249 posts categorized "Social Networking" Feed

Facebook Says it Will Stop Allowing Some Advertisers to Exclude Users by Race

Facebook logo [Editor's note: Today's guest post was originally published by ProPublica on November 11, 2016. It is reprinted with permission. This prior post explained the problems with Facebook's racial advertising filters.]

by Julia Angwin, ProPublica

Facing a wave of criticism for allowing advertisers to exclude anyone with an "affinity" for African-American, Asian-American or Hispanic people from seeing ads, Facebook said it would build an automated system that would let it better spot ads that discriminate illegally.

Federal law prohibits ads for housing, employment and credit that exclude people by race, gender and other factors.

Facebook said it would build an automated system to scan advertisements to determine if they are services in these categories. Facebook will prohibit the use of its "ethnic affinities" for such ads.

Facebook said its new system should roll out within the next few months. "We are going to have to build a solution to do this. It is not going to happen overnight," said Steve Satterfield, privacy and public policy manager at Facebook.

He said that Facebook would also update its advertising policies with "stronger, more specific prohibitions" against discriminatory ads for housing, credit and employment.

In October, ProPublica purchased an ad that targeted Facebook members who were house hunting and excluded anyone with an "affinity" for African-American, Asian-American or Hispanic people. When we showed the ad to a civil rights lawyer, he said it seemed like a blatant violation of the federal Fair Housing Act.

After ProPublica published an article about its ad purchase, Facebook was deluged with criticism. Four members of Congress wrote Facebook demanding that the company stop giving advertisers the option of excluding by ethnic group.

The federal agency that enforces the nation's fair housing laws said it was "in discussions" with Facebook to address what it termed "serious concerns" about the social network's advertising practices.

And a group of Facebook users filed a&n class-action lawsuit against Facebook, alleging that the company's ad-targeting technology violates the Fair Housing Act and the Civil Rights Act of 1964.

Facebook's Satterfield said that today's changes are the result of "a lot of conversations with stakeholders."

Facebook said the new system would not only scan the content of ads, but could also inject pop-up notices alerting buyers when they are attempting to purchase ads that might violate the law or Facebook's ad policies.

"We're glad to see Facebook recognizing the important civil rights protections for housing, credit and employment," said Rachel Goodman, staff attorney with the racial justice program at the American Civil Liberties Union. "We hope other online advertising platforms will recognize that ads in these areas need to be treated differently."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Facebook Provides Members With Elections Ballot Previews

The Facebook social networking site introduced on October 28, 2016 a new feature where provides its voting-age users with previews of candidates and questions. The site presented users with the following ad:

Facebook Elections Ballot ad. Click to view larger version

Like other ads in the site, users can disable the ad. Users that select the "Preview Your Ballot" link will see next three pop-up pages which explain the new feature:

Facebook Elections Ballot popup window. Click to view larger version

Then,, users can preview their ballot based upon where they live, which includes national candidates running for office and ballot questions. To view local candidates running for office and local ballot questions, users must provide Facebook with their complete street address:

Facebook Elections Ballot landing page. Click to view larger version

Within the new feature, users can preview information about each candidates: Issue Positions, Endorsements, Recent Posts, and Website. "Issue Positions" links to content within the candidate's Facebook page. The "Endorsements" and "Recent Posts" selections link similar. "Website" links to the candidate's external website. Issue Positions includes the topics you might expect: budget, civil rights, economy, education, energy, environment, foreign policy, guns, health, immigration, infrastructure, military, Social Security, taxes, terrorism, and more.

Why did Facebook introduce this new feature? According to a popup within the feature:

"You're seeing this because you may be in a state that has a voter registration deadline or election coming up. We want to help people have their voice heard in the elections this year, so we're showing this message to people who are old enough to vote - no matter who they support.

We send reminders about voting every now and then. If you'd rather not see these in the future, click or tap the in the top right corner of the reminder and select Hide Reminder, then Hide all voting reminders."

The official Facebook announcement on October 28 said:

"Voting is important... we’re encouraging civic participation. We want to make it easier for people who want to participate to do so, and to have a voice in the political process... Today, we’re introducing a new feature that shows you what’s on the ballot — from candidates to ballot initiatives. We also show you where the candidates stand on the issues...Not all states in America mail out sample ballots ahead of an election. This can make it challenging to find comprehensive information about the questions you’ll be expected to consider when you walk into the voting booth. Thanks to data gathered from election officials by the nonpartisan Center for Technology and Civic Life (CTCL), we can present you with a preview of the ballot you’ll receive on November 8. If you notice an issue with the CTCL data, we’ve built in a way for you to provide feedback and help correct the dataset.

Challenging to find information? What a load of bull. The Internet makes it easy to visit websites for candidates and ballot questions. Plus, information is available at every state. Example: ballot information in Massachusetts is available at websites by the Secretary of the Commonwealth and the City of Boston. Sample ballots were available during the primaries, too. Every state in the Union has a Secretary of State whose website you should visit anyway for elections and other information. Find your state in this list.

I first saw Facebook's new Elections Ballot feature on November 2, 2016 -- five days after the announcement, and less than 6 days before the November 8 Elections Day. You'd think that Facebook would have introduced this feature sooner; ideally, as soon as the main parties had nominated their candidates. Facebook didn't. Not good. And, the feature's availability may be too late for early voters.

What else is happening with this new feature? Several items are worth mentioning. First, executives at Facebook are probably well aware that two-thirds of the site's users get their news at the site. This new feature is clearly an attempt to keep users within the Facebook bubble: increase the amount of time on site and the number of pages viewed within the site.

Second, the accuracy of the new feature is suspect. I have never shared my residential address with Facebook, so the elections feature displayed 4 questions when there are actually 5 where I live. The fifth question is a local ballot iniative. Users like me, who haven't provided street address information, may get a wrong impression of what's on their ballot -- if they fail to read the fine print. And, we know that too many consumers never read the fine print.

Third, the local candidates and ballot questions are a slick way for Facebook to force users to share their residential street address information. Fourth, the new feature is an opportunity to capture users' voting information. Of course, not the official ballots, but the next closest thing. Users can select which candidates are their Favorites and share it with their Friends: people, coworkers, classmates, family, neighbors, and others they are connected to at the site. Favoriting a candidate within this new feature seems like a pretty explicit and accurate proxy instead of an official ballot:

Facebook Elections Ballot. Links to learn about or favorite a candidate. Click to view larger version

Fifth, armed with this ballot information about its users, Facebook can probably charge more to advertisers (e.g., political campaigns, political action committees, pollsters, data brokers) interested in purchasing information about voting populations and/or buying targeted ads at the site. Consider this report by BuzzFeed from November 2014:

"At some point in the next two years, the pollsters and ad makers who steer American presidential campaigns will be stumped: The nightly tracking polls are showing a dramatic swing in the opinions of the electorate, but neither of two typical factors — huge news or a major advertising buy — can explain it. They will, eventually, realize that the viral, mass conversation about politics on Facebook and other platforms has finally emerged as a third force in the core business of politics, mass persuasion.

Facebook is on the cusp — and I suspect 2016 will be the year this becomes clear — of replacing television advertising as the place where American elections are fought and won. The vast new network of some 185 million Americans opens the possibility, for instance, of a congressional candidate gaining traction without the expense of television, and of an inexpensive new viral populism. The way people share will shape the outcome of the presidential election."

It seems that day has arrived. Shape the conversation and outcome, indeed. It's all driven by data -- big data -- data mining.

Sixth, the new feature raises questions and issues for users. Should Facebook know your voting decisions? Does Facebook have a right to know your voting decisions? Has Facebook earned the right to know your voting decisions? Facebook is a money-making enterprise, so it will sell your information to as many other companies as possible. According to the October 28 announcement:

"How you vote is a personal matter, and we’ve taken steps to make sure that you have utmost control over your plan. After you make a selection, you have to choose who you want to be able to see it (“Only me” or “Friends”). For example, you may want to be private about your choice for president, but share with friends your pick for a congressional race or a ballot initiative."

The language in the announcement seems to confusingly refer to the Facebook feature as voting, when it isn't. Do all of your friends need to know your voting preferences? What about friends with Facebook profiles that are open to the general public? In the latter case, anybody wandering in can view your voting information. Is that what you really want?

Not me. What happens in the voting booth stays in the voting booth. I may express concerns on Facebook, but my final vote is private. No doubt, some consumers will share their voting preferences without considering the implications.

I visited the CTCL website and found it underwhelming and lacking key information to uderstand what this organization really is and does. Not good.

What are your opinions of Facebook's new elections and ballot feature?


Facebook Lets Advertisers Exclude Users by Race

Facebook logo [Editor's note: Today's guest post was originally published by ProPublica on October 28, 2016. It is reprinted with permission.]

by Julia Angwin and Terry Parris Jr., ProPublica

Imagine if, during the Jim Crow era, a newspaper offered advertisers the option of placing ads only in copies that went to white readers.

That's basically what Facebook is doing nowadays.

The ubiquitous social network not only allows advertisers to target users by their interests or background, it also gives advertisers the ability to exclude specific groups it calls "Ethnic Affinities." Ads that exclude people based on race, gender and other sensitive factors are prohibited by federal law in housing and employment.

Here is a screenshot of a housing ad that we purchased from Facebook's self-service advertising portal:

Image

The ad we purchased was targeted to Facebook members who were house hunting and excluded anyone with an "affinity" for African-American, Asian-American or Hispanic people. (Here's the ad itself.)

When we showed Facebook's racial exclusion options to a prominent civil rights lawyer John Relman, he gasped and said, "This is horrifying. This is massively illegal. This is about as blatant a violation of the federal Fair Housing Act as one can find."

The Fair Housing Act of 1968 makes it illegal "to make, print, or publish, or cause to be made, printed, or published any notice, statement, or advertisement, with respect to the sale or rental of a dwelling that indicates any preference, limitation, or discrimination based on race, color, religion, sex, handicap, familial status, or national origin." Violators can face tens of thousands of dollars in fines.

The Civil Rights Act of 1964 also prohibits the "printing or publication of notices or advertisements indicating prohibited preference, limitation, specification or discrimination" in employment recruitment.

Facebook's business model is based on allowing advertisers to target specific groups 2014 or, apparently to exclude specific groups 2014 using huge reams of personal data the company has collected about its users. Facebook's microtargeting is particularly helpful for advertisers looking to reach niche audiences, such as swing-state voters concerned about climate change. ProPublica recently offered a tool allowing users to see how Facebook is categorizing them. We found nearly 50,000 unique categories in which Facebook places its users.

Facebook says its policies prohibit advertisers from using the targeting options for discrimination, harassment, disparagement or predatory advertising practices.

"We take a strong stand against advertisers misusing our platform: Our policies prohibit using our targeting options to discriminate, and they require compliance with the law," said Steve Satterfield, privacy and public policy manager at Facebook. "We take prompt enforcement action when we determine that ads violate our policies."

Satterfield said it's important for advertisers to have the ability to both include and exclude groups as they test how their marketing performs. For instance, he said, an advertiser "might run one campaign in English that excludes the Hispanic affinity group to see how well the campaign performs against running that ad campaign in Spanish. This is a common practice in the industry."

He said Facebook began offering the "Ethnic Affinity" categories within the past two years as part of a "multicultural advertising" effort.

Satterfield added that the "Ethnic Affinity" is not the same as race 2014 which Facebook does not ask its members about. Facebook assigns members an "Ethnic Affinity" based on pages and posts they have liked or engaged with on Facebook.

When we asked why "Ethnic Affinity" was included in the "Demographics" category of its ad-targeting tool if it's not a representation of demographics, Facebook responded that it plans to move "Ethnic Affinity" to another section.

Facebook declined to answer questions about why our housing ad excluding minority groups was approved 15 minutes after we placed the order.

By comparison, consider the advertising controls that the New York Times has put in place to prevent discriminatory housing ads. After the newspaper was successfully sued under the Fair Housing Act in 1989, it agreed to review ads for potentially discriminatory content before accepting them for publication.

Steph Jespersen, the Times' director of advertising acceptability, said that the company's staff runs automated programs to make sure that ads that contain discriminatory phrases such as "whites only" and "no kids" are rejected.

The Times' automated program also highlights ads that contain potentially discriminatory code words such as "near churches" or "close to a country club." Humans then review those ads before they can be approved.

Jespersen said the Times also rejects housing ads that contain photographs of too many white people. The people in the ads must represent the diversity of the population of New York, and if they don't, he says he will call up the advertiser and ask them to submit an ad with a more diverse lineup of models.

But, Jespersen said, these days most advertisers know not to submit discriminatory ads: "I haven't seen an ad with 'whites only' for a long time."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Climate Change Denier Feels the Burn

Below is a recent exchange of tweets on Twitter. The blog post continues after the image:

Twitter conversation between astrophysicist and climate change denier

You can read more about the incident here and here. Follow Dr. Katherine J. Mack (@AstroKatie) on Twitter. Can a troll be so stupid as to not know who he is insulting? Like it or not, the realities and consequences of climate change are already happening. Yet, some people seem to insist upon denial... learning the hard way.

I've met climate-change skeptics who, in an attempt to appear informed and reasonable, claimed, "I believe in climate change, but I'm not convinced it is caused by humans." The Union of Concerned Scientists explained how and why we know that today's climate change is primarily caused by humans. That explanation should be mandatory reading by everyone.

Everyone.

Also this month, a conservative radio talk-show host criticized Neil deGrasse Tyson, the Frederick P. Rose Director at the Hayden Planetarium in New York City. Dr. Tyson thoroughly debunked the fact-free criticism. Is it insult-an-astrophysicist month?

Geez.


Pokemon Go: The Good, The Bad, And The Ugly

Pokemon Go mobile game image. Click to view larger version The game's popularity proliferated after a July 6 launch in Australia, New Zealand, and the United States: 7.5 million downloads during its first week; 50 million downloads from Google Play during its first month; and it was WikiPedia's most visited article by mid-July. (View the game's Wikipedia pageviews.) Everyone noticed. Early in July, a former advertising coworker joked on Facebook:

" 'How about we partner with Pokemon Go?' -- Said in every office at every agency for every client this morning."

Probably. The augmented-reality (AR) mobile game requires players to travel real-life streets to find and capture digital characters superimposed on locations and displayed on the screens of players' phones. The game's screens also display PokeStops and gyms, locations superimposed on real-life landmarks. The CNN video at the end of this blog post provides a good summary. The Apple iTunes site explains important game details:

"Search far and wide for Pokémon and items: Certain Pokémon appear near their native environment—look for Water-type Pokémon by lakes and oceans. Visit PokéStops, found at interesting places like museums, art installations, historical markers, and monuments, to stock up on Poké Balls and helpful items... As you level up, you’ll be able to catch more-powerful Pokémon to complete your Pokédex. You can add to your collection by hatching Pokémon Eggs based on the distances you walk... Take on Gym battles and defend your Gym: As your Charmander evolves to Charmeleon and then Charizard, you can battle together to defeat a Gym and assign your Pokémon to defend it against all comers."

Pokemon Go mobile game image with character. Click to view larger version For many players, Pokemon Go has been a nostalgic return to their youth when Pokemon existed in cartoons, video games, and board-games. Some experts have speculated that the game's popularity, as measured by daily active users, may have peaked in the United States.

What do we know so far about the AR game? What has happened since the game's launch? What happens when a mobile fantasy game combines real-life locations? Are non-players affected? What might be the implications for future AR games? I looked for answers, found plenty, and organized my findings into good, bad, and ugly categories -- with apologies to Mr. Leone and Mr. Eastwood.

The Good

Niantic Labs developed the game for Apple iOS and Android devices. Earlier this month, the game debuted in Latin America. Reviewers have cited the game's addictive qualities:

"... Pokemon Go’s game designers have perfectly executed on the “Hook Model” — a framework for gamification and getting users to come back again and again and again."

Advocates have said that the game has gotten gamers off of their couches (e.g., butts) and out into the real world to get exercise, meet people, and explore locations they probably wouldn't have visited otherwise. Sounds good.

Within the game, PokeStops and gyms are located in publicly-accessible locations, such as theme parks, gardens, and museums. This has increased the sales at some nearby, small businesses. IGN reported on July 21:

"Bok Tower Gardens, a “contemplative garden” and National Historic Landmark located in Lake Wales, Fl, is saturated with PokeStops. The non-profit recorded a 10 to 15 percent increase in ticket sales during the first week of Pokemon Go’s release... So far, the only way to become a PokeStop or gym is to send in a request to Niantic Labs, but it isn't likely to be accepted unless the location is one of cultural significance or in a Pokemon Go deadzone."

The Twitter account Pokemon Archaeology catalogs Pokemon sightings in historic locations. The National Park Service (NPS) has welcomed gamers in many of its parks, but not at memorial sites. Some National Parks have featured programs with the game. Earlier this month, the Sleeping Bear Dunes National Lakeshore offered a new program called "Pokemon Hunt:"

"... to connect “Pokemon Go!” with real-world flora and fauna... This interactive, ranger-guided walk will allow visitors to uncover the creatures, both physical and virtual, that can be found within the National Lakeshore. They will learn how these creatures do or do not fit in with the rest of the environment, and what can be done to help them thrive. At the end of the program, visitors will be able to design their own Pokemon. “Trainers” of all ages are welcome."

This summer, the NPS celebrates 100 years of operations. Gamers should check the NPS site to learn about any discounts and programs before visiting a park.

Some local businesses near colleges and universities experienced increased sales from gamers. Minnesota Daily reported:

"Many local Minneapolis businesses have considered, or implemented, special promotions to attract more mobile-gamers. Last week, Sencha Tea Bar in Stadium Village released three special shakes in correspondence with the three color teams of the game — red, yellow and blue — said store manager Josh Suwaratana. Suwaratana said the store does special shakes for other occasions, so the Pokemon shakes weren’t anything out of the ordinary... Sencha is also located next to a Pokestop — a real-life location where players can obtain items in the game. Suwaratana said the proximity to the Pokestop has helped business attract players."

The BBC News reported that the game helped an autistic teenager. Autism Speaks published this perspective by a psychologist:

"... I would encourage parents to seize the opportunity for their children to capitalize on this gaming experience while at the park or when running errands. My advice is not to judge this new gaming experience as all bad and in need of limits. Rather let’s embrace a step toward video games and virtual reality that may one day be tailored to inspiring those we love with autism spectrum disorder (ASD) to leave the house and receive points/rewards/tokens for gathering information from other people they encounter in the store, at work, or at a place of leisure. To me that sounds an awful lot like what I have been trying to get them to do by learning social skills in my office each week..."

To focus the world's attention upon the impacts to citizens and children, activists have added Pokemon characters to images from war zones. C/Net reported on July 26 that Khaled Akil, a Syrian artist:

"... has taken Pokemon Go creatures and Photoshopped them into pictures of his war-torn homeland, presenting a stark contrast between the whimsy of the augmented-reality game and the sobering day-to-day realities of war... In one image, a young boy walks his bike through a street lined by bombed-out buildings, a Vaporeon by his side. In another, a Pikachu rests on a block of rubble next to a burning car... the activist group Revolutionary Forces of Syria Media Office has been tweeting poignant photos of kids holding up printouts of popular Pokemon creatures, along with their locations, which are identified as being near areas of heavy fighting, and the words 'save me'..."

To view photos, follow the links in the C/Net article to Akil's website and Instagram account.

The Niantic Terms of Service policy clearly encourages safe game play and describes players' responsibilities:

"During game play, please be aware of your surroundings and play safely. You agree that your use of the App and play of the game is at your own risk, and it is your responsibility to maintain such health, liability, hazard, personal injury, medical, life, and other insurance policies as you deem reasonably necessary for any injuries that you may incur while using the Services. You also agree not to use the App to violate any applicable law, rule, or regulation (including but not limited to the laws of trespass) or the Trainer Guidelines, and you agree not to encourage or enable any other individual to violate any applicable law, rule, or regulation or the Trainer Guidelines. Without limiting the foregoing, you agree that in conjunction with your use of the App you will not inflict emotional distress on other people, will not humiliate other people (publicly or otherwise), will not assault or threaten other people, will not enter onto private property without permission, will not impersonate any other person or misrepresent your affiliation, title, or authority, and will not otherwise engage in any activity that may result in injury, death, property damage, and/or liability of any kind."

The "Conduct, General Prohibitions, and Niantic’s Enforcement Rights" section of the policy also lists the responsibilities of players, including players will not:

"... trespass, or in any manner attempt to gain or gain access to any property or location where you do not have a right or permission to be..."

So, it is important for players to know their responsibilities. Do they? Keep reading.

The Bad

Foot traffic by gamers in public parks hasn't been all good. Some gamers have ignored local laws and ordinances. WPRI in Providence, Rhode Island reported:

"Members of the East Providence Police Department said “Pokemon Go” has drawn huge crowds of people to local parks after hours... Officers say they have responded to several calls about the crowds. “They are very peaceful, they’re not causing problems, but it is in a public area – in public parks – and people who live in those areas do deserve to have their rest at night,” said Maj. William Nebus of the East Providence Police Department. “Our parks do close at 9 p.m. and just to have 200 people lurking in overnight hours is not peaceful to the residents.”

Law enforcement in Michigan ticketed players with misdemeanors after late-night, 12:30 a.m. game play. Nearby property owners have found players intrusive. There are two implications. First, it's important for players to understand and comply with local town ordinances and hour restrictions. Second, taxpayers will likely absorb the additional costs of park maintenance, clean-up, and law enforcement patrols to address the increased foot traffic in local parks.

It's critical for players to remain alert. In somewhat weird news, a gamer kept playing after being stabbed by a mugger. And a North-Texas teenager was bitten by a venomous snake while playing. In Missouri, criminals staked out known PokeStops and robbed players. A gamer in Riverton, Wyoming found a dead body.

While some gamers play on foot, others drive their vehicles. As you've probably guessed, there have been auto accidents. The Atlanta Journal-Constitution reported:

"A driver, distracted by a Squirtle or a Zubat, caught a tree, instead of a Pokemon. That collision occurred last month in Auburn, N.Y., near Syracuse. A few days later, a 28-year-old driver on a highway near Seattle told officials he was focused on the hunt for Pikachu when he ran into the rear end of a Chevrolet. Another distracted driver in Baltimore smashed into a police car. A parked police car."

