Security & Privacy with technology in 2018 and beyond

Please remember the terms of your membership agreement.

Moderators: valis, garyb

User avatar
Sounddesigner
Posts: 936
Joined: Sat Jun 02, 2007 11:06 pm

Re: Security & Privacy with technology in 2018

Post by Sounddesigner » Sun Jan 13, 2019 5:42 pm

valis wrote:
Wed Dec 19, 2018 7:12 pm
I'm sure most of you saw the latest NYTimes coverage on facebook sharing data with 3rd parties:
https://www.nytimes.com/2018/12/18/tech ... ivacy.html

Here's the VERY relevant quote from the NYT article: "Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages."

Additional coverage:
https://arstechnica.com/tech-policy/201 ... sly-known/

https://thehill.com/policy/technology/4 ... usly-known

Plus a semi-counter-argument from Arstechnica:
https://arstechnica.com/information-tec ... they-look/
Looks like AT&T, T-Mobile, and Verizon was tracking their cellphone users and then selling their location data to shadowy third-paty companies. The good news is that once they were caught they admitted to it (unlike some companies) and promises to stop doing this by the end of March. Hopefully they are sincere with the self-policing and others follow suit. Apple created a new slogan from their PR disaster, "what happens on your IPhone stays on your IPhone".

Every week it seems there's a new scandal with these public data companies some who almost seem intent on forcing the hand of Congress to Regulate them (wich many politicians want to do anyways) Their greed makes them seem determined to mess the liberated internet paradigm up. More Taxes and Regulations have slowly started to come from several countries and States here in the USA. Social Media companies now have both political parties here in the US mad at them and that's not a safe place to be. If Congress was only going to create very narrow legislation that's only a couple pages to address data protection for users I would not mind it but most know it will be a BILL with 1001 pages that's heavy-handed covering too many categories, super complicated with plenty of free pork for certain districts and cronies and will ultimately have tons of unintended consequences. If some better self-policing or users demanding change does not soon occur then I don'r believe this will end well. The user data exploitation is just too rampant and reckless.

Here's a link to the cellphone data selling article - https://www.dailymail.co.uk/news/articl ... okers.html

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Sun Jan 13, 2019 8:22 pm

Saw that, thanks for sharing. Also realize that the issue with all of these things is that the carriers are not necessarily in violation per se (without further proof), but 3rd parties may leak or use data in many ways that can wind up exposing our data to aggregators and black market players that we wouldn't be pleased to find out about.

I mention this because the articles will likely show this as well, as there are legitimate reasons for the carrier selling the data. For instance roadside assistance programs make use of this data. That being said, I'm no more a fan of this than my ISP reselling my DNS queries and injecting ads into my datastream, for there's tremendous potential for mishandling of these things always.

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Sun Jan 20, 2019 6:26 pm

More updates. First, an interesting in-depth analysis from 2015 that covers such topics as "Google is to surveillance capitalism what General Motors was to managerial capitalism":

https://papers.ssrn.com/sol3/papers.cfm ... id=2594754


Some thoughts from the GNU side of the 'freedom' isle that seem relevant:

https://www.gnu.org/philosophy/surveill ... cracy.html


Next, Early Facebook investor Roger McNamee is promoting his book "Zucked: Waking Up to the Facebook Catastrophe", which of course monetizes the fact that this issue is in the limelight. Still, there are some relevant articles floating around about this. For instance, Time magazine has a front cover spread dedicated to their article:

http://time.com/5505441/mark-zuckerberg ... -downfall/


And arstechnica has another article which overlaps this same book's PR campaign, with a (tiny bit) of additional coverage:

https://arstechnica.com/tech-policy/201 ... tentional/


While his book is clearly a for-profit affair, I can't say it's not worth at least perusing the linked articles regardless of what one's take on the matter is. And now Google is back in the headlines as well:

https://www.breitbart.com/tech/2019/01/ ... al-matter/


Some day I'll speak about what happened in the most recent peak of my music career to care about autonomy and personal privacy/security. For now, I'll let you all draw your own conclusions and speak as you will about these matters. It's worth noting though that there aren't many here who are giving dissenting opinion so I suspect that we all like to think of ourselves as free thinkers capable of some degree of personal responsibility and action regardless of one's personal and political compass.

User avatar
garyb
Posts: 21799
Joined: Sun Apr 15, 2001 4:00 pm
Location: ghetto by the sea

Re: Security & Privacy with technology in 2018 and beyond

Post by garyb » Sun Jan 20, 2019 9:04 pm

yup

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Thu Jan 24, 2019 4:49 pm

Yes, “algorithms” can be biased. Here’s why
Op-ed: a computer scientist weighs in on the downsides of AI.

