A big privacy problem has come to light at Zuckerberg SF General Hospital, as a patient logbook containing personal and medical information has disappeared and cannot be accounted for, and the hospital is conducting security reviews.

If you visited Zuckerberg SF General Hospital (ZSFG) between January 11, 2022 and December 12, 2023, you may have a serious privacy concern suddenly on your hands. KPIX reports that the hospital admitted on Friday that a patient logbook has disappeared, and yes that physical, paper logbook does contain protected patient information. The official announcement from SF General Hospital does not disclose how many patients’ data has been affected.

“On or about December 12, 2023, ZSFG staff became aware that the logbook was missing,” the hospital says in their announcement. “The logbook contained various types of protected health information obtained during an encounter at a ZSFG clinic between January 11, 2022 and December 12, 2023, including some or all of the following information: patient name, date of birth, gender, medical record number, date(s) seen at the clinic, date(s) of collection of specimens, reason(s) for specimen, results of specimen(s) and/or whether a result was received and additional patient health information.”

ZSFG does stress that only the paper logbook disappeared, there were no computerized or digital records compromised. But if you know anything about how identity theft works, name and date of birth are things one may not want in the wrong hands. Plus, of course, there is whatever medical information was contained in this logbook.

They also maintain that there’s “no evidence of misuse or unauthorized access to the logbook.” But folks, the fact is they cannot find it.

The hospital claims that any patients that were affected have been notified. As per law, the hospital has also notified the US Department of Health and Human Services, the US Office for Civil Rights, and the California Department of Public Health.

They also say they’re performing policy reviews and doing additional security training to ensure they don’t have another similar incident.

Do you feel you have reason to be worried? If so, Zuckerberg SF General Hospital says that “patients with questions about this matter can contact the Privacy Office toll-free number (855) 729-6040 and reference Case #406 in the message.”

Related: Woman's Body Found Outside S.F. General Hospital, Believed To Be Missing Patient [SFist]

Image: Zuckerberg San Francisco General Hospital and Trauma Center via Yelp

After Vice managed to buy the location data of people who visited 600 Planned Parenthood clinics (for a mere $160!), California AG Rob Bonta is urging Apple to better protect users’ private information in App Store third-party apps.  

Once word leaked in May that the U.S. Supreme Court was going to overturn Roe v. Wade, several states were instituting cash bounty laws which offered money for turning someone in if they received or in any way abetted an abortion. So Vice did a little journalistic experiment on how easy it was to acquire this data via third-party apps. And it was very easy; Vice acquired the location data for people who visited 600 Planned Parenthood clinics over a week, and got all this data for a mere $160.  

California Attorney General Rob Bonta is one of 11 state AGs who are now urging Apple to clamp down and better protect this data. NBC Bay Area reports that those attorneys general have sent Apple a letter asking them to protect users’ reproductive health data, including “search histories, location, and sensitive health data.”

“California leads the nation when it comes to digital privacy and reproductive freedom. We’re calling on tech companies like Apple, who call our state home, to lead by example as well,” Bonta said in a press release. “With reproductive rights under attack across the nation, our fight to protect reproductive freedom has never been more crucial. We urge Apple to heed our call and protect their users from attempts to regulate their bodies and curtail their freedom by improving consumer protections for third-party apps in the App Store.”

The letter that the AGs sent to Apple CEO Tim Cook is also online. “When it comes to app data related to reproductive health, however, Apple has not done enough,” the letter says. “Location history, search history, and adjacent health data (specifically, all information relating to the past, present, or future reproductive or sexual health of an individual) pose a significant risk to individuals seeking or providing abortions, birth control, or other reproductive health care.”

The letter asks Apple to make three corrective changes: A) deleting search, location, and all “data not essential for the use of the application,” B) give users notice when an app might collect data “related to reproductive health care,” and C) force third parties to encrypt health data via the same standards Apple does.

Yes, 11 state AGs signed the letter, but the letter merely says “We urge Apple to honor its commitment to protecting consumer privacy.”  People, “urge” is one of the most useless words in politics. There are no penalties proposed here, nor is there any enforcement mechanism. Apple is completely free to blow this off. But Apple does like having a reputation for user privacy, regardless of whether it’s accurate, so there may be some symbolic or even meaningful gestures as a result of these attorneys general speaking up.

Related: Facebook and Instagram are Deleting Posts About Abortion Pills, Sometimes ‘Within Seconds’

Image: jamesyarema via Unsplash

Google was tracking people even who turned off location tracking, which is kind of a problem in the era of abortion bounty hunter laws, so they’ve agreed to pay a $392 million settlement and they pinky-finger swear they’ll let you turn it off (eventually).

Tech industry observers have seen this movie before, and SFist has written this article before. The formula is basically “Google agrees to pay [x] millions of dollars for [y] egregious privacy violation,” and “[x] millions of dollars” sure sounds like a lot of money to you and me, but to Google/Alphabet “[x] millions of dollars” is the equivalent of the price of a loaf of bread. Google’s parent company Alphabet will gladly accept these slaps on the wrist, because the revenue gained from flouting regulations is lucrative, probably far more so than the fine.

