An anonymous reader quotes a report from CNET: A group of U.S. senators on Monday introduced a bill to regulate contact-tracing apps, aiming to protect user privacy as technology is used to track the spread of the novel coronavirus. The proposal is called the Exposure Notification Privacy Act and seeks to ensure that people couldn't be forced to use the technology. It also would make sure that the data isn't used for advertising or commercial purposes and that people can delete their data. The bill seeks to require that notification systems only rely on "an authorized diagnosis" that came from medical organization.

"Public health needs to be in charge of any notification system so we protect people's privacy and help them know when there is a warning that they might have been exposed to COVID-19," Sen. Maria Cantwell, a Democrat from Washington and one of the bill's sponsors, said in a comment provided to CNET. Cantwell's co-sponsor on the bill is Sen. Bill Cassidy, a Republican from Louisiana. Amy Klobuchar, a Democrat from Minnesota, also has given her support. "We need to regulate apps that provide COVID-19 exposure notification to protect a user's privacy, prevent data misuse and preserve our civil rights -- and this bill offers a roadmap for doing all three," Public Knowledge Policy Counsel Sara Collins said in a statement. "The bill marks a valuable first step in the long road ahead to protecting Americans' data."

Microsoft has now admitted it failed to give due credit to Canadian developer Keivan Beigi for his role in the new WinGet Windows 10 package manager. From a report: Last week, Beigi, who built the open-source AppGet package manager for Windows, accused Microsoft of copying his work for WinGet without acknowledging his product's influence. Beigi says Microsoft copied large parts of AppGet to deliver WinGet, the Windows package manager announced at Microsoft Build 2020. Last week, he detailed his discussions with a senior manager at Microsoft named Andrew who approached him in July 2019 with an invitation to meet and discuss "how we can make your life easier building AppGet".

Andrew Clinick, a group program manager on the team responsible for how apps install on Windows, has now admitted Microsoft failed to give Beigi proper credit for AppGet's influence on WinGet. "Our goal is to provide a great product to our customers and community where everyone can contribute and receive recognition," wrote Clinick. "The last thing that we want to do is alienate anyone in the process. That is why we are building it on GitHub in the open where everyone can contribute. "Over the past couple of days we've listened and learned from our community and clearly we did not live up to this goal. More specifically, we failed to live up to this with Keivan and AppGet. This was the last thing that we wanted."

Google's move to put Javier Soltero, VP and GM of G Suite, in charge of Messages, Duo, and the phone app on Android, puts all of Google's major communication products under one umbrella: Soltero's team. Dieter Bohn reports via The Verge: Soltero tells me that there are no immediate plans to change or integrate any of Google's apps, so don't get your hopes up for that (yet). "We believe people make choices around the products that they use for specific purposes," Soltero says. Still, Google's communications apps are in dire need of a more coherent and opinionated production development, and Soltero could very well be the right person to provide that direction. Prior to joining Google, he had a long career that included creating the much-loved Acompli email app, which Microsoft acquired and essentially turned into the main Outlook app less than two months after signing the deal.

Soltero has also moved rapidly (at least by the standards of Google's communication apps) to clean up the Hangouts branding mess, converting Hangouts Video to Google Meet and Hangouts Chat to Google Chat -- at least on the enterprise side. Google Meet also became free for everybody far ahead of the original schedule because of the pandemic. Cleaning up the consumer side of all that is more complicated, but Soltero says, "The plan continues to be to modernize [Hangouts] towards Google Meet and Google Chat." "Soltero will remain on the cloud team but will join Hiroshi Lockheimer's leadership team," Dieter adds. While Lockheimer believes there are opportunities to better integrate Google's apps into its platforms, he says it doesn't make sense to force integration or interoperability too quickly.

"It's not necessarily a bad thing that there are multiple communications applications if they're for a different purpose," Lockheimer says. "Part of what might be confusing, what we've done to confuse everyone, is our history around some of our communications products that have gone from one place or another place. But we're looking forward now, in a way that has a much more coherent vision."