Like any game, some gamers play by the rules while others don't. An entertaining video listing the ways players cheat has more than 6.7 million views. Niantic highlighted its policy toward cheaters:

"Your account was permanently terminated for violations of the Pokémon GO Terms of Service. This includes, but is not limited to: falsifying your location, using emulators, modified or unofficial software and/or accessing Pokémon GO clients or backends in an unauthorized manner including through the use of third party software."

Soon after the game's debut, privacy risks were discovered:

"Security researcher Adam Reeve noted that when some users sign into Pokemon Go through Google on Apple devices, they effectively give the game and its developer full access to their Google account; this means, that at least in theory, Niantic... can access players' Gmail-based email, Google Drive based files, photos and videos stored in Google Photos, and any other content within their Google accounts. From a technical perspective, Niantic could potentially send emails on your behalf, or copy and distribute your photos. This is obviously concerning. Perhaps even scarier - and more eye-opening - is that users are accepting such permissions en masse without regard for the risks."

Since then, Niantic and the Pokemon Company notified Engadget that it fixed the bug in a subsequent update. Regardless, the Offensive Privacy blog warned players who have signed up using their Google credentials:

"... to review Google's guide on controlling and revoking app access to your account and check your account to see what permissions the game has. If it still has full access to your Google account, you can simply revoke access, then sign-in to the game again using your Google account. Your data will be safe and you can ensure your Google account is safe as well."

The Offensive Privacy blog offered privacy tips given the game's usage of smartphone cameras:

"While it's a bit outlandish to think that Niantic collects the video streams from every device, it is always a possibility that cannot be completely ruled out. This means anything your camera sees could, in theory, be stored by Niantic... I suggest some common sense tactics that apply to all cameras and video streams when using the AR mode of the game: 1) Never allow the camera to see personal ID such as your license, passport, or other sensitive document; 2) Never let the camera see a license plate or government building. This is especially true for those working in high-security environments; and 3) Avoid letting the camera see street signs, your house, house numbers, etc. It's also possible that metadata could be embedded in the image and made available if the image is shared publicly..."

Regular readers of this blog are already familiar with the privacy issues associated with metadata collection. Some players may be surprised that tips to maintain privacy while playing requires effort.

Yes, security researchers have already found malware embedded in a rogue version of the Pokemon Go app. So, shop wisely at reputable sites and follow these tips to avoid the malware.

One measure of popularity are parodies. There is a porn parody of the game titled, "Poke-mon Ho!" Depending upon your lifestyle, you might categorize this as "good." Yes, the parody reportedly is NSFW. No, I haven't seen it.

The Ugly

Some property owners view the game as inappropriate for their locations. CNN Reported in July:

"The United States Holocaust Memorial Museum and Arlington National Cemetery, both in Washington, DC area, have both issued appeals for players to avoid hunting Pokemon on their sites. "Playing Pokemon Go in a memorial dedicated to the victims of Nazism is extremely inappropriate," said Andy Hollinger, director of communications at the United States Holocaust Memorial Museum in Washington, D.C., in a statement sent to CNNMoney. "We are attempting to have the Museum removed from the game," the statement said... Pokemon Go has a link set up for people to report sensitive locations and contact on its website... According to a statement from The Pokemon Company International and Niantic -- the creators of Pokemon Go -- Pokestops and gyms in the app are found at publicly accessible places. That includes historical markers, public art installations, museums, monuments -- and apparently churches."

I see two problems with the approach the game's developers used. First, the approach seems to have treated all public spaces the same, without considering the unique needs of cemeteries, memorials, and similar places. Game-play isn't appropriate everywhere. Second, Niantic's approach automatically included real-life locations as PokeStops and gyms without first obtaining the property owners' permissions. This approach places the burden on property owners (who aren't players nor participants) to opt-out of the game. Not good. Maybe this was a slick attempt to force property owners to participate. Not good.

Some players have wandered onto nearby private properties. ComputerWorld reported on August 2:

"Jeffrey Marder, a resident of West Orange, N.J., found in the days after the release of the successful augmented reality game Pokémon Go, that strangers, phone in hand, had begun lingering outside his home. At least five of them knocked on Marder’s door and asked for access to his backyard to catch and add to their virtual collections of the Pokémon images, superimposed over the real world, that the game developer had placed at the residence without his permission."

Marder is part of a lawsuit alleging that the game included locations on private properties, without the owners' permissions. The Click on Detroit site reported on August 15:

"Scott Dodich and Jayme Gotts-Dodich, of St. Clair Shores, filed a class action lawsuit against Niantic, The Pokemon Company and Nintendo... The couple lives on a private cul-de-sac and alleges that over several weeks, Pokemon Go players parked their vehicles on their street and blocked driveways. The couple also alleges that players trespassed on lawns, trampled landscaping and peered into windows. The complaint also alleges that when Jayme Gotts-Dodich asked a Pokemon Go player to leave her property, the player told her to “shut up b****, or else... The suit alleges that the intentional, unauthorized placement of Pokestops and Pokemon gyms on or near private property constitutes a continuing invasion of use and enjoyment. Due to the ignored repeated requests for removal, the couple believes that Niantic is liable for nuisance and that all defendants have been unjustly enriched.”

If a disagreement arises between Niantic and a player, that may not be resolved in court in front of a jury of the gamer's peers. The Niantic Terms of Service policy strips gamers of that right:

"ARBITRATION NOTICE: EXCEPT IF YOU OPT OUT AND EXCEPT FOR CERTAIN TYPES OF DISPUTES DESCRIBED IN THE “AGREEMENT TO ARBITRATE” SECTION BELOW, YOU AGREE THAT DISPUTES BETWEEN YOU AND NIANTIC WILL BE RESOLVED BY BINDING, INDIVIDUAL ARBITRATION, AND YOU ARE WAIVING YOUR RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION OR REPRESENTATIVE PROCEEDING."

To opt out of binding arbitration, players must do so within 30 days of sign up. This BoingBong explained how to opt out, and the associated issues. Of course, players should read all game policies in their entirety before sign up. (You did, right?) Regular readers of this blog are familiar with the issues with binding arbitration.

The Future

Given the success so far of Pokemon Go, it seems wise to expect copycats. The Motely Fool speculated:

"Pokemon Go has added a new layer of excitement to a day at Disney World for those who seek that variety of enchantment. Disney is benefiting from the craze, even as non-players shake their heads while swerving around distracted gamers. This also could and should be just the beginning. It's only a matter of time before it rolls out its own augmented-reality app... A Disney app likely also wouldn't include a Pokemon-like battle element, at least not in terms of pitting Pluto against Yoda in combat. However, the Disney gym equivalent could be mini-game stations offering everything from speed Disney trivia matches to Virtual Magic Kingdom-type competitions... There are more than 200 Disney Store locations scattered across North America, and more than 120 overseas. These stores can also serve as character-collecting hubs, giving players a local connection for special events. It would also keep interest active outside of theme park visits..."

You can bet we'll see many more AR games with fantasy or fictional characters; probably with co-marketing agreements between AR games, movies, fast-food restaurants, toy stores, and the few remaining shopping malls. Experts estimate the global AR market to be $117.4 billion by 2022.

It's not just fantasy characters. Experts have estimated the augmented reality and virtual reality market within healthcare to be $2.54 billion by 2020. Hopefully, more games (and other services) will offer in their policies opt-out mechanisms from restrictive binding arbitration clauses.

What are your opinions of Pokemon Go? Of AR games? What advantages and disadvantages have you found? Does the good outweigh the bad?