Quoting the summary:
"Given that ML systems (including facial recognition systems) can produce biased output, how should society treat them? Remember that, often, the choice is not between algorithmic output and perfection but between algorithmic decisions and human ones—and humans are demonstrably biased, too. That said, there are several reasons to be wary of the "algorithmic" approach.
GIGO

One reason is that people put too much trust in computer output. Every beginning programmer is taught the acronym "GIGO:" garbage in, garbage out. To end users, though, it's often "garbage in, gospel out"—if the computer said it, it must be so. (This tendency is exacerbated by bad user interfaces that make overriding the computer's recommendation difficult or impossible.) We should thus demand less bias from computerized systems precisely to compensate for their perceived greater veracity.

The second reason for caution is that computers are capable of doing things—even bad things—at scale. There is at least the perceived risk that, say, computerized facial recognition will be used for mass surveillance. Imagine the consequences if a biased but automated system differentially misidentified African-Americans as wanted criminals. Humans are biased, too, but they can't make nearly as many errors per second.

Our test, then, should be one called disparate impact. "Algorithmic" systems should be evaluated for bias, and their deployment should be guided appropriately. Furthermore, the more serious the consequences, the higher the standard should be before use."

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Wed Jan 30, 2019 9:15 pm

Facebook pays teens to install VPN that spies on them
Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.

Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits.

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page...
Which was followed by:
https://arstechnica.com/gadgets/2019/01/facebook-and-google-offered-gift-cards-for-root-level-access-to-ios-users-data/ wrote:Apple revokes Facebook’s developer certificate over data-snooping app—Google could be next
News of Facebook's application was published on TechCrunch yesterday, leading Apple to revoke Facebook's enterprise certificate. This same certificate had been used internally by Facebook for distributing beta builds of Facebook's apps and for other needs, so the revocation poses a serious challenge for the company.

News of Google's similar program also broke on TechCrunch, but that happened more recently, and Apple has not yet indicated whether it intends to take similar action with Google.
Of course I'm sure we all read about the Facetime 'hole'...

User avatar
garyb
Posts: 21799
Joined: Sun Apr 15, 2001 4:00 pm
Location: ghetto by the sea

Re: Security & Privacy with technology in 2018 and beyond

Post by garyb » Wed Jan 30, 2019 9:47 pm

when you know the history of facebook's current manager...
what else would a spy do? collecting data is the job description.

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Wed Jan 30, 2019 11:55 pm

Bingo.

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Mon Feb 04, 2019 10:19 pm

Deep Learning ‘Godfather’ Bengio Worries About China's Use of AI
The Chinese government has begun using closed circuit video cameras and facial recognition to monitor what its citizens do in public, from jaywalking to engaging in political dissent. It’s also created a National Credit Information Sharing Platform, which is being used to blacklist rail and air passengers for "anti-social" behavior and is considering expanding uses of this system to other situations.

User avatar
garyb
Posts: 21799
Joined: Sun Apr 15, 2001 4:00 pm
Location: ghetto by the sea

Re: Security & Privacy with technology in 2018 and beyond

Post by garyb » Tue Feb 05, 2019 7:44 am

the UN has declared China to be "the model government" for the world...

i really hate centrally-planned governments and economies. as Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." this is the attitude of those who run things.

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Tue Feb 05, 2019 6:38 pm

Indeed. I am eternally thankful to have retained my autonomy through the last few years, regardless of what I had to let go of for the time being. I'm still able to serve my friends, family and Scope users and am happily acting in service of those who need it thanks to that Liberty.

I do find value in some of what automation and technology has brought into our lives, my friends who have diabetes seem to very much enjoy the modern insulin pump devices, in that case they have gained freedom rather than lost it. And I would say the same thing goes for other tools, such as our beloved Scope cards up through the current mobile and tablet phase (I am very much enamoured with Synth One, which is both free and great sounding on iOS). While those are anecdotal cases they do underscore that it's not planning and technology itself that is the issue. As always, it is what we choose to do (or allow to be done) that ultimately defines how well or ill we relate to the result(s).

I would not give up the hardships I have also endured for Safety, that's for damn sure.

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Sat Feb 16, 2019 2:23 am

Facebook uses its apps to track users it thinks could threaten employees and offices
In early 2018, a Facebook user made a public threat on the social network against one of the company's offices in Europe. Facebook picked up the threat, pulled the user's data and determined he was in the same country as the office he was targeting. The company informed the authorities about the threat and directed its security officers to be on the lookout for the user. "He made a veiled threat that 'Tomorrow everyone is going to pay' or something to that effect," a former Facebook security employee told CNBC. The incident is representative of the steps Facebook takes to keep its offices, executives and employees protected, according to nine former Facebook employees who spoke with CNBC.

