Your rights online

Syndicate content Slashdot: Your Rights Online
News for nerds, stuff that matters
Updated: 2 weeks 5 days ago

A Researcher Attempted To Opt Out of Facial Recognition at the Airport -- It Wasn't Easy

Wed, 07/03/2019 - 13:30
Allie Funk, writing for Wired: The announcement came as we began to board. Last month, I was at Detroit's Metro Airport for a connecting flight to Southeast Asia. I listened as a Delta Air Lines staff member informed passengers that the boarding process would use facial recognition instead of passport scanners. As a privacy-conscious person, I was uncomfortable boarding this way. I also knew I could opt out. Presumably, most of my fellow fliers did not: I didn't hear a single announcement alerting passengers how to avoid the face scanners. To figure out how to do so, I had to leave the boarding line, speak with a Delta representative at their information desk, get back in line, then request a passport scan when it was my turn to board. Federal agencies and airlines claim that facial recognition is an opt-out system, but my recent experience suggests they are incentivizing travelers to have their faces scanned -- and disincentivizing them to sidestep the tech -- by not clearly communicating alternative options. Last year, a Delta customer service representative reported that only 2 percent of customers opt out of facial-recognition. It's easy to see why.

Read more of this story at Slashdot.

Categories: Privacy

Security Flaws In a Popular Smart Home Hub Let Hackers Unlock Front Doors

Tue, 07/02/2019 - 22:10
In new research published Tuesday, security researchers Chase Dardaman and Jason Wheeler found three security flaws which, when chained together, could be abused to open a front door with a smart lock. TechCrunch reports: Dardaman and Wheeler began looking into the ZipaMicro, a popular smart home hub developed by Croatian firm Zipato, some months ago, but only released their findings once the flaws had been fixed. The researchers found they could extract the hub's private SSH key for "root" -- the user account with the highest level of access -- from the memory card on the device. Anyone with the private key could access a device without needing a password, said Wheeler. They later discovered that the private SSH key was hardcoded in every hub sold to customers -- putting at risk every home with the same hub installed. Using that private key, the researchers downloaded a file from the device containing scrambled passwords used to access the hub. They found that the smart hub uses a "pass-the-hash" authentication system, which doesn't require knowing the user's plaintext password, only the scrambled version. By taking the scrambled password and passing it to the smart hub, the researchers could trick the device into thinking they were the homeowner. All an attacker had to do was send a command to tell the lock to open or close. With just a few lines of code, the researchers built a script that locked and unlocked a smart lock connected to a vulnerable smart hub.

Read more of this story at Slashdot.

Categories: Privacy

Elizabeth Warren Accuses Advisory Panel For FCC of Corruption

Tue, 07/02/2019 - 20:50
An anonymous reader quotes a report from CNET: A panel that provides policy advice to the Federal Communications Commission is "stacked with corporate insiders," Democratic presidential candidate Elizabeth Warren said Monday. She cited a blog post by the Project On Government Oversight (POGO), which showed more than half of all Communications Security, Reliability and Interoperability Council (CSRIC) members are direct employees of private companies or of industry trade groups. This could lead to allegations that rather than working for American consumers, the FCC is working for "giant telecom companies", Warren, a Democratic senator from Massachusetts, tweeted Monday. "This is the definition of corruption: industry members writing the rules to benefit themselves & their rich friends," she added in another tweet. Sen. Warren has called on FCC Chair Ajit Pai to "explain the extent to which CSRIC may be corrupted by corporate influence." A letter from Warren and Rep. Pramila Jayapal dated June 27, spotted earlier by The Hill, asks for information (PDF) from Pai on whether the panel is "inappropriately dominated by industry (pdf) insiders." "The industry-dominated personnel on the panel have recommended policies that are directly in line with the wishes of the companies from which their members are drawn," the letter says, adding that POGO says a lack of expertise among FCC members means they rely increasingly on the panel's recommendations.

Read more of this story at Slashdot.

