Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘privacy

Another Facebook Breach

leave a comment »

Happy Friday!

Well, depending on who you ask.

The BBC, Gizmodo, and others are reporting a new Facebook data breach, this time of private Facebook messages of at least 81,000 unfortunate souls.

It’s being reported the culprit was a Chrome Extension exploit, and is apparently not related to the more widespread September breach previously reported of 120 million Facebook accounts.

Some details:

The hackers, who may be Russian since they reached out to the BBC Russian Service, appear to have the Facebook messages of at least 81,000 people, mostly of Russians and Ukrainians, but also from people in the U.S., UK, and Brazil, according to the BBC.

“Browsers like Chrome can be very secure, but browser extensions can introduce serious gaps in their armor. The addition of browser extensions increases what is otherwise a small attack surface. Malicious extensions can be used to intercept and manipulate the data passing through the browser,” said Rick Holland, CISO of Digital Shadows, which helped the BBC analyze the breach.

As to the content of those messages:

Many of the messages are relatively benign and include simple chats about going on vacation and attending concerts. But as you’d expect, there are also more sensitive discussions, including “intimate correspondence between two lovers,” as the BBC describes it.

Hoped all 81K Facebook users whose private messages were sold!

Written by turbotodd

November 2, 2018 at 3:24 pm

Tim Cook and the Data Industrial Complex

leave a comment »

TechCrunch is reporting that Apple CEO Tim Cook has begun to basically throw down the gauntlet with respect to the global trade in digital data, suggesting that it has exploded into a “data industrial complex.”

“Our own information — from the everyday to the deeply personal — is being weaponized against us with military efficiency,” warned Cook. “These scraps of data, each one harmless enough on its own, are carefully assembled, synthesized, traded and sold.

“Taken to the extreme this process creates an enduring digital profile and lets companies know you better than you may know yourself. Your profile is a bunch of algorithms that serve up increasingly extreme content, pounding our harmless preferences into harm.”

This discussion came about as a result of a keynote speech Cook was giving to the 40th International Conference of Data Protection and Privacy Commissioners in Brussels.

Cook also addressed the issue of artificial intelligence, saying that “at its core this technology promises to learn from people individually to benefit us all. But advancing AI by collecting huge personal profiles is laziness, not efficiency.”

“For artificial intelligence to be truly smart it must respect human values — including privacy. If we get this wrong, the dangers are profound. We can achieve both great artificial intelligence and great privacy standards. It is not only a possibility — it is a responsibility.”

I find it fascinating that Cook tied up AI and privacy. He’s clearly looking well ahead to where some of the next major digital battlegroups are likely to take place, and the raw horsepower AI could bring to privacy violations.

Cook went on to say that Apple is “in full support of a comprehensive, federal privacy law in the United States.

He argued that a U.S. privacy law should prioritize four things:

  1. Data minimization — “the right to have personal data minimized”, saying companies should “challenge themselves” to de-identify customer data or not collect it in the first place
  2. Transparency — “the right to knowledge”, saying users should “always know what data is being collected and what it is being collected for, saying it’s the only way to “empower users to decide what collection is legitimate and what isn’t”. “Anything less is a shame,” he added
  3. The right to access — saying companies should recognize that “data belongs to users”, and it should be made easy for users to get a copy of, correct and delete their personal data
  4. The right to security — saying “security is foundational to trust and all other privacy rights”

Over the past several years, Apple has positioned itself as a protector of digital privacy rights. However, it should be noted that  Apple is also far less dependent on digital advertising revenue as are other key players in the tech space (Google, Facebook, Amazon, etc.)

Written by turbotodd

October 24, 2018 at 11:49 am

Google Hides A Bug

leave a comment »

Happy Monday.

If it’s Monday, it must be a security and/or privacy breach day!

In today’s privacy cluster—— spotlight, The Wall Street Journal informs us that Google exposed the private data of hundreds of thousands of users of the Google+ social network — and then opted not to disclose the issue this past spring.

According to the story, the company did so “in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage.”

This from the very same company that refused to send a very senior executive to the recent tech hearings on Capitol Hill (as opposed to Facebook and Twitter, who sent their COO and CEO, respectively).

Here’s the rundown on the core of the technical glitch and failed response:

A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica….

