Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
We love ourselves some Spiders here at Geek. The Marvel Universe plays with so many different ideas for the vast and ever-changing Spider-verse that it’s become an epic lineup of its own. With […]
The post Geeksplainer: Spider-Gwen appeared first on Geek.com.
We cared about Cambridge Analytica because it could have helped elect Trump. We ignored LocationSmart because even the though the company was selling and exposing the real-time GPS coordinates of our phones, it was never clear exactly if or how that data was misused.
This idea, that privacy issues are abstract concepts for most people until they become security or ideological problems, is important to understanding Facebook’s massive breach revealed this week.
The social network’s engineering was sloppy, allowing three bugs to be combined to steal the access tokens of 50 million people. In pursuit of rapid growth at affordable efficiency, Facebook failed to protect its users. This assessment doesn’t discount that. Facebook screwed up big time.
But despite the potential that those access tokens could have let the attackers take over user accounts, act as them, and scrape their personal info, it’s unclear how much users really care. That’s because for now, Facebook and it’s watchdogs aren’t sure exactly what data was stolen or how it was wrongly used.
This could all change tomorrow. If Facebook discovers the hack was perpetrated by a foreign government to interfere with elections, by criminals to bypass identity theft security checkpoints and steal people’s bank accounts or social media profiles, or to target individuals for physical harm, out will come the pitchforks and torches.
Given a sufficiently scary application for the data, the breach could finish the job of destroying Facebook’s brand. If users start clearing their profile data, reducing their feed browsing, and ceasing to share, the breach could have significant financial and network effect consequences for Facebook. After years of scandals, this could be the hack that’s broke the camel’s back.
Yet in the absence of that evil utilization of the hacked data, the breach could fade into the background for users. Similar to the tension-filled departures of the founders of Facebook’s acquisitions Instagram and WhatsApp, the brunt of the backlash may not come from the public.
The hack could hasten regulation of social media. Senator Warner called on Congress to “step up” following the hack. He’s previously advocated for privacy laws similar to Europe’s GDPR. That includes data portability and interoperability rules that could make it easier to switch social networks. That threat of people moving to competing apps could succeed in compelling Facebook to treat user privacy and security better.
One of the biggest questions about the attack is whether the tokens were used to access other services like Airbnb or Spotify that rely on Facebook Login. The breach could steer potential partners away from building atop Facebook’s identity platform. But at least you don’t have to worry about changing all your passwords. Unlike hacks that steal usernames and passwords, the lasting danger of the Facebook breach is limited. The access tokens have already been invalidated, whereas password reuse can lead people to have their other apps hacked long after the initial breach.
If government investigators, journalists, or anti-Facebook activists want to make the company pay for its negligence, they’ll need to connect it to some concrete threat to how we live or what we believe.
For now, without a nefarious application of the breached data, this scandal could blend into the rest of Facebook’s troubles. Every week, sometimes multiple times a week, Facebook has some headline grabbing problem. Over time, those are adding up to deter usage of Facebook and spur more users to delete it. But without an independent general purpose social network they can easily switch to, many users have endured Facebook’s stumbles in exchange for the connective utility it provides.
As breaches become more common, the public may be desensitized. Between Equifax, Yahoo, and the cell phone companies, we’re growing accustomed to letting out a deep sigh with maybe some expletives, and moving on with our lives. The ones we’ll remember will be those where the danger metastasized from the digital world into our offline lives.
French startup Ownpage has recently released a new product called Relike. Relike is one of the easiest ways to get started with email newsletters. You enter the web address of your Facebook page and that’s about it.
The company automatically pulls your most recent posts from your Facebook page and lets you set up an emailing campaign in a few clicks. You can either automatically pick your most popular Facebook posts or manually select a few posts.
Just like any emailing service, you can choose between multiple templates, decide the day of the week and time of the day, import a database of email addresses and more. If you’ve used Mailchimp in the past, you’ll feel right at home.
But the idea isn’t to compete directly with newsletter services. Many social media managers, media organizations, small companies, nonprofits and sports teams already have a Facebook page but aren’t doing anything on the email front.
Relike is free if you send less than 2,000 emails per month and don’t need advanced features. If you want to get open rates, click-through rates and other features, you’ll need to pay €5 per month and €0.50 every time you send 1,000 emails.
The company’s other product Ownpage is a bit different. Ownpage has been working with media organizations to optimize their email newsletters. The company is tracking reading habits on a news site and sending personalized email newsletters.
This way, readers will get tailored news and will more likely come back to your site. Many big French news sites use Ownpage for their newsletters, such as Les Echos, L’Express, 20 Minutes, BFM TV, Le Parisien, etc.
Ownpage founder and CEO Stéphane Cambon told me that Relike was the obvious second act. Using browsing data for customized newsletters is one thing, but many talented social media managers know how to contextualize stories and maximize clicks (even if it means clickbait, sure).
The startup was looking at a way to get this data, and ended up creating Relike, which could appeal to customers beyond news organizations. For now, both products will stick around. In the future, the company plans to add Twitter and Instagram integrations as well as better signup flows for newsletter subscribers.
Think about this for a second: there are college graduates out there who have never lived in a world without The Simpsons. Since premiering in 1989, it’s been Fox’s primary cash cow, spawning […]
The post 11 Episodes The Simpsons Could Have Ended On appeared first on Geek.com.
