April 11, 2018
Back to the future! 1990s Windows File Manager! NOW OPEN SOURCE!
By Paul Ducklin
You know you want to.
Actually, you know you DON’T want to – I certainly didn’t.
But you will anyway – I did.
Microsoft has released the File Manager program from Windows 3, which was released back in 1990.
When I say “released”, I mean “set free”, and that’s free in the threefold sense of speech, beer and download.
Yes, the venerable WinFile application is now open source software!
To kick off with an admission: I’ve never got on with single-pane file managers – from WinFile to the latest Mac Finder, I’ve always shoved them to one side in favour of two-panel viewers.
Why view one directory at a time when you so often want to view two, either to move files from A to B (or in the Windows world, probably from D: to C:), or to compare old and new versions of stuff?
As a result, I’ve always had a copy of Midnight Commander to hand on Mac and Linux boxen, as well as Servant Salamander back when I used Windows as a matter of routine. (I chose that last word very carefully to avoid giving the impression that it was a matter of choice.)
In truth, I never much liked Windows 3, and when I used it, I didn’t like WinFile at all.
WinFile made tasks that were somewhat complicated but perfectly reliable at the DOS prompt into tasks that were dead easy but liable to go weirdly wrong when moving clunky icons between two separate on-screen windows.
But time is a great healer.
Read more at https://nakedsecurity.sophos.com/2018/04/11/back-to-the-future-1990s-windows-file-manager-now-open-source/
Steve Wozniak explains why he deactivated his Facebook account
By John E Dunn
As his 5,000 Facebook friends are about to find out, Apple co-founder Steve Wozniak has well and truly left the building.
When it comes to Facebook, most celebrities tip-toe out the back door without saying much. But Wozniak is not most celebrities, and sent an email explaining the recent decision to deactivate his account to USA Today.
Given the recent fuss about Facebook’s privacy behavior, most of it is not hard to second guess:
Users provide every detail of their life to Facebook and… Facebook makes a lot of advertising money off this. The profits are all based on the user’s info, but the users get none of the profits back.
Which had become a thinly-gilded cage:
I was surprised to see how many categories for ads and how many advertisers I had to get rid of, one at a time. I did not feel that this is what people want done to them. Ads and spam are bad things these days and there are no controls over them. Or transparency.
This compared unfavorably with another big tech company close to Wozniak’s heart:
Apple makes its money off of good products, not off of you. As they say, with Facebook, you are the product.
This echoes criticism of Facebook by Apple’s CEO Tim Cook who told reporters a few days ago that his company could do what Facebook does it if wanted to. However:
We’ve elected not to do that… We’re not going to traffic in your personal life. Privacy to us is a human right, a civil liberty.
It’s not clear how many Facebook users have left since the Cambridge Analytica scandal became public on 16 March, although #deletefacebook gained considerable traction, trending on Twitter in the following days.
Read more at https://nakedsecurity.sophos.com/2018/04/11/steve-wozniak-explains-why-he-deactivated-his-facebook-account/
Congress grills Zuckerberg, day one: How does this online stuff work?
By Lisa Vaas
Yikes, Facebook CEO Mark Zuckerberg said in prepared remarks for a rare joint hearing of the Senate Judiciary and Commerce Committees on Tuesday and Wednesday: malefactors have used reverse-lookup “to link people’s public Facebook information to a phone number”!
Quelle surprise, according to Zuckerberg’s prepared remarks: Facebook only discovered the incidents a few weeks ago, they claim, and immediately shut down the phone number/email lookup feature that let it happen.
Zuckerberg’s remarks:
When we found out about the abuse, we shut this feature down.
And thus, to borrow the Daily Beast’s phrasing, Zuckerberg gaslighted Congress before the hearings even started.
On Tuesday, senators were ready, though, to grill the virgin-to-Congressional-grilling about that “Well, shucks, we just found out” bit. Sen. Dianne Feinstein was the first to jump in with the fact that Facebook learned about Cambridge Analytica’s (CA’s) misuse of data in 2015 but didn’t take significant steps to address it until the past few weeks.
Zuckerberg’s response, reiterated many times during five hours of testimony: We goofed. CA told us it deleted the data. We believed them. We shouldn’t have. It won’t happen again.
Sen. Chuck Grassley asked the CEO if Facebook has ever conducted audits to ensure deletion of inappropriately transferred data (it seemed to have an audit allergy, at least during whistleblower Sandy Parakilas’s tenure), and if so, how many times?
My people will get back to you on that, Zuckerberg said… Many times, to many questions.
Read more at https://nakedsecurity.sophos.com/2018/04/11/congress-grills-zuckerberg-day-one-how-does-this-online-stuff-work/
How ODNS keeps your browsing habits secret
By Mark Stockley
In computing, popular ideas have a way of becoming part of the bedrock and, once petrified, they’re extremely difficult to dislodge.
It doesn’t matter how good or bad an idea is, how well or how poorly something is coded or how insecure it is, if something is widely adopted it’s not going anywhere fast.
For example, despite its inherent insecurity email remains central to our lives, and Flash, despite a ready replacement and countless should-have-been-fatal wounds, is dying as if there’s an Oscar on the line.
Finding new ideas is easy but replacing or retooling old ideas is hard.
That puts a premium on solutions that make things better, faster or more secure by working with, or adding to, what’s already there with minimal disruption.
