A New Tool to Detect Cellular Spying | EFFector 37.3

EFF update
1 day 7 hours ago

Take some time during your Spring Break to catch up on the latest digital rights news by subscribing to EFF's EFFector newsletter!

This edition of the newsletter covers our new open source tool to detect cellular spying, Rayhunter; The Foilies 2025, our tongue-in-cheek awards to the worst responses to public records requests; and our recommendations to the NSF for the new AI Action Plan to put people first.

You can read the full newsletter here, and even get future editions directly to your inbox when you subscribe! Additionally, we've got an audio edition of EFFector on the Internet Archive, or you can view it by clicking the button below:

LISTEN ON YouTube

EFFECTOR 37.3 - A NEW TOOL TO DETECT CELLULAR SPYING

Since 1990 EFF has published EFFector to help keep readers on the bleeding edge of their digital rights. We know that the intersection of technology, civil liberties, human rights, and the law can be complicated, so EFFector is a great way to stay on top of things. The newsletter is chock full of links to updates, announcements, blog posts, and other stories to help keep readers—and listeners—up to date on the movement to protect online privacy and free expression. 

Thank you to the supporters around the world who make our work possible! If you're not a member yet, join EFF today to help us fight for a brighter digital future.

Christian Romero

How to Delete Your 23andMe Data

EFF update
1 day 8 hours ago

This week, the genetic testing company 23andMe filed for bankruptcy, which means the genetic data the company collected on millions of users is now up for sale. If you do not want your data included in any potential sale, it’s a good time to ask the company to delete it.

When the company first announced it was considering a sale, we highlighted many of the potential issues, including selling that data to companies with poor security practices or direct links to law enforcement. With this bankruptcy, the concerns we expressed last year remain the same. It is unclear what will happen with your genetic data if 23andMe finds a buyer, and that uncertainty is a clear indication that you should consider deleting your data. California attorney general Rob Bonta agrees.

First: Download Your Data

Before you delete your account, you may want to download the data for your own uses. If you do so, be sure to store it securely. To download you data:

  1. Log into your 23andMe account and click your username, then click "Settings." 
  2. Scroll down to the bottom where it says "23andMe Data" and click "View."
  3. Here, you'll find the option to download various parts of your 23andMe data. The most important ones to consider are:
    1. The "Reports Summary" includes details like the "Wellness Reports," "Ancestry Reports," and "Traits Reports."
    2. The "Ancestry Composition Raw Data" the company's interpretation of your raw genetic data.
    3. If you were using the DNA Relatives feature, the "Family Tree Data" includes all the information about your relatives. Based on the descriptions of the data we've seen, this sounds like the data the bad actors collected.
    4. You can also download the "Raw data," which is the uninterpreted version of your DNA. 

There are other types of data you can download on this page, though much of it will not be of use to you without special software. But there's no harm in downloading it all. 

How to Delete Your Data

Finally, you can delete your data and revoke consent for research. While it doesn’t make this clear on the deletion page, this also authorizes the company to destroy your DNA sample, if you hadn't already asked them to do so. You can also make this request more explicit if you want in the Account preferences section page.

If you're still on the page to download your data from the steps above, you can skip to step three. Otherwise:

  1. Click your username, then click "Settings." 
  2. Scroll down to the bottom where it says "23andMe Data" and click "View."
  3. Scroll down to the bottom of this page, and click "Permanently Delete Data."
  4. You should get a message stating that 23andMe received the request but you need to confirm by clicking a link sent to your email. 
  5. Head to your email account associated with your 23andMe account to find the email titled "23andMe Delete Account Request." Click the "Permanently Delete All Records" button at the bottom of the email, and you will be taken to a page that will say "Your data is being deleted" (You may need to log in again, if you logged out).

23andMe should give every user a real choice to say “no” to a data transfer in this bankruptcy and ensure that any buyer makes real privacy commitments. Other consumer genetic genealogy companies should proactively take these steps as well. Our DNA contains our entire genetic makeup. It can reveal where our ancestors came from, who we are related to, our physical characteristics, and whether we are likely to get genetically determined diseases. Even if you don’t add your own DNA to a private database, a relative could make that choice for you by adding their own.

This incident is an example of why this matters, and how certain features that may seem useful in the moment can be weaponized in novel ways. A bankruptcy should not result in our data getting shuffled off to the highest bidder without our input or a guarantee of  real protections.

Thorin Klosowski

【トランプ政策】米大統領就任以来、2月下旬まで打ち出した主な大統領令、覚書、布告=丸山 重威

日本ジャーナリストクラブ(JCJ)
1 day 10 hours ago
【関税・通商】・不公正貿易を調査 他国の不公正な貿易慣行、為替操作など貿易赤字の原因を調査する・メキシコ・カナダ・中国に関税発動 メキシコとカナダからの輸入品に25%、中国には10%の追加関税(3月4日まで猶予、中国は一部当面停止)・アルミニウム輸入に25%の関税・鉄鋼輸入に25%の関税・全ての鉄鋼に25%の関税・「相互関税」検討 米国製品に高い関税をかける国には米国も同水準まで引き上げを検討【国際関係】・WHO(世界保健機関)から脱退・「パリ協定」(気候変動対策)から離脱・..
JCJ

Weekly Report: 特定非営利活動法人デジタル・フォレンジック研究会が「証拠保全ガイドライン 第10版」を公開

JPCERT
2 days 3 hours ago
特定非営利活動法人デジタル・フォレンジック研究会の証拠保全ガイドライン改訂ワーキンググループは「証拠保全ガイドライン 第10版」を公開しました。本文書では我が国における電磁的証拠の保全手続きの参考として、さまざまな事案の特性を踏まえた知見やノウハウがまとめられています。今回の改訂ではクラウドサービスに関する項目が新設され、クラウド特有の証拠保全手順・留意事項が整理されています。