Some of the most exciting things in the arts today wouldn’t be happening without Kickstarter. It’s a platform that’s been the key crowdfunding tool that’s funded over 100,000 projects with the help of […]
The post 5 Comics Kickstarters You Should Back! appeared first on Geek.com.
Elite Lego builders have produced some truly amazing creations over the years. Some of the most mind-blowing are kinetic sculptures. MOCs are cool enough when they’re static. Add an element of motion to […]
The post Lego Forma Is a Customizable Kinetic Sculpture You Build Yourself appeared first on Geek.com.
Smart speakers have been the new *thing* for a couple of years now. ABle to play your favorite music or audio book, or simply give you weather updates with a vocal prompt, they’re […]
The post 9 Times Your Smart Speaker Got Weird appeared first on Geek.com.
Somewhat apocryphally, rocket science has been cemented in our culture as one of the hardest things you can possibly do. Right up there with brain surgery (which, of course, lead to the comedic […]
The post Why Is Rocket Science so Hard? appeared first on Geek.com.
Hands up if, like me, you can’t properly fold a roadmap. The principle seems easy: Follow the creased lines for a glove-compartment-ready stowaway. The practice, however, is difficult: Various steps must be performed […]
The post Self-Folding Metamaterial Could Travel to Space appeared first on Geek.com.
Every fall a new darkness descends on Orlando, Florida. One that is constantly changing and evolving around the Universal Orlando property. Last year it brought out the horrors of Stephen King’s The Shining, […]
The post An Upside-Down Look at Halloween Horror Nights 28 appeared first on Geek.com.
At a Senate hearing this week in which US lawmakers quizzed tech giants on how they should go about drawing up comprehensive Federal consumer privacy protection legislation, Apple’s VP of software technology described privacy as a “core value” for the company.
“We want your device to know everything about you but we don’t think we should,” Bud Tribble told them in his opening remarks.
Facebook was not at the commerce committee hearing which, as well as Apple, included reps from Amazon, AT&T, Charter Communications, Google and Twitter.
But the company could hardly have made such a claim had it been in the room, given that its business is based on trying to know everything about you in order to dart you with ads.
You could say Facebook has ‘hostility to privacy‘ as a core value.
Earlier this year one US senator wondered of Mark Zuckerberg how Facebook could run its service given it doesn’t charge users for access. “Senator we run ads,” was the almost startled response, as if the Facebook founder couldn’t believe his luck at the not-even-surface-level political probing his platform was getting.
But there have been tougher moments of scrutiny for Zuckerberg and his company in 2018, as public awareness about how people’s data is being ceaselessly sucked out of platforms and passed around in the background, as fuel for a certain slice of the digital economy, has grown and grown — fuelled by a steady parade of data breaches and privacy scandals which provide a glimpse behind the curtain.
On the data scandal front Facebook has reigned supreme, whether it’s as an ‘oops we just didn’t think of that’ spreader of socially divisive ads paid for by Kremlin agents (sometimes with roubles!); or as a carefree host for third party apps to party at its users’ expense by silently hovering up info on their friends, in the multi-millions.
Facebook’s response to the Cambridge Analytica debacle was to loudly claim it was ‘locking the platform down‘. And try to paint everyone else as the rogue data sucker — to avoid the obvious and awkward fact that its own business functions in much the same way.
All this scandalabra has kept Facebook execs very busy with year, with policy staffers and execs being grilled by lawmakers on an increasing number of fronts and issues — from election interference and data misuse, to ad transparency, hate speech and abuse, and also directly, and at times closely, on consumer privacy and control.
Facebook shielded its founder from one sought for grilling on data misuse, as UK MPs investigated online disinformation vs democracy, as well as examining wider issues around consumer control and privacy. (They’ve since recommended a social media levy to safeguard society from platform power.)
The DCMS committee wanted Zuckerberg to testify to unpick how Facebook’s platform contributes to the spread of disinformation online. The company sent various reps to face questions (including its CTO) — but never the founder (not even via video link). And committee chair Damian Collins was withering and public in his criticism of Facebook sidestepping close questioning — saying the company had displayed a “pattern” of uncooperative behaviour, and “an unwillingness to engage, and a desire to hold onto information and not disclose it.”
As a result, Zuckerberg’s tally of public appearances before lawmakers this year stands at just two domestic hearings, in the US Senate and Congress, and one at a meeting of the EU parliament’s conference of presidents (which switched from a behind closed doors format to being streamed online after a revolt by parliamentarians) — and where he was heckled by MEPs for avoiding their questions.
But three sessions in a handful of months is still a lot more political grillings than Zuckerberg has ever faced before.
He’s going to need to get used to awkward questions now that lawmakers have woken up to the power and risk of his platform.
What has become increasingly clear from the growing sound and fury over privacy and Facebook (and Facebook and privacy), is that a key plank of the company’s strategy to fight against the rise of consumer privacy as a mainstream concern is misdirection and cynical exploitation of valid security concerns.
Simply put, Facebook is weaponizing security to shield its erosion of privacy.
Privacy legislation is perhaps the only thing that could pose an existential threat to a business that’s entirely powered by watching and recording what people do at vast scale. And relying on that scale (and its own dark pattern design) to manipulate consent flows to acquire the private data it needs to profit.
Only robust privacy laws could bring Facebook’s self-serving house of cards tumbling down. User growth on its main service isn’t what it was but the company has shown itself very adept at picking up (and picking off) potential competitors — applying its surveillance practices to crushing competition too.
