This is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 – 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user’s devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed. Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or “popular” stories.
Privacy Tip of the Week
Don’t enable remote management on your router; this exposes your control panel to the public internet, which in some situations could compromise the security of router (and network).
Surveillance Tech in the News
This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy. The surveillance tech waiting for workers as they return to the office ArsTechnica RTO continues to pick up steam… with hiring slowing, there has been a shift towards squeezing more productivity out of current workers. In pursuit of “more productivity,” some employers are leaning heavily into surveillance tech. Many different systems can track workers inside office buildings; of course, there is already plenty of software that tracks what workers do on company equipment as well. The UK will neither confirm nor deny that it’s killing encryption The Verge
This is not US-related, but certainly important enough to follow as it may have ramifications in the US in the form of setting precedent. A continuation of the events stemming from UK giving a secret order to Apple to incorporate backdoors for iCloud, regardless of whether ADP was enabled. Companies who have received these orders cannot legally say so and the British Home Office department naturally will not confirm or deny involvement. Signal will withdraw from Sweden if encryption-busting laws take effect The Register
While not US-focused, this is something worth paying attention to. Right on the heels of the UK secretly ordering Apple to give it backdoor access to iCloud encryption (even with ADP enabled), Sweden is considering passing legislation that would backdoor end-to-end encryption as well. Private messaging platform Signal has threatened to pull out of Sweden if these laws take effect. Anti-Surveillance Mapmaker Refuses Flock Safety’s Cease and Desist Demand EFF Flock Safety has sold automated license plate readers to thousands of law enforcement agencies around the US. A privacy activist created a website that crowdsourced the locations of these license plate readers. Flock Safety sent the activist a cease-and-desist letter in an attempt to silence him and the project.
Privacy Tools and Services
Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com
Privacy Tools
Introducing a terms of use and updated privacy notice for Firefox Mozilla Mozilla has introduced a Terms of Use to Firefox. This is alongside an updated privacy notice. The language used in the new ToU and specific removals from the privacy notice sparked confusion among users, as the new language implied that Firefox as a whole was subject to the ToU and would make anything typed/processed in the browser available for Mozilla use.
You can get my thoughts/explainer on this from Mastodon. NOTE: Mozilla released yet another update on this, which seeks to better explain their changes and the new Terms of Use. Mozilla’s approach to Manifest V3: What’s different and why it matters for extension users Mozilla In a time where many browsers are phasing out Manifest v2 extensions, Mozilla confirms support for Manifest v2 and v3 extensions.
Privacy Services
Brave iOS update brings Smart Proxy and Kill Switch AlternativeTo This has more to do with Brave’s VPN service rather than its browser. An update (version 1.75) on iOS introduces Smart Proxy and Kill Switch for Brave’s VPN service.
Vulnerabilities and Malware
Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user. This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.
Vulnerabilities
A single default password exposes access to dozens of apartment buildings TechCrunch Internet-connected entrance keypads/locks used by some apartment complexes have a default password. Anyone with this default password could access these “locked” apartment complexes. While it could be changed, the device does not prompt end users to change the password. The manufacturer (Hirsch) does not plan a security fix. 61% of Hackers Use New Exploit Code Within 48 Hours of Attack Infosecurity Magazine According to SonicWall’s Annual Cyber Threat Report (2024), for year 2024 cyber threat actors launched attacks within 48 hours of discovering a vulnerability, with approximately 61% of attackers using new exploit code in this window. This supports other reporting throughout the last 2-3 years citing that attackers are attempting exploits of disclosed/discovered vulnerabilities quicker. For this reason, users are encouraged to stay on top of security updates for their software/firmware. House Dems say DOGE is leaving publicly exposed entry points into government systems Cyberscoop No specific vulnerabilities are mentioned here. Allegedly, DOGE left endpoints of various government agencies exposed. This included the Treasury Department’s Secure Payment System and systems from various National Laboratories that manage systems connected to the US nuclear stockpile. Researchers uncover unknown Android flaws used to hack into a student’s phone TechCrunch
This is not US-related, but given the current environment, it is worth including here. Serbian police used previously “unknown” (and naturally, undisclosed) flaws in Android to use forensic tools – such as Cellebrite – to unlock phones. In this specific case, Serbian police used these…
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/03/privacy-roundup-week-9-of-year-2025/
