The European Union doesn't think you should have to choose between giving Meta and other major players your data or your money. In a statement, the European Data Protection Board (EDPB) stated that "consent or pay" models often don't "comply with the requirements for valid consent" when a person must choose between providing their data for behavioral advertising purposes or pay for privacy.
The EDPB argues that only offering a paid alternative to data collection shouldn't be the default for large online platforms. It doesn't issue a mandate but stresses that these platforms should "give significant consideration" to providing a free option that doesn't involve data processing (or at least not as much). "Controllers should take care at all times to avoid transforming the fundamental right to data protection into a feature that individuals have to pay to enjoy," EDPB Chair Anu Talus said. "Individuals should be made fully aware of the value and the consequences of their choices."
Currently, EU users must pay €10 ($11) monthly for an ad-free subscription or be forced to share their data. The EU is already investigating if this system complies with the Digital Markets Act, which went into effect at the beginning of March.
This article originally appeared on Engadget at https://www.engadget.com/eu-criticizes-metas-privacy-for-cash-business-model-103042528.html?src=rss
The European Union doesn't think you should have to choose between giving Meta and other major players your data or your money. In a statement, the European Data Protection Board (EDPB) stated that "consent or pay" models often don't "comply with the requirements for valid consent" when a person must choose between providing their data for behavioral advertising purposes or pay for privacy.
The EDPB argues that only offering a paid alternative to data collection shouldn't be the default for large online platforms. It doesn't issue a mandate but stresses that these platforms should "give significant consideration" to providing a free option that doesn't involve data processing (or at least not as much). "Controllers should take care at all times to avoid transforming the fundamental right to data protection into a feature that individuals have to pay to enjoy," EDPB Chair Anu Talus said. "Individuals should be made fully aware of the value and the consequences of their choices."
Currently, EU users must pay €10 ($11) monthly for an ad-free subscription or be forced to share their data. The EU is already investigating if this system complies with the Digital Markets Act, which went into effect at the beginning of March.
This article originally appeared on Engadget at https://www.engadget.com/eu-criticizes-metas-privacy-for-cash-business-model-103042528.html?src=rss
A data scraping service is selling information on what it claims to be 600 million Discord users. A report from 404 Media details Spy Pet, an online service that gathers, stores and sells troves of information from the social platform. But have no fear: It markets its services to totally trustworthy paying clients like law enforcement, AI model trainers or your average person curious about “what their friends are up to.” Why ask them when you can simply purchase and download a copy of their Discord activity?
For as little as $5 in cryptocurrency, Spy Pet lets you access data about specific users, such as which servers they participate in, what messages they’ve sent and when they joined or left voice channels. It claims to have information on an alleged 600 million users across 14,000 Discord servers and three billion messages.
As for what inspired Spy Pet, its creator suggested it’s a classic case of doing what one enjoys and pushing personal boundaries. “I like scraping, archiving, and challenging myself,” the creator told 404 Media. “Discord is basically the holy grail of scraping, since Discord is trying absolutely anything to combat scraping.”
Some people run a 5K, set a weight-loss goal or take up pickleball. Others start a social scraping service that sells data to the feds, AI companies and creepy exes. To each their own!
404 Media says the database lets you search for specific users. For each search result, a page shows the servers the user has joined (at least among those Spy Pet monitors), their connected accounts, a table showing their recent messages (including the server name, time stamps and the message itself) and their voice channel entry and exit times. Paying customers can conveniently export their prey’s — or “friend’s” — chats into a CSV file.
Discord says it’s investigating Spy Pet and weighing its options. “Discord is committed to protecting the privacy and data of our users,” a company spokesperson wrote in an email to Engadget. “We are currently investigating this matter. If we determine that violations of our Terms of Service and Community Guidelines have occurred, we will take appropriate steps to enforce our policies. We cannot provide further comments as this is an ongoing investigation.”
This article originally appeared on Engadget at https://www.engadget.com/creepy-monitoring-service-sells-searchable-discord-user-data-for-as-little-as-5-170228224.html?src=rss
A data scraping service is selling information on what it claims to be 600 million Discord users. A report from 404 Media details Spy Pet, an online service that gathers, stores and sells troves of information from the social platform. But have no fear: It markets its services to totally trustworthy paying clients like law enforcement, AI model trainers or your average person curious about “what their friends are up to.” Why ask them when you can simply purchase and download a copy of their Discord activity?
