Wylie: It’s possible that the Facebook app is listening to you

During an appearance before a committee of U.K. lawmakers today, Cambridge Analytica whistleblower Christopher Wylie breathed new life into longstanding rumors that the Facebook app listens to its users in order to target advertisements.Damian Collins, a member of parliament who chaired the committee, asked whether the Facebook app might listen to what users are discussing and use it to prioritize certain ads.

But, Wylie said in a meandering reply, it’s possible that Facebook and other smartphone apps are listening in for reasons other than speech recognition. Specifically, he said, they might be trying to ascertain what type of environment a user is in in order to “improve the contextual value of the advertising itself.”

“There’s audio that could be useful just in terms of, are you in an office environment, are you outside, are you watching TV, what are you doing right now?” Wylie said, without elaborating on how that information could help target ads.

Facebook has long denied that its app analyzes audio in order to customize ads. But users have often reported mentioning a product that they’ve never expressed an interest in online — and then being inundated with online ads for it. Reddit users, in particular, spend time collecting what they purport to be evidence that Facebook is listening to users in a particular way, such as “micro-samples” of a few seconds rather than full-on continuous natural language processing.

Source: Wylie: It’s possible that the Facebook app is listening to you | The Outline

The channel 4 video exposes on Cambridge Analytica, Aggregate IQ, losing data, electioneering in Brexit, the US, Kenya, Nigeria and many more all here

Data, Democracy and Dirty Tricks playlist

Dutch government pretends to think about referendum result against big brother unlimited surveillance, ignores it completely.

Basically not only will they allow a huge amount of different agencies to tap your internet and phone and store it without any judicary procedures, checks or balances, they will also allow these agencies to share the data with whoever they want, including foreign agencies. Surprisingly the Dutch people voted against these far reaching breaches of privacy, so the government said they thought about it and would edit the law in six tiny places which completely miss the point and the problems people have with their privacy being destroyed.

Source: Kabinet scherpt Wet op de inlichtingen- en veiligheidsdiensten 2017 aan | Nieuwsbericht | Defensie.nl

Trustwave Global IT Security Report Summarised

Hackers have moved away from simple point-of-sale (POS) terminal attacks to more refined assaults on corporations’ head offices.

An annual report from security firm Trustwave out today highlighted increased sophistication of web app hacking and social engineering tactics on the part of miscreants.

Half of the incidents investigated involved corporate and internal networks (up from 43 per cent in 2016) followed by e-commerce environments at 30 per cent. Incidents affecting POS systems decreased by more than a third to 20 per cent of the total. This is reflective of increased attack sophistication, honing in on larger service providers and franchise head offices and less on smaller high-volume targets in previous years.

In corporate network environments, phishing and social engineering at 55 per cent was the leading method of compromise followed by malicious insiders at 13 per cent and remote access at 9 per cent. “CEO fraud”, a social engineering scam encouraging executives to authorise fraudulent money transactions, continues to increase, Trustwave added.

Targeted web attacks are becoming prevalent and much more sophisticated. Many breach incidents show signs of careful planning by cybercriminals probing for weak packages and tools to exploit. Cross-site scripting (XSS) was involved in 40 per cent of attack attempts, followed by SQL Injection (SQLi) at 24 per cent, Path Traversal at 7 per cent, Local File Inclusion (LFI) at 4 per cent, and Distributed Denial of Service (DDoS) at 3 per cent.

Last year also witnessed a marked increase, up 9.5 per cent, in compromises at businesses that deliver IT services including web-hosting providers, POS integrators and help-desk providers. A breach of just one provider opens the gates to a multitude of new targets. In 2016 service provider compromises did not even register in the statistics.

Although down from the previous year, payment card data at 40 per cent still reigns supreme in terms of data types targeted in a breach. Surprisingly, incidents targeting hard cash was on the rise at 11 per cent mostly due to fraudulent ATM transaction breaches enabled by compromise of account management systems at financial institutions.

North America still led in data breaches investigated by Trustwave at 43 per cent followed by the Asia Pacific region at 30 per cent, Europe, Middle East and Africa (EMEA) at 23 per cent and Latin America at 4 per cent. The retail sector suffered the most breach incidences at 16.7 per cent followed by the finance and insurance industry at 13.1 per cent and hospitality at 11.9 per cent.

Trustwave gathered and analysed real-world data from hundreds of breach investigations the company conducted in 2017 across 21 countries. This data was added to billions of security and compliance events logged each day across the global network of Trustwave operations centres, along with data from tens of millions of network vulnerability scans, thousands of web application security scans, tens of millions of web transactions, penetration tests and more.

All the web applications tested displayed at least one vulnerability with 11 as the median number detected per application. The majority (85.9 per cent) of web application vulnerabilities involved session management allowing an attacker to eavesdrop on a user session to seize sensitive information.

Source: Gosh, these ‘hacker’ nerds are only getting more sophisticated • The Register

Facebook Blames a ‘Bug’ for Not Deleting Your Seemingly Deleted Videos

Did you ever record a video on Facebook to post directly to your friend’s wall, only to discard the take and film a new version? You may have thought those embarrassing draft versions were deleted, but Facebook kept a copy. The company is blaming it on a “bug” and swears that it’s going to delete those discarded videos now. They pinkie promise this time.

Last week, New York’s Select All broke the story that social network was keeping the seemingly deleted old videos. The continued existence of the draft videos was discovered when several users downloaded their personal Facebook archives—and found numerous videos they never published. Today, Select All got a statement from Facebook blaming the whole thing on a “bug.” From Facebook via New York:

We investigated a report that some people were seeing their old draft videos when they accessed their information from our Download Your Information tool. We discovered a bug that prevented draft videos from being deleted. We are deleting them and apologize for the inconvenience. We appreciate New York Magazine for bringing the issue to our attention.

It was revealed last month that the data-harvesting firm (and apparent bribery consultants) Cambridge Analytica had acquired the information of about 50 million Facebook users and abused that data to help President Trump get elected. Specifically, the company was exploiting the anger of voters through highly-targeted advertising. And in the wake of the ensuing scandal, people have been learning all kinds of crazy things about Facebook.

Facebook users have been downloading some of the data that the social media behemoth keeps on them and it’s not pretty. For example, Facebook has kept detailed call logs from users with Android phones. The company says that Android users had to opt-in for the feature, but that’s a bullshit cop-out when you take a look at what the screen for “opting in” actually looks like.

