SafeGraph, the data broker famous for selling location data linked to abortion clinic visits, is now a US military contractor. Documents obtained by WIRED reveal that the company landed an initial contract with the US Air Force and is hoping the Pentagon will buy a tool that SafeGraph says will pinpoint locations not to bomb, like schools and hospitals.
Your data is, of course, everywhere—likely including in the training data of generative AI tools like ChatGPT. Fortunately, at least some users can request that OpenAI, which created the tool, delete their data. It’s also possible to delete your chat history with ChatGPT. We run down how to do both right here. As Signal Foundation president Meredith Whittaker recently told WIRED during the latest episode of our new podcast Have a Nice Future, the surveillance economy, while powerful, is relatively new—and can still be dismantled if we have the will to do so.
Of course, even if you’re doing everything in your power to keep your data private, you’re probably still leaving a trail that can be traced back to you. Just ask any of the cyberattack-for-hire service operators who’ve been shut down or arrested thanks to an independent team of sleuths who’ve systematically dismantled the so-called booter services in recent years. Calling themselves Big Pipes, the group most recently contributed to the takedown of 13 booter services earlier this month.
Speaking of pipes, the US Environmental Protection Agency is facing a lawsuit from Republican-led states that could endanger the Biden administration’s efforts to better protect the country’s critical infrastructure, like water plants, from cyberattacks. If the suit is successful, similar lawsuits could undermine the White House’s entire cyber regulation agenda.
Elsewhere in the world of nefarious cyber actors, a mysterious group of hackers was recently discovered conducting espionage operations against both pro-Ukrainian and pro-Russian entities since 2020. The group, dubbed Red Stringer by security firm Malwarebytes, is believed to be state-sponsored and may have ties to Moscow. But efforts to uncover the hackers’ true allegiances and identities are still ongoing.
One thing anyone needs to stay private online is a secure way to communicate, which means end-to-end encryption. Twitter this week rolled out its long-awaited encrypted direct messages (DMs). The problem is, the company put encrypted DMs behind a paywall—you have to subscribe to Twitter Blue to use them—and it only works among users who meet a variety of other criteria. Our advice? Just use Signal or WhatsApp.
But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories, and stay safe out there.
Yesterday, Reuters reported that the vehicle data of millions of Toyota customers in Japan had been publicly available for a decade due to a simple technical error. The 2.15 million customers whose data was exposed make up nearly the entire customer base who have signed up for Toyota’s main cloud service platforms since 2012.
A Toyota spokesperson told Reuters that the accidental leak may have exposed extremely sensitive data, including a vehicle’s location and identification number. The issue, which began in 2013, was due to a “cloud system” being set to public instead of private, the spokesperson said.