Hacker News with Generative AI: Data Security

NSA spied through Angry Birds, other apps: report (2014) (nbcnews.com)
Documents leaked by former NSA contractor Edward Snowden suggest that spy agencies have a powerful ally in Angry Birds and a host of other apps installed on smartphones across the globe.

Surveillance, Mobile Apps, Privacy, Data Security

274 points by __natty__ 3 days ago | 151 comments

Can you smuggle data in an ID card photo? (informatykzakladowy.pl)
Kilka tygodni temu opublikowałem krótki tekst o eDO App, aplikacji mobilnej pozwalającej na użycie tzw. warstwy elektronicznej dowodu osobistego. Mój własny dowód pochodził jednak sprzed pięciu lat i nie zawierał chipa z anteną indukcyjną. Aby dokończyć artykuł, musiałem wyrobić sobie nowy dokument.

Data Security, Privacy, Technology, Government IDs

28 points by edent 3 days ago | 9 comments

Privacy folks – what's your take on using LLMs at work? (ycombinator.com)
Hey everyone! :wave: I’m building a product called Privacy AI, and I’m trying to learn how people think about data privacy when using AI tools at work — especially in industries like finance, healthcare, or anywhere with sensitive data.

Privacy, Artificial Intelligence, Data Security, Finance, Healthcare

13 points by adeebaslam 14 days ago | 20 comments

DOGE worker’s code supports NLRB whistleblower (krebsonsecurity.com)
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March.

Data Security, Whistleblowing, Labor Relations, Government Efficiency, Elon Musk

1013 points by todsacerdoti 16 days ago | 530 comments

5th Circuit Lets AT&T Off the Hook for Major Location Data Privacy Violations (techdirt.com)
For decades, major wireless carriers AT&T, Verizon, and T-Mobile collected vast troves of sensitive user location and movement data, then sold access to any random nitwit with two nickels to rub together.

Privacy, Telecommunications, Lawsuits, Data Security, Location Tracking

13 points by hn_acker 16 days ago | 1 comments

Whistleblower: DOGE Siphoned NLRB Case Data (krebsonsecurity.com)
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity.

Data Security, Labor Relations, Elon Musk, Whistleblower

818 points by whalesalad 17 days ago | 452 comments

Oracle hopes talk of cloud data theft dies off. CISA just resurrected it (theregister.com)
CISA – the US government's Cybersecurity and Infrastructure Security Agency – has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.

Cybersecurity, Data Security, Oracle, Cloud Computing, Government

8 points by LinuxBender 17 days ago | 0 comments

Europe's cloud customers eyeing exit from US hyperscalers (theregister.com)
Are customers on the European side of the pond considering a move from US hyperscalers in the wake of recent events? Some of the region's vendors are reporting an uptick in inquiries as organizations mull their options.

Cloud Computing, Europe, Data Security, Business, Technology

23 points by rntn 22 days ago | 2 comments

Whistleblower details how DOGE may have taken sensitive NLRB data (npr.org)
A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.

Data Security, Labor Relations, Government, Whistleblower

1171 points by rbanffy 24 days ago | 542 comments

Browser extensions put 4M users at risk of cookie exposure (secureannex.com)

Browser Security, Privacy, Data Security, Web Development, Cybersecurity

13 points by speckx 28 days ago | 6 comments

Selling your old laptop or phone? You might be handing over your data too (theconversation.com)
You’re about to recycle your laptop or your phone, so you delete all your photos and personal files. Maybe you even reset the device to factory settings.

Privacy, Data Security, Technology, Recycling

28 points by devonnull 31 days ago | 10 comments

Proton provided user information in 10,368 requests in 2024 (proton.me)
From time to time, Proton may be legally compelled to disclose certain user information to Swiss authorities, as detailed in our Privacy Policy. This can happen if Swiss law is broken. As stated in our Privacy Policy, all emails, files and invites are encrypted and we have no means to decrypt them.

Privacy, Data Security, Switzerland, Law Enforcement

8 points by argilla 35 days ago | 1 comments

23andMe is potentially selling personal survey data, etc., beyond genetic data (theconversation.com)
As soon as the genetic testing company 23andMe filed for bankruptcy on March 23, 2025, concerns about what would happen to the personal information contained in its massive genetic and health information database were swift and widespread.

Privacy, Genetics, Data Security, Health Information, Business

4 points by rntn 37 days ago | 0 comments

UK's GCHQ Intern Transferred Top Secret Files to His Phone (bbc.com)
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone.

