Facebook and Its Executives Are Getting Destroyed After Botching the Handling of a Massive Data Breach (businessinsider.com)

The way Facebook has disclosed the abuse of its system by Cambridge Analytica, which has been reported this week, speaks volumes of what Facebook's core believes are. Sample this except from Business Insider: Facebook executives waded into a firestorm of criticism on Saturday, after news reports revealed that a data firm with ties to the Trump campaign harvested private information from millions of Facebook users. Several executives took to Twitter to insist that the data leak was not technically a "breach." But critics were outraged by the response and accused the company of playing semantics and missing the point. Washington Post reporter Hamza Shaban: Facebook insists that the Cambridge Analytica debacle wasn't a data breach, but a "violation" by a third party app that abused user data. This offloading of responsibility says a lot about Facebook's approach to our privacy. Observer reporter Carole Cadwalladr, who broke the news about Cambridge Analytica: Yesterday Facebook threatened to sue us. Today we publish this. Meet the whistleblower blowing the lid off Facebook and Cambridge Analytica. [...] Facebook's chief strategy officer wading in. So, tell us @alexstamos (who expressed his displeasure with the use of "breach" in media reports) why didn't you inform users of this "non-breach" after The Guardian first reported the story in December 2015? Zeynep Tufekci: If your business is building a massive surveillance machinery, the data will eventually be used and misused. Hacked, breached, leaked, pilfered, conned, "targeted", "engaged", "profiled", sold.. There is no informed consent because it's not possible to reasonably inform or consent. [...] Facebook's defense that Cambridge Analytica harvesting of FB user data from millions is not technically a "breach" is a more profound and damning statement of what's wrong with Facebook's business model than a "breach." MIT Professor Dean Eckles: Definitely fascinating that Joseph Chancellor, who contributed to collection and contract-violating retention (?) of Facebook user data, now works for Facebook. Amir Efrati, a reporter at the Information: May seem like a small thing to non-reporters but Facebook loses credibility by issuing a Friday night press release to "front-run" publications that were set to publish negative articles about its platform. If you want us to become more suspicious, mission accomplished. Further reading: Facebook's latest privacy debacle stirs up more regulatory interest from lawmakers (TechCrunch).

Are Google and Facebook Surveilling Their Own Employees? (theguardian.com) 48

The Guardian just ran an article titled " 'They'll squash you like a bug': how Silicon Valley keeps a lid on leakers," which begins with the story of an employee confronted by Facebook's secretive "rat-catching" team: They had records of a screenshot he'd taken, links he had clicked or hovered over, and they strongly indicated they had accessed chats between him and the journalist, dating back to before he joined the company. "It's horrifying how much they know," he told the Guardian, on the condition of anonymity... "You get on their bad side and all of a sudden you are face to face with Mark Zuckerberg's secret police"... One European Facebook content moderator signed a contract, seen by the Guardian, which granted the company the right to monitor and record his social media activities, including his personal Facebook account, as well as emails, phone calls and internet use. He also agreed to random personal searches of his belongings including bags, briefcases and car while on company premises. Refusal to allow such searches would be treated as gross misconduct...

Some employees switch their phones off or hide them out of fear that their location is being tracked. One current Facebook employee who recently spoke to Wired asked the reporter to turn off his phone so the company would have a harder time tracking if it had been near the phones of anyone from Facebook. Two security researchers confirmed that this would be technically simple for Facebook to do if both people had the Facebook app on their phone and location services switched on. Even if location services aren't switched on, Facebook can infer someone's location from wifi access points.

The article cites a 2012 report that Microsoft read a French blogger's Hotmail account to identify a former employee who had leaked trade secrets. And it also reports that tech companies hire external agencies to surveil their employees. "One such firm, Pinkerton, counts Google and Facebook among its clients." Though Facebook and Google both deny this, "Among other services, Pinkerton offers to send investigators to coffee shops or restaurants near a company's campus to eavesdrop on employees' conversations...

Al Gidari, consulting director of privacy at the Stanford Center for Internet and Society, says that these tools "are common, widespread, intrusive and legal."

Ask Slashdot: How Can I Prove My ISP Slows Certain Traffic? 83

Long-time Slashdot reader GerryGilmore is "a basically pretty knowledgeable Linux guy totally comfortable with the command line." But unfortunately, he lives in north Georgia, "where we have a monopoly ISP provider...whose service overall could charitably be described as iffy." Sometimes, I have noticed that certain services like Netflix and/or HBONow will be ridiculously slow, but -- when I run an internet speed test from my Linux laptop -- the basic throughput is what it's supposed to be for my DSL service. That is, about 3Mbps due to my distance from the nearest CO. Other basic web browsing seems to be fine... I don't know enough about network tracing to be able to identify where/why such severe slowdowns in certain circumstances are occurring.
Slashdot reader darkharlequin has also noticed a speed decrease on Comcast "that magickally resolves when I run internet speed tests." But if the original submitter's ultimate goal is delivering evidence to his local legislators so they can pressure on his ISP -- what evidence is there? Leave your best answers in the comments. How can he prove his ISP is slowing certain traffic?

Can Problems From Climate Change Be Addressed With Science? (scientificamerican.com) 136

Slashdot reader bricko shares an article from Scientific American about two "ecomodernists" who argue that the problems of climate change can be addressed through science and technology. In his Breakthrough essay, Steven Pinker spells out a key assumption of ecomodernism. Industrialization "has been good for humanity. It has fed billions, doubled lifespans, slashed extreme poverty, and, by replacing muscle with machinery, made it easier to end slavery, emancipate women, and educate children. It has allowed people to read at night, live where they want, stay warm in winter, see the world, and multiply human contact. Any costs in pollution and habitat loss have to be weighed against these gifts...."

We can solve problems related to climate change, Pinker argues, "if we sustain the benevolent forces of modernity that have allowed us to solve problems so far, including societal prosperity, wisely regulated markets, international governance, and investments in science and technology... Since 1970, when the Environmental Protection Agency was established, the United States has slashed its emissions of five air pollutants by almost two-thirds. Over the same period, the population grew by more than 40 percent, and those people drove twice as many miles and became two and a half times richer. Energy use has leveled off, and even carbon dioxide emissions have turned a corner."

The essay also cites ecomodernist Will Boisvert, who believes climate change will be cataclysmic but not apocalyptic, bringing large upheaval but a small impact on human well-being. "Global warming won't wipe us out or even stall our progress, it will just marginally slow ordinary economic development that will still outpace the negative effects of warming and make life steadily better in the future, under every climate scenario.... Our logistic and technical capacities are burgeoning, and they give us ample means of addressing these problems."

Google Open Sources Its Exoplanet-Hunting AI (vice.com) 13

dmoberhaus writes: Last December, NASA announced that two new exoplanets had been hiding in plain sight among data from the Kepler space telescope. These two new planets weren't discovered by a human, however. Instead, an exoplanet hunting neural network -- a type of machine learning algorithm loosely modeled after the human brain -- had discovered the planets by finding subtle patterns in the Kepler data that would've been nearly impossible for a human to see. Last Thursday, Christopher Shallue, the lead Google engineer behind the exoplanet AI, announced in a blog post that the company was making the algorithm open source. In other words, anyone can download the code and help hunt for exoplanets in Kepler data.
Google's research blog called the December discovery "a successful proof-of-concept for using machine learning to discover exoplanets, and more generally another example of using machine learning to make meaningful gains in a variety of scientific disciplines (e.g. healthcare, quantum chemistry, and fusion research)."

1 in 3 Michigan Workers Tested Opened A Password-Phishing Email (go.com) 92

An anonymous reader quotes the AP: Michigan auditors who conducted a fake "phishing" attack on 5,000 randomly selected state employees said Friday that nearly one-third opened the email, a quarter clicked on the link and almost one-fifth entered their user ID and password. The covert operation was done as part of an audit that uncovered weaknesses in the state government's computer network, including that not all workers are required to participate in cybersecurity awareness training... Auditors made 14 findings, including five that are "material" -- the most serious. They range from inadequate management of firewalls to insufficient processes to confirm if only authorized devices are connected to the network. "Unauthorized devices may not meet the state's requirements, increasing the risk of compromise or infection of the network," the audit said.

Did Cambridge Analytica Harvest 50 Million Facebook Profiles? (theguardian.com) 98

Slashdot reader umafuckit shared this article from The Guardian: The data analytics firm that worked with Donald Trump's election team and the winning Brexit campaign harvested millions of Facebook profiles of U.S. voters, in one of the tech giant's biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box... Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: "We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals... On Friday, four days after the Observer sought comment for this story, but more than two years after the data breach was first reported, Facebook announced that it was suspending Cambridge Analytica and Kogan from the platform, pending further information over misuse of data. Separately, Facebook's external lawyers warned the Observer on Friday it was making "false and defamatory" allegations, and reserved Facebook's legal position...

The evidence Wylie supplied to U.K. and U.S. authorities includes a letter from Facebook's own lawyers sent to him in August 2016, asking him to destroy any data he held that had been collected by GSR, the company set up by Kogan to harvest the profiles... Facebook did not pursue a response when the letter initially went unanswered for weeks because Wylie was travelling, nor did it follow up with forensic checks on his computers or storage, he said. "That to me was the most astonishing thing. They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."

Wylie worked with Aleksandr Kogan, the creator of the "thisisyourdigitallife" app, "who has previously unreported links to a Russian university and took Russian grants for research," according to the article. Kogan "had a licence from Facebook to collect profile data, but it was for research purposes only. So when he hoovered up information for the commercial venture, he was violating the company's terms...

"At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential U.S. voters."
Open Source

How An Open Source Plugin Tamed a Chaotic Comments Section With A Simple Quiz (arstechnica.com) 124

Long-time Slashdot reader jebrick quotes an article from Ars Technica about how Norway's government-owned public broadcasting company "employs open source tactics to fight trolling": The five-person team behind a simple WordPress plugin, which took three hours to code, never expected to receive worldwide attention as a result. But NRKbeta, the tech-testing group at Norway's largest national media organization, tapped into a meaty vein with the unveiling of last February's Know2Comment, an open source plugin that can attach to any WordPress site's comment section. "It was a basic idea," NRKbeta developer Stale Grut told a South By Southwest crowd on Tuesday. "Readers had to prove they read a story before they were able to comment on it"... He and fellow staffers spent three hours building the plugin, which Grut reminded the crowd is wholly open source... "[W]e realized not every article is in need of this. We are a tech site; we don't have a lot of controversy, so there's not a big need for it. We use it now on stories where we anticipate there'll be uninformed debate to add this speed bump."
What do you think? And would a quiz-for-commenting-privileges be a good addition to Slashdot?
Emulation (Games)

How Hardware Artisans Are Keeping Classic Video Gaming Alive (fastcompany.com) 62

Slashdot reader harrymcc writes, "If you want to play classic Nintendo games, you could buy a vintage Super NES. Or you could use an emulator. Or -- if you're really serious -- you could use floating point gate arrays to design a new console that makes them look great on modern TVs." He shares Fast Company's article about "some of the other folks using new hardware to preserve the masterworks of the past." Analogue created its system with HDTVs in mind, so every game looks as good or maybe even better than I remember from childhood. Playing the same cartridges on my actual Super Nintendo is more like looking through a dirty window... Another company called RetroUSB has also used Field Programmable Gate Arrays to create its own version of the original Nintendo. And if you already own any classic systems like I do, there's a miniature industry of aftermarket hardware that will make those consoles look better on modern televisions.
The article also notes "throwback consoles" from AtGames and Hyperkin, as well as the Open Source Scan Converter, "a crude-looking device that converts SCART input to HDMI output with no distinguishable lag from the game controller." Analogue's CEO Christopher Taber "argues that software emulation is inherently less accurate than re-creating systems at the hardware level," and describes Analogue engineer Kevin Horton as "someone who's obscenely talented at what he's doing... He's applying it to making perfect, faithful, aftermarket video game systems to preserve playing these systems in an unadulterated way."