In Europe lawmakers have already tightened privacy oversight on digital businesses and massively beefed up penalties for data misuse. Under the region’s new GDPR framework compliance violations can attract fines as high as 4% of a company’s global annual turnover.
Which would mean billions of dollars in Facebook’s case — vs the pinprick penalties it has been dealing with for data abuse up to now.
Though fines aren’t the real point; if Facebook is forced to change its processes, so how it harvests and mines people’s data, that could knock a major, major hole right through its profit-center.
Hence the existential nature of the threat.
The GDPR came into force in May and multiple investigations are already underway. This summer the EU’s data protection supervisor, , told the Washington Post to expect the first results by the end of the year.
Which means 2018 could result in some very well known tech giants being hit with major fines. And — more interestingly — being forced to change how they approach privacy.
One target for GDPR complainants is so-called ‘forced consent‘ — where consumers are told by platforms leveraging powerful network effects that they must accept giving up their privacy as the ‘take it or leave it’ price of accessing the service. Which doesn’t exactly smell like the ‘free choice’ EU law actually requires.
It’s not just Europe, either. Regulators across the globe are paying greater attention than ever to the use and abuse of people’s data. And also, therefore, to Facebook’s business — which profits, so very handsomely, by exploiting privacy to build profiles on literally billions of people in order to dart them with ads.
US lawmakers are now directly asking tech firms whether they should implement GDPR style legislation at home.
Unsurprisingly, tech giants are not at all keen — arguing, as they did at this week’s hearing, for the need to “balance” individual privacy rights against “freedom to innovate”.
So a lobbying joint-front to try to water down any US privacy clampdown is in full effect. (Though also asked this week whether they would leave Europe or California as a result of tougher-than-they’d-like privacy laws none of the tech giants said they would.)
The state of California passed its own robust privacy law, the California Consumer Privacy Act, this summer, which is due to come into force in 2020. And the tech industry is not a fan. So its engagement with federal lawmakers now is a clear attempt to secure a weaker federal framework to ride over any more stringent state laws.
Europe and its GDPR obviously can’t be rolled over like that, though. Even as tech giants like Facebook have certainly been seeing how much they can get away with — to force a expensive and time-consuming legal fight.
While ‘innovation’ is one oft-trotted angle tech firms use to argue against consumer privacy protections, Facebook included, the company has another tactic too: Deploying the ‘S’ word — security — both to fend off increasingly tricky questions from lawmakers, as they finally get up to speed and start to grapple with what it’s actually doing; and — more broadly — to keep its people-mining, ad-targeting business steamrollering on by greasing the pipe that keeps the personal data flowing in.
In recent years multiple major data misuse scandals have undoubtedly raised consumer awareness about privacy, and put greater emphasis on the value of robustly securing personal data. Scandals that even seem to have begun to impact how some Facebook users Facebook. So the risks for its business are clear.
Part of its strategic response, then, looks like an attempt to collapse the distinction between security and privacy — by using security concerns to shield privacy hostile practices from critical scrutiny, specifically by chain-linking its data-harvesting activities to some vaguely invoked “security purposes”, whether that’s security for all Facebook users against malicious non-users trying to hack them; or, wider still, for every engaged citizen who wants democracy to be protected from fake accounts spreading malicious propaganda.
So the game Facebook is here playing is to use security as a very broad-brush to try to defang legislation that could radically shrink its access to people’s data.
Here, for example, is Zuckerberg responding to a question from an MEP in the EU parliament asking for answers on so-called ‘shadow profiles’ (aka the personal data the company collects on non-users) — emphasis mine:
It’s very important that we don’t have people who aren’t Facebook users that are coming to our service and trying to scrape the public data that’s available. And one of the ways that we do that is people use our service and even if they’re not signed in we need to understand how they’re using the service to prevent bad activity.
At this point in the meeting Zuckerberg also suggestively referenced MEPs’ concerns about election interference — to better play on a security fear that’s inexorably close to their hearts. (With the spectre of re-election looming next spring.) So he’s making good use of his psychology major.
“On the security side we think it’s important to keep it to protect people in our community,” he also said when pressed by MEPs to answer how a person who isn’t a Facebook user could delete its shadow profile of them.
He was also questioned about shadow profiles by the House Energy and Commerce Committee in April. And used the same security justification for harvesting data on people who aren’t Facebook users.
“Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers],” he said. “In order to prevent people from scraping public information… we need to know when someone is repeatedly trying to access our services.”
He claimed not to know “off the top of my head” how many data points Facebook holds on non-users (nor even on users, which the congressman had also asked for, for comparative purposes).
These sorts of exchanges are very telling because for years Facebook has relied upon people not knowing or really understanding how its platform works to keep what are clearly ethically questionable practices from closer scrutiny.
But, as political attention has dialled up around privacy, and its become harder for the company to simply deny or fog what it’s actually doing, Facebook appears to be evolving its defence strategy — by defiantly arguing it simply must profile everyone, including non-users, for user security.
No matter this is the same company which, despite maintaining all those shadow profiles on its servers, famously failed to spot Kremlin election interference going on at massive scale in its own back yard — and thus failed to protect its users from malicious propaganda.
TechCrunch/Bryce Durbin
Nor was Facebook capable of preventing its platform from being repurposed as a conduit for accelerating ethnic hate in a country such as Myanmar — with some truly tragic consequences. Yet it must, presumably, hold shadow profiles on non-users there too. Yet was seemingly unable (or unwilling) to use that intelligence to help protect actual lives…
So when Zuckerberg invokes overarching “security purposes” as a justification for violating people’s privacy en masse it pays to ask critical questions about what kind of security it’s actually purporting to be able deliver. Beyond, y’know, continued security for its own business model as it comes under increasing attack.