Cybersecurity, National Security, Espionage, Government, Data Security

20 points by m463 38 days ago | 6 comments

You're protecting your data wrong – Introducing the Protected Query Pattern (vercel.app)
Securing modern full-stack applications can be complex. You have to manage authorizations in many different contexts from UI to data mutation functions.

Data Security, Web Development, Software Engineering, Programming

33 points by jussinevavuori 39 days ago | 21 comments

Kink and LGBT dating apps exposed 1.5M private user images online (bbc.com)
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.

Data Security, Privacy, Online Dating, LGBT

31 points by testrun 40 days ago | 8 comments

How to Delete Your 23andMe Data (eff.org)
This week, the genetic testing company 23andMe filed for bankruptcy, which means the genetic data the company collected on millions of users is now up for sale. If you do not want your data included in any potential sale, it’s a good time to ask the company to delete it.

Privacy, Genetics, Data Security, 23andMe

222 points by hn_acker 44 days ago | 120 comments

AI browser assistant extensions probably beaming everything to the cloud (theregister.com)
Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.

Generative AI, Privacy, Browser Extensions, Data Security

10 points by rntn 45 days ago | 1 comments

Ask HN: can Wireless-CarPlay dongles steal your data? (ycombinator.com)
So I recently ordered one of the many wireless Carplay dongles from Aliexpress that work via USB in your car connecting your iPhone to the car's Carplay via Bluetooth (and/or Wifi) to the USB dongle.

Data Security, Car Technology, Wireless CarPlay, Hardware

46 points by concerned_citi 45 days ago | 31 comments

Chunking Attacks on Tarsnap (and Others) (daemonology.net)
Ten years ago I wrote that it would require someone smarter than me to extract information from the way that Tarsnap splits data into chunks.

Security, Encryption, Cloud Storage, Data Security

10 points by todsacerdoti 48 days ago | 1 comments

Chunking Attacks on File Backup Services Using Content-Deﬁned Chunking [pdf] (daemonology.net)

Cybersecurity, Data Security, File Backup, Research, Attacks

123 points by cperciva 49 days ago | 21 comments

Stop letting your RAG chatbot expose sensitive data (osohq.com)
Retrieval-Augmented Generation (RAG) lets you enhance large language model (LLM) applications by supplementing your users’ prompts with context from internal sources.

Data Security

11 points by mathewpregasen 51 days ago | 1 comments

Court filing: DOGE aide broke Treasury policy by emailing unencrypted database (theregister.com)
A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials, according to a court document filed Friday.

Privacy, Data Security, Government, Politics, Law

67 points by rntn 52 days ago | 31 comments

Tell HN: Wise makes all user phone email and name data discoverable by default (ycombinator.com)
Wise makes all user phone email and name data discoverable by default

Privacy, Data Security, Fintech, User Data, Wise

18 points by wise-throwaway 55 days ago | 0 comments

Data Broker Brags About Highly Detailed Personal Info on Most All Internet Users (gizmodo.com)
The owner of a data brokerage business recently put out a creepy-ass video in which he bragged about the degree to which his industry could collect and analyze data on the habits of billions of people.

Privacy, Data Security, Internet, Personal Data

7 points by rntn 55 days ago | 1 comments

Privacy Is Also Protecting the Data of Others (privacyguides.org)
In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others?

Privacy, Data Security, Ethics

9 points by jonaharagon 57 days ago | 0 comments

We stopped trusting clouds and started encrypting our data (vas3k.com)
Remember the situation: you want to send that fresh dank meme to your friend (let's say) Greg. You open your favorite messenger, find the chat with Greg, attach the meme and hit send.

Privacy, Encryption, Data Security, Communication

21 points by namanyayg 57 days ago | 1 comments

Civil servants quit Elon Musk's DOGE citing security risks over US data (abc.net.au)
About 21 civil servants from Elon Musk's Department of Government Efficiency have resigned saying they will not use their skills to jeopardise the sensitive data of Americans.

Elon Musk, Government, Data Security, Privacy

16 points by Aeolun 58 days ago | 0 comments

Allstate Insurance sued for delivering personal info in plaintext, to anyone (theregister.com)
New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.

Data Security, Privacy, Lawsuits, Insurance, Cybersecurity

8 points by rntn 59 days ago | 1 comments

Microsoft unveils finalized EU Data Boundary as European doubt over US grows (theregister.com)
Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a US entity, even with the guarantees in place.

Microsoft, Cloud Computing, Data Security, Geopolitics

7 points by nemoniac 66 days ago | 0 comments