We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

URL has been copied successfully!
Privacy Roundup: Week 6 of Year 2025
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Privacy Roundup: Week 6 of Year 2025

by

Andy Stern
in

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

This is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user’s devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed. Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or “popular” stories.

Privacy Tip of the Week

Make sure to clear your clipboard after copying sensitive information such as passwords.

Surveillance Tech in the News

up close view of camera lens This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy. The biggest breach of US government data is under way TechCrunch This is included for the privacy and cybersecurity ramifications of departing from basic information security principles. DOGE’s near unfettered access to sensitive PII of tens of millions of Americans raises immense questions about whether the security minimal privacy rules put in place are in fact being followed. U.K. orders Apple to let it spy on users’ encrypted accounts ArsTechnica The UK government issued a secret order demanding Apple implement a backdoor to let it retrieve anything any Apple user has uploaded to the cloud. The demand seeks and implies it would circumvent even the protections introduced with Advanced Data Protection or ADP (if enabled by a user), which introduces “true” end-to-end encryption (where Apple doesn’t have the keys) for most data stored in iCloud.

Note: Not explicitly US-related, but given the UK’s membership in the 5-eyes and Apple being a US company, and the EU’s attempt to pass Chat Control over the last few years… this is certainly a news item worth paying attention to. Spyware maker Paragon terminates contract with Italian government: media reports TechCrunch This campaign was included in Week 5 of the Privacy Roundup, where Meta disrupted a campaign on WhatsApp targeting approximately 100 users with Paragon Spyware. Some of these users were journalists critical of the Italian government. Paragon terminated the contract with the Italian government on 5 FEB 2025, alleging it had “broken the terms and service and ethical framework it had agreed to…” Additionally, among the targets there were users in Austria, Belgium, Cyprus, Czech Republic, Denmark, Germany, Greece, Latvia, Lithuania, the Netherlands, Portugal, Spain, and Sweden.

Note: While this doesn’t have a US-nexus, this is something probably worth paying attention to… Spyware maker Paragon confirms US government is a customer TechCrunch This came before some of the revelations in the news item immediately preceding this one, “Spyware maker Paragon terminates contract with Italian government: media reports.” The key takeaway here is that Paragon Solutions has a subsidiary in the US and confirmed it licenses its technology to “the United States and its allies.” TSA’s airport facial-recog tech faces audit probe The Register Senators inquired whether these facial recognition systems were having any meaningful impact – reduce expenses, reducing wait times, stopping “terrorists,” beyond just being hi-tech “security theater.” Consequently, the DHS Inspector General launched an audit of the TSA’s use of facial recognition.

Privacy Tools and Services

Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com

Privacy Tools

fingerprint scan on blue background Firefox desktop 135.0 release notes Mozilla A bigger Firefox release (135) featuring progressive rollouts of optional AI chatbot access, credit card autofill, CRlite cert revocation checking, and incorporating safeguards for the history API to prevent abuse by websites. This release also includes 11 security fixes: 7 classified as high, 4 as moderate, and 2 as low. Open source YouTube client NewPipe releases v0.27.6 with some enhancements and bug fixes AlternativeTo This version fixes bugs such as HTTP 403 errors while playing videos and others which may prevent videos from loading. Tails 6.12 Tails Tails 6.12 has important security fixes, including preventing an attacker monitoring Tor circuits when another application in Tails is hijacked and preventing an attacker from changing Persistent Storage settings. Using custom scriptlets to make the Web work the way you want Brave Brave introduces the ability for users to write and inject their own scriptlets into a web page for the Brave Browser (version 1.75).

Privacy Services

data and storage concept orange and yellow tiles Mullvad VPN for Windows on ARM is here! Mullvad Mullvad VPN client is now available for Windows ARM desktops.

Vulnerabilities and Malware

Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user. This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.

Vulnerabilities

padlock with bullet hole on circuit board Experts Flag Security, Privacy Risks in DeepSeek AI App Krebs on Security NowSecure conducted a privacy and security review of the DeepSeek iOS app, finding numerous concerns: The app collects significant information about the user’s device, including the actual device name. They even comment that this is on “the edge of advanced device fingerprinting.” The app disables App Transport Security (ATS), an iOS platform level protection preventing sensitive data from being sent over unencrypted channels… so it sends device information in the clear, available for anyone listening to read and modify. It could be sharing/exposing information of users… just in Week 5 of the Privacy Roundup, DeepSeek had an internal database exposed to the internet. Stable Channel Update for Desktop Google Chrome Releases Chrome version 133 includes 12 security fixes, including a high severity use-after-free vulnerability in the V8 JavaScript engine (CVE-2025-0445). Chromium forks should incorporate these security fixes as soon as possible. Users should check with the maintainer…

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2025/02/privacy-roundup-week-6-of-year-2025/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. 25 on 2025: APAC security thought leaders share their predictions and aspirations
  2. Privacy Roundup: Week 4 of Year 2025
  3. 8 biggest cybersecurity threats manufacturers face
  4. Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying Attacks