CO-LOCATED WITH:

Trump’s Twitter Meeting, an Ethereum Thief, and More News

Wired 23 Apr 2019 10:47 Jose Luis Magana/Getty Images President Trump tweeted insults at Twitter again this morning, but this time Jack took the conversation off platform to the White House. In other news, a controversial Census question creates some strange bedfellows, and a "blockchain bandit" is pilfering millions in cryptocurrency. Here's the news you need to know in two minutes or less. Donald Trump insulted Twitter, then met with Jack Dorsey President Donald Trump attacked Twitter on its own platform this morning, calling them "very discriminatory" and adding “they don’t treat me well as a Republican.” He also called on Congress to “get involved.” So Twitter CEO Jack Dorsey sat down with the President with "no set agenda." The president was tweeting a different tune post meeting: https://twitter.com/realDonaldTrump/status/1120793199650463747 A 'blockchain bandit' is guessing passwords and making millions With 78 digits, the odds of guessing the randomly generated key for the cryptocurrency Ethereum is 1 in 115 quattuorvigintillion. But one thief has amassed a fortune (that was at one point worth more than $54 million) guessing passwords and stealing the money. Tl;dr, be careful how you generate your pins. There's a blockchain bandit among us. A proposed Census question is causing quite a stir President Trump has somehow managed to unite tech and privacy groups against a potential question in the 2020 US Census: Are you a US citizen? The issue has reached the Supreme Court. Cocktail Conversation Today is #WorldBookDay! If you're already a full-on bookworm, we compiled our 25 favorite books of all time right here. But if you aren't, fear not. It's never too late to become a reader. WIRED Recommends: TVs If reading just isn't your thing, and you're a movie-over-the-book kind of person, there's no need to apologize. Here are the best TVs you can buy right now. More News You Can Use Former Googler Tristan Harris has spent the last year thinking about the state of tech. Now he says tech is "downgrading humans," and it's time to fight back.
Read More

What’s Known About the SpaceX Crew Dragon Accident

Wired 23 Apr 2019 09:35 During a series of engine tests of SpaceX's Dragon spacecraft this past Saturday, the vehicle experienced what the company has characterized as an "anomaly." Based upon an unauthorized leaked video of the accident, the company was counting down toward a firing of the Dragon's SuperDraco thrusters when the vehicle exploded. SpaceX has not validated the video, but it is consistent with verbal accounts of the failure that have been shared with Ars. Ars Technica This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast. After the accident, large dramatic clouds of orange smoke billowed above Landing Zone 1, where SpaceX conducted Saturday's engine tests. According to one source, the orange plumes were the result of between one and two tons of nitrogen tetroxide—the oxidizer used by Dragon's SuperDraco engines—burning at the location. After a dramatic weekend, what follows is a summary of what we know, what we don't know, and where SpaceX goes from here. What was destroyed? The Crew Dragon capsule in question is the same one that successfully flew a demonstration mission to the International Space Station in March. The spacecraft was being prepared for a launch abort test this summer. During this test, the Dragon would have launched from Florida on a Falcon 9 booster and then fired its powerful SuperDraco engines to show that the Dragon could pull itself safely away from the rocket, in case of a problem with the booster before or during flight. Now that SpaceX has lost this capsule, it must find a substitute for this launch abort test. It is not clear whether it will fabricate a boilerplate vehicle with a SuperDraco system of eight thrusters, or repurpose one of the Dragons it has built for crewed flights to the space station. Either way, this is a significant materiel loss for the company. How did it happen? We don't know. According to the leaked video, the anomaly occurred within the final 10 seconds of the countdown, and it is not entirely clear whether the SuperDraco engines had begun to fire. One source indicated that the company has a lot of data about the failure—this was a ground-based test, so the vehicle was heavily instrumented—so theoretically finding the root cause of the accident should be more straightforward than if a problem had occurred during a real flight. The best-case scenario, in terms of causing delays for SpaceX, would be that someone mishandled the ground systems equipment. The worst-case scenario is that there is some undiscovered but fundamental design problem in SuperDraco thrusters. During past accidents, SpaceX founder Elon Musk has been fairly forthcoming about the cause of the failures, and we hope for similar transparency with this accident. I would argue that, since this vehicle will eventually carry humans and is funded largely by NASA, transparency is essential to ensuring public confidence in the vehicle and company's processes. Was anyone hurt? Thankfully no. The last time we saw this dramatic of a ground-based spacecraft failure was during the Apollo 1 fire in 1967, which cost three human lives. Fortunately, no one was harmed during Saturday's accident, which speaks well of SpaceX's safety practices during such dynamic tests. Had humans been injured or killed, it would have undoubtedly complicated the already complex road ahead for SpaceX. What does this mean for commercial crew flights? NASA provided multibillion-dollar contracts to SpaceX and Boeing in 2014, with the intent of bringing their Dragon and Starliner vehicles into service for getting U.S. astronauts to the space station. Before this accident, SpaceX and NASA had been targeting early October for the first crewed Dragon mission to the station. Now, that will almost certainly be delayed by at least several months, into 2020. Before Saturday, Boeing's Starliner spacecraft was behind Dragon in terms of development, and is also unlikely to fly humans before early 2020. NASA recently signed a deal with Russia to purchase two additional Soyuz seats, for one crew member each, which will ensure a US crew presence on the station through September 2020. The agency may well now be forced to return to the Russians yet again to procure more seats through the end of 2020. What does SpaceX do now? Undoubtedly, the company had a busy Easter weekend. The first step is to determine what happened and then work with NASA to fully understand the problem; they would then devise a fix to ensure the problem never happens again. Internally, the company's engineers may already know what occurred. I would also be hugging NASA were I in SpaceX management—leaning on the agency for its expertise in human spaceflight systems as well as seeking cover from political fire. After a Falcon 9 rocket launch failure in 2015, in which the CRS-7 supply mission to the International Space Station was lost, the agency stood by its commercial cargo partner. NASA human spaceflight chief William Gerstenmaier offered public support for the company, beat back congressional doubters, and helped SpaceX get back to flying quickly. In recent years, some NASA critics have viewed the agency as "holding back" SpaceX during the development of the Crew Dragon vehicle with unnecessary paperwork and requirements. This may be partly true, but NASA is the customer, and clearly there are hazards yet to be found in the Dragon (and probably Starliner too). The fact is that NASA needs SpaceX to succeed, and so the company and the space agency are presently in a position where it's best for everyone if they work together side by side, identify and fix the issue, and move on. There is a precedent for this. After the Apollo 1 fire revealed multiple problems with the first version of the spacecraft, NASA worked closely with the Apollo capsule's contractor, North America Aviation (now a part of Boeing) to accelerate design of a much safer updated capsule design. The fire occurred in January 1967, and the updated "Block II" Apollo capsule made its first spaceflight less than 21 months later. The design would go on to fly a historic succession of lunar missions. Don't discount SpaceX It would be easy to write off SpaceX as a reckless company. But the reality is that this is a company moving rapidly in a lot of different directions—building the world's largest operational rocket (Falcon Heavy), perfecting first stage reuse, launching more rockets than any other company, trying to recover payload fairings, and building an unprecedented, next-generation vehicle called Starship. This accident should offer a clarifying moment for SpaceX and Musk that it really must get commercial crew right—and that putting humans on a Falcon 9 rocket, inside a Dragon spacecraft, raises the stakes. This is not easy. It is very hard. There should be little doubt the company can come back from this. SpaceX has shown a propensity for responding to failures with speed and an ability to fix problems. After the CRS-7 failure in 2015, they were flying again six months later. Remarkably, the return to flight mission also was the first successful Falcon 9 landing. After the Amos-6 launch pad failure in 2016, the company was flying again less than five months later and has had its most successful run since then. The company can get beyond this accident, but now that humans are involved it will require focus, transparency, and closely working with NASA to move on. This story originally appeared on Ars Technica. More Great WIRED Stories The quietly lucrative business of donating human eggs LA’s plan to reboot its bus system—using cell phone data Tristan Harris vows to fight “human downgrading” How to make your smart speaker as private as possible Move over, San Andreas: There’s a new fault in town 🏃🏽‍♀️Want the best tools to get healthy? Check out our Gear team's picks for the best fitness trackers, running gear (including shoes and socks), and best headphones. 📩 Get even more of our inside scoops with our weekly Backchannel newsletter
Read More

Like Guns, Social Media Is a Weapon That Should Be Regulated

Wired 23 Apr 2019 09:31 Nick Veasey/Getty Images The decision by the Sri Lankan government this week to shut down the big social networks—including Facebook, WhatsApp, YouTube, and Snapchat—in the aftermath of an Easter day terrorist attack on three Catholic churches and three upscale hotels feels like a turning point in our relationship with these platforms. A Gordian knot moment, if you will, where instead of agonizing over how to untangle the social media mess you just pull out a sword and cut. The coordinated attacks, which took place in three Sri Lankan cities and killed more than 300 people, were designed to foment religious strife in a country that has been slowly recovering from a quarter-century-long civil war. On the 10-year path to peace and stability, there have been occasional flareups of religious violence, such as the anti-Muslim riots in March 2018 that left two people dead. In that case, too, the Sri Lankan government temporarily blocked the social networks to contain the violence’s spread. One member of parliament wrote on Twitter at the time, “Hate speech on @facebook is increasing beyond acceptable levels #SriLanka. Government will have to act immediately to save lives.” He later amended his comment: “I didn’t mean that way. My bad. NO hate speech is acceptable. I meant discussions were beyond acceptable levels at this tense situation.” We get his point, however, even if it appeared insensitive: Facebook clearly doesn’t care enough about the lies and hatred on its site, and usually that is appalling but survivable. At certain times, however, this negligence is more than appalling, it is life-threatening. Noam Cohen About Noam Cohen is a journalist and author of The Know-It-Alls: The Rise of Silicon Valley as a Political Powerhouse and Social Wrecking Ball, which uses the history of computer science and Stanford University to understand the libertarian ideas promoted by tech leaders. While working for The New York Times, Cohen wrote some of the earliest articles about Wikipedia, bitcoin, Wikileaks, and Twitter. He lives with his family in Brooklyn. The Easter attacks were of a different scale, and the swift decision by the government to act against the social networks placed them in a different category—that is, the authorities were essentially saying that the social networks are no longer considered tools that can be abused by bad actors to exacerbate tensions but weapons that must be removed from terrorists immediately. That same member of parliament felt no need to explain the blackout on Twitter this time. An aide to Sri Lanka’s president was quoted in The New York Times saying “this was a unilateral decision.” Before our eyes, the world is reassessing the proper role for the dominant social networks. Ivan Sigal, the executive director of Global Voices, an organization committed to using the internet to foster understanding across borders, took to Twitter to observe in light of the Sri Lanka attacks that, “A few years ago we’d be using these platforms to help each other and coordinating assistance. Now we view them as a threat.” He continued, “A few years ago we’d view the blocking of social media sites after an attack as outrageous censorship; now we think of it as essential duty of care, to protect ourselves from threat. #facebook your house is not in order.” In a more innocent era, social networks were considered incredible communications tools—part phone, part community room, part holiday letter—nothing but a boon for our increasingly disconnected lives. In times of crisis, as Sigal writes, they would bind us even closer together. Soon enough, we began to worry if this was the complete picture. We saw social networks as addictive and not necessarily so good for our own health and the health of children—that is, something we clearly enjoyed using but maybe should figure out a way to reduce our dependence on, either through will power or government regulation. A vice like casino gambling or tobacco. Now we are recognizing that there is an inherent potential for extremism lurking within global social networks that makes them a danger. There simply may be no safe way to deploy social networks during times of crisis or when bad actors include them in their anti-democratic playbooks. By automatically amplifying any and all messages that appear on their platforms and using highly personal data and algorithms to target those messages to where they will have the greatest potency, social networks are weapons. They must be viewed not as an extension of the people who use them but as a danger to the greater society. We need social network control—sensible rules about where, when, and what kinds of platforms should be free to operate, much the way nearly all governments in the world impose comprehensive regulations about where, when, and what kinds of guns should be allowed in communities. To fail to rein in social networks because of appeals to “freedom” would be like allowing vague words written 250 years ago to get in the way of controlling guns. I’ve come slowly and in fits and starts to this view. Until recently, I’ve preferred to focus on the bad actors who misuse social networks—not only the hate peddlers but the Silicon Valley CEOs who profit from the networks’ misuse. These amoral leaders seemed the appropriate target of scorn. But by focusing on those individuals’ shortcomings, wasn’t I buying into the argument that there was a good way for these social networks to operate, even during a time of crisis or during divisive elections? If only they had the right leaders! In essence, I was replicating the tired defense of unrestrained gun ownership—social networks don’t kill people, people kill people. In point of fact, guns magnify the violence of their users, as do social networks. Reading the defenses mounted on behalf of social networks in response to Sri Lanka’s decision to impose the blackout (including on WIRED) again reminded me of the gun control debate. Some defenders noted that Sri Lanka has a relatively unfree press and that social networks were an important alternate source of news and reporting. Alp Toker, executive director NetBlocks, a London-based organization that tracks internet bans around the world, spoke to the Associated Press about the vacuum of information that is left in the wake of the Sri Lanka social network shutdown and is “readily exploited by other parties. It can add to the sense of fear and can cause panic.” This, again, speaks to the potency of social networks—their defenders are promising that social networks can replace a corrupt system with a user-based one. I understand the attraction of such a claim, even if it is a form of the gun extremist’s contention that the best answer to a bad guy with a gun is a good guy with a gun. That is, a defense based on seeing the status quo as irredeemably flawed, and favoring a type of every-person-for-themself anarchy in its place. There were other arguments that quickly emerged online in defense of social networks. Some referred to a study that asserted that closing down social networks led to more violence. These assertions can be hard to assess. Opponents of gun laws will argue that the areas with the strictest gun laws—often large cities—have the most gun violence. So how effective is gun control then? Finally, there was the popular defense that says, Don’t judge us by the worst users but by our best users. That is, guns give people a sense of security; they are used for hunting; shooting is a popular sport. A Facebook spokesperson emphasized how the platform served vital functions in a time of crisis. “People rely on our services to communicate with their loved ones and we are committed to maintaining our services and helping the community and the country during this tragic time,” the spokesperson said. The statement begins, “Our hearts go out to the victims, their families and the community affected by this horrendous act.” A worthwhile sentiment, though it must be said that when such sentiments are expressed by gun control opponents after a mass shooting, they are frequently mocked as merely “thoughts and prayers.” What we really need are thoughtful laws. More Great WIRED Stories The quietly lucrative business of donating human eggs LA’s plan to reboot its bus system—using cell phone data Tristan Harris vows to fight “human downgrading” How to make your smart speaker as private as possible Move over, San Andreas: There’s a new fault in town 🏃🏽‍♀️Want the best tools to get healthy? Check out our Gear team's picks for the best fitness trackers, running gear (including shoes and socks), and best headphones. 📩 Get even more of our inside scoops with our weekly Backchannel newsletter
Read More

Supply Chain Hackers Snuck Malware Into Videogames

Wired 23 Apr 2019 09:16 Elena Lacey; Getty Images The security sector is waking up to the insidious threat posed by software supply chain attacks, where hackers don't attack individual devices or networks directly, but rather the companies that distribute the code used by their targets. Now researchers at security firms Kaspersky and ESET have uncovered evidence that the same hackers who targeted Asus with that sort of supply chain hack earlier this year have also targeted three different videogame developers—this time aiming even higher upstream, corrupting the programming tools relied on by game developers. Just weeks after revealing the Asus incident—in which hackers hijacked the computer company's software update process to silently infect customers with malicious code—Kaspersky researchers have connected it to another set of breaches. The same hackers appear to have corrupted versions of the Microsoft Visual Studio development tool, which three different videogame companies then used in their own development. The hackers could then plant malware in certain games, likely infecting hundreds of thousands of victims with a backdoored version of the programs. Kaspersky researchers say that both the Asus and videogame cases are likely part of a much broader web of interlinked supply chain hacks, one that also includes the hijacking of utility software CCleaner and the server management software Netsarang in 2017. Game over The videogame attacks in particular represent a looming blind spot for many software companies, says Vitaly Kamluk, Kaspersky's director of Asia-focused research. After using the malicious Microsoft development tools, each of the compromised gaming firms then digitally signed their games before distributing them, marking them as legitimate even though they contained malware. That represents an escalation over the Asus case, for instance, where hackers altered the update files after they were created, and used a compromised Asus server to sign them with the company's key. "I’m afraid there are many software developers out there who are completely unaware of this potential threat, this angle of being attacked," Kamluk says. "If their most trusted tools are backdoored, they’ll keep producing compromised executables, and if they digitally sign them, they’ll be trusted by users, security software, and so on. They found a weak spot of the global developer community, and that's what they're exploiting." Kaspersky and ESET both say Thai gaming company Electronics Extreme was one of the firms targeted in the attack; its zombie-themed game—ironically named Infestation—carried the malware. Kaspersky on Tuesday named Korean firm Zepetto as another victim, and its first-person shooter PointBlank as a second game that had in some instances been laced with malware. Both firms have so far declined to name the third victim. In total, Kaspersky antivirus detected 92,000 computers running the malicious versions of the games, though it suspects there are likely far more victims. ESET in March put the number as high as "hundreds of thousands." Almost all the known infected machines were in Asia, according to ESET, with 55 percent in Thailand, another 13 percent in the Philippines and Taiwan each, and smaller percentages in Hong Kong, Indonesia, and Vietnam. "I believe it’s just the tip of the iceberg," Kamluk says. Both Kaspersky and ESET also note that the malware is carefully designed to stop executing on any machine configured to use Russian or the Simplified Chinese used in mainland China, where some security researchers have suspected the supply chain attackers are based since their 2017 attacks. Dark link Kaspersky first spotted the videogame malware in January, according to Kamluk, when the company started scanning for code that looked similar to the backdoor they'd found installed by the hijacked ASUS updates. The investigation led to a compromised version of Microsoft Visual Studio that included a malicious "linker," the element of the Microsoft tool that connects different parts of code together when source code is compiled into a machine-readable binary. The new, evil linker integrated malicious code libraries into the resulting compiled program instead of the usual innocent ones. Kamluk says it's still not clear how hackers tricked the victim companies into using the corrupted version of the Microsoft developer tool. It's possible, he adds, that the firms' programmers had downloaded pirated versions of Visual Studio from message boards or BitTorrent, as occurred in a similar instance when Chinese developers used a malicious version of Apple's XCode tool in 2015. But he suspects, based on the currently known targeting of just three companies and only specific games, that the hackers may instead have actually breached their targets and planted their malicious version of Visual Studio on specific developer machines. "I think it's more logical to speculate that hackers breached the companies first, then pivoted inside the network, looked for software engineers who worked on important executables, and backdoored compilers on site, in place," he says. Rather than indiscriminately planting crimeware on as many machines as possible, the videogame hackers appear to be performing reconnaissance. The malware seems to be a first-stage trojan that simply gains a foothold and uploads a unique identifier for the machine back to the hackers' server, so they can decide which computers to target later with a second-stage tool. The linked Asus attack was similarly exacting, designed to install its payload malware on just 600 specific computers out of the hundreds of thousands it could have infected. ShadowHammer Kaspersky found evidence that the Asus and videogame attacks, which it collectively calls ShadowHammer, are likely linked to an older, sophisticated spying campaign, one that it dubbed ShadowPad in 2017. In those earlier incidents, hackers hijacked server management software distributed by the firm Netsarang, and then used a similar supply chain attack to piggyback on CCleaner software installed on 700,000 computers. But just 40 specific companies' computers received the hackers second-stage malware infection.—including Asus. Kaspersky has based those connections on similarities in the hackers' code, the shared focus on supply chain attacks and distributing digitally signed malware, and one more revealing fingerprint: Both the CCleaner attack and the videogame firm breaches used compromised servers at the Korean Konkuk University as a command and control server. The two computers in the two breaches were even on the same part of the university's network, Kaspersky's Kamluk says. (Though Kaspersky hasn't attributed the attacks to any particular country, that link would suggest China's involvement, given that other security firms including Intezer Labs have pointed to Chinese calling cards in the earlier round of breaches.) That ongoing series of attacks signals a group of aggressive hackers bent on serially corrupting software's supply chain, so that even trusted sources are turned into distributors of malware. But of those attacks, the videogame hijackings start closest to the source. They should also serve as a warning, says Kamluk. "Software developers should ask themselves, where does your development software come from? Is it a trusted source, is it official, is it untampered? When was the last time that software development companies checked the integrity of the compiler they're using?" he asks. "I have a feeling no one does this at all. And that’s why we have a problem escalating now to a bigger number of victims." More Great WIRED Stories 15 months of fresh hell inside Facebook Combatting drug deaths with opioid vending machines What to expect from Sony's next-gen PlayStation How to make your smart speaker as private as possible Move over, San Andreas: There’s a new fault in town 🏃🏽‍♀️Want the best tools to get healthy? Check out our Gear team's picks for the best fitness trackers, running gear (including shoes and socks), and best headphones. 📩 Get even more of our inside scoops with our weekly Backchannel newsletter
Read More

Twitter CEO Jack Dorsey Met With President Trump

Wired 23 Apr 2019 09:15 Cole Burston/Bloomberg/Getty Images On Tuesday morning, President Donald Trump lobbed another attack against Twitter on its own platform, calling the company “very discriminatory” and saying “they don’t treat me well as a Republican.” He then accused the company of “playing political games” and called on Congress to “get involved.” It wasn’t the first time Trump complained about a supposed anticonservative bias on Twitter, but it was noteworthy for another reason: It turns out the president was scheduled to meet Twitter CEO Jack Dorsey later that day. Twitter policy head Vijaya Gadde notified employees Tuesday that their boss was supposed to meet with Trump in a 30-minute, closed-door meeting later that afternoon, according to a company email reviewed by WIRED. Louise Matsakis covers cybersecurity, internet law, and online culture for WIRED. According to the email, sent Tuesday morning Pacific time, Dorsey would be joined by Colin Crowell, Twitter’s VP of public policy, and Lauren Culbertson, a public policy manager at Twitter. “There is no set agenda, but we expect for discussion to cover the health of the public conversation on Twitter,” Gadde wrote. She also noted that Dorsey was invited to attend the meeting by the White House. A spokesperson for the White House Office of Science and Technology Policy immediately returned requests for comment, but shortly after this story was published the president tweeted out a photo of the meeting, which he described as "great." https://twitter.com/realDonaldTrump/status/1120793199650463747 “Some of you will be very supportive of our meeting the president, and some of you might feel we shouldn’t take this meeting at all,” Dorsey wrote in a follow-up message to Gadde’s email, which was also sent to all Twitter staff. “I believe it’s important to meet heads of state in order to listen, share our principles and our ideas.” It wasn’t Dorsey’s first trip to the White House: In 2011, he moderated a “Twitter town hall” with President Barack Obama. But while Dorsey and other Twitter staff reportedly have met with conservative leaders in recent months, the CEO hadn’t yet met with Trump—at least not publicly. In 2016, Trump held a meeting with tech leaders including Amazon CEO Jeff Bezos and Facebook COO Sheryl Sandberg, but Dorsey was reportedly not invited. Got a Tip? If you'd like to tip WIRED anonymously, we have a couple ways for you to do that here. In her email, Gadde noted that Dorsey also has recently met with heads of state from India, Japan, New Zealand, and South Korea. But no world leader has perhaps been as critical of the company as Trump, who has long accused Twitter of political bias. In one October Tweet, he accused Twitter of removing “many people from my account.” Last July, he accused the platform of “‘SHADOW BANNING’ prominent Republicans,” or purposely hiding content from right-leaning accounts. “To be clear, our behavioral ranking doesn’t make judgments based on political views or the substance of tweets,” a Twitter spokesperson said in a statement at the time. The company has been cracking down on spam accounts and implementing other initiatives to improve the “health” of the platform over the past year. Despite all his criticisms, the president has continued to favor Twitter as the primary platform to spread both opinions and information about his administration. And after his meeting with Dorsey, Trump tweeted, "Look forward to keeping an open dialogue!" Both Gadde and Dorsey said in their emails that they would report back to their company about what happens during the meeting at the White House. After the meeting took place, a Twitter spokesperson said in a statement that Dorsey and Trump "discussed Twitter’s commitment to protecting the health of the public conversation ahead of the 2020 U.S. elections and efforts underway to respond to the opioid crisis." Have a tip to share about closed-door meetings at the White House? Reach out to the author on Signal at 347-966-3806 or by email at louise_matsakis@wired.com. Update 4-23-19, 5:10 pm EDT: This story has been updated with Trump's tweet about meeting with Dorsey Tuesday afternoon. Update 4-23-19, 6:32 pm EDT: This story has been updated with Twitter's statement. More Great WIRED Stories The quietly lucrative business of donating human eggs LA’s plan to reboot its bus system—using cell phone data Tristan Harris vows to fight “human downgrading” How to make your smart speaker as private as possible Move over, San Andreas: There’s a new fault in town 🏃🏽‍♀️Want the best tools to get healthy? Check out our Gear team's picks for the best fitness trackers, running gear (including shoes and socks), and best headphones. 📩 Get even more of our inside scoops with our weekly Backchannel newsletter
Read More

Millions still rely on simplest passwords, study finds

Digital Marketing Magazine 23 Apr 2019 08:30 New research suggests that millions of us are still taking the lazy option when it comes to creating a password to accompany user log-in details. Presently, the password “123456” is the key of choice for many according to a National Cyber Security Centre (NCSC) study. It comes as small surprise that the predictable code was typically found attached to accounts breached by hackers. The research, published ahead of the NCSC’s Cyber UK conference in Glasgow this week, was conducted as part of a wider investigation into reasons why computer users can be vulnerable to cyber-crime. The study explored public databases of compromised accounts to find out which words, word-chains and phrases were most popular. Around 23 million passwords were revealed as 123456, while the second favourite was 123456789. Easy-to-guess words such as “Password” and “qwerty” also ranked highly as key codes of choice. Michael, Charlie, Jessica, Daniel and Ashley were among the most popular names being used. Favourite football teams, such as Liverpool and Chelsea, also featured widely, while Blink-182 was one of the many band names used to protect user accounts. The NCSC now recommends that individuals exercise more stringency when creating passwords, and has suggested that a string of three random words offers an easy and far more reliable alternative. Technical director at the NCSC, Dr Ian Levy stated that hacking risks increase for those who choose to use familiar names or well-known terms. “Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band,” he said. User behaviours around online security also came into focus within the NCSC study. Just 15% of those surveyed said that they were confident about protecting themselves when using the internet. More alarmingly, 42% said that they expected to lose money to cyber-fraud. Less than 50% of respondents in the research said that they used a unique password that was difficult to guess to protect their primary email account. Australian web security expert, Troy Hunt, holds a database of hacked account information. Speaking on the BBC website, Mr Hunt said that selecting a strong password represented the “single biggest control” that users have when safeguarding their presence online. “We typically haven't done a very good job of that either as individuals or as the organisations asking us to register with them,” he said. Mr Hunt said that exposing the most popular passwords should serve as a good reminder to computer users of the importance of online security, and prompt them to think of more difficult passwords in future. GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/ Please enable JavaScript to view the comments powered by Disqus.
Read More

New York launches privacy survey to improve state regulations

Digital Marketing Magazine 18 Apr 2019 08:00 On Tuesday, New York State (NYS) customer protection officials launched a data privacy consumer survey to give New Yorkers the chance to give their opinion on current data privacy issues and to influence future policies. The initiative comes as an investigation being led by New York State suggests that Facebook is accessing personal data without the users’ consent. Governor of New York State Andrew Cuomo has said: “In the Digital Age, nearly every New Yorker has an online presence and consumers are an important resource for identifying ways to make the internet safer,” “This survey will provide policymakers with important insight into data privacy issues that will inform our efforts to create effective policy that prevents online companies from misusing or abusing personal data,” he added. The survey asks NYS residents about their knowledge of privacy settings on their smart devices, their knowledge about the data they share with social media networks and asks them what policies would help to make them feel safer online. Senator Kevin Thomas of NYS has praised the campaign in a statement: “I applaud Governor Cuomo and the Division of Consumer Protection for taking a hard look at privacy policies for popular online companies. By hearing directly from New Yorkers about their online practices, we can develop and enact rules and regulations that strengthen consumer protections.” Consumer protection officials strongly recommend that New Yorkers to check their privacy settings and ensure they know what information is readily available online and act accordingly. GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/ Please enable JavaScript to view the comments powered by Disqus.
Read More

