aggregator

Don't Give Away Historic Details About Yourself

Slashdot - Your Rights Online - Wt, 2018-04-10 00:40
Brian Krebs: Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as "What was your first job," or "What was your first car?" The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to "secret questions" that can be used to unlock access to a host of your online identities and accounts. I'm willing to bet that a good percentage of regular readers here would never respond -- honestly or otherwise -- to such questionnaires (except perhaps to chide others for responding). But I thought it was worth mentioning because certain social networks -- particularly Facebook -- seem positively overrun with these data-harvesting schemes. What's more, I'm constantly asking friends and family members to stop participating in these quizzes and to stop urging their contacts to do the same. On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts.

Read more of this story at Slashdot.

'Erotic Review' Blocks US Internet Users To Prepare For Government Crackdown

Slashdot - Your Rights Online - Wt, 2018-04-10 00:00
An anonymous reader quotes a report from Ars Technica: A website that hosts customer reviews of sex workers has started blocking Internet users in the United States because of forthcoming changes in U.S. law. Congress recently passed the Stop Enabling Sex Traffickers Act bill (SESTA), and President Trump is expected to sign it into law. SESTA will make it easier to prosecute websites that host third-party content that promotes or facilitates prostitution, even in cases when the sex workers aren't victims of trafficking. After Congress approved the bill, Craigslist removed its "Personals" section and Reddit removed some sex-related subreddits. The Erotic Review (TER) has followed suit by blocking any user who appears to be visiting the website from the United States. "As a result of this new law, TER has made the difficult decision to block access to the website from the United States until such time as the courts have enjoined enforcement of the law, the law has been repealed or amended, or TER has found a way to sufficiently address any legal concerns created by the new law," the website's home page says in a notice to anyone who accesses the site from a US location. The Erotic Review explained in an FAQ why it blocked US-based users even before SESTA takes effect. (The bill is also known as the Allow States and Victims to Fight Online Sex Trafficking Act, or FOSTA.) "TER has always operated within the law, and it takes SESTA seriously," the FAQ says. "Because we do not know when SESTA will be signed into law, TER wants to be certain that it is in compliance with the statute the moment it becomes effective." TER can still be accessed outside the U.S., and U.S.-based users can still access the site via a VPN service. "Non-U.S. are asked to agree to a disclaimer, which requires users to agree to 'report suspected exploitation of minors and/or human trafficking' and that they 'will not access TER from a Prohibited Country,'" reports Ars.

Read more of this story at Slashdot.

Steve Wozniak Drops Facebook: 'The Profits Are All Based On the User's Info'

Slashdot - Your Rights Online - Pn, 2018-04-09 22:38
Apple cofounder Steve Wozniak has formally deactivated his Facebook account. In an email interview with USA Today, Wozniak wrote that he was no longer satisfied with Facebook, knowing that it makes money off of user data. "The profits are all based on the user's info, but the users get none of the profits back," he wrote. "Apple makes its money off of good products, not off of you. As they say, with Facebook, you are the product." Ars Technica reports: His Sunday announcement to his Facebook followers came just ahead of Facebook CEO Mark Zuckerberg's scheduled testimony before Congress on Tuesday. The CEO is also reportedly set to meet with members of Congress privately on Monday. Wozniak wrote that Facebook had "brought me more negatives than positives." Still, when Wozniak tried to change some of his privacy settings in the aftermath of Cambridge Analytica, he said he was "surprised" to find out how many categories for ads he had to remove. "I did not feel that this is what people want done to them," added Wozniak. "Ads and spam are bad things these days and there are no controls over them. Or transparency."

Read more of this story at Slashdot.

