How to Use Apple's Privacy Labels for Apps
December 18, 2020 | Thomas Germain, Consumer Reports
Press
“Individual data points are seemingly meaningless by themselves, but deeply personal things can be inferred when they are looked at in the aggregate,” says Serge Egelman, a digital security and privacy researcher at the University of California, Berkeley, who studies how apps gather consumer data.
Android and iPhones are all about privacy now, but startup OSOM thinks it can do better
November 16, 2020 | Shara Tibken, CNET
"The reason ads are accurate is they're good at inferring your preferences," says Serge Egelman, a privacy expert who studies how phones access user information at the International Computer Science Institute. "Companies collect seemingly benign data that allow them to very accurately predict your interests."
White House and Twitter deny Dutch researcher's claim he accessed Trump's account
October 22, 2020 | Zack Budryk, The Hill
"I would expect at minimum for every account they would log the IP and device info for every new login," Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Motherboard. "This would be a 'new device' so it would be trivial for Twitter to verify if true or not."
The Technology 202
September 17, 2020 | Cat Zakrzewski, Washington Post
Facebook also previewed the Oculus Quest 2, the next generation of its virtual-reality gaming device. Some Twitter users honed in on the privacy costs of the technology. Serge Egelman, director of usable security and privacy at the International Computer Science Institute at Berkeley: [quote from a tweet] "If I wanted to build a massive facial recognition database, this is exactly the type of product I'd sell at a loss."
Ads may not provide benefits companies say they do
August 26, 2020 | Daniel Tkacik, CMU CyLab
“We wanted to know: in the absence of ads, would people be choosing products that are cheaper or more expensive?” says Alisa Frik, who led the study as a visiting researcher at the Heinz College and is currently a postdoctoral researcher at the International Computer Science Institute at UC-Berkeley. “We also wanted to see if people would be spending more or less time searching for products, and whether they would be more or less satisfied with their choices.”
A popular fertility app shared data without user consent, researchers say
August 20, 2020 | Tonya Riley, Washington Post
“The techniques are the ones you see with malware,” Serge Egelman, research director of the Usable Security & Privacy Group at the International Computer Science Institute at the University of California at Berkeley, said of Jiguang’s data collection.
TikTok Tracked User Data Using Tactic Banned by Google
August 11, 2020 | Kevin Poulson and Robert McMillan, WSJ
Most major mobile apps collect a range of data on users, practices that privacy advocates have long found alarming but that tech companies defend as providing highly customized experiences and targeted advertising. Data collection varies by company. About 1% of Android apps collect MAC addresses, according to a 2018 study by AppCensus, a mobile-app analysis firm that consults with companies on their privacy practices.
TikTok, WeChat Bans Not Crucial To US Security: Experts
August 7, 2020 | Paul Handley, International Business Times
"WeChat is bad," said Nicholas Weaver, a lecturer in computer security at the University of California in Berkeley. "It uses encrypted links to WeChat's servers in China... but the servers see all messages, so the Chinese government can see any message it wants," he said.
Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims
August 6, 2020 | Brian Krebs, Krebs on Security
In that sense, thieves involved in ID theft may be better off targeting data brokers like IDI and their customers than the major credit bureaus, said Nicholas Weaver, a researcher at the International Computer Science Institute and lecturer at UC Berkeley.
Decades-Old Email Flaws Could Let Attackers Mask Their Identities
August 4, 2020 | Lily Hay Newman, Wired
"I think I’m a savvy, educated user, and the reality is, no, that’s actually not enough," says Vern Paxson, cofounder of the network traffic analysis firm Corelight and a researcher at the University of California, Berkeley, who worked on the study along with Jianjun Chen, a postdoctoral researcher at the International Computer Science Institute, and Jian Jiang, senior director of engineering at Shape Security.