $2 million in seed funding to advance development, plans to extend its Lemony OS software to other hardware platforms, and aims to evolve from single-user to team-based software functionality. Lemony AI is offered at $499 per month for up to five users.
energyAI-hardwareedge-computingon-premise-AIlow-power-devicesAI-clustersdata-privacy