Imagine that every time you make a phone call, someone is keeping an extraordinarily detailed record of the call.

Be careful of trusting google

[email protected]

Impact assessment forecasts that prosecutions will rocket, but claims staff will take ‘account of circumstances and vulnerabilities’ of benefit recipients and ‘no automatic decisions will be made on data alone’
New laws allowing the Department for Work and Pensions to monitor the bank accounts of benefit claimants are predicted to lead to 7,400 extra prosecutions for fraud each year – resulting in 250 custodial sentences.

The forecasts are made as part of the department’s newly published impact assessment for proposed legislation that would require financial institutions to provide government with data on account holders that receive benefits. The aim of the new law would be to alert the DWP to benefits being paid in error or obtained fraudulently when a recipient has understated their savings or income. Currently, the DWP can only undertake checks of account data for a named individual who is already under suspicion of fraud.

The ability to monitor potential fraud in a more proactive way will result in “an additional 74,000 prosecution cases, 2,500 custodial sentences and 23,000 applications for legal aid” over the 10-year period considered by the assessment.

This would seemingly represent an enormous rise on the current levels of prosecution with only 487 cases referred to prosecutors by the DWP during the 2022-23 year, according to recent evidence submitted to the Public Accounts Committee. Over the past three years, an annual average of 385 people have been convicted based on these referrals.

The assessment document indicated that DWP caseworkers will bear in mind the potential vulnerability of claimants and automation will be used responsibly.

“[This] measure can potentially include vulnerable people, [and] these areas will be explored further in the equality impact assessment,” the document said. “We are clear, however, that no automatic decisions will be made based on data alone, and DWP staff will follow the usual business processes when looking into any cases, taking account of circumstances and wider vulnerabilities before deciding on a course of action.”

The DWP said that it has already had discussions with banks, building societies, and trade body UK Finance and has been “clear that any data received under this measure should not be seen as indicative of any financial crime” in and of itself.

“Many claimants will have a legitimate, authorised reason to hold savings in excess of capital benefit rules – disregards for injury compensation, for example – and in many cases, overpayments could have been caused by genuine claimant error,” the assessment said. “Given this, we have been clear that there should be no action to de-bank claimants.”

The department also said that it will make sure to “protect privacy… only looking at data that is signalling potential benefit fraud and error and only drawing in data on DWP customers, [and] will create a system for [banks] that is effective, simple, and secure and data will be transferred, received, and stored safely”.

The assessment concludes that the proposed “measure is proportionate and targeted and will help DWP tackle fraud and error more effectively”.

‘A clear message’
The department projects that implementing the data-sharing policy will cost £370m over the coming years, and then £30m a year in staffing and other operational costs from the 2031/32 year onwards.

The initiative will deliver overall benefits of £2.93bn – equating to a net return of £2.57bn, it forecasts.

Plans have been made to test the data-sharing with two – unspecified – banks or building societies in 2025, with a full-scale rollout across all institutions from 2030 onwards.

This will encompass all of the 15 banks and building societies that, collectively, receive 97% of all benefit payments. This includes: Bank of Scotland; Barclays; Halifax; HSBC; Lloyds; Metro Bank; Monzo; NatWest; Nationwide; Santander; Starling; The Co-Op; Royal Bank of Scotland; TSB; and Yorkshire Bank.

While extending data sharing to cover the smaller institutions that constitute the other 3% “would likely be ineffective” and overly burdensome, the DWP believes it is “important to not shut off this option in primary legislation as we do not want fraudsters to see this as a loophole and change their banking approach to deliberately circumvent our measure”.

Work and pensions secretary Mel Stride said: “These new powers send a very clear message to benefit fraudsters – we won’t stand for it. These people are taking the taxpayer for a ride and it is right that we do all we can to bring them to justice. These powers will be used proportionately, ensuring claimants’ data is safely protected while rooting out fraudsters at the earliest possible opportunity.”

The plans for giving the DWP access to bank data were announced as part of a range of what the government described as “common-sense changes to the Data Protection and Digital Information Bill”.

Other proposed legal changes would see social media firms required to retain the data of users that have died by suicide. This information “could then be used in subsequent investigations or inquests”, according to the government.

UK counter-terror police would also be empowered under the updated law to retain indefinitely the biometric data of individuals with a conviction overseas.

Secretary of state for science, innovation and technology Michelle Donelan, said: “Britain has seized a key Brexit opportunity – boosting small businesses, protecting consumers and cracking down on criminal enterprises like nuisance calling and benefit fraud. These changes protect our privacy and data while also injecting common sense into the system – whether it is cracking down on cookies, scrapping pointless paperwork which stifles productivity, tackling benefit fraud or making it easier to protect our citizens from criminals. These changes help to establish the UK as a world-leading data economy; one that puts consumers and businesses at the centre and removes the ‘one-size-fits-all’ barriers that have held many British businesses back.”

The amendments are set to go through the report stage in the House of Commons tomorrow, before then making their way on to the House of Lords.

ChatGPT is full of sensitive private information and spits out verbatim text from CNN, Goodreads, WordPress blogs, fandom wikis, Terms of Service agreements, Stack Overflow source code, Wikipedia pages, news blogs, random internet comments, and much more.

Using this tactic, the researchers showed that there are large amounts of privately identifiable information (PII) in OpenAI’s large language models. They also showed that, on a public version of ChatGPT, the chatbot spit out large passages of text scraped verbatim from other places on the internet.

