Yale Privacy Lab is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Yale Privacy Lab @privacylab@mastodon.social

Pinned toot

For friends where our website is blocked: you can still download Tor Browser and access critical resources and sites.

Send a DM to @get_tor with your OS, and you'll receive download links. #censorship #privacy #freespeech #internet twitter.com/torproject/status/ source: twitter.com/torproject/status/

Now via #Yalp, users can check @exodus reports about the trackers in the app you want to download.

"Oh, it also tracks your every move and taps your smartphone's microphone, supposedly in the name of helping to root out unauthorized match broadcasts in bars, restaurants and cafes." boingboing.net/2018/06/11/span

DHS plans to massively expand its collection of data on citizens and foreigners, combining everything from biometrics to information about people’s “relationship patterns” and “encounters” with officers.

This plan is fatally flawed and must be stopped. eff.org/deeplinks/2018/06/hart source: twitter.com/eff/status/1006270

using a ~$200 USD drone: "In a paper titled 'Eye in the Sky,' the researchers describe their system... An algorithm trained using deep learning estimates poses of humans in the video and matches them to postures researchers have designated as 'violent.'" theverge.com/2018/6/6/17433482

"Industry lobbyists who want to continue monetising users’ online data are battling against new ePrivacy regulations, targeting EU member states in the Council. And some member state governments are only too happy to help." corporateeurope.org/power-lobb

large Ticketfly data breach. Shout out to the excellent haveibeenpwned service that notifies users of disasters like this :) cbsnews.com/news/ticketfly-eve

"One of the major wireless carriers informed my office that it reported an SS7 breach, in which customer data was accessed, to law enforcement through the government's Customer Proprietary Network Information (CPNI) Reporting Portal." soylentnews.org/article.pl?sid

Photo CC BY-NC-SA François Proulx flic.kr/p/mBJ32

"The concern is that a rogue submodule can trick the Git into running code it shouldn’t outside the context of the repository. 'This allowed an adversary to exfiltrate data, pull down a web shell, plant a cryptominer or just totally own the machine...'"


"For more than a year, Mozilla Firefox and Google Chrome may have leaked users’ Facebook usernames, profile pictures, and likes if the users’ browsers visited malicious websites that employed a cutting-edge hack"


"@eff has joined the ACLU and a coalition of civil liberties organizations demanding that Amazon stop powering a government surveillance infrastructure."


Set to task of compiling a blog post for the and space at . ETA publication in a few weeks time.

Messaging is around .

Around 2,000 people show up and a wide variety of levels - newbies to world-class experts.

Any suggestions for what topics you might hope would be covered in this year's interactive sessions & workshops?

"Levy argued for a 'transparent, well managed and ordered' surveillance regime as opposed to a system that would rely on finding software flaws in order to defeat encryption. He told privacy advocates: 'If you whack governments on privacy it will only drive the vulnerability market.'"


Mozilla's #internethealth Report examines the state of privacy, inclusion, and openness online. It also shares best practices for making the web a better place: t.co/OsVeNG0sKu twitter.com/mozilla/status/100 source: twitter.com/mozilla/status/100

are tides from the "Web 2.0" era turning? majority in poll won't trade privacy for free (gratis) services

"63% in poll say they are not willing to give up their personal data for targeted ads to use an online service for free”


our @diggity on GDPR: "Warning screens and verbose agreements often become software malpractice: they not only mask the poison coursing through the system, they sedate the user into a click-through coma." boingboing.net/2018/05/25/gdpr

great piece by @yaelwrites including Jack Balkin's concept of information fiduciaries: "Although relationships with third parties might be lucrative for telecoms, any entity collecting sensitive information like location data has a moral obligation to keep it safe."


Doctorow: "if that data leaks, it would allow anyone to break into your kid's cloud and plunder all their private data... Naturally, Teensafe stored thousands of parents and kids' usernames and passwords, without encryption, on an insecure server."


“Encrypted Email and Security Nihilism” by Daniel Kahn Gillmor

“Nihilism is tempting, both from an absolutist perspective and because of despair in the ongoing litany of technical failure. But it's not a realistic option, and we need to keep up the good fight.”