What Facebook indisputably does do with ‘shadow contact information’, acquired about people via other means than the person themselves handing it over, is to use it to target people with ads. So it uses intelligence harvested without consent to make money.
Facebook confirmed as much this week, when Gizmodo asked it to respond to a study by some US academics that showed how a piece of personal data that had never been knowingly provided to Facebook by its owner could still be used to target an ad at that person.
Responding to the study, Facebook admitted it was “likely” the academic had been shown the ad “because someone else uploaded his contact information via contact importer”.
“People own their address books. We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them,” it told Gizmodo.
So essentially Facebook has finally admitted that consentless scraped contact information is a core part of its ad targeting apparatus.
Safe to say, that’s not going to play at all well in Europe.
Basically Facebook is saying you own and control your personal data until it can acquire it from someone else — and then, er, nope!
Yet given the reach of its network, the chances of your data not sitting on its servers somewhere seems very, very slim. So Facebook is essentially invading the privacy of pretty much everyone in the world who has ever used a mobile phone. (Something like two-thirds of the global population then.)
In other contexts this would be called spying — or, well, ‘mass surveillance’.
It’s also how Facebook makes money.
And yet when called in front of lawmakers to asking about the ethics of spying on the majority of the people on the planet, the company seeks to justify this supermassive privacy intrusion by suggesting that gathering data about every phone user without their consent is necessary for some fuzzily-defined “security purposes” — even as its own record on security really isn’t looking so shiny these days.
WASHINGTON, DC – APRIL 11: Facebook co-founder, Chairman and CEO Mark Zuckerberg prepares to testify before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018 in Washington, DC. This is the second day of testimony before Congress by Zuckerberg, 33, after it was reported that 87 million Facebook users had their personal information harvested by Cambridge Analytica, a British political consulting firm linked to the Trump campaign. (Photo by Chip Somodevilla/Getty Images)
It’s as if Facebook is trying to lift a page out of national intelligence agency playbooks — when governments claim ‘mass surveillance’ of populations is necessary for security purposes like counterterrorism.
Except Facebook is a commercial company, not the NSA.
So it’s only fighting to keep being able to carpet-bomb the planet with ads.
Another example of Facebook weaponizing security to erode privacy was also confirmed via Gizmodo’s reportage. The same academics found the company uses phone numbers provided to it by users for the specific (security) purpose of enabling two-factor authentication, which is a technique intended to make it harder for a hacker to take over an account, to also target them with ads.
In a nutshell, Facebook is exploiting its users’ valid security fears about being hacked in order to make itself more money.
Any security expert worth their salt will have spent long years encouraging web users to turn on two factor authentication for as many of their accounts as possible in order to reduce the risk of being hacked. So Facebook exploiting that security vector to boost its profits is truly awful. Because it works against those valiant infosec efforts — so risks eroding users’ security as well as trampling all over their privacy.
It’s just a double whammy of awful, awful behavior.
And of course, there’s more.
A third example of how Facebook seeks to play on people’s security fears to enable deeper privacy intrusion comes by way of the recent rollout of its facial recognition technology in Europe.
In this region the company had previously been forced to pull the plug on facial recognition after being leaned on by privacy conscious regulators. But after having to redesign its consent flows to come up with its version of ‘GDPR compliance’ in time for May 25, Facebook used this opportunity to revisit a rollout of the technology on Europeans — by asking users there to consent to switching it on.
Now you might think that asking for consent sounds okay on the surface. But it pays to remember that Facebook is a master of dark pattern design.
Which means it’s expert at extracting outcomes from people by applying these manipulative dark arts. (Don’t forget, it has even directly experimented in manipulating users’ emotions.)
So can it be a free consent if ‘individual choice’ is set against a powerful technology platform that’s both in charge of the consent wording, button placement and button design, and which can also data-mine the behavior of its 2BN+ users to further inform and tweak (via A/B testing) the design of the aforementioned ‘consent flow’? (Or, to put it another way, is it still ‘yes’ if the tiny greyscale ‘no’ button fades away when your cursor approaches while the big ‘YES’ button pops and blinks suggestively?)
In the case of facial recognition, Facebook used a manipulative consent flow that included a couple of self-serving ‘examples’ — selling the ‘benefits’ of the technology to users before they landed on the screen where they could choose either yes switch it on, or no leave it off.
One of which explicitly played on people’s security fears — by suggesting that without the technology enabled users were at risk of being impersonated by strangers. Whereas, by agreeing to do what Facebook wanted you to do, Facebook said it would help “protect you from a stranger using your photo to impersonate you”…
That example shows the company is not above actively jerking on the chain of people’s security fears, as well as passively exploiting similar security worries when it jerkily repurposes 2FA digits for ad targeting.
There’s even more too; Facebook has been positioning itself to pull off what is arguably the greatest (in the ‘largest’ sense of the word) appropriation of security concerns yet to shield its behind-the-scenes trampling of user privacy — when, from next year, it will begin injecting ads into the WhatsApp messaging platform.
These will be targeted ads, because Facebook has already changed the WhatsApp T&Cs to link Facebook and WhatsApp accounts — via phone number matching and other technical means that enable it to connect distinct accounts across two otherwise entirely separate social services.
Thing is, WhatsApp got fat on its founders promise of 100% ad-free messaging. The founders were also privacy and security champions, pushing to roll e2e encryption right across the platform — even after selling their app to the adtech giant in 2014.
WhatsApp’s robust e2e encryption means Facebook literally cannot read the messages users are sending each other. But that does not mean Facebook is respecting WhatsApp users’ privacy.
On the contrary; The company has given itself broader rights to user data by changing the WhatsApp T&Cs and by matching accounts.
So, really, it’s all just one big Facebook profile now — whichever of its products you do (or don’t) use.
This means that even without literally reading your WhatsApps, Facebook can still know plenty about a WhatsApp user, thanks to any other Facebook Group profiles they have ever had and any shadow profiles it maintains in parallel. WhatsApp users will soon become 1.5BN+ bullseyes for yet more creepily intrusive Facebook ads to seek their target.
No private spaces, then, in Facebook’s empire as the company capitalizes on people’s fears to shift the debate away from personal privacy and onto the self-serving notion of ‘secured by Facebook spaces’ — in order that it can keep sucking up people’s personal data.
Yet this is a very dangerous strategy, though.
Because if Facebook can’t even deliver security for its users, thereby undermining those “security purposes” it keeps banging on about, it might find it difficult to sell the world on going naked just so Facebook Inc can keep turning a profit.
What’s the best security practice of all? That’s super simple: Not holding data in the first place.
For a limited time, Humble Bundle is offering up hundreds of dollars worth of instructional ebooks on programming with a huge discount. And as an excellent bonus, part of your purchase benefits a […]
The post Geek Deals: Programming Ebooks Starting at $1 appeared first on Geek.com.
Even if you never log into Facebook itself these days, the other apps and services you use might be impacted by Facebook’s latest big, bad news.
In a follow-up call on Friday’s revelation that Facebook has suffered a security breach affecting at least 50 million accounts, the company clarified that Instagram users were not out of the woods — nor were any other third-party services that utilized Facebook Login. Facebook Login is the tool that allows users to sign in with a Facebook account instead of traditional login credentials and many users choose it as a convenient way to sign into a variety of apps and services.
Due to the nature of the hack, Facebook cannot rule out the fact that attackers may have also accessed any Instagram account linked to an affected Facebook account through Facebook Login. Still, it’s worth remembering that while Facebook can’t rule it out, the company has no evidence (yet) of this kind of activity.
“So the vulnerability was on Facebook, but these access tokens enable someone to use [a connected account] as if they were the account holder themselves — this does mean they could have access other third party apps that were using Facebook login,” Facebook Vice President of Product Management Guy Rosen explained on the call.
“Now that we have reset all of those access tokens as part of protecting the security of people’s accounts, developers who use Facebook login will be able to detect that those access tokens has been reset, identify those users and as a user, you will simply have to log in again into those third party apps.”
Rosen reiterated that there is plenty Facebook does not know about the hack, including the extent to which attackers manipulated the three security bugs in question to obtain access to external accounts through Facebook Login.
“The vulnerability was on Facebook itself and we’ve yet to determine, given the investigation is really early, [what was] the exact nature of misuse and whether there was any access to Instagram accounts, for example,” Rosen said.
Anyone with a Facebook account affected by the breach — you should have been automatically logged out and will receive a notification — will need to unlink and relink their Instagram account to Facebook in order to continue cross-posting content to Facebook.
To do relink your Instagram account to Facebook, if you choose to, open Instagram Settings > Linked Accounts and select the checkbox next to Facebook. Click Unlink and confirm your selection. If you’d like to reconnect Instagram with Facebook, you’ll need to select Facebook in the Linked Accounts menu and login with your credentials like normal.
If you know your Facebook account was affected by the breach, it’s wise to check for suspicious activity on your account. You can do this on Facebook through the Security and Login menu.
There, you’ll want to browse the activity listed to make sure you don’t see anything that doesn’t look like you — logins from other countries, for example. If you’re concerned or just want to play it safe, you can always find the link to “Log Out Of All Sessions” by scrolling toward the bottom of the page.
While we know a little bit more now about Facebook’s biggest security breach to date, there’s still a lot that we don’t. Expect plenty of additional information in the coming days and weeks as Facebook surveys the damage and passes that information along to its users. We’ll do the same.
Some users are reporting that they are unable to post today’s big story about a security breach affecting 50 million Facebook users. The issue appears to only affect particular stories from certain outlets, at this time one story from The Guardian and one from the Associated Press, both reputable press outlets.
When going to share the story to their news feed, some users, including members of the staff here at TechCrunch who were able to replicate the bug, were met with the following error message which prevented them from sharing the story.
According to the message, Facebook is flagging the stories as spam due to how widely they are being shared or as the message puts it, the system’s observation that “a lot of people are posting the same content.”
To be clear, this isn’t one Facebook content moderator sitting behind a screen rejecting the link somewhere or the company conspiring against users spreading damning news. The situation is another example of Facebook’s automated content flagging tools marking legitimate content as illegitimate, in this case calling it spam. Still, it’s strange and difficult to understand why such a bug wouldn’t affect many other stories that regularly go viral on the social platform.
This instance is by no means a first for Facebook. The platform’s automated tools — which operate at unprecedented scale for a social network — are well known for at times censoring legitimate posts and flagging benign content while failing to detect harassment and hate speech. We’ve reached out to Facebook for details about how this kind of thing happens but the company appears to have its hands full with the bigger news of the day.
While the incident is nothing particularly new, it’s an odd quirk — and in this instance quite a bad look given that the bad news affects Facebook itself.
Facebook is cleaning up after a major security incident exposed the account data of millions of users. What’s already been a rocky year after the Cambridge Analytica scandal, the company is scrambling to regain its users trust after another security incident exposed user data.
Here’s everything you need to know so far.
What happened?
Facebook says at least 50 million users’ data may be at risk after attackers exploited a vulnerability that allowed them access to personal data. The company also preventively secure 40 million additional accounts out of an abundance of caution.
What data were the hackers after?
Facebook CEO Mark Zuckerberg said that the company has not seen any accounts compromised and improperly accessed — although it’s early days and that may change. But Zuckerberg said that the attackers were using Facebook developer APIs to obtain some information, like “name, gender, and hometowns” that’s linked to a user’s profile page.
What data wasn’t taken?
Facebook said that it looks unlikely that private messages were accessed. No credit card information was taken in the breach, Facebook said. Again, that may change as the company’s investigation continues.
What’s an access token? Do I need to change my password?
When you enter your username and password on most sites and apps, including Facebook, your browser or device is set an access tokens. This keeps you logged in, without you having to enter your credentials every time you log in. But the token doesn’t store your password — so there’s no need to change your password.
Is this why Facebook logged me out of my account?
Yes, Facebook says it reset the access tokens of all users affected. That means some 90 million users will have been logged out of their account — either on their phone or computer — in the past day. This also includes users on Facebook Messenger.
When did this attack happen?
The vulnerability was introduced on the site in July 2017, but Facebook didn’t know about it until this month, on September 16, 2018, when it spotted unusual activity. That means the hackers could have had access to user data for a long time, as Facebook is not sure right now when the attack began.
Who would do this?
Facebook doesn’t know who attacked the site, but the FBI is investigating, it says.
However, Facebook has in the past found evidence of Russia’s attempts to meddle in American democracy and influence our elections — but it’s not to say that Russia is behind this new attack. Attribution is incredibly difficult and takes a lot of time and effort. It recently took the FBI more than two years to confirm that North Korea was behind the Sony hack in 2016 — so we might be in for a long wait.
How did the attackers get in?
Not one, but three bugs led to the data exposure.
In July 2017, Facebook inadvertently introduced three vulnerabilities in its video uploader, said Guy Rosen, Facebook’s vice president of product management, in a call with reporters. When using the “View As” feature to view your profile as someone else, the video uploader would occasionally appear when it shouldn’t display at all. When it appeared, it generated an access token using the person who the profile page was being viewed as. If that token was obtained, an attacker could log into the account of the other person.
Is the problem fixed?
Facebook says it fixed the vulnerability on September 27, and then began resetting the access tokens of people to protect the security of their accounts.
Will Facebook be fined or punished?
If Facebook is found to have breached European data protection rules — the newly implemented General Data Protection Regulation (GDPR) — the company can face fines of up to four percent of its global revenue.
However, that fine can’t be levied until Facebook knows more about the nature of the breach and the risk to users.
Another data breach of this scale – especially coming in the wake of the Cambridge Analytica scandal and other data leaks – has some in Congress calling for the social network to be regulated. Sen. Mark Warner (D-VA) issued a stern reprimand to Facebook over today’s news, and again pushed his proposal for regulating companies holding large data sets as ““information fiduciaries” with additional consequences for improper security.
FTC Commissioner Rohit Chopra also tweeted that “I want answers” regarding the Facebook hack. It’s reasonable to assume that there could be investigators in both the U.S. and Europe to figure out what happened.
Can I check to see if my account was improperly accessed?
You can. Once you log back into your Facebook account, you can go to your account’s security and login page, which lets you see where you’ve logged in. If you had your access tokens revoked and had to log in again, you should see only the devices that you logged back in with.
Should I delete my Facebook account?
That’s up to you! But you may want to take some precautions like changing your password and turning on two-factor authentication, if you haven’t done so already. If you’re weren’t impacted by this, you may want to take the time to delete some of the personal information you’ve shared to Facebook to reduce your risk of exposure in future attacks, if they were to occur.
Forget Peak TV. We’re living in an age of Peak Content, period. There are so many cool shows and movies and games and weird internet videos you could consume at any given moment […]
The post Family, Cooking & Sketch Comedy: Let Geek Tell You What to Watch This Weekend appeared first on Geek.com.
Welp, it finally happened. If you want to play your Nintendo Switch online, you’ll have to pay for Nintendo Switch Online. For the first time, Nintendo requires you to subscribe and pay a […]
The post GEEK PICK: Nintendo Switch Online Membership appeared first on Geek.com.
If there’s a 21st-century trend we can honestly say we didn’t see coming, it’s probably adult coloring books. Sure, lots of other childhood timewasters are making a comeback, but the idea of grown-ass […]
The post The Weirdest Coloring Books Ever appeared first on Geek.com.
Senator Mark Warner has issued a stern reprimand to Facebook over today’s revelation that 50 million users had their access token stolen by a hacker. “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users” Warner writes. As I’ve said before – the era of the Wild West in social media is over.”
In July, Warner published an expansive policy paper outlining where he believes regulation is necessary for social media companies. He proposes that companies holding large data sets be regulated as “information fiduciaries” with additional consequences for improper security. He suggests requirements for data portability and interoperability that would allow users to export their personal information and use it elsewhere if they were unsatisfied with their treatment by a social media giant. He also suggests applying similar rules to Europe’s GDPR including a requirement that breaches be disclosed within 72 hours of discovery. Notably, Facebook did disclose this hack within that window.