ICO fines funeral plan firm for unlawful marketing calls

Digital Marketing Magazine 17 Apr 2019 07:45 The Information Commissioner’s Office (ICO) wants people to support their elderly relatives or neighbours if they are receiving nuisance marketing calls. The appeal came as a company selling funeral plans was fined £80,000 for making unlawful marketing calls to people who had made it explicitly clear they didn’t want to receive them. The ICO launched an investigation after a national newspaper had reported allegations of illegal practices at a call centre in Cheshire, run by a company which at the time was called Plan My Funeral Avalon Ltd. The investigation revealed the company – which shortly afterwards changed its name to Avalon Direct Limited – had made almost 52,000 calls to people who were registered with the Telephone Preference Service (TPS) between 1 March and 20 November 2017. It is against the law to call people registered with the TPS, unless you have their specific consent. Avalon said it had purchased numbers from a third-party lead provider, but had no specific consent to call people registered on the TPS. It failed to carry out proper due diligence or check the numbers against the TPS register. Andy Curry, Enforcement Group Manager at the ICO, said: “The funeral plan industry has been on our radar for a while and it is fair to say the sector as a whole has had some issues in terms of complying with the law. That’s not always reflected in volumes of complaints, however, because the very nature of this particular sector means the people being targeted for funeral plan sales may be older, potentially more vulnerable and may not be as technologically savvy or as active online. “We would ask people to speak to their older relatives, neighbours or friends and make sure they are registered with the TPS. If they have still been getting nuisance calls, they can help report these calls to us as this helps us build up intelligence on companies and sectors where we need to take action.” As well as an online reporting tool on the ICO website, nuisance calls can also be reported via the helpline 0303 123 1113. People can register their landline and mobile numbers with the Telephone Preference Service via its website or by calling 0345 070 0707. The ICO’s investigation into Avalon found two of the company’s directors at the time of the contravention, had previously been involved in an unconnected ICO investigation and that the company involved in that case had been fined in January 2018 for carrying out unsolicited direct marketing. Those same two people were also the directors of the lead generator company used by Avalon for the data collection in this current case, so they would have been fully aware of their legal obligations surrounding direct marketing, consent and the TPS register. The ICO understands the directors concerned are no longer associated with Avalon. In addition to the fine, Avalon has also been served with an Enforcement Notice ordering it to improve its practices. GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/ Please enable JavaScript to view the comments powered by Disqus.
Read More

ICO propose to ban likes and streaks for underage users

Digital Marketing Magazine 16 Apr 2019 07:30 The Information Commissioners Office (ICO) has warned social media giants that they must enforce tougher controls in order to protect the data of users under the age of 18. Facebook has appeared in the news frequently in recent weeks facing reports of data breaches which has raised concerns for the protection of vulnerable users. But in a move to protect young user’s data and to prevent them from oversharing their personal information, Facebook, Instagram, and Snapchat along with other major social media platforms may soon have to abide by the 16-rule code which the ICO is proposing. This could mean that Facebook and Instagram could soon remove the ‘like’ button for underage users, and Snapchat could prevent them from formulating ‘streaks’. The ICO has identified these tools as ‘nudges’. The ‘likes’ allow Facebook to target different advertisements towards them, and ‘streaks’ on Snapchat urges users to send photos to each other every day to achieve the reward of a streak icon next to their username. Elizabeth Denham, the Information Commissioner has said: “The internet and all its wonders are hardwired into [children’s] everyday lives,” “We shouldn’t have to prevent our children from being able to use [these apps], but we must demand that they are protected when they do. This code does that,” she stated. The code has already received support from the by the National Society for the Prevention of Cruelty to Children (NSPCC). Speaking to the BBC, Associate Head of Child Safety Online at NSPCC, Andy Burrows, has responded to the news about the introduction of the code: “Social networks have continually failed to prioritise child safety in their design, which has resulted in tragic consequences,” he said. The ICO has also suggested that social media platforms should do more to protect data such as making “high privacy” the default setting for children using social media platforms. To disable geolocation tools and targeted advertising as standard, unless there is compelling reasoning behind it. Platforms should additionally introduce vigorous age verification checks on platforms or treat all users as if they are children unless existing age verification checks can distinguish between adults and children. If the firms fail to comply with the code when it’s introduced, then they could be presented with fines of up to 20 million euros (£17.2m) or 4% of their worldwide turnover under the General Data Protection Regulation. The ICO will publish the final version of the code with further comment from Elizabeth Denham on the 31st May 2019 and will subsequently be presented to parliament. Reports suggest that the final code will be introduced by the end of 2019. To read the full report from the ICO, click here. GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/ Please enable JavaScript to view the comments powered by Disqus.
Read More