And in the end the article's author feels that Analogue's Super NT -- a reverse-engineered Super Nintendo -- "just feels more like the real thing. Unlike an emulator, the Super Nt doesn't let you save games from any point or switch to slow motion, and the only modern gameplay concession it offers is the ability to reset the game through a controller shortcut. Switching to a different game still requires you to get off the couch, retrieve another cartridge, and put it into the system, which feels kind of like listening to a vinyl album instead of a Spotify playlist."
United States

DIY Explosives Experimenter Blows Self Up, Contaminates Building (fdlreporter.com) 272

Long-time Slashdot reader hey! writes: Benjamin D. Morrison of Beaver Dam Wisconsin was killed on March 5 while synthesizing explosives in his apartment... The accident has left the apartment building so contaminated that it will be demolished in a controlled burn, and residents are not being allowed in to retrieve any of their belongings.
It was just five years ago that Morrison graduated from Pensacola Christian College in Florida with a degree in pre-pharmacy and minors in chemistry and math. Though a local reverend believes 28-year-old Morrison was "not a bomb maker," USA Today's site FDL Reporter notes that "Officials assume he was making bombs that accidentally exploded and killed him... They have not publicly disclosed what chemicals were in apartment 11 where Morrow lived, only describing them as 'extremely volatile and unstable explosives.'"
Open Source

Vim Beats Emacs in 'Linux Journal' Reader Survey (linuxjournal.com) 146

The newly-relaunched Linux Journal is conducting its annual "Reader's Choice Awards," and this month announced the winners for Best Text Editor, Best Laptop, and Best Domain Registrar. Vim was chosen as the best editor by 35% of respondents, handily beating GNU Emacs (19%) Sublime Text (10%) and Atom (8%). Readers' Choice winner Vim is an extremely powerful editor with a user interface based on Bill Joy's 40-plus-year-old vi, but with many improved-upon features including extensive customization with key mappings and plugins. Linux Journal reader David Harrison points out another great thing about Vim "is that it's basically everywhere. It's available on every major platform."
For best laptop their readers picked Lenovo (32%), followed by Dell (25%) and System76 (11%). The ThinkPad began life at IBM, but in 2005, it was purchased by Lenovo along with the rest of IBM's PC business. Lenovo evolved the line, and today the company is well known as a geek favorite. Lenovo's ThinkPads are quiet, fast and arguably have one of the best keyboards (fighting words!). Linux Journal readers say Lenovo's Linux support is excellent, leaving many to ponder why the company doesn't ship laptops with Linux installed.
In February readers also voted on the best web browser, choosing Firefox (57%) over Chrome (17%) and Chromium (7%). And they also voted on the best Linux distribution, ultimately selecting Debian (33%), open SUSE (12%), and Fedora (11%).

'Why YouTube's New Plan to Debunk Conspiracy Videos Won't Work' (vortex.com) 240

Slashdot reader Lauren Weinstein believes YouTube's plan to combat conspiracy videos with "information cues" is "likely doomed to be almost entirely ineffective." The kind of viewers who are going to believe these kinds of false conspiracy videos are almost certainly going to say that the associated Wikipedia articles are wrong, that they're planted lies... Not helping matters at all is that Wikipedia's reputation for accuracy -- never all that good -- has been plunging in recent years, sometimes resulting in embarrassing Knowledge Panel errors for Google in search results...

The key to avoiding the contamination...is to minimize their visibility in the YouTube/Google ecosystem in the first place... Not only should they be prevented from ever getting into the trending lists, they should be deranked, demonetized, and excised from the YouTube recommended video system. They should be immediately removed from YouTube entirely if they contain specific attacks against individuals or other violations of the YouTube Terms of Service and/or Community Guidelines. These actions must be taken as rapidly as possible with appropriate due diligence, before these videos are able to do even more damage to innocent parties.