Facebook’s “View As” tool has been disabled following the hack. It let users see how their profile looked to a certain other user
The breach saw sophisticated hackers combine three Facebook bugs in its video uploader, user profile, and “view as” privacy feature to generate and steal the access tokens that allow users to stay logged into Facebook between sessions. These could be used to take over user accounts and take actions on their behalf. Facebook reset the access tokens of the 50 million users impacted and another 40 million who’d had their accounts viewed through the “view as” tool this year, which means they’ll have to log back into Facebook but won’t need to change their password.
The bugs stem from code pushed back in July, but Facebook only discovered the issue Tuesday afternoon as the hackers tried to scale up the attack to steal more tokens. Facebook patched the issue last night and this morning announced it was investigating, though it currently doesn’t have enough information to determine the source of the attack.. It’s already notifed the FBI, as well as the Irish Data Protection office since the breach has GDPR implications. On a call with reporters, CEO Mark Zuckerberg repeatedly called the problem “serious”. But beyond recounting the steps Facebook is taking to address this breach, he didn’t have a good answer for why users should still trust Facebook with their data.
Always quick to pounce on privacy issues, Warner has become one of the strongeest Democratic critics of the social network. He’s seemingly inherited the position of tech watchdog from former-Senator Al Franken. He’s weighed in on recent social media bias and election interference, Google’s plan to launch censored search in China, White House cybersecurity plans and more. With technology becoming an ever more important and dangerous part of people’s lives, Warner seems to see an opportunity to both protect his constituents and advance his career by demonstrating his expertise and ferocity.
This hack could be by Warner as strong evidence that social media companies like Facebook are not voluntarily doing enough to protect uses’ security and privacy. If regulation around security, portability, and interoperability is enacted, it could cost Facebook money for compliance, slow dow the pace of engineering innovation at the company, and make it more vulnerable to competitors. Right now, it’s tough for users to easily switch to another social network, which insulates Facebook from its PR problems becoming user growth problems. But if ditching Facebook for a competitor becomes simpler, it might force the company to treat its users better.
The Senator Mark Warner’s full statement can be found below:
STATEMENT OF U.S. SEN. MARK R. WARNER
~ On Facebook hack ~
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, released the following statement on the announcement by Facebook that it discovered a security issue affecting almost 50 million accounts:
“The news that at least 50 million Facebook users had their accounts compromised is deeply concerning. A full investigation should be swiftly conducted and made public so that we can understand more about what happened.
“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before – the era of the Wild West in social media is over.”
To kick start the debate around social media legislation, Sen. Warner in July released a white paper containing a suite of potential policy proposals for the regulation of social media.
EVGA GeForce GTX 1070 SC GAMING ACX 3.0 Black Edition, 8GB Video Card and EVGA 600W ATX Power Supply for $359.99 This deal is still live, although I think it will expire by […]
The post Geek Daily Deals: $600 off the Ultra Wide Gaming Monitor, PS4 Pro With Red Dead Redemption Free, and More appeared first on Geek.com.
Is Mandy good? Yes. What’s it about? Nicolas Cage is a lumberjack living in the wilderness with his wife Mandy (Andrea Riseborough) when they are terrorized by a drug-fueled religious cult led by […]
The post MovieBob Review: MANDY (2018) appeared first on Geek.com.
The rechargeable lithium-ion battery is, hands down, one of the best inventions of the 20th century. Don’t @ me. But the expensive, resource-hogging, and energy intensive power source is not very sustainable in […]
The post Humans Could One Day Help Power Wearables appeared first on Geek.com.
Going into last night’s Season Three premiere of The Good Place, I knew how much I wanted to see the rest of this story, but I didn’t realize how much I needed this […]
The post The Good Place Returns to Earth and It’s Everything We All Needed appeared first on Geek.com.
Move over, pumpkin spice: There’s a new seasonal flavor in town, and it doesn’t exactly conjure warm and fuzzy feelings of the holidays. Seattle-based novelty dealer Archie McPhee—which boasts the tagline “We make […]
The post These Mac & Cheese Candy Canes Probably Won’t Get You Into the Holiday Spirit appeared first on Geek.com.
Another day, another scientific breakthrough challenging conventional thinking. Researchers determined that Sun-like stars rotate up to two-and-a-half times faster at the equator than at higher latitudes. The discovery—made by scientists at the NYU […]
The post Scientists Surprised by ‘Unexpected’ Rotational Patterns of Sun-Like Stars appeared first on Geek.com.
There was an interesting thread going around on Twitter last week asking “if you could own any movie prop from the history of cinema, what would it be.” Answers varied from the ridiculous […]
The post The Craziest Movie Props People Actually Own appeared first on Geek.com.
There are no shortage of instructions for propelling your book to the top of the Amazon charts. Use keywords, create an attractive cover, choose the right category. Have it professionally edited and properly […]
The post AI Uses Goodreads to Predict Amazon Best Sellers appeared first on Geek.com.
Facebook might be doing its best to stay out of political scandals in the latter half of 2018, but the company had a presence, front and center, at one of the most contentious Senate hearings in modern history.
Facebook’s Vice President of Global Public Policy at Facebook, Joel Kaplan, was spotted sitting prominently near his wife, Laura Cox Kaplan, in the section for Brett Kavanaugh’s supporters. He is pictured on the left side of the header image, second row, in a blue tie.
