Tag Archive for: it’s

It’s Impossible To Opt Out Of Android’s Ad Tracking; Max Schrems Aims To Change That

/in

Most of the world has been under some form of lockdown for weeks, but that clearly hasn’t stopped the indefatigable Austrian privacy expert Max Schrems from working on his next legal action under the EU’s GDPR. Last year, he lodged a complaint with the French Data Protection Authority (CNIL) over what he called the “fake consent” that people must give to “cookie banners” in order to access sites. Now he has set his sights on Google’s Android Advertising ID, which is present on every Android phone. It builds on research carried out by the Norwegian Consumer Council, published in the report “Out of control”.

Today noyb.eu filed a formal GDPR complaint against Google for tracking users through an “Android Advertising ID” without a valid legal basis. The data collected with this unique tracking ID is passed on to countless third parties in the advertising ecosystem. The user has no real control over it: Google does not allow to delete an ID, just to create a new one.

The Android Advertising ID (AAID) is central to Google’s advertising system. It allows advertisers to track users as they move around the Internet, and to build profiles of their interests. Google claims that this “gives users better controls”, which is true if people want to receive highly-targeted advertising. But if they wish to opt out of this constant tracking, there is a problem. Although Google allows you to change your AAID, it is not possible to do without it completely: the best you can manage is to get a new one. And as the detailed legal complaint to the Austrian Data Protection Authority (pdf) from Schrems points out, there are multiple ways to link old AAIDs with new ones:

Studies and official investigations have proved that the AAID is stored, shared and, where needed, linked with old values via countless other identifiers such as IP addresses, IMEI codes and GPS coordinates, social media handles, email addresses or phone number, de facto allowing a persistent tracking of Android users.

Schrems’ organization None of Your Business (noyb.eu) claims that’s unacceptable under the GDPR:

EU Law requires user choice. Under GDPR, the strict European privacy law, users must consent to being tracked. Google does not collect valid “opt-in” consent before generating the tracking ID, but seems to generate these IDs without user consent.

Google’s position is weakened by the fact that Apple gives users of its smartphones the ability to opt out of targeted ads; for those using iOS 10 or later, the advertising identifier is replaced with an untrackable string of zeros:

If you choose to enable Limit Ad Tracking, Apple’s advertising platform will opt your Apple ID out of receiving ads targeted to your interests, regardless of what device you are using. Apps or advertisers that do not use Apple’s advertising platform but do use Apple’s Advertising Identifier are required to check the Limit Ad Tracking setting and are not permitted by Apple’s guidelines to serve you targeted ads if you have Limit Ad Tracking enabled. When Limit Ad Tracking is enabled on iOS 10 or later, the Advertising Identifier is replaced with a non-unique value of all zeros to prevent the serving of targeted ads. It is automatically reset to a new random identifier if you disable Limit Ad Tracking.

The formal legal complaint was filed on behalf of an Austrian citizen, requesting that the AAID should be deleted permanently. If the action succeeds, that would allow anyone in the EU — and probably elsewhere — to do the same. In addition, the complaint points out that under the GDPR, the maximum possible fine, based on 4% of Google’s worldwide revenue, would be about €5.94 billion. There’s no chance such an unprecedented sum would be imposed, but the fact that every Android user in the EU is forced to use Google’s AAID could lead to a fairly hefty fine if Schrems succeeds with his latest legal defense of privacy.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Techdirt.

It’s Not Even Clear If Remdesivir Stops COVID-19, And Already We’re Debating How Much It Can Price Gouge

/in

You may recall in the early days of the pandemic, that pharma giant Gilead Sciences — which has been accused of price gouging and (just last year!) charging exorbitant prices on drug breakthroughs developed with US taxpayer funds — was able to sneak through an orphan works designation for its drug remdesevir for COVID-19 treatment. As we pointed out, everything about this was insane, given that orphan works designations, which give extra monopoly rights to the holders (beyond patent exclusivity), are meant for diseases that don’t impact a large population. Gilead used a loophole: since the ceiling for infected people to qualify for orphan drug status is 200,000, Gilead got in its application bright and early, before there were 200,000 confirmed cases (we currently have over 1.3 million). After the story went, er… viral, Gilead agreed to drop the orphan status, realizing the bad publicity it was receiving.

After a brief dalliance with chloroquine, remdesivir has suddenly been back in demand as the new hotness of possible COVID-19 treatments. Still, a close reading of the research might give one pause. There have been multiple conflicting studies, and Gilead’s own messaging has been a mess.

On April 23, 2020, news of the study’s failure began to circulate. It seems that the World Health Organization (WHO) had posted a draft report about the trial on their clinical trials database, which indicated that the scientists terminated the study prematurely due to high levels of adverse side effects.

The WHO withdrew the report, and the researchers published their results in The Lancet on April 29, 2020.

The number of people who experienced adverse side effects was roughly similar between those receiving remdesivir and those receiving a placebo. In 18 participants, the researchers stopped the drug treatment due to adverse reactions.

But then…

However, also on April 29, 2020, the National Institute of Allergy and Infectious Diseases (NIAID) announced that their NIH trial showed that remdesivir treatment led to faster recovery in hospital patients with COVID-19, compared with placebo treatment.

“Preliminary results indicate that patients who received remdesivir had a 31% faster time to recovery than those who received placebo,” according to the press release. “Specifically, the median time to recovery was 11 days for patients treated with remdesivir compared with 15 days for those who received placebo.”

The mortality rate in the remdesivir treatment group was 8%, compared with 11.6% in the placebo group, indicating that the drug could improve a person’s chances of survival. These data were close to achieving statistical significance.

And then…

“In addition, there is another Chinese trial, also stopped because the numbers of new patients with COVID-19 had fallen in China so they were unable to recruit, which has not yet published its data,” Prof. Evans continues. “There are other trials where remdesivir is compared with non-remdesivir treatments currently [being] done and results from some of these should appear soon.”

Gilead also put out its own press release about another clinical trial, which seems more focused on determining the optimal length of remdesivir treatment. Suffice it to say, there’s still a lot of conflicting data and no clear information on whether or not remdesevir actually helps.

Still, that hasn’t stopped people from trying to figure out just how much Gilead will price gouge going forward:

The Institute for Clinical and Economic Review (ICER), which assesses effectiveness of drugs to determine appropriate prices, suggested a maximum price of $ 4,500 per 10-day treatment course based on the preliminary evidence of how much patients benefited in a clinical trial. Consumer advocacy group Public Citizen on Monday said remdesivir should be priced at $ 1 per day of treatment, since “that is more than the cost of manufacturing at scale with a reasonable profit to Gilead.”

Some Wall Street investors expect Gilead to come in at $ 4,000 per patient or higher to make a profit above remdesivir’s development cost, which Gilead estimates at about $ 1 billion.

So… we’ve got a range of $ 10 to $ 4,500 on a treatment that we don’t yet know works, and which may or may not save lives. But, given that we’re in the midst of a giant debate concerning things like “reopening the economy” — something that can really only be done if the public is not afraid of dying (or at least becoming deathly ill) — the value to the overall economy seems much greater than whatever amount Gilead wants to charge. It seems the right thing to do — again, if it’s shown that remdesevir actually helps — is to just hand over a bunch of money to Gilead, say “thank you very much” and get the drug distributed as widely as possible. Though, again, it should be noted that a decent chunk of the research around remdesevir was not done or paid for by Gilead, but (yet again) via public funds to public universities, which did the necessary research. The idea that it’s Gilead that should get to reap massive rewards for that seems sketchy at best. But the absolute worst outcome is one in which Gilead sticks to its standard operating procedure and prices the drug in a way that millions of Americans can’t afford it, and it leads to a prolonging/expanding of the pandemic.

Techdirt.

FBI warns video calls are getting hijacked. It’s called ‘Zoombombing’ – CNN

/in
  1. FBI warns video calls are getting hijacked. It’s called ‘Zoombombing’  CNN
  2. A Must For Millions, Zoom Has A Dark Side — And An FBI Warning  NPR
  3. ‘Zoombombing’ Is a Horrifying New Trend  The Cut
  4. View Full Coverage on read more

“HTTPS hijacking” – read more

Free Netflix pass because of Coronavirus? It’s a scam

/in

The public is being warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic.

Read more in my article on the Hot for Security blog.

Graham Cluley