Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'facebook'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 238 results

  1. Do you know how much of your information is out there? Facebook is a powerful platform, and maybe more so than you realize. If you really understand the quirks of its search function, for example, you can snoop for all photos posted by single females that a particular friend has liked. Creepy, right? When Facebook launched a feature called Graph Search in 2013 that allowed users to easily do just this, a lot of people thought so, too. Facebook has quietly back-burnered the service and focused on other aspects of search. But Graph Search is still functional, although most folks probably don't use it due to its complexity, and the fact that Facebook is no longer pushing it as a discrete service. Now, Belgian "ethical hacker" Inti De Ceukelaire has created a web interface that lets you make the most out of Graph Search, aptly called Stalkscan. Stalkscan, which launched today, is meant to highlight how much information Facebook users post about themselves, perhaps without thinking about the privacy implications, De Ceukelaire told me over email. "Graph Search and its privacy issues aren't new, but I felt like it never really reached the man on the street," De Ceukelaire wrote. "With my actions and user-friendly tools I want to target the non-tech-savvy people because most of them don't have a clue what they are sharing with the public." Because Graph Search is only available in English on Facebook, the feature wasn't known to many in De Ceukelaire's native Belgium until his tool drew attention to it. Now the Belgian media is having a shitfit, and local reports say that the country's top privacy official has called for an investigation into whether Facebook adequately protects users. It's important to note that Stalkscan only allows you to use Facebook's existing search functions, and that it won't circumvent privacy settings. In other words, if you're not someone's friend on Facebook already and they've set it so that only friends can see their posts, you won't be able to get around that with Stalkscan. What it does do is generate boutique search links that Facebook understands. This allows you to make hyper-specific searches that would be nigh-impossible to pull off without Stalkscan. How would one even formulate a sentence to search for, to use the example again, all photos posted by single females liked by a friend? With Stalkscan, that search takes just a few clicks. "Like most services, we offer a search feature, but search on Facebook is built with privacy in mind," a Facebook spokesperson said in an emailed statement. "[Stalkscan] merely redirects to Facebook's existing search result page. As with any search on Facebook, you can only see content that people have chosen to share with you." I did manage to use Stalkscan in one instance that would seem to, in spirit at least, violate someone's privacy. One Facebook friend chooses to unlist the "events" button on their public page so that stalkers can't easily find out which parties they've attended. Stalkscan showed me a list of all the past events they've attended when I searched their profile. As for what people can do to make sure that information they thought was hidden doesn't appear on Stalkscan, De Ceukelaire had some advice. "I'd advise people to check themselves first while logged in into a friend's account," he wrote. "If they see stuff they don't want to, they may want to remove tags, likes or photos from their profile. This way, they at least know what other people can see." A Facebook spokesperson emphasized that the platform allows users to take control of their privacy, if they wish. "We offer a variety of tools to help people control their information, including the ability to select an audience for every post, a feature that limits visibility of past posts to only your friends, and education efforts launched in consultation with Belgian safety experts," the spokesperson wrote in a statement. By Jordan Pearson https://motherboard.vice.com/en_us/article/facebooks-creepiest-search-tool-is-back-thanks-to-this-site
  2. Following an unprecedented live streaming "piracy fest," Facebook and Foxtel are working on a new tool that should make it easier to shut down unauthorized streams in the future. Foxtel CEO Peter Tonagh compares piracy to "stealing a loaf of bread" and says the company will do everything in its power to stop live streaming from gaining traction. A week ago hundreds of thousands of people watched unauthorized Facebook live streams of a highly anticipated rematch between two Aussie boxers. Pay TV channel Foxtel, which secured the broadcasting rights for the event, was outraged by the blatant display of piracy and vowed to take the main offenders to court. This weekend, however, things had calmed down a bit. Foxtel did indeed reach out to the culprits, some of whom had more than 100,000 people watching their unauthorized Facebook streams. The company decided to let them off the hook if they published a formal apology. Soon after, the two major streaming pirates in this case both admitted their wrongdoing in similarly worded messages. “Last Friday I streamed Foxtel’s broadcast of the Mundine v Green 2 fight via my Facebook page to thousands of people. I know that this was illegal and the wrong thing to do,” streamer Brett Hevers wrote. “I unreservedly apologize to Anthony Mundine and Danny Green, to the boxing community, to Foxtel, to the event promoters and to everyone out there who did the right thing and paid to view the fight. It was piracy, and I’m sorry.” But that doesn’t mean that the streaming piracy problem is no longer an issue. Quite the contrary. Instead of investing time and money in legal cases, Foxtel is putting its efforts in stopping future infringements. In an op-ed for the Herald Sun, Foxtel CEO Peter Tonagh likens piracy to stealing, a problem that’s particularly common Down Under. “It is no less of a crime than stealing a loaf of bread from a supermarket or sneaking into a movie theater or a concert without paying. Yet, as a nation, Australians are among the worst offenders in the world,” Tonagh writes. Foxtel’s CEO sees illegal live streaming as the third wave of piracy, following earlier trends of smart card cracking and file-sharing. The Facebook piracy fest acted as a wake-up call and Tonagh says the company will do everything it can to stop it from becoming as common as the other two. “Rest assured we will work even harder to address this piracy before it gets out of control. The illegal streaming of the Mundine v Green fight nine days ago was a wake-up call. It was the first time that Foxtel had experienced piracy of a live event on a mass scale,” he notes. Over the past several days, Foxtel and Facebook have been working on a new technology which should be able to recognize pirated streams automatically and pull them offline soon after they are started. This sounds a lot like YouTube’s Content-ID system, but for live broadcasts. “We are working on a new tool with Facebook that will allow us to upload a large stream of our events to Facebook headquarters where it can be tracked,” Tonagh tells The Australian behind a paywall. “If that content is matched on users’ accounts where it’s being streamed without our authorisation then Facebook will alert us and pull it down,” he adds. The initiative will be welcomed by other rightsholders, who face the same problem. Having an option to have Facebook recognize infringing content on the fly, is likely to make it much easier to stop these streams from becoming viral. That said, live streaming piracy itself is much broader and not particularly new. There are dozens of niche pirate site that have been offering unauthorized streams for many years already, and they’re not going anywhere anytime soon. Source: TorrentFreak
  3. The 2016 U.S. Presidential election cycle won’t be soon forgotten. It shattered old conventions and introduced a completely new way of running a campaign, including fake news. No doubt some of that content was generated for political purposes. But, for better worse, some fake news was created simply for profit. For social media giants Facebook (NASDAQ:FB) and Google (NASDAQ:GOOGL), this new trend represents a challenge that can greatly affect the monetization of their platforms. If the billions of consumers and businesses that use these two brands can’t rely on the information they are accessing, advertisers may drop support for these channels. On the other hand, could small content creators face backlash whether their content is truly fake news or simply viewed that way by these digital behemoths? Facebook and Google Will Crack Down on Fake News Facebook has just announced a new initiative to identify authentic content because, as the company puts it, stories that are authentic resonate more with its community. During the election, the social media giant was criticized for doing very little to combat fake news. Instead, Facebook tried to outsource the task of identifying this content to third parties including five fact checking organizations: the Associated Press, ABC news, Factcheck.org, Snopes and PolitiFact. However, the new update ranks authentic content by incorporating new signals to better identify what is true or false. These signals are delivered in real-time when a post is relevant to a particular user. The signals are determined by analyzing overall engagement on pages to identify spam as well as posts that specifically ask for likes, comments or shares — since these might indicate an effort to spread questionable content. As for Google, the tech company released its 2017 Bad Ads report. Google says the report plays an important role in making sure users have access to accurate and quality information online. Still, the report addresses only ads thus far. Google warns more broadly that the sustainability of the web could be threatened if users cannot rely on the information they find there. https://smallbiztrends.com/2017/02/facebook-and-google-will-crack-down-on-fake-news.html