YouTube Is Illegally Collecting Data From Children, Say Advocacy Groups

Slashdot - Your Rights Online - Pn, 2018-04-09 21:01
Nearly two-dozen privacy and children's advocacy groups have filed a Federal Trade Commission complaint against YouTube, alleging the platform of illegally collecting data from children. From a report: The groups, led by the Campaign for a Commercial-Free Childhood (CCFC), allege YouTube is violating the Children's Online Privacy Protection Act (COPPA) by collecting data from children under 13 without parents' permission. "It's just fundamentally unfair," Josh Golin, executive director of the CCFC, told Gizmodo, "to use Google's powerful behavioral targeting on a child that doesn't yet understand what's going on." COPPA requires platforms "give parents notice of its data collection practices, and obtain verifiable parental consent before collecting the data." But, as Golin argues, YouTube violates COPPA because it doesn't differentiate between videos marketed to children and the rest of the site.

Read more of this story at Slashdot.

Facebook Suspends Another Data Analytics Firm After CNBC Discovers It Was Using Tactics like Cambridge Analytica

Slashdot - Your Rights Online - Pn, 2018-04-09 16:45
Facebook suspended a company from its site over the weekend while it investigates claims it harvested user information under the guise of academic research, in a case with echoes of the Cambridge Analytica scandal. From a report: Facebook is suspending a data analytics firm called CubeYou from the platform after CNBC notified the company that CubeYou was collecting information about users through quizzes. CubeYou misleadingly labeled its quizzes "for non-profit academic research," then shared user information with marketers. The scenario is eerily similar to how Cambridge Analytica received unauthorized access to data from as many as 87 million Facebook user accounts to target political marketing. CubeYou, whose CEO denies any deception, sold data that had been collected by researchers working with the Psychometrics Lab at Cambridge University, similar to how Cambridge Analytica used information it obtained from other professors at the school for political marketing.

Read more of this story at Slashdot.

Cambridge Analytica Whistleblower Says Data From 87 Million Users Could Be Stored In Russia

Slashdot - Your Rights Online - Pn, 2018-04-09 05:30
PolygamousRanchKid shares a report from CNN: Cambridge Analytica whistleblower Christopher Wylie says the data the firm gathered from Facebook could have come from more than 87 million users and could be stored in Russia. Wylie added that his lawyer has been contacted by U.S. authorities, including congressional investigators and the Department of Justice, and says he plans to cooperate with them. Aleksander Kogan, a Russian data scientist who gave lectures at St. Petersburg State University, gathered Facebook data from millions of Americans. He then sold it to Cambridge Analytica, which worked with President Donald Trump's 2016 presidential campaign. "I know that Facebook is now starting to take steps to rectify that and start to find out who had access to it and where it could have gone, but ultimately it's not watertight to say that, you know, we can ensure that all the data is gone forever," he said.

Read more of this story at Slashdot.

Tim Cook Says Ads That Follow You Online Are 'Creepy'

Slashdot - Your Rights Online - Pn, 2018-04-09 00:22
In a wide-ranging interview with MSNBC and Recode, Apple CEO Tim Cook said that everyone should know how much data they're sharing and what can be inferred about us from that information. He added that privacy "is a human right" and said he's worried about how advertisers and others can abuse access to our data. "To me it's creepy when I look at something and all of a sudden it's chasing me all the way across the web," Cook said. "I don't like that." CNET reports: The comments came as part of a wide-ranging interview between Cook, MSNBC's Chris Hayes and Recode's Kara Swisher. MSNBC broadcast the special, named "Revolution: Apple changing the world" at 5 p.m. PT on Friday. The interview was taped the day after Apple's education event in Chicago, where the company introduced a new 9.7-inch iPad and tools for teachers. The two publications released some early clips and comments from Cook over the past couple of weeks. That included remarks he made about Facebook and its CEO, Mark Zuckerberg in the wake of the Cambridge Analytica scandal. Cook noted that Apple purposely chose not to make "a ton of money" off its customers' data and that Facebook failed to effectively regulate itself, prompting a need for government intervention. Along with Facebook and its privacy issues, Cook talked up DACA and immigration, tax reform, the changing job landscape and the need for everyone to learn coding, among other topics.

