privacy

82 Articles

A pair of hands holds a digital camera. "NUCA" is written in the hood above the lens and a black grip is on the right hand side of the device (left side of image). The camera body is off-white 3D printed plastic. The background is a pastel yellow.

AI Camera Only Takes Nudes

April 22, 2024 by 52 Comments

One of the cringier aspects of AI as we know it today has been the proliferation of deepfake technology to make nude photos of anyone you want. What if you took away the abstraction and put the faker and subject in the same space? That’s the question the NUCA camera was designed to explore. [via 404 Media]

[Mathias Vef] and [Benedikt Groß] designed the NUCA camera “with the intention of critiquing the current trajectory of AI image generation.” The camera itself is a fairly unassuming device, a 3D-printed digital camera (19.5 × 6 × 1.5 cm) with a 37 mm lens. When the camera shutter button is pressed, a nude image is generated of the subject.

The final image is generated using a mixture of the picture taken of the subject, pose data, and facial landmarks. The photo is run through a classifier which identifies features such as age, gender, body type, etc. and then uses those to generate a text prompt for Stable Diffusion. The original face of the subject is then stitched onto the nude image and aligned with the estimated pose. Many of the sample images on the project’s website show the bias toward certain beauty ideals from AI datasets.

Looking for more ways to use AI with cameras? How about this one that uses GPS to imagine a scene instead. Prefer to keep AI out of your endeavors to invade personal space? How about building your own TSA body scanner?

 

The Most Annoying Thing On The Internet Isn’t Really Necessary

March 29, 2024 by 31 Comments

We’re sure you’ll agree that there are many annoying things on the Web. Which of them we rate as most annoying depends on personal view, but we’re guessing that quite a few of you will join us in naming the ubiquitous cookie pop-up at the top of the list. It’s the pesky EU demanding consent for tracking cookies, we’re told, nothing to do with whoever is demanding you click through screens and screens of slider switches to turn everything off before you can view their website.

Now [Bite Code] is here to remind us that it’s not necessary. Not in America for the somewhat obvious reason that it’s not part of the EU, and perhaps surprisingly, not even in the EU itself.

The EU does have a consent requirement, but the point made in the article is that its requirements are satisfied by the Do Not Track header standard, an HTTP feature that’s been with us since 2009 but which almost nobody implemented so is now deprecated. This allowed a user to reject tracking at the browser level, making all the cookie popups irrelevant. That popups were chosen instead, the article concludes, is due to large websites preferring to make the process annoying enough that users simply click on the consent button to make it go away, making tracking much more likely. We suspect that the plethora of cookie popups also has something to do with FUD among owners of smaller websites, that somehow they don’t comply with the law if they don’t have one.

So as we’d probably all agree, the tracking cookie situation is a mess. This post is being written of Firefox which now silos cookies to only the site which delivered them, but there seems to be little for the average user stuck with either of the big browsers. Perhaps we should all hope for a bit more competition in the future.

Cookies header: Lisa Fotios, CC0.

Big Candy Is Watching You: Facial Recognition In Vending Machines Upsets University

February 27, 2024 by 47 Comments

Most people don’t think too much of vending machines. They’re just those hulking machines that lurk around on train stations, airports and in the bowels of school and office buildings, where you can exchange far too much money for a drink or a snack. What few people are aware of is just how these vending machines have changed over the decades, to the point where they’re now collecting any shred of information on who interacts with them, down to their age and gender.

How do we know this? We have a few enterprising students at the University of Waterloo to thank. After [SquidKid47] posted a troubling error message displayed by a campus M&M vending machine on Reddit, [River Stanley] decided to investigate the situation. The resulting article was published in the February 16th edition of the university’s digital newspaper, mathNEWS.

In a bout of what the publication refers to as “Actual Journalism”, [Stanley] found that the machine in question was produced by Invenda, who in their brochure (PDF) excitedly note the many ways in which statistics like age, gender, foot traffic, session time and product demographics can be collected. This data, which includes the feed from an always-on camera, is then processed and ‘anonymized statistics’ are sent to central servers for perusal by the vending machine owner.

The good news is that this probably doesn’t mean that facial recognition and similar personalized information is stored (or sent to the big vaporous mainframe) as this would violate the GDPR  and similar data privacy laws, but there is precedence of information kiosks at a mall operator taking more liberties. Although the University of Waterloo has said that these particular vending machines will be removed, there’s something uncomfortable about knowing that those previously benign vending machines are now increasingly more like the telescreens in Orwell’s Nineteen Eighty-Four. Perhaps we’re already at the point in this timeline were it’s best to assume that even vending machines are always watching and listening, to learn our most intimate snacking and drinking habits.

Thanks to [Albert Hall] for the tip.

A black PCB with a cellular modem board piggy backed on top. It has a micro-USB and DB-type connector on the end facing the camera.

