Facebook

Facebook Accused of Conducting Mass Surveillance Through Its Apps (theguardian.com) 44

A court case in California alleges that Facebook used its apps to gather information about users and their friends, including some who had not signed up to the social network, reading their text messages, tracking their locations and accessing photos on their phones. The Guardian reports: The claims of what would amount to mass surveillance are part of a lawsuit brought against the company by the former startup Six4Three, listed in legal documents filed at the superior court in San Mateo as part of a court case that has been ongoing for more than two years. The allegations about surveillance appear in a January filing, the fifth amended complaint made by Six4Three. It alleges that Facebook used a range of methods, some adapted to the different phones that users carried, to collect information it could use for commercial purposes.

"Facebook continued to explore and implement ways to track users' location, to track and read their texts, to access and record their microphones on their phones, to track and monitor their usage of competitive apps on their phones, and to track and monitor their calls," one court document says. But all details about the mass surveillance scheme have been redacted on Facebook's request in Six4Three's most recent filings. Facebook claims these are confidential business matters. It has until next Tuesday to submit a claim to the court for the documents to remain sealed from public view.

Facebook

Facebook Asks British Users To Submit Their Nudes as Protection Against Revenge Porn (betanews.com) 294

Mark Wilson writes: Following on from a trial in Australia, Facebook is rolling out anti-revenge porn measures to the UK. In order that it can protect British users from failing victim to revenge porn, the social network is asking them to send in naked photos of themselves. The basic premise of the idea is: send us nudes, and we'll stop others from seeing them .
Facebook

European Lawmakers Asked Mark Zuckerberg Why They Shouldn't Break Up Facebook (theverge.com) 215

European lawmakers questioned Mark Zuckerberg in Brussels today for almost an hour and a half, asking him to address concerns about the Cambridge Analytica data leak and Facebook's potential monopoly. German MEP Manfred Weber asked whether the Facebook CEO could name a single European alternative to his "empire," which includes apps like WhatsApp and Instagram in addition to Facebook. "I think it's time to discuss breaking up Facebook's monopoly, because it's already too much power in only one hand," said Weber. "So I ask you simple, and that is my final question: can you convince me not to do so?" Belgian MEP Guy Verhofstadt then chimed in and asked whether Facebook would cooperate with European antitrust authorities to determine whether the company was indeed a monopoly, and if it was, whether Facebook would accept splitting off WhatsApp or Messenger to remedy the problem. The Verge reports: The panel's format let Zuckerberg selectively reply to questions at the end of the session, and he didn't address Verhofstadt's points. Instead, he broadly outlined how Facebook views "competition" in various spaces. "We exist in a very competitive space where people use a lot of different tools for communication," said Zuckerberg. "From where I sit, it feels like there are new competitors coming up every day" in the messaging and social networking space. He also said that Facebook didn't hold an advertising monopoly because it only controlled 6 percent of the global advertising market. (It's worth noting: this is still a huge number.) And he argued that Facebook promoted competition by making it easier for small businesses to reach larger audiences -- which is basically unrelated to the question of whether Facebook itself is a monopoly.
Facebook

Advocacy Groups Call for the FTC To Break Up Facebook (bleepingcomputer.com) 133

An anonymous reader shares a report: Several advocacy groups have banded together for a campaign that calls upon the US Federal Trade Commission to intervene and break up Facebook into smaller companies -- and more specifically to split off the Messenger, Instagram, and WhatsApp services from the mother company. The campaign, named Freedom from Facebook, was set into motion today by eight groups -- Demand Progress, Citizens Against Monopoly, Content Creators Coalition, Jewish Voice for Peace, MoveOn, Mpower Change, Open Markets Institute, and SumOfUs, respectively. Through a dedicated website, the eight advocacy groups are urging users to file a petition with the FTC on the grounds that Facebook has become a monopoly. The campaign's motto is "It's time to make Facebook safe for democracy." "Facebook and Mark Zuckerberg have amassed a scary amount of power," the campaign's website reads. "Facebook unilaterally decides the news that billions of people around the world see every day."
Privacy

'I Asked Apple for All My Data. Here's What Was Sent Back' (zdnet.com) 171

"I asked Apple to give me all the data it's collected on me since I first became a customer in 2010," writes the security editor for ZDNet, "with the purchase of my first iPhone." That was nearly a decade ago. As most tech companies have grown in size, they began collecting more and more data on users and customers -- even on non-users and non-customers... Apple took a little over a week to send me all the data it's collected on me, amounting to almost two dozen Excel spreadsheets at just 5MB in total -- roughly the equivalent of a high-quality photo snapped on my iPhone. Facebook, Google, and Twitter all took a few minutes to an hour to send me all the data they store on me -- ranging from a few hundred megabytes to a couple of gigabytes in size...

