Welcome to the November edition of Privacy Alerts. It’s been a busy month for Privacy! Here are the three worst-offending companies this month that you should opt-out of right now:

Uber

The company has recently suffered a significant data breach, where an 18-year-old hacker had total control over their systems. Coincidently, Uber’s former Chief Security Officer was found guilty this month for attempting to conceal an earlier data breach that occurred in 2016. The company has also started testing targeted ads from other companies sent out as push notifications.

If all of this is not enough, according to a recent trove of confidential documents obtained by the Guardian, Uber broke laws, duped police, and secretly lobbied governments.

We understand that Uber services (ride-sharing and food delivery) are convenient. Still, for all the reasons mentioned above, we think Uber’s unethical attitude is unlikely to change. We recommend you uninstall these apps, send the company adata deletion request, and use one of the many alternative services available.

Mimecast

Mimecast brands itself as “Advanced Email & Collaboration Security”. Notable companies, including Adobe, Hertz, NASA, and Nationwide Insurance, use Mimecast’s “Secure Email Gateway” product. It is also popular in various industries, such as healthcare, finance, and government.

We have recently been made aware that many individuals are placed in a type of email purgatory due to how Mimecast’s service works. It appears that Mimecast’s clients can mark an email message as spam, which will then classify any messages from that sender as spam for all of the other organizations using Mimecast’s solution. This ability gives immense power to every customer support person working for one of these companies.

One individual described his experience when following an email exchange with a telecom provider, which apparently the provider classified as spam, the individual then found themself unable to contact that provider, as well as any other organization on Mimecast’s client list, which includes many governmental organizations, all without ever being notified or having the right to appeal the decision.

We recommend that you send Mimecast a data access request to see if they have any of your personal information, and in case they do, follow up with a data deletion request. You can send both types of requests here.

TikTok

TikTok is the world's most downloaded app, owned by the Chinese tech giant ByteDance. To help explain why we have chosen to add TikTok to this month’s Privacy Alerts, we wanted to share a new documentary called TikTok, Boom, which is available for free on PBS. The movie examines the power and influence of TikTok from the perspective of Gen-Z natives, journalists, and experts.

In a nutshell, TikTok is shaping our cultural norms in an unprecedented fashion while completely ignoring privacy and human rights.

We recommend that you send TikTok adata deletion request.

Privacy Tip

New privacy tools released this month by tech giants Google and Facebook seem at first glance like a step in the right direction and at a closer look as an attempt to ease regulators and other critics. Still, both tools are worth knowing.

Google has been pushing out a tool for removing personally identifiable information from its search results. As with almost all Google features and products, you may not immediately have access to Google's new removal process. If you do, you should be able to click the three dots next to a web search result (while signed in) or in a Google mobile app to pull up "About this result." One option you can click at the bottom of a pop-up is "Remove result." However, note that this button is much more intent than immediate action. Google suggests a response time of "a few days."

Facebook has quietly rolled out a new service that lets people check whether the firm holds their contact information, such as their phone number or email address, and delete and block it. Notably, the tool works even if the individual does not have a Facebook account. According to a Business Insider article, the tool is well-hidden and apparently only available via a link that is embedded 780 words into a fairly obscure page in Facebook's help section for non-users. The bad news: the scope of the data that his tool covers is a drop in the ocean of what Facebook has on you.

You can send both Google and Facebook data deletion requests via YourDigitalRights.org.

All the best,

Yoav & Rafa
Founders, Conscious Digital // YourDigitalRights.org