But this one may be different — not because of the fine, but because it comes at a time when data brokers are selling location data that can show who’s getting abortions in states where abortion is being made illegal. KPIX and the Associated Press report that Google/Alphabet has agreed to pay a $391.5 million settlement for tracking users’ location data, even when those users had turned off their location data tracking. This thing never got to the lawsuit phase, but it was an investigation by 40 states’ attorneys general, one of whom can be seen spiking the football below.

The Verge explains it plainly. “A coalition of attorneys general from Oregon, New York, Florida, Nebraska, and other states opened the investigation in response to a 2018 report from the Associated Press that reveals how Google silently tracked users’ locations across its various services on iPhone and Android. It alleges that from 2014 to 2019, Google misled users into thinking their location had been switched off and would then use that information to sell personalized ads.”

"This $391.5 million settlement is a historic win for consumers in an era of increasing reliance on technology," says Connecticut Attorney General William Tong, who joined in the suit, in a statement. "People deserve to have greater control over — and understanding of — how their data is being used."

In a company blog post acknowledging the settlement Google and Alphabet (of course not mentioning the dollar amount) basically admit, “Yeah, you got us.” Though in typical tech company language, the blog post  A) blames the regulators for nailing them on “outdated product policies that we changed years ago,” B) promises “we will be making updates in the coming months” that will supposedly allow users to wriggle out of this C) starts with five paragraphs of self-fellatio about how their fabulous location-tracking “lets us offer you a more helpful experience,” as if one goddamned person on earth actually likes and appreciates having their location tracked in order to serve them advertisements.

Google/Alphabet does promise upcoming “Revamping user information hubs” and “Simplified deletion of location data” features to manage their sale of your whereabouts, and frankly, we in the press need to hold their feet to the fire on this one. You’ve no doubt heard about abortion bounty laws in Texas and Oklahoma on a post-Roe world, where any old incel in his mom’s basement can sue for damages if he proves that anyone in that state got, aided with, or performed an abortion.

It is well-established that the third parties to whom Google sells your location data will then resell that data to pretty much anyone; a bombshell Vice report in May found that “It costs just over $160 to get a week's worth of data on where people who visited Planned Parenthood came from, and where they went afterwards.”  

So the $391.5 million settlement is what’s grabbing the headlines here. But what needs to be in the headlines is how to opt out of this location tracking, once Google even launches these fixes. And given their past track record, it’s going to be crucial to keep tracking of whether the opting out actually even works.

Related: Gavin Newsom, Alice Waters, Others Are Inadvertently Leaking Their Exact Locations on Instagram [SFist]

Image: Maxim Hopman via Unsplash

A bizarre biometric form of payment is coming to several SF Whole Foods locations, allowing you to pay just by waving your palm. But is it worth handing your biological data to Amazon just to avoid the extremely menial task of pulling out a credit card?

Retail behemoth Amazon has already crossed so many privacy rubicons that it’s not even a surprise anymore when they introduce new nightmarish technologies. Those Ring video doorbells are already fodder for real-time police surveillance. Their Alexa voice assistants are dutifully recording every conversation in people’s homes. And it is well-known that Amazon will hand this personal data over to law enforcement, or whomever the highest bidder may be (or in the case of hackers, people who don’t even have to bid on your data to get it).  

Amazon’s next frontier is your intimate health data. In what is being sold as some sort of win for convenience, though it’s hard to see how this is so much more convenient, TechCrunch reports that Amazon-owned Whole Foods is bringing palm scanning technology to Bay Area Whole Foods stores, connecting your bank account to your biometrics, and allowing you to pay with just the wave of a hand.

“Amazon’s ‘One’ palm scanner payment technology will be launching at over 65 Whole Foods stores in California, “ according to TechCrunch. “This is the biggest rollout to date, with stores in Malibu, Montana Avenue, Santa Monica, Los Angeles, Orange County, Sacramento, the San Francisco Bay Area, and Santa Cruz receiving the tech that aims to modernize retail shopping.”

I’m not sure that “retail shopping” is what they’re really trying to modernize here, but we’ll go on.

Per Amazon's own description, “Amazon One is a fast, convenient, contactless way for people to use their palm to make everyday activities like paying at a store, presenting a loyalty card, entering a location like a stadium, or badging into work more effortless. The service is designed to be highly secure and uses custom-built algorithms and hardware to create a person’s unique palm signature.”

SFGate looked into exactly which Bay Area Whole Foods stores were doing this. “After calling around, SFGATE confirmed that at least seven Whole Foods locations among the 13 in San Francisco, Oakland and Berkeley are close to rolling out Amazon One, likely around the end of August,” that site reports. “Four Whole Foods respondents said they either haven't heard anything about Amazon One or were told they won't be part of the expansion program for now. Two locations declined comment.”  