Categories: Privacy

Oracle On Why It Thinks AWS Winning Pentagon's $10 Billion Jedi Cloud Contract Stinks

Tue, 07/02/2019 - 16:50
An anonymous reader quotes a report from The Register: Ahead of its first day in a U.S. federal claims court in Washington DC, Oracle has outlined its position against the Pentagon's award of the Joint Enterprise Defense Infrastructure (JEDI) cloud contract to Amazon Web Services. Big Red's lengthy filing questions the basis of Uncle Sam's procurement procedure as well as Amazon's hiring of senior Department of Defense staff involved in that procurement process. Oracle's first day in court is set for 10 July. The JEDI deal could be worth up to $10 billion over 10 years. The Department of Defense handed the contract to AWS after deciding that only Amazon and Microsoft could meet the minimum security standards required in time. Oracle's filing said that U.S. "warfighters and taxpayers have a vested interest in obtaining the best services through lawful, competitive means... Instead, DoD (with AWS's help) has delivered a conflict-ridden mess in which hundreds of contractors expressed an interest in JEDI, over 60 responded to requests for information, yet only the two largest global cloud providers can clear the qualification gates." The company said giving JEDI, with its "near constant technology refresh requirements", to just one company was in breach of procurement rules. It accused the DoD of gaming the metrics used in the process to restrict competition for the contract. Oracle also accused Amazon of breaking the rules by hiring two senior DoD staff, Deap Ubhi and Anthony DeMartino, who were involved in the JEDI procurement process. Ubhi is described as "lead PM." A third name is redacted in the publicly released filing. The DoD, which is expected to make an offer to settle the case in late August, said in a statement: "We anticipate a court decision prior to that time. The DoD will comply with the court's decision. While the acquisition and litigation processes are proceeding independently the JEDI implementation will be subject to the determination of the court." The 50-page filing can be found here (PDF).

Read more of this story at Slashdot.

Categories: Privacy

China Is Forcing Tourists To Install Text-Stealing Malware at its Border

Tue, 07/02/2019 - 12:06
Foreigners crossing certain Chinese borders into the Xinjiang region, where authorities are conducting a massive campaign of surveillance and oppression against the local Muslim population, are being forced to install a piece of malware on their phones that gives all of their text messages as well as other pieces of data to the authorities, a collaboration by Motherboard, Suddeutsche Zeitung, the Guardian, the New York Times, and the German public broadcaster NDR has found. From the report: The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller's device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band. In no way is the downloading of tourists' text messages and other mobile phone data comparable to the treatment of the Uighur population in Xinjiang, who live under the constant gaze of facial recognition systems, CCTV, and physical searches. [...] The malware news shows that the Chinese government's aggressive style of policing and surveillance in the Xinjiang region has extended to foreigners, too. "[This app] provides yet another source of evidence showing how pervasive mass surveillance is being carried out in Xinjiang. We already know that Xinjiang residents -- particularly Turkic Muslims -- are subjected to round-the-clock and multidimensional surveillance in the region," Maya Wang, China senior researcher at Human Rights Watch, said. "What you've found goes beyond that: it suggests that even foreigners are subjected to such mass, and unlawful surveillance."

Read more of this story at Slashdot.

Categories: Privacy

Senate Passes Cybersecurity Bill To Decrease Grid Digitization, Move Toward Manual Control

Mon, 07/01/2019 - 22:03
On June 27, the U.S. Senate passed a bipartisan cybersecurity bill that will study ways to replace automated systems with low-tech redundancies to protect the country's electric grid from hackers. Called The Securing Energy Infrastructure Act (SEIA), the bill establishes a two-year pilot program identifying new security vulnerabilities and researching and testing solutions, including "analog and nondigital control systems." The U.S Department of Energy would be required to report back to Congress on its findings. Utility Drive reports: The increase in distributed energy resources can serve load more efficiently, but also offers potential attackers more potential entry points. "Our connectivity is a strength that, if left unprotected, can be exploited as a weakness," Sen. Angus King, I-Maine, who sponsored the bill with Sen. Jim Risch, R-Idaho, said in a statement. Sens. Susan Collins, R-Maine, Martin Heinrich, D-N.M., and Mike Crapo, R-Idaho cosponsored the bill. The House measure is being introduced by Reps. Dutch Ruppersberger, D-Md., and John Carter, R-Texas.

Read more of this story at Slashdot.