An anonymous reader quotes a report from Wired: A little after 6 pm ET on Wednesday, the system started blinking red for iOS developer Clay Jones. Like many devs, Jones uses a Google product called Crashlytics to keep tabs on when his app stops working. Out of nowhere, it registered tens of thousands of crashes. It also pointed to the cause: a chunk of code that Jones' app incorporates to let people log in with their Facebook accounts. By 6:30 pm, Jones had filed a bug report about the flaw in Facebook's software development kit on GitHub, the code repository. He wasn't alone. According to widespread reports and the web monitoring service Down Detector, prominent iOS apps like TikTok, Spotify, Pinterest, Venmo, and more experienced issues on Wednesday. Many users found that they crashed whenever they tried to open the apps, whether or not they used Facebook to log in.

"Yesterday, a new release of Facebook included a change that triggered crashes in some apps using the Facebook iOS SDK for some users. We identified the issue quickly and resolved it," Facebook said in a statement. That change was quite small, given its outsized impact. "It was something like a server value -- which was supposed to provide a dictionary of things -- was changed to providing a simple YES/NO instead, without warning," says iOS developer Steven Troughton-Smith. "A change that simple can break an app that isn't prepared for it."

"Pretty much all these apps -- Pinterest, Spotify, a lot of the big ones -- use the Facebook SDK for the login button," says Jones. "You'll see 'Login With Facebook.' Everyone has it, super common, great for sign-up rates because it's just a one-click thing." And lots of apps that don't use Login With Facebook still use the SDK, which is why the issue Wednesday was so widespread. [...] The good news is that Facebook did fix the issue with haste, as far as these things go. Jones says it took about two hours for things to return to normal.

An anonymous reader quotes a report from Ars Technica: Security researcher Trammell Hudson analyzed the AirSense 10 -- the world's most widely used CPAP -- and made a startling discovery. Although its manufacturer says the AirSense 10 would require "significant rework to function as a ventilator," many ventilator functions were already built into the device firmware. Its manufacturer, ResMed, says the $700 device solely functions as a continuous positive airway pressure machine used to treat sleep apnea. It does this by funneling air into a mask. ResMed says the device can't work as a bilevel positive airway pressure device, which is a more advanced machine that pushes air into a mask and then pulls it back out. With no ability to work in both directions or increase the output when needed, the AirSense 10 can't be used as the type of ventilator that could help patients who are struggling to breathe. After reverse-engineering the firmware, Hudson says the ResMed claim is simply untrue.

To demonstrate his findings, Hudson on Tuesday is releasing a patch that he says unlocks the hidden capabilities buried deep inside the AirSense 10. The patch is dubbed Airbreak in a nod to jailbreaks that hobbyists use to remove technical barriers Apple developers erect inside iPhones and iPads. Whereas jailbreaks unlock functions that allow the installation of unauthorized apps and the accessing of log files and forensic data, Airbreak allows the AirSense 10 to work as a bilevel positive airway pressure machine, a device that many people refer to as a BiPAP. "Our changes bring the AirSense S10 to near feature parity with BiPAP machines from the same manufacturer, boost the maximum pressure output available, and provide a starting point to add more advanced emergency ventilator functionality," Hudson and other researchers wrote on their website disclosing the findings. The researchers say Airbreak isn't ready to be used on any device to treat a patient suffering from COVID-19 -- it's simply to prove that the AirSense 10 does have the ability to provide emergency ventilator functions, and to push ResMed to release its own firmware update that unlocks the ventilator functions.

