Daily Digest (7/23)

College Recruitment Database Leaking 1M Student GPAs, SAT Scores, Other Data; Facebook Asking to Use Personal Data in Brazil; Nielsen to Change Rating Tools Out of Privacy Concerns; University of Chicago Develops Image ‘Cloaking’ for Personal Privacy. Click “Continue reading” below.

College Recruitment Database Leaking 1M Student GPAs, SAT Scores, Other Data

An unsecured Amazon S3 (Simple Storage Service) bucket, or database, has been leaking nearly 1 million records of sensitive high-school student academic information, Cybernews.com reports.

Among the leaked data were GPA scores; ACT, SAT and PSAT scores; unofficial transcripts; student IDs, and students’ and parents’ names, email addresses, home addresses, telephone numbers and more.

The data leaks apparently involves minors, high-school students aged 13 to 18, Cybernews reports.

The unsecured bucket appears to belong to CaptainU, an online platform that purportedly helps connect student athletes and colleges or universities that are interested in recruiting them for athletic programs.

The bucket, as such, also contains pictures and videos of students’ athletic achievements, messages from students to coaches and other recruitment materials.

Cybernews said it informed CaptainU on May 22 and offered to help secure the database.

“When we received no response from the company, we contacted Amazon on June 1 to get the issue fixed,” the report said. “However, while they were able to secure the indexing on June 9, the files are still accessible.”

Through an Amazon representative, CaptainU claimed that the sensitive educational data was “meant to be openly available.”

But CaptainU apparently never told students or parents. The company has not responded to “repeated requests for comment,” according to the report.

Source (all sources external links):

Facebook Asking to Use Personal Data in Brazil

Facebook is seeking user permission to use certain types of personal data in Brazil, in compliance with data-protection regulations that are to be enforced starting Aug. 14.

Facebook has not stated which types of data require consent, ZDNet reports.

Paula Vargas, Facebook’s head of public policy for Latin America, said the company also was adding a privacy notice to its data policies on Facebook and Instagram.

A bill proposing to postpone the introduction of Brazil’s General Data Protection Regulation (LGPD) until May 2021 has not yet been approved by Congress.

“We believe that everyone has a fundamental right to privacy, and therefore we would like to take the opportunity that LGPD presents to explain how we are improving our products and tools to meet LGPD’s data-protection requirements and how this will impact people”, Vargas said in a blog post, ZDNet reports.


Nielsen to Change Rating Tools Out of Privacy Concerns

Nielsen Media Research said Wednesday that it would amend its methodology for digital-measurement products because of growing privacy issues.

Nielsen cited the decreasing use of cookies and restrictions on consumer’s consent of data as factors for its change, Television News Daily reports. 

The amended products, to be presented to clients early next year, will require Nielsen to ramp up a large roster of publishers with “scaled data, augmented with Nielsen-verified demographics, and privacy-centric audience deduplication methodologies,” according to the company.

The changes, Nielsen said, would include establishing “media-panel truth sets, census data-collection technology, proprietary bias correction and calibration models, and diverse third-party partner assets.”

“Nielsen’s ‘truth set’ is a combination of our digital and TV panels, leveraging computer and mobile universe estimates, to calibrate an array of census inputs from prominent digital platforms, as well as other publishers across the open web,” Mainak Mazumdar, Nielsen’s chief data and research officer, told Television News Daily.


University of Chicago Develops Image ‘Cloaking’ for Personal Privacy

The SAND Lab at University of Chicago has developed Fawkes1, an algorithm and software tool that allows individuals to limit how their images can be used to track them.

Running locally on individual computers, Fawkes takes personal images, making tiny, pixel-level changes that are invisible to the human eye, in a process called “image cloaking,” the university said.

The “cloaked” photos then could be used as normal — and they can be shared on social media, sent to friends, printed or displayed on digital devices.

But the difference is that if and when someone tries to use the photos for facial-recognition models, the “cloaked” images would “teach the model a highly distorted version of what makes you look like you,” according to the university.

The “cloak effect” is “not easily detectable, and will not cause errors in model training,” according to the report. “However, when someone tries to identify you using an unaltered image of you, they will fail.”

The Fawkes1 project is detailed in a technical paper that the SAND (Systems, Algorithms, Networking and Data) Lab will present at a global security symposium next month, according to the report.


— By DPN Staff