Privacy Digest 02/26

There’s No Opt-Out: Wegmans Is Now Scanning Your Face at the Grocery Store

Wegmans expanded facial recognition from employees to customers at NYC stores, collecting biometric data without opt-out options or deletion guarantees.

gadgetreview.com

Facial Recognition Privacy Surveillance Customer Surveillance

Signal's Founder Turns His Attention to AI's Privacy Problem

Signal founder Moxie Marlinspike is developing an open source, end to end encrypted AI chatbot to address major privacy gaps in today’s AI tools. He argues that chatbots feel private but are not, encouraging users to share sensitive thoughts that can later be exploited. His proposed system, Confer, encrypts prompts and responses so only users can access them, aiming to prevent data harvesting, profiling, and future misuse of deeply personal information.

gizmodo.com

Privacy Signal AI Chatbots End-to-End Encryption

Dozens of Flock AI Camera Feeds Were Just Out There

More than 60 livestreams from Flock AI surveillance cameras were publicly accessible online without any login, exposing live video from multiple locations. Researchers found the feeds using Shodan, an internet connected device search engine that indexes publicly exposed systems. The exposed cameras were Flock’s Condor models, which can pan, zoom, and automatically track people and vehicles. In some cases, administrator panels were also accessible, allowing footage downloads, deletions, and configuration changes. Flock works with law enforcement and businesses nationwide and recently partnered with Ring. The company said the issue was caused by a limited misconfiguration affecting a small number of devices and has since been fixed.

theverge.com

Flock AI Ring Surveillance Shodan

California Residents Can Use New Tool To Demand Brokers Delete Their Personal Data

California residents now have a centralized way to request deletion of personal data held by data brokers. The new Delete Requests and Opt-Out Platform (DROP), created under the 2023 Delete Act, allows verified residents to submit a single request that applies to more than 500 registered data brokers, instead of contacting each company individually. Brokers will begin processing requests in August 2026 and have 90 days to comply. The law applies only to third-party data brokers, not first-party data collected directly by companies. Some public records are exempt. Regulators say the tool could reduce spam, fraud, identity theft, data leaks, and AI-based impersonation risks.

techcrunch.com

California Privacy Data Brokers Personal Data