  4. Remember that last time you posted a picture on Facebook and it automatically suggested to tag other people on the photo? Nothing unusual. You’ve tagged these people before, right? You’ve trained the machine learning face-recognition algorithm. And now Facebook can spot where they are on your picture. Now, even if you refuse to tag anyone, this doesn’t mean Facebook never stores this information somewhere. Like, “person A is potentially present on picture B”. Actually, I’m almost 100% sure they do store it. Hell, I would if I was them. I bet you already see where I’m going with this. Now imagine you take a selfie in a crowded place. Like an airport or a train station. There are some people walking on the background. Hundreds of them. Some of them facing the camera. Guess what: the Facebook’s AI has just spotted them. Even if you’re extremely cautious, even if you never post anything on Facebook, even if you have “location services” disabled on your phone at all times etc. etc. Facebook still knows where you are. You can’t stop other people from taking selfies in an airport. Now all these Jason Bourne movies don’t look so ridiculous any more, do they? All the stupid scenes with people in a control room shouting “OK, we need to find this guy, quick, oh, there he is, Berlin Hauptbahnhof arrival hall just 20 minutes ago, send the asset!” or something like that. “DeepFace” This is not just me being paranoid. Various sources indicate that Facebook uses a program it calls DeepFace to match other photos of a person. Alphabet Inc.’s cloud-based Google Photos service uses similar technology. The efficiency is astonishing According to the company’s research, DeepFace recognizes faces with an accuracy rate of 97.35 percent compared with 97.5 percent for humans — including mothers Face recognition is being built into surveillance systems and law enforcement databases for a while now. We could soon have security cameras in stores that identify people as they shop (source) Even being in “readonly” mode doesn’t help Every time you simply check Facebook without actually posting anything — the app generates a post draft for you, ever saw this? If you have a link or a picture saved in your clipboard, it even offers to attach that to your post. And of course, it has your location. How can you be sure, it does not communicate that data to the servers? Actually, I’m pretty sure it does since the app generates that “preview image” of the link stored in your clipboard (you know, that nicely formatted headline with the cover image). There’s even more. Some evidence suggests that Facebook collects your keystrokes before you actually hit the “Post” button! If you then choose to backspace everything you’ve typed — too late… Facebook has about 600 terabytes of data coming in on a daily basis (source, 2014). If I was NSA I would definitely approach Facebook for this data. UPDATE: a little privacy tip: use Facebook in mobile Safari, with an adblocker, and delete the iOS native app — helps a lot AND saves you from tons of ads and 3rd party cookie tracking. I’m sure there’s a similar solution for Android. On a desktop — use an extension like Disconnect to block 3rd party cookie tracking. UPDATE 2: there’s is a great article if you want to know more — https://veekaybee.github.io/facebook-is-collecting-this/ By Alex Yumashev https://www.jitbit.com/alexblog/260-facebook-is-terrifying/
  5. Facebook and privacy campaigner party to action by Data Protection Commissioner Helen Dixon: Ireland’s Data Protection Commissioner wants the High Court to refer issues concerning the validity of data transfer channels to Europe for determination. Photograph: Brenda Fitzsimons A court case with potentially enormous implications for EU-US trade as well as the privacy rights of hundreds of millions of EU citizens, will open before the commercial division of the High Court on Tuesday. Facebook is a party to the case, in which the Data Protection Commissioner has asked the court to refer to the EU’s top court the question of whether certain contracts protect the privacy rights of EU citizens when their personal data is transferred outside Europe. Austrian privacy campaigner Max Schrems was also joined to the proceedings by the commissioner and is in Dublin for the case, which is expected to last three weeks. The US government and a number of business and privacy groups have been permitted to join the case as amicii curiae, or “friends of the court”. There is likely to be considerable interest in any submission on behalf of the US government, particularly in light of the change in administration in January. The Data Protection Commissioner, Helen Dixon, wants the High Court to refer issues concerning the validity of data transfer channels, known as standard contractual clauses and approved by various European Commission decisions, to the Court of Justice of the European Union (CJEU) for determination. Data transfer The clauses were designed to allow businesses to transfer the personal data of EU citizens to countries outside the European Economic Area while ensuring the citizens enjoyed equivalent privacy rights to those they have in the EU. Ms Dixon’s office brought proceedings after making a draft finding in May last year that Mr Schrems had raised well-founded objections to whether the channels breached the data privacy rights of EU citizens. An earlier complaint to the commissioner by Mr Schrems in relation to Facebook’s handling of his personal data in the US, made in the wake of the Edward Snowden revelations on US surveillance in 2013, ultimately ended up before the CJEU. In that case in October 2015, the court struck down the Safe Harbour framework used by about 4,500 companies to transfer personal data to the United States, saying that US national security, public interest and law enforcement requirements prevailed over the scheme. In an update published on the commissioner’s website, the office said it was seeking a referral to Europe because Ms Dixon had concerns about the validity of the standard contractual clauses when considered in the light of a number of factors, including articles 7, 8 and 47 of the Charter of Fundamental Rights of the European Union, and the CJEU’s judgment in the first Schrems case. Mr Schrems did not proceed last November with an application to protect his exposure to costs, after both Facebook and the commissioner agreed not to pursue him for costs. Argue against referral It is expected that both Mr Schrems and Facebook will argue against referral to the CJEU, albeit for different reasons. Facebook is satisfied that the standard contractual clauses provide adequate safeguards for privacy. The commissioner will make opening submissions on Tuesday. Short opening statements from Mr Schrems and Facebook will follow. In July last year, Mr Justice Brian McGovern ruled that the US government, the Business Software Alliance, Digital Europe and the Electronic Privacy Information Centre (Epic) be joined to the proceedings as “friends of the court”. This allows them to offer expert assistance on the issues. The commissioner’s office says it will publish updates on its website as the hearing progresses. By Elaine Edwards http://www.irishtimes.com/business/technology/major-privacy-case-to-open-before-high-court-in-dublin-1.2964424
  6. Facebook Makes Its Privacy Settings Much Clearer Facebook has made lots of changes to its privacy settings over the years, usually in a bid to make them simpler to understand and use, yet many people just stick with the defaults. Facebook’s new Privacy Basics aims to make it much easier for people to find the tools they need to control their information on the social network. Created, Facebook says, using user feedback, Privacy Basics puts all of the top privacy topics and frequently asked questions within easy reach. There are 32 interactive guides available, in 44 different languages. It provides tips for securing your account, and understanding who can see your posts, what your profile looks like to others, and so on. The update comes as part of Data Privacy Day, which takes place every year on January 28. Source
  7. How To Use Facebook Messenger Without A Facebook Account You Can Now Use Facebook Messenger Without A Facebook Account, Know How With over one billion users worldwide, Facebook Messenger is now one of the biggest messaging platforms worldwide. In order to have a Facebook Messenger app on your device, you need to have an active Facebook account. However, there are a lot of reasons that many people may not want to use Facebook but only the Messenger app. For instance, Facebook staples like pyramid schemes, political debates, and pointless status updates can fill some users with rage and using such a social media site is a big no-no for them. Similarly, there are users who are not interested in keeping up with friends online and rather catch up over a cup of coffee or on the phone instead of through liking each other’s perfect social media posts. But, what about those people who want to keep in touch with certain people who are not on any other platform except for Facebook Messenger. In such a scenario, is it possible to use Facebook Messenger app without having an active Facebook account? Yes, it is. You can stay in touch with your friends via Facebook Messenger, by following the steps below: Open Facebook’s deactivate account page. Ignore the photos of the people who will apparently miss you and scroll to the bottom. The last option says you can continue using Facebook Messenger even if you deactivate your account. Make sure this is not checked and just leave it as is. Scroll down and hit Deactivate. Now, your Facebook account will be deactivated. All your Facebook data will be safe until you are ready to log in again. Go ahead and open the Messenger app using your old Facebook credentials on your smartphone or log in via the website on your PC. You will notice that you can continue chatting with all your friends without losing any of your data. Please note that your deactivated Facebook account doesn’t get reactivated, if you are using Messenger. Your friends will only be able to contact you via the chat window in Facebook or the Messenger app. If you want to use Messenger and don’t have a Facebook account, then follow the instructions mentioned below: Download Facebook Messenger on iOS, Android, or Windows Phone. Open the app and enter your phone number. Tap Continue. You will get a code via SMS to confirm your number. Once you have done that you can key in phone numbers of your friends and start messaging them. Source
