Menu
EN

Cookies, Google, Amazon, Twitter breach & warrantless surveillance. AdGuard’s digest

In this edition of AdGuard's Digest: Chrome can’t say goodbye to third-party cookies, Twitter suffers a breach, European countries deem Google not safe for schools, smart doorbells share data with police (no warrant needed), the UK wants tech companies to scan phones, while the US stockpiles cell phone location data.

Leading network operators test new cookie-free way to track users

Europe’s leading telecommunications providers, Vodafone and Deutsche Telekom, have been testing a new tracking tool that can potentially replace third-party cookies. While the old tracking method relies on storing website imprints on the device, a new tool called TrustPid allows service providers to store all the data. With TrustPid, carriers assign “pseudo-anonymous tokens” to users based on their IP addresses. If website operators, starved of user data due to the phasing out of third-party cookies, want to know more about visitors, they can call up this identifier and personalize ads. While websites might not be able to identify individual users, network operators could easily do it.

TrustPid claims that the mechanism is “privacy-friendly”, but it is already being compared to a controversial tracking code known as “supercookie”. Unlike a regular cookie, which can be cleared and blocked, a “supercookie” can’t since it is not stored on the device. Verizon was fined in the US back in 2016 for planting “supercookies” into users’ browser requests without consent. Vodafone says TrustPid is not a “supercookie” and is GDPR-compliant.

This is another one of those cases where tech companies are trying to circumvent tracking restrictions under the guise of protecting privacy. With the imminent demise of third-party cookies, companies are trying to make up for lost advertising revenue by coming up with new ways to collect user data. We see companies vying to be the first to adopt new tracking technologies, thereby grabbing a slice of the ad market. The irony is that they portray their pursuit of ad money as something that will benefit users.

Denmark and the Netherlands limit use of Google services in schools

With the new school year inching closer, Denmark has declared open season on Google. The Danish data protection agency has banned the use of Chromebooks and Google Workspace for processing personal data in schools. The ban directly applies to one municipality, but others are advised to follow suit. The agency ruled that the way the tech giant processes personal data is incompatible with the European data protection law (GDPR). It took a particular issue with the fact that Google can transfer data to third countries such as the US “without the necessary level of security.” Google Workplace for Education includes such go-to ed-tech tools as Google Classroom, Google Docs, Google Slides, Gmail, Google Meet and Google Drive.

Denmark thinks Google cannot be trusted with processing data

Meanwhile, the Dutch Ministry of Education urged schools to take extra steps to secure data when using Google’s Chrome web browser and Chrome OS. In its current state, the two services are not GDPR-compliant and are expected to become so no sooner than August 2023 when Google is set to release their updated versions. For now, schools that want to keep on using Chrome must abide by the rules that are sure to inconvenience some learners. For instance, schools will need to disable automatic translation for websites, turn off spell checks, switch off ad personalization and make sure the data is stored in Europe. Schools are also encouraged to ditch Google’s search engine, and opt for more privacy-friendly options such as DuckDuckGo.

If Google’s data-sharing practices have become a source of concern for the governments, then it’s high time you started having concerns yourself (if you haven't already).

5.4 million Twitter account details up for sale

It looks like Twitter can’t catch a break. In addition to its looming legal battle with Elon Musk over an ill-fated buyout deal, the social media giant has been dealt another blow. A database containing phone numbers and email addresses for 5.4 million Twitter accounts has been put up for sale for $30.000. The data was allegedly scraped in December 2021 and was obtained through a vulnerability that has since been patched. The trove contains public Twitter profile information (a nickname and profile description) complete with a phone number and/or an email address.

The breach poses a major threat to Twitter users, especially to public figures — it looks like we may see more social media crypto scams involving celebrities in the future. Moreover, by matching the user's email to known databases, attackers can try to dig up dirt on politicians, activists, celebrities and out/blackmail them. Particularly vulnerable are people who use the same email to register on many websites, including those with questionable or prohibited content, such as porn sites or illegal marketplaces. In general, it’s better to use a dedicated email for social media to avoid having your data compromised in breaches like this.

It may seem as though big companies with elaborate security infrastructure (like Twitter) are immune from bugs and leaks, but that’s a false impression — keep that in mind when allowing them access your data.

Lingering farewell: Chrome delays phasing out third-party cookies yet again

Saying goodbye to third-party cookies seems to be too painful for Google. The tech giant has announced that it would delay the depreciation of the tracking mechanism in its Chrome browser, this time till the second half of 2024.

While Safari and Firefox have been blocking third-party cookies by default, Google originally planned to end support for third-party cookies by 2022 as part of the Privacy Sandbox initiative. That deadline was first pushed back to 2023 and now to 2024.

Google has delayed phasing out of third-party cookies once again

Earlier this year Google released its Privacy Sandbox initiative, whose stated goal was to reconcile the interests of privacy-conscious users with that of advertisers. It was meant to do so by replacing third-party cookies with the mechanism called Topics. Billed as a privacy-friendly alternative to tracking, Topics, sadly, will only cement Google’s ad monopoly, allowing big tech to still identify individual users. You can read our in-depth review of Topics and the Privacy Sandbox as a whole.