For as little as $5 in cryptocurrency, Spy Pet lets you access data about specific users, such as which servers they participate in, what messages they’ve sent and when they joined or left voice channels. It claims to have information on an alleged 600 million users across 14,000 Discord servers and three billion messages.
As for what inspired Spy Pet, its creator suggested it’s a classic case of doing what one enjoys and pushing personal boundaries. “I like scraping, archiving, and challenging myself,” the creator told 404 Media. “Discord is basically the holy grail of scraping, since Discord is trying absolutely anything to combat scraping.”
Some people run a 5K, set a weight-loss goal or take up pickleball. Others start a social scraping service that sells data to the feds, AI companies and creepy exes. To each their own!
404 Media says the database lets you search for specific users. For each search result, a page shows the servers the user has joined (at least among those Spy Pet monitors), their connected accounts, a table showing their recent messages (including the server name, time stamps and the message itself) and their voice channel entry and exit times. Paying customers can conveniently export their prey’s — or “friend’s” — chats into a CSV file.
Discord says it’s investigating Spy Pet and weighing its options. “Discord is committed to protecting the privacy and data of our users,” a company spokesperson wrote in an email to Engadget. “We are currently investigating this matter. If we determine that violations of our Terms of Service and Community Guidelines have occurred, we will take appropriate steps to enforce our policies. We cannot provide further comments as this is an ongoing investigation.”
This article originally appeared on Engadget at https://www.engadget.com/creepy-monitoring-service-sells-searchable-discord-user-data-for-as-little-as-5-170228224.html?src=rss
Meta is shutting down Threads in Turkey on April 29 after an interim injunction from the Turkish Competition Authority (TCA) against automatic data-sharing with Instagram. The TCA ruled that linking Threads and Instagram without user opt-in “will lead to irreparable harms” and that Meta “abused its dominant position” in the industry with the practice. The TCA also suggested that the linking exists primarily to increase the company’s “market power.”
Rather than make any changes to how Instagram and Threads integrate in the region, Meta’s pulling the nascent social media app. The company says this is merely a temporary measure as it works to appeal the injunction, but there’s no timetable for that. In the meantime, Meta suggests that users in Turkey either deactivate their accounts or delete them entirely. Those who deactivate will have their posts and interactions restored “if Threads returns” to the country.
Turkish regulators aren’t the only people who think the automatic linking between Threads and Instagram is, at best, a bit creepy. It’s been a point of contention since the platform launched last year. The apps were so tied together that users couldn’t even delete a Threads account without nuking their Instagram account, though Meta patched this several months back.
Meta also began promoting Threads posts on Facebook and Instagram without user consent, eventually allowing people to opt out of the, uh, “feature.” This is the type of automatic data-sharing that bristled the TCA, leading to the recent injunction.
Also, this isn’t the first regulatory battle between Meta and Turkey. The country fined Meta $18.6 million back in 2022 for data-sharing across its apps, according to a report by TechCrunch. This is an alleged violation of the country’s competition laws. The country asked Meta to submit documents detailing its efforts to stop violation of these laws, but Turkish regulators said the explanations were lacking. As such, the country slapped Meta with additional fines, to the tune of $160,000 each day.
This article originally appeared on Engadget at https://www.engadget.com/meta-is-shutting-down-threads-in-turkey-following-injunction-against-data-sharing-with-instagram-154725011.html?src=rss
Roku has disclosed a second data breach in as many months. While it was looking into a previous incident in which 15,000 accounts were affected, the company learned that another 576,000 accounts had been compromised.
In both incidents, Roku believes that the attackers used a method called credential stuffing. "It is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials," the company says.
Roku added that, in fewer than 400 cases, attackers used victims' Roku accounts to buy streaming subscriptions and Roku devices using stored payment methods. However, the hackers did not gain access to full credit card numbers or other payment information.
The company has reset the passwords for all affected accounts and informed users who have been impacted. The company is also turning on two-factor authentication for its more than 80 million active accounts. The next time you log in, you'll get a verification email. You'll need to click a link in the email before you can access your account. Meanwhile, Roku says it's refunding or reversing charges in the cases where the hackers bought subscriptions or hardware.
While the impact of this latest breach doesn't seem too disastrous, it's a good reminder that you should have a strong, unique password for every single one of your accounts. A password manager makes it much easier to have robust login credentials, as you'll only need to remember one main password or log in using biometric data.
