Some things you take for granted, like the fact that in Star Trek, there’s a computer that’s always listening, always observing, always standing by cataloging data. Who owns that data? Where’s it stored? Who determines how it’s used? Who knows. The shows chose to slide by those questions and focus on others. The holodeck was creepy because, whoops, maybe you’d get trapped, or addicted, or its fictional denizens might inexplicably come to life, not because the computer was collating and archiving everything you did, whether hiking a simulation of the Appalachian trail or indulging some crazy erotic fantasy.
Microsoft’s Xbox One won’t surround you with holographic fir trees, azaleas and mountain laurels, nor, as far as I know, will it dish out interactive porn. But it is going to be listening — and capturing data, and transmitting that data back to Microsoft — in ways no device in your household has ever listened to or observed you before.
When Stan Lee wrote “With great power comes great responsibility” in Amazing Fantasy #15 back in 1962, he packed a longstanding philosophical notion into six culturally resonant words. Those words couldn’t be more relevant today, with our lives awash in cloud-connected technology, generating and beaming back mountains of abstractly defined information that’s quietly sifted by complex machine algorithms and pored over by corporations in search of new ways to further secure footholds in our future lives.
So with Xbox One, which promises to streamline how we interact with TV, movies, music and games by introducing always-on, always-connected digital ears and eyes to our living rooms, I’d argue the burden on Microsoft to safeguard our privacy (and articulate that in a meaningful, non-pandering way) just shot through the roof.
Run a Google search on “Skype encryption,” and chances are the first hit you’ll get is a link to Skype’s encryption assurance.
That’s the one that says this:
All Skype-to-Skype voice, video, and instant message conversations are encrypted. This protects you from potential eavesdropping by malicious users.
It certainly sounds like your Skype communications are safe from prying eyes and ears, doesn’t it?
Well, maybe not, actually.
According to Dan Goodin of Ars Technica, the Microsoft-owned Skype “regularly scans message contents for signs of fraud, and company managers may log the results indefinitely. … And this can only happen if Microsoft can convert the messages into human-readable form at will.”
The data generated from our online activity is worth a lot to companies like Facebook and Google, but individual Web surfers don’t get paid for it. Federico Zannier doesn’t think that makes a lot of sense, so about a week ago he started offering access to his own browsing activity for $2 a day.
The Brooklyn resident launched a Kickstarter project on May 5 with a simple proposal. Zannier says he is willing to “give away a lifelong, international, sub-licensable right to use [his] personal data” as part of an experiment to see if there might be a market for such data sold by the individual Internet users who actually generate it.
“In 2012, advertising revenue in the United States was around $30 billion. That same year, I made exactly $0 from my own data. But what if I tracked everything myself? Could I at least make a couple bucks back?” Zannier asks on his Kickstarter page.
Dubbed “A Bit(e) of Me,” the project had raised $1,185 from 103 backers as of Monday afternoon. The minimum pledge for the project is $1 and it’s scheduled to end its initial Kickstarter funding on June 5.
The next time you’re thinking about buying a new smartphone, there’s one more spec you might want to consider. If the FBI or the IRS wants to read your texts, will Apple hand them over? Would it require the feds to get a warrant first? And would it even bother to let you know that federal agents made the request in the first place?
If you’re looking at a shiny new iPhone, the answers are not comforting.
The Electronic Frontier Foundation’s latest digital privacy report, Who’s Got Your Back?, awards Apple its secondthe Electronic Frontier Foundation gives Apple a paltry one out of six stars. While Apple got credit for supporting efforts to defend users by modernizing electronic privacy laws, its apparent willingness to hand over your personal information to the government without a warrant and its failure to tell its users how it handles such requests put it in the dock.
As you’ve probably heard by now, Facebook rolled out its new News Feed yesterday, which changed some of the functional navigation of users’ pages, including access to privacy settings. You can click here if you want to get on the waiting list.
In old News Feed layout, privacy settings were located in the upper right hand corner of the window. However, with the new look, users can find them in the menu in the left hand corner of the screen, represented by a lock logo next to the user’s name. Since Facebook is now rolling out its Graph Search feature, a search engine within the site that will be able to find users based on things like tags and status content, there’s no better time than now to adjust your privacy settings if you haven’t already done so.
Facebook is the latest company to reveal that it was the victim of hackers, but the company said users’ personal information was not compromised by the breach.
In a Friday blog post, the social network said its security team last month discovered that Facebook’s systems were “targeted in a sophisticated attack.”
“This attack occurred when a handful of employees visited a mobile developer website that was compromised,” Facebook said.
The website in question was hosting an exploit that installed malware on the computer of anyone who visited it. Facebook said the infected laptops were running updated versions of anti-virus software, and “as soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.”
Ultimately, Facebook has found no evidence that any Facebook user data was compromised by the malware.
The bug was uncovered when the Facebook Security team flagged a suspicious domain in its corporate DNS logs and tracked it back to an employee computer. An examination of the laptop revealed the malicious file, prompting a wider search - and the discovery of more malware.
The file in question used a zero-day exploit that bypassed the Java sandbox to install the malware. “We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability,” Facebook said.
Facebook said other, unnamed companies were also hit by this attack. “We immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected,” the firm said. “We plan to continue collaborating on this incident through an informal working group and other means.”
Facebook did not name which other companies were hit, but earlier this month, Twitter said that it detected “unusual access patterns” on its network, which indicated that attackers might have accessed the user data of approximately 250,000 users.
MoneySavingExpert.com is today warning O2 mobile users to beware making calls to financial service firms, or revealing any other private details, as you could be overheard due to a crossed lines glitch.
We’ve received a significant number of complaints about this blunder, where one person has been connected to an ongoing conversation in error. They can listen to the call, but can’t be heard.
The real danger is many will have no idea they are being overheard. The complaints we’ve had are only from those who have overheard other people’s conversations.
When this story was first published at 2pm, O2 said it was aware of the issue and engineers had been “working on it”, but released no further details.
At 2.40pm it called to say the problem had been fixed at 6.15pm last night. But we’ve heard reports of problems since then.
Around 250,000 people have had their passwords reset after ‘sophisticated’ hackers broke into Twitter’s database and may have stolen emails and encrypted passwords. Here’s a guide on what you need to know.
Q: how can I find out if I have been affected?
Go to a web browser, go to twitter.com, and try to log in with your usual password. If you can’t log in – it will say there’s a problem with your username or password – then you’ve been affected.
(Deletion because Paul Lomax points out that web access will have been revoked if you were affected. See below.)
Q: I can’t check that just now. Am I likely to have been affected?
Only if you joined Twitter roughly in the first half of 2007. At that time it had a few million users. People (including myself) who joined in May 2007 have been affected. If you can’t remember when you joined Twitter, you can find out your “Twitter birthday” for yourself or any other user (it’s not private data).
Most people joined well after mid-2007, so on that basis you’re unlikely to have been affected.
Q: I can’t see an email from Twitter, and I can still post from Tweetdeck and other third-party clients – I haven’t tried the website. This means I’m OK, doesn’t it?
Not necessarily. The email from Twitter may have been filtered into your spam folder (users of Google’s Gmail should specifically look in their Spam folder; a search in the Gmail function won’t look at spam messages – and Twitter’s reset message to a Gmail account I use was filtered as spam.
The reason why third-party clients will still let you tweet is that Twitter doesn’t let them use your password. Instead, it uses “tokens” which are issued to the third-party programs, and authorise them to send tweets to Twitter’s database for redistribution to followers. The tokens weren’t revoked as part of the password reset; doing that would have meant that you’d have had to re-authorise all your apps, and for some apps Twitter has only made a limited number of tokens available. So that would have hurt both users and app developers.
Using Storify, a free service that lets users collect, curate, and share social media content, it’s easy to repost private Facebook posts for anyone to see.
Storify’s tools for collecting Facebook posts to share in a Storify story don’t make it clear whether or not the Facebook content users are seeing is set to private, potentially leading to accidental privacy breaches — AGBeat reported on one such instance earlier this week.
The Storify post includes the user’s photo, a link to their Facebook account, and the timestamp of the post. Since Storify is not accessing data through Facebook’s API, any posts that users can see, even those in private groups, can be tagged and copied to Storify and publicly posted back on Facebook — and Facebook users can’t block their content from being shared on Storify.
“The behavior appears to result from Storify users utilizing a browser extension that essentially cuts and pastes content available to that user to the Storify site,” a Facebook spokesperson told Buzzfeed. “This is not a result of the Storify application for Facebook.”
Storify users can’t repost tweets by private accounts on Twitter. If users try to pull information from a private Twitter account the screen automatically goes black, which Storify co-founder Burt Herman says is only due to the way they use the Twitter API. “It is almost a bug in the system,” says Herman.
The potential for private or semi-private Facebook posts to be publicly spread recalls an incident in December when Facebook founder Mark Zuckerberg’s sister, Randi, was shocked to find a photo she had posted on Facebook for a small audience found its way to Twitter.
“Anytime you share something with someone else you are trusting that person in how they use it,” says Herman. “Just because we make it a little easier than copy and paste doesn’t mean you should do it just because you can. There are human etiquette conventions that people need to keep in mind.”
Remember when Facebook tested a payment system that allowed you to send a message to Mark’s inbox for $100 last week? What if I told you that you could do it for free?
Thanks everyone! This post is currently #1 on Hacker News!
The catch with Facebook’s messaging system is that when you send a message to a contact that’s not in your friend-list, it will go to their ‘Other’ folder instead of their inbox. That’s a good thing, because it prevents you from getting spammed. The not-so-good-thing is that Facebook is testing if people would pay for their messages to get prioritized.
Some days ago I noticed that there’s a little hack that allows you to bypass the automatic message filtering and directly send a message to another’s inbox, even if they set their filtering to ‘strict’. It works by using the ‘Report’ feature.
The first step is to go to their profile and click on ‘Report/Block…’.