ByteDance's Pangle SDK, embedded in 40+ popular apps including Duolingo and BeReal, transmits sensitive device fingerprinting data (battery level, IP address, storage, IDFV) encrypted with AES-256-CBC where the encryption key and IV are embedded in every message in plaintext, making the encryption trivial to break via reverse-engineered SDK code. Additionally, a hardcoded AES key was found in the native library, shared across all SDK versions.
Pokemon Go's AR Mapping feature has been quietly collecting high-resolution geospatial data from millions of players since 2020, which Niantic is now monetizing through Niantic Spatial's Visual Positioning System for commercial applications like delivery robots. Players unknowingly consented to this data collection through terms of service that grant Niantic broad rights to use and license uploaded imagery for any purpose.
A critical essay on how major tech companies systematically collect user data for AI training through devices like smart glasses, operating systems, and online services, often with vague consent buried in terms of service agreements. The author argues this is an inherent feature of modern AI development, not a bug, and that users should accept they have no privacy from devices they don't control.
The Electronic Frontier Foundation warns against purchasing and using Meta's Ray-Ban smart glasses due to serious privacy concerns including automatic cloud upload of footage to Meta servers for AI training (including human review), invisible recording design that makes consent difficult, and Meta's disclosed interest in adding facial recognition capabilities.
Age-verification systems mandated by U.S. state laws to protect minors are creating widespread surveillance infrastructure that collects and concentrates sensitive identity data (facial images, government IDs, addresses) from millions of adults through third-party vendors, creating data breach risks, government demand exposure, and fundamental privacy concerns about the open internet.