It’s an emergency! Google & Amazon let police access doorbell and cam data

Google-owned Nest and Amazon-owned Ring, which both sell smart video doorbells and home security cameras, have confirmed that they can give police access to private videodata without user consent or warrant in case of an “emergency”. Ring has revealed that it has granted 11 such requests so far this year, some of them pertaining to kidnapping, self-harm and attempted murder. Nest said that it reserves the right to grant such requests but has not done so yet.

Ring and Nest can share private videos with police in case of an emergency

It’s unclear if Ring notifies customers after the company had provided user data to law enforcement. Nest said that it would typically notify users of emergency requests unless prohibited by law.

The US law allows companies that process video footage to comply with warrantless requests, but they are not legally obligated to do so. The practice is alarming since it is vulnerable to police overreach and abuse. Without legal oversight, companies are given an exclusive right to decide whether a given incident is an emergency, and users should think twice before entrusting their data to such companies.

Backdoors built into smart home systems allow tech companies to access user data at will. Yet we, users, are the ones who have to pay for this functionality, although we do not necessarily need it. Effectively, users are left with no choice but to finance big tech’s snooping out of their own pocket. The only alternative is not to buy these products.

UK pushes for tech giants to scan phones for child sex abuse

Cybersecurity chiefs in the UK have called for tech companies to build software for scanning phones client-side. The idea is in line with the proposed UK online safety bill. If adopted, it could force online platforms to scan user content for child sexual materials and terrorism.

The idea resembles Apple’s bid to introduce CSAM's detection feature last year. Apple faced backlash from privacy advocates, arguing it would jeopardize end-to-end encryption and eventually put off the launch of the feature. Earlier this year, the European Commission proposed a law that would require tech companies to scan messages for CSAM materials and detect “grooming” in messages.

The UK may want to walk the tightrope between privacy and child protection, but once end-to-end encryption is undermined, there is no going back. We are a firsthand witness to a disturbing trend: first in the EU and now in the UK, privacy is being eroded under the pretext of protecting children. The effectiveness of the measure is questionable, while the damage to user privacy will be irreparable and long-lasting.

Just Buy It: Data brokers sell location information to US government

Documents obtained by the American Civil Liberties Union (ACLU) showed that the US government has been buying phone location data in bulk from two brokers, eluding any judicial oversight. US agencies that deal with immigration and border security bought copious amounts of data from Venntel and Babel Street from 2017 to 2019. In one instance, the US Customs and Border Protection (CBP) obtained as many as 133,654 location points from cellphones in the span of 3 days.

The US government buys location data in bulk

The ACLU sees the practice as unwarranted tracking that relies on the data “quietly extracted from smartphone apps.”

App developers may embed third-party software development kits (SDKs) into their apps so that they can track user location. Thus, developers save money and time needed to come up with their own solutions. However, some SDKs can transfer user data to third parties and sell it. Earlier we wrote about a SDK vendor called SafeGraph, which was selling location data on abortion clincs’ clients. One way to protect your privacy is to give apps only the necessary permissions. And if you have to permit your app to identify your location (for example, if it’s a weather app), then you might want to check if it does not relay your location data elsewhere.

Liked this post?
18,423 18423 user reviews
Excellent!

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
By downloading the program you accept the terms of the License agreement
Read more
18,423 18423 user reviews
Excellent!

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
By downloading the program you accept the terms of the License agreement
Read more
18,423 18423 user reviews
Excellent!

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
By downloading the program you accept the terms of the License agreement
Read more
18,423 18423 user reviews
Excellent!

AdGuard for iOS

The best iOS ad blocker for iPhone and iPad. AdGuard eliminates all kinds of ads in Safari, protects your privacy, and speeds up page loading. AdGuard for iOS ad-blocking technology ensures the highest quality filtering and allows you to use multiple filters at the same time
By downloading the program you accept the terms of the License agreement
Read more
18,423 18423 user reviews
Excellent!

AdGuard VPN

74 locations worldwide

Access to any content

Strong encryption

No-logging policy

Fastest connection

24/7 support

Try for free
By downloading the program you accept the terms of the License agreement
Read more
18,423 18423 user reviews
Excellent!

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
By downloading the program you accept the terms of the License agreement
Read more
18,423 18423 user reviews
Excellent!

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
18,423 18423 user reviews
Excellent!

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
18,423 18423 user reviews
Excellent!

AdGuard DNS

AdGuard DNS is a foolproof way to block Internet ads that does not require installing any applications. It is easy to use, absolutely free, easily set up on any device, and provides you with minimal necessary functions to block ads, counters, malicious websites, and adult content.
18,423 18423 user reviews
Excellent!

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
18,423 18423 user reviews
Excellent!

AdGuard Pro for iOS

AdGuard Pro has much to offer on top of the excellent iOS ad blocking in Safari already known to the users of the regular version. By providing access to custom DNS settings, the app allows you to block ads, protect your kids from adult content online, and safeguard your personal data from theft.
By downloading the program you accept the terms of the License agreement
Read more
18,423 18423 user reviews
Excellent!

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
18,423 18423 user reviews
Excellent!

AdGuard Temp Mail

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
18,423 18423 user reviews
Excellent!

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device