The company mines its social network for threatening comments, and in some cases uses its products to track the location of people it believes present a credible threat. Several of the former employees questioned the ethics of Facebook's security strategies, with one of them calling the tactics "very Big Brother-esque." Other former employees argue these security measures are justified by Facebook's reach and the intense emotions it can inspire. The company has 2.7 billion users across its services. That means that if just 0.01 percent of users make a threat, Facebook is still dealing with 270,000 potential security risks.

[...] One of the tools Facebook uses to monitor threats is a "be on lookout" or "BOLO" list, which is updated approximately once a week. The list was created in 2008, an early employee in Facebook's physical security group told CNBC. It now contains hundreds of people, according to four former Facebook security employees who have left the company since 2016. Facebook notifies its security professionals anytime a new person is added to the BOLO list, sending out a report that includes information about the person, such as their name, photo, their general location and a short description of why they were added. In recent years, the security team even had a large monitor that displayed the faces of people on the list, according to a photo CNBC has seen and two people familiar, although Facebook says it no longer operates this monitor.

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Sat Feb 16, 2019 2:23 am

18,000 Android Apps Track Users by Violating Advertising ID Policies
18,000 Android apps with tens or hundreds of millions of installs on the Google Play Store have been found to violate Google's Play Store Advertising ID policy guidance by collecting persistent device identifiers such as serial numbers, IMEI, WiFi MAC addresses, SIM card serial numbers, and sending them to mobile advertising related domains alongside ad IDs. Bleeping Computer reports:

In a statement to CNET, a Google spokesperson said: "We take these issues very seriously. Combining Ad ID with device identifiers for the purpose of ads personalization is strictly forbidden. We're constantly reviewing apps -- including those listed in the researcher's report -- and will take action when they do not comply with our policies."

Some of the most popular applications found to be violating Google's Usage of Android Adverting ID policies include Clean Master, Subway Surfers, Fliboard, My Talking Tom, Temple Run 2, and Angry Birds Classic. The list goes on and on, and the last app in the "Top 20" list still has over 100 million installations.
Of course iOS has had its issues lately with Google & Facebook both abusing their developer signed certs to release software that rooted phones it was installed on (with user permission, but also keep in mind Google owns the Play store and was willing to violate Apple's App Store rules...while allowing others to violate theirs...allegedly.)

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Sat Feb 16, 2019 2:23 am

And from the "it's a good thing we're musicians department":
8-Character Windows NTLM Passwords Can Be Cracked In Under 2.5 Hours
No biggie but a remote exploit with escalation plus that might prove interesting to the recipient...

User avatar
Sounddesigner
Posts: 936
Joined: Sat Jun 02, 2007 11:06 pm

Re: Security & Privacy with technology in 2018 and beyond

Post by Sounddesigner » Tue Feb 19, 2019 2:21 am

garyb wrote:
Tue Feb 05, 2019 7:44 am
the UN has declared China to be "the model government" for the world...

i really hate centrally-planned governments and economies. as Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." this is the attitude of those who run things.
Sadly people often slowly give up liberties even in democratic countries for free 'bread and circuses" wich is in modern times is all the free social welfare programs and utopia politicians promise. It was bread and circuses in the old Roman democracies but today free college, free guaranteed income for all even if they don't want to work, etc. Free bread and circuses for votes is one of the oldest tricks in the book and one of the greatest threats to a free society since it works so well (look at Venezuela wich was promised Utopia and now is dystopia). Facebook, Google, etc are a microcosm of this since people keep using them even after having personal data exploited by those platforms since they are free (or atleast give the illusion of free really well).. People will sell their souls for free stuff as long as the politician is charismatic and presents the proposition well and our leaders and corporations know this. Money is truly what makes the world go round unfortunately. Because this is the case we get fooled by the oldest tricks in the book and like the old adage goes "you get the Government you deserve"..

User avatar
garyb
Posts: 21799
Joined: Sun Apr 15, 2001 4:00 pm
Location: ghetto by the sea

Re: Security & Privacy with technology in 2018 and beyond

Post by garyb » Tue Feb 19, 2019 11:50 am

always blame the victim...

User avatar
valis
Posts: 4779
Joined: Sun Sep 23, 2001 4:00 pm
Location: West Coast USA
Contact:

Re: Security & Privacy with technology in 2018 and beyond

Post by valis » Tue Feb 19, 2019 6:12 pm

Or better yet, get the victims to blame themselves and stay victims as long as possible....

User avatar
garyb
Posts: 21799
Joined: Sun Apr 15, 2001 4:00 pm
Location: ghetto by the sea

Re: Security & Privacy with technology in 2018 and beyond

Post by garyb » Tue Feb 19, 2019 6:45 pm

yep.

Post Reply