TechLetters ☕️ Unexpected privacy evolution by Google. EU vs TikTok. China vs USA. EU v. Russia. China v. USA. EU v. AI. Listening air fryers and identifying users on the internet for advertising pur.
Google plans to allow device fingerprinting from February 2025, raising privacy concerns. The UK’s data protection authority has expressed dissatisfaction. I analyze these developments and their implications for the global internet privacy.
As a cybersecurity and data protection professional with experience in global cybersecurity, risk assessment, and privacy regulations (including GDPR), I’m keen to explore new opportunities starting in early 2025. If your organization—or someone you know—could benefit from expertise in navigating such evolving fields and mitigating risks, feel free to reach out: me@lukaszolejnik.com.
Security
European Commission opens proceedings against TikTok. Under the DSA for failing to mitigate systemic risks to election integrity, particularly during Romania’s recent elections, highlighting concerns over platform accountability and foreign interference.
China is investigating 'US cyberattacks targeting major Chinese advanced materials design and research institution’. The attacks, allegedly delivered via trojans, were reportedly used to "steal trade secrets" in two incidents since May 2023. The ‘report’ turns out to be a three sentences text block.
EU countries are at risk of Russian election meddling that can be “nearly impossible” to prove. As the Romania’s president has warned. He expressed skepticism about cyber-attribution, explaining that Russia’s involvement is hard to prove due to tactics like using servers in many locations globally. “Don’t imagine that these attacks are signed ‘from the East, with love’.”
Chinese state-linked cyber group "Salt Typhoon" breached major U.S. telecom networks. Targeting high-profile government officials such as President-elect Trump and JD Vance. Recommendations for potential victims include using end-to-end encrypted messengers, password managers, and FIDO or Authenticator apps while avoiding SMS for multi-factor authentication. Consider buying a new smartphone for improved security, and avoid using personal VPNs. For iPhone users, enable Lockdown Mode. For Android, opt for Google Pixel or Samsung devices.
Privacy
GDPR implications for AI training highlight risks and loopholes. The EDPB Opinion emphasizes the need for lawful data processing, anonymization, and compliance safeguards like DPIAs. Concerns arise over potential GDPR loopholes in "Scenario 3," where unlawfully collected data might be anonymized and reused. This could weaken privacy protections, particularly in adtech. Clear guidance is essential to uphold GDPR principles.
IAB releases guidance on ID-less mechanisms for internet tracking. Touted as "Privacy by design - limited risk of abuse" (mentioned seven times), the document lacks citations or references to analyses. It is currently open for comments.
Air fryers accused of eavesdropping and data sharing. Models from Xiaomi, Tencent, and Aigostar were reported to attempt recording audio on users' phones without justification. Additionally, Aigostar and Xiaomi fryers transmitted personal data to servers in China.
Defending against HSTS misuse for user tracking. Proposal for limiting HSTS upgrades to top-level navigations and blocking sub-resource misuse to prevent tracking abuse.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: