Did Cambridge Analytica Harvest 50 Million Facebook Profiles? (theguardian.com) 76

Slashdot reader umafuckit shared this article from The Guardian: The data analytics firm that worked with Donald Trump's election team and the winning Brexit campaign harvested millions of Facebook profiles of U.S. voters, in one of the tech giant's biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box... Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: "We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals... On Friday, four days after the Observer sought comment for this story, but more than two years after the data breach was first reported, Facebook announced that it was suspending Cambridge Analytica and Kogan from the platform, pending further information over misuse of data. Separately, Facebook's external lawyers warned the Observer on Friday it was making "false and defamatory" allegations, and reserved Facebook's legal position...

The evidence Wylie supplied to U.K. and U.S. authorities includes a letter from Facebook's own lawyers sent to him in August 2016, asking him to destroy any data he held that had been collected by GSR, the company set up by Kogan to harvest the profiles... Facebook did not pursue a response when the letter initially went unanswered for weeks because Wylie was travelling, nor did it follow up with forensic checks on his computers or storage, he said. "That to me was the most astonishing thing. They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."

Wylie worked with Aleksandr Kogan, the creator of the "thisisyourdigitallife" app, "who has previously unreported links to a Russian university and took Russian grants for research," according to the article. Kogan "had a licence from Facebook to collect profile data, but it was for research purposes only. So when he hoovered up information for the commercial venture, he was violating the company's terms...

"At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential U.S. voters."

Microsoft Wants To Force Windows 10 Mail Users To Use Edge For Email Links (theverge.com) 167

Microsoft has revealed today that "we will begin testing a change where links clicked on within the Windows Mail app will open in Microsoft Edge." What this means is that if you have Chrome or Firefox set as your default browser in Windows 10, Microsoft will simply ignore that and force you into Edge when you click a link within the Mail app. The Verge reports: "As always, we look forward to feedback from our WIP community," says Microsoft's Dona Sarkar in a blog post today. I'm sure Microsoft will receive a lot of feedback over this unnecessary change, and we can only hope the company doesn't ignore it.
The Internet

Tumblr Has a Massive Creepshots Problem (vice.com) 121

After Reddit famously banned the creepshots sub-reddit, which shared non-consensual, revealing photos of women, Tumblr now has a slew of users pushing out similar photos across at least dozens of dedicated blogs, a Motherboard investigation has found. From the report: Simply typing 'creepshot' or related terms into Tumblr's built-in search function returns a steady stream of tagged posts, and Google queries easily reveal links to relevant Tumblr blogs. Motherboard found just under 70 Tumblr blogs focused on sharing creepshots, most with a bevy of content. In some cases, the Tumblrs also host 'upskirt' photos or videos, where a camera is deliberately, and stealthily, positioned to look up an unsuspecting person's skirt. Some of the subjects of these images, as well as many of the clothed creepshots, appear to be young, possibly teenagers.

"This is only the tip of the iceberg, there are probably hundreds of these accounts filming in high schools, college campuses, in malls, and on the streets. And Tumblr seems to not care at all about the problem," an anonymous tipster, who first alerted Motherboard to the issue, wrote in an email. One of the most popular creepshot Tumblrs has some 11,000 followers, and one of its posts has over 53,000 interactions linked to it, including reblogs, where the video or picture then appears on the user's own Tumblr, spreading the content further.


Downloads of Popular Apps Were Silently Swapped For Spyware in Turkey: Citizen Lab (www.cbc.ca) 29

Matthew Braga, reporting for CBC: Since last fall, Turkish internet users attempting to download one of a handful of popular apps may have been the unwitting targets of a wide-reaching computer surveillance campaign. And in Egypt, users across the country have, seemingly at random, had their browsing activity mysteriously redirected to online money-making schemes. Internet filtering equipment sold by technology company Sandvine -- founded in Waterloo, Ont. -- is believed to have played a significant part in both.

That's according to new research from the University of Toronto's Citizen Lab, which has examined misuse of similar equipment from other companies in the past. The researchers say it's likely that Sandvine devices are not only being used to block the websites of news, political and human rights organizations, but are also surreptitiously redirecting users toward spyware and unwanted ads. Using network-filtering devices to sneak spyware onto targets' computers "has long been the stuff of legends" according to the report -- a practice previously documented in leaked NSA documents and spyware company brochures, the researchers say, but never before publicly observed.
Citizen Lab notes that targeted users in Turkey and Syria who attempted to download Windows applications from official vendor websites including Avast Antivirus, CCleaner, Opera, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. It adds: This redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default. Additionally, targeted users in Turkey and Syria who downloaded a wide range of applications from CBS Interactive's Download.com (a platform featured by CNET to download software) were instead redirected to versions containing spyware. Download.com does not appear to support HTTPS despite purporting to offer "secure download" links.

Ubisoft is Using AI To Catch Bugs in Games Before Devs Make Them (wired.co.uk) 126

AI has a new task: helping to keep the bugs out of video games. From a report: At the recent Ubisoft Developer Conference in Montreal, the French gaming company unveiled a new AI assistant for its developers. Dubbed Commit Assistant, the goal of the AI system is to catch bugs before they're ever committed into code, saving developers time and reducing the number of flaws that make it into a game before release. "I think like many good ideas, it's like 'how come we didn't think about that before?'," says Yves Jacquier, who heads up La Forge, Ubisoft's R&D division in Montreal. His department partners with local universities including McGill and Concordia to collaborate on research intended to advance the field of artificial intelligence as a whole, not just within the industry.

La Forge fed Commit Assistant with roughly ten years' worth of code from across Ubisoft's software library, allowing it to learn where mistakes have historically been made, reference any corrections that were applied, and predict when a coder may be about to write a similar bug. "It's all about comparing the lines of code we've created in the past, the bugs that were created in them, and the bugs that were corrected, and finding a way to make links [between them] to provide us with a super-AI for programmers," explains Jacquier.

The Courts

Playboy Drops Its Copyright Case Against Boing Boing (eff.org) 18

An anonymous reader quotes the EFF: Playboy Entertainment has given up on its lawsuit against Happy Mutants, LLC, the company behind Boing Boing. Earlier this month, a federal court dismissed Playboy's claims but gave Playboy permission to try again with a new complaint, if it could dig up some new facts. The deadline for filing that new complaint passed this week, and today Playboy released a statement suggesting that it is standing down...

It's hard to understand why Playboy brought this case in the first place, turning its legal firepower on a small news and commentary website that hadn't uploaded or hosted any infringing content. We're also a little perplexed as to why Playboy seems so unhappy that the Boing Boing post is still up when the links they complain about have been dead for almost two years.


Chrome 64 Now Trims Messy Links When You Share Them (theverge.com) 87

Google's latest consumer version of Chrome, version number 64, just started cleaning up messy referral links for you. From a report: Now, when you go to share an item, you'll no longer see a long tracking string after a link, just the primary link itself. This feature now happens automatically when sharing links in Chrome, either by the Share menu or by copying the link and pasting it elsewhere. Even though it slices off the extra bit of the URL, this doesn't affect referral information. If you choose, you can copy and paste directly from the URL bar to grab the link in entirety.

NBC Publishes 200,000 Tweets Tied To Russian Trolls 270

An anonymous reader quotes a report from NBC News: NBC News is publishing its database of more than 200,000 tweets that Twitter has tied to "malicious activity" from Russia-linked accounts during the 2016 U.S. presidential election. These accounts, working in concert as part of large networks, pushed hundreds of thousands of inflammatory tweets, from fictitious tales of Democrats practicing witchcraft to hardline posts from users masquerading as Black Lives Matter activists. Investigators have traced the accounts to a Kremlin-linked propaganda outfit founded in 2013 known as the Internet Research Association (IRA). The organization has been assessed by the U.S. Intelligence Community to be part of a Russian state-run effort to influence the outcome of the 2016 U.S. presidential race. And they're not done. At the request of NBC News, three sources familiar with Twitter's data systems cross-referenced the partial list of names released by Congress to create a partial database of tweets that could be recovered. You can download the streamlined spreadsheet (29 mb) with just usernames, tweet and timestamps, view the full data for ten influential accounts via Google Sheets, download tweets.csv (50 mb) and users.csv with full underlying data, and/or explore a graph database in Neo4j, whose software powered the Panama Papers and Paradise Papers investigations.

NBC News' partners at Neo4j have put together a "get started" guide to help you explore the database of Russian tweets. "To recreate a link to an individual tweet found in the spreadsheet, replace 'user_key' in https://twitter.com/user_key/status/tweet_id with the screenname from the 'user_key' field and 'tweet_id' with the number in the 'tweet_id' field," reports NBC News. "Following the links will lead to a suspended page on Twitter. But some copies of the tweets as they originally appeared, including images, can be found by entering the links on webcaches like the Internet Archive's Wayback Machine and archive.is."

Phishing Attack Scores Credentials For More Than 50,000 Snapchat Users (theverge.com) 11

An anonymous reader quotes an exclusive report from The Verge: In late July, Snap's director of engineering emailed the company's team in response to an unfolding privacy threat. A government official from Dorset in the United Kingdom had provided Snap with information about a recent attack on the company's users: a publicly available list, embedded in a phishing website named klkviral.org, that listed 55,851 Snapchat accounts, along with their usernames and passwords. The attack appeared to be connected to a previous incident that the company believed to have been coordinated from the Dominican Republic, according to emails obtained by The Verge. Not all of the account credentials were valid, and Snap had reset the majority of the accounts following the initial attack. But for some period of time, thousands of Snapchat account credentials were available on a public website. According to a person familiar with the matter, the attack relied on a link sent to users through a compromised account that, when clicked, opened a website designed to mimic the Snapchat login screen.

Fake News Sharing In US Is a Rightwing Thing, Says Oxford Study (theguardian.com) 997

An anonymous reader quotes a report from The Guardian: Low-quality, extremist, sensationalist and conspiratorial news published in the U.S. was overwhelmingly consumed and shared by rightwing social network users, according to a new study from the University of Oxford. The study, from the university's "computational propaganda project", looked at the most significant sources of "junk news" shared in the three months leading up to Donald Trump's first State of the Union address this January, and tried to find out who was sharing them and why. "On Twitter, a network of Trump supporters consumes the largest volume of junk news, and junk news is the largest proportion of news links they share," the researchers concluded. On Facebook, the skew was even greater. There, "extreme hard right pages -- distinct from Republican pages -- share more junk news than all the other audiences put together." The research involved monitoring a core group of around 13,500 politically-active U.S. Twitter users, and a separate group of 48,000 public Facebook pages, to find the external websites that they were sharing.

NIH Study Links Cellphone Radiation To Cancer In Male Rats (techcrunch.com) 130

An anonymous reader quotes a report from TechCrunch: New studies from the National Institutes of Health -- specifically the National Toxicology Program -- find that cell phone radiation is potentially linked with certain forms of cancer, but they're far from conclusive. The results are complex and the studies have yet to be peer-reviewed, but some of the findings are clearly important enough to warrant public discussion. An early, partial version of this study teasing these effects appeared in 2016, but these are the full (draft) reports complete with data. Both papers note that "studies published to date have not demonstrated consistently increased incidences of tumors at any site associate with exposure to cell phone RFR [radio frequency radiation] in rats or mice." But the researchers felt that "based on the designs of the existing studies, it is difficult to definitively conclude that these negative results clearly indicate that cell phone RFR is not carcinogenic."

The studies exposed mice and rats to both 900 MHz and 1900 Mhz wavelength radio waves (each frequency being its own experiment) for about 9 hours per day, at various strengths ranging from 1 to 10 watts per kilogram. For comparison, the general limit the FCC imposes for exposure is 0.08 W/kg; the absolute maximum allowed, for the extremities of people with occupational exposures, is 20 W/kg for no longer than 6 minutes. So they were really blasting these mice. The rodents were examined for various health effects after various durations, from 28 days to 2 years. At 1900 MHz: Equivocal evidence of carcinogenicity in lung, liver and other organ tissues in both male and female mice.


Study Links Decline In Teenagers' Happiness To Smartphones (pressherald.com) 158

An anonymous reader quotes a report from Press Herald: In a study published Monday in the journal Emotion, psychologists from San Diego State University and the University of Georgia used data on mood and media culled from roughly 1.1 million U.S. teens to figure out why a decades-long rise in happiness and satisfaction among U.S. teenagers suddenly shifted course in 2012 and declined sharply over the next four years. Was this sudden reversal a response to an economy that tanked in 2007 and stayed bad well into 2012? Or did it have its roots in a very different watershed event: the 2007 introduction of the smartphone, which put the entire online world at a user's fingertips?

In the new study, researchers tried to find it by plumbing a trove of eighth-, 10th- and 12th-graders' responses to queries on how they felt about life and how they used their time. They found that between 1991 and 2016, adolescents who spent more time on electronic communication and screens -- social media, texting, electronic games, the internet -- were less happy, less satisfied with their lives and had lower self-esteem. TV watching, which declined over the nearly two decades they examined, was similarly linked to lower psychological well-being. By contrast, adolescents who spent more time on non-screen activities had higher psychological well-being. They tended to profess greater happiness, higher self-esteem and more satisfaction with their lives. While these patterns emerged in the group as a whole, they were particularly clear among eighth- and 10th-graders, the authors found: "Every non-screen activity was correlated with greater happiness, and every screen activity was correlated with less happiness."


iTunes Snafu Made 'Thor: Ragnarok' Available Almost a Month Early (engadget.com) 46

An anonymous reader shares a report: When you check out the 'Thor: Ragnarok' page on iTunes, it says pre-orders of digital copies are expected to arrive on February 20th. But as TorrentFreak reports, some people got their hands on the Marvel film about a month early due to some sort of snafu with iTunes and Movies Anywhere. According to TorrentFreak, a Reddit user said in a now-deleted post that their legal purchase of the film on Vudu landed them an iTunes copy of it the next day. "I pre-ordered Thor Ragnarok on Vudu yesterday and it links it to my iTunes also. But curiously it showed up in my iTunes library this morning (pre-orders shouldn't). And now I can watch the full movie in HD," they wrote. "I obviously downloaded it right away. I know its supposed to come out February 20th." Others then responded that going that same purchase route made the movie available to them in iTunes as well.

Twitter Says It Exposed Nearly 700,000 People To Russian Propaganda During Election (theverge.com) 302

An anonymous reader quotes a report from The Verge: Twitter this evening released a new set of statistics related to its investigation on Russia propaganda efforts to influence the 2016 U.S. presidential election, including that 677,775 people were exposed to social media posts from more than 50,000 automated accounts with links to the Russian government. Many of the new accounts uncovered have been traced back to an organization called the the Internet Research Agency, or IRA, with known ties to the Kremlin. The data was first presented in an incomplete form to the Senate Select Intelligence Committee last November, which held hearings to question Facebook, Google, and Twitter on the role the respective platforms and products played in the Russian effort to help elect President Donald Trump. Twitter says it's now uncovered more accounts and new information on the wide-reaching Russian cyberintelligence campaign.

"Consistent with our commitment to transparency, we are emailing notifications to 677,775 people in the United States who followed one of these accounts or retweeted or liked a Tweet from these accounts during the election period," writes Twitter's public policy division in a blog post published today. "Because we have already suspended these accounts, the relevant content on Twitter is no longer publicly available."


Google Has Made It Simple For Anyone To Tap Into Its Image Recognition AI (gizmodo.com) 42

An anonymous reader quotes a report from Gizmodo: Google released a new AI tool on Wednesday designed to let anyone train its machine learning systems on a photo dataset of their choosing. The software is called Cloud AutoML Vision. In an accompanying blog post, the chief scientist of Google's Cloud AI division explains how the software can help users without machine learning backgrounds harness artificial intelligence. All hype aside, training the AI does appear to be surprisingly simple. First, you'll need a ton of tagged images. The minimum is 20, but the software supports up to 10,000. Using a meteorologist as an example for their promotional video was an apt choice by Google -- not many people have thousands of tagged HD images bundled together and ready to upload. A lot of image recognition is about identifying patterns. Once Google's AI thinks it has a good understanding of what links together the images you've uploaded, it can be used to look for that pattern in new uploads, spitting out a number for how well it thinks the new images match it. So our meteorologist would eventually be able to upload images as the weather changes, identifying clouds while continuing to train and improve the software.

Google Blocks Pirate Search Results Prophylactically (torrentfreak.com) 38

Google is accepting "prophylactic" takedown requests to keep pirated content out of its search results, an anonymous reader writes, citing a TorrentFreak report. From the article: Over the past year, we've noticed on a few occasions that Google is processing takedown notices for non-indexed links. While we assumed that this was an 'error' on the sender's part, it appears to be a new policy. "Google has critically expanded notice and takedown in another important way: We accept notices for URLs that are not even in our index in the first place. That way, we can collect information even about pages and domains we have not yet crawled," Caleb Donaldson, copyright counsel at Google writes. In other words, Google blocks URLs before they appear in the search results, as some sort of piracy vaccine. "We process these URLs as we do the others. Once one of these not-in-index URLs is approved for takedown, we prophylactically block it from appearing in our Search results, and we take all the additional deterrent measures listed above." Some submitters are heavily relying on the new feature, Google found. In some cases, the majority of the submitted URLs in a notice are not indexed yet.

Kansas Swatting Perpetrator 'SWauTistic' Interviewed on Twitter (krebsonsecurity.com) 434

"That kids house that I swatted is on the news," tweeted "SWauTistic" -- before he realized he'd gotten somebody killed. Security researcher Brian Krebs reveals what happened next. When it became apparent that a man had been killed as a result of the swatting, Swautistic tweeted that he didn't get anyone killed because he didn't pull the trigger. Swautistic soon changed his Twitter handle to @GoredTutor36, but KrebsOnSecurity managed to obtain several weeks' worth of tweets from Swautistic before his account was renamed. Those tweets indicate that Swautistic is a serial swatter -- meaning he has claimed responsibility for a number of other recent false reports to the police. Among the recent hoaxes he's taken credit for include a false report of a bomb threat at the U.S. Federal Communications Commission (FCC) that disrupted a high-profile public meeting on the net neutrality debate. Swautistic also has claimed responsibility for a hoax bomb threat that forced the evacuation of the Dallas Convention Center, and another bomb threat at a high school in Panama City, Fla, among others.

After tweeting about the incident extensively Friday afternoon, KrebsOnSecurity was contacted by someone in control of the @GoredTutor36 Twitter account. GoredTutor36 said he's been the victim of swatting attempts himself, and that this was the reason he decided to start swatting others. He said the thrill of it "comes from having to hide from police via net connections." Asked about the FCC incident, @GoredTutor36 acknowledged it was his bomb threat. "Yep. Raped em," he wrote. "Bomb threats are more fun and cooler than swats in my opinion and I should have just stuck to that," he wrote. "But I began making $ doing some swat requests."

Krebs' article also links to a police briefing with playback from the 911 call. "There is no question that police officers and first responders across the country need a great deal more training to bring the number of police shootings way down..." Krebs argues. "Also, all police officers and dispatchers need to be trained on what swatting is, how to spot the signs of a hoax, and how to minimize the risk of anyone getting harmed when responding to reports about hostage situations or bomb threats."

But he also argues that filing a false police report should be reclassified as a felony in all states.

Beware: 'Digmine' Cryptocurrency Bot Is Spreading Via Facebook Messenger (techspot.com) 96

Cybersecurity firm Trend Micro has discovered a cryptocurrency bot that is being spread through Facebook Messenger. The bot, dubbed Digmine, was discovered in South Korea and has since been found in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. TechSpot explains: Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension. Extensions can only be downloaded from the Chrome Web Store, but this is bypassed using the command line. Once the malware infects a system, a modified version of XMRig -- a Monero mining tool -- is installed. This mines the cryptocurrency in the background using a victim's CPU, sending all profits back to the hackers. Additionally, the Chrome extension is also used to spread Digmine. If someone has their Facebook account set to log in automatically, the fake video file link will be sent to all their friends via Messenger. The malware could also be used to take over a Facebook account entirely. The good news is that Digmine only works through the Chrome desktop version of Messenger. Right now, opening the malicious file via the Facebook/Messenger app or mobile webpage won't have the same effect. After Trend Micro revealed its findings, Facebook said it had taken down any links connected to Digmine.

Is Google Home Fit For Elderly and Disabled Users? (vortex.com) 93

Chances are either you or someone you know received a Google Home over the holidays. Not only are they being marketed heavily by Google but they seem to have appeared in almost every "Holiday Gift Guide" on the internet. Slashdot reader Lauren Weinstein brings up an interesting dilemma: is Google Home fit for the elderly? Weinstein writes: You cannot install or routinely maintain Google Home units without a smartphone and the Google Home smartphone app. There are no practical desktop based and/or remotely accessible means for someone to even do this for you. A smartphone on the same local Wi-Fi network as the device is always required for these purposes. This means that many elderly persons and individuals with physical or visual disabilities -- exactly the people whose lives could be greatly enhanced by Home's advanced voice query, response, and control capabilities -- are up the creek unless they have someone available in their physical presence to set up the device and make any ongoing configuration changes. Additionally, all of the "get more info" links related to Google Home responses are also restricted to the smartphone Home app.

Can We Get Global Broadband From Low-Earth Orbit Satellites? (blogspot.com) 134

"The internet is unavailable to and/or unaffordable by about 50% of the world population," writes Larry Press (formerly of IBM), who's now an information systems professor at California State University. But he's also long-time Slashdot reader lpress, and reports on new efforts to bring cheap high-speed internet to the entire world. SpaceX, Boeing, OneWeb, Telesat, and Leosat are investing in very large projects to deliver global, high-speed Internet service [using low-earth orbit satellites]. This could be a significant option for developing nations, rural areas of developed nations, long-haul links, Internet of things, and more by the mid-2020s.
Parts of Alaska could see internet-via-satellite as soon as 2020, according to Larry's article, which adds that the technology could even be used to bring high-speed internet access to ships at sea.

Slashdot Top Deals