If you think your deleted Twitter DMs are sliding into the trash, you’re wrong

By Lisa Vaas

You can’t erase your Twitter footsteps, it turns out: what goes into Twitter stays lodged in its guts for years.

That’s because of a glitch that a bug hunter is calling a “functional bug.” The bug, discovered by security researcher Karan Saini, keeps direct messages (DMs) from being completely deleted, regardless of whether you or others have deleted the messages or even if the accounts that sent or received the DMs have been deactivated and suspended.

Saini told TechCrunch that he found years-old messages in a file when he downloaded an archive of his data from Twitter accounts that he’d previously deleted.

You can download data from your own account(s) here to get an idea of everything that Twitter collects, and retains, on you.

The researcher says that he reported a similar bug, found a year earlier but not disclosed until now, that allowed him to use a since-deprecated API to retrieve DMs even after a message was deleted from both the sender and the recipient. That earlier bug couldn’t get at DMs from suspended accounts, however.

Read more at https://nakedsecurity.sophos.com/2019/02/19/if-you-think-your-deleted-twitter-dms-are-sliding-into-the-trash-youre-wrong/

Facebook acts like a law-breaking ‘digital gangster’, says official report

By Lisa Vaas

On Sunday, following an investigation of more than a year, the UK Parliament accused Facebook of thumbing its nose at the law, having “intentionally and knowingly violated both data privacy and anti-competition laws”.

Lawmakers called for the Information Commissioner’s Office (ICO) to investigate the social media platform’s practices, including how it uses the data of both users and users’ friends, as well as its use of “reciprocity” in data sharing.

Their report, which centered on disinformation and fake news, was published by a House of Commons committee – the Digital, Culture, Media and Sport Committee – that oversees media policy. From that report:

Companies like Facebook should not be allowed to behave like ‘digital gangsters’ in the online world, considering themselves to be ahead of and beyond the law.

The investigation focused on Facebook’s business practices before and after the Cambridge Analytica scandal.

Facebook shouldn’t be allowed to wriggle out from under culpability for the content users have pushed through on its platforms, the report said, alluding to how it was used by foreigners to tinker with the 2016 US presidential election and the Brexit campaign:

Facebook’s handling of personal data, and its use for political campaigns, are prime and legitimate areas for inspection by regulators, and it should not be able to evade all editorial responsibility for the content shared by its users across its platforms.

Facebook: Bring it!

Read more at https://nakedsecurity.sophos.com/2019/02/19/facebook-acts-like-a-law-breaking-digital-gangster-says-official-report/

Fake text generator is so good its creators don’t want to release full version

By Danny Bradbury

Researchers at Elon Musk’s AI think tank OpenAI have created what amounts to a text version of a deepfake – and it’s too scared for humanity to release the full version.

Its AI writing tool generates reasonable-looking text on a wide range of subjects. It is based on research that the organization did to predict the next word in a sequence of text, it explains in a blog post on the topic. The tool takes a sample piece of text written by a human and then writes the rest of an article, producing dozens of sentences from a single introductory phrase.

The tool doesn’t discriminate between topics. Instead, it uses over 40Gb of text gathered from the internet to help it produce convincing-sounding copy on anything from Miley Cyrus to astrophysics.

The problem is that while the copy sounds convincing, all the facts in it are fabricated. The tool writes names, facts and figures effectively synthesized from something that the system read online. It’s like an electronic version of that old school friend who you regrettably accepted a Facebook invitation from and who now keeps writing bizarre posts with ‘alternative facts’. For example, it takes the following phrase…

A train carriage containing controlled nuclear materials was stolen in Cincinnati today. Its whereabouts are unknown.

…and builds an entire news story around a fictional event. It fabricates a quote from Tom Hicks, who it says is the US Energy Secretary. At the time of writing, that role is occupied by Rick Perry.

Read more at https://nakedsecurity.sophos.com/2019/02/19/openai-too-scared-to-unleash-full-ai-text-generator/

Mega-crackers back with nearly 100 million new stolen data records

By Paul Ducklin

The cracker who recently put 620 million breached records up for sale…

…is back with close to 100 million more, according to reports.

Just over five years ago, we jokingly coined the phrase “one hundred million club”, following Adobe’s then-epic leaking of 150 million records.

Back then, breaches with that many records exposed at the same time were rare.

These days, we frequently hear of breaches that are well above 100 million records, for all that they often involve aggregated breaches of multiple servers and services, possibly collected over many years.

For example, we recently saw Collection #1 hit the underground market, with more than 700,000,000 unique records, closely followed by four more breach collections, imaginatively named Collection #2 to #5, with a further 2.2 billion items.

Read more at https://nakedsecurity.sophos.com/2019/02/18/mega-crackers-back-with-nearly-100-million-new-stolen-data-records/