Read more of this story at Slashdot.

'Big Brother' In India Requires Fingerprint Scans For Food, Phones, Finances

Slashdot - Your Rights Online - N, 2018-04-08 19:17
The New York Times reports of the Indian government's intent to build an identification system of unprecedented scope. The country is reportedly "scanning the fingerprints, eyes and faces of its 1.3 billion residents (alternative source) and connecting the data to everything from welfare benefits to mobile phones." Here's an excerpt from the report: Civil libertarians are horrified, viewing the program, called Aadhaar, as Orwell's Big Brother brought to life. To the government, it's more like "big brother," a term of endearment used by many Indians to address a stranger when asking for help. For other countries, the technology could provide a model for how to track their residents. And for India's top court, the ID system presents unique legal issues that will define what the constitutional right to privacy means in the digital age. The government has made registration mandatory for hundreds of public services and many private ones, from taking school exams to opening bank accounts. Technology has given governments around the world new tools to monitor their citizens. In China, the government is rolling out ways to use facial recognition and big data to track people, aiming to inject itself further into everyday life. Many countries, including Britain, deploy closed-circuit cameras to monitor their populations. But India's program is in a league of its own, both in the mass collection of biometric data and in the attempt to link it to everything -- traffic tickets, bank accounts, pensions, even meals for undernourished schoolchildren.

Read more of this story at Slashdot.

Facebook Donated To 46 of 55 Members On Committee That Will Question Zuckerberg

Slashdot - Your Rights Online - N, 2018-04-08 15:13
Facebook CEO Mark Zuckerberg will be questioned about user privacy protections next week by members of the House and Senate committees, but as USA Today notes, many of these members were also "some of the biggest recipients of campaign contributions from Facebook employees directly and the political action committee funded by employees." An anonymous reader shares the report: The congressional panel that got the most Facebook contributions is the House Energy and Commerce Committee, which announced Wednesday morning it would question Zuckerberg on April 11. Members of the committee, whose jurisdiction gives it regulatory power over Internet companies, received nearly $381,000 in contributions tied to Facebook since 2007, according to the Center for Responsive Politics. The center is a non-partisan, non-profit group that compiles and analyzes disclosures made to the Federal Election Commission. The second-highest total, $369,000, went to members of the Senate Commerce, Science and Transportation Committee, which announced later that it would have a joint hearing with the Senate Judiciary Committee to question Zuckerberg on Tuesday. Judiciary Committee members have received $235,000 in Facebook contributions. On the House committee, Republicans got roughly twice as much as Democrats, counter to the broader trend in Facebook campaign gifts. Of the $7 million in contributions to all federal candidates tied to the Menlo Park, Calif.-based social network, Democrats got 65% to Republicans' 33%. Of the 55 members on the Energy and Commerce Committee this year, all but nine have received Facebook contributions in the past decade. The average Republican got $6,800, while the average Democrat got $6,750.

Read more of this story at Slashdot.

'Vigilante Hackers' Strike Routers In Russia and Iran, Reports Motherboard

Slashdot - Your Rights Online - N, 2018-04-08 01:34
An anonymous reader quotes Motherboard: On Friday, a group of hackers targeted computer infrastructure in Russia and Iran, impacting internet service providers, data centres, and in turn some websites. "We were tired of attacks from government-backed hackers on the United States and other countries," someone in control of an email address left in the note told Motherboard Saturday... "We simply wanted to send a message...." In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: "Don't mess with our elections," along with an image of an American flag... In a blog post Friday, cybersecurity firm Kaspersky said the attack was exploiting a vulnerability in a piece of software called Cisco Smart Install Client. Using computer search engine Shodan, Talos (which is part of Cisco) said in its own blog post on Thursday it found 168,000 systems potentially exposed by the software. Talos also wrote it observed hackers exploiting the vulnerability to target critical infrastructure, and that some of the attacks are believed to be from nation-state actors... Reuters reported that Iran's IT Minister Mohammad Javad Azari-Jahromi said the attack mainly impacted Europe, India, and the U.S.... The hackers said they did scan many countries for the vulnerable systems, including the U.K., U.S., and Canada, but only "attacked" Russia and Iran, perhaps referring to the post of an American flag and their message. They claimed to have fixed the Cisco issue on exposed devices in the US and UK "to prevent further attacks... As a result of our efforts, there are almost no vulnerable devices left in many major countries," they claimed in an email. Their image of the American flag was a black-and-white drawing done with ASCII art.

Read more of this story at Slashdot.

Apple Tells the EPA Why Cutting the Clean Power Plan Is a Bad Move

Slashdot - Your Rights Online - So, 2018-04-07 15:00
An anonymous reader quotes a report from The Verge: Apple is pushing back against the Environmental Protection Agency's proposal to repeal the Clean Power Plan. The company filed a public comment with the EPA today arguing that scrapping the policy, which calls for cutting power plant pollution, would dull the United States' competitive edge in the clean energy economy. The Clean Power Plan (or CPP) was finalized by the Obama administration, and it takes aim at power plants -- the number one carbon polluters in the U.S., according to the Obama-era EPA website. Had the CPP ever taken effect, it would have given power plants until the year 2030 to curb their carbon emissions by about 30 percent, a move that the Obama administration said could protect the environment, public health, and consumer's pocketbooks. Apple's comment cites the economic advantages of supporting clean energy, including that it provides "corporate electricity buyers with a hedge against fuel price fluctuation." The price of solar and wind don't change like the price of oil, Apple's filing says. (It also notes that China is currently beating the U.S. in clean energy investments.) The company also says that regulating the grid's carbon emissions "power plant by power plant" won't work. It references its own experiences operating with 100 percent renewable energy here in the U.S. and the work of its subsidiary, Apple Energy LLC, which sells the excess electricity the company generates back to the grid. The electricity system is far too interconnected, the filing says, so "regulation should consider the dynamic and interconnected nature of how power is generated, sold and consumed." That's why it supports the clean power plan, which it says provides a nationwide framework for regulating electricity generation: "It is both needed and the smart thing to do."

Read more of this story at Slashdot.

Google Seeks To Limit 'Right To Be Forgotten' By Claiming It's Journalistic

Slashdot - Your Rights Online - So, 2018-04-07 03:25
"In the first 'right to be forgotten' case to reach England's High Court, two men are fighting to keep their past crimes out of Google's search results, and the tech giant is fighting back by claiming it's 'journalistic.'" Chava Gourarie reports via Columbia Journalism Review: The case, which is actually two nearly identical cases, involves two businessmen who were both convicted of white-collar crimes in the '90s, and requested that Google delist several URLs referencing their convictions, including news articles. When Google denied their requests, they sued under a 2014 European Union ruling which established the right of individuals to have information delisted from search indexes under certain conditions. In its defense, Google has argued that it should be protected under an exception for journalism because it provides access to journalistic content. Even as a legal sleight of hand, the argument is quite a departure from Google's customary efforts to present itself as a disinterested arbiter of information, a position that has become more untenable with time. Gareth Corfield, a reporter for The Register who covered the cases from the courtroom, said it's disingenuous of Google to put on the mantle of journalism only when it suits them. "They've gone through great lengths to say they don't make any editorial judgement in processing results," Corfield said, but "it now wants you to believe it is on a par with journalism." As the first case to test the "right to be forgotten" in England's High Court, its outcome will likely set some ground rules in the roiling debate between personal privacy and freedom of expression on the internet. Google's sudden identification with journalism may be a legal gambit, but it could have far-reaching effects across the landscape of data protection laws.

Read more of this story at Slashdot.

T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security

Slashdot - Your Rights Online - So, 2018-04-07 02:03
T-Mobile Austria admitted on Twitter that it stores at least part of their customer's passwords in plaintext. What this means is that "if anyone breaches T-Mobile (it's only a matter of time), they could likely guess or brute-force every user's password," reports Motherboard. "If the passwords were fully encrypted or hashed, it wouldn't be that easy. But having a portion of the credential in plaintext reduces the difficulty of decoding the hashed part and obtaining the whole password." From the report: "Based on what we know about how people choose their passwords," Per Thorsheim, the founder of the first-ever conference dedicated to passwords, told me via Twitter direct message, "knowing the first 4 characters of your password can make it DEAD EASY for an attacker to figure out the rest." T-Mobile doesn't see that as a problem because it has "amazingly good security." On Thursday, a T-Mobile Austria customer support employee made that stunning revelation in an incredibly nonchalant tweet. Twitter user Claudia Pellegrino was quick to point out that storing passwords in plaintext is wrong, but another T-Mobile customer rep didn't see it that way. "I really do not get why this is a problem. You have so many passwords for every app, for every mail-account and so on. We secure all data very carefully, so there is not a thing to fear," the rep wrote back.

Read more of this story at Slashdot.

Comcast, AT&T, Verizon Pose a Greater Surveillance Risk Than Facebook

Slashdot - Your Rights Online - So, 2018-04-07 01:20
An anonymous reader writes: "Comcast, AT&T and Verizon pose a greater surveillance risk than Facebook -- but their surveillance is much harder to avoid," writes Salome Viljoen in an opinion piece for The Guardian. From the report: "Facebook isn't the only company that amasses troves of data about people and leaves it vulnerable to exploitation and misuse. As of last year, Congress extended the same data-gathering practices of tech companies like Google and Facebook to internet providers like Comcast, AT&T and Verizon. Because service providers serve as gatekeepers to the entire internet, they can collect far more information about us, and leave us with far less power to opt out of that process. This means that the risks of allowing our internet providers to collect and monetize the same type of user data that Facebook collects -- and the potential that such data will therefore be misused -- are much, much worse. Your internet provider doesn't just know what you do on Facebook -- it sees all the sites you visit and how much time you spend there. Your provider can see where you shop, what you watch on TV, where you choose to eat dinner, what medical symptoms you search, where you apply for work, school, a mortgage. Everything that is unencrypted is fair game. But internet providers don't just pose a greater surveillance risk than Facebook -- their surveillance is also far harder to avoid. 'Choosing' not to use an internet provider to avoid surveillance is not really a choice at all. As of 2016, only about half of Americans have more than one option for broadband internet. In rural areas, this number drops to just 13%.

Read more of this story at Slashdot.

Three Execs Get Prison Time For Pirating Oracle Firmware & Solaris OS Update

Slashdot - Your Rights Online - So, 2018-04-07 00:40
An anonymous reader writes: Three of four TERiX executives were sentenced to prison yesterday for a scheme through which they created three fake companies to pirate Oracle firmware patches and Solaris OS updates. By doing this, the execs avoided paying a per-server fee for every Oracle product their company serviced, instead paying for one patch/update alone. Court documents show that Oracle was aware of the scheme and eventually connected the dots between the fake companies and TERiX when one of the execs downloaded files from Oracle's servers via one of the fake company's accounts from a TERiX IP address. Oracle filed a complaint with the FBI, but also a civil suit. A judge awarded Oracle damages last year totaling $57.423 million. The judge also barred TERiX from servicing Oracle products.

Read more of this story at Slashdot.

Best Buy Warns of Data Breach

Slashdot - Your Rights Online - So, 2018-04-07 00:20
Best Buy, along with Delta Air Lines and Sears, says that [24]7.ai, a company that provides the technology backing its chat services, was hacked between September 27 and October 12, potentially jeopardizing the personal payment details of "a number of Best Buy customers." The electronics company said in a statement that "as best we can tell, only a small fraction of our overall online customer population could have been caught up in this... incident whether or not they used the chat function." They will reach out to customers who were impacted.

Read more of this story at Slashdot.

FBI Seizes Backpage.com, a Site Criticized For Sex-Related Ads

Slashdot - Your Rights Online - Pt, 2018-04-06 23:20
The FBI has reportedly seized the sex marketplace website Backpage.com, according to a posting on its website on Friday. "The posting said the U.S. Justice Department would provide more information at 6 p.m. EDT," reports Reuters. "It said U.S. attorneys in Arizona and California, as well as the Justice Department's section on child exploitation and obscenity and the California and Texas attorneys general had supported the work in shutting down the website." From the report: Lawmakers and enforcement officials have been working to crack down on the site, the second largest classified ad service in the country after Craigslist that is used primarily to sell sex. The U.S. Senate passed legislation last month making it easier for state prosecutors and sex-trafficking victims to sue social media networks, advertisers and others that fail to keep sex trafficking and other exploitative materials off their platforms. The Supreme Court in January 2017 refused to consider reviving a lawsuit against backpage.com filed by three young women alleging the site facilitated their forced prostitution. But the site has since then faced a slew of other lawsuits alleging child sex trafficking. According to AZCentral, local FBI officials have confirmed "law enforcement activity" Friday morning at the Sedona-area home of Michael Lacey, a co-founder of Backpage.com. The raid comes amid what appears to be a shut-down of the website.

Read more of this story at Slashdot.

Sheryl Sandberg: Users Would Have To Pay To Opt Out of Facebook Ads

Slashdot - Your Rights Online - Pt, 2018-04-06 20:42
An anonymous reader shares a report: In an interview with Today airing Friday morning, Facebook COO Sheryl Sandberg insisted that Facebook does not sell or give away user information, but made clear that Facebook's entire model is based on being able to share user data with advertisers. If Facebook users don't like its ad-based model, the only other option would be to have users pay for the service so they could keep their data to themselves. As Sandberg told Today: "Our service depends on your data, [so] we don't have an opt-out at the highest level. That would be a paid product."

Read more of this story at Slashdot.

Facebook Retracted Zuckerberg's Messages From Recipients' Inboxes

Slashdot - Your Rights Online - Pt, 2018-04-06 17:20
An anonymous reader shares a report: You can't remove Facebook messages from the inboxes of people you sent them to, but Facebook did that for Mark Zuckerberg and other executives. Three sources confirm to TechCrunch that old Facebook messages they received from Zuckerberg have disappeared from their Facebook inboxes, while their own replies to him conspiculously remain. An email receipt of a Facebook message from 2010 reviewed by TechCrunch proves Zuckerberg sent people messages that no longer appear in their Facebook chat logs or in the files available from Facebook's Download Your Information tool. Casey Newton, a reporter at The Verge, tweeted, "Deleting Mark's messages while leaving the recipients' intact highlights Facebook's actual views on privacy better than any statement it makes on the subject ever will" Update: Facebook has just announced that it will give all users an option to unsend messages.

Read more of this story at Slashdot.

Russia Files Lawsuit To Block Telegram Messaging App

Slashdot - Your Rights Online - Pt, 2018-04-06 16:40
Russia's state communications watchdog, Roskomnadzor, has filed a lawsuit to block Telegram in the country because the instant messaging company has refused to hand over the encryption keys that would allow Russian authorities to read messages sent using the service. From a report: Ranked as the world's ninth most popular mobile messaging app, Telegram is widely used in countries across the former Soviet Union and Middle East. Active users of the app reached 200 million in March. As part of its services, Telegram allows users to communicate via encrypted messages which cannot be read by third parties, including government authorities. But Russia's FSB Federal Security service has said it needs access to some messages for its work, including guarding against terrorist attacks. Telegram has refused to comply with its demands, citing respect for user privacy.

Read more of this story at Slashdot.