Communications

WhatsApp Raises Minimum Age In Europe To 16 Ahead of Data Law Change (reuters.com) 38

WhatsApp is raising its minimum age from 13 to 16 in Europe to help it comply with new data privacy rules coming into force next month. The app will ask European users to confirm they are at least 16 years old when they are prompted to agree to new terms of service and a privacy policy provided by a new WhatsApp Ireland entity in the next few weeks. Reuters reports: Facebook, which has a separate data policy, is taking a different approach to teens aged between 13 and 15 in order to comply with the European General Data Protection Regulation (GDPR) law. It is asking them to nominate a parent or guardian to give permission for them to share information on the platform, otherwise they will not see a fully personalized version of the social media platform. But WhatsApp, which had more than 1.5 billion users in January according to Facebook, said in a blog post it was not asking for any new rights to collect personal information in the agreement it has created for the European Union. WhatsApp's minimum age of use will remain 13 years in the rest of the world, in line with its parent.
Social Networks

Instagram Launches 'Data Download' Tool To Let You Leave (techcrunch.com) 15

An anonymous reader quotes a report from TechCrunch: Two weeks ago TechCrunch called on Instagram to build an equivalent to Facebook's "Download Your Information" feature so if you wanted to leave for another photo sharing network, you could. The next day it announced this tool would be coming and now TechCrunch has spotted it rolling out to users. Instagram's "Data Download" feature can be accessed here or through the app's privacy settings. It lets users export their photos, videos, archived Stories, profile, info, comments, and non-ephemeral messages, though it can take a few hours to days for your download to be ready. An Instagram spokesperson now confirms to TechCrunch that "the Data Download tool is currently accessible to everyone on the web, but access via iOS and Android is still rolling out." We'll have more details on exactly what's inside once my download is ready.
Facebook

Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com) 36

Cybercriminals have posted sensitive personal information, such as credit card and social security numbers, of dozens of people on Facebook and have advertised entire databases of private information on the social platform, Motherboard reports. Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them. From the report: As of Monday, there were several public posts on Facebook that advertised dozens of people's Social Security Numbers and other personal data. These weren't very hard to find. It was as easy as a simple Google search. Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as "public" on Facebook, meaning anyone can see them, not just the author's friends. Independent security researcher Justin Shafer alerted Motherboard to these posts Monday.
Facebook

Facebook Has Considered Profiling Its Users' Personalities and Using the Information To Target Ads (bbc.com) 59

An anonymous reader shares a report: A patent filed by the social network describes how personality characteristics, including emotional stability, could be determined from people's messages and status updates. The firm is currently embroiled in a privacy scandal over the use of its data by a political consultancy. Facebook says it has never used the personality test in its products. The patent, first filed in 2012, is in the names of Michael Nowak and Dean Eckles. Mr Nowak has worked for Facebook for 10 years, while Prof Eckles now teaches at the Massachusetts Institute of Technology. The patent has been updated twice, most recently in 2016. The BBC has seen emails from Mr Eckles and other Facebook staff to University of Cambridge psychologists in which they discuss analysis of data to infer personality traits, and talk of using such research to improve the product for users and advertisers.
Advertising

Facebook Sued Over Fake Ads (theguardian.com) 62

shilly writes: British finance expert Martin Lewis is suing Facebook for defamation, after a year of trying to persuade the company to stop accepting scam ads featuring his name and image. Facebook insists that he report to them every time he spots a scam; he wants them to check with him before they take money for an ad featuring his name or picture, so he can tell them if it's legit or not. "Lewis said he would not profit from any damages won, which he would donate to charities combating fraud, but that he hoped the action would prompt the site to stamp out scam adverts," reports The Guardian.
Google

Google Accused of Showing 'Total Contempt' for Android Users' Privacy (bleepingcomputer.com) 98

On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy."

"With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy."