Categories: Privacy

India Widens Antitrust Probe Into Google's Android Dominance

Mon, 07/01/2019 - 03:34
An anonymous reader quotes Reuters: Google appears to have misused its dominant position in India and reduced the ability of device manufacturers to opt for alternate versions of its Android mobile operating system, Indian officials found before ordering a wider probe in an antitrust case. A 14-page order from the Competition Commission of India (CCI), reviewed by Reuters this week, found Google's restrictions on manufacturers seemed to amount to imposition of "unfair conditions" under India's competition law.... The Indian case is similar to one Google faced in Europe, where regulators imposed a $5 billion fine on the company for forcing manufacturers to pre-install its apps on Android devices. Google has appealed against the verdict. By making pre-installation of Google's proprietary apps conditional, Google "reduced the ability and incentive of device manufacturers to develop and sell devices operated on alternate versions of Android", the CCI said in the order. "It amounts to prima facie leveraging of Google's dominance".

Read more of this story at Slashdot.

Categories: Privacy

Former Equifax CIO Sentenced to 4 Months in Prison for Insider Training

Sun, 06/30/2019 - 16:34
An anonymous reader quotes CNET: A former Equifax executive who sold his stock in the consumer credit reporting firm before it announced a massive data breach has been sentenced to four months in federal prison for insider trading. Jun Ying, former chief information officer for the company's US Information Solutions, was also ordered to pay about $117,000 in restitution and a $55,000 fine, the US Attorney's Office said Thursday... Ying sold all his shares in Equifax, making more than $950,000. Ying's insider trading happened 10 days before Equifax publicly announced its breach. Ying, 44, is the second Equifax employee convicted of insider trading related to the data breach. Sudhakar Reddy Bonthu, a former Equifax software development manager, pleaded guilty in 2018 to using the insider information to make more than $75,000 on the stock market. Bonthu was ordered to serve eight months home confinement, pay a $50,000 fine and forfeit the proceeds from the stock sale. In announcing the sentence, U.S. Attorney Byung J. Pak said that Ying had "thought of his own financial gain before the millions of people exposed in this data breach even knew they were victims."

Read more of this story at Slashdot.

Categories: Privacy

Wikipedia Co-Founder Calls For a Social Media Strike July 4-5

Sun, 06/30/2019 - 13:34
Wikpedia co-founder Larry Sanger is also Slashdot reader #936,381. He has an announcement: "Humanity has been contemptuously used by vast digital empires," says my new Declaration of Digital Independence, which you can sign. So I'm calling a massive social media strike for July 4-5 to raise awareness of the possibility of decentralizing social media, which is wildly popular whenever proposed. Read the FAQ use the resources to learn and spread the word far and wide. Look for lots of news about this soon. And get ready! Maybe we can make a long-held geek dream finally come true.

Read more of this story at Slashdot.

Categories: Privacy

Sting Finds Ransomware Data Recovery Firms Are Just Paying The Ransom

Sun, 06/30/2019 - 03:34
"ProPublica recently reported that two U.S. firms, which professed to use their own data recovery methods to help ransomware victims regain access to infected files, instead paid the hackers. Now there's new evidence that a U.K. firm takes a similar approach." An anonymous reader quotes their report: Fabian Wosar, a cyber security researcher, told ProPublica this month that, in a sting operation he conducted in April, Scotland-based Red Mosquito Data Recovery said it was "running tests" to unlock files while actually negotiating a ransom payment. Wosar, the head of research at anti-virus provider Emsisoft, said he posed as both hacker and victim so he could review the company's communications to both sides. Red Mosquito Data Recovery "made no effort to not pay the ransom" and instead went "straight to the ransomware author literally within minutes," Wosar said. "Behavior like this is what keeps ransomware running." Since 2016, more than 4,000 ransomware attacks have taken place daily, or about 1.5 million per year, according to statistics posted by the U.S. Department of Homeland Security. Law enforcement has failed to stem ransomware's spread, and culprits are rarely caught... But clients who don't want to give in to extortion are susceptible to firms that claim to have their own methods of decrypting files. Often, victims are willing to pay more than the ransom amount to regain access to their files if they believe the money is going to a data recovery firm rather than a hacker, Wosar said. Red Mosquito charged their client four times the actual ransom amount, according to the report -- though after ProPublica followed up, the company "did not respond to emailed questions, and hung up when we called the number listed on its website." The company then also "removed the statement from its website that it provides an alternative to paying hackers. It also changed 'honest, free advice' to 'simple free advice,' and the 'hundreds' of ransomware cases it has handled to 'many.'"

Read more of this story at Slashdot.

Categories: Privacy

Microsoft Claims Unauthorized Repairing of Its Devices Would Be a Security Risk

Sat, 06/29/2019 - 15:41
In comments submitted to America's Federal Trade Commission, Microsoft says repairing its devices could jeopardize protections from the Trusted Platform Module (TPM) security chip. "Don't believe them," argues a group of information security professionals who support the right to repair. Slashdot reader chicksdaddy quotes their report: The statement was submitted ahead of Nixing the Fix, an FTC workshop on repair restrictions that is scheduled for mid-July... "The unauthorized repair and replacement of device components can result in the disabling of key hardware security features or can impede the update of firmware that is important to device security or system integrity," Microsoft wrote... "If the TPM or other hardware or software protections were compromised by a malicious or unqualified repair vendor, those security protections would be rendered ineffective and consumers' data and control of the device would be at risk. Moreover, a security breach of one device can potentially compromise the security of a platform or other devices connected to the network...." As we know: Firms like Microsoft, Lexmark, LG, Samsung and others use arguments like this all the time and then not too subtly imply that their authorized repair professionals are more trustworthy and honest than independent competitors. But that's just hot air. They have no data to back up those assertions and there's no way that their repair technicians are more trustworthy than owners, themselves... There's nothing inherent in repair or the things called for in right to repair laws like providing diagnostic software, diagnostic codes, schematics and replacement parts that puts the integrity of the TPM or the trust model it anchors at risk. Nor does the TPM require that the devices it secures remain pristine: using the same hardware and software configuration as when they were sold by the OEM. After all, TPMs are in Dell computers. Dell makes diagnostic software and diagnostic codes and schematics available for their hardware and I haven't heard Microsoft or anybody else suggest that a TPM on a repairable Dell laptop is any less secure than the TPM on an unrepairable Microsoft Surface.

Read more of this story at Slashdot.

Categories: Privacy

Trump Relaxes US Ban On Selling To Huawei In Surprise G20 Concession

Sat, 06/29/2019 - 13:34
hackingbear tipped us off to a breaking news story. CNN reports: US President Donald Trump has appeared to soften his tone on Chinese communications giant Huawei, suggesting that he would allow the company to once again purchase U.S. technology. Speaking at a press conference in Osaka, Saturday, Trump said that the U.S. sells a "tremendous amount of product" to Huawei. "That's okay, we will keep selling that product," said Trump. "The (U.S.) companies were not exactly happy that they couldn't sell." Forbes points out "While it's not a lifting of the blanket ban, it will significantly benefit the Chinese manufacturer." ZDNet reports: This news just broke with comments made by Trump, including "U.S. companies can sell their equipment to Huawei. We're talking about equipment where there's no great national security problem with it." The details of this statement are still pending, but it is likely that 5G infrastructure equipment may still not be part of this access deal while the smartphone segment may be where we see open access. One Daily Beast contributor argues the action "appears to be a surrender to publicly issued Chinese demands." But TechCrunch writes that "any mutual trust has been broken and things are unlikely to be the same again."

Read more of this story at Slashdot.

Categories: Privacy

Theranos Founder Elizabeth Holmes To Stand Trial In 2020

Sat, 06/29/2019 - 09:00
An anonymous reader quotes a report from TechCrunch: Elizabeth Holmes, the founder of the now-defunct biotech unicorn Theranos, will face trial in federal court next summer with penalties of up to 20 years in prison and millions of dollars in fines. Jury selection will begin July 28, 2020, according to U.S. District Judge Edward J. Davila, who announced the trial will commence in August 2020 in a San Jose federal court Friday morning. Holmes and former Theranos president Ramesh "Sunny" Balwani were indicted by a grand jury last June with 11 criminal charges in total. Two of those charges were conspiracy to commit wire fraud (against investors, and against doctors and patients). The remaining nine are actual wire fraud, with amounts ranging from the cost of a lab test to $100 million. Bloomberg says Holmes' legal team plans to argue that The Wall Street Journal's John Carreyrou "had an undue influence on federal regulators," and "went beyond reporting the Theranos story." "The jury should be aware that an outside actor, eager to break a story, and portray the story as a work of investigative journalism, was exerting influence on the regulatory process in a way that appears to have warped the agencies' focus on the company and possibly biased the agencies' findings against it," her attorneys wrote, per Bloomberg. "The agencies' interactions with Carreyrou thus go to the heart of the government's case."

