This Week in Privacy & Security

[A roundup of everything that happened this week in the world of privacy and security.]

• The U.S. Department of Justice charges three individuals, Mason Sheppard (aka Chaewon), Nima Fazeli (aka Rolex) and Graham Ivan Clark (believed to be Kirk) in connection with the Twitter hack last month; alleges Clark, who hacked into Twitter's internal admin tool as early as May 3, posed as a Twitter employee on Discord to approach two other hackers Fazeli and Sheppard and sell off access to any Twitter account on underground OGUsers forum, and take over 130 high-profile accounts in service of a bitcoin scam.
• Twitter confirms that the unprecedented July 15th hack of its platform was the consequence of a phone spear phishing attack against a few employees of the company, implying hackers called up Twitter employees while posing as colleagues or members of Twitter's own security team, and got them to reveal the credentials they use to access internal systems; says the "attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools."
• The Australian Competition and Consumer Commission sues Google for allegedly expanding the use of users' personal data without gaining explicit consent and combine information from users' Google accounts with other information gained from users' activities on non-Google sites using Google advertising technology that was formerly known as DoubleClick.
• Brave browser pivots to a subscription-based model as it bundles a VPN service (US$ 9.99 a month, or US$ 99.99 per year) into the iOS version of its browser in partnership with VPN provider Guardian.
• The European Union antitrust authority to open a full-scale investigation of Google's US$ 2.1 billion acquisition of Fitbit after the European Commission's preliminary review ends August 4, as Google reiterates the deal is about devices and not data.
• The U.S. government considers outright ban of ByteDance-owned TikTok over concerns it could be used by Chinese intelligence agencies for espionage, as Microsoft confirms it's in talks with the parent company to buy the video-sharing app.
• The task of dissecting TikTok along geographical lines is unprecedented, not to mention a fissure of the global internet as we know it. The splintering, previously limited to China and North Korea, now threatens to rip apart a social network for geopolitical reasons beyond its control, raising an interesting question: If TikTok were to be owned by a U.S.-based entity, would it have faced the same problem?
• Ultimately, it does't matter who owns TikTok. The buyout wouldn't solve the content moderation concerns surrounding the app, the possibility of foreign interference, or the unchecked data-mining done in the name of targeted ads.
• Microsoft's decades long experience operating in China may give it some edge and put it in a unique position to acquire a lucrative Gen Z audience (it's all about data), but it won't help fix the underlying problems plaguing social networks.
• If anything, replacing a Beijing-based parent company with one based in the U.S. would only help quell any paranoia about Chinese intervention, despite the complete lack of available evidence.
• The messaging is clear: It normalises surveillance carried out via social media services such as Facebook, but not when the surveillance is being done by China. If TikTok is allowed to operate under the ownership of a U.S. company, it doesn't change the fact that social media platforms are surveillance machines, whether be it American or Chinese.
• Instead, the real solution lies in formulating comprehensive privacy and data governance laws to regulate the collection and monetisation of user data, and laying bare the addictive recommendation algorithms that drive social media platforms today.
• Google begins testing a new feature in Chrome web browser that allows users to use their saved passwords across other apps; announces a new autofill experience on mobile that will use biometric authentication for credit card transactions and website logins.

• New Zealand's government launches a charter to guide public agencies' use of algorithms, which it says is the first of its kind in the world; aims to employ a set of standards for how public agencies should use the algorithms that increasingly drive decision-making by officials about every area of public life.
• Artificial intelligence has applications in nearly every human domain, and whether be it AI in health, AI in hiring, or AI in the courtroom, the technology has been proven to recreate society's biases, which is fast becoming a complicated problem.
• The increasing application of algorithms by governments around the world – particularly when they are deployed to profile or generate decisions about citizens by law enforcement, immigration, welfare and health agencies – has proved controversial, with decision-making driven by software can be inaccurate and discriminatory and that their use is often kept secret from the public.
• ByteDance-owned TikTok says it'll release code driving its content moderation algorithms; takes a swipe at Facebook for trying to copy its features (read Reels) and accuses it of maligning attacks "disguised as patriotism and designed to put an end to our very presence in the U.S."
• The idea of algorithmic transparency does sound great, but it's likely not to work with companies like Facebook and Google, which have long argued that publicising their algorithms' workings would make it easier for bad actors to game their services.
• Facebook raises concerns that the proposed privacy measures in Apple's iOS 14 update, such as options to disable tracking between apps, could harm its advertising business; says "it's going to make it harder for app developers and others to grow using ads on Facebook and elsewhere," adding it's concerned that "aggressive platform policies will cut at that lifeline at a time when it is so essential to small business growth and recovery."
• The Indian government is reportedly examining an additional 275 Chinese apps, including PUBG, Alibab's AliExpress, and Resso, for a potential ban citing national security and user privacy concerns; bans 47 more apps, including lightweight versions of Likee, Bigo Live, TikTok, SHAREit and Helo, and CamScanner HD among others. (In a separate development, Tencent-owned super app WeChat officially ceased its operations in the country following a ban on Chinese apps last month.)
• Google starts trialling "trust tokens," its replacement for third-party cookies, with developers, as part of its ongoing efforts to support digital ads in a privacy-conscious manner without having to know users' identities.