Apple is working on a new way to offer specific parts of third-party apps across the system without needing to have them installed, 9to5Mac has learned based on an early build of iOS 14. From a report: The feature would allow users to experience parts of an app's functionality by scanning a QR Code. If you open a link or scan a QR code today from an app that you haven't installed on your iPhone or iPad, it will open that link in Safari. Apps can provide universal links, which open the app instead of Safari when the app is installed. But that could change in the near future with a new API internally referred to as "Clips" found on iOS 14 code. As 9to5Mac has analyzed this new API, we can say that it allows developers to offer interactive and dynamic content from their apps even if you haven't installed them. The Clips API is directly related to the QR Code reader in the build we have access to, so the user can scan a code linked to an app and then interact with it directly from a card that will appear on the screen.

"Zoomboming," where someone successfully invades a public or private meeting over the videoconferencing platform to broadcast shock videos, pornography, or other disruptive content, could result in fines and possible imprisonment, according to federal prosecutors. The Verge reports: The warning was posted as a press release to the Department of Justice's website under the U.S. Attorney's office for the state's Eastern district with support from the state attorney general and the FBI. Now, prosecutors say they'll pursue charges for Zoombombing, including "disrupting a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications." Some of the charges include fines and possible imprisonment. The press release says that if you or anyone you know becomes a victim of teleconference hacking, they can report it to the FBI's Internet Crime Complaint Center. "Do not make the meetings or classroom public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guest," the guidance reads. "Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people."

The Verge adds: "The guidance also advises against allowing anyone but the host to screenshare and asks that users of Zoom and other apps install the latest updates."

Houseparty, a video conferencing desktop and mobile application, said it would pay a $1 million bounty to anyone who could unmask the entity behind what the company described as "a paid commercial smear campaign." From a report: The company's apparent anger comes after Houseparty has been at the center of media reports published yesterday by three British tabloids. The Sun, the Express, and Mirror Online reported on Monday on a large number of Houseparty users claiming they had social media accounts hacked and taken over after installing the video conferencing app on their smartphones. Users reported having Netflix, eBay, Instagram, Snapchat, and Spotify accounts taken over; however, very few were able to provide details about what really happened. Houseparty officials feel they're now being defamed unjustly in a game of dirty politics.

As people work and socialize from home, video conferencing software Zoom has exploded in popularity. What the company and its privacy policy don't make clear is that the iOS version of the Zoom app is sending some analytics data to Facebook, even if Zoom users don't have a Facebook account, according to a Motherboard analysis of the app. From the report: This sort of data transfer is not uncommon, especially for Facebook; plenty of apps use Facebook's software development kits (SDK) as a means to implement features into their apps more easily, which also has the effect of sending information to Facebook. But Zoom users may not be aware it is happening, nor understand that when they use one product, they may be providing data to another service altogether. "That's shocking. There is nothing in the privacy policy that addresses that," Pat Walshe, an activist from Privacy Matters who has analyzed Zoom's privacy policy, said in a Twitter direct message. Upon downloading and opening the app, Zoom connects to Facebook's Graph API, according to Motherboard's analysis of the app's network activity. The Graph API is the main way developers get data in or out of Facebook.
UPDATE: On Friday March 27, Zoom updated its iOS app to stop sending data to Facebook. "We originally implemented the 'Login with Facebook' feature using the Facebook SDK in order to provide our users with another convenient way to access our platform," Zoom told Motherboard. "However, we were recently made aware that the Facebook SDK was collecting unnecessary device data. We sincerely apologize for this oversight..."

An anonymous reader quotes a report from Motherboard: Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media, Motherboard has learned. The news signifies an abuse of data by a government contractor, with Banjo going far beyond what companies which scrape social networks usually do. Banjo created a secret company named Pink Unicorn Labs, according to three former Banjo employees, with two of them adding that the company developed the apps. This was done to avoid detection by social networks, two of the former employees said.

Three of the apps created by Pink Unicorn Labs were called "One Direction Fan App," "EDM Fan App," and "Formula Racing App." Motherboard found these three apps on archive sites and downloaded and analyzed them, as did an independent expert. The apps -- which appear to have been originally compiled in 2015 and were on the Play Store until 2016 according to Google -- outwardly had no connection to Banjo, but an analysis of its code indicates connections to the company. This aspect of Banjo's operation has some similarities with the Cambridge Analytica scandal, with multiple sources comparing the two incidents. [...] The company has not publicly explained how it specifically scrapes social media apps. Motherboard found the apps developed by Pink Unicorn Labs included code mentioning signing into Facebook, Twitter, Instagram, Russian social media app VK, FourSquare, Google Plus, and Chinese social network Sina Weibo. The apps could have scraped social media "by sending the saved login token to a server for Banjo to use later, or by using the app itself to scrape information," reports Motherboard, noting that it's not entirely clear which method Banjo used. "Motherboard found that the apps when opened made web requests to the domain 'pulapi.com,' likely referring to Pink Unicorn Labs, but the site that would provide a response to the app is currently down."

Last weekend, Motherboard reported that Banjo signed a $20.7 million contract with Utah in 2019 that granted the company access to the state's traffic, CCTV, and public safety cameras. "Banjo promises to combine that input with a range of other data such as satellites and social media posts to create a system that it claims alerts law enforcement of crimes or events in real-time."

DoNotPay, the family of consumer advocacy services meant to protect people from corporate exploitation, is launching a new app aimed at helping end our long national nightmare surrounding robocalls by giving you a burner credit card to get their contact details then giving you a chatbot lawyer to automatically sue them. From a report: DoNotPay Founder and CEO Joshua Browder's Robo Revenge app is unique from every other app looking to protect you from robocalls in that it can get you cash while stopping them completely. "All of the big companies like AT&T and Apple have failed to protect consumers," Browder told Motherboard over the phone. "Consumers have to protect themselves. The only way the problem will end is if the robocallers start losing money every time they call someone."

In the past, DoNot Pay has offered various apps to help consumers fight back. DoNotPay's Free Trial Card creates a virtual, one-time-use credit card to protect you from getting charged by "industrialized scams" like free trials. DoNotPay's original offering was a chatbot lawyer program that automatically disputed parking tickets in small claims court. Robo Revenge combines both features to automatically add you to the Do Not Call Registry, generate a virtual DoNotPay burner credit card to provide scammers when they illegally call you anyways, use the transaction information to get the scammer's contact information, then walk you through how to sue them for as much as $3,000 per call under the Telephone Consumer Protection Act (TCPA), a law already on the books meant to protect consumers from calls that violate the Do Not Call Registry. The app also streamlines the litigation paperwork by automatically generating demand letters and court filing documents.

An anonymous reader quotes a report from Motherboard: The popular Edison email app, which is in the top 100 productivity apps on the Apple app store, scrapes users' email inboxes and sells products based off that information to clients in the finance, travel, and e-Commerce sectors. The contents of Edison users' inboxes are of particular interest to companies who can buy the data to make better investment decisions, according to a J.P. Morgan document obtained by Motherboard. On its website Edison says that it does "process" users' emails, but some users did not know that when using the Edison app the company scrapes their inbox for profit. Motherboard has also obtained documentation that provides more specifics about how two other popular apps -- Cleanfox and Slice -- sell products based on users' emails to corporate clients.

Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson for J.P. Morgan Research, the part of the company that created the document, told Motherboard that the research "is intended for institutional clients." That document describes Edison as providing "consumer purchase metrics including brand loyalty, wallet share, purchase preferences, etc." The document adds that the "source" of the data is the "Edison Email App." On the product section of its website, Edison offers "Edison Trends" and "Trends Direct." The company says it can provide "Detailed behavior patterns to improve your customers' experience and business results." Edison is just one of several companies that offer free email apps which then sell anonymized or pseudonymized data derived from users' inboxes. Another company that mines inboxes called Foxintelligence has data that comes from users of the Cleanfox app, which tidies up users' inboxes. Some of the "examples of clients" mentioned in a confidential Foxintelligence presentation include PayPal, consulting giants Bain & Company, and McKinsey & Company.

"A spreadsheet containing data from Rakuten's Slice, an app that scrapes a user's inbox so they can better track packages or get their money back once a product goes down in price, contains the item that an app user bought from a specific brand, what they paid, and an unique identification code for each buyer," adds Motherboard. "An email obtained by Motherboard appeared to show the price for access to Rakuten data for one product category as over $100,000."

Google security engineers said last week they have successfully cut down the "patch gap" in Google Chrome from 33 days to only 15 days. From a report: The term "patch gap" refers to the time it takes from when a security bug is fixed in an open source library to when the same fix lands in software that uses that particular library. In today's software landscape where many apps rely on open source components, the "patch gap" is considered a major security risk. The reason is because when a security bug is fixed in an open source library, details about that bug become public, primarily due to the public nature and openness of most open source projects. Hackers can then use details about these security flaws to craft exploits and launch attacks against software that relies on the vulnerable component, before the software maker has a chance to release a patch. If the software maker is on a fixed release schedule, with updates coming out every few weeks or months, the patch gap can provide hackers with an attack window that most software projects can't deal with.

Over the course of a year, Apple took down 805 apps in mainland China by its own account. From a report: In Apple's latest transparency report accounting for the first half of 2019, the iPhone maker said it removed 288 apps from China's iOS App Store for both legal and policy violations. The Apple Transparency Report goes out twice a year and details requests received from government agencies and private parties worldwide. The report lists government requests to access information on accounts and devices, but the last two reports also include the number of apps Apple removed that period. When it comes to why those apps are removed, though, Apple is tight-lipped. The reports cite two reasons for app removals: Platform violations, which covers gambling apps (gambling is illegal in China), and legal violations, which according to Apple usually means apps with pornography (also illegal in China) and other illegal content.

[...] The total number of apps missing from the App Store because of government censorship is hard to know. GreatFire has used its tool applecensorship.com to identify 2,678 apps that aren't available inside the mainland China App Store. But this number doesn't paint the full picture. Records of missing apps are only generated when people search for them on the website. And there's no information on whether apps were taken down because of a government request, a decision from Apple or the app makers' choice. Many of the apps recorded were never listed on the mainland China App Store. But the list does provide some insight, like the fact that the 149 unavailable news apps is more than in any other country. "We know that app store removals are happening more often in China," said GreatFire's Karen Reilly. "We know that many of these apps are news sources. We know that many of these apps are VPNs and other software that everyday people use to protect their privacy."

Google is working on an initiative to streamline its suite of mobile and browser-based apps for businesses into a singular experience, according to The Information. From a report: The app would combine Gmail, Drive, Hangouts Meet, and Hangouts Chat all in one interface, and would provide easier hooks into products like Google Calendar. Google is notorious for its confusing collection of communication apps, from Hangouts Classic to Hangouts Meet and Duo, as well as others that have been killed off (Wave: never forget), and has stumbled with integration before. The company's unification is clearly designed to push back against Microsoft's growth of its Teams product with larger, more established companies. Additionally, Slack has become the de facto method of realtime collaboration and communication among startups. Slack has made integrations with Google products simple while pushing users away from traditional chat like Hangouts, while Microsoft has gone through a renaissance of sorts, releasing a bevy of redesigned communications apps, like Outlook, to positive reviews.

Microsoft has published a blog post detailing exactly how it imagines dual-screen apps will run on devices like the Surface Duo and Surface Neo -- two foldable devices unveiled back on October that run Android and Windows 10X, respectively. The Verge reports: By default, an app will occupy a single screen according to Microsoft. Surface Duo or Surface Neo users can then span the app across both displays when they're in double-portrait or double-landscape layout. Microsoft envisions that app developers will experiment with different ways to utilize both screens. Some of these include simply using both screens as an extended canvas, having two pages of a document shown at once, using the second display as a companion or dual view of something, or having a master part of the app on one display and details on the second.

These are "initial app pattern ideas," according to Microsoft, and the company could well extend them based on developer feedback in the coming months. Microsoft is also releasing an Android emulator for the Surface Duo today to allow devs to test mobile apps. A Windows 10X emulator for the Surface Neo will arrive next month at around the same time that Microsoft plans to detail more of its dual-screen plans during a developer webcast. Microsoft's Android emulator will naturally support Android apps, and the Windows 10X version will include support for native Windows APIs to let developers detect hinge positions and optimize their win32 or Universal Windows Platform (UWP) apps for these new devices. Microsoft is also proposing new web standards for dual-screen layouts, and is "actively incubating new capabilities that enable web content to provide a great experience on dual-screen devices."

Dutch navigation and digital mapping company TomTom said on Friday it had closed a deal with China's Huawei Technologies for the use of its maps and services in smartphone apps. From a report: The deal with TomTom means that the Chinese telecoms and technology giant can now use the Dutch company's maps, traffic information and navigation software to develop apps for its smartphones, according to a Reuters report. A TomTom spokesman said the deal had been closed some time ago but had not been made public by the company and he declined to provide further details, according to the Reuters report. China's largest smartphone vendor has been forced to develop its own operating systems (OS) for both smartphones and computers after being added to a US blacklist in May on national security grounds, barring it from buying US-origin technology and blocking access to widely used apps such as Google Maps in Huawei's new devices.

The Norwegian Consumer Council published an analysis of how popular apps are sharing user data with the behavioral ad industry. TechCrunch reports the findings: A majority of the apps that were tested for the report were found to transmit data to "unexpected third parties" -- with users not being clearly informed about who was getting their information and what they were doing with it. Most of the apps also did not provide any meaningful options or on-board settings for users to prevent or reduce the sharing of data with third parties. "The evidence keeps mounting against the commercial surveillance systems at the heart of online advertising," the Council writes, dubbing the current situation "completely out of control, harming consumers, societies, and businesses," and calling for curbs to prevalent practices in which app users' personal data is broadcast and spread "with few restraints."

In the report, app users' data is documented being shared with tech giants such as Facebook, Google and Twitter -- which operate their own mobile ad platforms and/or other key infrastructure related to the collection and sharing of smartphone users' data for ad targeting purposes -- but also with scores of other faceless entities that the average consumer is unlikely to have heard of. [...] Among the findings are a makeup filter app sharing the precise GPS coordinates of its users; ovulation, period and mood-tracking apps sharing users' intimate personal data with Facebook and Google (among others); dating apps exchanging user data with each other, and also sharing with third parties sensitive user info like individuals' sexual preferences (and real-time device specific tells such as sensor data from the gyroscope...); and a games app for young children that was found to contain 25 embedded SDKs and which shared the Android Advertising ID of a test device with eight third parties. The 10 apps whose data flows were analyzed for the report are the dating apps Grindr, Happn, OkCupid, and Tinder; fertility/period tracker apps Clue and MyDays; makeup app Perfect365; religious app Muslim: Qibla Finder; children's app My Talking Tom 2; and the keyboard app Wave Keyboard.

"We're at a turning point for driving surveillance," reports the Washington Post (in an article shared by long-time Slashdot reader davidwr ). "In the 2020 model year, most new cars sold in the United States will come with built-in Internet connections, including 100 percent of Fords, GMs and BMWs and all but one model Toyota and Volkswagen."

Often included for free (or sold as an add-on), these connections mean "Cars are becoming smartphones on wheels," collecting and sending data "pretty much wherever their makers want. Some brands even reserve the right to use the data to track you down if you don't pay your bills...." On a recent drive, a 2017 Chevrolet collected my precise location. It stored my phone's ID and the people I called. It judged my acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection... Modern vehicles don't just have one computer. There are multiple, interconnected brains that can generate up to 25 gigabytes of data per hour from sensors all over the car... Most hide what they're collecting and sharing behind privacy policies written in the kind of language only a lawyer's mother could love...

The Tesla Model 3 can collect video snippets from the car's many cameras. Coming next: face data, used to personalize the vehicle and track driver attention... Coming 5G cellular networks promise to link cars to the Internet with ultra-fast, ultra-high-capacity connections. As wireless connections get cheaper and data becomes more valuable, anything the car knows about you is fair game. GM's view, echoed by many other automakers, is that we gave them permission for all of this...

Five years ago, 20 automakers signed on to volunteer privacy standards, pledging to "provide customers with clear, meaningful information about the types of information collected and how it is used," as well as "ways for customers to manage their data." But when I called eight of the largest automakers, not even one offered a dashboard for customers to look at, download and control their data.... GM's privacy policy, which the company says it will update before the end of 2019, says it may "use anonymized information or share it with third parties for any legitimate business purpose." Such as whom? "The details of those third-party relationships are confidential," said GM spokesman David Caldwell.

There are more questions. GM's privacy policy says it will comply with legal data demands. How often does it share our data with the government? GM doesn't offer a transparency report like tech companies do....
GM said "much" of their data can't be linked to a specific person, though the Post adds that "there were clues to what more GM knows on its website and app. It offers a Smart Driver score -- a measure of good driving -- based on how hard you brake and turn, and how often you drive late at night."

Meanwhile, the Post also reports that OnStar's privacy policy lets them keep the data they collect "pretty much forever... At least smartphone apps like Google Maps let you turn off and delete location history."

Car and Driver noted that the Post's reporter even found photos of his phone's contacts, concluding "Your car is collecting and transmitting a lot more data than you think." In 2017, the U.S. Government Accountability Office looked at automakers and their data privacy policies and found that the 13 car companies it looked at are not exactly using best practices. For example, while the automakers say they obtain "explicit consumer consent before collecting data," the GAO says they "offered few options besides opting out of all connected vehicle services to consumers who did not want to share their data."

"Facebook will now use information about your Oculus activity, like which apps you use, to help provide [...] more relevant content, including ads" -- assuming you've connected your Oculus ID to your Facebook account. UploadVR reports: The company is updating its privacy policy and rolling out new social VR features backed by your "Facebook identity" with the intention of "clarifying how Oculus data is shared with Facebook to inform ads when you log into Facebook on Oculus." "These changes won't affect third-party apps and games, and they won't affect your on-device data," according to the company. For years now, buyers of Facebook VR headsets needed an Oculus ID to operate the system that could be optionally connected to your "Facebook identity" -- in other words, you could connect the two accounts. More recently, to access certain features like concerts in Venues, Facebook started requiring the use of the Facebook account. According to the company's terms, this account "must ... use the same name that you use in everyday life."

With this most recent change "If you choose not to log into Facebook on Oculus, we won't share data with Facebook to allow third parties to target advertisements to you based on your use of the Oculus Platform," according to Facebook. But denying that connection may also make it difficult to connect with others using virtual reality on Oculus systems. [...] Facebook suggests that for those who log into the account it will target "relevant content" based around "Oculus activity" including "which apps you use" with examples given including "Oculus Events you might like to attend or ads for VR apps available on the Oculus Store." The company says this "won't affect your on-device data" which, based on our previous reporting, Facebook says is the location where "3D maps of your environment" are kept. "We don't collect and store images or 3D maps of your environment on our servers today -- images are not stored anywhere, and 3D maps are stored locally on the headset [for Quest] and on your local PC, where you have access to delete it [for Rift S]," a Facebook representative originally wrote in an email. Facebook also says the changes "won't affect third-party apps and games" and "if you choose not to log into Facebook on Oculus, we won't share data with Facebook to allow third parties to target advertisements to you based on your use of the Oculus Platform."