  8. Mozilla: The Internet Is Unhealthy And Urgently Needs Your Help Mozilla argues that the internet's decentralized design is under threat by a few key players, including Google, Facebook, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce, and search. Can the internet as we know it survive the many efforts to dominate and control it, asks Firefox maker Mozilla. Much of the internet is in a perilous state, and we, its citizens, all need to help save it, says Mark Surman, executive director of Firefox maker the Mozilla Foundation. We may be in awe of the web's rise over the past 30 years, but Surman highlights numerous signs that the internet is dangerously unhealthy, from last year's Mirai botnet attacks, to market concentration, government surveillance and censorship, data breaches, and policies that smother innovation. "I wonder whether this precious public resource can remain safe, secure and dependable. Can it survive?" Surman asks. "These questions are even more critical now that we move into an age where the internet starts to wrap around us, quite literally," he adds, pointing to the Internet of Things, autonomous systems, and artificial intelligence. In this world, we don't use a computer, "we live inside it", he adds. "How [the internet] works -- and whether it's healthy -- has a direct impact on our happiness, our privacy, our pocketbooks, our economies and democracies." Surman's call to action coincides with nonprofit Mozilla's first 'prototype' of the Internet Health Report, which looks at healthy and unhealthy trends that are shaping the internet. Its five key areas include open innovation, digital inclusion, decentralization, privacy and security, and web literacy. Mozilla will launch the first report after October, once it has incorporated feedback on the prototype. That there are over 1.1 billion websites today, running on mostly open-source software, is a positive sign for open innovation. However, Mozilla says the internet is "constantly dodging bullets" from bad policy, such as outdated copyright laws, secretly negotiated trade agreements, and restrictive digital-rights management. Similarly, while mobile has helped put more than three billion people online today, there were 56 internet shutdowns last year, up from 15 shutdowns in 2015, it notes. Mozilla fears the internet's decentralized design, while flourishing and protected by laws, is under threat by a few key players, including Facebook, Google, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce and search. "While these companies provide hugely valuable services to billions of people, they are also consolidating control over human communication and wealth at a level never before seen in history," it says. Mozilla approves of the wider adoption of encryption today on the web and in communications but highlights the emergence of new surveillance laws, such as the UK's so-called Snooper's Charter. It also cites as a concern the Mirai malware behind last year's DDoS attacks, which abused unsecured webcams and other IoT devices, and is calling for safety standards, rules and accountability measures. The report also draws attention to the policy focus on web literacy in the context of learning how to code or use a computer, which ignores other literacy skills, such as the ability to spot fake news, and separate ads from search results. Source Alternate Source - 1: Mozilla’s First Internet Health Report Tackles Security, Privacy Alternate Source - 2: Mozilla Wants Infosec Activism To Be The Next Green Movement
  9. Explained — What's Up With the WhatsApp 'Backdoor' Story? Feature or Bug! What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker, and of course the company itself, to intercept your encrypted communication. The story involving the world's largest secure messaging platform that has over a billion users worldwide went viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp. Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are always invited What's the Issue: The vulnerability relies on the way WhatsApp behaves when an end user's encryption key changes. WhatsApp, by default, trusts new encryption key broadcasted by a contact and uses it to re-encrypt undelivered messages and send them without informing the sender of the change. In my previous article, I have elaborated this vulnerability with an easy example, so you can head on to read that article for better understanding. Facebook itself admitted to this WhatsApp issue reported by Boelter, saying that "we were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." What Experts argued: According to some security experts — "It's not a backdoor, rather it’s a feature to avoid unnecessarily re-verification of encryption keys upon automatic regeneration." Open Whisper Systems says — "There is no WhatsApp backdoor," "it is how cryptography works," and the MITM attack "is endemic to public key cryptography, not just WhatsApp." A spokesperson from WhatsApp, acquired by Facebook in 2014 for $16 Billion, says — "The Guardian's story on an alleged backdoor in WhatsApp is false. WhatsApp does not give governments a backdoor into its systems. WhatsApp would fight any government request to create a backdoor." What's the fact: Notably, none of the security experts or the company has denied the fact that, if required, WhatsApp, on government request, or state-sponsored hackers can intercept your chats. What all they have to say is — WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. Open Whisper Systems (OWS) criticized the Guardian reporting in a blog post saying, "Even though we are the creators of the encryption protocol supposedly "backdoored" by WhatsApp, we were not asked for comment." What? "...encryption protocol supposedly "backdoored" by WhatsApp…" NO! No one has said it's an "encryption backdoor;" instead this backdoor resides in the way how end-to-end encryption has been implemented by WhatsApp, which eventually allows interception of messages without breaking the encryption. As I mentioned in my previous story, this backdoor has nothing to do with the security of Signal encryption protocol created by Open Whisper Systems. It's one of the most secure encryption protocols if implemented correctly. Then Why Signal is more Secure than WhatsApp? You might be wondering why Signal private messenger is more secure than Whatsapp, while both use the same end-to-end encryption protocol, and even recommended by the same group of security experts who are arguing — "WhatsApp has no backdoor." It's because there is always room for improvement. The signal messaging app, by default, allows a sender to verify a new key before using it. Whereas, WhatsApp, by default, automatically trusts the new key of the recipient with no notification to the sender. And even if the sender has turned on the security notifications, the app notifies the sender of the change only after the message is delivered. So, here WhatsApp chose usability over security and privacy. It’s not about 'Do We Trust WhatsApp/Facebook?': WhatsApp says it does not give governments a "backdoor" into its systems. No doubt, the company would definitely fight the government if it receives any such court orders and currently, is doing its best to protect the privacy of its one-billion-plus users. But what about state-sponsored hackers? Because, technically, there is no such 'reserved' backdoor that only the company can access. Why 'Verifying Keys' Feature Can't Protect You? WhatsApp also offers a third security layer using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code or by comparing a 60-digit number. But here’s the catch: This feature ensure that no one is intercepting your messages or calls at the time you are verifying the keys, but it does not ensure that no one, in the past had intercepted or in future will intercept your encrypted communication, and there is no way, currently, that would help you identify this. WhatsApp Prevention against such MITM Attacks are Incomplete WhatsApp is already offering a "security notifications" feature that notifies users whenever a contact's security code changes, which you need to turn on manually from app settings. But this feature is not enough to protect your communication without the use of another ultimate tool, which is — Common Sense. Have you received a notification indicating that your contact's security code has changed? Instead of offering 'Security by Design,' WhatsApp wants its users to use their common sense not to communicate with the contact whose security key has been changed recently, without verifying the key manually. The fact that WhatsApp automatically changes your security key so frequently (for some reasons) that one would start ignoring such notifications, making it practically impossible for users to actively looking each time for verifying the authenticity of session keys. What WhatsApp should do? Without panicking all one-billion-plus users, WhatsApp can, at least: Stop regenerating users' encryption keys so frequently (I clearly don't know why the company does so). Give an option in the settings for privacy-conscious people, which if turned on, would not automatically trust new encryption key and send messages until manually accepted or verified by users. ...because just like others, I also hate using two apps for communicating with my friends and work colleagues i.e. Signal for privacy and WhatsApp because everyone uses it. Source