The zip file contained mostly Excel spreadsheets, packed with information that Apple stores about me. None of the files contained content information -- like text messages and photos -- but they do contain metadata, like when and who I messaged or called on FaceTime. Apple says that any data information it collects on you is yours to have if you want it, but as of yet, it doesn't turn over your content which is largely stored on your slew of Apple devices. That's set to change later this year... And, of the data it collects to power Siri, Maps, and News, it does so anonymously -- Apple can't attribute that data to the device owner... One spreadsheet -- handily -- contained explanations for all the data fields, which we've uploaded here...

[T]here's really not much to it. As insightful as it was, Apple's treasure trove of my personal data is a drop in the ocean to what social networks or search giants have on me, because Apple is primarily a hardware maker and not ad-driven, like Facebook and Google, which use your data to pitch you ads.

CNET explains how to request your own data from Apple.
Security

RedDawn Android Malware Is Harvesting Personal Data of North Korean Defectors (theinquirer.net) 21

According to security company McAfee, North Korea uploaded three spying apps to the Google Play Store in January that contained hidden functions designed to steal personal photos, contact lists, text messages, and device information from the phones they were installed on. "Two of the apps purported to be security utilities, while a third provided information about food ingredients," reports The Inquirer. All three of the apps were part of a campaign dubbed "RedDawn" and targeted primarily North Korean defectors. From the report: The apps were promoted to particular targets via Facebook, McAfee claims. However, it adds that the malware was not the work of the well-known Lazarus Group, but another North Korean hacking outfit that has been dubbed Sun Team. The apps were called Food Ingredients Info, Fast AppLock and AppLockFree. "Food Ingredients Info and Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server. We believe that these apps are multi-staged, with several components."

"AppLockFree is part of the reconnaissance stage, we believe, setting the foundation for the next stage unlike the other two apps. The malwares were spread to friends, asking them to install the apps and offer feedback via a Facebook account with a fake profile promoted Food Ingredients Info," according to McAfee security researcher Jaewon Min. "After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks. From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Furthermore, the email addresses of the new malware's developer are identical to the earlier email addresses associated with the Sun Team."

Businesses

Data Science is America's Hottest Job (bloomberg.com) 79

Anonymous readers share a report: It turns out that even in the wake of Facebook's privacy scandal and other big-data blunders, finding people who can turn social-media clicks and user-posted photos into monetizable binary code is among the biggest challenges facing U.S. industry. People with data science bona fides are among the most sought-after professionals in business, with some data science Ph.Ds commanding as much as $300,000 or more from consulting firms.

Job postings for data scientists rose 75 percent from January 2015 to January 2018 at Indeed.com, while job searches for data scientist roles rose 65 percent. A growing specialty is "sentiment analysis," or finding a way to quantify how many tweets are trashing your company or praising it. A typical data scientist job pays about $119,000 at the midpoint of salaries and rises to $168,000 at the 95th percentile, according to staffing agency Robert Half Technology.

Facebook

Facebook's Android App Is Asking for Superuser Privileges, Users Say (bleepingcomputer.com) 183

Catalin Cimpanu, reporting for BleepingComputer: The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. "Grants full access to your device," read the prompts while asking users for superuser permissions. These popups originate from the official Facebook Android app (com.facebook.katana) and are started appearing last night [UTC timezone], continuing throughout the day. Panicked users took to social media, Reddit, and Android-themed forums to share screengrabs of these suspicious popups and ask for advice on what's going on.
Advertising

Ads Are Coming To Facebook Stories (techcrunch.com) 31

Facebook Stories has reached 150 million daily active users after launching nearly 14 months ago. So what's the next logical step after reaching such a milestone? Advertisements. According to TechCrunch, Facebook Stories will start testing its first ads today in the U.S., Mexico and Brazil. From the report: They're 5- to 15-second video ads users can skip, and while there's no click-through or call to action now, Facebook plans to add that in the coming months. Advertisers can easily extend their Instagram Stories ads to this new surface, or have Facebook automatically reformat their News Feed ads with color-matched borders and text at the bottom. Facebook also plans to give businesses more metrics on their Stories performance to convince them the feature is worth their ad dollars.
Facebook

Justice Department, FBI Are Investigating Cambridge Analytica (cbsnews.com) 139

An anonymous reader quotes a report from CBS News: The Justice Department and FBI are investigating Cambridge Analytica, the now-shuttered political data firm that was once used by the Trump campaign and came under scrutiny for harvesting data of millions of users, The New York Times reported on Tuesday. The Times, citing a U.S. official and people familiar with the inquiry, reported federal investigators have looked to question former employees and banks connected to the firm.