Microsoft To Buy Social Networking Site LinkedIn For $26.2 Billion

Microsoft logo Microsoft Corporation announced yesterday its plan to purchase the LinkedIn.com social networking site for $26.2 billion, or $196 per share. The Boards of Directors at both companies have approved the transaction. Microsoft will fund the acquisition with additional debt. The high-tech giant explained the acquisition in a blog post:

"LinkedIn is the world’s largest and most valuable professional network and continues to build a strong and growing business. Over the past year, the company has launched a new version of its mobile app that has led to increased member engagement; enhanced the LinkedIn newsfeed to deliver better business insights; acquired a leading online learning platform called Lynda.com to enter a new market; and rolled out a new version of its Recruiter product to its enterprise customers. These innovations have resulted in increased membership, engagement and financial results, specifically:

- 19 percent growth year over year (YOY) to more than 433 million members worldwide,
- 9 percent growth YOY to more than 105 million unique visiting members per month,
- 49 percent growth YOY to 60 percent mobile usage,
- 34 percent growth YOY to more than 45 billion quarterly member page views, and
- 101 percent growth YOY to more than 7 million active job listings."

LinkedIn.com logo 128 million (of the 433 million total) users are in the United States. For 2015, LinkedIn's GAAP (Generally Accepted Accounting Principles) net loss was $166 million. In 2014, the social site lost $15.7 million. The company's Talent Solutions business generates the most revenues, followed by advertising on the site and in the mobile app, and then the site's premium subscription service for memebers.

Microsoft CEO Satya Nadella said In an e-mail to staff:

"This deal brings together the world’s leading professional cloud with the world’s leading professional network... I wanted to share with you how I think about acquisitions overall. To start, I consider if an asset will expand our opportunity — specifically, does it expand our total addressable market? Is this asset riding secular usage and technology trends? And does this asset align with our core business and overall sense of purpose?

The answer to all of those questions with LinkedIn is squarely yes. We are in pursuit of a common mission centered on empowering people and organizations. Along with the new growth in our Office 365 commercial and Dynamics businesses this deal is key to our bold ambition to reinvent productivity and business processes. Think about it: How people find jobs, build skills, sell, market and get work done and ultimately find success requires a connected professional world. It requires a vibrant network that brings together a professional’s information in LinkedIn’s public network with the information in Office 365 and Dynamics. This combination will make it possible for new experiences such as a LinkedIn newsfeed that serves up articles based on the project you are working on and Office suggesting an expert to connect with via LinkedIn to help with a task you’re trying to complete. As these experiences get more intelligent and delightful, the LinkedIn and Office 365 engagement will grow. And in turn, new opportunities will be created for monetization through individual and organization subscriptions and targeted advertising."

LinkedIn went public in 2011. Mashable reported about a possible consolidation in the social networking industry. More sites may be acquired:

"Many of the flashy social networks that Wall Street once fawned over — even if it didn't understand what exactly they do — are now looking for the exit door as the mood sours. LinkedIn, like Twitter and Yelp, has seen its stock obliterated throughout much of the year as social media firms (other than Facebook) are experiencing slower growth, and investors are experiencing less patience... In February, LinkedIn stock was nearly halved overnight after a single disappointing earnings report. The plunge was so severe that the company's CEO had to give a pep talk to his team and later gave away his bonus to employees suffering from financial whiplash... Twitter, arguably the second most anticipated social media IPO after Facebook, has seen its market cap fall to less than $10 billion in recent weeks..."

And, there are three related privacy issues. First, LinkedIn had a massive data breach in 2012, affecting 117 million persons. Hopefully, the acquisition will also help the social networking site improve its data security. If not, the profitability slide will likely continue.

Second, it is important to remember that during any corporate acquisition, the acquiring company gets the assets of the acquired company. Assets usually include databases of information about customers, current employees, former employees, and contractors. If you use LinkedIn or did business with the social site and never did business with Microsoft, then Microsoft will soon have your sensitive personal and payment information.

Third, the acquisition reinforces the impression that Microsoft bought in entirely to big data. Like Google, it wishes to collect as much information as possible about as many people as possible. Big data matters, especially to cloud services vendors.

Agree? Comments?


Social Networking Sites With The Largest Number of News Users

Recently, some friends and I were discussing the wisdom of getting your news from social networking websites (e.g., Facebook, Twitter, Snapchat, Youtube, LinkedIn, etc.) instead of directly from news media sites. Apparently, many consumers get their news from such sites.

The Pew Research Center reported that most adults in the United States, 62 percent, get their news from social networking sites. The corresponding statistic in 2012 was 49 percent. Fewer social media site users get their news from other platforms: local television (46 percent), cable TV (31 percent), nightly network TV (30 percent), news websites/apps (28 percent), radio (25 percent), and print newspapers (20 percent). 

Pew analyzed which social networking sites were used the most for news, and whether consumers used multiple sites to obtain news. The Pew Research Center found:

"Two-thirds of Facebook users (66 percent) get news on the site, nearly six-in-ten Twitter users (59 percent) get news on Twitter, and seven-in-ten Reddit users get news on that platform. On Tumblr, the figure sits at 31 percent..."

The corresponding statistics are 23 percent for Instagram, 21 percent for Youtube, 19 percent for LinkedIn, and 17 percent at Snapchat. The implications:

"Facebook is by far the largest social networking site, reaching 67% of U.S. adults. The two-thirds of Facebook users who get news there, then, amount to 44% of the general population. YouTube has the next greatest reach in terms of general usage, at 48% of U.S. adults. But only about a fifth of its users get news there, which amounts to 10% of the adult population. That puts it on par with Twitter, which has a smaller user base (16% of U.S. adults) but a larger portion getting news there."

About audience overlap, Pew found that most people (64 percent) get their news from one social media site. 26 percent get their news from two social media sites, and 10 percent get their news from three social media sites. Pew also found that more users at Reddit, Twitter, and LinkedIn seek out news versus stumbling across it by accident:

  Percent of news users of each
site who mostly get news online
Social Networking Site While doing
other things
Because they're
looking for it
Instagram 63 37
Facebook 62 38
Youtube 58 41
LinkedIn 46 51
Twitter 45 54
Reddit 42 55

Who are the news users at the five largest social sites with news users? The users vary by site:

"... while there is some crossover, each site appeals to a somewhat different group. Instagram news consumers stand out from other groups as more likely to be non-white, young and, for all but Facebook, female. LinkedIn news consumers are more likely to have a college degree than news users of the other four platforms; Twitter news users are the second most likely."

The demographic data:

Pew-social-news-users

Some of you are probably wondering about Google+ and Pinterest. Pew removed three social media sites because:

"... Pinterest, which has been shown to have a small portion of users who use it for news; Myspace, which has largely transitioned to a music site; and Google+, which through its recent transformations is being phased out as a social networking site."

The survey was conducted from January 12 to February 8, 2016 and included 4,654 respondents (4,339 by web and 315 by mail). The methodology included a randomly-selected subset of U.S. adults (6,301 total web-based persons and 474 total mail persons.


User Reports Facebook Changed Members' Ad Settings Without Notice Nor Consent

If you use Facebook.com, this is for you.

David Carroll, an associate professor of media design at Parsons School of Design, posted the warning below on Twitter. I checked my Facebook settings and this specific advertisement setting had indeed been changed. So, check yours today. It's fast and easy. It will take at most half a minute to check and change it.