  10. WhatsApp Security: Make This Change Right Now! Security researchers found a backdoor in the popular messaging application WhatsApp recently that could allow WhatsApp to intercept and read user messages. Facebook, the owner of WhatsApp, claims that it is impossible to intercept messages on WhatsApp thanks to the services end-to-end encryption. The company states that no one, not even itself, can read what is sent when both sender and recipient use the latest version of the application. It turns out however that there is a way for WhatsApp to read user messages, as security researcher Tobias Boelter (via The Guardian) found out. Update: In a statement sent to Ghacks, a WhatsApp spokesperson provided the following insight on the claim: WhatsApp has the power to generate new encryption keys for users who are not online. Both the sender and the recipient of messages are not made aware of that, and the sender would send any message not yet delivered again by using the new encryption key to protect the messages from third-party access. The recipient of the message is not made aware of that. The sender, only if Whatsapp is configured to display security notifications. This option is however not enabled by default. While WhatsApp users cannot block the company -- or any state actors requesting data -- from taking advantage of the loophole, they can at least activate security notifications in the application. The security researcher reported the vulnerability to Facebook in April 2016 according to The Guardian. Facebook's response was that it was "intended behavior" according to the newspaper. Activate security notifications in WhatsApp To enable security notifications in WhatsApp, do the following: Open WhatsApp on the device you are using. Tap on menu, and select Settings. Select Account on the Settings page. Select Security on the page that opens. Enable "show security notifications" on the Security page. You will receive notifications when a contact's security code has changed. While this won't prevent misuse of the backdoor, it will at least inform you about its potential use. Source Alternate Source - 1: WhatsApp Encryption Has Backdoor, Facebook Says It's "Expected Behaviour" Alternate Source - 2: WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages Alternate Source - 3: Oh, for F...acebook: Critics bash WhatsApp encryption 'backdoor' Alternate Source - 4: Your encrypted WhatsApp messages can be read by anyone Alternate Source - 5: How to protect yourself from the WhatsApp 'backdoor' Alternate Source - 6: 'Backdoor' in WhatsApp's end-to-end encryption leaves messages open to interception [Updated] Detailed Explanation of the Issue and Prevention/Alternatives:
  11. Facebook Is Ready To Censor Posts In China -- Should Users Around The World Be Worried? Facebook's relationship with China has a tense and turbulent history. The social network is currently banned in China, and this clearly takes a huge chunk out of Facebook's ad revenue. In a bid to keep Chinese authorities happy, Mark Zuckerberg has been involved in the creation of software that can be used to monitor and censor posts made by users. In terms of playing by China's rules, this is clearly great news for Facebook, and it opens up the possibility of the social network operating in the country. While there is the slight silver lining that Facebook's censorship tool does not amount to a full blackout (as the Guardian puts it: "The posts themselves will not be suppressed, only their visibility"), the new program does raise a very important question: if Facebook is willing and able to create such a censorship tool for China, what’s to stop it doing the same for other markets, or even for its own benefit? The answer, of course, is 'nothing'. Facebook has shown time and time again that it is more than happy to fly in the face of popular user opinion and do whatever it wants. We have already seen some of the ways in which the social network is willing to tinker with users' newsfeeds. Increasingly controversial algorithms have been used for some time to tailor news and posts in a way that Facebook says is in users' interests. There is nothing to stop these algorithms being further tweaked to prevent the appearance of certain posts, certain types of content -- be that at Facebook's whim, or at the behest of governments around the world. Of course, the counter argument is that it would not be in Facebook's interest to introduce censorship outside of China. Except the Chinese case has very much indicated that it is in Facebook's interest to use censorship tools. In China, it is a matter of bowing to governmental demands in order to -- hopefully, in Facebook's view -- be allowed to operate in the country once again. The real driving force here is, as mentioned, money generated through advertising; this is the very reason why we should be wary of Facebook's development of a censorship tool, and fear its use elsewhere. Just as with the covert activities of the NSA, there would be nothing to stop Facebook from using a censorship tool without making it clear to users. After all, Facebook is free to do whatever it wants to do with content that is posted, so long as it is in keeping with the law. It is not a stretch to imagine a high profile advertiser applying pressure to Facebook to put a damper on certain opinions and to threaten withdrawal of advertising. Money talks, so it is hardly inconceivable that Facebook might at least be tempted to comply with such a demand -- and users would be none the wiser. What’s happening in China -- and, indeed, in Russia and other countries -- is great cause for concern. Facebook does not have a great track record when it comes to maintaining user trust (just look at the fake news problem), and as news of tools such as this starts to spread, any trust that does remain is only going to be further undermined. Source
  12. Facebook apologizes for 'terrible error' that told people they died A Facebook bug caused people's profile pages to display that they have died on Friday. Multiple Business Insider employees reported seeing the message at the top of their Facebook profiles Friday afternoon, and the bug even affected Facebook CEO Mark Zuckerberg. As of around 4 p.m. ET, people started reporting that the message was gone from their profiles. Facebook later apologized for the "terrible error" in a statement to Business Insider. Screenshot “For a brief period today, a message meant for memorialized profiles was mistakenly posted to other accounts," a Facebook spokesperson said. "This was a terrible error that we have now fixed. We are very sorry that this happened and we worked as quickly as possible to fix it.” Before the bug was fixed, visitors to the Facebook's CEO profile were greeted with a somber notification: "We hope people who love Mark will find comfort in the things others share to remember and celebrate his life," the message read. The message included a link to Facebook's request form for memorializing the account of someone who has died. People using Facebook's app also reported seeing the message. Article source
  13. The focus on loss of privacy from Watson, Cortana, Google, Facebook, DeepMind, and Siri risks us missing an even greater threat At the Gartner ITExpo this week, Microsoft CEO Satya Nadella faced tough questions on how Cortana and LinkedIn together could spy deeply on our work lives. (Microsoft is purchasing LinkedIn.) At the SoTech conference I attended this past weekend, an IBM Watson engineer faced similar questions about the data that Watson would gather to feed IBM's vision of Watson as an adviser to people in all sorts of work. But privacy is not the only issue, and not necessarily the most important one. All of these artificial intelligent systems -- Watson, Cortana, Google's DeepMind and intelligent assistants, Facebook, and Apple's Siri -- are being proposed as all-knowing, objective advisers to people, companies, and governments. The AI will tell you who's a good job candidate, what's the best medical treatment, what car you should buy, where you should live, what gas station you should frequent, and what you should eat. That's supposed to be a good development because it's based on analysis of information that individuals don't have access to and couldn't process if they did -- plus, the AI has no inherent bias in the calculations it bases its recommendation on. Thus, AI systems using algorithms and data from who knows where, with who knows what degree of accuracy and who knows what degree of encoded biases, will make these decisions on the fundamental aspects of our lives. Scary! At the SoTech conference, I asked the IBM engineer of this coming future: How would people escape getting blacklisted algorithmically, or at least understand why their résumés never get to an HR pro, their insurance rates skyrocket, they don't get housing applications accepted in certain areas, and so on? His answers: You don't know today why a company doesn't call you in for an interview or even doesn't hire you after an interview. "We comply with all government regulations." That's even scarier. Here's why: AI can make these judgments at scale, and because they are designed as centralized services, those judgments will be delivered over and over again, and many employers will get the same judgments about you. Or more likely, they won't get those judgments; HR departments use such services to screen out applicants, so only the best (however defined) get through. Employers may likely never even know you exist. Think about how credit scores work: Three companies gather credit balances, payment histories, and income data on you, then calculate your likelihood of making payments (that's what your score means). Bad data can ruin your score, and because