SFGate also cleverly describes this contactless payment system as a “decidedly minuscule customer service improvement.” I think they’re right about that. But Amazon's plans for your biometric data might be much more than minuscule.

Sure, if you’re not okay with this shit, you have the option of just not shopping at Whole Foods. But the normalization of this is a concern. And are we sure we have the option of not opting in to Amazon’s biometric profile program? If Amazon wants that biometric data, are there safeguards for those of us who’d rather not give it to Amazon? It would not shock me to learn that I already have this alrorithmic "unique palm signature" on file with Amazon, even though I never signed up for it.

There’s an old joke where people refer to Whole Foods as “Whole Paycheck.” But with Amazon’s push into biometrics, it may be much more than your paycheck that they’re after.

Related: Amazon Buying Up SF-Based One Medical for a Reported $3.9 Billion [SFist]

Image: 20th Century Fox

The new post-Jack Dorsey Twitter immediately freaked people out with a “more robust” privacy policy update, and they’re still posting threads to unspool exactly what this all means.

Twitter wasted no time in forging new policy ground after the sudden departure of founder Jack Dorsey on Monday. First thing in the morning Tuesday, the company announced a new set of private information policies that it says will make privacy controls “more robust” on the platform. Among the changes is a new ban on the posting of images or video of private citizens without consent.

They make it sounds as if they’re cracking down on doxxing and harassment, which still totally happens on that platform, so any changes would surely be welcome. But there’s one particular line of the new policy that gave people chills. In particular, it is now a violation of Twitter terms to post “media of private individuals without the permission of the person(s) depicted.”

Wait a minute, don’t we all have crowd pictures of people we posted to Twitter without each individuals’ express consent? And how would we have known about Ted Cruz’s trip to the Ritz-Carlton Cancun without people posting pictures of him without his consent?

Twitter promptly spent the morning “clarifying” what this new new policy means. In updates posted several hours after the original announcement, Twitter added that “Images/videos that show people participating in public events (like large scale protests, sporting events, etc.) would generally not violate this policy.”

They also added that there are exceptions to “enable robust reporting on newsworthy events and conversations that are in the public interest.” I’m guessing that this would mean things like Ted Cruz high-tailing it to Cancun while 700 Texans were dying without water or electricity. But does this cover complaining Kevins and Karens making a stink at airports over masks?

It sounds like Twitter will only enact the policy if someone complains. The details of the new policy say that “When we are notified by individuals depicted, or by an authorized representative, that they did not consent to having their private image or video shared, we will remove it.” So it remains to be seen if regular folks being harassed on Twitter will be afforded the same privileges as Ted Cruz with an army of well-paid attorneys. But the new guy in charge is at least making efforts to limit harassment, and we’ll hope his commitment is not fleeting.

Related: Jack Dorsey Steps Down as Twitter CEO, Gives Little Reason [SFist]

Image: Andrea Piacquadio via Pexels

A class action lawsuit gets Zoom to admit they give your data to Facebook, as the FBI warns that hackers are having a field day on the video conferencing platform.

The sudden boom of Zoom video conferencing during our drunken, pajama-clad, shelter-in-place era has quickly evolved from “Everyone is on this wonderful flawless platform!” to the inevitable “Jesus Christ, what were we thinking?” The first of surely many dominos to fall was Thursday’s Vice report that Zoom was sending your to data Facebook, for a price, even if you do not have a Facebook account, and with no acknowledgement of this in their privacy policy. (That report singles out only the iOS version of the Zoom app, so if you’re an iOS user it certainly deserves a full read.) CBS News reports that the story inspired a class action lawsuit against Zoom from angry California users, which you can read online here, and the New York Times notes that the New York attorney general is also piling on demanding a full review of Zoom’s privacy and security practices.

Zoom quickly backtracked as detailed in a CYA blog post the next day, and Vice confirmed that the non-consensual sharing of data like location and device details were no longer being made available for Facebook to purchase.

“Zoom does not sell our users’ data,” the company’s chief legal officer Aparna Bawa said in a very normal Sunday blog post. “Zoom has never sold user data in the past and has no intention of selling users’ data going forward.” But as anyone who remembers the Facebook-Cambridge Analytica affair and related scandals knows, when they say they do “not sell our users’ data” what they likely mean is that they rent it out in easily downloadable fashion that can be kept permanently. This perhaps meets the legal threshold of “not selling,” but it’s an argument that’s only credible to someone with vested shares in tech companies who perform such transactions.

Now, onto the more dominos falling in the Zoom privacy-verse. We’ll start with the more innocuous pranks, and move our way up to the genuinely terrifying security issues. As we see above, hackers have figured out a trick so simple that it can’t really even be called hacking. Zoom conference links tend to be public, so any asshole can just log on and, say draw erect penis pictures to lighten the mood. But the FBI put out a statement that some scoundrels were also broadcasting “pornographic and/or hate images and threatening language” into the webcasts, and that “a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual dialed into the classroom. This individual yelled profanity and then shouted the teacher’s home address in the middle of instruction.”

It gets worse. TechCrunch brings us the news of two new security vulnerabilities found on the platform, one of which is a flaw where a clever hacker could steal passwords on the Windows platform using “UNC path injection to expose credentials for use in SMBRelay attacks.” I’m not even going to Google those terms, but it sounds bad.  

TechCrunch also directs us to the finding of the nightmare scenario flaw — the ability to hijack your camera and microphone. It’s all detailed on the tech blog Objective-See, where obviously-smarter-than-me security researcher Patrick Wardle writes that “Zoom has (for reasons unbeknown to me), a specific 'exclusion' that allows malicious code to be injected into its process space, where said code can piggy-back off Zoom’s (mic and camera) access! This give malicious code a way to either record Zoom meetings, or worse, access the mic and camera at arbitrary times (without the user access prompt)!”

Additional privacy flaws are being alleged as I type this. The Intercept claims that Zoom does not offer end-to end encryption, despite marketing claims that they do. Yet another Vice report says that Zoom is “Leaking Peoples' Email Addresses and Photos to Strangers.”

This all sheds a very different light on last week’s I Went to a Sex Party on Zoom essay on Slate, which leads with the memorable line “About 15 minutes into my first sex party on Zoom, the dicks came out of the pants. There were more than a dozen of them.” Sure, fun, but do we remember an August 2014 incident called the Fappening? (Don’t look at me, I was at Burning Man the whole time.) Certainly anyone who consciously engages in erotic activities over an online video or photo platform is at risk of having their private bits or jerkoff party footage exposed on the internet, but here we have possibility of personally compromising pics and photos from people who would never engage in such naughtiness, even with a trusted recipient.

Let’s say you popped a bottle of wine for an informal work conference, or a gang of 8chan trolls has accessed your camera and figured out your showering, underwear-changing, or masturbating schedule. The possibility of perfectly normal human behavior being exploited into fodder for fappers, scammers, or private investigators is now a real possibility. This may all be coming to terms with a new tech reality, and perhaps even the most vigilant companies will struggle with such things. But personally, I’m going to keep my Zooming in the web browser and not downloading the app  — because I don’t want anyone downloading my fap.

Related: Haunting Drone Footage Shows the Ghost Town Of San Francisco on Sunday [SFist]

Image: Zoom

Google's looking for a hand in keeping Street View updated by putting some high-powered tech into your hands.

In order to do that, Google's turned to third-party manufacturers to develop what they call "Street View Ready" high-powered cameras that take photos at the resolution they require for Street View. TechCrunch said that the first of these entrants is Insta360's Pro camera, which shoots five frames per second in 360-degree 8K, complete with real-time image stabilization. It's made to sit on top of your car, just like the cameras that sit on top of Google's dedicated Street View camera vans. They're also making it seamless to upload the photos you take, allowing you to control everything through the Street View app. This particular camera will run you $3,499 — a hefty price tag, but again, it comes with some pretty neat bells and whistles. Google is also looking to loan out 50 of these cameras to people or organizations, says Engadget.

According to The Verge, this offering is only the first of four to be offered under Google's "Street View Ready" certification program.

This is one way Google Maps is planning to get end users to cover the gaps that Google can't fill themselves. Obviously they can't take their Street View vans or monopods all over the place, and they can't pay nearly enough people to photograph every inch of the planet. But if they can get people excited about this high-definition camera, then that problem more or less solves itself. As well, contributors whose images make the cut onto Street View will get full attribution and credit for their work.

It'll be interesting to see what these cameras turn up. For example, in researching for today's article regarding the city's attempt to shut down a suspected Richmond District brothel, Google Street View turned up photos of various people entering the business to which the alleged brothel was attached. Privacy concerns abound, and it remains yet to be seen how Google will vet the images that make it onto Street View. Google will of course have to blur faces and license plates in third-party-produced Street View photos, as per their current policy. But now it could be just any car photographing you on the street, and not a very obviously branded Google van.

Related: New Downtown Surveillance Cameras Raise Privacy Concerns

The Department of Justice is digging deep into the private accounts of a few Facebook users, as it was revealed today that they're currently probing for information on several "anti-administration activists who have spoken out at organized events, and who are generally very critical of this administration's policies."

That quote comes by way of CNN, who reports that the Trump administration's lawyers are currently looking into three specific Facebook users. One of them, Emmelia Talarico, organized the "disruptj20" Inauguration Day protests on Facebook. If the DOJ were to get their way, they would have access to Talarico's entire Facebook presence, including passwords, private information, security questions, credit cards, and more. More worryingly, since Talarico was the one who organized the protest, the DOJ would also then have access to information about the 6,000 or so who participated in the planning of and discussion around the protests.