….The internal memo from legal and policy staff says the company has no evidence that any outside developers misused the data but acknowledges it has no way of knowing for sure. The profile data that was exposed included full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status; it didn’t include phone numbers, email messages, timeline posts, direct messages or any other type of communication data, one of the people said.

The PII crown jewels, if you will.  

In response, Alphabet, Google’s parent company, is going to announce “a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+.”

To which millions of tech geeks like myself around the globe publicly ponder, “Is Google+ even still a thing?!!”

So you think that Google search history of yours that you wouldn’t want your spouse or closest friends and colleagues to see is still safe?!!

Think again.

Want to send Serge and Larry and the gang a message?  Go to the following page and delete your entire Google history:

https://myactivity.google.com/delete-activity

Written by turbotodd

October 8, 2018 at 1:18 pm

Posted in 2018, google, privacy

Tagged with , ,

Back to School

leave a comment »

Fake IDs are about to go the way of the mullet.

Well, at least real fake IDs — you know, the ones with that picture that made one look as old as possible but which would hardly survive a TSA check circa 2018.

I’m talking about Apple’s new partnership for a contactless ID card introduced in iOS 12 and watchOS5, which will allow students at Duke University, University of Alabama, and the University of Oklahoma to access dorms, dining halls, library, the gym, and also pay for bookstore supplies, laundry usage, and even restaurant meals.

Using the Apple Wallet and contactless NFC readers, as well as the Apple Wallet, students simply need hold their device near a card reader to unlock a door.

The new high tech ID cards certainly have benefits in terms of safety and convenience, but one has to wonder what are the implications of privacy, and how can all that digital campus data potentially be used or misused.

Meanwhile, be aware that if you’re traveling to New Zealand, a new law that went into effect yesterday, the Customs and Excise Act 2018, could require you to provide access (via password, pin-code, or fingerprint) to your electronic devices if officials have a “reasonable suspicion of wrongdoing.”

According to a story from RNZ, customs officials will examine one’s phone while it’s in flight mode (and not the cloud), but that for those who refuse, they could face fines up to $5,000 and confiscation of one’s device.

Privacy and due process issues abound…what constitutes “reasonable suspicion” and how does one challenge whether or not it is, in fact, reasonable.

So how long before we’re all chipped so we can be monitored everywhere, at all times, with no privacy whatsoever?

It could be sooner than you think.

Written by turbotodd

October 2, 2018 at 9:25 am

Posted in 2018, digital identity, privacy

Tagged with , ,

Didja Delete Your Facebook Yet?

leave a comment »

People around the globe are having a crisis of conscience.

Do I delete my Facebook account or do I not?

Even Hamlet didn’t have to contend with such an existential crisis.

Get a grip and some perspective, people.  Take a deep breath, and…one….hold…and two….

And then, if you’re really, really concerned about whether or not the privacy trade-off is worth keeping up with the virtual Joneses, Techpinions did some fast research of 1,000 Americans about their feelings and actions re: Facebook post-Cambridge Analytica;

The big takeaways:

  • 17% of respondents said they deleted the Facebook app from their phone over privacy concerns
  • 35% said they were using Facebook less than they used to over the privacy issue
  • 39% said they were “very aware” of the Cambridge Analytica scandal, while 37% said they were “somewhat aware.”
  • 9% reported deleting their Facebook account altogether

So, according to that report, nearly 1 in 10 have said “sayonara” to Facebook. 

For those who stayed, there’s the issue of perhaps exerting more usage of Facebook’s already-extensive privacy controls.  

Facebook VP of global marketing solutions, Carolyn Everson, spoke at The Wall Street Journal CEO Council in London, and indicated that “we have not seen wild changes in behavior with people saying I’m not going to share any data with Facebook anymore,” and that Facebook users largely haven’t changed their privacy settings in the past four weeks since the Cambridge story broke.

If you don’t want to break up with Facebook, but you’d like to exert more control of how your information is used there, check out this guidance from ZDNet.

It’s like getting your PhD in Facebook privacy!

Written by turbotodd

April 13, 2018 at 9:49 am

Posted in 2018, facebook, privacy

Tagged with , ,

I Can’t Get Rid of My Friends!

leave a comment »

Okay, Mark Zuckerberg probably had a less rosy day on Capitol Hill yesterday in front of the House, but overall, I would have to say he acquitted himself well.