everyone uses it, you're cut off from credit everywhere. It took years for the feds to require that companies disclose denial of credit based on such reports and to let you see the data about you. But even today, there's no regulated, assured system for correcting errors. That's for factual data. But how do you "correct" a judgment about your cultural fit, job qualifications, and all the other subjective factors that go into hiring? You can bet that a result will be exclusion by illegal factors such as race, age, or gender -- not from direct discrimination, of course, but due to the goals of such systems like "cultural fit," as the Watson engineer described. That too often means "people like us," which will easily creep into the "objective" criteria the AI uses. Economists and sociologists know well that those personal factors often correlate to putatively objective states, such as educational background, economic status, residence location, and social connections. The Watson engineer said the final decision is up to the HR department, so any inadvertent results can be corrected. Except they can't: How would HR know to look for such examples when it gets only the 17 "best" résumés? And if someone broke through, how would HR know what the AI's judgment was really based on? And why would HR take the risk over overruling the AI, which has access to all that data and is objective in its judgments? That's the evil lurking in AI: It's presented as more objective and more knowledgeable than people, so any opposition to it becomes a quixotic exercise. It takes a lot for people to question the system today. It'll be an order of magnitude harder when AIs rule the system. Employment is one area where AI can redline you, with no real recourse -- assuming you even know an AI judgment was the cause. In medicine, doctors will play second fiddle to AI diagnoses and treatment recommendations -- an objective AI is as likely to let you die quickly to save you suffering and the hospital money as it is to let you live longer to have closure with your friends and family. Less dire, AIs will correlate your medical history with that of your relatives to improve your treatment, but insurers can also use that information to price you -- and your relatives -- out of the market. That's illegal, of course, but insurers are already testing a way around that: Car insurers now promote tracking devices for your vehicles, so they can give you discounts for good driving. That's redlining inverted, but still redlining. I won't be surprised to see "good" family histories lead to discounts on medical insurance, though likely not stated that way. What school your kids may go to will also be subject to AI judgments. The financial industry commits all sorts of shady acts to extract money from you, lurching from one scandal to another while not changing the underlying behaviors. And they're exactly the kind of people who will use AI judgments to rig the system increasingly against you. The stock market will be even more a game for suckers, and your 401(k) will be even less valuable when you retire. We can only imagine how governments will use AI to predict criminal behaviors, monitor and even define suspects, regulate behaviors for individuals and businesses, and more. We saw with Edward Snowden's revelations how far beyond the bounds of civil rights that progressive governments like the United States are willing to go with today's tools. Wait till they have their own AIs tapping into all the private and public systems they can. It's all based on objective data, of course, and the judgments derived from the algorithms' view of that data. Never mind that much of the data is subjective, as are the algorithms and filters that users apply to them. AI engineers hate to admit that the world is not objective. Explicit discrimination is bad enough, systemic discrimination worse. Hidden, unacknowledged discrimination is the worst of all. AI will favor that worst kind -- at scale. I don't know that we can do anything about it. After all, laws are regularly flouted when inconvenient -- and violations will be hard to detect. (Hmm, maybe an AI to find those?) But we can try. Some ideas: Require all AI-assisted decisions on significant issues (employment, health care, education, housing, travel, professional licenses) be revealed to those they affect, with the reasons in the AI's judgment described. (This is like the current laws on credit scores.) Forbid use of nonpublic data without explicit permission in any AI analyses not conducted directly by the individual or company. Ensure that laws like HIPAA and HICAT disallow family-history-based health profiling for purposes of denial of care, substitution of lower-cost care, and price of care. Ban the use of tracking devices that deliver behavioral patterns to determine insurance and similar rates. Actual-accident history is fine, but potential-accident history is not. Disallow central storage and dissemination of AI judgments; each judgment should be a fresh one, so mistaken judgments aren't made into perpetual redlining. There should be no equivalent to a standard credit score for subjective evaluations. Require all private data be marked as such and be rejected by AI correlation systems when used by third parties. Also make it illegal for a person to waive the privacy of such information (similar to how states made it illegal for employers to force applicants to share their social-media passwords so they could see what kind of people they were). Source: http://www.infoworld.com/article/3131098/artificial-intelligence/at-the-mercy-of-ai-your-job-your-health-your-money.html
  14. The Pacific Light Cable Network will be ultra high-capacity at 120 tbps Will span nearly 8,000 miles of the Pacific, connecting LA and Hong Kong Could support 80 million simultaneous HD video calls between the cities An 8,000 mile undersea internet cable connecting Los Angeles to Hong Kong is set to be built across the Pacific Ocean by 2018. Google is teaming up with Facebook, Pacific Light Data Communication, and TE SubCom to construct a system that’s twice as powerful as the record-holding Faster cable that went live in June, which was said to be 10 million times quicker than a modem. According to the researchers, the new ultra high-capacity system would be able to support 80 million simultaneous HD video conference calls between Asia and North America, and will bring faster speeds and increased security. An 8,000 mile undersea internet cable connecting Los Angeles to Hong Kong is set to be built across the Pacific Ocean by 2018. It will be twice as powerful as the record-holding Faster cable that went live in June, which was said to be 10 million times quicker than a modem Plans for the Pacific Light Cable Network (PLCN) were announced on the Google Cloud Platform Blog. The cable will be the highest capacity trans-Pacific system, with a capacity of 120 terabits-per-second, and is the sixth undersea cable the Google has taken part in. It’s hoped that the PLCN will be operational in 2018. ‘From the get-go, PLCN is designed to accommodate evolving infrastructure technology, allowing us to independently choose network equipment and refresh optical technology as it advances,’ the Google team wrote. THE SUBSEA CABLE The PLCN will stretch nearly 8,000 miles, from Los Angeles to Hong Kong. It is an ultra high-capacity system, capable of 120-terabits-per-second. This is twice the capabilities of the Faster cable, which connects the US to Japan. Researchers say the new would be able to support 80 million simultaneous HD video conference calls between Asia and North America. ‘Most importantly, PLCN will bring lower latency, more security, and greater bandwidth to Google users in the APAC region.’ Along with this, the firm says it will expand Google’s reach in Asia for Google Cloud and G Suite users. Just months ago, Google revealed the completion of its subsea cable system that stretches from the United States to Japan. The new system will be twice as powerful as the record-holding Faster cable that went live in June, pictured, which was said to be 10 million times quicker than a modem THE 5,600 MILE CABLE The Faster subsea cable system has 60TBps total capacity – 10 million times faster than a cable modem. It transmits multiple colours of light over various frequencies, using a repeater to reenergize the light roughly every 37 miles. It has landing points in Oregon, in the US, and Chiba and Mie, in Japan, but connectivity will extend along the West Coast of the US and to major cities in Japan and other Asian locations. The $300 million ‘Faster’ cable system is backed by six companies, including Google, and runs through the Pacific Ocean from Oregon to Chiba and Mie. The system currently has a greater total capacity than any other undersea cable, Google SVP of Technical Infrastructure Urs Hölzle revealed in a blog post. It can deliver 60 terabits per second of bandwidth 5,600 miles across the ocean, bringing high speed connection to users in the US and Japan. ‘Internet users and our customers in Japan today should notice things seem to be moving a bit…FASTER,’ Hölzle wrote. ‘Today, our FASTER subsea cable between Japan and the U.S. officially entered into service.’ It has landing points in Oregon, in the US, and Chiba and Mie, in Japan, but the benefits won’t be limited only to these areas. The submarine cable system has extended connections along the West Coast, allowing it to cover Los Angeles, the San Francisco Bay Area, Portland, and Seattle. And, this connectivity will reach many major cities in Japan and other Asian locations. The subsea cable system can deliver 60 terabits per second of bandwidth 5,600 miles across the ocean, bringing high speed connection to users in the US and Japan. It has landing points in Oregon, in the US, and Chiba and Mie, in Japan, but the benefits won’t be limited only to these areas The Faster Cable system was built through the collaboration of six international companies and NEC Corporation. It transmits multiple colours of light over various frequencies, using a repeater to reenergize the light roughly every 37 miles. Construction was first announced in August 2014. ‘From the very beginning of the project, we repeatedly said to each other, ‘faster, Faster and FASTER,’ and at one point it because the project name, and today it becomes a reality, said Hiromitsu Todokoro, Chairman of the FASTER Management Committee. ‘This is the outcome of six members’ collaborative contribution and expertise together with NEC’s support. Along with this achievement, Google will open its Google Cloud Platform region in Tokyo later this year, for a faster and more secure public cloud, according to Hölzle. Faster isn’t the only subsea cable system, the SVP explained, but it is the most powerful. Hundreds of submarine cables connect different areas of the word, to ‘collectively form an important backbone that helps run the Internet.’ Article source