The Times reports prosecutors have informed potential witnesses there is an open investigation into the firm, whose profiles of voters were intended to help with elections. One source tells CBS News correspondent Paula Reid prosecutors are investigating the firm for possible financial crimes. A company that has that much regulatory scrutiny is almost guaranteed to have federal prosecutors interested, Reid was told. Christopher Wylie, a former Cambridge Analytica employee who spoke out about the data sharing practices, told the Times federal investigators had contacted him. The American official told the Times investigators have also contacted Facebook as a part of the probe.

Facebook

Facebook Deleted 583 Million Fake Accounts in the First Three Months of 2018 (cnet.com) 75

Facebook said Tuesday that it had removed more than half a billion fake accounts and millions of pieces of other violent, hateful or obscene content over the first three months of 2018. From a report: In a blog post on Facebook, Guy Rosen, Facebook's vice president of product management, said the social network disabled about 583 million fake accounts during the first three months of this year -- the majority of which, it said, were blocked within minutes of registration. That's an average of over 6.5 million attempts to create a fake account every day from Jan. 1 to March 31. Facebook boasts 2.2 billion monthly active users, and if Facebook's AI tools didn't catch these fake accounts flooding the social network, its population would have swelled immensely in just 89 days.
Facebook

Facebook Faulted By Judge For 'Troubling Theme' In Privacy Case (bloomberg.com) 62

schwit1 quotes a report from Bloomberg: A judge scolded Facebook for misconstruing his own rulings as he ordered the company to face a high-stakes trial accusing it of violating user privacy. The social media giant has misinterpreted prior court orders by continuing to assert the "faulty proposition" that users can't win their lawsuit under an Illinois biometric privacy law without proving an "actual injury," U.S. District Judge James Donato said in a ruling Monday. Likewise, the company's argument that it's immune from having to pay a minimum of $1,000, and as much as $5,000, for each violation of the law is "not a sound proposition," he said. Under the Illinois Biometric Information Privacy Act, the damages in play at a jury trial set for July 9 in San Francisco could easily reach into the billions of dollars for the millions of users whose photos were allegedly scanned without consent. Apart from his concerns about the "troubling theme" in Facebook's legal arguments, Donato ruled a trial must go forward because there are multiple factual issues in dispute, including a sharp disagreement over how the company's photo-tagging software processes human faces.
Facebook

Researchers Reportedly Exposed Facebook Quiz Data On 3 Million Users (newscientist.com) 19

According to a report from New Scientist, researchers exposed quiz data on over three million Facebook users via an insecure website. The data includes answers to intimate questionnaires, and was held by academics from the University of Cambridge's Psychometrics Centre. While the breach isn't as severe as the Cambridge Analytica leak, it is distantly connected as the project previously involved Alexandr Kogan, the researcher at the center of the scandal. From the report: Facebook suspended myPersonality from its platform on April 7 saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared. More than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project. All of this data was then scooped up and the names removed before it was put on a website to share with other researchers. The terms allow the myPersonality team to use and distribute the data "in an anonymous manner such that the information cannot be traced back to the individual user."

However, for those who were not entitled to access the data set because they didn't have a permanent academic contract, for example, there was an easy workaround. For the last four years, a working username and password has been available online that could be found from a single web search. Anyone who wanted access to the data set could have found the key to download it in less than a minute.