Read more of this story at Slashdot.

Categories: Privacy

House Votes To Block Ajit Pai's Plan To Kill San Francisco Broadband Law

Fri, 06/28/2019 - 20:45
An anonymous reader quotes a report from Ars Technica: The U.S. House of Representatives has voted to block Ajit Pai's attempt to kill a San Francisco ordinance designed to promote broadband competition in apartment buildings. As we reported last week, the Federal Communications Commission chair has scheduled a July 10 vote on a measure that would preempt the San Francisco city ordinance, which lets Internet service providers use the existing wiring inside multiunit residential and commercial properties even if the wiring is already used by another ISP that serves the building. The ordinance applies only when the inside wiring belongs to the property owner, but it makes it easier for ISPs to compete in many multiunit buildings already served by another provider. Pai claimed that the city's rule "deters broadband deployment" and infringes on the FCC's regulation of cable wiring. But US Rep. Katie Porter (D-Calif.) proposed a budget amendment that would forbid the FCC from using any funding to implement or enforce Pai's preemption proposal. The House, which is controlled by Democrats, yesterday approved the Financial Services and General Government Appropriations Act for fiscal 2020 in a mostly party-line vote of 224-196. Earlier in the day, the House approved a block of amendments including Porter's proposal that "prohibits the Federal Communications Committee from finalizing a draft declaratory ruling that would overturn local ordinances that promote broadband competition." The amendment's passage by a vote of 227-220 was also noted in the Congressional Record.

Read more of this story at Slashdot.

Categories: Privacy

NSA Improperly Collected US Phone Call Data After Saying Problem Was Fixed

Fri, 06/28/2019 - 18:40
An anonymous reader quotes a report from USA Today: The National Security Agency improperly collected phone call records of Americans last fall, months after a previous breach that compelled the agency to destroy millions of records from the contentious program, documents released Wednesday revealed. The redacted documents, obtained by the ACLU in a Freedom of Information Act lawsuit, do not indicate how many records NSA improperly collected in the October breach, nor which telecommunications provider submitted the improper data. "These documents provide further evidence that the NSA has consistently been unable to operate the call detail record program within the bounds of the law," the ACLU said in a letter to Congress this week lobbying for an end to the program. The letter says elements within the Office of the Director of National Intelligence concluded the October violations had a "significant impact" on privacy and civil rights, but that the Americans affected were not told of the breach.

Read more of this story at Slashdot.

Categories: Privacy

Technology is Eroding the Ability To Move Around the Physical World Anonymously

Fri, 06/28/2019 - 17:21
Hal Hodson, a correspondent for Economist writes in a Twitter thread: Something really massive is happening, and I feel like society is barely grasping the tendrils of the implications. Technology is eroding one of the great levees of human society -- the ability to move around the physical world anonymously. This is happening because computers are getting better at spotting patterns in data, and the cost of capturing data that contain patterns about human beings is plummeting. Most adult humans have a device in their pocket capable of recognizing the patterns in another human's face. Face recognition is just the most obvious side of this new reality. It's easy to grasp that a computer can remember what your face looks like, because humans can do that too (not that well though). But computers don't care what data is used to tag you, only that the data is unique. You can measure someone's: heartbeat with a laser; breathing with the RF-waves in wifi; walking gait with a camera; geographical movements through their phone; and voice and emotional state through a microphone. These datasets all hold patterns which uniquely ID a person. Pretty much anyone can "scan" anyone at this point. The hard bit is matching the patterns in that data with a person's legal identity, figuring out to whom a pattern belongs. This means that control of and access to identity systems is more important than it has ever been before. The issue is that currently the world does not expect to be identified anywhere at any time, by anyone. Society runs on the assumption that people are unknowable in some spaces. I don't know what happens as that disappears, but I am worried. It's easy to imagine bad actors gathering all the data they can on everyone they can get their hands on. Doesn't matter if it isn't linked with an ID right now. Store it, and when someone becomes a threat, do the work to ID them in stored data, find something to get them with. Legal systems need to recreate and/or reinforce some of the levees that cheap compute and sensing are washing away. Maybe folks want to live in a world where anyone can set a drone or autonomous agent to track a person around town and report their movements. I don't think so. Addedum: the direction of travel is crystal clear here. Cheaper sensors, closer to the body and mind, coupled with ever-cheaperbetter computation. You can't rely on nature for "privacy" any more. You have to do it for ourselves, if you want.

