RDR is now an independent initiative. Our website is catching up.  Read our announcement →

Donate

06 Sep

Posted at 07:52h in Announcements, Featured, News by
0 Likes

Image by VLADGRIN on Shutterstock

Research for the 2019 Ranking Digital Rights Corporate Accountability Index began this week, with more than 30 researchers from around the world contributing to the 2019 evaluation. The Index ranks the world’s most powerful internet, mobile, and telecommunications companies on their disclosed policies affecting freedom of expression and privacy.

The 2019 Index will evaluate 24 companies, which includes all of the 22 companies previously ranked plus two new telecommunications companies (Deutsche Telekom and Telenor). We also are expanding our evaluation of cloud services for five internet companies.  

The 2019 Index methodology includes limited revisions to two indicators (G4, G6) in order to preserve year-on-year comparability. In July 2018, we initiated a period of public consultation to solicit feedback from stakeholders about these proposed revisions. Final changes to the methodology are a result of that feedback and internal research conducted by the Ranking Digital Rights (RDR) team.

  • The 2019 Index methodology with detailed research guidance and glossary can be viewed and downloaded here.
  • An online version of the 2019 Index methodology can be accessed here.

Findings of the 2019 Index will be released in May 2019. Company scores and accompanying analysis will be generated through a rigorous process of cross checking, peer review, company feedback, and quality control.

Stay tuned for more updates from the RDR team!

 

31 Aug

Posted at 04:35h in Announcements, Featured, News by
0 Likes

Ranking Digital Rights (RDR) is updating our privacy policy, which applies to visitors to the RDR website and to subscribers to our mailing list. The new policy comes into effect on September 14, 2018.

The revised privacy policy clarifies that RDR will retain the information provided by subscribers to our mailing list for as they are they are subscribed to this list, and that we will delete and remove any information provided within 30 days of unsubscribing from this list.

The revised privacy policy also contains key updates that specify the rights that visitors to our website have to their data. Specifically, “You can request to receive an exported file of any data we hold about you, which includes any data you have provided to us. In addition, you can also request that we delete any data we hold about you.”

You can read the full version of the updated privacy policy here. The current version of our privacy policy will be available as an archived version after the new policy is published on September 14, 2018.

23 Aug

Posted at 08:41h in Featured, News by
0 Likes

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Google under scrutiny over its collection of user data

Photo by user albersHeinemann on Pixabay

Google is facing a lawsuit for allegedly misleading users about collection of location data even when the ‘’Location History’’ setting is turned off.

In the lawsuit, filed in a federal court on August 17 in San Francisco, attorneys representing a man named Napoleon Patacsil argued that Google is violating the California Invasion of Privacy Act and the state’s constitutional right to privacy. The lawsuit is seeking a class-action status to represent all Google mobile users in the US, on both Android devices and iPhones.

The lawsuit was filed just days after the publication of an Associated Press report that found that ‘’many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so.’’

The privacy setting in question is called ‘’Location History,’’ which users can turn off. ‘’With Location History off, the places you go are no longer stored,’’ Google’s support page on the matter previously stated. The company has since edited the page to clarify it continues to track users’ location even when the setting is disabled.

The company is facing additional scrutiny over the sweeping amounts of user data it collects on users, following the release of a new study, which found that ‘’a major part of Google’s data collection occurs while a user is not directly engaged with any of its products.’’

Internet, mobile, and telecommunications companies should be transparent about how they handle user information including which user information they collect and how, and for what purposes. The 2018 Corporate Accountability Index found that while Google was transparent about the types of user information it collects and how it collects it, the company failed to disclose that it limits the collection of user information to what is directly relevant and necessary to accomplish the purpose of its services. Out of 22 companies ranked by the Index, only three — Kakao, Samsung and Yandex — published clear disclosures stating that they minimize the collection of user information to what is relevant and necessary to accomplish the purpose of their services.

The facts uncovered by the Associated Press also underscore the need for systematic, regular, and independent technical testing to verify whether company policy disclosures, including those that RDR tracks and evaluates, are fully consistent with technical reality.

