Someone recently told me about the Radioberry Hat that turns a Raspberry Pi 4 into a rather useful SDR receiver and, with only 20mW available, a rather less useful (at least without amplifier) transmitter.
I duly placed an order and, this week, it is expected to arrive.
This weekend, though, I was given a heads-up by a Mastodon user about a blog post by M0AWS, which makes a number of important claims about unauthorised data collection by the Radioberry software. This is also claimed, not without reason, to pose a security risk.
Now, I haven't interacted with the Radioberry yet, so can't confirm if the software or any documentation warns the user that data will be collected. However, one would still expect the choice to opt-out of most or all such data collection.
What one wouldn't expect, nor would anyone have the reasonable right to do, is publish online, without consent and in public, the MAC address and other information, sometimes relating the MAC address to a specific callsign and/or location (not entering these might defeat this, but still). The whole thing does, on the face of it, seem to be wholly in breach of European data protection law.
I won't myself help the data breach along by linking to it, but will publish what is being presented (I've redacted callsigns and the couple of locations) as of 11:40 on 19/10/2025 to the public by a site carrying the PA3GSB callsign. That is only superficial linking to the owner of that call, as the site could be created by anyone and it is possible that PA3GSB may not be aware of or responsible for any of this.
Meanwhile, I've sent PA3GSB an email, asking him why he is apparently linked to this unconsented gathering and publishing of data online and why it is being gathered at all. Unfortunately, the address for this user given on QRZ.com results in:
