Sunday, 30 September 2018

Until data is misused, Facebook’s breach will be forgotten

We cared about Cambridge Analytica because it could have helped elect Trump. We ignored LocationSmart because even the though the company was selling and exposing the real-time GPS coordinates of our phones, it was never clear exactly if or how that data was misused.

This idea, that privacy issues are abstract concepts for most people until they become security or ideological problems, is important to understanding Facebook’s massive breach revealed this week. 

The social network’s engineering was sloppy, allowing three bugs to be combined to steal the access tokens of 50 million people. In pursuit of rapid growth at affordable efficiency, Facebook failed to protect its users. This assessment doesn’t discount that. Facebook screwed up big time.

But despite the potential that those access tokens could have let the attackers take over user accounts, act as them, and scrape their personal info, it’s unclear how much users really care. That’s because for now, Facebook and it’s watchdogs aren’t sure exactly what data was stolen or how it was wrongly used.

The Hack That Broke The Camel’s Back?

This could all change tomorrow. If Facebook discovers the hack was perpetrated by a foreign government to interfere with elections, by criminals to bypass identity theft security checkpoints and steal people’s bank accounts or social media profiles, or to target individuals for physical harm, out will come the pitchforks and torches. 

Given a sufficiently scary application for the data, the breach could finish the job of destroying Facebook’s brand. If users start clearing their profile data, reducing their feed browsing, and ceasing to share, the breach could have significant financial and network effect consequences for Facebook. After years of scandals, this could be the hack that’s broke the camel’s back.

Yet in the absence of that evil utilization of the hacked data, the breach could fade into the background for users. Similar to the tension-filled departures of the founders of Facebook’s acquisitions Instagram and WhatsApp, the brunt of the backlash may not come from the public.

The hack could hasten regulation of social media. Senator Warner called on Congress to “step up” following the hack. He’s previously advocated for privacy laws similar to Europe’s GDPR. That includes data portability and interoperability rules that could make it easier to switch social networks. That threat of people moving to competing apps could succeed in compelling Facebook to treat user privacy and security better.

One of the biggest questions about the attack is whether the tokens were used to access other services like Airbnb or Spotify that rely on Facebook Login. The breach could steer potential partners away from building atop Facebook’s identity platform. But at least you don’t have to worry about changing all your passwords. Unlike hacks that steal usernames and passwords, the lasting danger of the Facebook breach is limited. The access tokens have already been invalidated, whereas password reuse can lead people to have their other apps hacked long after the initial breach.

Desensitized

If government investigators, journalists, or anti-Facebook activists want to make the company pay for its negligence, they’ll need to connect it to some concrete threat to how we live or what we believe.

For now, without a nefarious application of the breached data, this scandal could blend into the rest of Facebook’s troubles. Every week, sometimes multiple times a week, Facebook has some headline grabbing problem. Over time, those are adding up to deter usage of Facebook and spur more users to delete it. But without an independent general purpose social network they can easily switch to, many users have endured Facebook’s stumbles in exchange for the connective utility it provides. 

As breaches become more common, the public may be desensitized. Between Equifax, Yahoo, and the cell phone companies, we’re growing accustomed to letting out a deep sigh with maybe some expletives, and moving on with our lives. The ones we’ll remember will be those where the danger metastasized from the digital world into our offline lives.



https://ift.tt/2xOPS54

Relike lets you turn a Facebook page into a newsletter

French startup Ownpage has recently released a new product called Relike. Relike is one of the easiest ways to get started with email newsletters. You enter the web address of your Facebook page and that’s about it.

The company automatically pulls your most recent posts from your Facebook page and lets you set up an emailing campaign in a few clicks. You can either automatically pick your most popular Facebook posts or manually select a few posts.

Just like any emailing service, you can choose between multiple templates, decide the day of the week and time of the day, import a database of email addresses and more. If you’ve used Mailchimp in the past, you’ll feel right at home.

But the idea isn’t to compete directly with newsletter services. Many social media managers, media organizations, small companies, nonprofits and sports teams already have a Facebook page but aren’t doing anything on the email front.

Relike is free if you send less than 2,000 emails per month and don’t need advanced features. If you want to get open rates, click-through rates and other features, you’ll need to pay €5 per month and €0.50 every time you send 1,000 emails.

The company’s other product Ownpage is a bit different. Ownpage has been working with media organizations to optimize their email newsletters. The company is tracking reading habits on a news site and sending personalized email newsletters.

This way, readers will get tailored news and will more likely come back to your site. Many big French news sites use Ownpage for their newsletters, such as Les Echos, L’Express, 20 Minutes, BFM TV, Le Parisien, etc.

Ownpage founder and CEO Stéphane Cambon told me that Relike was the obvious second act. Using browsing data for customized newsletters is one thing, but many talented social media managers know how to contextualize stories and maximize clicks (even if it means clickbait, sure).

The startup was looking at a way to get this data, and ended up creating Relike, which could appeal to customers beyond news organizations. For now, both products will stick around. In the future, the company plans to add Twitter and Instagram integrations as well as better signup flows for newsletter subscribers.



https://ift.tt/2zFxeO8

Carpooling service Klaxit partners with Uber for last-minute changes

French startup Klaxit connects drivers with riders so that you don’t have to take your car to work every day. And the company recently announced a new feature with the help of Uber. If your driver cancels your ride home, Klaxit will book an Uber for you.

Klaxit is a ride-sharing startup that focuses on one thing — commuting to work. And this problem is more complicated than you might think. You can’t just go to work with the same person every day because you don’t always go to work at the same time. Similarly, sometimes your driver has to leave work early, leaving you at the office with no alternative.

As a driver, you want to take the quickest route to work. So you want to be matched with riders who are exactly on the way to work.

Klaxit currently handles 300,000 rides per day. In particular, the company has partnered with 150 companies, including big French companies such as BNP Paribas, Veolia, Vinci and Sodexo.

Klaxit can be particularly useful for companies with large office buildings outside of big cities. Promoting Klaxit instantly fosters supply and demand from and to this office. But you don’t have to work for one of those companies to use Klaxit.

Local governments can also financially support Klaxit to improve traffic conditions and mobility for users who don’t have a car or a driver’s license. “Subsidizing rides on Klaxit is 8 to 10 times cheaper than building a bus line,” co-founder and CEO Julien Honnart told me.

One of the biggest concerns as a rider is that you’re going to be stuck at work in the evening. Klaxit is now asking its users to request a ride with two other drivers. If they both decline your request, Klaxit will book you an Uber ride to go back home.

You don’t have to pay the Uber ride and then get reimbursed, Klaxit pays Uber directly. You don’t need an Uber account either as Klaxit is using Uber for Business. MAIF is the insurance company behind this insurance feature, and also one of Klaxit’s investors. This is a neat feature to convince new users that they can trust Klaxit.

Klaxit competes with other French startups on this market, such as Karos and BlaBlaCar’s BlaBlaLines.

https://ift.tt/2Qk7blk

Relike lets you turn a Facebook page into a newsletter

French startup Ownpage has recently released a new product called Relike. Relike is one of the easiest ways to get started with email newsletters. You enter the web address of your Facebook page and that’s about it.

The company automatically pulls your most recent posts from your Facebook page and lets you set up an emailing campaign in a few clicks. You can either automatically pick your most popular Facebook posts or manually select a few posts.

Just like any emailing service, you can choose between multiple templates, decide the day of the week and time of the day, import a database of email addresses and more. If you’ve used Mailchimp in the past, you’ll feel right at home.

But the idea isn’t to compete directly with newsletter services. Many social media managers, media organizations, small companies, nonprofits and sports teams already have a Facebook page but aren’t doing anything on the email front.

Relike is free if you send less than 2,000 emails per month and don’t need advanced features. If you want to get open rates, click-through rates and other features, you’ll need to pay €5 per month and €0.50 every time you send 1,000 emails.

The company’s other product Ownpage is a bit different. Ownpage has been working with media organizations to optimize their email newsletters. The company is tracking reading habits on a news site and sending personalized email newsletters.

This way, readers will get tailored news and will more likely come back to your site. Many big French news sites use Ownpage for their newsletters, such as Les Echos, L’Express, 20 Minutes, BFM TV, Le Parisien, etc.

Ownpage founder and CEO Stéphane Cambon told me that Relike was the obvious second act. Using browsing data for customized newsletters is one thing, but many talented social media managers know how to contextualize stories and maximize clicks (even if it means clickbait, sure).

The startup was looking at a way to get this data, and ended up creating Relike, which could appeal to customers beyond news organizations. For now, both products will stick around. In the future, the company plans to add Twitter and Instagram integrations as well as better signup flows for newsletter subscribers.

https://ift.tt/2zFxeO8

Google launches “Abtal Al Internet” initiative to teach children online safety habits

Aiming to encourage children to be confident online explorers while avoiding potential cybersecurity pitfalls, Google has launched “Abtal Al Internet” (Internet Heroes) initiative in Arabic, a free online platform full of learning resources and interactive activities on online safety for kids, parents and educators. This move seems in line with Google’s Be Internet Awesome initiative launched last year.

Children now access the internet at very young ages and are vulnerable to online predators and scams whether it be on social media or online games. To that effort, Abtal Al Internet is designed to teach kids the fundamentals of digital citizenship and safety and help them confidently navigate the online world by being smart, alert, strong, kind and brave. 

Also part of the online learning program is an online adventure, A’lam al Internet (Interland), that allows kids to develop good digital habits such as not sharing information online to those they don’t trust, building strong passwords, staying away from fake profiles and phishing scams, being kind to others online and reporting inappropriate content. 

According to Google’s survey, majority of teachers in the Arab world believe that online safety should be part of curriculum and have reportedly witnessed concerning online incidents. To that end, Abtal Al Internet aims to provide guidance for educators and parents to teach kids about digital safety in homes as well as classrooms through videos, activities and more.

The program has been developed in collaboration with online safety experts including Family Online Safety Institute, the Internet Keep Safe Coalition and ConnectSafely. It can be accessed here: g.co/abtalinternet

https://ift.tt/2OmNQ5n

20 ways to promote your website

We’re all familiar with the term ‘one hit wonder’, and many artists or groups have had huge success with a single song, then subsequently nosedived into commercial oblivion with their following tracks.

The lifecycle of a website can be disturbingly similar, at least to a point. There’s a kind of gravitational force which acts on all websites, pulling them down the search engine rankings as they’re replaced with newer, fresher, more successfully promoted sites.

If you want to defy this natural force, you’ll need a promotional plan, many clever tricks, and a concerted effort from your web development team. With that in mind, here’s a list of 20 ways in which you can promote your website, and keep it as visible as possible.

Be SEO smart

1. Be SEO smart

Most of the time, your website will be found via a search engine, and the vast majority of folks out there are using Google for search duties. And where your site is placed in terms of the rankings in any given search is heavily influenced by how Google matches the words and phrases that people are using to search. 

Consider altering the site’s content to include popular phrases that people are searching for, and find the magic words that you need using the Google AdWord keyword planner. This process – although there’s a lot more to it – is known as SEO, which stands for Search Engine Optimization.

2. Get reciprocal

The more links that external websites have to your site, and the more links you make to them, will be seen by search engines as a good reason to elevate your importance as a web location. 

Therefore if you have commercial relationships, you can strengthen those by exchanging links and building a flow of traffic between your mutual sites. This is especially useful if you are part of a bigger conglomerate, where the group site can link to all the subsidiaries without the need for permissions.

3. Facebook ads

If you want to sell door-to-door, then you need to turn up when people are at home, and the web equivalent of this is catching them on social media. Despite some recent flattening of growth, many millions of people still use Facebook, and this platform has the advantage that you can target users of a specific age or gender, those with certain interests, or those who follow particular brands or celebrities.

4. Connect with influencers

Perhaps you can’t get an A-list star to blog about your products or services, but maybe you could find a blogger who has a dedicated following that they can influence. 

Compared with celebrity endorsements, the costs will be minimal, and some might even cover a product for a free sample if asked.

Submit Express

5. Go beyond Google

Google may be the search giant of the world, but not everyone uses it. For example, in China, more surfers use Baidu. Submitting to all those other search engines aside from Google and Bing is a worthwhile exercise, especially if you do business in locations outside of the US and Europe. 

Instead of submitting to each engine in turn, use a tool like Submit Express to hit a large number in a single operation.

6. Use YouTube

The right video on YouTube can rapidly attract tens of thousands of views, and can subsequently generate links in Facebook and Twitter. Even if it’s just a recording of a seminar speech or something made to promote a new product line, it’s all worth placing on YouTube to create interest and attract visitors to your website.

7. Be adaptable

Tracking and analyzing information from your website will tell you where visitors typically enter, and the pages they most often access. You can then concentrate on enhancing the more popular areas of your site – and deprioritize the sections which see less traffic – and that should hopefully see your visitor count grow. Not only that, but those who do visit will be more likely to come back, elevating your status with search engines.

Reddit

8. Use Reddit

Modestly labelled as the ‘front page of the internet’, any news story or press release from your company should be put on here, with links to bring people back to your site. 

However, be advised that Reddit users can take a dislike to anything perceived as overtly corporate, so be careful about how you position content and interact with the denizens of the site. 

9. Be a community player

As a representative for your business, you might want to join appropriate Facebook and Google+ groups, so that you can tap into what they’re thinking, and how they react to product launches and promotions.

10. Be professional

If you post images on your website or social media, then make sure they’re really good quality ones, and even consider having them link to the full resolution original. 

The same goes for video footage. Avoid portrait recordings made by a phone with no image stabilization, at the very least.

11. Answer questions

People love online experts who can answer questions, so be one of them. There are numerous question-and-answer forums run by the likes of Quora, Yahoo, and so on, which are all free to join. 

You might also consider adding a question page to your site. You could then take the best answers, and use them to construct a FAQ (Frequently Asked Questions).

Create infographics

12. Create infographics

Infographics are those charts which you see here and there about the web, which graphically illustrate an interesting trend or the breakdown of a market by percentages. Making one that relates to your business, or the market that it operates in, and then distributing this infographic is an excellent way to get visitors.

13. Incorporate a blog

This is a method that both Google and Microsoft (and many others) employ, where they have senior staff blog about new or interesting products that they’re working on. 

Visitors react better to people than corporate entities, and personalizing product development, in particular, can be highly influential. Often this is a much better way to release company news, rather than an official press release.

Google My Business

14. Use Google My Business

This is most useful if you run a local business where customers can physically come to your office or store to collect products, or engage in personal interaction. The Google My Business tool allows your company to appear on a Google Map search so that you can be found easily by anyone looking for you. 

A nifty added benefit of being on here is that if your company name is searched via Google, the result returned will also bring up a map showing where you are.

15. Get a webmaster account

Most search engines have special accounts for those who run websites, and once you have this connection with them, you can use it to interact with the company about how you might improve your search ranking. 

A Google account, for example, is an excellent way to make sure that the site is indexed correctly, and isn’t being ignored for some spurious reason.

16. Use email marketing

A timely reminder to previous customers or a nudge to potentially new ones is an effective way to stimulate web traffic. It’s also a great idea to include links to new and interesting content within the marketing email, stimulating the recipient to visit. 

Just make sure that those who get the emails have a means to decline receiving any further messages, or you’ll get a reputation as a spammer.

17. Cross-marketing

Once you have a web presence up and running, make sure that the web address is clearly visible on all stationery, printed promotional materials, giveaway pens, T-shirts or other merchandize. 

The more places that your web address is visible, the greater the chances that new folks will see the URL and decide to visit.

18. Have an email signature

All company emails should have a branded signature, and in that information, a link to the website should be included. By doing this, you ensure that any email which is forwarded to another person will include the link, and allow the recipient to click through to your site with the minimum of effort.

Invest in search engines

19. Invest in search engines

Search engine marketing allows you to promote the position you will appear at on a search, and those links that are present on the first page of results will get the majority of traffic for any given keyword.

Paying for a sponsored link enables this to happen, assuming you pay more than your competitors for each link that is clicked. Depending on the keyword, each click might cost you very little or a good bit more, but the fact that most large companies use this method demonstrates that it’s an effective marketing strategy. 

20. Use Wikipedia

Most companies have a Wikipedia page, and those that don’t need to make one. 
Not only is this a good place to chart the growth of the firm and how it compares to competitors, but it can also provide a good linkage to the main website that anyone researching a subject related to your business might run into.

https://ift.tt/2IrOjxR

Saturday, 29 September 2018

Facebook is weaponizing security to erode privacy

At a Senate hearing this week in which US lawmakers quizzed tech giants on how they should go about drawing up comprehensive Federal consumer privacy protection legislation, Apple’s VP of software technology described privacy as a “core value” for the company.

“We want your device to know everything about you but we don’t think we should,” Bud Tribble told them in his opening remarks.

Facebook was not at the commerce committee hearing which, as well as Apple, included reps from Amazon, AT&T, Charter Communications, Google and Twitter.

But the company could hardly have made such a claim had it been in the room, given that its business is based on trying to know everything about you in order to dart you with ads.

You could say Facebook has ‘hostility to privacy‘ as a core value.

Earlier this year one US senator wondered of Mark Zuckerberg how Facebook could run its service given it doesn’t charge users for access. “Senator we run ads,” was the almost startled response, as if the Facebook founder couldn’t believe his luck at the not-even-surface-level political probing his platform was getting.

But there have been tougher moments of scrutiny for Zuckerberg and his company in 2018, as public awareness about how people’s data is being ceaselessly sucked out of platforms and passed around in the background, as fuel for a certain slice of the digital economy, has grown and grown — fuelled by a steady parade of data breaches and privacy scandals which provide a glimpse behind the curtain.

On the data scandal front Facebook has reigned supreme, whether it’s as an ‘oops we just didn’t think of that’ spreader of socially divisive ads paid for by Kremlin agents (sometimes with roubles!); or as a carefree host for third party apps to party at its users’ expense by silently hovering up info on their friends, in the multi-millions.

Facebook’s response to the Cambridge Analytica debacle was to loudly claim it was ‘locking the platform down‘. And try to paint everyone else as the rogue data sucker — to avoid the obvious and awkward fact that its own business functions in much the same way.

All this scandalabra has kept Facebook execs very busy with year, with policy staffers and execs being grilled by lawmakers on an increasing number of fronts and issues — from election interference and data misuse, to ad transparencyhate speech and abuse, and also directly, and at times closely, on consumer privacy and control

Facebook shielded its founder from one sought for grilling on data misuse, as UK MPs investigated online disinformation vs democracy, as well as examining wider issues around consumer control and privacy. (They’ve since recommended a social media levy to safeguard society from platform power.) 

The DCMS committee wanted Zuckerberg to testify to unpick how Facebook’s platform contributes to the spread of disinformation online. The company sent various reps to face questions (including its CTO) — but never the founder (not even via video link). And committee chair Damian Collins was withering and public in his criticism of Facebook sidestepping close questioning — saying the company had displayed a “pattern” of uncooperative behaviour, and “an unwillingness to engage, and a desire to hold onto information and not disclose it.”

As a result, Zuckerberg’s tally of public appearances before lawmakers this year stands at just two domestic hearings, in the US Senate and Congress, and one at a meeting of the EU parliament’s conference of presidents (which switched from a behind closed doors format to being streamed online after a revolt by parliamentarians) — and where he was heckled by MEPs for avoiding their questions.

But three sessions in a handful of months is still a lot more political grillings than Zuckerberg has ever faced before.

He’s going to need to get used to awkward questions now that lawmakers have woken up to the power and risk of his platform.

Security, weaponized 

What has become increasingly clear from the growing sound and fury over privacy and Facebook (and Facebook and privacy), is that a key plank of the company’s strategy to fight against the rise of consumer privacy as a mainstream concern is misdirection and cynical exploitation of valid security concerns.

Simply put, Facebook is weaponizing security to shield its erosion of privacy.

Privacy legislation is perhaps the only thing that could pose an existential threat to a business that’s entirely powered by watching and recording what people do at vast scale. And relying on that scale (and its own dark pattern design) to manipulate consent flows to acquire the private data it needs to profit.

Only robust privacy laws could bring Facebook’s self-serving house of cards tumbling down. User growth on its main service isn’t what it was but the company has shown itself very adept at picking up (and picking off) potential competitors — applying its surveillance practices to crushing competition too.

In Europe lawmakers have already tightened privacy oversight on digital businesses and massively beefed up penalties for data misuse. Under the region’s new GDPR framework compliance violations can attract fines as high as 4% of a company’s global annual turnover.

Which would mean billions of dollars in Facebook’s case — vs the pinprick penalties it has been dealing with for data abuse up to now.

Though fines aren’t the real point; if Facebook is forced to change its processes, so how it harvests and mines people’s data, that could knock a major, major hole right through its profit-center.

Hence the existential nature of the threat.

The GDPR came into force in May and multiple investigations are already underway. This summer the EU’s data protection supervisor, Giovanni Buttarelli, told the Washington Post to expect the first results by the end of the year.

Which means 2018 could result in some very well known tech giants being hit with major fines. And — more interestingly — being forced to change how they approach privacy.

One target for GDPR complainants is so-called ‘forced consent‘ — where consumers are told by platforms leveraging powerful network effects that they must accept giving up their privacy as the ‘take it or leave it’ price of accessing the service. Which doesn’t exactly smell like the ‘free choice’ EU law actually requires.

It’s not just Europe, either. Regulators across the globe are paying greater attention than ever to the use and abuse of people’s data. And also, therefore, to Facebook’s business — which profits, so very handsomely, by exploiting privacy to build profiles on literally billions of people in order to dart them with ads.

US lawmakers are now directly asking tech firms whether they should implement GDPR style legislation at home.

Unsurprisingly, tech giants are not at all keen — arguing, as they did at this week’s hearing, for the need to “balance” individual privacy rights against “freedom to innovate”.

So a lobbying joint-front to try to water down any US privacy clampdown is in full effect. (Though also asked this week whether they would leave Europe or California as a result of tougher-than-they’d-like privacy laws none of the tech giants said they would.)

The state of California passed its own robust privacy law, the California Consumer Privacy Act, this summer, which is due to come into force in 2020. And the tech industry is not a fan. So its engagement with federal lawmakers now is a clear attempt to secure a weaker federal framework to ride over any more stringent state laws.

Europe and its GDPR obviously can’t be rolled over like that, though. Even as tech giants like Facebook have certainly been seeing how much they can get away with — to force a expensive and time-consuming legal fight.

While ‘innovation’ is one oft-trotted angle tech firms use to argue against consumer privacy protections, Facebook included, the company has another tactic too: Deploying the ‘S’ word — security — both to fend off increasingly tricky questions from lawmakers, as they finally get up to speed and start to grapple with what it’s actually doing; and — more broadly — to keep its people-mining, ad-targeting business steamrollering on by greasing the pipe that keeps the personal data flowing in.

In recent years multiple major data misuse scandals have undoubtedly raised consumer awareness about privacy, and put greater emphasis on the value of robustly securing personal data. Scandals that even seem to have begun to impact how some Facebook users Facebook. So the risks for its business are clear.

Part of its strategic response, then, looks like an attempt to collapse the distinction between security and privacy — by using security concerns to shield privacy hostile practices from critical scrutiny, specifically by chain-linking its data-harvesting activities to some vaguely invoked “security purposes”, whether that’s security for all Facebook users against malicious non-users trying to hack them; or, wider still, for every engaged citizen who wants democracy to be protected from fake accounts spreading malicious propaganda.

So the game Facebook is here playing is to use security as a very broad-brush to try to defang legislation that could radically shrink its access to people’s data.

Here, for example, is Zuckerberg responding to a question from an MEP in the EU parliament asking for answers on so-called ‘shadow profiles’ (aka the personal data the company collects on non-users) — emphasis mine:

It’s very important that we don’t have people who aren’t Facebook users that are coming to our service and trying to scrape the public data that’s available. And one of the ways that we do that is people use our service and even if they’re not signed in we need to understand how they’re using the service to prevent bad activity.

At this point in the meeting Zuckerberg also suggestively referenced MEPs’ concerns about election interference — to better play on a security fear that’s inexorably close to their hearts. (With the spectre of re-election looming next spring.) So he’s making good use of his psychology major.

“On the security side we think it’s important to keep it to protect people in our community,” he also said when pressed by MEPs to answer how a person who isn’t a Facebook user could delete its shadow profile of them.

He was also questioned about shadow profiles by the House Energy and Commerce Committee in April. And used the same security justification for harvesting data on people who aren’t Facebook users.

“Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers],” he said. “In order to prevent people from scraping public information… we need to know when someone is repeatedly trying to access our services.”

He claimed not to know “off the top of my head” how many data points Facebook holds on non-users (nor even on users, which the congressman had also asked for, for comparative purposes).

These sorts of exchanges are very telling because for years Facebook has relied upon people not knowing or really understanding how its platform works to keep what are clearly ethically questionable practices from closer scrutiny.

But, as political attention has dialled up around privacy, and its become harder for the company to simply deny or fog what it’s actually doing, Facebook appears to be evolving its defence strategy — by defiantly arguing it simply must profile everyone, including non-users, for user security.

No matter this is the same company which, despite maintaining all those shadow profiles on its servers, famously failed to spot Kremlin election interference going on at massive scale in its own back yard — and thus failed to protect its users from malicious propaganda.

TechCrunch/Bryce Durbin

Nor was Facebook capable of preventing its platform from being repurposed as a conduit for accelerating ethnic hate in a country such as Myanmar — with some truly tragic consequences. Yet it must, presumably, hold shadow profiles on non-users there too. Yet was seemingly unable (or unwilling) to use that intelligence to help protect actual lives…

So when Zuckerberg invokes overarching “security purposes” as a justification for violating people’s privacy en masse it pays to ask critical questions about what kind of security it’s actually purporting to be able deliver. Beyond, y’know, continued security for its own business model as it comes under increasing attack.

What Facebook indisputably does do with ‘shadow contact information’, acquired about people via other means than the person themselves handing it over, is to use it to target people with ads. So it uses intelligence harvested without consent to make money.

Facebook confirmed as much this week, when Gizmodo asked it to respond to a study by some US academics that showed how a piece of personal data that had never been knowingly provided to Facebook by its owner could still be used to target an ad at that person.

Responding to the study, Facebook admitted it was “likely” the academic had been shown the ad “because someone else uploaded his contact information via contact importer”.

“People own their address books. We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them,” it told Gizmodo.

So essentially Facebook has finally admitted that consentless scraped contact information is a core part of its ad targeting apparatus.

Safe to say, that’s not going to play at all well in Europe.

Basically Facebook is saying you own and control your personal data until it can acquire it from someone else — and then, er, nope!

Yet given the reach of its network, the chances of your data not sitting on its servers somewhere seems very, very slim. So Facebook is essentially invading the privacy of pretty much everyone in the world who has ever used a mobile phone. (Something like two-thirds of the global population then.)

In other contexts this would be called spying — or, well, ‘mass surveillance’.

It’s also how Facebook makes money.

And yet when called in front of lawmakers to asking about the ethics of spying on the majority of the people on the planet, the company seeks to justify this supermassive privacy intrusion by suggesting that gathering data about every phone user without their consent is necessary for some fuzzily-defined “security purposes” — even as its own record on security really isn’t looking so shiny these days.

WASHINGTON, DC – APRIL 11: Facebook co-founder, Chairman and CEO Mark Zuckerberg prepares to testify before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018 in Washington, DC. This is the second day of testimony before Congress by Zuckerberg, 33, after it was reported that 87 million Facebook users had their personal information harvested by Cambridge Analytica, a British political consulting firm linked to the Trump campaign. (Photo by Chip Somodevilla/Getty Images)

It’s as if Facebook is trying to lift a page out of national intelligence agency playbooks — when governments claim ‘mass surveillance’ of populations is necessary for security purposes like counterterrorism.

Except Facebook is a commercial company, not the NSA.

So it’s only fighting to keep being able to carpet-bomb the planet with ads.

Profiting from shadow profiles

Another example of Facebook weaponizing security to erode privacy was also confirmed via Gizmodo’s reportage. The same academics found the company uses phone numbers provided to it by users for the specific (security) purpose of enabling two-factor authentication, which is a technique intended to make it harder for a hacker to take over an account, to also target them with ads.

In a nutshell, Facebook is exploiting its users’ valid security fears about being hacked in order to make itself more money.

Any security expert worth their salt will have spent long years encouraging web users to turn on two factor authentication for as many of their accounts as possible in order to reduce the risk of being hacked. So Facebook exploiting that security vector to boost its profits is truly awful. Because it works against those valiant infosec efforts — so risks eroding users’ security as well as trampling all over their privacy.

It’s just a double whammy of awful, awful behavior.

And of course, there’s more.

A third example of how Facebook seeks to play on people’s security fears to enable deeper privacy intrusion comes by way of the recent rollout of its facial recognition technology in Europe.

In this region the company had previously been forced to pull the plug on facial recognition after being leaned on by privacy conscious regulators. But after having to redesign its consent flows to come up with its version of ‘GDPR compliance’ in time for May 25, Facebook used this opportunity to revisit a rollout of the technology on Europeans — by asking users there to consent to switching it on.

Now you might think that asking for consent sounds okay on the surface. But it pays to remember that Facebook is a master of dark pattern design.

Which means it’s expert at extracting outcomes from people by applying these manipulative dark arts. (Don’t forget, it has even directly experimented in manipulating users’ emotions.)

So can it be a free consent if ‘individual choice’ is set against a powerful technology platform that’s both in charge of the consent wording, button placement and button design, and which can also data-mine the behavior of its 2BN+ users to further inform and tweak (via A/B testing) the design of the aforementioned ‘consent flow’? (Or, to put it another way, is it still ‘yes’ if the tiny greyscale ‘no’ button fades away when your cursor approaches while the big ‘YES’ button pops and blinks suggestively?)

In the case of facial recognition, Facebook used a manipulative consent flow that included a couple of self-serving ‘examples’ — selling the ‘benefits’ of the technology to users before they landed on the screen where they could choose either yes switch it on, or no leave it off.

One of which explicitly played on people’s security fears — by suggesting that without the technology enabled users were at risk of being impersonated by strangers. Whereas, by agreeing to do what Facebook wanted you to do, Facebook said it would help “protect you from a stranger using your photo to impersonate you”…

That example shows the company is not above actively jerking on the chain of people’s security fears, as well as passively exploiting similar security worries when it jerkily repurposes 2FA digits for ad targeting.

There’s even more too; Facebook has been positioning itself to pull off what is arguably the greatest (in the ‘largest’ sense of the word) appropriation of security concerns yet to shield its behind-the-scenes trampling of user privacy — when, from next year, it will begin injecting ads into the WhatsApp messaging platform.

These will be targeted ads, because Facebook has already changed the WhatsApp T&Cs to link Facebook and WhatsApp accounts — via phone number matching and other technical means that enable it to connect distinct accounts across two otherwise entirely separate social services.

Thing is, WhatsApp got fat on its founders promise of 100% ad-free messaging. The founders were also privacy and security champions, pushing to roll e2e encryption right across the platform — even after selling their app to the adtech giant in 2014.

WhatsApp’s robust e2e encryption means Facebook literally cannot read the messages users are sending each other. But that does not mean Facebook is respecting WhatsApp users’ privacy.

On the contrary; The company has given itself broader rights to user data by changing the WhatsApp T&Cs and by matching accounts.

So, really, it’s all just one big Facebook profile now — whichever of its products you do (or don’t) use.

This means that even without literally reading your WhatsApps, Facebook can still know plenty about a WhatsApp user, thanks to any other Facebook Group profiles they have ever had and any shadow profiles it maintains in parallel. WhatsApp users will soon become 1.5BN+ bullseyes for yet more creepily intrusive Facebook ads to seek their target.

No private spaces, then, in Facebook’s empire as the company capitalizes on people’s fears to shift the debate away from personal privacy and onto the self-serving notion of ‘secured by Facebook spaces’ — in order that it can keep sucking up people’s personal data.

Yet this is a very dangerous strategy, though.

Because if Facebook can’t even deliver security for its users, thereby undermining those “security purposes” it keeps banging on about, it might find it difficult to sell the world on going naked just so Facebook Inc can keep turning a profit.

What’s the best security practice of all? That’s super simple: Not holding data in the first place.



https://ift.tt/2R4Hg2d

The ‘lazy’ option: Should you let a third-party outfit manage your website?

Read enough business journals, and you’ll encounter the expression ‘core business’ on a regular basis. 

The phrase refers to the part of the company that creates, produces or services those things which are the intrinsic reason that the business exists. Most firms have departments like human resources and accounts that are important in operational terms, but aren’t ‘core business’ functions. 

Some companies will review the various components of their business on a regular basis to determine which parts are core, and which aren’t – potentially outsourcing the latter to other firms, who can then take responsibility for, say, cleaning the offices, finding new recruits, and so on.

In a similar vein, hosting a website, updating the contents and managing any web-related security issues are all complex jobs that require experienced staff to handle. Therefore, rather than accepting those additional tasks, many businesses outsource the whole problem, and have their entire web solution managed by another company. 

In these scenarios, the website is designed and developed, then ultimately hosted and managed by a third-party, with minimal contribution from the client company. 

This might seem like the ‘lazy’ option on the face of it, but it could also be the most sensible one too. Let’s look at the arguments for doing things this way first, and then the cons, before weighing up the relative merits in our conclusion.

Peace of mind

The advantages

An obvious benefit of having the website created and maintained independently is that it won’t involve the hiring of expensive specialist technical staff. 

This is especially important if the web project is going to be a relatively short-lived exercise, followed by an update and maintenance phase that can be overseen by less knowledgeable folks. 

A big company could easily justify having a web expert, but smaller operations might not need one. 

Where the full service agreement is most valuable is if the website must go live within a tight timescale, as that can be specified within the contract and resources allocated accordingly. 

On the client side, there needs to be a dedicated project manager to parallel that of the development team, with this manager making sure that milestones are achieved on schedule, and that the live date is still achievable. 

This person should also be involved in the creation of the website specification that the developers will subsequently use to construct the site. 

Don’t think that because much of the work is done for the client company, that this disconnects the firm from all responsibility, as without branded graphics, content guides and sign-offs, the development team is effectively rudderless. 

Costs are traditionally regarded as a disadvantage (more on that shortly). However, with a properly defined specification, delivery schedule and maintenance quote, the costs should at least be ring-fenced.

Internal web projects have a knack of spiralling over their previously agreed budget, and very rarely take into account the hidden impact on staff members who are employed to do other things the majority of their working days. 

The companies that provide the full web design, development and maintenance cycle are usually very experienced at delivering these things without stressing their clients, and that peace of mind is really what you’re paying for. 

Headaches

The disadvantages

One obvious disadvantage of managed web facilities is the inherent lack of control. 

The service and the website provided by a managed service will deliver exactly what the original contract specified, no more or less. Therefore, any major expansions or revisions, or the addition of new technology, will cost extra. 

Any company entering into one of these agreements should have a clear understanding of what will happen to the site and its contents when the contract ends – since the line between ownership of code and content might easily be blurred. 

Those outfits providing this type of service often have bespoke internal web development tools that are then licensed for use on each project, and without access to those, further changes might not be practical or possible. 

But the biggest disadvantage of the lazy approach is undoubtedly cost. The initial design overheads and monthly charges aren’t likely to be cheap, and those providing these services obviously need to make a profit.

Right tools to do the job

What’s the best choice?

How well a full service solution fits a given company will depend on the human resources available, the immediacy of the need for the site, and the level of control and involvement that is required. 

A simple website doesn’t need this commercial hammer to be cracked, but those wanting to jump straight into e-commerce might require it. 

Bigger companies usually have internal resources; smaller ones would balk at the cost. So, middle-order organizations that are in the process of expanding are the most likely candidates. For them, being able to deliver a professional web solution without becoming web experts is an ideal option. 

At any rate, the decision should ultimately be one that reduces the number of senior management headaches, rather than creating extra ones.

https://ift.tt/2Qk0wHU

Friday, 28 September 2018

What Instagram users need to know about Facebook’s security breach

Even if you never log into Facebook itself these days, the other apps and services you use might be impacted by Facebook’s latest big, bad news.

In a follow-up call on Friday’s revelation that Facebook has suffered a security breach affecting at least 50 million accounts, the company clarified that Instagram users were not out of the woods — nor were any other third-party services that utilized Facebook Login. Facebook Login is the tool that allows users to sign in with a Facebook account instead of traditional login credentials and many users choose it as a convenient way to sign into a variety of apps and services.

Third-party apps and sites affected too

Due to the nature of the hack, Facebook cannot rule out the fact that attackers may have also accessed any Instagram account linked to an affected Facebook account through Facebook Login. Still, it’s worth remembering that while Facebook can’t rule it out, the company has no evidence (yet) of this kind of activity.

“So the vulnerability was on Facebook, but these access tokens enable someone to use [a connected account] as if they were the account holder themselves — this does mean they could have access other third party apps that were using Facebook login,” Facebook Vice President of Product Management Guy Rosen explained on the call.

“Now that we have reset all of those access tokens as part of protecting the security of people’s accounts, developers who use Facebook login will be able to detect that those access tokens has been reset, identify those users and as a user, you will simply have to log in again into those third party apps.”

Rosen reiterated that there is plenty Facebook does not know about the hack, including the extent to which attackers manipulated the three security bugs in question to obtain access to external accounts through Facebook Login.

“The vulnerability was on Facebook itself and we’ve yet to determine, given the investigation is really early, [what was] the exact nature of misuse and whether there was any access to Instagram accounts, for example,” Rosen said.

Anyone with a Facebook account affected by the breach — you should have been automatically logged out and will receive a notification — will need to unlink and relink their Instagram account to Facebook in order to continue cross-posting content to Facebook.

How to relink your Facebook account and do a security check

To do relink your Instagram account to Facebook, if you choose to, open Instagram Settings > Linked Accounts and select the checkbox next to Facebook. Click Unlink and confirm your selection. If you’d like to reconnect Instagram with Facebook, you’ll need to select Facebook in the Linked Accounts menu and login with your credentials like normal.

If you know your Facebook account was affected by the breach, it’s wise to check for suspicious activity on your account. You can do this on Facebook through the Security and Login menu.

There, you’ll want to browse the activity listed to make sure you don’t see anything that doesn’t look like you — logins from other countries, for example. If you’re concerned or just want to play it safe, you can always find the link to “Log Out Of All Sessions” by scrolling toward the bottom of the page.

While we know a little bit more now about Facebook’s biggest security breach to date, there’s still a lot that we don’t. Expect plenty of additional information in the coming days and weeks as Facebook surveys the damage and passes that information along to its users. We’ll do the same.



https://ift.tt/2OYiyz8

Facebook is blocking users from posting some stories about its security breach

Some users are reporting that they are unable to post today’s big story about a security breach affecting 50 million Facebook users. The issue appears to only affect particular stories from certain outlets, at this time one story from The Guardian and one from the Associated Press, both reputable press outlets.

When going to share the story to their news feed, some users, including members of the staff here at TechCrunch who were able to replicate the bug, were met with the following error message which prevented them from sharing the story.

According to the message, Facebook is flagging the stories as spam due to how widely they are being shared or as the message puts it, the system’s observation that “a lot of people are posting the same content.”

To be clear, this isn’t one Facebook content moderator sitting behind a screen rejecting the link somewhere or the company conspiring against users spreading damning news. The situation is another example of Facebook’s automated content flagging tools marking legitimate content as illegitimate, in this case calling it spam. Still, it’s strange and difficult to understand why such a bug wouldn’t affect many other stories that regularly go viral on the social platform.

This instance is by no means a first for Facebook. The platform’s automated tools — which operate at unprecedented scale for a social network — are well known for at times censoring legitimate posts and flagging benign content while failing to detect harassment and hate speech. We’ve reached out to Facebook for details about how this kind of thing happens but the company appears to have its hands full with the bigger news of the day.

While the incident is nothing particularly new, it’s an odd quirk — and in this instance quite a bad look given that the bad news affects Facebook itself.



https://ift.tt/2zD2oWC

Everything you need to know about Facebook’s data breach affecting 50M users

Facebook is cleaning up after a major security incident exposed the account data of millions of users. What’s already been a rocky year after the Cambridge Analytica scandal, the company is scrambling to regain its users trust after another security incident exposed user data.

Here’s everything you need to know so far.

What happened?

Facebook says at least 50 million users’ data may be at risk after attackers exploited a vulnerability that allowed them access to personal data. The company also preventively secure 40 million additional accounts out of an abundance of caution.

What data were the hackers after?

Facebook CEO Mark Zuckerberg said that the company has not seen any accounts compromised and improperly accessed — although it’s early days and that may change. But Zuckerberg said that the attackers were using Facebook developer APIs to obtain some information, like “name, gender, and hometowns” that’s linked to a user’s profile page.

What data wasn’t taken?

Facebook said that it looks unlikely that private messages were accessed. No credit card information was taken in the breach, Facebook said. Again, that may change as the company’s investigation continues.

What’s an access token? Do I need to change my password?

When you enter your username and password on most sites and apps, including Facebook, your browser or device is set an access tokens. This keeps you logged in, without you having to enter your credentials every time you log in. But the token doesn’t store your password — so there’s no need to change your password.

Is this why Facebook logged me out of my account?

Yes, Facebook says it reset the access tokens of all users affected. That means some 90 million users will have been logged out of their account — either on their phone or computer — in the past day. This also includes users on Facebook Messenger.

When did this attack happen?

The vulnerability was introduced on the site in July 2017, but Facebook didn’t know about it until this month, on September 16, 2018, when it spotted unusual activity. That means the hackers could have had access to user data for a long time, as Facebook is not sure right now when the attack began.

Who would do this?

Facebook doesn’t know who attacked the site, but the FBI is investigating, it says.

However, Facebook has in the past found evidence of Russia’s attempts to meddle in American democracy and influence our elections — but it’s not to say that Russia is behind this new attack. Attribution is incredibly difficult and takes a lot of time and effort. It recently took the FBI more than two years to confirm that North Korea was behind the Sony hack in 2016 — so we might be in for a long wait.

How did the attackers get in? 

Not one, but three bugs led to the data exposure.

In July 2017, Facebook inadvertently introduced three vulnerabilities in its video uploader, said Guy Rosen, Facebook’s vice president of product management, in a call with reporters. When using the “View As” feature to view your profile as someone else, the video uploader would occasionally appear when it shouldn’t display at all. When it appeared, it generated an access token using the person who the profile page was being viewed as. If that token was obtained, an attacker could log into the account of the other person.

Is the problem fixed? 

Facebook says it fixed the vulnerability on September 27, and then began resetting the access tokens of people to protect the security of their accounts.

Will Facebook be fined or punished?

If Facebook is found to have breached European data protection rules — the newly implemented General Data Protection Regulation (GDPR) — the company can face fines of up to four percent of its global revenue.

However, that fine can’t be levied until Facebook knows more about the nature of the breach and the risk to users.

Another data breach of this scale – especially coming in the wake of the Cambridge Analytica scandal and other data leaks – has some in Congress calling for the social network to be regulated. Sen. Mark Warner (D-VA) issued a stern reprimand to Facebook over today’s news, and again pushed his proposal for regulating companies holding large data sets as ““information fiduciaries” with additional consequences for improper security.

FTC Commissioner Rohit Chopra also tweeted that “I want answers” regarding the Facebook hack. It’s reasonable to assume that there could be investigators in both the U.S. and Europe to figure out what happened.

Can I check to see if my account was improperly accessed?

You can. Once you log back into your Facebook account, you can go to your account’s security and login page, which lets you see where you’ve logged in. If you had your access tokens revoked and had to log in again, you should see only the devices that you logged back in with.

Should I delete my Facebook account?

That’s up to you! But you may want to take some precautions like changing your password and turning on two-factor authentication, if you haven’t done so already. If you’re weren’t impacted by this, you may want to take the time to delete some of the personal information you’ve shared to Facebook to reduce your risk of exposure in future attacks, if they were to occur.



https://ift.tt/2xYL508

Facebook hack could hasten regulation as Sen. Warner says Congress must “step up”

Senator Mark Warner has issued a stern reprimand to Facebook over today’s revelation that 50 million users had their access token stolen by a hacker. “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users” Warner writes. As I’ve said before – the era of the Wild West in social media is over.”

In July, Warner published an expansive policy paper outlining where he believes regulation is necessary for social media companies. He proposes that companies holding large data sets be regulated as “information fiduciaries” with additional consequences for improper security. He suggests requirements for data portability and interoperability that would allow users to export their personal information and use it elsewhere if they were unsatisfied with their treatment by a social media giant. He also suggests applying similar rules to Europe’s GDPR including a requirement that breaches be disclosed within 72 hours of discovery. Notably, Facebook did disclose this hack within that window.

Facebook’s “View As” tool has been disabled following the hack. It let users see how their profile looked to a certain other user

The breach saw sophisticated hackers combine three Facebook bugs in its video uploader, user profile, and “view as” privacy feature to generate and steal the access tokens that allow users to stay logged into Facebook between sessions. These could be used to take over user accounts and take actions on their behalf. Facebook reset the access tokens of the 50 million users impacted and another 40 million who’d had their accounts viewed through the “view as” tool this year, which means they’ll have to log back into Facebook but won’t need to change their password.

The bugs stem from code pushed back in July, but Facebook only discovered the issue Tuesday afternoon as the hackers tried to scale up the attack to steal more tokens. Facebook patched the issue last night and this morning announced it was investigating, though it currently doesn’t have enough information to determine the source of the attack.. It’s already notifed the FBI, as well as the Irish Data Protection office since the breach has GDPR implications. On a call with reporters, CEO Mark Zuckerberg repeatedly called the problem “serious”. But beyond recounting the steps Facebook is taking to address this breach, he didn’t have a good answer for why users should still trust Facebook with their data.

Always quick to pounce on privacy issues, Warner has become one of the strongeest Democratic critics of the social network. He’s seemingly inherited the position of tech watchdog from former-Senator Al Franken. He’s weighed in on recent social media bias and election interference, Google’s plan to launch censored search in China, White House cybersecurity plans and more. With technology becoming an ever more important and dangerous part of people’s lives, Warner seems to see an opportunity to both protect his constituents and advance his career by demonstrating his expertise and ferocity.

This hack could be by Warner as strong evidence that social media companies like Facebook are not voluntarily doing enough to protect uses’ security and privacy. If regulation around security, portability, and interoperability is enacted, it could cost Facebook money for compliance, slow dow the pace of engineering innovation at the company, and make it more vulnerable to competitors. Right now, it’s tough for users to easily switch to another social network, which insulates Facebook from its PR problems becoming user growth problems. But if ditching Facebook for a competitor becomes simpler, it might force the company to treat its users better.

The Senator Mark Warner’s full statement can be found below:

STATEMENT OF U.S. SEN. MARK R. WARNER

~ On Facebook hack ~ 

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, released the following statement on the announcement by Facebook that it discovered a security issue affecting almost 50 million accounts:

“The news that at least 50 million Facebook users had their accounts compromised is deeply concerning. A full investigation should be swiftly conducted and made public so that we can understand more about what happened.

“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.

“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before – the era of the Wild West in social media is over.”

To kick start the debate around social media legislation, Sen. Warner in July released a white paper containing a suite of potential policy proposals for the regulation of social media.



https://ift.tt/2P3SyC8

Chronicle launches paid version of VirusTotal for the enterprise

Earlier this year, Alphabet unveiled Chronicle as the latest project to graduate from its X moonshot factory and now the company is releasing an enterprise version of its VirusTotal malware scanning tool with advanced capabilities.

The software serves as a search engine for malware and other malicious software with a free version that allows users to upload suspicious files and URLs for analysis by 70 antivirus scanners and URL/domain blacklisting services.

While the free version of VirusTotal is available as a web interface, browser extension, desktop uploader and API, the new enterprise version of the software takes things a step further by providing business that want to defend and identify security threats with additional tools and compute power to analyse threats more quickly.

New business features

VirusTotal Enterprise makes things simpler for analysts with new visualisations that help them see the connections between malware and company computers, people, departments and even emails. 

The Private Graph allows business customers to upload company-specific devices and organisation charts to aid in the software's analysis. However, unlike the free version which relies on data sharing and pooling to better analyse threats, VirusTotal Enterprise keeps the information private in order to protect sensitive company data.

The new software also brings significant speed increases as it boosts speed search by 100 per cent while also improving accuracy by using additional parameters. VirusTotal Enterprise also shows more details about uploaded files such as IP addresses, embedded domains and interest-ranked strings. Other notable features include enterprise user management as well as support for two-factor authentication for employees using VirusTotal accounts.

A new interface that unifies capabilities will also be rolling out to both free and paid users of VirusTotal in the coming weeks.

Via 9to5 Google

https://ift.tt/2zE0Lbb

This is the Razer Phone 2

Remember phone reveals? Once upon a time, companies were able to save a little for the event. These days, however, we nearly always know exactly what we’re getting ourselves into. Due to be announced next month, the second iteration of Razer’s gaming-centric handset is no different.

Bits and pieces of the forthcoming phone have already surfaced, but today’s latest leaks give us the clearest picture thus far. From an aesthetic standpoint, not a lot has changed. From the front, new Razer Phone 2 looks virtually identical to last year’s model, retaining the boxy design.

The back of the handset has been tweaked a bit, with a shifted logo, now in a neon green, in keeping with the rest of Razer’s products. The company appears to have borrowed the Chroma lighting effects here, meaning that the logo should light up when in use. The rear-facing camera has shifted down a bit, as well.

Beyond this, we don’t know a ton about the phone — but have no fear, there’s still time. The handset is set for an official launch on October 10, which leaves us with a week and a half left to leak.

https://ift.tt/2OW0Hsv

Facebook hack leaks data from 50 million users

Earlier this week Facebook discovered a breach in its security that compromised the data of nearly 50 million accounts. The announcement that the breach occurred was made on Friday and while authorities have been contacted, but Facebook has yet to discover where the attack came from or the full scope of it.

The breach was discovered by Facebook’s engineering team Tuesday morning and, according to a post on Facebook’s newsroom, the company says that 90 million users were forced to log out and log back in to verify their credentials. 

According to Facebook, the attackers used the “View As” feature that allows users to see what their account looks like to their friends, family members and complete strangers to “steal Facebook access tokens which they could then use to take over people’s accounts”.

After the breach, Facebook says it will disable that feature until it can conduct a thorough security review.

What information was taken?

At the moment, Facebook has yet to reveal what data was affected by the breach but says that it’s working to figure that information out.

It doesn’t help that the company isn’t sure who the attackers are or where the attackers came from. Those details, according to Facebook, are still under investigation.

“We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”

Facebook has reset the access tokens for some 50 million accounts it knows were affected by the breach, alongside another 40 million other accounts that may have been affected.

For those worried they may be affected, Facebook is encouraging folks to visit the “Security and Login” section in their settings to log out of all the locations signed in with their account.

https://ift.tt/2OTFXle

Blockchain breakthroughs – just how much can the tech do?

TSB and HSBC resolve system glitch that locked users out of their accounts

Banking customers of both TSB and HSBC had difficulties accessing their accounts after a glitch in the banks' online systems locked them out.

TSB says that its systems are now almost back to normal after some customers were unable to access their online accounts. HSBC was also hit by similar problems with its mobile banking app though it too now says all operations are back online after the outage.

A spokesperson for TSB apologised to customers affected by the disruption, saying: “We're sorry for any issues our customers experienced. These services are now recovering back to normal levels.”

Users of TSB's smartphone app and online banking services experienced difficulties logging in since around 7:40am on Friday. Around the same time, 50 per cent of HSBC's mobile users were having trouble connecting to its app.

This is just the latest in a string of IT outages across the banking industry, including the recent major IT failure at TSB that led to its chief Paul Pester stepping down.

Sorry for the disruption

Both banks have since apologised to their users though being unable to access one's funds online is not the kind of thing customers can get over quickly.

TSB emphasised that although users were having difficulties with its online banking, “Our cards, branch and telephone services continue to operate as normal.”

A spokesperson for HSBC did their best to reassure customers, saying:

"An earlier issue where some customers were unable to log on to the HSBC mobile banking app has been resolved and users of the app should be able to log on as usual. We will be conducting an investigation into the cause of this issue, and we apologise for any inconvenience this may have caused."

TSB experienced a huge IT meltdown earlier this year that left customers frustrated for weeks and led to the resignation of the bank's chief executive. The bank's customers, many of which are still recovering from previous outages, took to Twitter to vent their anger with the company's online services.


Via BBC

https://ift.tt/2OWv02g

Block.Party raises $10M, will adapt Settlers of Catan to its blockchain game console

Blok.Party, the company the upcoming PlayTable game console, announced today raised $10 million in new funding. It’s also unveiling a big content partnership, where Blok.Party will create its own version of the popular board game Settlers of Catan.

I first wrote about Blok.Party and PlayTable earlier this year, when co-founder and CEO Jimmy Chen first laid out his vision to use blockchain technology to build a console that can recognize real-world objects (like figurines and cards), creating a hybrid between tabletop and video gaming.

The idea may have sounded a little abstract at the time, but it got a lot clearer when Chen dropped by the TechCrunch New York office to play a couple rounds of Catan with me.

I’ll admit that I hadn’t played in a while, but it was clear from the start that PlayTable saved us some setup time — instead of putting all the pieces of the physical board together, you play on a digital representation of the board. Most of the pieces are digitized too, and we used and traded our cards using smartphones. But there is a physical “robber” pieces, because Chen said this allows the robber’s movement to remain “a very visceral experience … that a digital version can’t ever capture.”

It may not be too long before you get to try this out for yourself, at least if you’re among the 100,000 pre-orders Blok.Party has received so far. Chen said the company will start shipping its first devices this fall.

He added that Catan, like many of the other games built for PlayTable, will be priced at around $20.

“For us, it’s not about trying to compete based on price,” Chen said. “We’re trying to compete based on experience.”

The new funding comes from crypto fund JRR Capital and other investors. Chen said the company will use the money to continue scaling the product, including further software development and building out the library of games.

At the same time, he emphasized that although Blok.Party is manufacturing the initial devices, his vision is to achieve real scale through partnerships with hardware manufacturers, who will build their own PlayTable consoles. Apparently, some of those discussions are already underway.

“Our strategy is to always have [our own] hardware program running to continually do research,” Chen said. “What I’ve discovered is that keeping a hardware program running is not that expensive. The expensive part is when you try to scale the program.”

https://ift.tt/2NQVbej