Mark Zuckerberg may currently be one of the most powerful men in the world, but that does not mean it stops him from being immune to the security breaches out there.

Zuck

Source: Mark Zuckerberg Facebook

When Zuckerberg shared the photo above on his Facebook profile to celebrate Instagram reaching its 500 million monthly user milestone, a sharp-eyed Twitter user by the name of Chris Olson was quick to point out a couple of things.

Zuck

Source: Chris Olson Twitter

Chris Olson, who currently works for a software startup called Replicated, noticed that in the photo’s background, Zuckerberg’s laptop webcam camera and microphone jack appeared to be covered in tape.

“When I first saw the photo I quickly noticed tape covering the camera,” Olson told The Huffington Post. “I’ve actually seen this technique used a decent amount of times and knew it was used as the last line of defense for someone hacking your camera. I don’t tape my own computer’s camera and mic but after seeing someone like Mark, who leads a world-class technology company, I might just run down the street and pick some up,” Olson added.

Zuck2

Source: Mark Zuckerberg Facebook

The rouse from the posted photo highlighted to many that even the technically-savvy Facebook boss faces worries about being spied on. Laptops, smartphones and microphones are often primary targets for hackers, especially for high-profile individuals such as Zuckerberg who just so happens to be the CEO of one of the most powerful companies in Silicon Valley.

Hacking into a laptop’s webcam is not particularly difficult business. For instance, the camera could be hacked by way of a spear phishing attack that loads malware onto a user’s computer when they click a spoof email. Most times, the user may not even be aware that their cameras have been hacked and are being watched. And while Mac users are a little safer, (a light next to the webcam is designed to switch on whenever the camera is being used, so a user would be made aware should any unsolicited recording occur), this may not always be the case.

Often, hackers would tap into a target’s camera to secretly record a victim during compromising moments, and could then later threaten for a blackmail payment in order to refrain them from posting the footage publicly. Some hackers are known to remotely hack baby monitors merely for the sake of tormenting children and babies in these rather chilling cases.

Just a couple of weeks ago, Zuckerberg’s own social media accounts had been targeted by a hacker group called OurMine. In the hacking incidents which occurred earlier this month, Zuckerberg saw all his Twitter, Instagram and Pinterest accounts briefly hacked.

It is a common practice for many to tape over or at least try to cover up their built-in webcams in an attempt to protect themselves against unwanted surveillance. “Covering the camera is a very common security measure,” says Lysa Myers, a security researcher at the data security firm ESET. “If you were to walk around a security conference, you would have an easier time counting devices that don’t have something over the camera.”

This habit is followed by the likes of many, including James Comey the director of FBI who revealed earlier this year that he too covers his laptop’s webcam to prevent hackers spying on him. “I saw something in the news, so I copied it. I put a piece of tape — I have obviously a laptop, personal laptop — I put a piece of tape over the camera. Because I saw somebody smarter than I am had a piece of tape over their camera,” he said during an address to Kenyon Collegian, NPR reported.

Additionally, according to documents leaked by Edward Snowden, the whistleblower who previously released details of government surveillance programs, Snowden alleged that the UK GCHQ which ran a program called ‘Optic Nerve’ as well as other US spy agencies intercepted webcam images from millions of Yahoo users accounts around the world between 2008 and 2010. On top of that, the American digital rights group, Electronic Frontier Foundation, who sells webcam stickers for the exact purpose of covering cameras, told The Guardian that“people purchase these regularly”, proving that there is a market for such products.

 

Should you tape over your webcam & mics?

While taping over your webcam is seen as a simple security measure to prevent unwelcomed spying, taping over a microphone may not make as much sense.

“Sounds can travel through tape – it is just another membrane. So it begs the question whether we need a physical switch to disconnect the microphone,” says Prof Alan Woodward, a computer security expert from the University of Surrey.