Ubuntu Community Considers a Crowd-Sourced Promo Video (ubuntu.com) 34

Slashdot reader Beacon11 writes that "Alan Pope, a community advocate for Ubuntu, has requested comments and ideas regarding the creation of a crowd-sourced promo video that, in 30 seconds, conveys that Ubuntu is for everyone." Alan Pope writes: So for example you might see a woman on a train typing an article, a guy in an office creating a presentation, a kid on the sofa playing a game with a controller on their TV, someone watching a film, someone developing code, kids playing with robots, a farmer planning animal feeding. You get the idea...

So I'd really like to do this as a shared community project, with video clips submitted by Ubuntu users from around the world, perhaps even taking in a landmark or two here and there. I'd expect the video to represent the diversity of users, and variety of activities people are able to do with Ubuntu.

Though they're currently just discussing its feasibility, Alan writes that "I think if we work together we could make something amazing."

Researchers Claim They Can Predict Where Lightning Is Likely To Strike (www.cbc.ca) 34

Long-time Slashdot reader conner_bw shared an article from the CBC: A study by researchers at the University of Calgary's Schulich School of Engineering suggests it's possible to predict where lightning will strike and how often.They say satellite data and artificial intelligence can help foresee where lightning poses a greater risk to spark wildfires... "Those events don't just randomly happen," said Dr. Xin Wang, one of three researchers involved in the study. "They also have spatial and temporal patterns."
One of the paper's authors says their analysis can predict areas with a high chance of wildfires with an accuracy greater than 90%.
Electronic Frontier Foundation

North Carolina Police Obtained Warrants Demanding All Google Users Near Four Crime Scenes (wral.com) 184

An anonymous reader quotes the public records reporter from North Carolina TV station WRAL: In at least four investigations last year -- cases of murder, sexual battery and even possible arson at the massive downtown fire in March 2017 -- Raleigh police used search warrants to demand Google accounts not of specific suspects, but from any mobile devices that veered too close to the scene of a crime, according to a WRAL News review of court records... The demands Raleigh police issued for Google data [in two homicide cases] described a 17-acre area that included both homes and businesses... The account IDs aren't limited to electronics running Android. The warrant includes any device running location-enabled Google apps, according to Raleigh Police Department spokeswoman Laura Hourigan...

On March 16, 2017, a five-alarm fire ripped through the unfinished Metropolitan apartment building on West Jones Street... About two months later, Raleigh police obtained a search warrant for Google account IDs that showed up near the block of the Metropolitan between 7:30 and 10 p.m. the night of the fire... In addition to anonymized numerical identifiers, the warrant calls on Google to release time stamped location coordinates for every device that passed through the area. Detectives wrote that they'd narrow down that list and send it back to the company, demanding "contextual data points with points of travel outside of the geographical area" during an expanded timeframe. Another review would further cull the list, which police would use to request user names, birth dates and other identifying information of the phones' owners.

"Do people understand that in sharing that information with Google, they're also potentially sharing it with law enforcement?" asks a former Durham prosecutor who directs the North Carolina Open Government Coalition at Elon University. And Stephanie Lacambra, criminal defense staff attorney at the Electronic Frontier Foundation, also criticized the procedure. "To just say, 'Criminals commit crimes, and we know that most people have cell phones,' that should not be enough to get the geo-location on anyone that happened to be in the vicinity of a particular incident during a particular time." She believes that without probable cause the police department is "trying to use technology as a hack for their job... It does not have to be that we have to give up our privacy rights in order to participate in the digital revolution."

Nathan Freed Wessler, staff attorney with the ACLU's Speech, Privacy and Technology Project, put it succinctly. "At the end of the day, this tactic unavoidably risks getting information about totally innocent people."

Slashdot Top Deals