  15. A dramatic privacy about-face by messaging app WhatsApp this summer, in which it revealed an update to its T&Cs would for the first time allow the sharing of its user data with parent company Facebook, is getting the pair into hot water in Europe. This week Facebook was ordered to stop harvesting data on WhatsApp users in Germany by the Hamburg city DPA, which hit out at the controversial change to WhatsApp’s T&Cs as both misleading to users and a breach of national data protection law. (Facebook disagrees, and is appealing the order in Germany.) It now looks the UK’s national data protection watchdog, the ICO, is preparing to ramp up its action too. The ICO had already been — in its words — “considering” the deal, questioning whether the two companies were being transparent with users about how their data is being shared and used. But speaking to the BBC’s PM program on Radio 4 yesterday, information commissioner Elizabeth Denham said it has launched “an investigation into the data-sharing”. Asked by the BBC whether the ICO intends to follow the Hamburg DPA’s lead and order the data-sharing to be stopped, Denham said: “My intervention is an advocacy intervention on behalf of all of the WhatsApp users in the UK — and boy have we heard from them! They are quite concerned. “There’s a lot of anger out there. And again it goes back to promises, commitment, fairness and transparency. We have launched an investigation into the data-sharing, remembering that in 2014 when Facebook bought WhatsApp there was a commitment made that between the two companies they would not share information.” The new WhatsApp T&Cs state that user data — including the mobile number used to register to use the service and a user’s last seen time within the app — will be shared with Facebook and the “Facebook family of companies”, including for marketing and ad targeting purposes. Users reading the T&Cs before clicking ‘I agree’ might notice that there is a way to opt out of the data-sharing for ad targeting — but the agreement default opts users in, and the text next to the toggle to refuse to share is arguably confusingly worded. So it’s likely that many WhatsApp users will have agreed to the new privacy policy without realizing that means they are now handing data to Facebook. “It’s an active and important investigation,” Denham added, during the PM interview. “I know the public wants to hear from us as to what we’re doing — and you will hear from us very shortly.” A spokeswoman for the ICO could not confirm whether or not the ICO has a formal investigation into the data-sharing underway at this point, but did say it would be putting out an update soon, perhaps later today or on Monday. In the PM interview, Denham was also pressed on whether the ICO is doing anything to stop data flowing now, while it probes the arrangement, but she said she thinks no data is yet flowing from UK WhatsApp users to Facebook. “We are told that data is not yet being shared — so I am hoping that there is a pause in the data-sharing, and some rethinking of the terms and the consent and what data is being shared,” she said. We’ve asked Facebook to confirm whether or not it is harvesting UK WhatsApp data at this point or not and will update this post with any response. Making a general statement about the data-sharing agreement earlier this month, Europe’s Article 29 Working Party, the data protection body that represents the collective views of the DPAs of all 28 Member State of the EU, asserted that: “Users should keep control of their data when Internet giants massively compile it.” Denham also referenced the WhatsApp-Facebook privacy controversy in other public comments this week, making her first public speech since taking over the role from the prior ICO, Christopher Graham. Speaking at an event in London she noted: “We are currently reviewing data sharing between WhatsApp and other Facebook companies — all of this is about transparency and individual control.” (Ironically that event, a one day conference entitled Personal Information Economy 2016, organized by a business consultancy called Ctrl–Shift, was funded with the help of Facebook cash — the event organizers confirmed to TechCrunch Facebook was one of the sponsors. So no surprise another of the speakers was Facebook’s Stephen Deadman, aka its global deputy “Chief Privacy Officer”. Ctrl Shift said all sponsors for the event were “printed clearly” in the event brochure that was shared with delegates on the day.) In a wide-ranging first public speech that set our her priorities for leading the UK regulator through turbulent post-Brexit times, Denham said the ICO intends to pick and choose its investigations with the aim of maximizing its impact — to, as she put it, “enable results which can cascade across a sector”. She added that technology is “already at the forefront of most of our major investigations”, noting that the ICO has also been asking questions about the massive Yahoo data breach, finally confirmed last week. “As an independent regulator we have powers to issue fines of up to half a million pounds which could eventually rise to four percent of a business’ global turnover,” she warned. “In an ideal world we wouldn’t need to enforce, but we will use the stick in the cupboard when necessary. And remember it’s not just about the money — it’s about your reputation too, with your customers, the public and in the media spotlight.” EC’s competition commissioner also eyeing big data and privacy The Facebook-WhatsApp data-sharing agreement has also caught the attention of the EC’s competition commissioner, Margrethe Vestager, who earlier this month revealed her department was asking questions about the privacy policy changes, noting that the fact they didn’t merge data was factored in when the acquisition was approved. Speaking at a conference on big data in Brussels this week, Vestager argued for the need for EU-wide regulation on data — referencing the Facebook-WhatsApp controversy and suggesting new rules are needed to enable the region’s regulators to keep up with tech giants’ use (and potential misuse) of data. “Europe’s competition enforcers need to work together on big data — not just the Commission, but the national competition authorities as well,” she said. “Many of them are already doing that. Our French colleagues have launched a sector inquiry on big data. And the German authority is looking at whether Facebook may have misused its power to impose unfair privacy terms. “But if we want to be able to deal with big data issues throughout the EU, then every national authority has to have the tools it needs to enforce the rules… I think there’s a strong case for new EU rules as part of the answer.” Big data as a currency that can be used by tech giants to stifle competition is a theme Vestager has spoken on several times before. This post was updated to include Vestager’s comments on Facebook-WhatsApp sharing data Source: https://techcrunch.com/2016/09/30/whatsapps-privacy-u-turn-on-sharing-data-with-facebook-draws-more-heat-in-europe/
  16. A slew of internet organizations have come to the support of the US government in a last-minute lawsuit designed to prevent the handover of critical internet functions at midnight on Friday. The Internet Association – which represents Google, Amazon, Facebook et al – plus the Internet Society, Internet Infrastructure Coalition, NetChoice, ARIN and a number of individuals have filed an amicus brief [PDF] in Texas court on the eve of a hearing seeking a temporary restraining order against the Department of Commerce (DoC). The lawsuit, brought by four states' attorneys general, seeks to stop the handover of the IANA contract from the US government to non-profit ICANN at the stroke of midnight in Washington DC on September 30 – when the current contract ends. The lawsuit claims that the move would put at risk the First Amendment online, and could lead to ICANN simply deleting critical parts of the internet's naming systems at some future date. However, the internet organizations argue that those claims are based on "fundamental inaccuracies regarding how the relevant Internet technologies work and the role that IANA functions have played." The DoC agrees, and in its own filing [PDF] has also argued that the states' attorneys general do not have standing. The hearing – which is happening at the time of writing – could delay the planned transition and possibly pull it past the elections in November, if the judge, George C Hanks, Jr, decides there is a case to answer. If the restraining order is approved, it could disrupt the entire transition that has been two years in the making; if it is not, ICANN will assume control of the critical IANA functions on Saturday morning. Source: http://www.theregister.co.uk/2016/09/30/internet_orgs_us_government_iana_icann/ Results Internet Oversight Transfer Clears Hurdles To Take Place Saturday (Reuters) – A long-planned transfer of the internet’s technical management