Case in point; Mashable tested Zuckerberg’s microphone tape method with both clear tape and thicker gaffer’s tape, although neither one reduced the microphone’s audio pickup even when doubled up.

Luckily, Mashable offers an easy alternative to the microphone tape method, given that you have an old pair of headphones lying around that you are willing to sacrifice:

  • Connect a pair of earbuds that include a microphone into your 3.5mm audio jack, then snip off the earbud with the mic on it (usually the right one) just below the mic.
  • Why it works? Once you plug in earphones with a built-in mic, your computer automatically changes the default audio input from the internal mic to the new external mic.
  • That way, when you cut the line to the mic, the computer does not go back to the default interior mic, and it cannot receive any audio from the (now missing) exterior mic.

Although there is a possibility of a hacker who has had complete control of your computer to be able to switch the input audio back to the internal mic, if they are running on only an automated program, it is likely that they will only pick up whatever is currently set to default.

In any case, the usage of tape ala Mark Zuckerberg certainly would not hurt as most of the experts do it and it could help minimise damage in the event of a hack.

 

Sources

[1] BBC

[2] New York Times

[3] Telegraph

[4] Fortune

[5] Mashable

russia1

Encryption backdoors; a highly debated and often controversial matter. After the ‘security versus privacy’ battle between Apple and the FBI in the government’s orders for the creation of a backdoor to the San Bernardino iPhone, it sparked some members of governments call for weakened encryption on messaging apps or backdoors.

While technology experts, privacy advocates and governments are still at wits about the potential harm or good that backdoors would bring, Russia seems to be having no queries and whelms on their stand for backdoors on encrypted apps.

A new bill tabled in the Russian Duma, the country’s lower legislative house proposes to implement laws for mandatory backdoors into encrypted communications. The pending bill is referred to as an “anti-terrorism” bill in the Dunna, which was designed so that the Federal Security Service aka. the successor to the KGB and the country’s secret police, would be able to obtain special access to all of the country’s communications.

Encryption in technology is often viewed as the cornerstone of cybersecurity. Without encryption to protect users’ data, the companies who do not adopt encryption practices are often regarded by technologists as negligent to cybersecurity.

Russia Button

With that being said, Russia on the other hand seems to think on the contrary, hoping to step up their Internet controls in the apparent interests of national security by putting encrypted messaging apps in the hot seat. Apps such as WhatsApp, Telegram and Viber which currently offer varying levels of encrypted security were main targets in the anti-terrorism bill, in which these companies could be fined with up to a million roubles (approximately US$15,600) if found guilty of refusing to decrypt messages for the Federal Security Service. On the other hand, citizens found using the apps while refusing to provide access to their messages to security officials could have to answer to fines of up to 3,000 roubles (US$46),  while officials could be fined up to 5,000 roubles (US$78), and legal entities as much as 50,000 roubles (US$780).

“Failure to comply with the organiser of the dissemination of information on the internet obligation to submit to the federal executive authority in the field of safety information required for decoding the received, sent, delivered or processed by electronic communications”.

The new Russian legislation was proposed by deputy Irina Yarovaya and senator Viktor Ozerov and has already been approved by the Duma Committee on Security and Anti-Corruption. Russian Senator Yelena Mizulina who supports the bill has also mooted requiring all message traffic to be approved by national censors before it is passed on. Referring to a research group of some kind, and some ill repute, called the League of Safe Internet, she argued that the new bill ought to become law due to the group’s uncovered evidence of unwelcome underground operations. Mizulina was concerned of “a number of closed groups where teenagers [are] brainwashed to kill police officers”, a practice protected by encryption which should be nipped in the bud. Mizulina also suggested;  “Maybe go back to the idea of pre-filtering [messages] as we cannot look at it in silence”.

Irina Yarovaya, who is also the head of the country’s parliamentary security committee, has now even proposed procedures that would entail Internet service providers to store metadata about customers’ activities for up to three years, and the actual contents of their communications for up to six months. State officials would be able to requisition this data, supposedly for anti-terrorism purposes.

It will be interesting to note how this new bill will affect many tech giants and messaging companies who want to avail themselves of Russia’s markets if mandatory backdoors does indeed become the law in Russia.

Nonetheless, Yarovaya stated on Monday that if the new Russian proposals do pass into law, they may not come into effect for another three years.

 

Sources

[1] Fortune

[2] Daily Dot

[3] The Register

[4] The Inquirer

[5] Tech Eye

[6] Tech Spot

As Internet users all over the world may be gearing up to celebrate World Emoji Day on July the 17th, Twitter is preparing something up their own sleeves as well. In a blog post by Neil Shah, Twitter’s ads API product manager, the company revealed a new feature which would allow advertisers to target potential customers based on their emoji activity on the social networking website.

Targeted advertising based on or using emojis may not be something new for marketers as more brands are turning to emojis as a new form of monetisation. Take for example Domino’s emoji ordering system which won a Titanium Grand Prix; Dominos built an emoji ordering system that allows people to text a pizza emoji to instantly place delivery orders saved in their accounts with the fast feeder.

Certainly, the use of emojis are fast becoming our everyday lexicon, given that Oxford Dictionary even awarded the “Face with Tears of Joy” emoji as its 2015 Word of the Year! There is even a website known as Emojitracker which tracks realtime emoji use on Twitter.

(Fun fact: Did you know that you can also search Google using emojis?)

emoji

Additionally, according to Instagram’s Engineering Blog, the vocabulary of Instagram is shifting similarly across many different cohorts as the decline in Internet slang has given way to a corresponding rise in the usage of emoji.

emoji1

(Source: Instagram’s Engineering Blog)

It’s no wonder that Twitter has seen the great potential emojis could bring for their targeted advertising.

“Over 110 billion emojis have been Tweeted since 2014”, said Shah in his earlier blog post, which roughly translates into a massive opportunity for them to cash in on advertisers looking to distribute ads based on emoji use of emotions, foods, activities, and much more. Most social networks are searching for one way or another for the company to chase those advertising dollars. Given that Twitter has not been seeing much growth in their profit and has in fact been losing $2 billion since 2011, one of Twitter’s successful methods of generating sales has only been from sponsored tweets and partnerships.

“Emojis have become a ubiquitous way for people, publishers, and brands to express their feelings … This new feature uses emoji activity as a signal of a person’s mood or mindset — unlocking unique opportunities for marketers” Shah stated.

Emoji-targeted advertising could turn out to be a great cash cow for the company, as Twitter believes that marketers will be able to use the emoji activity as a way to determine a person’s mood and then “connect” with them, in turn driving “deep engagement and better performance for brands”.

emoji2

What this may mean for users is that a simple tweet with a Friday night beer emoji may entail some big beer brand or the local craft brewery appearing on ads on your timeline to try their new flavours. Or a Twitter user who tweets out a pizza emoji could have various restaurants flooding their mentions to call customers in for a slice.

Basically any time an emoji is tweeted out, it could be used by brands to target you with specific products. While the company uses food emojis as a target example for now, it could well move on to other options such as adverts from a sports brand when a user tweets a soccer ball emoji during a Euro 2016 match. Or if a user tends to tweet the emoji of a particular flag frequently, it could be an indication to advertisers on a person’s nationality and country preferences. The possibilities are truly limitless.

Any advertisers who are seeking to implement the new targeting options will work with Twitter’s official Ads API (application programming interface) partners, who include AdParlor, Amobee, HYFN, Perion, SocialCode, and 4C to target people who have recently Tweeted or engaged with Tweets featuring emojis.

It remains to be seen if Twitter users would appreciate the new method for targeted advertisements or negatively affect their use of the social media. So what is your opinion on emoji-targeted advertising?

