Facebook Suspends Donald Trump's Data Operations Team For Misusing People's Personal Information (theverge.com) 166

An anonymous reader quotes a report from The Verge: Facebook said late Friday that it had suspended Strategic Communication Laboratories (SCL), along with its political data analytics firm, Cambridge Analytica, for violating its policies around data collection and retention. The companies, which ran data operations for Donald Trump's 2016 presidential election campaign, are widely credited with helping Trump more effectively target voters on Facebook than his rival, Hillary Clinton. While the exact nature of their role remains somewhat mysterious, Facebook's disclosure suggests that the company improperly obtained user data that could have given it an unfair advantage in reaching voters. Facebook said it cannot determine whether or how the data in question could have been used in conjunction with election ad campaigns.

In a blog post, Facebook deputy general counsel Paul Grewal laid out how SCL came into possession of the user data. In 2015, Aleksandr Kogan, a psychology professor at the University of Cambridge, created an app named "thisisyourdigitallife" that promised to predict aspects of users' personalities. About 270,000 people downloaded it and logged in through Facebook, giving Kogan access to information about their city of residence, Facebook content they had liked, and information about their friends. Kogan passed the data to SCL and a man named Christopher Wylie from a data harvesting firm known as Eunoia Technologies, in violation of Facebook rules that prevent app developers from giving away or selling users' personal information. Facebook learned of the violation that year and removed his app from Facebook. It also asked Kogan and his associates to certify that they had destroyed the improperly collected data. Everyone said that they did. The suspension is not permanent, a Facebook spokesman said. But the suspended users would need to take unspecified steps to certify that they would comply with Facebook's terms of service.


Hacker Adrian Lamo Dies At 37 (zdnet.com) 127

Adrian Lamo, a well-known hacker known for his involvement in passing information on whistleblower Chelsea Manning and hacking into systems at The New York Times, Microsoft, and Yahoo in the early-2000s, has died at 37. ZDNet reports: His father, Mario, posted a brief tribute to his son in a Facebook group on Friday. "With great sadness and a broken heart I have to let know all of Adrian's friends and acquittances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son," he wrote. The coroner for Sedgwick County, where Lamo lived, confirmed his death, but provided no further details. Circumstances surrounding Lamo's death are not immediately known. A neighbor who found his body said he had been dead for some time.

Facebook Says It is Sorry For Suggesting Child Sex Videos in Search (cnet.com) 47

Facebook issued an apology on Friday after offensive terms appeared in the social network's search predictions late Thursday. From a report: When users typed "videos of" into the search bar, Facebook prompted them to search phrases including "videos of sexuals," "videos of girl sucking dick under water" and, perhaps most disturbingly, "video of little girl giving oral." Shocked users reported the problem on Twitter, posting screenshots of the search terms, which also included multiple suggestions relating to the school shooting in Florida last month. The social network appeared to have fixed the problem by Friday morning.

'They'll Squash You Like a Bug': How Silicon Valley Keeps a Lid on Leakers (theguardian.com) 95

The public image of Silicon Valley's tech giants is all colourful bicycles, ping-pong tables, beanbags and free food, but behind the cartoonish facade is a ruthless code of secrecy. From a report: They rely on a combination of Kool-Aid, digital and physical surveillance, legal threats and restricted stock units to prevent and detect intellectual property theft and other criminal activity. However, those same tools are also used to catch employees and contractors who talk publicly, even if it's about their working conditions, misconduct or cultural challenges within the company. While Apple's culture of secrecy, which includes making employees sign project-specific NDAs and covering unlaunched products with black cloths, has been widely reported, companies such as Google and Facebook have long put the emphasis on internal transparency.

Zuckerberg hosts weekly meetings where he shares details of unreleased new products and strategies in front of thousands of employees. Even junior staff members and contractors can see what other teams are working on by looking at one of many of the groups on the company's internal version of Facebook. "When you first get to Facebook you are shocked at the level of transparency. You are trusted with a lot of stuff you don't need access to," said Evans, adding that during his induction he was warned not to look at ex-partners' Facebook accounts.


Can AMD Vulnerabilities Be Used To Game the Stock Market? (vice.com) 105

Earlier this week, a little-known security firm called CTS Labs reported, what it claimed to be, severe vulnerabilities and backdoors in some AMD processors. While AMD looks into the matter, the story behind the researchers' discovery and the way they made it public has become a talking point in security circles. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an "obituary" for AMD. Motherboard reports: "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries," Viceroy wrote in its report. CTS Labs seemed to hint that it too had a financial interest in the performance of AMD stock. "We may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports," CTS Labs wrote in the legal disclaimer section of its report.

On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD's share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock? Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook's chief security officer Alex Stamos warned against a future where security research is driven by short selling.

[...] There's no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical's stock. For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn't make much sense. While it could work in theory and could become more common in the future, he said in a phone call, "I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue."
Further reading: Linus Torvalds slams CTS Labs over AMD vulnerability report (ZDNet).

Sri Lanka Accuses Facebook of Failing To Control Hate Speech That Contributed To Deadly Riots (theguardian.com) 73

The Sri Lankan government is accusing Facebook of failing to control rampant hate speech that it says contributed to anti-Muslim riots last week that left three people dead and the country under a state of emergency. The accusations come after the country blocked Facebook and several other platforms last week in an effort to prevent the spread of hate speech. The Guardian reports: On Thursday Fernando, along with the Sri Lankan prime minister, Ranil Wickremesinghe, and communications officials, will meet a Facebook team that has flown to Colombo. The Sri Lankans will demand a new, faster system for taking down posts flagged as a national security risk by agencies in the country. "Facebook is not reacting as fast as we have wanted it to react," Fernando said. "In the past it has taken various number of days to review [flagged posts] or even to take down the pages." On Tuesday he highlighted a tweet from a user who claimed to have reported a Facebook post in the Sinhala language that read "Kill all Muslims, don't even let an infant of the dogs escape." The user claimed he received a reply six days later saying the post did not contravene a specific Facebook community standard. The extremist leader Amith Weerasinghe, who was arrested last week in Kandy after being accused of helping to instigate the violence, had amassed nearly 150,000 followers on his Facebook page before it was taken down last week.

Facebook Quietly Hid Webpages Bragging of Ability to Influence Elections (theintercept.com) 81

Sam Biddle, reporting for The Intercept: When Mark Zuckerberg was asked if Facebook had influenced the outcome of the 2016 presidential election, the founder and CEO dismissed the notion that the site even had such power as "crazy." It was a disingenuous remark. Facebook's website had an entire section devoted to touting the "success stories" of political campaigns that used the social network to influence electoral outcomes. That page, however, is now gone, even as the 2018 congressional primaries get underway.

In the wake of a public reckoning with Facebook's unparalleled ability to distribute information and global anxiety over election meddling, bragging about the company's ability to run highly effective influence campaigns probably doesn't look so great. Facebook's "success stories" page is a monument to the company's dominance of online advertising, providing examples from almost every imaginable industry of how use of the social network gave certain players an advantage. "Case studies like these inspire and motivate us," the page crows.


Facebook Has Turned Into a Beast in Myanmar, UN Says (bbc.com) 94

UN investigators have accused Facebook of playing a "determining role" in stirring up hatred against Rohingya Muslims in Myanmar. From a report: One of the team probing possible acts of genocide said Facebook had "turned into a beast." About 700,000 Rohingya have fled to Bangladesh since Myanmar's military launched an operation in August against "insurgents" in Rakhine state. Facebook has said there is "no place for hate speech" on its platform. "We take this incredibly seriously and have worked with experts in Myanmar for several years to develop safety resources and counter-speech campaigns," a Facebook spokeswoman told the BBC.

The UN's Fact-finding Mission on Myanmar announced the interim findings of its investigation on Monday. During a press conference the chairman of the mission, Marzuki Darusman, said that social media had "substantively contributed to the level of acrimony" amongst the wider public, against Rohingya Muslims. "Hate speech is certainly, of course, a part of that," he added.

The Internet

Reddit and the Struggle To Detoxify the Internet (newyorker.com) 398

In an article published on The New Yorker this week, Andrew Marantz discusses the state of free speech on the Web and takes a look at Reddit, the internet's fourth-most-popular site, after Google, YouTube, and Facebook. Some excerpts from the story: On November 23, 2016, shortly after President Trump's election, Reddit CEO Steve Huffman was at his desk, in San Francisco, perusing the site. It was the day before Thanksgiving. Reddit's administrators had just deleted a subreddit called r/Pizzagate, a forum for people who believed that high-ranking staffers of Hillary Clinton's Presidential campaign, and possibly Clinton herself, were trafficking child sex slaves. The reason for the ban, according to Reddit's administrators, was not the beliefs of people on the subreddit, but the way they'd behaved -- specifically, their insistence on publishing their enemies' private phone numbers and addresses, a clear violation of Reddit's rules. [...] Some of the conspiracy theorists left Reddit and reunited on Voat, a site made by and for the users that Reddit sloughs off. Other Pizzagaters stayed and regrouped on r/The_Donald, a popular pro-Trump subreddit. Throughout the Presidential campaign, The_Donald was a hive of Trump boosterism. By this time, it had become a hermetic subculture, full of inside jokes and ugly rhetoric. The community's most frequent commenters, like the man they'd helped propel to the Presidency, were experts at testing boundaries. Within minutes, they started to express their outrage that Pizzagate had been deleted.

Redditors are pseudonymous, and their pseudonyms are sometimes prefaced by "u," for "username." Huffman's is Spez. As he scanned The_Donald, he noticed that hundreds of the most popular comments were about him: "fuck u/spez", "u/spez is complicit in the coverup". One commenter simply wrote "u/SPEZ IS A CUCK," in bold type, a hundred and ten times in a row. Huffman, alone at his computer, wondered whether to respond. "I consider myself a troll at heart," he said later. "Making people bristle, being a little outrageous in order to add some spice to life -- I get that. I've done that." Privately, Huffman imagined The_Donald as a misguided teen-ager who wouldn't stop misbehaving. "If your little brother flicks your ear, maybe you ignore it," he said. "If he flicks your ear a hundred times, or punches you, then maybe you give him a little smack to show you're paying attention."

Although redditors didn't yet know it, Huffman could edit any part of the site. He wrote a script that would automatically replace his username with those of The_Donald's most prominent members, directing the insults back at the insulters in real time: in one comment, "Fuck u/Spez" became "Fuck u/Trumpshaker"; in another, "Fuck u/Spez" became "Fuck u/MAGAdocious." The_Donald's users saw what was happening, and they reacted by spinning a conspiracy theory that, in this case, turned out to be true. "Manipulating the words of your users is fucked," a commenter wrote.


Apple Buys Texture, a 'Netflix For Magazines' App (ft.com) 43

Apple said on Monday it will acquire Texture, a digital magazine app, as the iPhone maker looks to fill the gap left by Facebook's pullback from news distribution. From a report: The deal is Apple's latest move to build out its content and services platform, coming just three months after it announced plans to acquire Shazam, the music recognition app, for around $400m. First launched in 2010, Texture has been described as "Netflix for magazines," as its $10-per-month subscription service provides unlimited access to more than 220 publications including People, the New Yorker, Vanity Fair, National Geographic and Vogue. Further reading: Recode.

Businesses Under Pressure To 'Consumerize' Logins (betanews.com) 47

Almost two-thirds (64 percent) of IT leaders say their security teams are considering implementing consumer-grade access to cloud services for employees. From a report: According to the 2018 Identity and Access Management Index from digital security company Gemalto 54 percent of respondents believe that the authentication methods they implement in their businesses are not as good compared to those found on popular sites including Amazon and Facebook. Authentication methods applied in the consumer world can be applied to secure access to enterprise resources 70 percent of IT professionals believe. But despite this, 92 percent of IT leaders express concern about employees reusing personal credentials for work. This comes as 61 percent admit they are still not implementing two-factor authentication to allow access to their network, potentially leaving themselves vulnerable to cyber criminals.

Oculus Rift Headsets Are Offline Following a Software Error (polygon.com) 111

Polygon reports that Oculus Rift virtual reality headsets around the world are experiencing an outage. The outage appears to be a result of an expired security certificate. "That certificate has expired," said the Oculus support team on its forums, "and we're looking at a few different ways to resolve the issue. We'll update you with the latest info as available. We recommend you wait until we provide an official fix. Thanks for your patience." Polygon reports: One place where users experiencing the issue are gathering is on the Oculus forums. Last night user apexmaster booted up his computer, tried to open the Oculus app and was greeted by an error indicating that the software could not reach the "Oculus Runtime Service." That same error is cropping up on computers all around the world, including several devices here at Polygon. Once it has appeared, there's no way to restart the Oculus app, which renders the Rift headset unusable.

Facebook's VPN Service Onavo Protect Collects Personal Data -- Even When It's Switched Off (medium.com) 67

Security researcher Will Strafach took a look at Onavo Protect, a newly released VPN service from Facebook: I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook (graph.facebook.com) as the user goes about their day:
When user's mobile device screen is turned on and turned off.
Total daily Wi-Fi data usage in bytes (Even when VPN is turned off).
Total daily cellular data usage in bytes (Even when VPN is turned off).
Periodic beacon containing an "uptime" to indicate how long the VPN has been connected.


Sri Lanka Blocks Facebook, Instagram To Prevent Spread of Hate Speech (lankabusinessonline.com) 123

Sri Lanka has blocked social media websites Facebook, Instagram and WhatsApp to avoid the spread of hate speech in the country, local media reported on Wednesday. From the report: Even though there is no official confirmation from the authorities, the Cabinet Spokesman Minister Rajitha Senaratne on Wednesday said the government has decided to block access to certain social media. Telecom Regulatory Commission (TRC) has started to monitor all social media platforms to curb hate speech related to communal riots escalated in Kandy district. Telecommunication service providers (ISPs) have also restricted internet access in Kandy district on the instructions of the TRC.

BlackBerry Files Patent Infringement Lawsuit Against Facebook, WhatsApp and Instagram (reuters.com) 87

BlackBerry on Tuesday filed patent infringement lawsuit against Facebook, Whatsapp and Instagram in Los Angeles Federal court. In a statement, BlackBerry said: We have a lot of respect for Facebook and the value they've placed on messaging capabilities, some of which were invented by BlackBerry. As a cybersecurity and embedded software leader, BlackBerry's view is that Facebook, Instagram, and WhatsApp could make great partners in our drive toward a securely connected future, and we continue to hold this door open to them. However, we have a strong claim that Facebook has infringed on our intellectual property, and after several years of dialogue, we also have an obligation to our shareholders to pursue appropriate legal remedies.

Europe Plans Special Tax For Google, Apple, Facebook, and Amazon (theregister.co.uk) 253

An anonymous reader quotes a report from The Register: Bruno Le Maire, France's minister for the economy, has revealed that a plan to levy a special tax on Google, Apple, Facebook, and Amazon will soon be revealed by European authorities. Le Maire told French newspaper Le Journal du Dimanche "A European directive will be unveiled in the coming weeks, the minister reveals, and it will mark a considerable step forward." The minister told the paper that a tax of between two and six per cent has been considered, with the proposal to be "closer to two than six." The proposed tax will be levied on the four companies' turnover, rather than profits. Taxing turnover is hoped to offer a simple way to tax the companies, as all use legal-but-cynical ways to minimize their taxable income. Le Maire added that a turnover tax is seen as being quick to implement and that the four companies know they're going to have to pay more tax in Europe, so may be amenable to such an arrangement.

Do Neural Nets Dream of Electric Sheep? (aiweirdness.com) 201

An anonymous reader shares a post: If you've been on the internet today, you've probably interacted with a neural network. They're a type of machine learning algorithm that's used for everything from language translation to finance modeling. One of their specialties is image recognition. Several companies -- including Google, Microsoft, IBM, and Facebook -- have their own algorithms for labeling photos. But image recognition algorithms can make really bizarre mistakes. Microsoft Azure's computer vision API added the above caption and tags. But there are no sheep in the image. None. I zoomed all the way in and inspected every speck. It also tagged sheep in this image. I happen to know there were sheep nearby. But none actually present. Here's one more example. In fact, the neural network hallucinated sheep every time it saw a landscape of this type. What's going on here?

Are neural networks just hyper-vigilant, finding sheep everywhere? No, as it turns out. They only see sheep where they expect to see them. They can find sheep easily in fields and mountainsides, but as soon as sheep start showing up in weird places, it becomes obvious how much the algorithms rely on guessing and probabilities. Bring sheep indoors, and they're labeled as cats. Pick up a sheep (or a goat) in your arms, and they're labeled as dogs.


Facebook Asks Users: Should We Allow Men To Ask Children For Sexual Images? (theguardian.com) 386

Alex Hern, writing for The Guardian: Facebook has admitted it was a "mistake" to ask users whether paedophiles requesting sexual pictures from children should be allowed on its website. On Sunday, the social network ran a survey for some users asking how they thought the company should handle grooming behaviour. "There are a wide range of topics and behaviours that appear on Facebook," one question began. "In thinking about an ideal world where you could set Facebook's policies, how would you handle the following: a private message in which an adult man asks a 14-year-old girl for sexual pictures." The options available to respondents ranged from "this content should not be allowed on Facebook, and no one should be able to see it" to "this content should be allowed on Facebook, and I would not mind seeing it." A second question asked who should decide the rules around whether or not the adult man should be allowed to ask for such pictures on Facebook. Options available included "Facebook users decide the rules by voting and tell Facebook" and "Facebook decides the rules on its own."

Windows Phone 8.1 Users Are Having Trouble Downloading Apps From the Store (neowin.net) 64

An anonymous reader shares a report: While Microsoft ended mainstream support for Windows Phone 8.1 more than six months ago, there are some users that still utilize the platform as their daily driver. Although the company's overall mobile initiative isn't faring too well either, most users on older platforms are still there because they prefer it over the competition or weren't offered an upgrade path to Windows 10 Mobile. However, it now appears that Windows Phone 8.1 users are facing some unforeseen problems with the Store - and no, it isn't regarding the dearth of apps. According to reports, people on the platform have been unable to download apps from the Store since yesterday. Hundreds of people over in Windows phone Facebook groups, Reddit, and Microsoft support forums are complaining that they are being hit with error code 80070020 when attempting to download apps from the Store using their Windows Phone 8.1 devices. We have confirmed the presence of the issue on our devices too.

EU Warns Tech Giants To Remove Terror Content in 1 Hour -- or Else (bloomberg.com) 153

The European Union issued internet giants an ultimatum to remove illegal online terrorist content within an hour, or risk facing new EU-wide laws. From a report: The European Commission on Thursday issued a set of recommendations for companies and EU nations that apply to all forms of illegal internet material, "from terrorist content, incitement to hatred and violence, child sexual abuse material, counterfeit products and copyright infringement. Considering that terrorist content is most harmful in the first hours of its appearance online, all companies should remove such content within one hour from its referral as a general rule.â The commission last year called upon social media companies, including Facebook, Twitter and Google owner Alphabet, to develop a common set of tools to detect, block and remove terrorist propaganda and hate speech. Thursday's recommendations aim to "further step up" the work already done by governments and push firms to "redouble their efforts to take illegal content off the web more quickly and efficiently."

Slashdot Top Deals