Google

Who Has More of Your Personal Data Than Facebook? Try Google (wsj.com) 149

Facebook may be in the hot seat right now for its collection of personal data without our knowledge or explicit consent, but as The Wall Street Journal points out, "Google is a far bigger threat by many measures: the volume of information it gathers, the reach of its tracking and the time people spend on its sites and apps." From the report (alternative source): It's likely that Google has shadow profiles (data the company gathers on people without accounts) on as at least as many people as Facebook does, says Chandler Givens, CEO of TrackOff, which develops software to fight identity theft. Google allows everyone, whether they have a Google account or not, to opt out of its ad targeting, though, like Facebook, it continues to gather your data. Google Analytics is far and away the web's most dominant analytics platform. Used on the sites of about half of the biggest companies in the U.S., it has a total reach of 30 million to 50 million sites. Google Analytics tracks you whether or not you are logged in. Meanwhile, the billion-plus people who have Google accounts are tracked in even more ways. In 2016, Google changed its terms of service, allowing it to merge its massive trove of tracking and advertising data with the personally identifiable information from our Google accounts.

Google uses, among other things, our browsing and search history, apps we've installed, demographics like age and gender and, from its own analytics and other sources, where we've shopped in the real world. Google says it doesn't use information from "sensitive categories" such as race, religion, sexual orientation or health. Because it relies on cross-device tracking, it can spot logged-in users no matter which device they're on. Google fuels even more data harvesting through its dominant ad marketplaces. There are up to 4,000 data brokers in the U.S., and collectively they know everything about us we might otherwise prefer they didn't -- whether we're pregnant, divorced or trying to lose weight. Google works with some of these brokers directly but the company says it vets them to prevent targeting based on sensitive information. Google also is the biggest enabler of data harvesting, through the world's two billion active Android mobile devices.

Facebook

Silicon Valley Investors Wants to Fund a 'Good For Society' Facebook Replacement (calacanis.com) 215

Silicon Valley angel investor Jason Calacanis just announced the "Openbook Challenge," a competition to create a replacement for Facebook.

"Over the next three months, 20 finalists will compete for seven $100,000 incubator grants," explains long-time Slashdot reader reifman. "Their goal is to find startups with a sustainable business model e.g. subscriptions, reasonable advertising, cryptocurrency. etc. And they want it to be 'good for society.'"

Jason Calacanis writes: All community and social products on the internet have had their era, from AOL to MySpace, and typically they're not shut down by the government -- they're slowly replaced by better products. So, let's start the process of replacing Facebook... We already have two dozen quality teams cranking on projects and we hope to get to 100...

This is not an idea or business plan competition. We're looking for teams that can actually build a better social network, and we'll be judging teams primarily based upon their ability to execute... Keep in mind, that while ideas really matter, Zuckerberg has shown us, execution matters more.

Calacanis has even created a discussion group for the competition...on Facebook. And his announcement includes a famous quote from Mark Zuckerberg.

"Don't be too proud to copy."
Facebook

NYT: Lynchings Around the World are Linked To Facebook Posts (bostonglobe.com) 171

An anonymous reader quotes the New York Times: Riots and lynchings around the world have been linked to misinformation and hate speech on Facebook, which pushes whatever content keeps users on the site longest -- a potentially damaging practice in countries with weak institutions and histories of social instability. Time and again, communal hatreds overrun the newsfeed unchecked as local media are displaced by Facebook and governments find themselves with little leverage over the company. Some users, energized by hate speech and misinformation, plot real-world attacks.

A reconstruction of Sri Lanka's descent into violence, based on interviews with officials, victims and ordinary users caught up in online anger, found that Facebook's newsfeed played a central role in nearly every step from rumor to killing. Facebook officials, they say, ignored repeated warnings of the potential for violence, resisting pressure to hire moderators or establish emergency points of contact... Sri Lankans say they see little evidence of change. And in other countries, as Facebook expands, analysts and activists worry they, too, may see violence.

A Facebook spokeswoman countered that "we remove such content as soon as we're made aware of it," and said they're now trying to expand those teams and investing in "technology and local language expertise to help us swiftly remove hate content." But one anti-hate group told the Times that Facebook's reporting tools are too slow and ineffective.

"Though they and government officials had repeatedly asked Facebook to establish direct lines, the company had insisted this tool would be sufficient, they said. But nearly every report got the same response: the content did not violate Facebook's standards."
Facebook

Facebook Starts Its Facial Recognition Push To Europeans (techcrunch.com) 42

An anonymous reader quotes a report from TechCrunch: Jimmy Nsubuga, a journalist at Metro, is among several European Facebook users who have reported getting notifications asking if they want to turn on face recognition technology. Facebook has previously said an opt-in option would be pushed out to all European users, and also globally, as part of changes to its T&Cs and consent flow. In Europe, the company is hoping to convince users to voluntarily allow it to deploy the privacy-hostile tech -- which was turned off in the bloc after regulatory pressure, back in 2012, when Facebook began using facial recognition to offer features such as automatically tagging users in photo uploads. But under impending changes to its T&Cs -- ostensibly to comply with the EU's incoming GDPR data protection standard -- the company has crafted a manipulative consent flow that tries to sell people on giving it their data; including filling in its own facial recognition blanks by convincing Europeans to agree to it grabbing and using their biometric data after all. Users who choose not to switch on facial recognition still have to click through a "continue" screen before they get to the off switch. On this screen Facebook attempts to convince them to turn it on -- using manipulative examples of how the tech can "protect" them.
The Internet

The 'Terms and Conditions' Reckoning Is Coming (bloomberg.com) 129

Everyone from Uber to PayPal is facing a backlash against their impenetrable legalese. From a report: Personal finance forums online are brimming with complaints from hundreds of PayPal customers who say they've been suspended because they signed up before age 18. PayPal declined to comment on any specific cases, but says it's appropriate to close accounts created by underage people "to ensure our customers have full legal capacity to accept our user agreement." While that may seem "heavy-handed," says Sarah Kenshall, a technology attorney with law firm Burges Salmon, the company is within its rights because the users clicked to agree to the rules -- however difficult the language might be to understand.

Websites have long required users to plow through pages of dense legalese to use their services, knowing that few ever give the documents more than a cursory glance. In 2005 security-software provider PC Pitstop LLC promised a $1,000 prize to the first user to spot the offer deep in its terms and conditions; it took four months before the reward was claimed. The incomprehensibility of user agreements is poised to change as tech giants such as Uber Technologies and Facebook confront pushback for mishandling user information, and the European Union prepares to implement new privacy rules called the General Data Protection Regulation, or GDPR. The measure underscores "the requirement for clear and plain language when explaining consent," British Information Commissioner Elizabeth Denham wrote on her blog last year.

Facebook

Audit Approved of Facebook Policies, Even After Cambridge Analytica Leak (nytimes.com) 73

Nicholas Confessore reports via The New York Times: An auditing firm responsible for monitoring Facebook for federal regulators told them last year that the company had sufficient privacy protections in place, even after the social media giant lost control of a huge trove of user data that was improperly obtained by the political consulting firm Cambridge Analytica. The assertion, by PwC, came in a report submitted to the Federal Trade Commission in early 2017. The report, a redacted copy of which is available on the commission's website, is one of several periodic reviews of Facebook's compliance with a 2011 federal consent decree, which required Facebook to take wide-ranging steps to prevent the abuse of users' information and to inform them how it was being shared with other companies. The accounting firm, formerly known as PricewaterhouseCoopers, effectively gave Facebook a clean bill of health. "Facebook's privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy" of users, said the assessment, which stretched from February 2015 to February 2017. But during that period, Facebook was aware that a researcher based in Britain, Aleksandr Kogan, had provided Cambridge Analytica with private Facebook data from millions of users.
Technology

'Increasingly, People in Silicon Valley Are Losing Touch With Reality' (500ish.com) 458

Longtime commentator MG Siegler writes: You can see it in the tweets. You can hear it at tech conferences. Hell, you can hear it at most cafes in San Francisco on any given day. People -- really smart people -- saying some of the most vacuous things. Words that if they were able to take a step outside of their own heads and hear, they'd be embarrassed by. Or, at least, these are stances, thoughts, and ideas that these people should be embarrassed by. But they're clearly not because they keep saying them. This isn't only about Facebook -- far from it. That's just the most high profile and timely example of a company suffering from some of this. And in that case, it's really more in their responses to the Cambridge Analytica situation, rather than the situation itself (which is another matter, though undoubtedly related). They don't know the right things to say because they don't know what to say, period. Because they've slipped out of touch.

