On June 28, 2018, the California State Legislature passed the California Consumer Privacy Act (CCPA), arguably the most comprehensive piece of online privacy legislation in the United States. Online services covered by the CCPA are required to provide a hyperlink on their homepage with the text “Do Not Sell My Personal Information” (DNSMPI). The CCPA went into effect on January 1, 2020, a date that was chosen to give data collectors time to study the new law and bring themselves into compliance. In this study, we begin the process of investigating whether websites are complying with the CCPA by focusing on DNSMPI links. Using longitudinal data crawled from the top 1M websites in the Tranco ranking, we examine which websites are including DNSMPI links, whether the websites without DNSMPI links are out of compliance with the law, whether websites are using geofences to dynamically hide DNSMPI links from non-Californians, how DNSMPI adoption has changed over time, and how websites are choosing to present DNSMPI links (e.g., in terms of font size, color, and placement). We argue that the answers to these questions are critical for spurring enforcement actions under the law, and helping to shape future privacy laws and regulations, e.g., rule making that will soon commence around the successor to the CCPA, known as the CPRA.
Bluetooth-based item trackers have sparked apprehension over their potential misuse in harmful stalking and privacy violations. In response, manufacturers have implemented safety alerts to notify victims of extended tracking by unknown item trackers. In this study, we specifically investigate the anti-stalking mechanism of Apple's AirTag. We identify and analyze potential triggers of safety alerts that have not been examined in previous research, such as the local time, the victim's device model, AirTag's battery life, and the distance between the AirTag and the victim's device. Furthermore, we demonstrate a novel possibility of developing a stealthy cloned AirTag capable of tracking victims directly on the Find My app while circumventing safety alerts on the victim’s device. Our experiments demonstrate that, despite regular updates to the public key and MAC address, our cloned AirTag can provide real-time location updates even with a four months old key, thereby highlighting the challenges in designing a robust anti-stalking framework. Furthermore, we propose practical solutions to mitigate stalking risks from cloned AirTags and enhance the existing anti-stalking safeguards for AirTags. These suggestions seek to provide a foundation for similar Bluetooth-based item trackers to improve their anti-stalking protections while ensuring optimal tracking efficiency. We conducted rigorous experiments to validate our findings, ensuring their accuracy and reliability. Our evaluation highlights that safety alerts take over 8 hours to appear during the day and are more prompt during the night, particularly after 11 pm.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.