Privacy Digest 06/26
Proton: FBI user identification shakes Swiss data protection
A Proton email account used by activists, believed to be anonymous, was traced by the FBI after Swiss authorities approved a legal assistance request. Because the account was paid, Proton had to provide payment information that ultimately revealed the user’s identity. The case highlights the limits of anonymity in encrypted services: while message content remains protected, metadata and payment records can still expose users through international legal cooperation. It also illustrates how payment processors and other third party services can create traceable data trails that undermine expectations of anonymity on privacy focused platforms.
heise.de
CBP tapped into the online advertising ecosystem to track peoples’ movements
U.S. Customs and Border Protection purchased location data from the online advertising ecosystem to track the movements of mobile phones over time. The information originates from advertising technology systems such as real time bidding, where apps share device identifiers and location data during ad auctions. Although these identifiers do not directly include names or phone numbers, they allow investigators to link movement patterns to specific devices and analyze where those devices travel. The practice highlights how data generated by ordinary apps like games, dating platforms, or fitness trackers can be repurposed for government surveillance. The article also notes that lawmakers are calling for further oversight and investigation into such data purchases.
404media.co
Meta hit with a class action lawsuit over smart glasses' privacy claims
Meta faces a class action lawsuit alleging that its Ray-Ban Meta smart glasses were falsely marketed as privacy protecting devices. The complaint follows reports that human contractors reviewing footage for AI training were exposed to sensitive recordings captured by the glasses, including intimate moments recorded unintentionally by users. According to the lawsuit, users relied on Meta’s privacy claims and were not informed that certain images and videos processed through AI features could be reviewed externally. While Meta says locally stored recordings remain private unless users choose to share them, footage used for AI functions may still enter the company’s data processing pipeline.
engadget.com