Tag: Twitter
30. May 2022
Twitter has been fined $150 million by U.S. authorities after the company collected users’ email addresses and phone numbers for security reasons and then used the data for targeted advertising.
According to a settlement with the U.S. Department of Justice and the Federal Trade Commission, the social media platform had told users that the information would be used to keep their accounts secure. “While Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences,” said a court complaint filed by the DoJ.
A stated in the court documents, the breaches occurred between May 2013 and September 2019, and the information was apparently used for purposes such as two-factor authentication. However, in addition to the above-mentioned purposes, Twitter used that data to allow advertisers to target specific groups of users by matching phone numbers and email addresses with advertisers’ own lists.
In addition to financial compensation, the settlement requires Twitter to improve its compliance practices. According to the complaint, the false disclosures violated FTC law and a 2011 settlement with the agency.
Twitter’s chief privacy officer, Damien Kieran, said in a statement that the company has “cooperated with the FTC at every step of the way.”
“In reaching this settlement, we have paid a $150m penalty, and we have aligned with the agency on operational updates and program enhancements to ensure that people’s personal data remains secure, and their privacy protected,” he added.
Twitter generates 90 percent of its $5 billion (£3.8 billion) in annual revenue from advertising.
The complaint also alleges that Twitter falsely claimed to comply with EU and U.S. privacy laws, as well as Swiss and U.S. privacy laws, which prohibit companies from using data in ways that consumers have not approved of.
The settlement with Twitter follows years of controversy over tech companies’ privacy practices. Revelations in 2018 that Facebook, the world’s largest social network, used phone numbers provided for two-factor authentication for advertising purposes enraged privacy advocates. Facebook, now Meta, also settled the matter with the FTC as part of a $5 billion settlement in 2019.
12. November 2020
In recent days, social networks in Poland have teemed with posts containing private addresses and telephone numbers of judges of the Constitutional Tribunal, politicians and activists openly supporting the abortion sentence. In conjunction with the publication of the above on Twitter, the President of the Personal Data Protection Office (UODO) took immediate steps to protect the personal data and privacy of these persons.
Background to this was the judgement of the Constitutional Tribunal repealing the provisions allowing abortion in cases of, for example, serious genetic defects or severe impairment of the human fetus. This provoked resistance from a part of Polish society and led to a street revolution of “liberal” men and women. Unfortunately, the agitation turned into invectives, destruction of property, public disorder and personal arguments. As a result, personal data of people supporting the prohibition of abortion have been shared thousands of times on all social media too. For this reason, numerous protesters appeared at the indicated houses, covered the walls of the surrounding buildings with vulgar inscriptions, and the addressees began to receive packages, e.g. with a set of hangers.
On October 29th, 2020 the President of the UODO responded to the case:
Publishing private addresses and contact details of pro-life activists, politicians and judges by users of the Twitter social network is an action leading to the disclosure of a wide sphere of privacy, and thus posing threats to health and life, such as possible acts of violence and aggression directed against these people and their family members.
The announcement stated that the President of the UODO requested an immediate procedure by the Irish supervisory authority, which is responsible for the processing of personal data via Twitter. Pointing out the enormous scale of threats, he indicated the need to verify the response time to reported irregularities and the possibility of introducing automated solutions to prevent the rapid furtherance of such content by other portal users. He also notified the law enforcement authorities that Twitter users had committed a crime consisting in the processing of personal data without a legal basis. The lawfulness had neither been guaranteed by consent according to Art. 6 (1) lit. a GDPR nor legitimate interests pursuant to Art. 6 (1) lit. f GDPR or any other legal basis. Thus, the processing has to be seen as illegitimate as also stated by the President of the UODO. The law enforcement authorities will be obliged to examine and document both the scope of personal data disclosed in a way that violates the principles of personal data protection and to determine the group of entities responsible for unlawful data processing. The President of the UODO also applied to the Minister of Justice – Public Prosecutor General for placing this case under special supervision due to the escalation of conflict and aggression, which pose a high risk of violating the life interests of both people whose data is published on social media and their family members.
In conclusion, the President of the UODO added:
The intensification of actions of all competent authorities in this matter is necessary due to the unprecedented nature of the violations and the alarming announcements of disclosing the data of more people, as well as the deepening wave of aggression.
12. August 2019
Both, Twitter and Instagram admitted in the last week that they had some privacy issues regarding the personal data of users in connection with external advertising companies.