Source: Facebook Blames a ‘Bug’ for Not Deleting Your Seemingly Deleted Videos

T-Mobile Austria stores passwords as plain text

A customer was questioning if rumors that T-Mobile Austria was storing customer passwords in plain text, leaving the credentials like sitting ducks for hackers. Whoever was manning T-Mobile Austria’s Twitter account confirmed that this was the case, but that there was no need to worry because “our security is amazingly good.”

That line is going to bite T-Mobile Austria in the backside, if or when they next get hacked. To be fair, it’s late at night in Europe and the Twitter account was probably being handled by an overworked social media worker, but it’s not a good look. Especially when people started digging further and found various security shortcomings. The whole thread is a mind job.

But that doesn’t excuse the plain-text password storage.

Source: T-Mobile Austria stores passwords as plain text, Outlook gets message crypto, and more • The Register

‘Big Brother’ in India Requires Fingerprint Scans for Food, Phones and Finances

NEW DELHI — Seeking to build an identification system of unprecedented scope, India is scanning the fingerprints, eyes and faces of its 1.3 billion residents and connecting the data to everything from welfare benefits to mobile phones.

Civil libertarians are horrified, viewing the program, called Aadhaar, as Orwell’s Big Brother brought to life. To the government, it’s more like “big brother,” a term of endearment used by many Indians to address a stranger when asking for help.

For other countries, the technology could provide a model for how to track their residents. And for India’s top court, the ID system presents unique legal issues that will define what the constitutional right to privacy means in the digital age.

To Adita Jha, Aadhaar was simply a hassle. The 30-year-old environmental consultant in Delhi waited in line three times to sit in front of a computer that photographed her face, captured her fingerprints and snapped images of her irises. Three times, the data failed to upload. The fourth attempt finally worked, and she has now been added to the 1.1 billion Indians already included in the program.

[…]

The poor must scan their fingerprints at the ration shop to get their government allocations of rice. Retirees must do the same to get their pensions. Middle-school students cannot enter the water department’s annual painting contest until they submit their identification.

In some cities, newborns cannot leave the hospital until their parents sign them up. Even leprosy patients, whose illness damages their fingers and eyes, have been told they must pass fingerprint or iris scans to get their benefits.

The Modi government has also ordered Indians to link their IDs to their cellphone and bank accounts. States have added their own twists, like using the data to map where people live. Some employers use the ID for background checks on job applicants.

[…]

Although the system’s core fingerprint, iris and face database appears to have remained secure, at least 210 government websites have leaked other personal data — such as name, birth date, address, parents’ names, bank account number and Aadhaar number — for millions of Indians. Some of that data is still available with a simple Google search.

As Aadhaar has become mandatory for government benefits, parts of rural India have struggled with the internet connections necessary to make Aadhaar work. After a lifetime of manual labor, many Indians also have no readable prints, making authentication difficult. One recent study found that 20 percent of the households in Jharkand state had failed to get their food rations under Aadhaar-based verification — five times the failure rate of ration cards.

Source: ‘Big Brother’ in India Requires Fingerprint Scans for Food, Phones and Finances – The New York Times

NUC, NUC! Who’s there? Intel, warning you to kill a buggy keyboard app

Intel has made much of its NUC and Compute Stick mini-PCs as a way to place computers to out-of-the-way places like digital signage.

Such locations aren’t the kind of spots where keyboards and pointing devices can be found, so Intel sweetened the deal by giving the world an Android and iOS app called the “Intel Remote Keyboard” to let you mimic a keyboard and mouse from afar.

But now Chipzilla’s canned the app.

The reason is three nasty bugs that let attackers “inject keystrokes as a local user”, “inject keystrokes into another remote keyboard session” and “execute arbitrary code as a privileged user.” The bugs are CVE-2018-3641, CVE-2018-3645 and CVE-2018-3638 respectively.

Rather than patch the app, Intel’s killed it and “recommends that users of the Intel® Remote Keyboard uninstall it at their earliest convenience.”

The app’s already gone from the Play and App Stores (but Google’s cached pages about it for Android and iOS in case you fancy a look).

The Android version of the app’s been downloaded at least 500,000 times, so this is going to inconvenience plenty of people … at least until they get RDP working on Windows boxes and VNC running under Linux. The greater impact may be on Intel’s reputation for security, which has already taken a belting thanks to the Meltdown/Spectre mess.

Source: NUC, NUC! Who’s there? Intel, warning you to kill a buggy keyboard app • The Register

Center Of The Milky Way Has Thousands Of Black Holes, Study Shows

The supermassive black hole lurking at the center of our galaxy appears to have a lot of company, according to a new study that suggests the monster is surrounded by about 10,000 other black holes.

For decades, scientists have thought that black holes should sink to the center of galaxies and accumulate there, says Chuck Hailey, an astrophysicist at Columbia University. But scientists had no proof that these exotic objects had actually gathered together in the center of the Milky Way.

“This is just kind of astonishing that you could have a prediction for such a large number of objects and not find any evidence for them,” Hailey says.

He and his colleagues recently went hunting for black holes, using observations of the galactic center made by a NASA telescope called the Chandra X-ray Observatory.

Isolated black holes are almost impossible to detect, but black holes that have a companion — an orbiting star — interact with that star in ways that allow the pair to be spotted by telltale X-ray emissions. The team searched for those signals in a region stretching about three light-years out from our galaxy’s central supermassive black hole.

“So we’re looking at the very, very, very center of our galaxy. It’s a place that’s filled with a huge amount of gas and dust, and it’s jammed with a huge number of stars,” Hailey says.

What they found there: a dozen black holes paired up with stars, according to a report in the journal Nature.

Finding so many in such a small region is significant, because until now scientists have found evidence of only about five dozen black holes throughout the entire galaxy, says Hailey, who points out that our galaxy is 100,000 light-years across. (For reference, one light-year is just under 5.88 trillion miles.)

What’s more, the very center of our galaxy surely has far more than these dozen black holes that were just detected. The researchers used what’s known about black holes to extrapolate from what they saw to what they couldn’t see. Their calculations show that there must be several hundred more black holes paired with stars in the galactic center, and about 10,000 isolated black holes.

“I think this is a really intriguing result,” says Fiona Harrison, an astrophysicist at Caltech. She cautions that there are a lot of uncertainties and the team has found just a small number of X-ray sources, “but they have the right distribution and the right characteristics to be a tracer of this otherwise completely hidden population.”

Source: Center Of The Milky Way Has Thousands Of Black Holes, Study Shows : The Two-Way : NPR

Berkeley Lab Scientists Print All-Liquid 3-D Structures

Scientists from the Department of Energy’s Lawrence Berkeley National Laboratory (Berkeley Lab) have developed a way to print 3-D structures composed entirely of liquids. Using a modified 3-D printer, they injected threads of water into silicone oil — sculpting tubes made of one liquid within another liquid.

They envision their all-liquid material could be used to construct liquid electronics that power flexible, stretchable devices. The scientists also foresee chemically tuning the tubes and flowing molecules through them, leading to new ways to separate molecules or precisely deliver nanoscale building blocks to under-construction compounds.

The researchers have printed threads of water between 10 microns and 1 millimeter in diameter, and in a variety of spiraling and branching shapes up to several meters in length. What’s more, the material can conform to its surroundings and repeatedly change shape.

“It’s a new class of material that can reconfigure itself, and it has the potential to be customized into liquid reaction vessels for many uses, from chemical synthesis to ion transport to catalysis,” said Tom Russell, a visiting faculty scientist in Berkeley Lab’s Materials Sciences Division. He developed the material with Joe Forth, a postdoctoral researcher in the Materials Sciences Division, as well as other scientists from Berkeley Lab and several other institutions. They report their research March 24 in the journal Advanced Materials.

The material owes its origins to two advances: learning how to create liquid tubes inside another liquid, and then automating the process.

These schematics show the printing of water in oil using a nanoparticle supersoap. Gold nanoparticles in the water combine with polymer ligands in the oil to form an elastic film (nanoparticle supersoap) at the interface, locking the structure in place. (Credit: Berkeley Lab)

For the first step, the scientists developed a way to sheathe tubes of water in a special nanoparticle-derived surfactant that locks the water in place. The surfactant, essentially soap, prevents the tubes from breaking up into droplets. Their surfactant is so good at its job, the scientists call it a nanoparticle supersoap.

The supersoap was achieved by dispersing gold nanoparticles into water and polymer ligands into oil. The gold nanoparticles and polymer ligands want to attach to each other, but they also want to remain in their respective water and oil mediums. The ligands were developed with help from Brett Helms at the Molecular Foundry, a DOE Office of Science User Facility located at Berkeley Lab.

In practice, soon after the water is injected into the oil, dozens of ligands in the oil attach to individual nanoparticles in the water, forming a nanoparticle supersoap. These supersoaps jam together and vitrify, like glass, which stabilizes the interface between oil and water and locks the liquid structures in position.

This stability means we can stretch water into a tube, and it remains a tube. Or we can shape water into an ellipsoid, and it remains an ellipsoid,” said Russell. “We’ve used these nanoparticle supersoaps to print tubes of water that last for several months.”

Next came automation. Forth modified an off-the-shelf 3-D printer by removing the components designed to print plastic and replacing them with a syringe pump and needle that extrudes liquid. He then programmed the printer to insert the needle into the oil substrate and inject water in a predetermined pattern.

“We can squeeze liquid from a needle, and place threads of water anywhere we want in three dimensions,” said Forth. “We can also ping the material with an external force, which momentarily breaks the supersoap’s stability and changes the shape of the water threads. The structures are endlessly reconfigurable.”

Source: Berkeley Lab Scientists Print All-Liquid 3-D Structures

Jaywalkers under surveillance in Shenzhen soon to be punished via text messages

Intellifusion, a Shenzhen-based AI firm that provides technology to the city’s police to display the faces of jaywalkers on large LED screens at intersections, is now talking with local mobile phone carriers and social media platforms such as WeChat and Sina Weibo to develop a system where offenders will receive personal text messages as soon as they violate the rules, according to Wang Jun, the company’s director of marketing solutions.

“Jaywalking has always been an issue in China and can hardly be resolved just by imposing fines or taking photos of the offenders. But a combination of technology and psychology … can greatly reduce instances of jaywalking and will prevent repeat offences,” Wang said.

[…]

For the current system installed in Shenzhen, Intellifusion installed cameras with 7 million pixels of resolution to capture photos of pedestrians crossing the road against traffic lights. Facial recognition technology identifies the individual from a database and displays a photo of the jaywalking offence, the family name of the offender and part of their government identification number on large LED screens above the pavement.

In the 10 months to February this year, as many as 13,930 jaywalking offenders were recorded and displayed on the LED screen at one busy intersection in Futian district, the Shenzhen traffic police announced last month.

Taking it a step further, in March the traffic police launched a webpage which displays photos, names and partial ID numbers of jaywalkers.

These measures have effectively reduced the number of repeat offenders, according to Wang.

Source: Jaywalkers under surveillance in Shenzhen soon to be punished via text messages | South China Morning Post

Wow, that’s a scary way to scan your entire population

AI Imagines Nude Paintings as Terrifying Pools of Melting Flesh

When Robbie Barrat trained an AI to study and reproduce classical nude paintings, he expected something at least recognizable. What the AI produced instead was unfamiliar and unsettling, but still intriguing. The “paintings” look like flesh-like ice cream, spilling into pools that only vaguely recall a woman’s body. Barrat told Gizmodo these meaty blobs, disturbing and unintentional as they are, may impact both art and AI.

“Before, you would be feeding the computer a set of rules it would execute perfectly, with no room for interpretation by the computer,” Barrat said via email. “Now with AI, it’s all about the machine’s interpretation of the dataset you feed it—in this case how it (strangely) interprets the nude portraits I fed it.”

AI’s influence is certainly more pronounced in this project than in most computer generated art, but while that wasn’t what Barrat intended, he says the results were much better this way.

“Would I want the results to be more realistic? Absolutely not,” he said. “I want to get AI to generate new types of art we haven’t seen before; not force some human perspective on it.”

Barrat explained the process of training the AI to produce imagery of a curving body from some surreal parallel universe:

“I used a dataset of thousands of nude portraits I scraped, along with techniques from a new paper that recently came out called ‘Progressive Growing of GANs’ to generate the images,” he said. “The generator tries to generate paintings that fool the discriminator, and the discriminator tries to learn how to tell the difference between ‘fake’ paintings that the generator feeds it, and real paintings from the dataset of nude portraits.”

The Francis Bacon-esque paintings were purely serendipitous.

“What happened with the nude portraits is that the generator figured it could just feed the discriminator blobs of flesh, and the discriminator wasn’t able to tell the difference between strange blobs of flesh and humans, so since the generator could consistently fool the discriminator by painting these strange forms of flesh instead of realistic nude portraits; both components stopped learning and getting better at painting.”

As Barrat pointed out on Twitter, this method of working with a computer program has some art history precedent. Having an AI execute the artist’s specific directions is reminiscent of instructional art—a conceptual art technique, best exampled by Sol LeWitt, where artists provide specific instructions for others to create the artwork. (For example: Sol LeWitt’s Wall Drawing, Boston Museum: “On a wall surface, any continuous stretch of wall, using a hard pencil, place fifty point at random. The points should be evenly distributed over the area of the wall. All of the points should be connected by straight lines.”)

 Giving the AI limited autonomy to create art may be more than just a novelty, it may eventually lead to a truly new form of generating art with entirely new subjectivities.

“I want to use AI to make its own new and original artworks, not just get AI to mimic things that people were making in the 1600’s.”

Source: AI Imagines Nude Paintings as Terrifying Pools of Melting Flesh

Any social media accounts to declare? US wants travelers to tell

The US Department of State wants to ask visa applicants to provide details on the social media accounts they’ve used in the past five years, as well as telephone numbers, email addresses, and international travel during this period.

The plan, if approved by the Office of Management and Budget, will expand the vetting regime applied to those flagged for extra immigration scrutiny – rolled out last year – to every immigrant visa applicant and to non-immigrant visa applicants such as business travelers and tourists.

The Department of State published its notice of request for public comment in the Federal Register on Friday. The comment process concludes on May 29, 2018.

The notice explains that the Department of State wants to expand the information it collects by adding questions to its Electronic Application for Immigrant Visa and Alien Registration (DS-260).

The online form will provide a list of social media platforms – presumably the major ones – and “requires the applicant to provide any identifiers used by applicants for those platforms during the five years preceding the date of application.”

For social media platforms not on the list, visa applicants “will be given the option to provide information.”

The Department of State says that the form “will be submitted electronically over an encrypted connection to the Department via the internet,” as if to offer reassurance that it will be able to store the data securely.

It’s perhaps worth noting that Russian hackers penetrated the Department of State’s email system in 2014, and in 2016, the State Department’s Office of Inspector General (OIG) gave the agency dismal marks for both its physical and cybersecurity competency.

The Department of State estimates that its revised visa process will affect 710,000 immigrant visa applicants attempting to enter the US; its more limited review of travelers flagged for additional screening only affected an estimated 65,000 people.

But around 10 million non-immigrant visa applicants who seek to come to the US can also look forward to social media screening.

In a statement emailed to The Register, a State Department spokesperson said the proposed changes follow from President Trump’s March 2017 Memorandum and Executive Order 13780 and reflect the need for screening standards to address emerging threats.

“Under this proposal, nearly all US visa applicants will be asked to provide additional information, including their social media identifiers, prior passport numbers, information about family members, and a longer history of past travel, employment, and contact information than is collected in current visa application forms,” the spokesperson said.

The Department of State already collects limited contact information, travel history, family member information, and previous addresses from all visa applicants, the spokesperson said.

Source: Any social media accounts to declare? US wants travelers to tell • The Register

AI predicts your lifespan using activity tracking apps

Researchers can estimate your expected lifespan based on physiological traits like your genes or your circulating blood factor, but that’s not very practical on a grand scale. There may be a shortcut, however: the devices you already have on your body. Russian scientists have crafted an AI-based algorithm that uses the activity tracking from smartphones and smartwatches to estimate your lifespan with far greater precision than past models.

The team used a convolutional neural network to find the “biologically relevant” motion patterns in a large set of US health survey data and correlate that to both lifespans and overall health. It would look for not just step counts, but how often you switch between active and inactive periods — many of the other factors in your life, such as your sleeping habits and gym visits, are reflected in those switches. After that, it was just a matter of applying the understanding to a week’s worth of data from test subjects’ phones. You can even try it yourself through Gero Lifespan, an iPhone app that uses data from Apple Health, Fitbit and Rescuetime (a PC productivity measurement app) to predict your longevity.

This doesn’t provide a full picture of your health, as it doesn’t include your diet, genetics and other crucial factors. Doctors would ideally use both mobile apps and clinical analysis to give you a proper estimate, and the scientists are quick to acknowledge that what you see here isn’t completely ready for medical applications. The AI is still more effective than past approaches, though, and it could be useful for more accurate health risk models that help everything from insurance companies (which already use activity tracking as an incentive) to the development of anti-aging treatments.

Source: AI predicts your lifespan using activity tracking apps

No idea what the percentages are though

Emmanuel Macron Q&A: France’s President Discusses Artificial Intelligence Strategy

On Thursday, Emmanuel Macron, the president of France, gave a speech laying out a new national strategy for artificial intelligence in his country. The French government will spend €1.5 billion ($1.85 billion) over five years to support research in the field, encourage startups, and collect data that can be used, and shared, by engineers. The goal is to start catching up to the US and China and to make sure the smartest minds in AI—hello Yann LeCun—choose Paris over Palo Alto.Directly after his talk, he gave an exclusive and extensive interview, entirely in English, to WIRED Editor-in-Chief Nicholas Thompson about the topic and why he has come to care so passionately about it.

[…]

: AI will raise a lot of issues in ethics, in politics, it will question our democracy and our collective preferences. For instance, if you take healthcare: you can totally transform medical care making it much more predictive and personalized if you get access to a lot of data. We will open our data in France. I made this decision and announced it this afternoon. But the day you start dealing with privacy issues, the day you open this data and unveil personal information, you open a Pandora’s Box, with potential use cases that will not be increasing the common good and improving the way to treat you. In particular, it’s creating a potential for all the players to select you. This can be a very profitable business model: this data can be used to better treat people, it can be used to monitor patients, but it can also be sold to an insurer that will have intelligence on you and your medical risks, and could get a lot of money out of this information. The day we start to make such business out of this data is when a huge opportunity becomes a huge risk. It could totally dismantle our national cohesion and the way we live together. This leads me to the conclusion that this huge technological revolution is in fact a political revolution.

When you look at artificial intelligence today, the two leaders are the US and China. In the US, it is entirely driven by the private sector, large corporations, and some startups dealing with them. All the choices they will make are private choices that deal with collective values. That’s exactly the problem you have with Facebook and Cambridge Analytica or autonomous driving. On the other side, Chinese players collect a lot of data driven by a government whose principles and values are not ours. And Europe has not exactly the same collective preferences as US or China. If we want to defend our way to deal with privacy, our collective preference for individual freedom versus technological progress, integrity of human beings and human DNA, if you want to manage your own choice of society, your choice of civilization, you have to be able to be an acting part of this AI revolution . That’s the condition of having a say in designing and defining the rules of AI. That is one of the main reasons why I want to be part of this revolution and even to be one of its leaders. I want to frame the discussion at a global scale.

[…]

I want my country to be the place where this new perspective on AI is built, on the basis of interdisciplinarity: this means crossing maths, social sciences, technology, and philosophy. That’s absolutely critical. Because at one point in time, if you don’t frame these innovations from the start, a worst-case scenario will force you to deal with this debate down the line. I think privacy has been a hidden debate for a long time in the US. Now, it emerged because of the Facebook issue. Security was also a hidden debate of autonomous driving. Now, because we’ve had this issue with Uber, it rises to the surface. So if you don’t want to block innovation, it is better to frame it by design within ethical and philosophical boundaries. And I think we are very well equipped to do it, on top of developing the business in my country.

But I think as well that AI could totally jeopardize democracy. For instance, we are using artificial intelligence to organize the access to universities for our students That puts a lot of responsibility on an algorithm. A lot of people see it as a black box, they don’t understand how the student selection process happens. But the day they start to understand that this relies on an algorithm, this algorithm has a specific responsibility. If you want, precisely, to structure this debate, you have to create the conditions of fairness of the algorithm and of its full transparency. I have to be confident for my people that there is no bias, at least no unfair bias, in this algorithm. I have to be able to tell French citizens, “OK, I encouraged this innovation because it will allow you to get access to new services, it will improve your lives—that’s a good innovation to you.” I have to guarantee there is no bias in terms of gender, age, or other individual characteristics, except if this is the one I decided on behalf of them or in front of them. This is a huge issue that needs to be addressed. If you don’t deal with it from the very beginning, if you don’t consider it is as important as developing innovation, you will miss something and at a point in time, it will block everything. Because people will eventually reject this innovation.

[…]

your algorithm and be sure that this is trustworthy.” The power of consumption society is so strong that it gets people to accept to provide a lot of personal information in order to get access to services largely driven by artificial intelligence on their apps, laptops and so on. But at some point, as citizens, people will say, “I want to be sure that all of this personal data is not used against me, but used ethically, and that everything is monitored. I want to understand what is behind this algorithm that plays a role in my life.” And I’m sure that a lot of startups or labs or initiatives which will emerge in the future, will reach out to their customers and say “I allow you to better understand the algorithm we use and the bias or non-bias.” I’m quite sure that’s one of the next waves coming in AI. I think it will increase the pressure on private players. These new apps or sites will be able to tell people: “OK! You can go to this company or this app because we cross-check everything for you. It’s safe,” or on the contrary: “If you go to this website or this app or this research model, it’s not OK, I have no guarantee, I was not able to check or access the right information about the algorithm”.

Source: Emmanuel Macron Q&A: France’s President Discusses Artificial Intelligence Strategy | WIRED

Card Data Stolen From 5 Million Saks and Lord & Taylor Customers

Saks has been hacked — adding to the already formidable challenges faced by the luxury retailer.

A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. The data, the firm said, appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers until last month.

The Hudson’s Bay Company, the Canadian corporation that owns both retail chains, confirmed on Sunday that a breach had occurred.

“We have become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America,” the company said in a statement. “We have identified the issue, and have taken steps to contain it. Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”

Hudson’s Bay said that its investigation was continuing but that its e-commerce platforms appeared to have been unaffected by the breach. The company declined to identify how many customer accounts or stores were affected.

The theft is one of the largest known breaches of a retailer and shows just how difficult it is to secure credit-card transaction systems despite the lessons learned from other large data breaches, including the theft of 40 million card numbers from Target in 2013 and 56 million card numbers from Home Depot in 2014. Last year, Equifax, a credit reporting firm, disclosed that sensitive financial information on 145.5 million Americans had been exposed in a breach of the company’s systems.

The research firm that identified the Saks breach, Gemini Advisory, said on Sunday that a group of Russian-speaking hackers known as Fin7 or JokerStash posted online on Wednesday that it had obtained a cache of five million stolen card numbers, which the thieves called BIGBADABOOM-2. The hackers, who have also hit other retail chains, offered 125,000 of the records for immediate sale.

Fin7 did not disclose where the numbers had been obtained. But the researchers, working in conjunction with banks, analyzed a sample of the records and determined that the card numbers all seemed to have been used at Saks and Lord & Taylor stores, mostly in New York and New Jersey, from May 2017 to March 2018.

Source: Card Data Stolen From 5 Million Saks and Lord & Taylor Customers – The New York Times

You can now use your Netflix subscription anywhere in the EU

‘This content is not available in your country’ – a damn annoying message, especially when you’re paying for it. But a new EU regulation means you can now access Netflix, Amazon Prime and other services from any country in Europe, marking an end to boring evenings in hotels watching BBC World News.

The European Commission’s ‘digital single market strategy’, which last year claimed victory over mobile roaming charges, has now lead to it passing the ‘portability regulation’, which will allow users around the EU to use region locked services more freely while travelling abroad.

Under currently active rules, what content is available in a certain territory is based on the specific local rights that a provider has secured. The new rules allow for what Phil Sherrell, head of international media, entertainment and sport for international law firm Bird and Bird, calls “copyright fiction”, allowing the normal rules to be bent temporarily while a user is travelling.

The regulation was originally passed in June 2017, but the nine-month period given to rights holders and service providers to prepare is about to expire, and thereby making the rules enforceable.

From today, content providers, whether their products are videos, music, games, live sport or e-books, will use their subscribers’ details to validate their home country, and let them access all the usual content and services available in that location all around the Union. This is mandatory for all paid services, who are also not permitted to charge extra for the new portability.

Sadly, this doesn’t mean you get extra content from other countries when you use the services back at home, just parity of experience around the EU. Another caveat to the regulation is that services which are offered for free, such as the online offerings of public service broadcasters like the BBC, are not obliged to follow the regulation. These providers instead may opt-in to the rules should they want to compete with their fee charging rivals.

[…]

Brexit of course may mean UK users only benefit from the legislation for a year or so, but that’s as yet unconfirmed. For now though, we can enjoy the simple pleasure of going abroad and, instead of sampling some of the local sights, enjoy the crucial freedom of watching, listening, playing or reading the same things that we could get at home.

Source: You can now use your Netflix subscription anywhere in the EU | WIRED UK

Chrome Is Scanning Files on Your Computer, and People Are Freaking Out

The browser you likely use to read this article scans practically all files on your Windows computer. And you probably had no idea until you read this. Don’t worry, you’re not the only one.

Last year, Google announced some upgrades to Chrome, by far the world’s most used browser—and the one security pros often recommend. The company promised to make internet surfing on Windows computers even “cleaner” and “safer ” adding what The Verge called “basic antivirus features.” What Google did was improve something called Chrome Cleanup Tool for Windows users, using software from cybersecurity and antivirus company ESET.

Tensions around the issue of digital privacy are understandably high following Facebook’s Cambridge Analytica scandal, but as far as we can tell there is no reason to worry here, and what Google is doing is above board.

In practice, Chome on Windows looks through your computer in search of malware that targets the Chrome browser itself using ESET’s antivirus engine. If it finds some suspected malware, it sends metadata of the file where the malware is stored, and some system information, to Google. Then, it asks you to for permission to remove the suspected malicious file. (You can opt-out of sending information to Google by deselecting the “Report details to Google” checkbox.)

A screenshot of the Chrome pop-up that appears if Chrome Cleanup Tool detects malware on your Windows computer.

Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer.

“In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation—even just to preemptively ease speculation,” Shortridge told me in an online chat. “Their intentions are clearly security-minded, but the lack of explicit consent and transparency seems to violate their own criteria of ‘user-friendly software’ that informs the policy for Chrome Cleanup [Tool].”

Her tweet got a lot of attention and caused other people in the infosec community—as well as average users such as me—to scratch their heads.

“Nobody likes surprises,” Haroon Meer, the founder at security consulting firm Thinkst, told me in an online chat. “When people fear a big brother, and tech behemoths going too far…a browser touching files it has no business to touch is going to set off alarm bells.”

Now, to be clear, this doesn’t mean Google can, for example, see photos you store on your windows machine. According to Google, the goal of Chrome Cleanup Tool is to make sure malware doesn’t mess up with Chrome on your computer by installing dangerous extensions, or putting ads where they’re not supposed to be.

As the head of Google Chrome security Justin Schuh explained on Twitter, the tool’s “sole purpose is to detect and remove unwanted software manipulating Chrome.” Moreover, he added, the tool only runs weekly, it only has normal user privileges (meaning it can’t go too deep into the system), is “sandboxed” (meaning its code is isolated from other programs), and users have to explicitly click on that box screenshotted above to remove the files and “cleanup.”

In other words, Chrome Cleanup Tool is less invasive than a regular “cloud” antivirus that scans your whole computer (including its more sensitive parts such as the kernel) and uploads some data to the antivirus company’s servers.

But as Johns Hopkins professor Matthew Green put it, most people “are just a little creeped out that Chrome started poking through their underwear drawer without asking.”

That’s the problem here: most users of an internet browser probably don’t expect it to scan and remove files on their computers.

Source: Chrome Is Scanning Files on Your Computer, and People Are Freaking Out – Motherboard

I really don’t think it is the job of the browser to scan your computer at all.

Grindr: Yeah, we shared your HIV status info with other companies – but we didn’t charge them! (oh and your GPS coords)

Hookup fixer Grindr is on the defensive after it shared sensitive information, including HIV status and physical location, of its app’s users with outside organizations.

The quickie booking facilitator on Monday admitted it passed, via HTTPS, people’s public profiles to third-party analytics companies to process on its behalf. That means, yes, the information was handed over in bulk, but, hey, at least it didn’t sell it!

“Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers,” CTO Scott Chen said in a statement.

Rather than apologize, Grindr said its punters should have known better than to give it any details they didn’t want passed around to other companies. On the one hand, the data was scraped from the application’s public profiles, so, well, maybe people ought to calm down. It was all public anyway. On the other hand, perhaps people didn’t expect it to be handed over for analysis en masse.

“It’s important to remember that Grindr is a public forum,” Chen said. “We give users the option to post information about themselves including HIV status and last test date, and we make it clear in our privacy policy that if you choose to include this information in your profile, the information will also become public.”

This statement is in response to last week’s disclosure by security researchers on the ways the Grindr app shares user information with third-party advertisers and partners. Among the information found to be passed around by Grindr was the user’s HIV status, something Grindr allows members to list in their profiles.

The HIV status, along with last test date, sexual position preference, and GPS location were among the pieces of info Grindr shared via encrypted network connections with analytics companies Localytics and Apptimize.

The revelation drew sharp criticism of Grindr, with many slamming the upstart for sharing what many consider to be highly sensitive personal information with third-parties along with GPS coordinates.

Source: Grindr: Yeah, we shared your HIV status info with other companies – but we didn’t charge them! • The Register

‘Being cash-free puts us at risk of attack’: Swedes turn against cashlessness

Most consumers already say they manage without cash altogether, while shops and cafes increasingly refuse to accept notes and coins because of the costs and risk involved. Until recently, however, it has been hard for critics to find a hearing.

“The Swedish government is a rather nice one, we have been lucky enough to have mostly nice ones for the past 100 years,” says Christian Engström, a former MEP for the Pirate Party and an early opponent of the cashless economy.

“In other countries there is much more awareness that you cannot trust the government all the time. In Sweden it is hard to get people mobilised.”

There are signs this might be changing. In February, the head of Sweden’s central bank warned that Sweden could soon face a situation where all payments were controlled by private sector banks.

The Riksbank governor, Stefan Ingves, called for new legislation to secure public control over the payments system, arguing that being able to make and receive payments is a “collective good” like defence, the courts, or public statistics.

“Most citizens would feel uncomfortable to surrender these social functions to private companies,” he said.

“It should be obvious that Sweden’s preparedness would be weakened if, in a serious crisis or war, we had not decided in advance how households and companies would pay for fuel, supplies and other necessities.”

[…]

Until now, Kontantupproret has been dismissed as the voice of the elderly and the technologically backward, Eriksson says.

“When you have a fully digital system you have no weapon to defend yourself if someone turns it off,” he says.

“If Putin invades Gotland [Sweden’s largest island] it will be enough for him to turn off the payments system. No other country would even think about taking these sorts of risks, they would demand some sort of analogue system.”

[…]

Skarec points to problems with card payments experienced by two Swedish banks just during the past year, and by Bank ID, the digital authorisation system that allows people to identify themselves for payment purposes using their phones.

Fraudsters have already learned to exploit the system’s idiosyncrasies to trick people out of large sums of money, even their pensions.

The best case scenario is that we are not as secure as we think, Skarec says – the worst is that IT infrastructure is systemically vulnerable.

“We are lucky that the people who know how to hack into them are on the good side, for now,” he says. “But we don’t know how things will progress. It’s not that easy to attack devices today, but maybe it will become easier to do so in the future.”

The banks recognise that digital payments can be vulnerable, just like cash.

“Of course there are people trying to abuse them, but they are no more vulnerable than any other method of payment,” says Per Ekwall, a spokesperson for Swish, the immensely popular mobile payments system owned by Sweden’s banks.

[…]

But an opinion poll this month revealed unease among Swedes, with almost seven out of 10 saying they wanted to keep the option to use cash, while just 25% wanted a completely cashless society. MPs from left and right expressed concerns at a recent parliamentary hearing. Parliament is conducting a cross-party review of central bank legislation that will also investigate the issues surrounding cash.

[…]

“If you have control of the servers belonging to Visa or MasterCard, you have control of Sweden,” Engström says.

“In the meantime, we will have to keep giving our money to the banks, and hope they don’t go bankrupt – or bananas.”

Source: ‘Being cash-free puts us at risk of attack’: Swedes turn against cashlessness | World news | The Guardian

Rise in Ransomware Attacks Actually Led to Fewer Exposed Records, IBM Discovers

It seems as if last year’s data breaches were characterized by increased regularity, yet somehow, according to the latest research from IBM Security, fewer records were actually exposed.

The year saw a 25 percent dip in exposed records—2.5 billion down from 4 billion the previous year—according to IBM’s latest X-Force report. The cause: Cybercriminals have largely turned their focus to launching ransomware attacks that encrypt data locally.

“Last year, there was a clear focus by criminals to lock or delete data, not just steal it, through ransomware attacks,” said Wendi Whitmore, global lead at IBM X-Force Incident Response and Intelligence Services (IRIS).

Graphic: IBM Security

Notwithstanding, 2017 also saw an unprecedented 424 percent increase in breaches caused by misconfigured cloud storage devices, which the researchers attributed mostly to human error. More often now, configuration mistakes by careless employees are doing hackers’ work for them.

Of the records tracked by IBM, nearly 70 percent were leaked due to the inadvertent activities of owners, reflecting a “growing awareness among cybercriminals of the existence of misconfigured cloud servers.”

Additionally, researchers found that roughly a third of all security incidents caused by “inadvertent activity” were driven by phishing attacks. The bulk of the attacks are not highly targeted, but launched en mass as spam. Over one four-day period, IBM reports, criminals sent 22 million emails using the infamous Necurs botnet, the largest purveyor internet botnet spam worldwide.

Graphic: IBM Security

According to IBM, financial services, formerly the most targeted industry, has fallen to third place, behind IT & communications and manufacturing, which, respectively, absorbed 33 percent and 18 percent of attacks observed by the researchers.

Source: Rise in Ransomware Attacks Actually Led to Fewer Exposed Records, IBM Discovers

Is there alien life out there? Let’s turn to AI, problem solver du jour

A team of astroboffins have built artificial neural networks that estimate the probability of exoplanets harboring alien life.

The research was presented during a talk on Wednesday at the European Week of Astronomy and Space Science in Liverpool, United Kingdom.

The neural network works by classifying planets into five different conditions: the present-day Earth, the early Earth, Mars, Venus or Saturn’s moon Titan. All of these objects have a rocky core and an atmosphere, two requirements scientists believe are necessary for sustaining the right environments for life to blossom.

To train the system, researchers collected the spectral data that describes what chemical elements are present in a planet’s atmosphere of a planet. They then created hundreds of these “atmospheric profiles” as inputs and the neural network then gives a rough estimate of the probability that a particular planet might support life by classifying it into those five types.

If a planet is judged as Earth-like, it means it has a high probability of life. But if it’s classified as being closer to Venus, then the chances are lower.

“We’re currently interested in these artificial neural networks (ANNs) for prioritising exploration for a hypothetical, intelligent, interstellar spacecraft scanning an exoplanet system at range,” said Christopher Bishop, a PhD student at Plymouth University.

“We’re also looking at the use of large area, deployable, planar Fresnel antennas to get data back to Earth from an interstellar probe at large distances. This would be needed if the technology is used in robotic spacecraft in the future.”

Experimental

At the moment, however, the ANN is more of a proof of concept. Angelo Cangelosi, professor of artificial intelligence and cognition at Plymouth University and the supervisor of the project, said initial results seem promising.

“Given the results so far, this method may prove to be extremely useful for categorizing different types of exoplanets using results from ground–based and near Earth observatories.”

There are a couple exoplanet-hunting telescopes that will use spectroscopy to analyze a planet’s chemical composition that are expected to be launched in the near future.

NASA’s Transiting Exoplanet Satellite Survey (TESS) will monitor the brightest stars in the sky to look for periodic dips in brightness when an orbiting planet crosses its path. The European Space Agency also announced Ariel, a mission that uses infrared to find exoplanets.

The Kepler Space Telescope is already looking for new candidates – although it’s set to retire soon – and is also looking for similar data. It is hoped by analyzing the spectral data for exoplanets, it could aid scientists in choosing better targets for future missions, where spacecraft can be sent to more detailed observations

Source: Is there alien life out there? Let’s turn to AI, problem solver du jour • The Register

The thing about ML models is that shit in leads to shit out. We have no data on inhabited planets apart from Earth, so it seems to me that the assumptions these guys are making aren’t worth a damn.

EU businesses take 175 days to detect breaches vs global averge of 101 days

European organisations are taking longer to detect breaches than their counterparts in North America, according to a study by FireEye.