What's driving this activity by the social network? The Washington Post summarized the situation well when it discussed new ad features the site introduced in 2014:

"Things are about to get better for Facebook customers! Not you. You are not a Facebook customer. Advertisers are Facebook customers. You are part of the Facebook product... Facebook, at its moneymaking core, is a system for showing ads to people... why we’re seeing this is because Facebook is not a social network. It is an advertising network... And it seems to be banking on what is always banks on: our unwillingness to change any default settings or think about the flip side of data sharing."

Now, go check and restore your ad settings to maintain privacy.

Tweet by David Carroll. Click to view larger version


Emails And Passwords For Sale From The Massive Tumblr Data Breach

Tumblr logo Things seem to be getting worse as Tumbler, a blogging platform Yahoo acquired in 2013. First, Tumblr announced on May 12 a possible data breach, which stated:

"We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo. As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As a precaution, however, we will be requiring affected Tumblr users to set a new password."

That early May announcement directed users to reset their passwords, and use secure https connections. It didn't state the number of affected accounts. Well, now we know more.

Softpedia reported on May 30 that valid Tumblr passwords are available online for sale:

"Independent security researcher Troy Hunt revealed today that he received a data dump that contains 65,469,298 emails and hashed passwords, which the anonymous donor said belonged to Tumblr users. The researcher tracked the data dump to The Real Deal Dark Web marketplace, where a hacker by the name of Peace (also known as Peace_of_mind) is selling it for 0.4255 Bitcoin ($225)..."

That's 65.4 million passwords compromised. A massive breach affecting about one out of every eight Tumblr users. The good news: Tumblr had encyrpted its users' passwords. The bad news: the hackers have broken the encryption. That means Tumblr users probably should, a) change their passwords again, and b) inquire what Tumblr is doing to better protect sensitive information so this doesn't happen again.

It seems that Tumblr's breach detection and security processes are both lacking. Softpedia also reported:

"Peace, the hacker that's selling the data, is the same person that put up for sale the MySpace and LinkedIn data dumps, but also other online services such as Fling.com and the Linux Mint forum."

Hmmm. It seems that several social networking sites need to improve their defenses.


LinkedIn Data Breach Was Larger And Worse Than Consumers First Told. 117 Million Persons Affected

LinkedIn.com logo The 2012 data breach at LinkedIn.com was far larger and worse than originally thought. Motherboard reported:

"A hacker is trying to sell the account information, including emails and passwords, of 117 million LinkedIn users. The hacker, who goes by the name “Peace,” told Motherboard that the data was stolen during the LinkedIn breach of 2012. At the time, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach... The paid hacked data search engine LeakedSource also claims to have obtained the data. Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. Of those, around 117 million have both emails and encrypted passwords."

So, the breach included 167 records affecting as many persons, not 6.5 million. And, 117 million people are at risk now. To make matters worse, hackers have already cracked the encryption method LinkedIn.com used to protect users' passwords:

"The passwords were originally encrypted or hashed with the SHA1 algorithm, with no “salt,” which is a series of random digits attached to the end of hashes to make them harder to be cracked. One of the operators of LeakedSource told Motherboard in an online chat that so far they have cracked “90% of the passwords in 72 hours..."

And, the incident cast doubt on both LinkedIn.com's breach detection methods and the response by the company's executives:

"... LinkedIn spokesperson Hani Durzy told Motherboard that the company’s security team was looking into the incident, but that at the time they couldn’t confirm whether the data was legitimate. Durzy, however, also admitted that the 6.5 million hashes that were posted online in 2012 were not necessarily all of the passwords stolen. “We don’t know how much was taken,” Durzy told me in a phone call. The lesson: For LinkedIn, the lesson is the same as four years ago: don’t store password in an insecure way..."

LinkedIn released a statement yesterday. Relevant portions:

"Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach... For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords... We're moving swiftly to address the release of additional data from a 2012 breach, specifically: We have begun to invalidate passwords for all accounts created prior to the 2012 breach​ that haven’t update​d​ their password since that breach. We will let individual members know​ ​if they need to reset their password. However, regularly changing your password is always a good idea..."

Many people use the LinkedIn.com social site to network with professionals in their field, and find jobs. If you use the site, experts advise consumers to change your password immediately and don't reuse the same password at multiple websites.


Study: Many Sharing Economy Companies Not There Yet On Privacy And Transparency

Uber logo You've probably heard of the term, "sharing economy" (a/k/a digital economy). It refers to a variety of companies that link buyers and sellers online. These companies include taxi-like ride-sharing services (e.g., Uber, Lyft), home sharing services (e.g., Home Away, Airbnb, VRBO), delivery services (e.g., Postmates), and on-demand labor services (e.g., TaskRabbit).

The 2016 "Who Has Your Back?" report by the Electronic Frontier Foundation (EFF) focused upon companies in the sharing economy, and their policies and practices for inquiries by law enforcement. Prior annual reports included social networking websites, email providers, Internet service providers (ISPs), cloud storage providers, and other companies. The EFF observed that companies in the sharing economy:

"... also collect sensitive information about the habits of millions of people across the United States. Details about what consumers buy, where they sleep, and where they travel are really just scratching the surface of this data trove. These apps may also obtain detailed records of where your cell phone is at a given time, when you are logged on or active in an app, and with whom you communicate.

It’s not just the purchasers in the gig economy who have to trust their data to the startups developing these apps. Individuals offering services are users just like the buyers, and also leave behind a digital trail as (or more) detailed than that of the purchasers. From Lyft drivers to Airbnb hosts to Instacart shoppers, people providing services are entrusting enormous amounts of data to these apps... As with any rich trove of data, law enforcement is increasingly turning to the distributed workforce as part of their investigations. That’s not necessarily a bad thing, but we need to know how and when these companies actually stand up for user privacy..."

So, it is sensible and appropriate to evaluate how well (or poorly) these companies protect consumers' privacy and communicate their activities. The EFF found overall:

"Many sharing economy companies have not yet stepped up to meet accepted tech industry best practices related to privacy and transparency, according to our analysis of their published policies. This analysis is specific to government access requests for user data, and within that context we see ample room for improvement by this budding industry... however, some gig economy companies leading the field on this issue...

Regarding ride-sharing companies, the EFF found:

"We analyzed 10 companies as part of this report. Of them, both Uber and Lyft earned credit in all of the categories we examined. We commend these two companies for their transparency around government access requests, commitments to protecting Fourth Amendment rights in relation to user communications and location data, advocacy on the federal level for user privacy, and commitment to providing users with notice about law enforcement requests. These two companies are setting a strong example for other distributed workforce companies... In contrast, another ride-sharing company, Getaround, received no stars in this year’s report."

TripAdvisor logo The EFF also found improvements by home-sharing companies (links added):

"... FlipKey (owned by TripAdvisor) has adopted several policies related to government access of user data. FlipKey requires a warrant for user content or location data and promises to inform users of law enforcement access requests. It is also a member of the Digital Due Process Coalition, fighting for reform to outdated communications privacy law. Of the home sharing companies we reviewed, FlipKey does the most to stand up for user privacy against government demands.

Only two other companies from our research set earned credit in any categories: Airbnb and Instacart, each earning credit in three categories. Both of these companies require a warrant for content, publish law enforcement guidelines, and are members of the Digital Due Process Coalition..."

Airbnb logo The Digital Due Process Coalition (DDPC) seeks reforms to the Electronic Communications Privacy Act (ECPA) because:

"Technology has advanced dramatically since 1986, and ECPA has been outpaced. The statute has not undergone a significant revision since it was enacted in 1986... As a result, ECPA is a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies. ECPA can no longer be applied in a clear and consistent way, and, consequently, the vast amount of personal information generated by today’s digital communication services may no longer be adequately protected. At the same time, ECPA must be flexible enough to allow law enforcement agencies and services providers to work effectively together..."

