Google wants your face data in return for a $5 gift card

Found on The Inquirer on Wednesday, 24 July 2019
Browse Internet

That's the conclusion we have come to after it was revealed that Google has been offering people a Fin (that's $5 to you) to use your features in the training for its forthcoming face unlock feature.

ZDNet reports that the company is sending out street teams to gather face data from public places, in exchange for a $5 gift card, valid at either Amazon or Starbucks.

Make that $500 and then still say no. Google already has way too much data, there is no reason to feed it even more.

Hackers breach FSB contractor, expose Tor deanonymization project and more

Found on ZD Net on Monday, 22 July 2019
Browse Internet

Hackers have breached SyTech, a contractor for FSB, Russia's national intelligence service, from where they stole information about internal projects the company was working on behalf of the agency -- including one for deanonymizing Tor traffic.

Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.

It is probably a very safe bet if you say that every nation has a group of specialists trying to break Tor. It's not just a russian thing.

YouTube: 'We don't take you down the rabbit hole'

Found on BBC News on Friday, 19 July 2019
Browse Internet

YouTube has defended its video recommendation algorithms, amid suggestions that the technology serves up increasingly extreme videos.

YouTube uses algorithms to recommend more videos for you to watch. These video suggestions appear in the app, down the side of the website and also show up when you get to the end of a video.

"It's what's great about YouTube. It is what brings you from one small area and actually expands your horizon and does the opposite of taking you down the rabbit hole," he says.

Their algorithms are pretty useless. Over and over you get recommended the same videos, even if they have absolutely nothing to do with what you are currently watching; and even if they are somewhat related, you're as far away from your original theme as possible. If there is anything that's completely useless and flawed at Youtube, it's the recommendations.

Can you trust FaceApp with your face?

Found on BBC News on Thursday, 18 July 2019
Browse Internet

Since the face-editing tool went viral in the last few days, some have raised concerns over its terms and conditions.

They argue that the company takes a cavalier approach to users' data - but FaceApp said in a statement most images were deleted from its servers within 48 hours of being uploaded.

Privacy advocate Pat Walshe pointed to lines in the FaceApp's privacy policy that suggested some user data may be tracked for the purposes of targeting ads.

It's basically every app that does the same: provide some pointless "feature" and steal all the personal data from the device. So, you cannot trust any app.

Amazon offers $10 to Prime Day shoppers who hand over their data

Found on Reuers on Wednesday, 17 July 2019
Browse Internet

In order to work, the assistant needs access to users’ web activity, including the links and some page content they view. The catch, as Amazon explains in the fine print, is the company can use this data to improve its general marketing, products and services, unrelated to the shopping assistant.

Amazon did not discuss how it uses the data it gathers via the assistant for any unrelated purposes, but a job listing for an affiliated team known as Browser Integration Technologies says the group’s influence “spans across advertising and marketing, pricing and selection.”

Sadly, more than enough people will be stupid enough to fall for that.

OpenPGP Certificate Attack Worries Experts

Found on DUO on Saturday, 06 July 2019
Browse Internet

The attack is quite simple and doesn’t exploit any technical vulnerabilities in the OpenPGP software, but instead takes advantage of one of the inherent properties of the keyserver network that’s used to distribute certificates.

The OpenPGP specification doesn’t have any upper limit on the number of signatures that a certificate can have, so any user or group of users can add signatures to a given certificate ad infinitum. That wouldn’t necessarily be a problem, except for the fact that GnuPG, one of the more popular packages that implements the OpenPGP specification, doesn’t handle certificates with extremely large numbers of signatures very well. In fact, GnuPG will essentially stop working when it attempts to import one of those certificates.

Some kid in a basement must be really angry there. That, or some of the usual suspects who do not like secure and private communication.

Spotify shuts down direct music uploading for independent artists

Found on Altpress on Friday, 05 July 2019
Browse Internet

“The most impactful way we can improve the experience of delivering music to Spotify for as many artists and labels as possible is to lean into the great work our distribution partners are already doing to serve the artist community,” Spotify said in a statement on its blog.

For example, Billboard points out Little Mix track “Bounce Back” pre-saves prompted giving Sony Music specific permissions. Among them were “view your Spotify account data,” “view your activity on Spotify” and “take actions in Spotify on your behalf.”

So everybody whines how arists go through hard times and get pirated constantly, but at the same time platforms refuse to do business with them so middlemen can step in and make an artist's life even worse.

Seven Considerations for Doing Secure Cloud Migration

Found on eWEEK on Friday, 28 June 2019
Browse Internet

Looking forward, executive management at technology-dependent industries—including manufacturing, high-tech and telecom—are increasingly driving toward become 100% cloud-enabled.

Successful cloud migration also requires successfully migrating security to the cloud, enabling organizations to deploy and manage a single, consistent security framework that spans the entire multi-cloud infrastructure.

Going 100% cloud based is like pointing two really big guns a both of your feet. Let them learn their lessons the hard way.

Gmail’s API lockdown will kill some third-party app access, starting July 15

Found on Ars Technica on Thursday, 27 June 2019
Browse Internet

Google is locking down API access to Gmail data (and later, Drive data) soon, and some of your favorite third-party apps might find themselves locked out of your Google account data. The new API policy was announced back in October, but this week Google started emailing individual users of these apps, telling them the apps will no longer work starting July 15.

One absolute doozy of a requirement kicks in if the app stores user data on a third-party server. Google will now require those apps to pass a third-party security audit, which the app developer must pay for. According to the company, the cost "may range from $15,000 to $75,000 (or more) depending on the size and complexity of the application."

After restricting API access for adblockers, Google locks itself down even more. A pity for those who trusted Google (or "the cloud") with their data in the first place.

Gmail confidential mode is not secure or private

Found on ProtonMail on Saturday, 22 June 2019
Browse Internet

Even though Google launched confidential mode over a year ago, people are still confused about what it does. Is it actually secure or private? Is it encrypted? When you turn it on, does it prevent Google from reading your messages? The answer to these questions is ‘no.’

Without end-to-end encryption, Gmail’s confidential mode is little more than a marketing trick designed to pacify users concerned about privacy.

Google sure has no interest to make conversations really private; after all, they profit from having full access to all the data.