But again, I feel like this is increasingly everywhere I look around tech. It's an industry filled with some of the most brilliant people in the world, which makes it all the more disappointing. I won't name names but also because I don't have to. I'd wager everyone reading this will have clear and obvious examples of what I'm talking about in their own circles -- even if only in their own virtual circles. This is everywhere. I don't know the cause of this. Perhaps we can blame part of it on Trump, even if only indirectly (a man who has gotten ahead in life by saying asinine things). If I had to guess, I'd say the root is an increasing sense of entitlement as the tech industry has grown in stature to become the most important from a fiscal perspective and arguably from a cultural perspective as well.

EU

Facebook To Put 1.5 Billion Users Out of Reach of New EU Privacy Law (reuters.com) 95

An anonymous reader quotes a report from Facebook: If a new European law restricting what companies can do with people's online data went into effect tomorrow, almost 1.9 billion Facebook users around the world would be protected by it. The online social network is making changes that ensure the number will be much smaller. Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company's international headquarters in Ireland. Next month, Facebook is planning to make that the case for only European users, meaning 1.5 billion members in Africa, Asia, Australia and Latin America will not fall under the European Union's General Data Protection Regulation (GDPR), which takes effect on May 25. That removes a huge potential liability for Facebook, as the new EU law allows for fines of up to 4 percent of global annual revenue for infractions, which in Facebook's case could mean billions of dollars.
Facebook

'Login With Facebook' Data Hijacked By JavaScript Trackers (techcrunch.com) 91

An anonymous reader quotes a report from TechCrunch: Facebook confirms to TechCrunch that it's investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user's data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data. The abusive scripts were found on 434 of the top 1 million websites including freelancer site Fiverr.com, camera seller B&H Photo And Video, and cloud database provider MongoDB. That's according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton's Center For Information Technology Policy.
Facebook

Facebook To Design Its Own Processors For Hardware Devices, AI Software, and Servers (bloomberg.com) 56

Facebook is the latest technology company to design its own semiconductors, reports Bloomberg. "The social media company is seeking to hire a manager to build an 'end-to-end SoC/ASIC, firmware and driver development organization,' according to a job listing on its corporate website, indicating the effort is still in its early stages." From the report: Facebook could use such chips to power hardware devices, artificial intelligence software and servers in its data centers. Next month, the company will launch the Oculus Go, a $200 standalone virtual-reality headset that runs on a Qualcomm processor. Facebook is also working on a slew of smart speakers. Future generations of those devices could be improved by custom chipsets. By using its own processors, the company would have finer control over product development and would be able to better tune its software and hardware together. The postings didn't make it clear what kind of use Facebook wants to put the chips to other than the broad umbrella of artificial intelligence. A job listing references "expertise to build custom solutions targeted at multiple verticals including AI/ML," indicating that the chip work could focus on a processor for artificial intelligence tasks. Facebook AI researcher Yann LeCun tweeted about some of the job postings on Wednesday, asking for candidates interested in designing chips for AI.
Privacy

Richard Stallman On Facebook's Privacy Scandal: We Need a Law. There's No Reason We Should Let Them Exist if the Price is Knowing Everything About Us (nymag.com) 366

From a wide-ranging interview of Richard Stallman by New York Magazine: New York Magazine: Why do you think these companies feel justified in collecting that data?

Richard Stallman: Oh, well, I think you can trace it to the general plutocratic neoliberal ideology that has controlled the U.S. for more than two decades. A study established that since 1998 or so, the public opinion in general has no influence on political decisions. They're controlled by the desires of the rich and of special interests connected with whatever issue it is. So the companies that wanted to collect data about people could take advantage of this general misguided ideology to get away with whatever they might have wanted to do. Which happened to be collecting data about people. But I think they shouldn't be allowed to collect data about people.