DDPC members include Adobe, Airbnb, Amazon.com, Apple, AT&T, Dell, Dropbox, eBay, Facebook, IBM, Intel, Lyft, Reddit, Snapchat, and many more well-known brands.

Postmates logo The EFF report also found (links added):

"... half of the companies we reviewed—Getaround, Postmates, TaskRabbit, Turo, and VRBO—received no credit in any of our categories. This finding is disappointing... most of the companies we analyzed were not yet publishing transparency reports. Only two companies in the field—Lyft and Uber—have published reports outlining how many law enforcement access requests they’ve received. As a result, the general public has little insight into how often the government is pressuring gig economy companies for access to user data. This concerns us, as one way to make surveillance without due process worse is to allow it to happen entirely in secret. Publicizing reports of law enforcement access requests can help illuminate patterns of overzealous policing, shine a light on efforts by companies to resist overly broad requests, and perhaps give pause to law enforcement officials who might otherwise seek to grab more user data than they need..."

Read the 2016 EFF "Who Has Your Back?" executive summary, or the full report (Adobe PDF). Kudos to the EFF for providing a very timely and valuable report. What are your opinions.


Facebook Tweaks Its Display Algorithm For Members' News Feeds

Facebook logo If you use Facebook, then you probably know that the social networking site uses a formula, or algorithm to display status messages in users' News Feeds. The site doesn't display all content in your News Feed by your "friends" nor by companies, brands, or groups you follow.

Facebook explained the recent tweak to its display algorithm for users' News Feeds:

"... we ask thousands of people to rate their experience every day and tell us how we can improve what they see when they check Facebook — we call this our Feed Quality Program... we’ve found that there are stories people don’t like or comment on that they still want to see, such as articles about a serious current event, or sad news from a friend. Based on this finding, we previously updated News Feed’s ranking to factor in how much time you spend reading a post within News Feed, regardless of whether you opened the article... we’re learning that the time people choose to spend reading or watching content they clicked on from News Feed is an important signal that the story was interesting to them. We are adding another factor to News Feed ranking so that we will now predict how long you spend looking at an article in the Facebook mobile browser or an Instant Article after you have clicked through from News Feed. This update to ranking will take into account how likely you are to click on an article and then spend time reading it..."

So, the algorithm now uses time spend reading a post to decide what it thinks will be relevant to you -- and then display that. If you don't spend time reading content from a particular source, then Facebook probably won't display it in your News Feed.

Want to see in your News Feed everything your "friends" posted? You can't. Do your "friends" see everything you posted? Nope. To see everything, you'll have to visit the Timeline for each "friend," business, group, or brand you're connected with. To get around this, some users "tag" their friends in the Comments section of status messages so they don't miss something important.

What are your opinions of Facebook's algorithm?


Voter Tracking, Data Collection, Analysis, And Privacy

While the New Hampshire primary and Iowa caucuses have passed, there are many more upcoming primaries this year before the general election in November. These primaries represent data collection opportunities for companies to learn more about voters. Marketplace reported:

"One company is tracking voter characteristics through some likely sources — their phones. Dstillery is a big data intelligence company that sells targeted advertising information about consumers to big companies like Microsoft and Comcast. But in the Iowa primary, the company tried its hand at compiling voter traits... people who loved to grill or work on their lawns overwhelmingly voted for Trump in Iowa... people who watched and supported NASCAR also happened to support Donald Trump and Hillary Clinton..."

Dstillery's has an impressive list of clients: AT&T, Cablevision, Comcast, DirecTV, Hulu, Sprint, T-Mobile, Verizon, Vonage, and many more. If you remember your college statistics classes, then you know that a correlation does not man causation. Things may happen together but it doesn't mean one causes the other. Being a NASCAR fan doesn't mean a voter will vote for certain candidates. Voting for certain candidates does not mean you will be a NASCAR fan.

This "big data" collection is also a reminder of how much we consumers share on social networking sites. All a consumer has to do is "Like" a brand (e.g., NASCAR, one of these top-10 barbeque grills, a particular politician, etc.) on Facebook.com, or "Follow" that brand (or politician) on Twitter and it is pretty easy for a big data intelligence company to collect, analyze, and compare voters preferences. (Facebook knows far more about you than you realize.) Even if you didn't "Like" or "Follow" a brand, the data collection is still pretty easy. All a big data intelligence firm has to do is troll through the metadata attached to photos you took with your phone and posted online: racetracks on Instagram, NASCAR cakes on Pinterest, or whatever else. You get the idea. The metadata attached to your photos recorded where and when you were (e.g., geo-location of the racetrack), the background scene (e.g., stands, pits, etc.), and the people (e.g., emblems on their clothes). This blog post explains what happens when you stop "Liking" posts and comments on Facebook.

The data analysis is also pretty easy because many most of you gave your mobile phone numbers to social networking sites so you could use their mobile apps. Both social networking sites and data brokers have two crucial data elements (e.g., your birth date, your phone number) to match, merge, and purge data about you. So, political campaigns (via data brokers and big data intelligence firms they hire) can understand pretty easily who actually voted, and for whom, at a particular voting location.

Is this a good thing? I guess your answer to that depends upon how much privacy you want associated with your voting activity. What you do within the voting booth may be private, but there are many players performing surveillance outside the booth to reveal what you did in the booth. And, if you aren't careful what you say in front of Internet-of-Things devices installed in your home (e.g., toys, smart televisions, smart speakers or search robots, etc.), then the data collection is probably even more extensive.

Is this a good thing?


Safer Internet Day: Do Your Part

Safer Internet Day 2016 logo Today is Safer Internet Day (SID) #SID2016. This event occurs every year in February to promote safer and more responsible use of online technology and mobile phones, especially among children. This year's theme is:

"Play your part for a better Internet"

There are events in 100 countries worldwide. The European Commission’s Safer Internet Programme started the event, which has continued under the Connecting Europe Facility (CEF). This is the 13th annual event. According to its press release:

"Last year’s celebrations saw more than 19,000 schools and 28 million people involved in SID actions across Europe, while over 60 million people were reached worldwide..."

Hans Martens, Digital Citizenship Programme Manager at European Schoolnet and Coordinator of the Insafe Network said:

“The theme of ‘Play your part for a better internet’ truly reflects how stakeholders from across the world can and should work together to build a trusted digital environment for all. This approach is at the core of the Better Internet for Kids agenda, and we look forward to seeing many exciting onitiatives and collaborations, both on the day of SID itself and beyond."

Sophos, a security firm, described six safety tips for families. That includes learning to spot phishing scams to avoid password-stealing computer viruses and ransomware. Children need to learn how to create strong passwords, and never use these weak passwords. Read about several SID events in California, including teens brainstorming ways to fight online bullying and teens helping adults.

To learn more, watch the video below and then visit SaferInternetDay.org for events in your country.

Or, watch the video on Youtube.


Membership On Social Networking Sites Requires Diligence

Facebook logo Recently, a friend posted this message on Facebook:

"I need advice. I looked in my Facebook notifications and received a notification that someone I don't even know shared my post. I looked at the post on this person's timeline and it has a picture of my female cousin and it has me tagged with her and a caption that she is my wifey with a little wedding ring icon. What??!! What's going on?"

My response with advice:

  1. Review your list of friends and delete people you don't know,
  2. Review the privacy settings on your account. You can set them to provide notice when anyone tags you in a photo. Along with that notice you can approve or decline each photo-tag request,
  3. Go to the existing, offending photos and remove that tag with your name,
  4. Contact offline the person that tagged you in the photo to verify that it was indeed that person. Sometimes, spammers or criminals create bogus accounts pretending to be a friend so they can access your account and steal personal information.
  5. When you contact that person offline, you can ask them not to tag you in any future photos. You have that right. It's your image. If he/she complies, fine. If not, delete them from your friends list,
  6. Make sure all of your posts have the "Friends Only" setting. Facebook will often inherit the "Public" setting on re-posts, which opens you to spammers, criminals, and trolls,
  7. Understand the issues associated with facial-recognition software on Facebook. Zuckerberg and the executives at Facebook have implemented a strategy of "friction-less sharing." That's great for Facebook and not necessarily good for you,
  8. Don't accept new Friend Requests from people you don't know. Finally,
  9. Realize that your information on Facebook is only secure as your friend with the weakest security settings in his/her profile, or none. Those persons probably violate #6.

So, maintaining a presence with privacy on social networking sites requires diligence. If you're not up to the task or don't want to do it, then don't join that social networking site (or delete your account on an existing site). What would you recommend?


Hello Barbie Doll Cited As A Threat At Security Conference

Image of the upcoming Hello Barbie doll. Click to view larger image At a recent cyber-security conference at New York University, a MasterCard executive raised concerns about the WiFi-enabled Barbie doll. The New York Post newspaper reported:

"The chief executive of MasterCard on Friday singled out the $75 Mattel doll as a security threat — the second time the tech-smart Barbie has run into trouble. Ajay Banga said hackers can gain control of Barbie’s voice and then “talk” to a child. The hackers can then win the confidence of the kid and, under certain circumstance, attempt to gain access to your home..."

Regular readers of this blog are familiar with the security issues from Internet-connected toys, such as this doll, which also contain a voice-recognition interfaces. As Banga accurately emphasized, a criminal can hack the toy and ask the child what valuables the family owns, plus when the home will be vacant. Adolescents and toddlers are too young to understand security concepts, what not to disclose to strangers, and when a toy asks inappropriate questions.

Think of it this way, criminals regularly use phone spam to trick adults into revealing sensitive personal and financial information. It would probably be easier to trick young children. With Internet-connected devices in homes, criminals can easily bypass do-not-call registries.

Banga also mentioned that MasterCard is a favorite target of hackers, with 15,000 attempted hacks daily. That reinforces the observation that criminals go where the money is. The newspaper also reported:

"Several of the most prominent names in cybersecurity said during the conference that most people aren’t aware of the growing number of cybersecurity threats that they’re exposed to as manufacturers keep making products that hook up to the Internet. One of the biggest vulnerabilities is the so-called “Internet of things” — everything from TVs to refrigerators to vending machines that automatically connect to the Internet, and then transmit data to another source."


The Most Discussed Topics On Facebook During 2015

Facebook logo What did Facebook members discuss the most during 2015? It wasn't all lolcats, music, selfies, and humor. The social networking giant published its list of most discussed global topics:

  1. U.S. Presidential Election
  2. November 13 Attacks in Paris
  3. Syrian Civil War & Refugee Crisis
  4. Nepal Earthquakes
  5. Greek Debt Crisis
  6. Marriage Equality
  7. Fight Against ISIS
  8. Charlie Hebdo Attack
  9. Baltimore Protests
  10. Charleston Shooting & Flag Debate

Are You A Lab Rat, Social Addict, And Crash Test Dummy? Facebook Acted Like You Are

Facebook logo After unannounced tests in 2014 when Facebook manipulated its customers' news feeds without notice nor consent, users complained bitterly. Well, Facebook has done it again. Either executives at the social networking giant haven't learned from their 2014 experience, or don't care.

This time, the unannounced test included Android app users where Facebook intentionally crashed their apps. Forbes magazine reported:

"Facebook conducted secret tests to determine the magnitude of its Android users’ Facebook addiction, according to a new report published yesterday. Like a bunch of crash test dummies, users of the Facebook app for Android were (several years ago) subject to intentional Facebook for Android app crashes without being informed of the tests. These tests were reportedly conducted so Facebook could determine user resilience to app deprivation–that is, whether users would find ways to use Facebook on their Android devices without the Google Play store app..."

Similarly, the dating service OKCupid irritated its users in 2014 after secret tests. People don't like being treated like lab rats. Ethically-challenged executives don't seem to understand this.

Supposedly, Facebook wanted to know if those Android app users would get replacement apps from other sources, or use the browser interface. Reportedly, Facebook has one billion Android app users. The news article didn't say whether Facebook performed similar tests on Apple iPhone app users. It seems wise to assume so.

The news report didn't mention whether Facebook slowed or manipulated the browser interface to see if users would switch to one of its mobile apps. It seems wise to assume so.

What are your opinions of the secret tests? Is this an acceptable "cost" for a service that promises to remain free?


Those Quizzes On Facebook. How Accurate Are They?

If you use Facebook, then you've probably seen the quizzes. There are dozens of them, and they are popular. You can easily spot them because they have similar titles: "What [blank] are you?" or "Analyze Your [blank]." Invariably, the quizzes collect your personal information, and often that of people you are connected with.

How accurate are these quizzes? Below is a clue, including the results after a user submitted their (unique) profile photo for analysis:

Click to view larger image


Data Breach: Unprotected Online Database Exposed The Sensitive Information Of About 3.3 Million Hello Kitty Users

Hello Kitty logo A security researcher found online a database containing the sensitive information of customers of the Hello Kitty gaming site. Just before the Christmas holiday, C|Net reported:

"Personal information for fans who connect through SanrioTown.com has been sitting openly viewable on the Internet and easily accessible with the click of a mouse, no hack required... SanrioTown.com, designed for fans of Sanrio characters like Hello Kitty, hosts all the accounts for players of a popular game called Hello Kitty Online."

C|Net also reported that the security researcher:

"... showed CNET a sample of the records he saw, which includes a list of usernames, scrambled up passwords, first and last names, genders, birth dates and answers to security questions like "What is your favorite food." In the random sample of 15 records, two appeared to be of minors. Sanrio declined to verify whether the data listed in the sample was from its database. Vickery found the database, he said, while looking for unprotected information on the Internet by searching a website that can find data stored in the cloud."

Reportedly, the database sat open and exposed for about a month. This breach was found by the same security researcher that found earlier in December a flaw in the Mackeeper security software, which exposed the sensitive information of 13 million Apple users. SanrioTown is still investigating its breach, and its users must change both their passwords and security questions.

The Washington Times reported:

"Sanrio Digital, a subsidiary of the Japanese owner of “Hello Kitty,” a popular children’s brand, told Reuters on Tuesday that it patched a security glitch that had affected one of its databases being tipped off by Chris Vickery, a U.S.-based researcher who helps identify and fix vulnerable computer systems... Sanrio has insisted that evidence has so far failed to suggest that anyone other than Mr. Vickery had accessed the database with authorization..."

Reportedly, the breach exposed the following data elements: full names, birthdays, genders, email addresses and related information about 3.3 million account holders. That included information about 186,261 persons under the age of 18. Payment information (e.g., credit cards) was not exposed, according to the SanrioTown security statement.

Two items about this breach need to be highlighted:

  1. The operative phrase in the company's statement is, "that evidence so far..." More evidence may surface later; and
  2. The company did not discover its own database sitting open, unprotected in the wild. An external security researcher found it. That fact does not bode well for the company's security team and data security processes.

What are your opinions of this data breach?