December saw some important but easy-to-miss privacy news that we’ve caught for the latest TunnelBear privacy roundup.

These include two popular Internet companies taking new steps to spy on their users (with only one backing down), a pledge to shed a small bit of light on the U.S. surveillance state and a sweeping crackdown on privacy in Turkey.

1. Uber starts tracking users’ location even after drop-off

Uber has flipped the switch on constant location tracking, and says it will now start collecting location data for five minutes after a ride has ended. This is actually worse than it sounds, as it means the Uber app now monitors your location at all times, even if you are not using the app or have it closed. While before iOS users could choose a privacy setting restricting location sharing to while the app was running, that choice has now been disabled. Though you can still turn off tracking completely, there are reports this effectively breaks the app. Meanwhile, a new investigation has revealed that Uber employees have yet again been caught spying on riders' travel details.

2. Evernote backs down on change that would have let employees read notes

Online note-taking platform Evernote sparked controversy this month when it quietly announced a planned change to its privacy policy that would allow its employees to review users’ notes. While the company said this “human review” would be allowed in limited cases to assist its machine-learning algorithms, that didn’t stem the backlash from Evernote users now wondering how private their writings really are. To their credit Evernote has now scrapped the change and promises to strengthen privacy protections.

3. Private browsing network Tor blocked in Turkey

The government of Turkey has blocked anonymity network Tor as part of its widespread censorship crackdown on VPNs, according to a watchdog group. Turkey Blocks reports that testing shows the Tor service has been disabled by ISPs under a government order. This comes as the country consolidates its power to selectively block social media and online messaging services like WhatsApp under the oft-abused excuse of “security.” Those services were shut down yet again after the assassination of Russia’s ambassador to Turkey.

4. U.S. government to reveal how many citizens caught in surveillance programs

Reuters reports that Washington will for the first time reveal how many American citizens have their online activities captured by surveillance programs intended for foreigners. The estimate is to be made public by January, according to a letter sent by lawmakers to National Intelligence Director James Clapper as they begin debate on a key surveillance law. This is significant as the U.S. surveillance apparatus has long insisted calculating the number would be near-impossible, and downplays the collection as “incidental.”

5. Top EU court’s privacy ruling may fuel challenges of Snoopers’ Charter

The European Union’s highest court has ruled that governments cannot indiscriminately collect emails and other online data. In what’s being called a landmark privacy decision, the court found the state can only collect citizens’ Internet activities on a targeted basis -- ruling illegal the kind of dragnet surveillance laid out in Britain’s Snoopers’ Charter law. The EU ruling began with a challenge of that law’s predecessor, and privacy advocates say the decision raises new questions about the Charter’s legality.

Thanks for reading this month in online privacy.
To keep up to date with TunnelBear’s picks for the top privacy news, subscribe and have them delivered to your inbox and see you next month!

Sincerely Rawrs,
the TunnelBear Team