(more…)

14 Aug

Posted at 04:36h in Featured, News, Partnerships by
0 Likes

Image by Warren R.M. Stuart (licensed CC BY-NC-ND 2.0)

While mobile applications don’t always offer the level of privacy and security that consumers expect, many top peer-to-peer (P2P) payment services raise no major privacy and security red flags, according to new research by Consumer Reports, Ranking Digital Rights, and Disconnect, a privacy software manufacturer.

Consumer Reports rated five mobile P2P applicationsApple Pay, Facebook P2P Payments, Square Cash, Venmo, and Zelle stand-alone servicebased on a set of privacy and security standards, including how well they authenticate payments to prevent fraud, secure user data, and protect privacy.

While Apple Pay earned top marks for its payment authentication and privacy measures, all five applications were rated as “good enough to use,” according to Consumer Reports. 

The ratings are based on a set of criteria called the Digital Standard, developed in partnership with leading privacy, security, and human rights organizations, including Ranking Digital Rights. This P2P rating is the latest round of collaborative research and testing that uses the Digital Standard to evaluate applications and internet-connected products that make up what is often called the “internet of things.” The goal of the Digital Standard is to encourage companies to prioritize privacy and security and to help consumers make informed choices.

Here are some highlights from the findings:

  • Apple Pay rated the highest on data privacy, as Apple states that it does not store consumers’ original credit card numbers and limits information sharing to a few service-specific purposes.
  • While all five P2P apps enabled users to set up PINs or two-factor authentication for an additional level of security, Apple Pay was the only service that requires authentication for each payment by default.
  • All the P2P apps provided data encryption and most disclosed that they implement internal safeguards to secure data.

To read more about the findings and how the different apps performed, see the full report here.

10 Aug

Posted at 06:54h in News by
0 Likes

Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.

Alex Jones caricature by Flickr user DonkeyHotey (CC BY 2.0)

Tech giants ban conspiracy theorist Alex Jones

This week, Apple, Facebook, Google, and other social media and tech companies took steps to ban InfoWars, a website and media platform produced by right-wing conspiracy theorist Alex Jones.

Apple Podcasts removed five of six podcasts produced by InfoWars for violating its policy that ‘’does not tolerate hate speech.” Facebook took down four Infowars pages for ‘’repeated violations’’ of the site’s guidelines, including “glorifying violence” and “dehumanizing immigrants.” Youtube terminated Jones’ channel of 2.4 million subscribers for violating its community guidelines.

Other services that took measures to ban Jones’ InfoWars include Spotify, Pinterest, audio streaming app Stitcher, MailChimp, Linkedin and even the adult-video website YouPorn.

Jones is behind a number of controversial conspiracy theories, such as the 9/11 attacks were an ‘’inside job,’’ the Sandy Hook school shooting was a hoax, and that Obama is a ‘’radical Muslim’’ (all false allegations). Actions taken by major platforms this week were in relation to violations of their policies against hate speech and harmful content.

The measures came a few weeks after Facebook, Spotify and Youtube (Google) removed content by Jones for violating their terms of service and policies.

Spotify previously removed specific episodes of the Alex Jones Show before shutting down the entire podcast this week. Three other Infowars podcasts are still live on the service, according to The Guardian.

Twitter, however, has not banned InfoWars or Jones. Twitter CEO Jack Dorsey explained that his company did not ban Jones and Infowars because they ‘’did not violate our rules.’’

Internet, mobile and telecommunication companies should be transparent about what their rules are and how they enforce them. For example, companies need to clearly disclose whether any government authorities or private entities receive priority consideration when flagging content to be restricted for violating the company’s rules. They should also regularly publish data about the volume and nature of actions taken to restrict content or accounts that violate the company’s rules. The 2018 Corporate Accountability Index found that while most of the 22 companies evaluated disclosed at least some information about what content and activities they do not allow and how they enforce their rules, only four companies — Twitter, Microsoft, Facebook and Google — published data about such restrictions.

Companies should also notify users when they restrict content. Services that host user-generated content should notify those who posted the content and users trying to access it. The notification should include a clear reason for the restriction. The 2018 Index found that companies do not disclose sufficient data about their user notification policies when they restrict access to content or accounts.

(more…)