This Week in Privacy & Security

[A roundup of everything that happened this week in the world of privacy and security.]

• Norway halts its coronavirus contact tracing app, Smittestopp, after criticism from the Norwegian Data Protection Authority, which said that the country's low rate of infections meant that the app's privacy invasions were no longer justified; to cease collecting new data, with all data collected so far to be deleted, and further development of the app paused indefinitely.
• Popular video conferencing service Zoom changes course; to offer end-to-end encryption for both paid and free users of its platform after concerns were raised over offering the setting as a premium feature.
• To do so, free users will have to provide additional information, such as verifying their cell phone number through a text message to prevent abuse.
• Putting a premium on privacy is one thing, but turning a basic security feature such as end-to-end encryption into a paid offering could've set a dangerous precedent where privacy is limited to those who can afford to pay for it. The reversal, if anything, shifts the Overton Window for privacy just a bit more, changing users' default assumptions about online privacy.
• India's antitrust regulator, the Competition Commission of India (CCI), says its reviewing Facebook's US$ 5.7 billion investment in India's Reliance Jio Platforms to assess if the deal could misuse users' data.
• Chinese police are gathering blood samples from the country's roughly 700 million men and boys — with the express purpose of building a national genetic database of their DNA to "track down a man's male relatives using only that man's blood, saliva or other genetic material," thus vastly enhancing the country's already ubiquitous high-tech surveillance powers.
• The Australian Competition and Consumer Commission, Australia's consumer watchdog, raised concerns over Google's US$ 2.1 billion acquisition of fitness tracker company Fitbit, stating it may hinder competition in digital advertising and health markets.
• Russia drops its failed efforts to block Telegram messaging app, two years after it was blocked in April 2018 for its refusal to share its encryption keys — a means of accessing users' data — with the country's telecom watchdog Roskomnadzor to aid in national security investigations; cites Telegram's willingness to cooperate in combating terrorism and extremism on the platform for lifting the ban.
• Earlier this month, Telegram said it's preventing dozens of thousands attempts to post extremist content and developed "mechanisms to prevent terror acts across the globe" without breaching user privacy.
• The U.K. becomes the latest country to scrap its homegrown COVID-19 contact-tracing app in favour of a model based on Apple and Google's API after its app was found to be ineffective at recognising iPhones due to a restriction imposed by Apple; move comes as it's revealed that the government's efforts to build a centralised contract tracing app from scratch were plagued by poor technical execution and chaotic personnel management.
• The city of New York passes new law, called Public Oversight of Surveillance Technology (POST) Act, that will require the Police Department to disclose how it uses technology to surveil the public; aims to hold the New York Police Department accountable for its use of surveillance technologies by requiring it to release information about how it uses such tools and what safeguards are in place to prevent them from being exploited.
• Facebook files lawsuits against individuals in Spain and the U.S. for abusing its social platforms to offer automated tools for scraping users' personal data using their Facebook login credentials (called Massroot8) and gathering likes through a fake engagement service.
• Google removes 106 malicious Chrome web browser extensions that were downloaded 33 million times after they were caught collecting sensitive user data, including taking screenshots of the victim device, loading malware, reading the clipboard, and actively harvesting tokens and user input.
• Adobe officially announces plans to discontinue Flash on December 31, 2020, more than three years after it detailed its proposals to end-of-life the once popular multimedia format that has since been plagued by security issues (remember late Steve Jobs infamous letter in 2010 about why Apple would drop support for Flash on iOS devices?) and replaced by popular alternatives like HTML 5, CSS 3 and WebGL.