It's troubling to see that the government is so interested in digging into the private life of one citizen, and calls to mind the actions of the House Un-American Activities Committee that sought to "investigate alleged disloyalty and subversive activities on the part of private citizens, public employees, and those organizations suspected of having communist ties," as Wikipedia describes it.

The ACLU is, quite understandably, unhappy with such an alarming request, and have filed a motion to have their search warrants quashed in court. In their motion, they argue that "[permitting] government officials to comb through 90 days’ worth of personal messages concerning political activity and associations — some of which are aimed at protesting the policies of the very administration on whose behalf the government officials would be acting in searching Intervenors’ records — is an unjustified invasion of privacy."

Thus far, the DOJ has remained mum on exactly why they're pumping Facebook for information. That being said, they're also digging into two more accounts: Lacy MacAuley and Legba Carrefour. CNN says that Carrefour has already pushed back against the warrants, and though he does describe himself as a political activist, he denies having participated in any Inauguration Day riots or protests. That said, he also did acknowledge that he "participated in or helped to organize dozens of demonstrations and events of various types in service of political causes."

MacAuley spoke with BuzzFeed, describing how shocking it was to get an e-mail from Facebook about the probe. She called it an "absolutely ridiculous invasion of privacy” and a “really dangerous move towards fascism." She went on to say, "Jeff Sessions doesn’t need to see my family photos. Jeff Sessions doesn’t need to see my conversations with a romantic partner. Jeff Sessions does not need to see people sending me their private information."

Additionally, it's worth pointing out that these search warrants were issued all the way back in February of this year. News18, CNN's Indian affiliate, says that the only reason we're hearing about it now is because the DOJ handed Facebook a gag order at the same time, blocking them from notifying the involved parties about the probe into their private information. We now await a proper response from Facebook about whether they're going to comply with the search warrants or not.

Related: Mueller Forces Facebook To Cough Up More Details On Russian Meddling

"It was always unclear to me whether we were helping or perpetuating violence in a particular part of the country." https://t.co/9zcmP7YLlH

— Ars Technica (@arstechnica) September 13, 2017

Just as we hear Edward Snowden chiming in on the possible privacy-encroachment issues with Apple's new Face ID technology, fellow data leaker turned privacy pundit Chelsea Manning is emerging from her recent imprisonment to give her thoughts on the "eerily banal dystopian novel" that our world has become. That's the phrase she uses in an op-ed in the New York Times today, which comes on the heels of a Tuesday night appearance at the Noisebridge hackerspace in San Francisco.

As Ars Technica reports, Manning appeared "Dressed in all black and a metallic necklace with a # sign," and talked about "eating a lot of pizza and Tex-Mex as comfort foods" since her release from the federal clink. She also mentioned having just bought a coffee table as part of rebuilding her life, but it's unclear where she's currently living.

In this, one of her first public appearances since her release, she also spoke on the topic of the "huge datasets with all kinds of personal data" on us that are now out there, and how this ought to be more cause for concern than it currently is.

Speaking in conversation with Noisebridge cofounder Mitch Altman, Manning said, "As a coder, I know that you can build a system and it works, but you’re thinking about the immediate result, you’re not thinking about that this particular code could be misused, or it could be used in a different manner."

She was also asked the question many people would probably want to ask her, which is "Would you do it again if you could go back?"

"I don't know," she said, per Ars Technica. "I don't like to go back in time and second guess myself. You make the decision that you make and you live with that."

In the Times, Manning elaborated on her concerns about Big Data, noting that with the ubiquity of smartphones in 2017, "virtually everything we do causes us to bleed digital information, putting us at the mercy of invisible algorithms that threaten to consume our freedom." She notes how we are now being relentlessly tracked, knowingly or not, and "We agree to cryptic terms-of-service agreements that obscure the true nature and scope of these transactions."

And she points to her personal experience as a recently incarcerated transwoman who has had trouble getting banking and governmental systems to recognize her very existence. "These systems leave no room for humanity, yet they define our daily lives," she writes. "When I began rebuilding my life this summer, I painfully discovered that they have no time for people who have fallen off the grid — such nuance eludes them."

Her larger point, she's saying, is that we have very quickly been giving over our humanity, information, and privacy to an enormous machine that most of us can't fathom, the myriad consequences of which are yet to be seen.

This may end up being a focus of her work as she embarks as a Visiting Fellow at Harvard this fall. As The Hill reports, Manning was just named among a group of fellows at Harvard which also includes former White House press secretary Sean Spicer and Hillary Clinton campaign manager Robby Mook. The fellows, according to Harvard, are supposed to bring "thought-provoking viewpoints" to the school.

