Only 4% of iOS users accept ad tracking, and other privacy and security news

Privacy

The big privacy news last week was about the requirement that iPhone users have to approve ad tracking in iOS 14.5. Facebook seemed to imply that this could end free content, with an interesting reaction: Facebook threatens to make iOS users pay. Please do it, Mr. Zuckerberg More broadly, users were urged Don’t Buy Into Facebook’s Ad-Tracking Pressure on iOS 14.5 Users are responding: Too Bad, Zuck: Just 4% of U.S. iPhone Users Let Apps Track Them After iOS Update

Trying to track people’s Internet usage, Facebook is not happy about transparency: Facebook bans Signal's attempt to run transparent Instagram ad campaign

Again, large and widely varied data leaks were disclosed

• Data leak implicates over 200,000 people in Amazon fake product review scam

• Justice Department seizes fake COVID-19 vaccine website stealing info from visitors

• Data leak makes Peloton’s Horrible, No-Good, Really Bad Day even worse

• The Fortnite Trial Is Exposing Details About the Biggest iPhone Hack on Record

• 60% of School Apps Are Sharing Your Kids' Data With Third Parties

• Um, This Phone Will Send Your Location Data to China

Innovation can have dark sides as well:

• Artists Are Telling Spotify To Never Use 'Emotion Recognition'

• Your Car Is Spying on You, and a CBP Contract Shows the Risks

• Apple’s AirTag trackers made it frighteningly easy to ‘stalk’ me in a test

• Musicians Demand Spotify Not Develop Emotional Speech Recognition Patent

At long last, privacy is starting to become a feature for business competition: Following Apple’s launch of privacy labels, Google to add a ‘safety’ section in Google Play Not all initiatives, though, appear to be completely successful: Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away As we know, there is no escaping governments: Privacy is just for crooks, says enlightened government agency

Security

Last week’s focus on the national risks of ransomware appears to have been a premonition: Cyberattack Forces a Shutdown of a Top U.S. Pipeline Operator The approaches are getting more sophisticated: There's been a big rise in double extortion attacks as gangs try out new tricks A great lesson on how an attack evolved can be learned by reading how Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software

The vulnerabilities disclosed last week show the breadth of the security risks, and illustrate again that no software is safe:

• Security researchers found 21 flaws in this widely used email server, so update immediately

• Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency

• Three new malware families found in global finance phishing campaign

• This malware has been rewritten in the Rust programming language to make it harder to spot

• Apple reports 2 iOS 0-days that let hackers compromise fully patched devices

• Cybersecurity warning: Russian hackers are targeting these vulnerabilities, so patch now

• PSA: Twitter’s New Tip Jar Can Reveal Your Address

• Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes

• Smart cities are a tempting target for cyberattacks, so it's time to secure them now

Improving security, Google is turning on two-factor authentication by default.

The great expectations about the benefits of AI show a dark side as well: Hacking is a task AI will excel at (and we are not far from that point!)

Regulation

In what could drive a revolution in the software industry, German state ministers demand consumer protection from software errors. Making software providers liable for their wares could have a range of effects: it could improve software quality, it could slow down (mostly sloppy) innovation, and it could drive waves of legal actions. This will be interesting to watch!