For reference, below is an image of Kaplan to the immediate right of Mark Zuckerberg during a Senate Judiciary joint hearing in April of this year.
WASHINGTON, DC – APRIL 10: Facebook co-founder, Chairman and CEO Mark Zuckerberg concludes his testimony before a combined Senate Judiciary and Commerce committee hearing in the Hart Senate Office Building on Capitol Hill April 10, 2018 in Washington, DC. (Photo by Win McNamee/Getty Images)
Kaplan has not made any public commentary on Twitter or Facebook about his support for the Supreme Court nominee, though through retweets, Kaplan’s wife appears to be of the mind that the hearing is part of a “smear campaign” against the family friend.
Kaplan is also featured in this viral image, making the rounds on Twitter.
His appearance during the hearing is a show of personal support, though it still turns heads for such a prominent Facebook employee to make a visible statement during such a politically divisive event. Kaplan is not representing Facebook in a formal capacity.
Kaplan served as a policy adviser on George W. Bush’s 2000 election campaign and went on to serve as a policy assistant to the president and as the deputy director of the Office of Management and Budget (OMB) and a deputy chief of staff. Kavanaugh worked for the Bush administration during the same period, joining the former president’s legal team and going on to work on the nomination of Chief Justice John Roberts to the Supreme Court.
Kaplan joined Facebook in 2011 as its VP of U.S. public policy. Kaplan continues to serve in a heavily influential political role with the company today, leading its Washington D.C. office which serves as the company’s lobbying arm.
There is no such thing as impossible: Just ask the international researchers who discovered an astrophysical phenomenon they never thought feasible. The group, which includes University of Alberta astronomer Gregory Sivakoff, found that […]
The post Jets Ejected From Neutron Stars Stun Astronomers appeared first on Geek.com.
Despite its massive financial and critical success, and general love amongst most audiences, the general online discourse surrounding the great Star Wars: The Last Jedi ended being much different and much dumber than we […]
The post GEEK PICK: Star Wars Porg Mini Backpack appeared first on Geek.com.
50% off 6 Months of Kindle Unlimited Membership (Now Only $29.97) Anyone who doesn’t have a currently active Kindle Unlimited subscription is eligible. Kindle Unlimited gives you access to over 1 million Kindle eBooks and over […]
The post Geek Daily Deals: Deals: 50% Off Kindle Unlimited, Fornite Double Helix Bundle and More appeared first on Geek.com.
Earlier this year, the FTC settled with PayPal over the company’s handling of privacy disclosures in its peer-to-peer payments app Venmo, but Mozilla doesn’t think the changes Venmo made as a result went far enough. This week, Mozilla says it delivered a petition signed by 25,000 Americans asking Venmo to set transactions shared in its app to private by default, instead of public.
As Mozilla explains, “millions of Venmo users’ spending habits are available for anyone to see. That’s because Venmo transactions are currently public by default — unless users manually update their settings, anyone, anywhere can see whom they’re sending money to, and why.”
Many Venmo users likely feel that it’s not very dangerous to share through Venmo’s feed – a key feature of its popular payments app – that they paid back a friend for part of the dinner, drinks or some concert tickets, for example.
But a Berlin-based researcher, Hang Do Thi Duc, recently studied the risks associated with this sort of over-sharing.
Do Thi Duc analyzed more than 200 million public Venmo transactions made in 2017 by accessing the data through a public API. This allowed her to see the names, dates, and transactions of Venmo users. She found that a lot could actually be gleaned from this data, including users’ drug habits in some cases, as well as their relationships, junk food habits, location, daily routines, personal finances, rent payments, and more.
In other words, while the individual transaction itself may seem harmless, in aggregate these transactions can be very revealing about the person in question.
Mozilla says it, along with Ipsos, also polled 1,009 Americans how they felt about Venmo’s “public by default” nature. 77% said they didn’t think that should be the case, and 92% said they don’t support Venmo’s justifications for making them public. (It thinks sharing is fun, basically.)
Venmo didn’t respond to Mozilla’s petition directly, but tells TechCrunch via a spokesperson that its takes its users’ trust seriously.
“Venmo was designed for sharing experiences with your friends in today’s social world, and the newsfeed has always been a big part of this,” the spokesperson said. “The safety and privacy of Venmo users and their information is always a top priority. Our users trust us with their money and personal information, and we take this responsibility and applicable privacy laws very seriously,” they added.
The company also pointed out it takes several steps to ensure some level of user protection, including not making sensitive transactions public, never publishing dollar amounts, and allowing users to control the publicity of the item, even after the fact.
As part of the FTC settlement, Venmo also had to make other changes, as well.
The company now has to explain to new and existing users how to limit the visibility of transactions through the use of privacy settings.
We recently saw this in the updated Venmo app, in fact.
Users are walked through a tutorial that spells out how you can change settings to make transactions private by default, or any time you choose.
[gallery ids="1721938,1721939,1721940,1721941"]Mozilla’s petition comes at a time when PayPal has been weighing whether or not it should change the default in Venmo from public to private, according to a report from Bloomberg last month.
Thanks to large-scale scandals like Cambridge Analytica and others involving user data being overexposed, timed alongside the rollout of new privacy regulations like Europe’s GDPR, many companies are reviewing their data protection policies.
Venmo’s casual over-sharing now feels like a holdover from an earlier, more naive time on the web, and it wouldn’t be surprising if it decided to later adjust the app’s settings to match where consumer sentiment is headed today.