This article originally appeared on Engadget at https://www.engadget.com/roku-suffered-another-data-breach-this-time-affecting-576000-accounts-170442223.html?src=rss
Many web browser companies offer VPNs these days, including Google, Mozilla and Opera. DuckDuckGo is the latest to join the fray, with a Privacy Pro plan that includes three services. Along with a VPN, you'll get personal information removal and identity theft restoration services for $10 per month or $100 per year. The subscription is only available in the US for now. The Privacy Pro features are built directly into the DuckDuckGo browser, so you won't need to install separate apps.
DuckDuckGo says it won't keep VPN logs in order to help maintain user privacy. As such, it says it has "no way to tie what you do while connected to the DuckDuckGo VPN to you as an individual — or to anything else you do on DuckDuckGo, like searching." DuckDuckGo is using the open-source WireGuard protocol to encrypt your traffic and route it through VPN servers. As it stands, the company has VPN servers across the US, Europe and Canada. It plans to add more over time.
DuckDuckGo
One subscription will cover up to five desktop and mobile devices. Rather than using an account, you'll have a random ID that you'll need to keep safe. If you wish, you can add an email address for easier authorization across devices. Still, you won't need to hand over any personally identifiable information to DuckDuckGo — the company is using Stripe, Google Play and the Apple App Store to handle payments.
DuckDuckGo's focus on protecting user privacy extends to the personal information removal tool, which removes details such as your full name, home address and birthday from people search sites and data broker services. The details you provide during the setup process stay on your device and requests to remove your personal information start directly from your desktop (for now, you need a Windows or Mac computer to set up and manage the personal information removal tool).
DuckDuckGo says this is a first for a service of its ilk, as your details aren't stored on remote servers. To help it build the tool, DuckDuckGo bought data removal service Removaly in 2022. The personal information removal service will regularly re-scan people search sites and data brokers to see if your info pops up again, and deal with it accordingly.
As for the identity theft restoration service, DuckDuckGo will connect you with an advisor from Iris, its partner, if your identity is stolen. The advisor will help with restoring any stolen accounts and financial losses, as well as fixing your credit report. Moreover, they can help you cancel and replace important documents such as your driver’s license, bank cards and passport. Iris can also provide you with a cash advance if you're far from home and stuck due to identity theft.
Again, you won't have to provide any of your personal information up front. You'll only need to provide an advisor with those details if you need help after having your identity stolen.
Expanding privacy protections through these services is a logical way for DuckDuckGo to try and boost its bottom line. Privacy Pro seems reasonably priced compared to some of the alternatives too — Mozilla's personal information removal service alone costs $9 per month.
This article originally appeared on Engadget at https://www.engadget.com/duckduckgo-unveils-a-10-privacy-pro-plan-with-a-no-log-vpn-120007653.html?src=rss
Many web browser companies offer VPNs these days, including Google, Mozilla and Opera. DuckDuckGo is the latest to join the fray, with a Privacy Pro plan that includes three services. Along with a VPN, you'll get personal information removal and identity theft restoration services for $10 per month or $100 per year. The subscription is only available in the US for now. The Privacy Pro features are built directly into the DuckDuckGo browser, so you won't need to install separate apps.
DuckDuckGo says it won't keep VPN logs in order to help maintain user privacy. As such, it says it has "no way to tie what you do while connected to the DuckDuckGo VPN to you as an individual — or to anything else you do on DuckDuckGo, like searching." DuckDuckGo is using the open-source WireGuard protocol to encrypt your traffic and route it through VPN servers. As it stands, the company has VPN servers across the US, Europe and Canada. It plans to add more over time.
DuckDuckGo
One subscription will cover up to five desktop and mobile devices. Rather than using an account, you'll have a random ID that you'll need to keep safe. If you wish, you can add an email address for easier authorization across devices. Still, you won't need to hand over any personally identifiable information to DuckDuckGo — the company is using Stripe, Google Play and the Apple App Store to handle payments.
DuckDuckGo's focus on protecting user privacy extends to the personal information removal tool, which removes details such as your full name, home address and birthday from people search sites and data broker services. The details you provide during the setup process stay on your device and requests to remove your personal information start directly from your desktop (for now, you need a Windows or Mac computer to set up and manage the personal information removal tool).
DuckDuckGo says this is a first for a service of its ilk, as your details aren't stored on remote servers. To help it build the tool, DuckDuckGo bought data removal service Removaly in 2022. The personal information removal service will regularly re-scan people search sites and data brokers to see if your info pops up again, and deal with it accordingly.
