Is your bank keeping your secrets? New study says 'It's complicated'
Oct 2025, phys.org
The researchers analyzed privacy policies from more than 2,000 of the nation's largest banks and found a maze of contradictory, confusing, and overlapping disclosures about how customer information is collected, used, and shared. Nearly half of the banks examined published multiple privacy policies - often with inconsistent statements that make it hard for consumers to know what really happens to their data."In many cases, banks claimed they don't share customer data with outside parties in a federally required U.S. Consumer Privacy Notice, yet disclosed such sharing elsewhere or deployed marketing tracking cookies without acknowledgment"FYI - The Gramm-Leach-Bliley Act is a federal law requiring financial institutions to tell customers in a concise two-page notice how they share personal information and safeguard it.
via University of Michigan: Lu Xian et al, Layered, Overlapping, and Inconsistent: A Large-Scale Analysis of the Multiple Privacy Policies and Controls of U.S. Banks, arXiv (2025). DOI: 10.48550/arxiv.2507.05415
Image credits: AI Art - Augmented Reality Microscope - Dec 2024
Facebook to stop targeting ads at UK woman after legal fight
Mar 2025, BBC News
Public Service Announcement - this woman does not live in the United States, so don't get any ideas; this is based on GDPR which is a UK thing.
Facebook has agreed to stop targeting adverts at an individual user using personal data after she filed a lawsuit against its parent company, tech giant Meta. ... a "gateway" for other people wanting to stop the social media company from serving them adverts based on their demographics and interests."I knew that this kind of predatory, invasive advertising is actually something that we all have a legal right to object to."It was when she found out she was pregnant in 2017 that she realised the extent to which Facebook was targeting adverts at her. She said the adverts she got "suddenly started changing within weeks to lots of baby photos and other things - ads about babies and pregnancy and motherhood". "I just found it unnerving - this was before I'd even told people in my private life, and yet Facebook had already determined that I was pregnant," she continued.
(This goes back to stories about Target from way earlier, 2011 even.)
Ms O'Carroll said that Meta had agreed to stop using her personal data for direct marketing purposes. She said that she did not want to stop using Facebook, saying that it is "filled with all of those connections and family and friends, and entire chapters of my life".Facebook and Instagram have a subscription service in most of Europe, where users can pay monthly so that they don't get ads on the platform.
How AI could end online anonymity
Mar 2026, phys.org
First, the AI reads through a user's post history on either Reddit or Hacker News, examining unstructured text. This is raw, unorganized information like comments, jokes, education, and subtle writing quirks. It then turned this micro-data into a mathematical representation of the person's profile to find candidate matches across millions of other profiles on the open web or on separate sites like LinkedIn.They successfully linked accounts with up to 67% accuracy at 90% precision, costing only $1 to $4 in computing power per account successfully linked."Pseudonymity does not provide meaningful protection online. Users who post under persistent usernames should assume that adversaries can link their accounts to real identities or to each other, and that the probability rises with each piece of micro-data they post."
via ETH Zurich: Simon Lermen et al, Large-scale online deanonymization with LLMs, arXiv (2026). DOI: 10.48550/arxiv.2602.16800
Your car's tire sensors could be used to track you
Feb 2026, phys.org
From the article itself: Although not providing the exact location of the tire or the car, researchers have discovered that most TPMS sensors transmit a unique identifier in clear text that never changes during the lifetime of the tire. ... malicious actors could easily scale their efforts to track several thousands of cars, given that we observed at least 20k cars during our measurements. Our results show that TPMS transmissions can be used to systematically infer potentially sensitive information such as the presence, type, weight, or driving pattern of the driver.
via IMDEA Networks Institute: Can't Hide Your Stride: Inferring Car Movement Patterns from Passive TPMS Measurements [pdf]
Further Reading, because we already knew about this back in 2007:
- I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, I. Seskar, Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study, in: 19th USENIX Security Symposium, USENIX Association, Washington, DC, USA, 2010, pp. 323–338.
- S. Velupillai, L. Guvenc, Tire pressure monitoring [applications of control], IEEE Control systems magazine 27 (6) (2007) 22–25.
- FCC, OET List Exhibits Report ID: MRXFG2R4MA (2011).
Public Service Announcement: Can you spot the difference between these two urls?
^Anytime you see "%20" in a url, it's probably a mistake; it's what happens when you paste a truncated url (where either you or your smart-auto-assistant put a line break in the middle because it was too long) and then you go and paste that url, with the line breaks, into the search bar; anywhere there's a line break, the computer puts %20's instead. Take them out and it still works.
Post Script on Anti Surveillance:
Graffiti framework lets people personalize online social spaces while staying connected with others
Oct 2025, phys.org
It's an app called Graffiti (I hate all these names being such generic terms that could be referring to something else; like why would you call your company Company, or your restaurant Breakfast?) - the app makes building personalized social applications easier, while allowing users to migrate between multiple applications without losing their friends or data. ... the purpose is to lower the barrier to creating personalized social applications and to enable those personalized applications to interoperate without requiring permission from developers.
The open, interoperable nature of Graffiti means no one entity has the power to set a moderation policy for the entire platform.
"The system lets each person pick their own moderators, avoiding the one-sized-fits-all approach to moderation taken by the major social platforms"
To avoid context collapse (your Tindr profile showing up on LinkedIn), the researchers designed Graffiti so all content is organized into distinct channels. Channels are flexible and can represent a variety of contexts, such as people, applications, locations, etc.
via MIT CSAIL Computer Science and Artificial Intelligence Laboratory: Theia Henderson et al, Graffiti: Enabling an Ecosystem of Personalized and Interoperable Social Applications, Proceedings of the 38th Annual ACM Symposium on User Interface Software and Technology (2025). DOI: 10.1145/3746059.3747627
No comments:
Post a Comment