Read more of this story at Slashdot.

Categories: Privacy

A Second US City Has Banned Facial Recognition

Fri, 06/28/2019 - 09:00
An anonymous reader quotes a report from Motherboard: Somerville, Massachusetts just became the second U.S. city to ban the use of facial recognition in public space. The "Face Surveillance Full Ban Ordinance," which passed through Somerville's City Council on Thursday night, forbids any "department, agency, bureau, and/or subordinate division of the City of Somerville" from using facial recognition software in public spaces. The ordinance passed Somerville's Legislative Matters Committee on earlier this week. The ordinance defines facial surveillance as "an automated or semi-automated process that assists in identifying an individual, capturing information about an individual, based on the physical characteristics of an individual's face," which is operationally equivalent to facial recognition. San Francisco banned the use of facial recognition by police and city government agencies a month ago.

Read more of this story at Slashdot.

Categories: Privacy

Trump White House Reportedly Debating Encryption Policy Behind Closed Doors

Thu, 06/27/2019 - 22:02
According to a report in Politico, the Trump administration held a National Security Council meeting on Wednesday that weighed the challenges and benefits of encryption. "One of Politico's sources said that the meeting was split into two camps: Decide, create and publicize the administration's position on encryption or go so far as to ask Congress for legislation to ban end-to-end encryption," reports Gizmodo. From the report: That would be a huge escalation in the encryption fight and, moreover, would probably be unsuccessful due to a lack of willpower in Congress. No decision was made by the Trump administration officials, Politico reported. The White House did not respond to a request for comment. The fact that these discussions are ongoing both within the White House and with Silicon Valley shows that the issue is still very much alive within the corridors of power.

Read more of this story at Slashdot.

Categories: Privacy

The Pentagon Has a Laser That Can Identify People From a Distance By Their Heartbeat

Thu, 06/27/2019 - 20:03
An anonymous reader quotes a report from MIT Technology Review: A new device, developed for the Pentagon after U.S. Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. "I don't want to say you could do it from space," says Steward Remaly, of the Pentagon's Combatting Terrorism Technical Support Office, "but longer ranges should be possible." Contact infrared sensors are often used to automatically record a patient's pulse. They work by detecting the changes in reflection of infrared light caused by blood flow. By contrast, the new device, called Jetson, uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).

Read more of this story at Slashdot.

Categories: Privacy

Google's New ReCAPTCHA Has a Dark Side

Thu, 06/27/2019 - 18:40
An anonymous reader quotes a report from Fast Company: We've all tried to log into a website or submit a form only to be stuck clicking boxes of traffic lights or storefronts or bridges in a desperate attempt to finally convince the computer that we're not actually a bot. For many years, this has been one of the predominant ways that reCaptcha -- the Google-run internet bot detector -- has determined whether a user is a bot or not. But last fall, Google launched a new version of the tool, with the goal of eliminating that annoying user experience entirely. Now, when you enter a form on a website that's using reCaptcha V3, you won't see the "I'm not a robot" checkbox, nor will you have to prove you know what a cat looks like. Instead, you won't see anything at all. Google is also now testing an enterprise version of reCaptcha v3, where Google creates a customized reCaptcha for enterprises that are looking for more granular data about users' risk levels to protect their site algorithms from malicious users and bots. But this new, risk-score based system comes with a serious trade-off: users' privacy. According to two security researchers who've studied reCaptcha, one of the ways that Google determines whether you're a malicious user or not is whether you already have a Google cookie installed on your browser. It's the same cookie that allows you to open new tabs in your browser and not have to re-log in to your Google account every time. But according to Mohamed Akrout, a computer science PhD student at the University of Toronto who has studied reCaptcha, it appears that Google is also using its cookies to determine whether someone is a human in reCaptcha v3 tests. Akrout wrote in an April paper about how reCaptcha v3 simulations that ran on a browser with a connected Google account received lower risk scores than browsers without a connected Google account. "Because reCaptcha v3 is likely to be on every page of a website, if you're signed into your Google account there's a chance Google is getting data about every single webpage you go to that is embedded with reCaptcha v3 -- and there many be no visual indication on the site that it's happening, beyond a small reCaptcha logo hidden in the corner," the report adds.

Read more of this story at Slashdot.

Categories: Privacy