“In total, 16.9 percent of generations we tested contained memorized PII,” they wrote, which included “identifying phone and fax numbers, email and physical addresses … social media handles, URLs, and names and birthdays.”

Edit: The full paper that's referenced in the article can be found here

Two questions.

My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn't secure. My brother has just said

"oh Whatsapp is encrypted, it's perfectly secure".

First, is it actually as encrypted and safe as my brother claims? That would solve everything.

Second, if it isn't, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn't make me look like a raving loony?

Sorry if this isnt exactly perfect topic for this community. But i bought a t440p because of libreboot, and am waiting for it to come in the mail. Im very excited and have watched a few videos about it. I purely bought it because of the privacy that can be had

Personally, I think Netflix was a relatively tactful in this particular instance, but it's a stark reminder of the sort of privacy we swear away when using social media or any service that sees our face.

[email protected]

I've noticed than most of them have stopped working including all invidious and piped instances

cross-posted from: https://lemmy.nz/post/3829409

Meta charges up to €251.88 per year to respect the fundamental right to privacy of EU users. This is a violation of the GDPR.

If it were possible to run LLMs without a significant investment to GPU prowess, this problem wouldn't be very relevant. However, the bigger FOSS LLMs require a lot of power to run.

Is there any automated technique (scripts, lookups etc) that can warn a user before the content is posted online? I'm asking this specifically for textual content.

Thanks

I didn't mention what I wanted clearly enough, so here goes:

I am looking to scan my own posts/comments for stylometry statistics, for the most part, but PII would be nice. I'll deal with the browser-agent, Cookies, IP etc.

Threat model would likely be to prevent people who might be wanting to link my identity with my online persona. Obviously, the government is excluded since they can just mine the IP from Lemmy mods and get to me. This is someone who is interested in my identity and will use FOSS/some proprietary tools to link my identities

Edit: it seems there are packages available on python and R to parser through text and try to infer identity from stylometric data. I'll have to look into that, but it seems doable at a basic level.

Nairobi boasts nearly 2,000 Huawei surveillance cameras citywide. But in the nine years since they were installed, it is hard to see their benefits.

Two proposed federal class action lawsuits, filed in the wake of a Markup investigation, accuse the grocer of disclosing private data through its online store and pharmacy

Kroger, the largest supermarket chain in the U.S., is being sued in federal court for the unauthorized sharing of personally identifiable information and health data with Meta.

Two different proposed class-action lawsuits were filed on Nov. 10 and Nov. 13 in the Southern District of Ohio, Western Division. The plaintiffs, both from Ohio, are anonymous. Illustration of a grocery store basket on a conveyer belt, filled with various objects including smiley faces, location pins, credit cards, data blocks, envelopes and receipts.

When you use supermarket discount cards, you are sharing much more than what is in your cart—and grocery chains like Kroger are reaping huge profits selling this data to brands and advertisers February 16, 2023 08:00 ET

The suits alleged that Kroger essentially ”planted a bug” on its website, which includes an online pharmacy, and was “looking over the shoulder of each visitor for the entire duration of their Website interaction.” That “bug” refers to the Meta Pixel and the other trackers Kroger used on its website. The Nov. 10 suit claimed that as a result, Kroger leaked details of which medications and dosages a patient sought or purchased from Kroger’s pharmacy, which then allowed “third parties to reasonably infer that a specific patient was being treated for a specific type of medical condition such as cancer, pregnancy, HIV, mental health conditions, and an array of other symptoms or conditions.”

In February, The Markup revealed that Kroger collects extensive data through its loyalty program. The investigation detailed Kroger’s use of the Meta pixel on kroger.com, including how the company sent information to Meta when a pregnancy test was added to a virtual shopping cart. A similar example was included in the Nov. 10 lawsuit, showing that Meta is informed when a user searches on Kroger.com for Plan B contraceptives. The Nov. 13 lawsuit, in trying to establish the harms of “mishandling medical information,” also cited a Markup story on hospital websites disclosing sensitive information to Meta through the pixel.

Both suits claim that the use of Meta’s tracking pixel violates the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and Ohio state laws covering health information and privacy. They both cite warnings from the Federal Trade Commission and the Department of Health and Human Services against improper disclosure of personal health information online.

Kroger did not respond to a request for comment.

Attorneys for the plaintiffs either declined to comment or did not respond.

The Markup has reported extensively on sensitive information shared to Meta through the pixel, including by education technology providers, crisis mental health hotlines, hospitals, tax preparation companies and student financial aid providers.

link: https://themarkup.org/privacy/2023/11/27/kroger-sued-for-sharing-sensitive-health-data-with-meta

No apple TV please. Needs to support some kind of casting, and the addition of whatever googles casting is would be nice (for an oculus)

The priest’s data has been obtained from commercially available databases

TLDR: $4 million, and 52 weeks of data for a catholic organization to out the "sinner". A dragnet search, not checking him specifically.

"More than half of the websites in the study accepted passwords with six characters or less, with 75% failing to require the recommended eight-character minimum. Around 12% of had no length requirements, and 30% did not support spaces or special characters."

Although the headline focusses on a obvious category of media, it really can go wrong on a lot of other categories as well.

I have never used Google Messages but I will most likely have to start using it once RCS support is added on iOS.

I am running GrapheneOS with no Google Play services and was curious if Google Messages would run without it. I am assuming notifications will be delayed but is there anything else?

Is anyone here running GrapheneOS and Google Messages?