Security

Hacker Shuts Down Copenhagen's Public City Bikes System (bleepingcomputer.com) 72

An anonymous reader writes: "An unidentified hacker has breached Bycyklen -- Copenhagen's city bikes network -- and deleted the organization's entire database, disabling the public's access to bicycles over the weekend," reports Bleeping Computer. "The hack took place on the night between Friday, May 4, and Saturday, May 5, the organization said on its website. Bycyklen described the hack as "rather primitive," alluding it may have been carried out "by a person with a great deal of knowledge of its IT infrastructure." Almost 2,000 bikes were affected, and the company's employees have been working for days, searching for bikes docked across the city and installing a manual update to restore functionality. The company is holding a "treasure hunt," asking users to hunt down and identify non-functional bikes.
The Internet

Russian Fake News Ecosystem Targets Syrian Human Rights Workers (securityledger.com) 259

chicksdaddy shares a report from The Security Ledger: Kremlin linked news sites like RT and Sputnik figure prominently in an online disinformation campaign portraying Syrian humanitarian workers ("White Helmets") as terrorists and crisis actors, according to an analysis (PDF) by researchers at University of Washington and Harvard. An online "echosystem" of propaganda websites including Russia backed news outlets Sputnik and RT is attacking the credibility of humanitarian workers on the ground in rebel occupied Syria, according to a new analysis by researchers at The University of Washington and Harvard University. Online rumors circulated through so called "alternative" media sites have attacked the Syrian Civil Defense (aka "White Helmets") as "crisis actors" and Western agents working on behalf of the U.S. and NATO. Statistical analysis of the online rumors reveal a tight network of websites sharing nearly identical content via Twitter and other social media platforms, wrote Kate Starbird. Starbird is an Assistant Professor of Human Centered Design & Engineering at University of Washington and a leading expert on so-called "crisis informatics."

In activity reminiscent of the disinformation campaigns that roiled the U.S. Presidential election in 2016, articles by what Starbird describes as "a few prominent journalists and bloggers" writing for self described "alternative" news sites like 21stCenturyWire, GlobalResearch, MintPressNews, and ActivistPost are picked up by other, smaller and more niche websites including both left- and right-leaning partisan news sites, "clickbait sites," and conspiracy theory websites. Government funded media outlets from Syria, Iran, Hezbollah and Russia figure prominently in the Syrian disinformation campaign, Starbird's team found. In particular, "Russian government-funded media outlets (i.e. SputnikNews and RT) play a prominent and multi-faceted role within this ecosystem," she wrote.

Microsoft

Microsoft Turned Customers Against the Skype Brand (bloomberg.com) 135

An anonymous reader quotes a report from Bloomberg: Since acquiring Skype from private equity investors, Microsoft has refocused the online calling service on the corporate market, a change that has made Skype less intuitive and harder to use, prompting many Skypers to defect to similar services operated by Apple, Google, Facebook and Snap. The company hasn't updated the number of Skype users since 2016, when it put the total at 300 million. Some analysts suspect the numbers are flat at best, and two former employees describe a general sense of panic that they're actually falling. The ex-Microsofters, who requested anonymity to discuss confidential statistics, say that as late as 2017 they never heard a figure higher than 300 million discussed internally.

Chief Executive Officer Satya Nadella has repeatedly said he wants the company's products to be widely used and loved. By turning Skype into a key part of its lucrative Office suite for corporate customers, Microsoft is threatening what made it appealing to regular folks in the first place. [...] Focusing on corporations was a reasonable strategy and one shared by Skype's prior management. Originally [former Microsoft CEO Steve Ballmer] and company pledged to let Skype operate independently from Lync, Microsoft's nascent internet phone service for corporations. But two years later the company began merging the two into Skype for Business and folded that into Office. Today, Microsoft is using Skype for Business to help sell subscriptions to its cloud-based Office 365 and steal customers from Cisco. Microsoft has essentially turned Skype into a replacement for a corporate telephone system -- with a few modern features borrowed from instant messaging, artificial intelligence and social networking.
In closing, Bloomberg argues "the complexity of the corporate software (security, search, and the ability to host town halls) crowds out the simplicity consumers prefer (ease-of-use and decent call quality)."
Businesses