 

Sources

[1] Twitter blog

[2] Gizmodo

[3] The Next Web

[4] CNET

[5] Digital Trends

[6] Digiday

It is probably not news that many landlords, hiring managers or college admissions counselors scope out our social media accounts to perform background checks on an individual. However, one start-up company is now taking this one step further by making use of algorithmic models to carry out social media audits of our networking accounts, with aims to “take a deep dive into private social media profiles”.

The UK start-up, Score Assured, has recently launched its first product; Tenant Assured, a software capable of combing through your social media profiles on Facebook, Instagram, Twitter, and LinkedIn to produce a report to unearth details on a potential tenant’s credit-worthiness. The ‘personality reports’ aims to give insights into an applicant’s five main personality traits: extraversion, neuroticism, openness, agreeableness and conscientiousness.

A sample Tenant Assured profile report. (Source: The Verge)

A landlord would be able to send their potential tenant a request through Tenant Assured requiring them to grant full access to their various social media accounts before the lease application would be approved. From there, Tenant Assured is capable of sifting through all previous posts, conversation threads and private messages to highlight any areas of concern. Based on frequency of keyword mentions, or even those ‘check-ins’ at your local watering hole could affect the outcome of the report in terms of your personality, attitude towards spending and likely creditworthiness, a supposed indication of how reliable a tenant you will be.

Naturally, many of these basis for ratings are totally misleading. Life events (eg. Giving birth or getting married) can be used to draw conclusions on an individual, as well as how often a tenant may use keywords like “staying in”, “no money” or “poor” could damage their credit score.

These distorted sources for calculating one’s “financial stress level” was exemplified when a couple of reporters from Telegraph Money decided to take the Tenant Assured plunge. Being money journalists who frequently report on “loans”, the trigger word became a concern for financial stress when it is used as an indicator to calculate the overall score in the report. Clearly, the content of social media posts could easily be taken out of context as a personal struggle for better finances.

‘Personality reports’ on a potential tenant. (Source: Washington Post)

Caitlin Dewey, a reporter from Washington Post who decided to test out the service related her experience with the “creepy digest” about her online self.

“My personal tenant report includes a list of my closest friends and interests, a percentage breakdown of my personality traits, a list of every time I’ve tweeted the words ‘loan’ and ‘pregnant,’ and the algorithm’s confidence that I’ll pay my rent consistently,” she wrote.

Tenant Caitlin

Caitlin Dewey’s Tenant Assured profile drawn from her Facebook, Twitter, LinkedIn & Instagram data.

(Source: Washington Post)

 

Is this all legal?

In contrast to credit reports which under federal law may be requested at every 12 months, the Tenant Assured final profile reports does not allow for the tenants themselves to have any access to view their own ratings, instead going straight to the landlord, which leaves them in the dark from defending any misleading data dredged up from their tenant profiles.

“If you’re living a normal life, then, frankly, you have nothing to worry about,” stated Steve Thornhill, co-founder and director of Score Assured.

However, The Washington Post has pointed out that some of the information collected by Tenant Assured in fact has a protected status under the US housing discrimination law, under the Fair Housing Act of 1968, although Thornbill argued that this was something not to be of concern as the report produced was only a one-time file, not a constant surveillance.

For each Tenant Assured report, the start-up charges landlords, agencies and letting agents £9.99, although discounts are applicable given large volumes of tenants. Any future reports on the same tenant would still incur service fees.

Thornbill admits while keyword-scraping can be a crude metric by itself, quite incredulously he exclaimed that the information attained through the service was meant to be used alongside the landlord’s own judgement.

“All we can do is give them the information. It’s up to landlords to do the right thing”.

Thornbill also stated that: “People continue more and more to expect their private data to become something of value that they—can’t sell—but can trade for something. We see it as a way of helping people get something they want”.

Tenant Assured is also expected to offer specialised versions of their service by the end of July such as Recruit Assured for use by employers, HR recruitment or other versions for online dating.