from the U.S. government to a global community of stakeholders is expected to take place on Saturday despite last-minute attempts by conservative politicians and officials to delay the changeover The U.S. Department of Commerce is due to cede stewardship of ICANN, or the Internet Corporation for Assigned Names and Numbers, as scheduled after a lawsuit seeking to halt the transition was denied by a federal judge in Texas on Friday. The U.S. government has been the primary manager of the internet’s address book since 1988 largely because it was invented in the country. Critics of the handover have attempted to block or delay it on grounds it could jeopardize free speech online, claims that the Obama administration and technology companies have said lack merit. The lawsuit filed on Wednesday against the federal government by the Republican states of Arizona, Texas, Nevada and Oklahoma argued the handover was unconstitutional and required congressional approval. ICANN, a California-based nonprofit, manages the database for top-level domain names such as .com and .net and their corresponding numeric addresses that allow computers to connect. After the transfer, ICANN will be governed by a collection of academics, technical experts, private industry and government representatives, public interest advocates and individual users around the world, in what it calls a “multi-stakeholder process.” Federal officials began discussing a plan to move ICANN under international oversight in the 1990s, and rolled out a formal plan in March 2014. Conservatives in the U.S. Congress, led by Senator Ted Cruz of Texas, sought to prevent the handover earlier in September by attaching an amendment to an unrelated stop-gap funding bill for the U.S. government. Cruz called the transfer a “giveaway to Russia” and other governments, but his effort failed to gain traction. A delay would have backfired by undermining U.S. credibility in international negotiations over internet standards and security, the Obama administration and technical experts have said. : Asked whether the four states which had sued the administration would appeal Friday’s court ruling, Monica Moazez, a spokeswoman for Nevada’s attorney general, responded in an email that they were weighing options. The other states could not be immediately reached. The transfer is “a symbolic, but important step in preserving the stability and openness of the Internet, which impacts free speech, our economy and our national security,” Ed Black, chief executive of the Computer & Communications Industry Association, said in a statement. Source: http://fortune.com/2016/09/30/internet-oversight-transfer-saturday/
  17. German Officials Order Facebook to Delete WhatsApp User Data Facebook was infringing data protection law Needless to say that WhatsApp users weren't pleased with the new feature and they quickly found a workaround that allowed them to disable the sharing feature within 30 days from installing or updating the app on their phones. The measure would pose some security and privacy concerns, which meant that WhatsApp had to update its terms and privacy policy, which it did for the first time in four years. WhatsApp is one of the most secure chatting applications out there, with default message encryption and self-destruct messages that make sure that no one can access conversations between users. Since the app is focused on privacy and security, it's only normal that users were concerned by this measure for sharing information with Facebook. It seems that users from Germany no longer need to worry about this, since the Hamburg Commissioner for Data Protection and Freedom of Information ordered Facebook to delete user data shared from WhatsApp. Facebook is willing to work with the Commission to resolve the issue The report by Reuters mentions that Facebook was infringing data protection law and WhatsApp's 35 million users in Germany didn't provide effective approval for sharing their information. "After the acquisition of WhatsApp by Facebook two years ago, both parties have publicly assured that data will not be shared between them," commissioner Johannes Caspar said in a statement. "The fact that this is now happening is not only a misleading of their users and the public, but also constitutes an infringement of national data protection law," Caspar added. The Commission also said that Facebook and WhatsApp are independent companies that should process user data based on their own terms and conditions. Facebook issued a statement saying that the company is working with the Hamburg DPA to resolve any concerns. Facebook bought WhatsApp for $19 billion two years ago. Source More info on this news - Alternate Source - Germany bans Facebook from collecting WhatsApp users' data
  18. The Adblock Plus crowdsourced hacker militia can’t keep up with Facebook’s disciplined army of engineers. When Facebook first announced it would circumvent ad blocking software, Adblock Plus (ABP) built a workaround in two days, boasting that “We promised that the open source community would have a solution very soon…This time that community seems to have gotten the better of even a giant like Facebook.” But it’s been a month since Facebook broke ABP’s last workaround, and the social network’s marketing messages are still getting through. Despite the fact that ABP’s browser extension gets the final say on what appears on your screen, it can’t build filters fast enough when Facebook has total control over the code it serves. Adblock Plus communications manager Ben Williams ABP parent company Eyeo’s communications and operations manager Ben Williams admits it needs to dig deeper and make more drastic changes to keep fighting Facebook. “They have basically removed every identifier that’s findable in the first level of ads”, he says while raising fear about Facebook’s ads one day being indistinguishable from content to its users as well. Williams insists his company knew this would happen. “You’ve got to think that a company like Facebook has…a playbook. It’s kind of been how we expected.” That contrasts with the confidence of Williams’ blog posts a month ago, where he wrote “What we hope users will remember is that there is a gargantuan, unstoppable community” and “Should Facebook circumvent again, I’m sure another solution will arise from that open source community.” Now ABP says it will need more time to fire back at Facebook. “We’ll have to change the software, and we’re very, very careful. We have to do some testing.” Williams says that though Facebook has scrubbed the parent elements of its ads code, “We’re in the process of being able to block based on the one of the child elements. I’d say we’re a couple weeks away from that.” In the meantime, ABP has launched its own ad exchange called the Acceptable Ads Platform. It essentially lets websites serve privacy-safe ads that ABP won’t block from appearing to 90 million of its browser extension’s users in exchange for a six percent cut. That money will be critical if Adblock Plus wants to keep funding a war with a tech giant that earns $2 billion in profit per quarter. Article source
  19. Facebook Post Tagging Scam Steals Your Login Credentials Latest Facebook scam is spreading like wildfire and it uses a Chrome app to steal login credentials — So watch out. Facebook is the most used social media platform around the world with 1.65 billion users and that’s what makes it a lucrative target for crooks, hackers and online scammers. Today, HackRead got to know about a dangerous scam spreading on Facebook like wildfire, thanks to Assaf Megidash for the alert. It begins with a notification on Facebook that a friend of yours has tagged you (potential victim) in a post. The post is actually a video that uses victim’s profile pic as its thumbnail which is quite a shocker for everyone seeing their picture on an unknown video and likely tempt them to click on the video post. Screenshot shows a user has tagged their friend on a video with their profile picture However, truth is far from reality, the tagged victim is tagged is not a video neither photo file; it is rather a link to a malicious website which looks like Facebook and once victims click the link they are taken to that malicious site whose address is “u1dmofz3.todayonlynews (dot) com” and several others. Once on this domain, the victims are redirected to yet another domain “bebetter500 (dot) com” where the actual scam is hosted. Once on the BeBetter500 website, victims can see a fake yet authentic-looking Facebook page asking them to view a video but in order to do so, they have to install a chrome extension labeled as Ozuji. As mentioned above, the page looks real and it also shows several comments from authentic Facebook users which can trick victims into installing that chrome extension. The extension can read your browser history and change the data on sites you visit. That can include changing of your financial details or Facebook login credentials. An exclusive screenshot from the scam site The description on the extension page is “Ozuji blue ipugo nuva ufiso ayivez,” which is in Cebuano language, an Austronesian regional language spoken in the Philippines. This indicates that the scammers may be from the Philippines. Upon adding the extensions it was noticed that no software was downloaded to our device. However, a Facebook profile made specifically for our test showed that ten friends were instantly tagged that means the extension was quick to gain control of our test profile. The good news is that at the time of publishing we noticed that Google has removed the Ozuji extension from its chrome store. However, it is unclear if there are more extensions on the store – serving the same scam. Ozuji extension has been deleted by Google however it’s still showing on Google search results The users most targeted by this scam were Israeli, but the Internet has no borders and you may soon become the next victim of this scam. That is if there are extensions other than the now removed Ozuji. If you have received a notification such as this, it simply means that your friend has fallen victim to this particular scam. Source