Previously: Video: Chelsea Manning Gives First Post-Prison Interview

Your daily dose of gross comes from Fremont today, where the Chronicle reports on a 33-year-old man who's accused of secretly videotaping his roommates having sex and then attempting to extort them for thousands of dollars and more sex, except this time with him. The suspect is Maninder Adama (pictured below) who allegedly made the secret recordings in March and April of this year when the unnamed victims shared an apartment on the 3500 block of Pennsylvania Avenue in Fremont with Adama and his wife. He then tried to blackmail the couple with the footage, despite the fact that they were a romantically involved couple who lived together.

NBC Bay Area has the real money shot here — they confronted Adama as he walked out of Fremont Superior Court and asked him if he really did take secret video of his roommates having sex. “No I didn't," Adama said, and then immediately backtracked. "Actually, there's a reason for the camera there," he said, before hightailing it off without further comment.

The Fremont Police Department has a lengthy Facebook post describing the case (and oh, the comments are delicious). The victims, both in their 20s, apparently lived in the Pennsylvania Avenue apartment in Fremont from mid-March to late April of this year. “The living arrangement was one that was shared and several other people also lived in the [two-bedroom] apartment,” the Fremont PD says in the post. “In mid-June the victim couple began receiving messages from an unknown email address. The sender claimed to be in possession of a video which depicted the victim couple engaging in sexual acts together. The suspect emailed the victims multiple times and included screen shots of video as proof. Based upon the positioning of the video and the setup of the room, the victims believed they must have been recorded while living in the shared apartment on Pennsylvania Ave.”

The anonymous emails first demanded $2,000 in exchange for the video, then upped the demand to $5,000, then changed tack and went the indecent proposal route. “They had a video of the couple engaged in sex acts and if they didn't pay $5,000 they were going to release it to Facebook and tag them and send it to family members,” Fremont police detective Michael Gebhardt told ABC 7. “And then it turned to the suspect was saying, ‘well, I won’t release the video if you have sex with me for one night.’”

Smooth operator!

This smoothness of the suspect’s operating was hampered by his lack of knowledge of the digital footprints left by his use of photos with the metadata still intact, plus location information embedded in his emails.

According to CBS 5, police served a warrant last Thursday on Adama’s apartment and recovered the video, seizing several laptops and a smartphone. He was arrested on multiple counts of felony extortion and several invasion of privacy misdemeanor counts.

Adama has no criminal history, though investigators are presumably going through his laptops and cellphone for evidence of other extortions. He was supposed to be arraigned yesterday at Fremont Superior Court, though his arraignment was postponed. Anyone with information or experience with Maninder Adama is encouraged to contact the Fremont PD’s Crimes Against Persons Unit at 510-790-6954.

Related: Pippi Longstocking Sex Tape Being Shopped Around Because Your Childhood Was A Lie And People Are Gross

In these ever tense times for civil liberties, we have a new case out of the Bay Area that is likely to ruffle some privacy-protection feathers. ABC 7 brings news of a Bay Area art professor who had his phone confiscated at SFO when returning from an international trip, and that Customs and Border Protection agents searched his smartphone without a warrant and with no probable cause.

"It was an unreasonable search, there was no probable cause, there was no warrant," said the California College of the Arts professor in question, Aaron Gach, of the February 23, 2017 incident.

Customs and Border Protection declined to comment on the matter, because they call it “pending litigation”. It is pending litigation because the ACLU has filed an administrative complaint against the CBP and the Department of Homeland Security relating to the search and seizure of Gach’s phone.

“Officers told Mr. Gach his phone would be detained for an 'indeterminate' amount of time if he chose not to enter the passcode and submit to a search," the ACLU says in their complaint. "The officers also told Mr. Gach that CBP had downloaded information from the phones of other travelers who had refused to unlock their devices. When CBP officers asked Mr. Gach why he did not want to submit his phone for a search, Mr. Gach replied that he believes strongly in the U.S. Constitution and in his right to privacy."

“The Supreme Court has held that there is an extraordinarily high privacy interest in the contents of an electronic device,” the ACLU continues. “On the other side of the scale, CBP’s interest in searching electronic device is lower than its interest in searching luggage for contraband or dangerous items. No customs-based rationale justifies the search of sensitive private correspondence wholly unrelated to concerns about contraband.”

This seems like a Fourth Amendment issue of unreasonable search and seizure. But the rub is that the confiscation of this smartphone and the demand for a passcode occurred at an international terminal at SFO — which is legally considered a U.S. border, not the United States proper.

“Fourth Amendment protection is not as strong at the border as it is in your home or office,” the Electronic Freedom Foundation explains. “This means that law enforcement can inspect your computer or electronic equipment, even if they have no reason to suspect there is anything illegal on it. An international airport, even if many miles from the actual border, is considered the functional equivalent of a border.”

But California is among those states whose laws expressly say that customs agents “can only confiscate an electronic device and conduct a more thorough ‘forensic’ examination of it if they have reasonable suspicion you’ve engaged in criminal behavior,” according to the EFF.