Twitter published a statement explaining that the setting choices the user made in regards to ads on Twitter, ecspecially regarding data sharing, were not followed always. Twitter admitted that the setting choices not have worked as intended. The consequence of which is that on the one hand maybe data was shared with advertising companies in case the user clicked or viewed an advertisement. On the other hand it is possible that personalized ads have been shown to the user based on inferences. Both things could have happened even if no permission was given.
The statement also states that the problems were fixed on August 5, 2019 and no personal data like passwords or email accounts were affected. At the moment Twitter is still investigating how many and which users were concerned.
According to a report on businessinsider Instagram had to admit that the trusted partner Hyp3r tracked millions of users’ location data, secretly saved their stories and flout its rules. Hyp3r, a startup from San Francisco is spezialized on location related advertising and evaluated millions of users’ public stories. The CEO of Hyp3r published a note on the company’s website and contradicts the comparisons with Cambridge Analytica and says that no prohibited practives were used. Privacy is a major and important concern for the company. Whether this is the case can only be left open at this point. Be that as it may, for European users of the platform there is no known legal basis for such an approach.
Nonetheless, Instagram’s careless privacy and data security mechanisms enabled this approach. Even though Instagram ended the cooperation with Hyp3r and stated that they changed the platform to protect the users, the problems of the Facebook-owned app regarding the protection of users personal data are still there.
15. May 2019
Twitter recently published a statement admitting that the app shared location data on iOS devices even if the user had not turned on the “precise location” feature.
The problem appeared in cases in which a user used more than one Twitter account on the same iOS device. If he or she had opted into the “precise location” feature for one account it was also turned on when using another account, even if the user had not opted into using the feature on this account. The information on the real-time location was then passed on to trusted partners of Twitter. However, through technical measures, only the postcode or an area of five square kilometres was passed on to the partners. Twitter accounts or other “Unique Account IDs”, which reveal the identity of the user, were allegedly not transmitted.
According to Twitter’s statement, they have fixed the problem and informed the affected users: “We’re very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day”.
17. November 2016
This week, Reuters reported that U.S. internet companies, such as Facebook and Amazon have sent a detailied letter including a list of their policiy priorities to President-elect Donald Trump. Among the topics of these policies are encryption, immigration reform and maintaining liability protections from user’s content.
The mentioned letter was sent by the so called Internet Association, which is a group of 40 members, also including Alphabet’s Google, Uber and Twitter. The letter tries to repair the relationship between the internet giants and Trump due to the fact that he was almost universally disliked during the presidential campaign.
The president of the Internet Association, Michael Beckermann signed the letter talking about “The internet industry looks forward to engaging in an open and productive dialogue”. Furthermore, Beckerman issued a statement syaing that the internet industry looked forward to working closely with Trump and lawmakers in Congress in order to “cement the internet’s role as a driver of economic and social progress for future generations.”
The letter describes some of the policies which go along with Trump’s prior statements, for example easing the regulation on the sharing economy and applying pressure on Europe to not erect too many barriers that restrict U.S. internet companies from growing in that market.
However, other topics are likely to be opposed with Trump’s campaign as he offered numerous broadsides against the tech sector.
9. June 2016
Hackers may have used malware in order to gain more than 32 million Twitter login-data that are now presumable being sold on the dark web. However, a Twitter spokesman said that “We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.”
LeakedSource, a site with a search engine of leaked login credentials, says that the respected data of Twitter contains 32,888,300 records consisting of email addresses, usernames and passwords.
Due to the provided information included in the respected data, for example the fact that passwords are displayed without encryption, LeakedSource stated that the data was collected by malware that has infected internet browsers rather than stolen directly from Twitter. In order to verify that the leaked data is valid, LeakedSource asked 15 users to verify their passwords. All of them confirmed that the passwords were correct.
However, Twitter stated that the hacking of accounts belonging to celebrities was due to the re-use of passwords that were leaked in the LinkedIn and Myspace breaches. A spokesman said that “A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter”.
Whether or not the leaked data is valid, it is recommended to change passwords, not only when using the same password for several accounts.
10. May 2016
Dataminr is used as a tool that analyzes and traces social media posts and notifies users about breaking news in real time, such as the terror attack in Brussel´s airport in March. This analysis is carried out by using key words, patterns, or geotags.
Twitter, that owns 5% of Dataminr, has now blocked U.S. intelligence services from its Dataminr service, in order not to appear to support the surveillance activities of the U.S. Intelligence services.
Dataminr services where used by the American Government in 2013 to detect any risks on the inauguration of U.S. President Obama´s second term. However, it is not clear how Dataminr provided this service to the U.S. Intelligence services, as Twitter´s privacy policy prohibits selling its data to governmental agencies.