  20. Facebook Messenger Chatbots Can Leak Your Private Information Facebook Messenger chatbots jeopardize privacy: Report Facebook’s attempts to bring chatbots to its FB Messenger were appreciated by tech pundits as well as users. While businesses are making new attempts to woo customers with better experience, Facebook Messenger chatbots go a long way in making FB users life more comfortable. But this comes at the risk of your privacy according to a new research. According to tech website Venture Beat, businesses which are switching to Facebook Messenger for all service interactions will soon regret their decision because of possible customer information leaks. If people want to get the tracking information of their orders online, chatbots are a perfect solution for a successful communication, but the story is not same when it comes to sensitive data like bank account information or insurance company details. “Conversations with these businesses can be complex, emotionally-driven and often require sensitive and personal information to pass between the two parties. Consumers of these organizations need frequent and ongoing interaction,” the report notes. Venture Beat says the privacy and security needs for such sensitive communication and transactions are very high and trusting Facebook chatbots will be a big challenge for customers. As it is, Facebook users dont trust the networking giant with their data. Another reason for Messenger chatbot failure is the desire of businesses of owning the data. When hopping to Messenger to take advantage of the new technology, businesses have to share the exclusive data with the social networking giant. And it is only natural that Facebook will use this information for its own gains. Companies will have to realize that by giving away the vital proprietary data and information to Facebook, they are also giving up control of the customer. “Facebook openly says it is using the data flowing through its Messenger for Business platform, companies using it would be right to enter that relationship with skepticism,” the report said. With that data in the hands of the company selling ads to your competitors, the result could be detrimental, the report noted. Source
  21. The satellite attached to the rocket was intended to be used by Facebook. Mark Zuckerberg says he is "deeply disappointed" This is the moment SpaceX's Falcon 9 rocket exploded and destroyed The explosion at 9.07AM Eastern Time on September 1 took place during a routine test firing of the unmanned rocket as its launch date drew close. While nobody was hurt in the incident, the blast saw the loss of the rocket and its expensive payload: the Amos-6 satellite, which was planned to be used by Mark Zuckerberg's social network. For Elon Musk, the boss of the private space company, the destruction of the rocket will be a loss – albeit one the company will learn from. At present, the cause of the fireball – the smoke from which could be seen for miles around the Kennedy Space Center – is unknown. SpaceX said the "anomaly" started "around the upper stage oxygen tank and occurred during propellant loading of the vehicle". It continued to say the data from the failed test will be studied in a bid to identify the exact problem. The blast occurred as the private space firm was preparing to launch its heaviest payload to date. The satellite built by Spacecom was due to launch on September 3 and act as a communications satellite. Notably, the Amos 6 was due, in part, to be used by Facebook. In October 2015 the social network's CEO, Mark Zuckerberg, said the satellite would be used as the company's "first project to deliver internet from space". Zuckerberg, who is currently visiting Africa, intended to use the satellite to beam internet to the continent. "I'm deeply disappointed to hear that SpaceX's launch failure destroyed our satellite that would have provided connectivity to so many entrepreneurs and everyone else across the continent", he said on his Facebook Page. This firing test was a routine test ahead of the planned launch from Cape Canaveral Air Force Station this weekend. Article source
  22. Hacker Wins Bug Bounty After Exposing Critical Facebook Security Flaw A hacker from California has revealed a trick which could allow him to hack into a user’s Facebook account and gain complete access to it. Learning to hack a Facebook account is one of the first things people want to learn. Many try their hand at this to gain complete access to someone’s Facebook profile. One California-based hacker tried his method, and subsequently discovered a method that exploits Facebook’s password reset mechanism to hack into anyone’s Facebook profile. Gurkirat Singh has revealed that he discovered a way to gain access to anyone’s Facebook profile using a flaw in the social networking site’s password reset mechanism. He said that the only way for anyone to reset their Facebook password is to use a randomly generated 6-digit code which Facebook provides them with once they request a password reset. The algorithm behind it produces a truly random number. But the fact that it is a 6-digit code means that there are a possible 106 = 1,000,000 combinations. These remain the same until they are used. Gurkirat exploited this fact. According to him, Facebook needs to store duplicate codes for multiple users if more than 1,000,000 users request a password reset. This means that more than two people have the same passcode. To use this for his purpose, Gurkirat Singh devised a way to send in 2 million password change requests to Facebook He mentions that doing so is not simple, for it requires a way to change your IP to avoid being blocked by the company, as well as access to 2 million Facebook IDs. Since Facebook IDs are 15-digit long, Singh used 1,00,000,000,000,000 and made queries to Facebook Graph API to see which IDs were valid. This can only be done through authorized apps, and once a match is found, you can enter the ID in the URL like www.facebook.com/[ID]. The URL then automatically changes the ID to the username. This data was compiled into a JSON by Singh. To handle the problem of IP changing, Gurkirat Singh simply used a proxy server that listened to HTTP Requests and then assigned a random IP address to each request. He used a multithreaded script to simulate user behaviour when a passcode is required. The script requests a passcode to every user in the JSON file created earlier. Then the scripts were run to make the requests. It looked like this: After doing so, the 6-digit passcode needs to be matched using the Brute force technique. Singh added ID to the key ‘u’ and the successfully matched passcode to the key ‘n’ in the URL as www.beta.facebook.com/recover/password?u=…&n=… Doing so returned a match. Doesn't get any simpler! #Hacking #Facebook https://t.co/2vi14s1Qtp — Gurkirat Sin @GurkiratSpeca) August 25, 2016 Once this was done, Singh added this matched passcode to the URL and was redirected to the password reset page. Therefore, he was successful in gaining access to a user’s account using this method. Singh said that the bounty offered to him was a mere $500, as Facebook considered this as a low priority finding. Source
  23. Blurry Previews And Facebook Phishing Here’s a Facebook phish which uses the incredibly old technique of blurring the supposed page underneath the login prompt. This is designed to tantalise victims with what they could see if only they hand over login details. This tactic has been around from Facebook and Tumblr all the way back to Myspace, most typically in the form of the infamous “See who visited your page” scams of yesteryear. The site, located at fb-log(dot)890m(dot)com, looks like this: Logging into the page would eventually direct the victim to the below “exploit” themed website: The site seems to be offering up a “remote way to hack”, alongside asking if the visitor has tried their application. Well, okay. We downloaded the .APK on offer, fired it up and… …it simply opens up the webpage in Android. If you were already viewing the site on an Android, this would be vaguely confusing. Sploitception? Anyway. Clicking into the various Scams / Xploitz / SMS tabs suggests we need to be registered to view whatever content is on offer. An interesting diversion, but the primary focus should be on avoiding the phishing page in the first place. If you think you’ve been caught by this scam – or indeed any other Facebook phish – then set about changing your password as soon as possible, and follow the safety tips listed on their Privacy Basics page. Source
  24. Information Commissioner To Investigate Data Sharing Between WhatsApp And Facebook WhatsApp's plans to share user data with Facebook are to be investigated by the Information Commissioner's Office (ICO) in the UK. The change in privacy policy goes against a previous public commitment not to share data in this way. The ICO has the power to regulate how companies make use of data belonging to people located in the UK, even if the companies themselves are located elsewhere. A key concern is whether there will be compliance with data protection laws. Users are particularly upset about the data sharing plans because when Facebook acquired WhatsApp back in 2014, the company said clearly that data would not be shared in this way. The backlash on social media has, predictably, resulted in many people complaining that they will stop using WhatsApp. It has also been suggested that in sharing private data from WhatsApp, Facebook will be violating an agreement it struck with the Federal Trade Commission. Information commissioner Elizabeth Denham said: Anyone who is concerned about their privacy is reminded that they can use WhatsApp's instructions to prevent data sharing. Or they could stop using WhatsApp... Source