And that’s why ODNS (Oblivious DNS) is such an interesting idea.
ODNS is the latest entrant to an increasingly crowded field of solutions looking to address the privacy problems of the global DNS (Domain Name System).
Read more at https://nakedsecurity.sophos.com/2018/04/10/how-odns-keeps-your-browsing-habits-secret/
How to check if your Facebook data was shared with Cambridge Analytica
By Paul Ducklin
We’re sure you’ve heard of Cambridge Analytica (CA), the controversial company that harvested data from Facebook and then used it in ways that you almost certainly wouldn’t have wanted.
About a month ago, we reported how a CA whistleblower named Christopher Wylie claimed that the company had allegedly:
…exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.
Were you affected?
The thing is that CA didn’t crack passwords, break into accounts, rely on zillions of fake profiles, exploit programming vulnerabilities, or do anything that was technically out of order.
Instead, CA persuaded enough people to trust and approve its Facebook app, called “This is Your Digital Life”, that it was able to access, accumulate and allegedly to abuse personal data from millions of users.
That’s because the app grabbed permission to access data not only about you, but about your Facebook friends.
In other words, if one of your friends installed the app, then they might have shared with CA various information that you’d shared with them, even if you didn’t install the app yourself.
But how to find out which of your friends (some of whom may be ex-friends by now) installed the app, and how to be sure that they remember correctly whether they used the app or not?
Facebook has now come up with a way, given that it has logs that show who used the app, and who was friends with them.
Read more at https://nakedsecurity.sophos.com/2018/04/10/how-to-check-if-your-facebook-data-was-shared-with-cambridge-analytica/
YouTube illegally collects data from kids, group claims
By Lisa Vaas
YouTube is illegally making “substantial profits” from children’s personal data, according to a group of 23 child advocacy, consumer and privacy groups that have filed a complaint asking the Federal Trade Commission (FTC) to make it stop.
Kids are on the platform en masse, the group said, citing a study that found that 96% of children aged 6-12 are aware of YouTube and that 83% of children that know the brand use it daily. In fact, last year, YouTube topped the list of favorite online kid brands, according to the study:
For the second year in a row, YouTube leads all 347 cross-category brands evaluated in the BRAND LOVE® study, solidifying its position as the most powerful brand in kids’ lives. The platform’s ascent to the top is impressive, moving from a KIDFINITY score of 749 (and #86 ranking) in 2010 to the #1 brand that is disseminating trends, changing play patterns, and transforming the ways kids come of age.
No wonder kids have come to adore YouTube: the Google-owned company has been working hard to get their love and their little eyeballs on advertisements, the coalition says.
A case in point is YouTube Kids: launched in February 2015, it was designed to be a sanitized place where youngsters would be spared the hair-raising comments and content found on the rest of YouTube.
But YouTube recently found itself hiring thousands of moderators to review content on the broader site after nasty children’s content and child abuse videos got through both on YouTube and even on YouTube Kids.
Read more at https://nakedsecurity.sophos.com/2018/04/10/youtube-illegally-collects-data-from-kids-group-claims/
Another company’s been harvesting Facebook user data
By Lisa Vaas
Déjà data-analytics vu: Facebook’s suspended yet another firm for dressing up its personal-data snarfing as “nonprofit academic research,” in the form of personality quizzes, and handing over the data to marketers.
The company, Cubeyou, a la Cambridge Analytica (CA), pasted the label “for non-profit academic research” onto its personality quizzes, CNBC reported on Sunday.
One of Cubeyou’s quizzes, “You Are What You Like,” was created in conjunction with the University of Cambridge, as was the psychographic data collected by the Facebook quiz thisisyourdigitallife.
Another version of Cubeyou’s quiz, named “Apply Magic Sauce,” states that it’s only for “non-profit academic research that has no connection whatsoever to any commercial or profit-making purpose or entity.” That sounds an awful lot like thisisyourdigitallife, which billed itself as “a research app used by psychologists.”
Cambridge University professor Aleksandr Kogan’s Facebook license was only to collect data for research purposes, not to pass on to a commercial outfit like CA. In violation of Facebook’s terms, he passed users’ data on to CA for targeted political ad marketing in the 2016 US presidential election. Similarly, Cubeyou sells data to ad agencies that want to target certain Facebook user demographics. It’s not what you’d call cloak and dagger: the data analytics firm’s site advertises its wares as “All the best consumer data sources in one place.”
Our platform brings together the most robust consumer data sources available, both online and offline. Leverage social media statistics, syndicated studies, government surveys, and more – even your own data.
One of many examples:
DEEP Go deeper than you’ve ever thought possible, mixing demographics, psychographics, lifestyles, interests and consumption traits to pinpoint the exact audience you’re looking for. Get hyper-local with over 10 Million panelists distributed across 950 US metro areas. ex. Millennial Gamers in San Francisco that purchase electronics at BestBuy
The site says that the company has access to personally identifiable information (PII) such as first names, last names, emails, phone numbers, IP addresses, mobile IDs and browser fingerprints. CNBC also dug into cached versions of the site from 19 March that said that Cubeyou also keeps age, gender, location, work and education, and family and relationship information.
Read more at https://nakedsecurity.sophos.com/2018/04/10/another-companys-been-harvesting-facebook-user-data/