The $100B Bet: The Meaning of the Vision Fund (economist.com) 39

Two years ago, if you had asked experts to identify the most influential person in technology, you would have heard some familiar names: Jeff Bezos of Amazon, Alibaba's Jack Ma or Facebook's Mark Zuckerberg. Today there is a new contender: Masayoshi Son. The founder of SoftBank, a Japanese telecoms and internet firm, has put together an enormous investment fund that is busy gobbling up stakes in the world's most exciting young companies. The Vision Fund is disrupting both the industries in which it invests and other suppliers of capital [Editor's note: the link may be paywalled; an alternative source wasn't immediately available]. From a report: But even if the fund ends up flopping, it will have several lasting effects on technology investing. The first is that the deployment of so much cash now will help shape the industries of the future. Mr Son is pumping money into "frontier technologies" from robotics to the internet of things. He already owns stakes in ride-hailing firms such as Uber; in WeWork, a co-working company; and in Flipkart, an Indian e-commerce firm that was this week sold to Walmart. In five years' time the fund plans to have invested in 70-100 technology unicorns, privately held startups valued at $1bn or more. Its money, often handed to entrepreneurs in multiples of the amounts they initially demand and accompanied by the threat that the cash will go to the competition if they balk, gives startups the wherewithal to outgun worse-funded rivals. Mr Son's bets do not have to pay off for him to affect the race. Mr Son's second impact will be on the venture-capital industry. To compete with the Vision Fund's pot of moolah, and with the forays of other unconventional investors, incumbents are having to bulk up.
Facebook

Facebook Plans To Create Its Own Cryptocurrency: Report (cheddar.com) 90

Facebook is "very serious" about launching its own cryptocurrency, news outlet Cheddar reported Friday. It's not the first time the idea of a Facebook coin has been floated, but it seems more apparent now in wake of Facebook's reshuffled executive structure and newly formed blockchain group. From the report: Facebook started studying blockchain almost a year ago, when a member of its corporate development team, Morgan Beller, began looking at how the social platform could use the emerging technology. At the time, Beller was the only Facebook employee devoted to studying blockchain, the digital and decentralized ledger that underpins cryptocurrencies like Bitcoin and Ethereum. Her work was thrust into the spotlight this week when Facebook announced that the vice president in charge of the Messenger app, David Marcus, would lead a new team to "explore how to best leverage blockchain across Facebook, starting from scratch."
United States

US Congressmen Reveal Thousands of Facebook Ads Bought By Russian Trolls (mercurynews.com) 309

An anonymous reader writes: Democrats on the House Intelligence Committee on Thursday released about 3,400 Facebook ads purchased by Russian agents around the 2016 presidential election on issues from immigration to gun control, a reminder of the complexity of the manipulation that Facebook is trying to contain ahead of the midterm elections. The ads, which span from mid-2015 to mid-2017, illustrate the extent to which Kremlin-aligned forces sought to stoke social, cultural and political unrest on one of the Web's most powerful platforms. With the help of Facebook's targeting tools, Russia's online army reached at least 146 million people on Facebook and Instagram, its photo-sharing service, with ads and other posts, including events promoting protests around the country...

Rep. Adam Schiff of California, the top Democrat on the House Intelligence Committee, said lawmakers would continue probing Russia's online disinformation efforts. In February, Robert S. Mueller III, the special counsel investigating Russia and the 2016 election, indicted individuals tied to the IRA for trying to interfere in the presidential race. "They sought to harness Americans' very real frustrations and anger over sensitive political matters in order to influence American thinking, voting and behavior," Schiff said in a statement. "The only way we can begin to inoculate ourselves against a future attack is to see first-hand the types of messages, themes and imagery the Russians used to divide us...."

The documents released Thursday also reflect that Russian agents continued advertising on Facebook well after the presidential election... They marketed a page called Born Liberal to likely supporters of Sen. Bernie Sanders, I-Vt., the data show, an ad that had more than 49,000 impressions into 2017. Together, the ads affirmed the fears of some lawmakers, including Republicans, that Russian agents have continued to try to influence U.S. politics even after the 2016 election. Russian agents also had created thousands of accounts on Twitter, and in January, the company revealed that it discovered more than 50,000 automated accounts, or bots, with links to Russia.

Chrome

Malicious Chrome Extensions Infect Over 100,000 Users Again (arstechnica.com) 39

An anonymous reader quotes Ars Technica: Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google's official Chrome Web Store. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected more than 100,000 users, at least one inside a "well-protected network" of an unnamed global manufacturing firm, Radware said...

The extensions were being pushed in links sent over Facebook that led people to a fake YouTube page that asked for an extension to be installed. Once installed, the extensions executed JavaScript that made the computers part of a botnet. The botnet stole Facebook and Instagram credentials and collected details from a victim's Facebook account. The botnet then used that pilfered information to send links to friends of the infected person. Those links pushed the same malicious extensions. If any of those friends followed the link, the whole infection process started all over again. The botnet also installed cryptocurrency miners that mined the monero, bytecoin, and electroneum digital coins.

Slashdot Top Deals