Troublingly, these cell phone seizures at the border are on a sharp increase for both U.S. citizens and for immigrants. An NBC News analysis found that 2,756 cell phones were seized and examined at U.S. borders in January 2017, and 2,299 were in February 2017 — compared to an average of 1,586 in each month of 2016.

Related: Feds Tell Local Police They're Happy To Help Unlock iPhones

The rush to start flying drones through the skies of San Francisco has thus far consumed for-profit companies like Amazon, Google and Chipotle, all of which seek to to eventually test-fly various drone delivery models. But the city of San Francisco appears to be on the verge of allowing various city departments to start flying drones for their own non-commercial purposes.

The Chronicle reports that the San Francisco Committee on Information Technology is poised to approve a plan to give permission to five city agencies to begin flying their own drones, though each agency would then have to develop its own specific drone request-and-approval process.

The proposal has been two years in the making, and was spurred by the 2015 discovery that SF Rec and Parks had been using drones for monitoring purposes. That revelation came only after one of the drones was stolen, prompting privacy advocates and neighbors living adjacent to parks to wonder why the heck Rec and Parks was flying drones and what was being done with the pictures and video the drones took.

The proposal would not give every single city department permission to fly drones. Drone-flying privileges would only be granted to the fire department, the Port of San Francisco, the Recreation and Parks Department, the Public Utilities Commission. and the Office of the Controller. Quite notably, the San Francisco Police Department is not on this list, though any department is currently allowed to use drones in the event of a disaster or emergency.

“Departments must have an authorized purpose to collect information using a drone, or use drone-collected information,” according to a draft of the policy obtained by the Chronicle. The policy also states that any personally identifiable private information collected by the drone must be deleted.

But those safeguards may not be enough for the comfort level of privacy advocates, and the drone policy is still not fully approved. The Committee on Information Technology will debate — and is expected to approve — the proposal at a 10 a.m. meeting Friday morning at Room 305 at City Hall.

Related: Drone Blamed For Sunday Night Power Outage In SF

A leaked document from Facebook's Australia office, marked confidential and authored by two Australian Facebook executives, purported to show potential advertisers how to target to teens as young as 14 when they were feeling both good and confident, and targeting "moments when young people need a confidence boost." The document was first reported on by The Australian newspaper, and Consumerist notes that "The document apparently outlines an array of teenagers’ emotional states that the company claims it can target based on how kids are using the service, including, 'anxious,' 'defeated,' 'insecure,' 'overwhelmed,' 'stressed,' and 'worthless,' among other negative emotions." Reportedly, the document was part of a pitch being prepared for a major Australian bank, and was dated in 2017.

The document was apparently geared toward helping advertisers to pinpoint the best moments to target teens and young adults in the workforce in Australia and New Zealand, also noting, as Ars Technica reports, that "earlier in the week, teens post more about 'anticipatory emotions' and 'building confidence,' while weekend teen posts contain more 'reflective emotions' and 'achievement broadcasting.'

As CNet reports, Facebook is an "advertisers' goldmine" with some 5 million companies vying to get their products into our news feeds each month. But Facebook's own policies (as well as Australian advertising law, per Mashable) prohibit the use of its somewhat controversial research into users' emotional states for the purpose of advertising. This was laid out in a protocol that the company finalized just last year following earlier dustups over the ethics of the research generally.

Facebook has issued a statement saying "This research did not follow [our established] process, and we are reviewing the details to correct the oversight.” The company also says, "Facebook does not offer tools to target people based on their emotional state. The analysis done by an Australian researcher was intended to help marketers understand how people express themselves on Facebook." And, assuring us that no one's privacy was violates, they say, "[The research] was never used to target ads and was based on data that was anonymous and aggregated."

There has been some anecdotal suggestion in recent years that teens, at least in the US, were fleeing Facebook in droves in favor of other social media platforms not inhabited by their parents, but research has not shown that to be the case. As of early 2015, the Pew Research Center found that 71 percent of teens still reported using Facebook regularly, with Instagram and Snapchat usage coming in second and third, respectively. And a new survey published in January of 2017 suggested that teens' Facebook usage has only risen over the past several years — though their percent figures are lower, showing 65 percent using the platform as of November 2016.

Previously: Most Teens Actually Still Using Facebook

Another reason to take BART to SFO? Privacy concerns. An Airport Commission vote last month gave San Francisco International Airport the go-ahead to use license plate readers to record the information from every car that uses the airport's roads and garages. SFO can now keep that data on file for more than four years, accessible to 70 airport employees who can release the data to the San Francisco Police Department, the San Mateo Sheriff's Department, and the FBI. That's cause for concern, the American Civil Liberties Union tells KQED, offering up a “honeypot” to authorities.

As Matt Cagle of the ACLU in Northern California poses the question to KQED, “Why does law enforcement need to know who’s visiting SFO?... It’s one thing if a crime has been committed or if there’s a legitimate demand from law enforcement with a warrant,” he says, “but it’s another thing if the airport has decided to simply share this information with law enforcement for their own purposes.”