As for the identity theft restoration service, DuckDuckGo will connect you with an advisor from Iris, its partner, if your identity is stolen. The advisor will help with restoring any stolen accounts and financial losses, as well as fixing your credit report. Moreover, they can help you cancel and replace important documents such as your driver’s license, bank cards and passport. Iris can also provide you with a cash advance if you're far from home and stuck due to identity theft.
Again, you won't have to provide any of your personal information up front. You'll only need to provide an advisor with those details if you need help after having your identity stolen.
Expanding privacy protections through these services is a logical way for DuckDuckGo to try and boost its bottom line. Privacy Pro seems reasonably priced compared to some of the alternatives too — Mozilla's personal information removal service alone costs $9 per month.
This article originally appeared on Engadget at https://www.engadget.com/duckduckgo-unveils-a-10-privacy-pro-plan-with-a-no-log-vpn-120007653.html?src=rss
You can now ensure that you're not going to be hit by hidden fees and taxes before you sign up with an internet service provider (ISP). Starting today, big ISPs with more than 100,000 subscribers will be required to display "nutrition labels" both in store and online under a new FCC rule. Those labels have to show the companies' plans, fees and any additional costs, such as activation fees and upfront or rental fees for modems and other equipment.
They also have to show whether a particular amount that's being advertised is an introductory or a discounted rate and how long you can enjoy that lower rate. Plus, the labels have to indicate each particular plan's download and upload speeds, as well as any early termination fee associated with it. ISPs can't hide these labels behind multiple clicks or camouflage them with other elements that make them hard to see. They have to be accessible from your customer account portal, and ISPs should give you a copy if you ask.
The FCC first floated the idea of nutrition labels for ISPs back in 2016, but it wasn't until 2022 that it formally introduced rules requiring them to be displayed at the companies' points of sale. As you can see in the image below, it resembles the nutrition labels for food and will (theoretically and hopefully) account for every dollar you pay for a wired or wireless plan. Back when the rule was announced, FCC Chairperson Jessica Rosenworcel explained that the agency chose to approve and implement it as part of its efforts to "end the kind of unexpected fees and junk costs that can get buried in long and mind-numbingly confusing statements of terms and conditions."
Based on the FCC's website, providers with less than 100,000 subscribers will be given a bit more time to comply and have until October 10. And in case you come across any ISP that isn't displaying any label even when they should or is showing inaccurate information, you can file a complaint with the commission through its official portal.
FCC
This article originally appeared on Engadget at https://www.engadget.com/isps-roll-out-mandatory-broadband-nutrition-labels-that-show-speeds-fees-and-data-allowances-103832369.html?src=rss
You can now ensure that you're not going to be hit by hidden fees and taxes before you sign up with an internet service provider (ISP). Starting today, big ISPs with more than 100,000 subscribers will be required to display "nutrition labels" both in store and online under a new FCC rule. Those labels have to show the companies' plans, fees and any additional costs, such as activation fees and upfront or rental fees for modems and other equipment.
They also have to show whether a particular amount that's being advertised is an introductory or a discounted rate and how long you can enjoy that lower rate. Plus, the labels have to indicate each particular plan's download and upload speeds, as well as any early termination fee associated with it. ISPs can't hide these labels behind multiple clicks or camouflage them with other elements that make them hard to see. They have to be accessible from your customer account portal, and ISPs should give you a copy if you ask.
The FCC first floated the idea of nutrition labels for ISPs back in 2016, but it wasn't until 2022 that it formally introduced rules requiring them to be displayed at the companies' points of sale. As you can see in the image below, it resembles the nutrition labels for food and will (theoretically and hopefully) account for every dollar you pay for a wired or wireless plan. Back when the rule was announced, FCC Chairperson Jessica Rosenworcel explained that the agency chose to approve and implement it as part of its efforts to "end the kind of unexpected fees and junk costs that can get buried in long and mind-numbingly confusing statements of terms and conditions."
Based on the FCC's website, providers with less than 100,000 subscribers will be given a bit more time to comply and have until October 10. And in case you come across any ISP that isn't displaying any label even when they should or is showing inaccurate information, you can file a complaint with the commission through its official portal.
FCC
This article originally appeared on Engadget at https://www.engadget.com/isps-roll-out-mandatory-broadband-nutrition-labels-that-show-speeds-fees-and-data-allowances-103832369.html?src=rss