As of now, these form of services may still be an opt-in for landlords and agencies, but if it became popular, it could well be exploited by those in power to gain access to private and personal data.

What is your opinion on the checking out of potential tenants on social media?

 

Sources

[1] Score Assured

[2] The Washington Post

[3] Vice

[4] The Verge

[5] Telegraph

Nimble news

Source: Nimble News Network

One of the top apps on the market may soon be offering end-to-end (e2e) encryption. That’s right. Facebook Messenger, one of the top downloaded apps according to the Google Play Store and Apple’s iTunes store is said to be bringing the end-to-end encryption option to its messaging service, following the input from three unnamed sources close to the project.

Top Android apps

Top Apple store apps (Msia)

More and more tech giants are increasingly concerned with securing users’ data and privacy, and Facebook seems to be keen on stepping up their security game as well. With over 900 million users as of April 2016, rumour has it that Facebook messenger will also offer the option of end-to-end encryption sometime in the next few months.

As Jacob Ginsberg the senior director at encryption company Echoworx said:

“It seems that the large players in the technology industry are taking more notice of people’s right to communicate privately”.

End-to-end encryption is important for ensuring that messages sent can only be read by the sender and receiver of the message. This means that not only the government or hackers would not be able to intercept messages while they are being delivered, but the company themselves (in this case Facebook) will not be able to read the conversations.

While encryption works by scrambling data in order to give users peace of mind to users away from app developers, law enforcements and cloud-hosted virtual assistants, this privacy-enhancing feature will only be an opt-in one. As compared to other apps such as Whatsapp, or iMessage which offer end-to-end encryption by default, Facebook Messenger seems to be giving users the option to choose encrypted chat or not.

If the latter is the case, this will make it akin to Google’s recently-debuted Allo chat app, which makes its security feature optional for users, and only enables it in “incognito mode”. Allo allows for users to either select communicating with end-to-end encryption mode for extra privacy, or accept the trade-off of data when favouring a smarter messaging chat using machine learning technologies to serve smart replies or suggestion which would not work if end-to-end encryption was switched on.

However, Allo does not come without criticisms of its own. Edward Snowden, the poster child of privacy himself calls Google’s chat app as “dangerous and unsafe”.

Edward Snowden

Source: Twitter

An Internet company such as Facebook seeks to monetize largely by using advertising. One way in which they would do so is by a combination of sponsored partnerships with businesses and brands as well as through the AI chat bots. Using an AI bot program such as in Google, Amazon and Apple brings virtual assistants into play which analyse users’ texts, photos and other habits to put forward suggestions, perform searches and bring a personalised chat experience for users.

On the other hand, this would ultimately mean that users are forced to pick between smart AI chatbots yet foregoing personal data integration, versus tougher encryption on their chats but sacrifice the machine learning features.

Similar to Google’s Allo, the Allo app also attempts to balance users’ demands for secure messaging in “incognito mode” but also with their desire for the use of AI to oversee interactions for its smart features. However, since Facebook Messenger’s encryption is developed to be as an opt-in feature, the drawback is that the app will not be able to offer both the in-chat AI with e2e encryption as the AI features is unable to work once the end-to-end encryption is switched on.

How the in-chat smart bot works is by frequently scanning chats and reading through messages so that it can learn how a person talks and then offer appropriate responses based on the habits of the user it has learned. The problem is that this type of “machine learning” requires users’ messages and other data to be routed through corporate servers so that they can be analysed and a “smart reply” sent, as well as informing future interactions. When encryption is turned on via chatting through incognito mode, it prevents certain types of data from passing through Google’s servers and neither Facebook nor authorities would be able to decipher them.

So what are your opinions? If you had to choose between end-to-end encryption or newer ‘smart features’, which you be your pick?

 

Sources

[1] The Guardian

[2] Independent

[3] Sophos

[4] BGR

[5] Express

[6] Fortune

[7] Fast Company