SFO maintains that the primary function of its license plate reading efforts will be collecting the revenue it's owed by commercial drivers on its roads and at its garages with FasTrak accounts — much the way bridge authorities now do with all cars passing over the Golden Gate Bridge. “It’s important to remember that the primary purpose for the system that we’ve established here is for revenue collection,” airport spokesman Doug Yakel tells KQED. “Is there a correlation to law enforcement efforts? Of course,” Yakel adds. “It’s a benefit to thwarting vehicle theft and other types of crimes. But that’s really not primarily how it's used."

SFO serves 53 million passengers a year, and if every car that ferries them to or from the airport has its license plate recorded, SFO's data collection could on the kind of massive scale the ACLU has repeatedly warned against. "Private companies use license plate readers to monitor airports, control access to gated communities, enforce payment in parking garages, and even help customers find their cars in shopping mall parking lots," a report created by the ACLU explains. "While these uses in and of themselves are not objectionable, private companies can scan thousands of plates each day and store information indefinitely, creating huge databases of Americans’ movements." The report's recommendations include storing data about innocent people for the briefest possible periods. "Law enforcement agencies must not store data about innocent people for any lengthy period," the report recommends. "Unless plate data has been flagged, retention periods should be measured in days or weeks, not months, and certainly not years." The ACLU also encourages that entities who use license plate recorders publicly report their usage.

In fact, SFO's policy follows legislation calling for just that: Senate Bill 34, which went into effect last year, requires security protections for data collected by plate readers and “public disclosure” about the technology's use.

Update: In a statement issued to CBS5, SFO spokesperson Yakel emphasizes that "SFO does not record every license plate of every vehicle at the airport, nor do we have the capability to do so." Nevertheless, the Airport Commission's vote would appear to give it the leeway to do just that, prompting the ACLU's objections.

Related: RIP Virgin America Airlines, Which Alaska Is Officially Killing Off In Two Years

Some have worried that consumer rights would lose out to corporate America during the Trump administration. Well, Tuesday's congressional vote allowing internet service providers (ISPs) to sell your personal web browsing history is expected to be signed into law by President Trump, awarding a free new jackpot revenue stream to ISPs who want to sell your porn-viewing habits, medical searches, and personal web-browsing and financial details to any marketer or private investigator they please, without notifying you of any of this.

Why would Congress approve such obviously anti-consumer legislation that rewards the companies with some of the worst customer service in America? The legislation’s author, Sen. Jeff Flake (R-AZ) offers some vagaries that the law will “inform customers about innovative and cost-saving product offerings”. For a more accurate explanation, The Verge has a handy list of which congresspeople voted to allow ISPs to sell customer data and how much money each took in telecom industry donations.

The consumer clearly has no say in any of these decisions. So what can you do to protect your online privacy now that Comcast and AT&T can snoop on you and sell your data in new ways?

Pay Attention to Whether the Website is Secure
The URL of a secure website begins with the letters “https” instead of just “http”. Secure sites with “https” in their URL offer a great deal more privacy from your snooping ISP. ISPs can tell you visited the site, but they won’t see all your activity while there. SFist, for instance, is not a secure site — so your ISP would know whether you’ve browsed content about sex, drugs, or rock’n’roll.

Even if the site is not secure, you can make it secure by adding the Electronic Freedom Foundation’s HTTPS Everywhere extension to your web browser. This won’t hide what sites you’ve visited, but it will hide your activity on these sites.

Use The Tor Web Browser or Tools
The Tor Project has a free web browser and various other tools to anonymize your web behavior. Tor is fairly highly regarded in hacker community, and PC World has a nice Cliff Notes explainer on how to set up and use Tor.

Tor does, however, have a tendency to slow down your internet speed and occasionally produces a less-than-ideal browsing experience.

You can also just install the Internet Noise browser extension that a clever programmer created this week, which passively loads random websites in browser tabs, filling ISP databases with useless noise.

Buy and Install a VPN
There is some debate over whether a Virtual Private Network (VPN), which encrypts your web browsing and puts it on a more private channel, is really an improvement over normal, unencrypted Internet use. After all, you’re just switching the ability to snoop on your data from one for-profit company (your ISP) to another (whoever sold you the VPN). But there is consensus opinion that free VPNs are a pretty shady racket, and their revenue model is the exact same data-selling scheme in which the big telecoms now hope to engage,

Via Lifehacker, something called That One Privacy Site has a list of the 179 best known VPNs and gives each a color-coded ranking based on your areas of need.

Complain About It To Your Congressperson
They say all those phone calls and town hall tirades made a difference in helping to keep Obamacare from being repealed. While this internet legislation has already passed, it can’t hurt to let your representatives know that you’re not happy about it. In the case of Nancy Pelosi, though, she probably already knows.

Related: Uber Staff Allegedly Enabled Stalking And Accessed Beyonce's Trip Data