Open Vehicle Monitoring System Is The Window To Your EV’s Soul

January 25, 2024 by 14 Comments

Electric cars have more widgets than ever, but manufacturers would rather you don’t have direct access to them. The Open Vehicle Monitoring System intends to change that for the user. [via Transport Evolved]

As car manufacturers hoover up user data and require subscriptions for basic features, it can be a frustrating time to make such a big purchase. Begun in 2011, OVMS now interfaces with over a dozen different EVs and gives you access to (or helps you reverse engineer) all the data you could want from your vehicle. Depending on the vehicle, any number of functions can be accessed including remote climate start or cell-level battery statistics.

The hardware connects to your car’s OBDII port and uses an ESP32 microcontroller connected to a  SIMCOM SIM7600G modem (including GPS) to provide support for 3 CAN buses as well as Wi-Fi and Bluetooth connections. This can be particularly useful for remote access to data for vehicles that can no longer phone home via their originally included cellular modems as older networks shut down.

Do you wish EVs weren’t so complicated? Read our Minimal Motoring Manifesto.

Fail Of The Week: This Flash Drive Will NOT Self-Destruct In Five Seconds

November 25, 2023 by 49 Comments

How hard can it be to kill a flash drive? Judging by the look of defeat on [Walker]’s face in the video below, pretty darn hard.

To bring you up to speed, and to give the “Mission: Impossible” reference in the title some context, it might be a good idea to look over our earlier coverage of [Walker]’s Ovrdrive project. It started way back in 2022 with the idea that some people might benefit from a flash drive that could rapidly and covertly render the data stored on it, err, “forensically unavailable.” This would require more than just erasing the data, of course, so [Walker] began looking at ways to physically kill a memory chip. First up was a voltage doubler to apply voltage much greater than the absolute maximum rating of 4.6 V for any pin on the chip. That corrupted some files on the flash chip, enough of a win to proceed to a prototype that actually succeeded in releasing the Magic Smoke.

But sadly, that puff of smoke ended up being a fluke. [Walker] couldn’t repeat the result, at least not with the reliability required by people for whom data privacy is literally a life-or-death matter. To increase the odds of a kill, he came up with an H-bridge circuit to reverse the polarity of the memory chip’s supply. Surely that would kill the chip, and from the thermal camera images, it sure looked promising. But apparently, even 167°C isn’t enough to forensically disable the chip, which kind of makes sense from the point of view of reflow survivability.

What’s next for [Walker]? He says he’s going to team up his overvoltage and reverse-polarity methods for one last shot, but after that, he’s about out of reasonable options. Sure, a thermite charge or a vial of superacid would do the trick, but neither is terribly covert. If you’re going to go that way, you might as well just buy a standard flash drive and throw it in the microwave or a blender. And we need to remember that this may be something the drive’s owner needs to do with jack-booted thugs kicking in the door, or possibly at gunpoint. It wouldn’t do to be too conspicuous under such circumstances. That’s why we like the “rapid power cycling” method of triggering the drive’s self-destruct sequence; it could easily be disguised as shaking hands in a stressful situation.

Who knew that memory chips were this robust? Kudos to [Walker] for getting the project as far as he did, and we’re still rooting for him to make it work somehow.

Continue reading “Fail Of The Week: This Flash Drive Will NOT Self-Destruct In Five Seconds”

The UK Online Safety Bill Becomes Law, What Does It Mean?

October 29, 2023 by 65 Comments

We’ve previously reported from the UK about the Online Safety Bill, a piece of internet safety legislation that contains several concerning provisions relating to online privacy and encryption. UK laws enter the statutes by royal assent after being approved by Parliament, so with the signature of the King, it has now become the law of the land as the Online Safety Act 2023. Now that it’s beyond amendment, it’s time to take stock for a minute: what does it mean for internet users, both in the UK and beyond its shores? Continue reading “The UK Online Safety Bill Becomes Law, What Does It Mean?”

Your Car Is A Privacy Nightmare On Wheels

September 12, 2023 by 116 Comments

There was a time when a car was a machine, one which only came to life when its key was turned, and functioned simply as a way to get its occupants from point A to B. For most consumers that remains the case, but unfortunately in the last decade its function has changed from the point of view of a car manufacturer. Motor vehicles have become a software product as much as a hardware one, and your car now comes with all the privacy hazards you’d expect from a mobile phone or a computer. The Mozilla Foundation have taken a look at this problem, and their disturbing finding was that every one of the 25 major automotive brands they tested had significant failings.

Their quote that the cars can collect “deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive.” had us wondering just exactly what kind of sensors they incorporate in today’s vehicles. But beyond mild amusement at some of the possibilities, it’s clear that a car manufacturer can glean a significant amount of information and has begun doing so largely without the awareness of the consumer.

We’ve railed about unnecessary over-computerisation of cars in the past, but from an obsolescence and reliability perspective rather than a privacy one, so it’s clear that the two issues are interconnected. There needs to be some level of public awareness that cars can do this to their owners, and while such things as this Mozilla investigation are great, the message needs to appear in more consumer-focused media.

As well as the summary, Mozilla also provide a detailed report broken down by carmaker.

Header: Michael Sheehan, CC BY 2.0.