Organisations in EMEA are taking almost six months (175 days) to detect an intruder in their networks, which is rather more than the 102 days that the firm found when asking the same questions last year. In contrast, the median dwell time in the Americas improved to 76 days in 2017 from 99 in 2016. Globally it stands at 101 days.

The findings about European breach detection are a particular concern because of the looming GDPR deadline, which will introduce tougher breach disclosure guidelines for organisations that hold Europeans citizens’ data. GDPR can also mean fines of €20 million, or four per cent of global turnover, whichever is higher.

FireEye’s report also records a growing trend of repeat attacks by hackers looking for a second bite of the cherry. A majority (56 per cent) of global organisations that received incident response support were targeted again by the same of a similarly motivated attack group, FireEye reports.

FireEye has historically blamed China for many of the breaches its incident response teams detected. But as the geo-political landscape has changed Russia and North Korea are getting more and more “credit” for alleged cyber-nasties.

But a different country – Iran – features predominantly in attacks tracked by FireEye last year. Throughout 2017, Iran grew more capable from an offensive perspective. FireEye said that it “observed a significant increase in the number of cyber-attacks originating from Iran-sponsored threat actors”.

FireEye’s latest annual M-Trends report (pdf) is based on information gathered during investigations conducted by its security analysts in 2017 and uncovers emerging trends and tactics that threat actors used to compromise organisations.

Source: US spanks EU businesses in race to detect p0wned servers • The Register

1.5 BEEELLION sensitive files found exposed online dwarf Panama Papers leak

Security researchers have uncovered 1.5 billion business and consumer files exposed online – just a month before Europe’s General Data Protection Regulation comes into force.

During the first three months of 2018, threat intel firm Digital Shadows detected 1,550,447,111 publicly available files across open Amazon Simple Storage Service (S3) buckets, rsync, Server Message Block (SMB), File Transfer Protocol (FTP) servers, misconfigured websites, and Network Attached Storage (NAS) drives.

This included documents spanning payroll data, tax returns, medical records, credit cards and intellectual property. A staggering 64,176,425 files came from the UK alone.

The trove amounts to more than 12PB (12,000TB) of exposed data – more than 4,000 times larger than the Panama Papers leak, which weighed in at a measly 2.6TB.

The most common data exposed was payroll and tax return files, which accounted for 700,000 and 60,000 files respectively. However, consumers were also at risk from 14,687 instances of leaked contact information and 4,548 patient lists. A large volume of point-of-sale terminal data – transactions, times, places, and even some credit card details – was publicly available.

Although misconfigured Amazon S3 buckets have hogged headlines recently, in this study (registration required) cloud system leaks accounted for only 7 per cent of exposed data. Instead it is older, yet still widely used, technologies – such as SMB (33 per cent), rsync (28 per cent) and FTP (26 per cent) – which have contributed the most.

Business-critical information also leaked. For example, a patent summary for renewable energy in a document marked as “strictly confidential” was discovered. Another case included a document containing proprietary source code submitted as part of a copyright application. This file included the code that outlined the design and workflow of a site providing software Electronic Medical Records, as well as details about the copyright application.

Third parties and contractors were identified as one of the most common sources of sensitive data exposure. The leaked information included security assessment and penetration tests. In addition, Digital Shadows identified consumer backup devices that were misconfigured to be internet-facing and inadvertently making private information public.

Source: 1.5 BEEELLION sensitive files found exposed online dwarf Panama Papers leak • The Register

Most of 2.2 billion Facebook users had their data scraped by externals – because it was easy to do

At this point, the social media company is just going for broke, telling the public it should just assume that “most” of the 2.2 billion Facebook users have probably had their public data scraped by “malicious actors.”

[…]

Meanwhile, reports have focused on a variety of issues that have popped up in just the last 24 hours. It’s hard to focus on what matters—and frankly, all of it seems to matter, so in turn, it ends up feeling like none of it does. This is the Trump PR playbook, and Facebook is running it perfectly. It’s the media version of too big to fail, call it too big to matter. Let us suggest that you just zero in on one detail from yesterday’s blog post about new restrictions on data access on the platform.

Mike Schroepfer, Facebook’s chief technology officer, explained that prior to yesterday, “people could enter another person’s phone number or email address into Facebook search to help find them.” This function would help you cut through all the John Smiths and locate the page of your John Smith. He gave the example of Bangladesh where the tool was used for 7 percent of all searches. Thing is, it was also useful to data-scrapers. Schroepfer wrote:

However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.

The full meaning of that paragraph might not be readily apparent, but imagine you’re a hacker who bought a huge database of phone numbers on the dark web. Those numbers might have some use on their own, but they become way more useful for breaking into individual systems or committing fraud if you can attach more data to them. Facebook is saying that this kind of malicious actor would regularly take one of those numbers and use the platform to hunt down all publicly available data on its owner. This process, of course, could be automated and reap huge rewards with little effort. Suddenly, the hacker might have a user’s number, photos, marriage status, email address, birthday, location, pet names, and more—an excellent toolkit to do some damage.

In yesterday’s Q&A, Zuckerberg explained that Facebook did have some basic protections to prevent the sort of automation that makes this particularly convenient, but “we did see a number of folks who cycled through many thousands of IPs, hundreds of thousands of IP addresses to evade the rate-limiting system, and that wasn’t a problem we really had a solution to.” The ultimate solution was to shut the features down. As far as the impact goes, “I think the thing people should assume, given this is a feature that’s been available for a while—and a lot of people use it in the right way—but we’ve also seen some scraping, I would assume if you had that setting turned on, that someone at some point has accessed your public information in this way,” Zuckerberg said. Did you have that setting turned on? Ever? Given that Facebook says “most” accounts were affected, it’s safe to assume you did.

[…]

Mark Zuckerberg has known from the beginning that his creation was bad for privacy and security. Activists, the press, and tech experts have been saying it for years, but we the public either didn’t understand, didn’t care, or chose to ignore the warnings. That’s not totally the public’s fault. We’re only now seeing a big red example of what it means for one company, controlled by one man, to have control over seemingly limitless personal information. Even the NSA can’t keep its secret hacking tools on lockdown, why would Facebook be able to protect your information? In many respects, it was just giving it away.

Source: Facebook Just Made a Shocking Admission, and We’re All Too Exhausted to Notice

 
Skip to toolbar