We need a law. Fuck them -- there's no reason we should let them exist if the price is knowing everything about us. Let them disappear. They're not important -- our human rights are important. No company is so important that its existence justifies setting up a police state. And a police state is what we're heading toward. Most non-free software has malicious functionalities. And they include spying on people, restricting people -- that's called digital restrictions management, back doors, censorship.

Empirically, basically, if a program is not free software, it probably has one of these malicious functionalities. So imagine a driverless car, controlled of course by software, and it will probably be proprietary software, meaning not-free software, not controlled by the users but rather by the company that makes the car, or some other company. Well imagine if that has a back door, which enables somebody to send a command saying, "Ignore what the passenger said, and go there." Imagine what that would do. You can be quite sure that China will use that functionality to drive people toward the places they're going to be disappeared or punished. But can you be sure that the U.S. won't?

Security

Data Firm Leaks 48 Million User Profiles it Scraped From Facebook, LinkedIn, Others (zdnet.com) 56

Zack Whittaker, reporting for ZDNet: A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others -- without the users' knowledge or consent. Localblox, a Bellevue, Wash.-based firm, says it "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks." Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles.

But earlier this year, the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents. The bucket, labeled "lbdumps," contained a file that unpacked to a single file over 1.2 terabytes in size. The file listed 48 million individual records, scraped from public profiles, consolidated, then stitched together.

Bitcoin

Cambridge Analytica Planned To Launch Its Own Cryptocurrency (theverge.com) 60

Cambridge Analytica, the data analytics firm that harvested millions of Facebook profiles of U.S. voters, attempted to develop its own cryptocurrency this past year and intended to raise funds through an initial coin offering. The digital coin would have helped people store online personal data and even sell it, former Cambridge Analytica employee Brittany Kaiser told The New York Times. The Verge reports: Cambridge Analytica, which obtained the data of 87 million Facebook users, was hoping to raise as much as $30 million through the venture, anonymous sources told Reuters. Cambridge Analytica confirmed to Reuters that it had previously explored blockchain technology, but did not confirm the coin offering and didn't say whether efforts are still underway. The company also reportedly attempted to promote another digital currency behind the scenes. It arranged for potential investors to take a vacation trip to Macau in support of Dragon Coin, a cryptocurrency aimed at casino players. Dragon Coin has been supported by a Macau gangster Wan Kuok-koi, nicknamed Broken Tooth, according to documents obtained by the Times. Cambridge Analytica started working on its own initial coin offering mid-2017 and the initiative was overseen in part by CEO Alexander Nix and former employee Brittany Kaiser. The company's plans to launch an ICO were still in the early stages when Nix was suspended last month and the Facebook data leak started to gain public attention.
Facebook

Facebook Admits To Tracking Users, Non-Users Off-Site (theguardian.com) 147

Facebook said in a blog post yesterday that they tracked users and non-users across websites and apps for three main reasons: providing services directly, securing the company's own site, and "improving our products and services." The statement comes as the company faces a U.S. lawsuit over a controversial facial recognition feature launched in 2011. The Guardian reports: "When you visit a site or app that uses our services, we receive information even if you're logged out or don't have a Facebook account. This is because other apps and sites don't know who is using Facebook," Facebook's product management director, David Baser, wrote. "Whether it's information from apps and websites, or information you share with other people on Facebook, we want to put you in control -- and be transparent about what information Facebook has and how it is used."

But the company's transparency has still not extended to telling non-users what it knows about them -- an issue Zuckerberg also faced questions over from Congress. Asked by Texas representative Gene Green whether all information Facebook holds about a user is in the file the company offers as part of its "download your data" feature, Zuckerberg had responded he believed that to be the case. Privacy campaigner Paul-Olivier Dehaye disagreed, noting that, even as a Facebook user, he had been unable to access personal data collected through the company's off-site tracking systems. Following an official subject access request under EU law, he told MPs last month, Facebook had responded that it was unable to provide the information.

Slashdot Top Deals