Privacy & Security FAQ: Week Ending November 19th, 20241. What happened with T-Mobile and Chinese hackers?

Chinese hackers, suspected of ties to Chinese intelligence, infiltrated T-Mobile as part of a larger cyberespionage operation. This attack targeted telecom companies to gather intelligence on high-value targets. While T-Mobile claims no significant impact on their systems or customer data, the breach raises concerns about the security of telecommunications networks and the potential for surveillance.

Google is rolling out an AI-powered scam call detection feature for Android phones, starting with Pixel 6 and newer models. This feature analyzes real-time conversation patterns to detect potential scams and alerts users through audio, haptic, and visual warnings. The system operates entirely on the device, ensuring privacy by not storing or transmitting call data externally.

India's competition watchdog fined Meta $25.4 million and ordered WhatsApp to stop sharing user data with other Meta units for advertising for five years. This action stems from WhatsApp's 2021 privacy policy update, which mandated data sharing with Meta companies without an opt-out option. The watchdog deemed this practice as an abuse of Meta's dominant position and coercive towards users.

Legal documents from a US lawsuit between NSO Group and WhatsApp revealed that NSO Group, not their government clients, directly install and extract information from phones targeted by their Pegasus spyware. This contradicts NSO's claims that clients solely operate the spyware. The revelation raises concerns about the control and accountability of NSO Group's powerful surveillance technology.

ChatGPT's desktop app for macOS can now read code from developer-focused apps like VS Code, Xcode, and TextEdit. This integration allows developers to directly send code snippets to ChatGPT for analysis and assistance without manual copy-pasting. While it currently lacks the ability to write code directly into apps, this feature marks a step towards streamlined AI assistance in coding workflows.

DeFlock is an open-source project utilizing Open Street Map to map the locations of automated license plate readers (ALPRs) worldwide. Concerned about the proliferation of these surveillance devices, the project encourages crowdsourced reporting of ALPR locations, including details like camera direction. You can contribute to this initiative by reporting ALPRs in your area on the DeFlock website: https://deflock.me/report.

Internal emails revealed that the US Secret Service debated the need for warrants when using location data from smartphone apps. Some officials argued that users' acceptance of app terms of service implied consent for data sharing, even if those terms didn't explicitly mention sharing with law enforcement. This raised concerns about government agencies accessing private location data without proper legal authorization.

How can you enhance your privacy and security?

• For secure communication: Consider using encrypted messaging apps like Signal or Session.
• Protect against phone fraud: Be wary of suspicious calls and consider enabling Google's AI-powered scam call detection.
• Control data sharing: Scrutinize app permissions and privacy policies before granting access to personal information.
• Support privacy initiatives: Contribute to projects like DeFlock and advocate for stronger data protection laws.
• Stay informed: Follow reputable sources for news on privacy and security issues to make informed decisions about your digital life.