Russia’s full-scale invasion Ukraine has been going on for more than 150 days, with no end to the conflict in sight. While Ukrainian troops are having some success with counteroffensives in the south of the country, the war has long-term consequences for freedom of expression and online censorship.
This week, we documented how a flurry of more than half a dozen new Russian laws, all proposed or passed in recent months, will help separate Russia from the global Internet. The move, if successful, could damage the very idea of the free and open internet and have global consequences. But it’s not all bad news. Russia’s attempt to block and censor people’s online lives is hitting some roadblocks: Its long-held ambition to block the anonymity service Tor is faltering.
Last month, Joe Biden signed the Bipartisan Safer Communities Act, the first major federal gun law passed in years. However, senators lacked real government data on gun violence when they drafted the law, in part because, until 2019, the Centers for Disease Control and Prevention was prohibited from studying gun violence in America for decades. As a result, much of the data used to inform the law came from elsewhere. We also looked at whether states could legally block people seeking abortions from crossing state lines to do so after the fall Roe v. Wade.
Elsewhere, we’ve also put together a guide on how to safely lend your phone to someone else, whether it’s a friend who wants to see your holiday photos or a stranger who needs to make an emergency call. A few simple tweaks to your iPhone or Android settings can quickly help secure your data.
And there is more. Each week we pick up the news that we didn’t break or cover in depth. Click on the headlines to read the full stories. And be safe out there!
Every year, the list of companies that get hacked or suffer data breaches continues to grow. These incidents are often the result of companies’ technical misconfigurations or poor security practices. While each incident is different, it’s undeniable that data breaches can have huge consequences for those affected: individuals who have their data leaked, for example, and companies who have to deal with reputational and financial damage. This week, a IBM report revealed that the cost of a data breach in 2022 has reached an “all-time high”, averaging $4.35 million. This is an increase of 2.6 percent from last year.
Perhaps more striking, according to IBM’s data, is that businesses are hit their customers with the costs of data breaches. The company surveyed 550 organizations that had suffered a data breach between March 2021 and March 2022, and 60 percent of them said they had raised their prices as a result of the breach. No specific examples are given in the report. And it’s unclear whether companies that pass on the costs of cybersecurity incidents invest the extra revenue in better protecting their customers’ data in the future. According to IBM, only 17 percent of the 550 companies surveyed said it was the first data breach they had suffered.
Another week, another set of spyware bombs. This week This was revealed by Reuters that the EU found evidence that phones belonging to its staff were targeted with Pegasus, the Israeli company NSO Group’s powerful hacking tool. EU Justice Commissioner Didier Reynders was apparently told by Apple that his iPhone may have been hacked in 2021. An ongoing EU investigation found indicators of compromise on some devices, according to Reuters. It follows officials announcing that 14 EU member states have previously bought Pegasus.
That wasn’t the only spyware disclosure this week. Leader of Greece’s opposition party has filed a complaint alleging that his phone had been targeted with Israeli-made Predator spyware, developed by Cytrox. Microsoft also linked the spyware, called Subzero, to the European firm DSIRF. That detailspublished to coincide with a spyware hearing by the House Intelligence Committee, claimed that Subzero had been used to target banks and consulting firms in Austria, Britain and Panama.
If tech companies want to operate in China and sell their products to a market of more than a billion people, they will have to bend to the rules. Companies are required to store data locally and, as Apple learned, may have to compromise the security protections they have put in place around people’s data. Like a video game Roblox prepared to launch in China in 2017 and 2018, its developer was well aware of the potential implications.
According to Roblox documents obtained by VICE, the company believed that it could be hacked if it entered China and that rivals would create their own version of their game. “Expect that hacking has already begun,” said an internal presentation in 2017. The documents also show how Roblox applied Chinese censorship laws – “illegal content” included tampering with historical facts and misrepresenting Chinese territories on maps – and other local laws, such as collecting players’ real names. Roblox eventually launched its Chinese app LuoBuLesi in July 2021, but shut it down at the start of this year.
For years, Apple’s Safari and Mozilla’s Firefox browsers have limited how third-party cookies can track you across the web. These small pieces of code, which are stored on your device when you visit websites, are able to track your browsing history and show you ads based on what you’ve seen. They are widely considered a privacy nightmare. So when Google announced in January 2020 that Chrome would finally drop creepy third-party cookies by 2022, the move was a big deal. In practice, however, Google has struggled to make the change. This week, Google announced its plan has been delayed for the second time. Third-party cookies have been granted a postponement of execution until at least the end of 2024, when they will begin to be phased out. So far, Google’s efforts to replace third-party cookies have been turbulent, with privacy advocates arguing that the replacements are worse than cookies, and the advertising industry says they will reduce competition.