As for that whole thing I mentioned in an earlier posts about the Senators and Congresspeople hopefully being well briefed by their staffs…well, you could tell from the questioning either A) that didn’t happen or B) the Senators and Congresspeople just didn’t have the depth of knowledge necessary to follow up with thoughtful and probing interrogatory.

Facebook definitely won this round.  Ding ding!

But tech journalists who *do* have some technical chops continue to probe around the edges to find privacy and related holes in Facebook’s business model and capabilities.

Brian Chen, a New York Time’s technology journalist, recently downloaded his full data from Facebook using a tool Facebook has made available to the public.

Chen noted in the piece that his Facebook profile is “sparse” and that he rarely posts anything on the site, and seldom clicks on ads.

And yet within a few clicks of looking through the data, he “learned that about 500 advertisers — many that I had never heard of, like Bad Dad, a motorcycle parts store, and Space Jesus, an electronic band — had my contact information, which could include my email address, phone number, and full name.”

Welcome to Mark Zuckerberg’s closet, Brian.

He also learned that an index file contact the 764 names and phone numbers of everyone in his iPhone’s address book, which Facebook had uploaded when Chen was setting up Facebook Messenger.

Welcome to Mark Zuckerberg’s garage, Brian.

He indicated that Facebook “also kept a history of each time I open Facebook over the last two years, including which device and web browser I used. On Sundays, it even logged my locations, like when I was in a hospital two years ago or when I visited Tokyo last year.”

Welcome to Mark Zuckerberg’s attic, Brian.

But, Chen wrote, what really got his goat was the data he  “had explicitly deleted but that lingered in plain sight.”

He indicated that on his friends list, Facebook had a record of “removed friends,” a dossier of the 112 people he had removed along with the date he had clicked the “unfriend” button. Why should Facebook remember the people he cut off from his life?

Because, Brian.  

It’s Facebook, and that’s what Facebook is and that’s what Facebook does.

And that’s what you, me, and 2 billion other people on the planet signed up for.

Welcome to Mark Zuckerberg’s mansion, Brian.

Written by turbotodd

April 12, 2018 at 9:31 am

Posted in Uncategorized

Tagged with , ,

You Thought You Had a Bad Tuesday

leave a comment »

You thought you had a bad Tuesday?

You weren’t sitting in front of a bunch of hot lights and a swarm of photographers before a joint session of the Commerce and Judiciary committees on Capitol Hill.

Mark Zuckerberg, founder and CEO of Facebook, was, and judging from coverage of his “performance,” he was a calm and cool customer, absorbing jibes, barbs, and other commentary and questions from a Senate with a wide range of perspectives (No report I’ve seen yet as to how many of the senators had taken campaign contributions from his inquisitors).

The Verge did a nice job of breaking down some of the key issues raised, and who raised them.

  • Sen. Lindsey Graham (R-SC) asked about Facebook’s monopoly power (As in, IS Facebook one?). Zuckerberg: “It certainly doesn’t feel like that to me.”
  • Multiple senators raised the issue of whether Zuckerberg might consider a paid, ad-free version of Facebook. Zuckerberg said it was possible, but that there would always be a free version.
  • Leaning on AI to improve moderation on the platform: Zuckerberg “invoked the promise of AI to help Facebook quickly sort through hate speech and other problematic posts.”

In terms of actionability, Zuckerberg referred repeatedly to changes in the product that will better prevent data leakage and make privacy shortcuts easier to find, as well as restrict data shared with developers.

Will it be enough to keep regulation and/or legislation at bay? Doubtful. On the other hand, I hardly see a pro-regulatory government about to completely throw the book at one of the world’s most successful Internet companies.

So I’ll quote from that bastion of Congressional wisdom, SchoolHouse Rock’s “I’m Just a Bill”:

I’m just a bill
Yes I’m only a bill,
And I got as far as Capitol Hill.
Well, now I’m stuck in committee
And I’ll sit here and wait 
While a few key Congressmen discuss and debate
Whether they should let me be a law.
How I hope and pray that they will,
But today I am still just a bill.

Written by turbotodd

April 11, 2018 at 8:58 am

Posted in 2018, facebook, legislation, privacy

Tagged with , ,

%d bloggers like this: