95 posts categorized "Teens/Youth" Feed

The Guardian Site Reviews Documents Used By Facebook Executives To Moderate Content

Facebook logo The Guardian news site in the United Kingdom (UK) published the findings of its review of "The Facebook Files" -- a collection of documents which comprise the rules used by executives at the social site to moderate (e.g., review, approve, and delete) content posted by the site's members. Reporters at The Guardian reviewed:

"... more than 100 internal training manuals, spreadsheets and flowcharts that give unprecedented insight into the blueprints Facebook has used to moderate issues such as violence, hate speech, terrorism, pornography, racism and self-harm. There are even guidelines on match-fixing and cannibalism.

The Facebook Files give the first view of the codes and rules formulated by the site, which is under huge political pressure in Europe and the US. They illustrate difficulties faced by executives scrabbling to react to new challenges such as “revenge porn” – and the challenges for moderators, who say they are overwhelmed by the volume of work, which means they often have “just 10 seconds” to make a decision..."

The Guardian summarized what it learned about Facebook's revenge porn rules for moderators:

Revenge porn content rules found by The Guardian's review of Facebook documents

Reportedly, Facebook moderators reviewed as many as 54,000 cases in a single month related to revenge porn and "sextortion." In January of 2017, the site disabled 14,000 accounts due to this form of sexual violence. Previously, these rules were not available publicly. Findings about other rules are available at The Guardian site.

Other key findings found by The Guardian during its document review:

"One document says Facebook reviews more than 6.5m reports a week relating to potentially fake accounts – known as FNRP (fake, not real person)... Many moderators are said to have concerns about the inconsistency and peculiar nature of some of the policies. Those on sexual content, for example, are said to be the most complex and confusing... Anyone with more than 100,000 followers on a social media platform is designated as a public figure – which denies them the full protections given to private individuals..."

The social site struggles with how to handle violent language:

"Facebook’s leaked policies on subjects including violent death, images of non-sexual physical child abuse and animal cruelty show how the site tries to navigate a minefield... In one of the leaked documents, Facebook acknowledges “people use violent language to express frustration online” and feel “safe to do so” on the site. It says: “They feel that the issue won’t come back to them and they feel indifferent towards the person they are making the threats about because of the lack of empathy created by communication via devices as opposed to face to face..."

Some industry watchers in Europe doubt that Facebook can do what it has set out to accomplish, lacks sufficient staff to effectively moderate content posted by almost 2 billion users, and Facebook management should be more transparent about its content moderation rules. Others believe that Facebook and other social sites should be heavily fined "for failing to remove extremist and hate-crime material."

To learn more, The Guardian site includes at least nine articles about its review of The Facebook Files:

Collection of articles by The Guardian which review Facebook's content policies. Click to view larger version


Federal Reserve Survey of Experiences of Younger Workers

The Federal Reserve Board (FRB) recently released the results of its survey of younger workers ages 18 to 30 with data through 2015. The survey found that younger workers overall:

"... experienced higher rates of unemployment and lower rates of labor force participation than the general population for at least two decades, and the Great Recession exacerbated this phenomenon. Despite a substantial labor market recovery from 2009 through 2014, vulnerable populations—including the nation’s young adults—continue to experience higher rates of unemployment. Changes in labor market conditions, including globalization and automation, have reduced the availability of well-paid, secure jobs for less-educated persons, particularly those jobs that provide opportunity for advancement. Furthermore, data suggest that young workers entering the labor market are affected by a long-running increase in the use of “contingent” or “alternative” work arrangements, characterized by contracted, part-time, temporary, and seasonal work."

Specific findings about younger workers' attitudes:

"In 2015, the majority of young adults (61 percent) are optimistic about their future job opportunities, showing an increase in optimism from 2013 (45 percent)... the likelihood that a young adult is optimistic about future job opportunities increases with higher levels of education... young adults continue to have a strong preference for steady employment (62 percent) over higher pay (36 percent)... Among respondents who prefer steady employment, 80 percent would rather have one steady job than a stream of steady jobs for the next five years...

Most young adults are not sure how their standard of living will compare with their parents’ standard of living. Young adults with at least one parent with a bachelor’s degree (or higher) are more likely to believe their standard of living will be lower than their parents (4 percent) when compared with young adults whose parents have a high school education or less (1 percent)...

Specific findings about younger workers' experiences:

"28 percent of respondents are currently enrolled as students in a certificate or degree program. Most students are enrolled in degree programs... most undergraduate students are identified “nontraditional” because they are over age 23, enrolled in school part time, working full time, and/or financially independent. 10 percent of respondents are “non-completers,” meaning they are not currently enrolled in a certificate or degree program they started... 62 percent of respondents with post-secondary education worked while in school to finance all or part of their most recent education. 52 percent of respondents with post-secondary educational experience have parents that contributed financially to their education. 46 percent of respondents incurred debt to pay for some portion of their education or training...

41 percent of respondents believe they have the level of education and training needed for the type of job that they would like to hold in the next five years... 66 percent of young adults received information about jobs and careers during high school. And, 69 percent of young adults received such information in college...

Less than half (45 percent) of employees work in a career field that is closely related to their educational and training background... Many young adults gained early work experience during high school, college, or both. 53 percent of young adults had a paid job during high school, and 77 percent of young adults had a paid job during college..."

A key takeaway: about 30 percent of young adults did not receive information about jobs and careers in high school nor college. That seems to be an area the educational sector must improve upon.

4,135 potential respondents were contacted for the 2015 survey, and 2,035 completed surveys (49 percent response rate). FRB staff designed the survey, which was administered by GfK, an online consumer research company.

More notable statistics from the survey: about 69 percent of survey respondents have some form of paid employment, up from 60 percent in 2013. 63 percent of employees held a single full-time job during the past year, and 18 percent of employees held multiple full-time jobs during the past year. Profile information about employed younger workers:

"78 percent of employees have a permanent/long-term job... 75 percent of employees in the survey have a full-time job... Among part-time employees surveyed, 49 percent were identified as underemployed, as they are working part time because of economic conditions. Meanwhile, 42 percent of part-time employees prefer part-time work... The percent of young workers who have health insurance increased from 2013 (70 percent) to 2015 (82 percent). Likewise, the percent of young workers who received paid time off for sick leave, holidays, or both from any of their paid jobs increased from 2013 (59 percent) to 2015 (62 percent)...

As adults, 43 percent of employees have formed a new household with their immediate family (i.e., spouse/partner), and 20 percent have formed a new household alone or with a roommate..."

Self-sufficiency is important. The report found:

"... 73 percent of employees are able to cover their monthly household expenses with their household income. Meanwhile, 22 percent of employees report that they are sometimes able to cover their monthly household expenses, and 4 percent are not able to cover their monthly household expenses at all... Among employees who are not able to cover their household expenses some or all of the time, 64 percent reduce their monthly expenses to meet the challenge, 56 percent do not pay some bills, 54 percent borrow money from family, 46 percent use their credit cards, 41 percent use savings, and 16 percent borrow from friends.

A key consideration regarding self-sufficiency is the ability of a household to withstand financial disruptions. Among young workers, the ability to go without a paycheck temporarily improved between 2013 and 2015. The percent of young workers who can pay their living expenses if out of work for four weeks improved from 38 percent in 2013 to 45 percent in 2015..."

The report cited 4 policy implications to address the findings:

  1. Improve Alignment between Education and the Labor Market
  2. Increase Opportunities for Non-degree Education
  3. Provide Assistance and Protections for Workers with Alternative Work Arrangements
  4. Seek Opportunities to Improve Job Growth

There is plenty of information in the 120-page report, which is available at the FRB site and here (Adobe PDF; 1,190.2K bytes).


4 Website Operators Settle With New York State Attorney General For Illegal Tracking of Children

Earlier this month, the Attorney General for the State of New York (NYSAG) announced settlement agreements with the operators of several popular websites for the illegal online tracking of children, which violated the Children's Online Privacy Protection Act (COPPA). The website operators agreed to pay a total of $835,000 in fines, comply with, and implement a comprehensive set of requirements and changes.

COPPA, passed by Congress in 1998 and updated in 2013, prohibits the unauthorized collection, use, and disclosure of children’s personal information (e.g., first name, last name, e-mail address, IP address, etc.) on websites directed to children under the age of 13, including the collection of information for tracking a child’s movements across the Internet. The 2013 update expanded the list of personal information items, and prohibits covered operators from using cookies, IP addresses, and other persistent identifiers to track users across websites for most advertising purposes, amassing profiles on individual users, and serving targeted behavioral advertisements.

The NYSAG operated a program titled "Operation Child Tracker," which analyzed the most popular children’s websites for any unauthorized tracking. The analysis found that four website operators include third-party tracking on their websites -- which is prohibited by COPPA -- and failed to properly evaluate third-party companies, such as advertisers, advertising networks, and marketers. The website operators and their properties included Viacom (websites associated with Nick Jr. and Nickelodeon), Mattel (Barbie, Hot Wheels, and American Girl), JumpStart (Neopets), and Hasbro (My Little Pony, Littlest Pet Shop, and Nerf).

Regular readers of this blog are familiar with the variety of technologies and mechanisms companies have used to track consumers online: web browser cookies, “zombie cookies,” Flash cookies, “zombie e-tags,” super cookies, “zombie databases” on mobile devices, canvas fingerprinting, and augmented reality (which tracks consumers both online and in the physical world). For example, the web browser cookie is a small text file placed by a website on a user’s computer which is stored by the user’s web browser.  Every time a user visits the website, the website retrieves all cookies files stored by that website on the user’s computer. Some website operators shared the information contained in web browser cookies with third-party companies, such as marketing affiliates, advertisers, and tracking companies. This allows web browser cookies to be used to track a user’s browsing history across several websites.

All of this happens in the background without explicit notices in the web browser software, unless the user configures their web browser to provide notice and/or to delete all browser cookies stored. The other technologies represent alternative methods with more technical sophistication and stealth.

The announcement by the NYSAG described each website operator's activities:

"Viacom operates the Nick Jr. website, at www.nickjr.com, and the Nickelodeon website, at www.nick.com... The office of the Attorney General found a variety of improper third party tracking on the Nick Jr. and Nickelodeon websites. These included:

1. Many advertisers and agencies that placed advertisements on Nick Jr. and Nickelodeon websites introduced tracking technologies of third parties that routinely engage in the type of tracking, profiling, and targeted advertising prohibited by COPPA. Viacom considered several approaches to mitigate the risk of COPPA violations from these third parties, including removing adult advertising from a child-directed section of the Nick Jr. website and monitoring advertisements for unexpected tracking... However, Viacom did not timely take either approach and did not implement sufficient safeguards for its users.

2. Some visitors to the homepage of the Nick Jr. website were served behavioral advertising and tracked through a third party advertising platform Viacom used to serve advertisements. Although Viacom considered the homepage of the Nick Jr. website to be parent-directed, and thus not covered by COPPA, the homepage had content that appealed to children. Under COPPA, website operators must treat mixed audience pages as child-directed..."

Mattel logo The NYSAG also found:

"... 26 of Mattel’s websites feature content for young children, including online games, animated cartoons, and downloadable content such as posters, computer desktop wallpaper, and pages for young children to color... The office of the Attorney General found that a variety of improper third party tracking technologies were present on Mattel’s child-directed websites and sections of websites. These included:

1. Mattel deployed a tracking technology supplied by a third party data broker across its Barbie, Hot Wheels, Fisher-Price, Monster High, Ever After High, and Thomas & Friends websites. Mattel used the tracking technology for measuring website metrics, such as the number of visitors to each site, a practice permitted under COPPA. However, the tracking technology supplied by the data broker introduced many other third party tracking technologies in a process known as “piggy backing.” Many of these third parties engage in the type of tracking, profiling, and targeted advertising prohibited by COPPA.

2. A tracking technology that Mattel deployed on the e-commerce portion of the American Girl website, which is not directed to children or covered by COPPA, was inadvertently introduced onto certain child-directed webpages of the American Girl website.

3. Mattel uploaded videos to Google’s YouTube.com, a video hosting platform, and then embedded some of these videos onto the child-directed portion of several Mattel websites, including the Barbie website. When the embedded videos were played by children, it enabled Google tracking technologies, which were used to serve behavioral advertisements.

JumpStart logo Regarding JumpStart, the NYSAG found:

"... several improper third party tracking technologies were present on the Neopets website, both for logged-in users under the age of 13 and users who were not logged-in. These included:

1. JumpStart failed to configure the advertising platform used to serve ads on the Neopets website in a manner that would comply with COPPA. As a result, users under the age of 13 were served behavioral advertising and tracked through the advertising platform.

2. JumpStart integrated a Facebook plug-in into the Neopets website... Facebook uses the tracking information for serving behavioral advertising, among other things, unless the website operator notifies Facebook with a COPPA flag that the website falls is subject to COPPA. JumpStart did not notify Facebook that the Neopets website was directed to children."

Hasbro logo For Hasbro, the NYSAG found:

"... several improper third party tracking technologies were present on Hasbro’s child-directed websites and sections of websites. These included:

1. Hasbro engaged in an advertising campaign that tracked visitors to the Nerf section of Hasbro’s website in order to serve Hasbro advertisements to those same users as they visited other websites at a later time, a type of online behavioral advertising prohibited by COPPA known as “remarketing.”

2. Hasbro integrated a third-party plug-in into many of its websites, that allowed users to be tracked across websites and introduced other third parties that engaged in the type of tracking, profiling, and targeted advertising prohibited under COPPA.

It is important to note that Hasbro participated in a safe harbor program. A website operator that complies with the rules of an FTC-approved safe harbor program is deemed in compliance with COPPA. However, safe harbor programs rely on full disclosure of the operator’s practices and Hasbro failed to disclose the existence of the remarketing campaign through the Nerf website."

The terms of the settlement agreements require the website operators to:

  1. Conduct regular electronic scans for unexpected third party tracking technologies that may appear on their children’s websites. Three of the companies, Viacom, Mattel, and JumpStart will provide regular reports to the office regarding the results of the scans.
  2. Adopt procedures to evaluate third-party companies before they are introduced onto their children’s websites. the evaluation should determine whether and how the third parties collect, use, and disclose, and allow others to collect, use, and disclose, personal information from users.
  3. Provide notice to third parties that collect, use, or disclose personal information of users with information sufficient to enable the third parties to identify the websites or sections of websites that are child directed pursuant to COPPA.
  4. Update website privacy policies with either, a) information sufficient to enable parents and others to identify the websites and portions of websites that are directed to children under COPPA, or b) a means of contacting the company so that parents and others may request such information.

Kudos to the NYSAG office and staff for a comprehensive analysis and enforcement to protect children's online privacy. This type of analysis and enforcement is critical as companies introduce more Internet-connected toys and products classified as part of the Internet of Things (ioT).


Royal Caribbean's Allure Of The Seas: Built For Families

Recently, my family and I sailed on Royal Caribbean cruise line's Allure of the Seas mega-ship from Fort Lauderdale, Florida to destinations in the Caribbean: St, Kitts, St. Thomas (USVI), and Nassau, Bahamas. This was our 26th cruise, so my wife and I have sailed on a variety of cruise lines and ships to many places around the planet. For this 7-night sailing, our daughter, son-in-law, grandchildren (ages 10 and 8), and in-laws joined us.

Our travel agent had arranged TSA Pre-Check boarding for our JetBlue flights, which made travel stress-free and easier. If you travel frequently, the fees for TSA Pre-Check are a no-brainer. We arrived in Fort Lauderdale three days before the ship's departure. We usually arrive early so any flight delays (due to weather or equipment) don't cause us to miss the cruise ship's departure. Experienced travelers know that if you miss the ship's departure, it is the passenger's responsibility (and cost) to catch up with the ship in the next port.

Early arrival in Florida also provided plenty of time to relax poolside at the hotel, explore the departure city, and sample several nearby restaurants. The Crowne Plaza Fort lauderdale Airport/Cruise featured comfortable beds, spacious rooms, and a large, relaxing pool. The main draw for us was the shuttles provided by the hotel both from the airport and to the cruise port.

The boarding process at Port Everglades, the cruise terminal in Fort Lauderdale, was well-organized and easy. We checked our luggage with the porters, and waited for our daughter and her family. When they arrived, we all entered the check-in line, passed through security, and boarded the ship. Our stateroom was ready, so we left our carry-on bags there and explored the ship. We booked an inside stateroom for this sailing, since we expected to spend very little time thee. On prior sailings we've booked outside staterooms (with a larger window) or staterooms with balconies.

The Allure OTS is a mega-ship in the truest definition. At 222,282 tons, it was the largest cruise ship for six years until Royal Caribbean's Harmony of the Seas debuted in May, 2016. Our sailing on July 24 included 6,464 passengers, of which about 1,700 were children under the age of 16. It offers 25 different dining options with a crew of 2,384. Besides the standard dining rooms, the ship offers the Chops Grille American steakhouse, Sabor Taqueria and Tequila Bar, Izumi Hibachi and Sushi, Giovanni's Table Italian restaurant, Starbucks, and a Johnny Rockets hamburger shop.

Royal Promenade. Allure of the Seas. Click to view larger version The ship includes seven "neighborhoods" or areas. Situated indoors and length-wise the cruise ship, the Royal Promenade (Deck 5) features several retail stores, art gallery, a Champagne bar, restaurants, nightclubs with live music, duty-free stores, comedy club, karaoke bar, and the customer service desk. You'll often see children posing for photos with characters from "Shrek," "Madagascar," and other animation films produced by DreamWorks Animation.

View of Carousel. Allure of the Seas. July 2016. Click to view larger version The outdoor Boardwalk (Deck 6), modeled after Coney Island amusement area in New York City, features several retail shops, ice cream and pizza, casual-dining options, a merry-go-round, and the AquaTheatre. I've never seen a merry-go-round on a cruise ship before, and I doubt you have either.

The Pool & Sports Zone (Deck 15) features the H20 Zone water park, several swimming pools, several hot-tubs that easily seat 14 persons each, plenty of deck space with umbrellas to enjoy the sun, several bars for adult refreshments, and guest services to get beach towels. Beach towels are free, but the cruise line will charge you if you don't return it. Also on Deck 15 is the full-size basketball court, miniature golf course, two Flow-Rider surf simulators, and an 82-foot long Zip Line. Lessons are available for the surf simulators.

View of Central Park. Allure of the Seas. July 2016. Click to view larger version Outfitted with 60 trees and about 12,000 plants, the Central Park (Deck 8) is an outdoor park with recorded birds chirping, upscale dining options, shady spots to relax at, and access to the Rising Tide bar. Like an elevator, this bar for adults moves between decks 5 and 8 on a daily schedule. I've never seen a park before on a cruise ship. It is definitely a must-see neighborhood. Since I practice Tai Chi, I asked if there were classes on board. A crew member replied that a group practiced in Central Park at 6:00 am. I thanked her for the tip, and didn't join that group. I was on vacation and rising early was not a priority.

The Vitality Sea Spa & Fitness Center (Deck 6); far larger than fitness centers on other cruise ships, covered two decks and featured plenty of treadmills and exercise equipment. Like other cruise ships, passengers can get their hair done in the salon for formal dinner nights, or experience a a relaxing massage (e.g., full-body,, detox, hot stone, bamboo, etc.) in the spa. There is easy access from the fitness center to the Jogging Track (2.4 laps = 1 mile). You can run, jog, or walk comfortably out of the wind and in the shade.

Flow Rider. Allure of the Seas. Click to view larger version A large portion of the ship is dedicated to children and families. This includes activities in the Adventure Ocean day-camp program, the H2O Zone water park, two 43-foot high rock-climbing walls, two Flow-Rider surf simulators, an 82-foot long Zip Line, the merry-go-round, a 3-D movie theater, a miniature golf course, a full-sized basketball court, an ice-skating rink with shows and open skating, and video arcade. The day camp program provides parents with plenty of opportunities for "couple's time."

For adults, there are several nightclubs with adult entertainment, the Solarium and Solarium Bar (decks 15 and 16), the Casino Royale (Deck 4), and numerous upscale dining options. The Allure Of the Seas truly offers plenty of activities for everyone. If you try to do it all, then you'll probably need a vacation to recover from your cruise vacation.

Rock Climbing Wall. Allure of the Seas. Click to view larger version The Allure of the Seas was refurbished in May, 2015. Several shops, public areas, and the WiFI were upgraded. Royal Caribbean's investment showed. My Internet connection was consistently very fast throughout the entire voyage; unlike other ships. If you seek quiet places on the ship (without music, noise or recorded birds chirping), there are several, including the Card Room (Deck 14), Library (Deck 11), and the Solarium (Decks 15 and 16). If you seek a place away from children, the Solarium is a good choice.

Like other Royal Caribbean cruise ships, the next day's activities are listed in the daily Cruise Compass newsletter, delivered each evening to your stateroom. This newsletter is a handy tool. It also lists discounts and sales in the on-board retail stores, hours of operation of the restaurants and dining options, movies in the cinemas, and the live entertainment daily in the theaters and nightclubs.

Royal Caribbean encourages passengers to make your reservations for dining, shows, and nightclub music performances before you sail. This is one of several new trends in cruise vacations. Many people like it. I don't. It used to be that you could arrive early for any show and walk right in. Now, walk-ins must wait until all guests with reservations are seated first. For me, this mandatory reservations system removes the spontaneity and freedom of deciding what to do based upon how you feel at that moment.

H2O Zone water park. Allure of the Seas. Click to view larger version Overall, I give the Allure of the Seas excellent marks. The ride was very smooth, and most of the time you didn't know you were at sea on a cruise ship. The ship's layout and venues are well organized, and the crew is very professional. Most of the time, I did not realize I was on a ship with 6,464 passengers. About the only time the ship felt crowded was in the Promenade. When the Promenade was crowded, it looked and felt like any land-based shopping mall between Thanksgiving and Christmas holidays. I like to go on cruises to get away from land-based attractions, not replicate them.

If you have sailed on the Allure of the Seas, what was your experience? Which neighborhood on the ship was your favorite?


Pokemon Go: The Good, The Bad, And The Ugly

Pokemon Go mobile game image. Click to view larger version The game's popularity proliferated after a July 6 launch in Australia, New Zealand, and the United States: 7.5 million downloads during its first week; 50 million downloads from Google Play during its first month; and it was WikiPedia's most visited article by mid-July. (View the game's Wikipedia pageviews.) Everyone noticed. Early in July, a former advertising coworker joked on Facebook:

" 'How about we partner with Pokemon Go?' -- Said in every office at every agency for every client this morning."

Probably. The augmented-reality (AR) mobile game requires players to travel real-life streets to find and capture digital characters superimposed on locations and displayed on the screens of players' phones. The game's screens also display PokeStops and gyms, locations superimposed on real-life landmarks. The CNN video at the end of this blog post provides a good summary. The Apple iTunes site explains important game details:

"Search far and wide for Pokémon and items: Certain Pokémon appear near their native environment—look for Water-type Pokémon by lakes and oceans. Visit PokéStops, found at interesting places like museums, art installations, historical markers, and monuments, to stock up on Poké Balls and helpful items... As you level up, you’ll be able to catch more-powerful Pokémon to complete your Pokédex. You can add to your collection by hatching Pokémon Eggs based on the distances you walk... Take on Gym battles and defend your Gym: As your Charmander evolves to Charmeleon and then Charizard, you can battle together to defeat a Gym and assign your Pokémon to defend it against all comers."

Pokemon Go mobile game image with character. Click to view larger version For many players, Pokemon Go has been a nostalgic return to their youth when Pokemon existed in cartoons, video games, and board-games. Some experts have speculated that the game's popularity, as measured by daily active users, may have peaked in the United States.

What do we know so far about the AR game? What has happened since the game's launch? What happens when a mobile fantasy game combines real-life locations? Are non-players affected? What might be the implications for future AR games? I looked for answers, found plenty, and organized my findings into good, bad, and ugly categories -- with apologies to Mr. Leone and Mr. Eastwood.

The Good

Niantic Labs developed the game for Apple iOS and Android devices. Earlier this month, the game debuted in Latin America. Reviewers have cited the game's addictive qualities:

"... Pokemon Go’s game designers have perfectly executed on the “Hook Model” — a framework for gamification and getting users to come back again and again and again."

Advocates have said that the game has gotten gamers off of their couches (e.g., butts) and out into the real world to get exercise, meet people, and explore locations they probably wouldn't have visited otherwise. Sounds good.

Within the game, PokeStops and gyms are located in publicly-accessible locations, such as theme parks, gardens, and museums. This has increased the sales at some nearby, small businesses. IGN reported on July 21:

"Bok Tower Gardens, a “contemplative garden” and National Historic Landmark located in Lake Wales, Fl, is saturated with PokeStops. The non-profit recorded a 10 to 15 percent increase in ticket sales during the first week of Pokemon Go’s release... So far, the only way to become a PokeStop or gym is to send in a request to Niantic Labs, but it isn't likely to be accepted unless the location is one of cultural significance or in a Pokemon Go deadzone."

The Twitter account Pokemon Archaeology catalogs Pokemon sightings in historic locations. The National Park Service (NPS) has welcomed gamers in many of its parks, but not at memorial sites. Some National Parks have featured programs with the game. Earlier this month, the Sleeping Bear Dunes National Lakeshore offered a new program called "Pokemon Hunt:"

"... to connect “Pokemon Go!” with real-world flora and fauna... This interactive, ranger-guided walk will allow visitors to uncover the creatures, both physical and virtual, that can be found within the National Lakeshore. They will learn how these creatures do or do not fit in with the rest of the environment, and what can be done to help them thrive. At the end of the program, visitors will be able to design their own Pokemon. “Trainers” of all ages are welcome."

This summer, the NPS celebrates 100 years of operations. Gamers should check the NPS site to learn about any discounts and programs before visiting a park.

Some local businesses near colleges and universities experienced increased sales from gamers. Minnesota Daily reported:

"Many local Minneapolis businesses have considered, or implemented, special promotions to attract more mobile-gamers. Last week, Sencha Tea Bar in Stadium Village released three special shakes in correspondence with the three color teams of the game — red, yellow and blue — said store manager Josh Suwaratana. Suwaratana said the store does special shakes for other occasions, so the Pokemon shakes weren’t anything out of the ordinary... Sencha is also located next to a Pokestop — a real-life location where players can obtain items in the game. Suwaratana said the proximity to the Pokestop has helped business attract players."

The BBC News reported that the game helped an autistic teenager. Autism Speaks published this perspective by a psychologist:

"... I would encourage parents to seize the opportunity for their children to capitalize on this gaming experience while at the park or when running errands. My advice is not to judge this new gaming experience as all bad and in need of limits. Rather let’s embrace a step toward video games and virtual reality that may one day be tailored to inspiring those we love with autism spectrum disorder (ASD) to leave the house and receive points/rewards/tokens for gathering information from other people they encounter in the store, at work, or at a place of leisure. To me that sounds an awful lot like what I have been trying to get them to do by learning social skills in my office each week..."

To focus the world's attention upon the impacts to citizens and children, activists have added Pokemon characters to images from war zones. C/Net reported on July 26 that Khaled Akil, a Syrian artist:

"... has taken Pokemon Go creatures and Photoshopped them into pictures of his war-torn homeland, presenting a stark contrast between the whimsy of the augmented-reality game and the sobering day-to-day realities of war... In one image, a young boy walks his bike through a street lined by bombed-out buildings, a Vaporeon by his side. In another, a Pikachu rests on a block of rubble next to a burning car... the activist group Revolutionary Forces of Syria Media Office has been tweeting poignant photos of kids holding up printouts of popular Pokemon creatures, along with their locations, which are identified as being near areas of heavy fighting, and the words 'save me'..."

To view photos, follow the links in the C/Net article to Akil's website and Instagram account.

The Niantic Terms of Service policy clearly encourages safe game play and describes players' responsibilities:

"During game play, please be aware of your surroundings and play safely. You agree that your use of the App and play of the game is at your own risk, and it is your responsibility to maintain such health, liability, hazard, personal injury, medical, life, and other insurance policies as you deem reasonably necessary for any injuries that you may incur while using the Services. You also agree not to use the App to violate any applicable law, rule, or regulation (including but not limited to the laws of trespass) or the Trainer Guidelines, and you agree not to encourage or enable any other individual to violate any applicable law, rule, or regulation or the Trainer Guidelines. Without limiting the foregoing, you agree that in conjunction with your use of the App you will not inflict emotional distress on other people, will not humiliate other people (publicly or otherwise), will not assault or threaten other people, will not enter onto private property without permission, will not impersonate any other person or misrepresent your affiliation, title, or authority, and will not otherwise engage in any activity that may result in injury, death, property damage, and/or liability of any kind."

The "Conduct, General Prohibitions, and Niantic’s Enforcement Rights" section of the policy also lists the responsibilities of players, including players will not:

"... trespass, or in any manner attempt to gain or gain access to any property or location where you do not have a right or permission to be..."

So, it is important for players to know their responsibilities. Do they? Keep reading.

The Bad

Foot traffic by gamers in public parks hasn't been all good. Some gamers have ignored local laws and ordinances. WPRI in Providence, Rhode Island reported:

"Members of the East Providence Police Department said “Pokemon Go” has drawn huge crowds of people to local parks after hours... Officers say they have responded to several calls about the crowds. “They are very peaceful, they’re not causing problems, but it is in a public area – in public parks – and people who live in those areas do deserve to have their rest at night,” said Maj. William Nebus of the East Providence Police Department. “Our parks do close at 9 p.m. and just to have 200 people lurking in overnight hours is not peaceful to the residents.”

Law enforcement in Michigan ticketed players with misdemeanors after late-night, 12:30 a.m. game play. Nearby property owners have found players intrusive. There are two implications. First, it's important for players to understand and comply with local town ordinances and hour restrictions. Second, taxpayers will likely absorb the additional costs of park maintenance, clean-up, and law enforcement patrols to address the increased foot traffic in local parks.

It's critical for players to remain alert. In somewhat weird news, a gamer kept playing after being stabbed by a mugger. And a North-Texas teenager was bitten by a venomous snake while playing. In Missouri, criminals staked out known PokeStops and robbed players. A gamer in Riverton, Wyoming found a dead body.

While some gamers play on foot, others drive their vehicles. As you've probably guessed, there have been auto accidents. The Atlanta Journal-Constitution reported:

"A driver, distracted by a Squirtle or a Zubat, caught a tree, instead of a Pokemon. That collision occurred last month in Auburn, N.Y., near Syracuse. A few days later, a 28-year-old driver on a highway near Seattle told officials he was focused on the hunt for Pikachu when he ran into the rear end of a Chevrolet. Another distracted driver in Baltimore smashed into a police car. A parked police car."

Like any game, some gamers play by the rules while others don't. An entertaining video listing the ways players cheat has more than 6.7 million views. Niantic highlighted its policy toward cheaters:

"Your account was permanently terminated for violations of the Pokémon GO Terms of Service. This includes, but is not limited to: falsifying your location, using emulators, modified or unofficial software and/or accessing Pokémon GO clients or backends in an unauthorized manner including through the use of third party software."

Soon after the game's debut, privacy risks were discovered:

"Security researcher Adam Reeve noted that when some users sign into Pokemon Go through Google on Apple devices, they effectively give the game and its developer full access to their Google account; this means, that at least in theory, Niantic... can access players' Gmail-based email, Google Drive based files, photos and videos stored in Google Photos, and any other content within their Google accounts. From a technical perspective, Niantic could potentially send emails on your behalf, or copy and distribute your photos. This is obviously concerning. Perhaps even scarier - and more eye-opening - is that users are accepting such permissions en masse without regard for the risks."

Since then, Niantic and the Pokemon Company notified Engadget that it fixed the bug in a subsequent update. Regardless, the Offensive Privacy blog warned players who have signed up using their Google credentials:

"... to review Google's guide on controlling and revoking app access to your account and check your account to see what permissions the game has. If it still has full access to your Google account, you can simply revoke access, then sign-in to the game again using your Google account. Your data will be safe and you can ensure your Google account is safe as well."

The Offensive Privacy blog offered privacy tips given the game's usage of smartphone cameras:

"While it's a bit outlandish to think that Niantic collects the video streams from every device, it is always a possibility that cannot be completely ruled out. This means anything your camera sees could, in theory, be stored by Niantic... I suggest some common sense tactics that apply to all cameras and video streams when using the AR mode of the game: 1) Never allow the camera to see personal ID such as your license, passport, or other sensitive document; 2) Never let the camera see a license plate or government building. This is especially true for those working in high-security environments; and 3) Avoid letting the camera see street signs, your house, house numbers, etc. It's also possible that metadata could be embedded in the image and made available if the image is shared publicly..."

Regular readers of this blog are already familiar with the privacy issues associated with metadata collection. Some players may be surprised that tips to maintain privacy while playing requires effort.

Yes, security researchers have already found malware embedded in a rogue version of the Pokemon Go app. So, shop wisely at reputable sites and follow these tips to avoid the malware.

One measure of popularity are parodies. There is a porn parody of the game titled, "Poke-mon Ho!" Depending upon your lifestyle, you might categorize this as "good." Yes, the parody reportedly is NSFW. No, I haven't seen it.

The Ugly

Some property owners view the game as inappropriate for their locations. CNN Reported in July:

"The United States Holocaust Memorial Museum and Arlington National Cemetery, both in Washington, DC area, have both issued appeals for players to avoid hunting Pokemon on their sites. "Playing Pokemon Go in a memorial dedicated to the victims of Nazism is extremely inappropriate," said Andy Hollinger, director of communications at the United States Holocaust Memorial Museum in Washington, D.C., in a statement sent to CNNMoney. "We are attempting to have the Museum removed from the game," the statement said... Pokemon Go has a link set up for people to report sensitive locations and contact on its website... According to a statement from The Pokemon Company International and Niantic -- the creators of Pokemon Go -- Pokestops and gyms in the app are found at publicly accessible places. That includes historical markers, public art installations, museums, monuments -- and apparently churches."

I see two problems with the approach the game's developers used. First, the approach seems to have treated all public spaces the same, without considering the unique needs of cemeteries, memorials, and similar places. Game-play isn't appropriate everywhere. Second, Niantic's approach automatically included real-life locations as PokeStops and gyms without first obtaining the property owners' permissions. This approach places the burden on property owners (who aren't players nor participants) to opt-out of the game. Not good. Maybe this was a slick attempt to force property owners to participate. Not good.

Some players have wandered onto nearby private properties. ComputerWorld reported on August 2:

"Jeffrey Marder, a resident of West Orange, N.J., found in the days after the release of the successful augmented reality game Pokémon Go, that strangers, phone in hand, had begun lingering outside his home. At least five of them knocked on Marder’s door and asked for access to his backyard to catch and add to their virtual collections of the Pokémon images, superimposed over the real world, that the game developer had placed at the residence without his permission."

Marder is part of a lawsuit alleging that the game included locations on private properties, without the owners' permissions. The Click on Detroit site reported on August 15:

"Scott Dodich and Jayme Gotts-Dodich, of St. Clair Shores, filed a class action lawsuit against Niantic, The Pokemon Company and Nintendo... The couple lives on a private cul-de-sac and alleges that over several weeks, Pokemon Go players parked their vehicles on their street and blocked driveways. The couple also alleges that players trespassed on lawns, trampled landscaping and peered into windows. The complaint also alleges that when Jayme Gotts-Dodich asked a Pokemon Go player to leave her property, the player told her to “shut up b****, or else... The suit alleges that the intentional, unauthorized placement of Pokestops and Pokemon gyms on or near private property constitutes a continuing invasion of use and enjoyment. Due to the ignored repeated requests for removal, the couple believes that Niantic is liable for nuisance and that all defendants have been unjustly enriched.”

If a disagreement arises between Niantic and a player, that may not be resolved in court in front of a jury of the gamer's peers. The Niantic Terms of Service policy strips gamers of that right:

"ARBITRATION NOTICE: EXCEPT IF YOU OPT OUT AND EXCEPT FOR CERTAIN TYPES OF DISPUTES DESCRIBED IN THE “AGREEMENT TO ARBITRATE” SECTION BELOW, YOU AGREE THAT DISPUTES BETWEEN YOU AND NIANTIC WILL BE RESOLVED BY BINDING, INDIVIDUAL ARBITRATION, AND YOU ARE WAIVING YOUR RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION OR REPRESENTATIVE PROCEEDING."

To opt out of binding arbitration, players must do so within 30 days of sign up. This BoingBong explained how to opt out, and the associated issues. Of course, players should read all game policies in their entirety before sign up. (You did, right?) Regular readers of this blog are familiar with the issues with binding arbitration.

The Future

Given the success so far of Pokemon Go, it seems wise to expect copycats. The Motely Fool speculated:

"Pokemon Go has added a new layer of excitement to a day at Disney World for those who seek that variety of enchantment. Disney is benefiting from the craze, even as non-players shake their heads while swerving around distracted gamers. This also could and should be just the beginning. It's only a matter of time before it rolls out its own augmented-reality app... A Disney app likely also wouldn't include a Pokemon-like battle element, at least not in terms of pitting Pluto against Yoda in combat. However, the Disney gym equivalent could be mini-game stations offering everything from speed Disney trivia matches to Virtual Magic Kingdom-type competitions... There are more than 200 Disney Store locations scattered across North America, and more than 120 overseas. These stores can also serve as character-collecting hubs, giving players a local connection for special events. It would also keep interest active outside of theme park visits..."

You can bet we'll see many more AR games with fantasy or fictional characters; probably with co-marketing agreements between AR games, movies, fast-food restaurants, toy stores, and the few remaining shopping malls. Experts estimate the global AR market to be $117.4 billion by 2022.

It's not just fantasy characters. Experts have estimated the augmented reality and virtual reality market within healthcare to be $2.54 billion by 2020. Hopefully, more games (and other services) will offer in their policies opt-out mechanisms from restrictive binding arbitration clauses.

What are your opinions of Pokemon Go? Of AR games? What advantages and disadvantages have you found? Does the good outweigh the bad?


Social Networking Sites With The Largest Number of News Users

Recently, some friends and I were discussing the wisdom of getting your news from social networking websites (e.g., Facebook, Twitter, Snapchat, Youtube, LinkedIn, etc.) instead of directly from news media sites. Apparently, many consumers get their news from such sites.

The Pew Research Center reported that most adults in the United States, 62 percent, get their news from social networking sites. The corresponding statistic in 2012 was 49 percent. Fewer social media site users get their news from other platforms: local television (46 percent), cable TV (31 percent), nightly network TV (30 percent), news websites/apps (28 percent), radio (25 percent), and print newspapers (20 percent). 

Pew analyzed which social networking sites were used the most for news, and whether consumers used multiple sites to obtain news. The Pew Research Center found:

"Two-thirds of Facebook users (66 percent) get news on the site, nearly six-in-ten Twitter users (59 percent) get news on Twitter, and seven-in-ten Reddit users get news on that platform. On Tumblr, the figure sits at 31 percent..."

The corresponding statistics are 23 percent for Instagram, 21 percent for Youtube, 19 percent for LinkedIn, and 17 percent at Snapchat. The implications:

"Facebook is by far the largest social networking site, reaching 67% of U.S. adults. The two-thirds of Facebook users who get news there, then, amount to 44% of the general population. YouTube has the next greatest reach in terms of general usage, at 48% of U.S. adults. But only about a fifth of its users get news there, which amounts to 10% of the adult population. That puts it on par with Twitter, which has a smaller user base (16% of U.S. adults) but a larger portion getting news there."

About audience overlap, Pew found that most people (64 percent) get their news from one social media site. 26 percent get their news from two social media sites, and 10 percent get their news from three social media sites. Pew also found that more users at Reddit, Twitter, and LinkedIn seek out news versus stumbling across it by accident:

  Percent of news users of each
site who mostly get news online
Social Networking Site While doing
other things
Because they're
looking for it
Instagram 63 37
Facebook 62 38
Youtube 58 41
LinkedIn 46 51
Twitter 45 54
Reddit 42 55

Who are the news users at the five largest social sites with news users? The users vary by site:

"... while there is some crossover, each site appeals to a somewhat different group. Instagram news consumers stand out from other groups as more likely to be non-white, young and, for all but Facebook, female. LinkedIn news consumers are more likely to have a college degree than news users of the other four platforms; Twitter news users are the second most likely."

The demographic data:

Pew-social-news-users

Some of you are probably wondering about Google+ and Pinterest. Pew removed three social media sites because:

"... Pinterest, which has been shown to have a small portion of users who use it for news; Myspace, which has largely transitioned to a music site; and Google+, which through its recent transformations is being phased out as a social networking site."

The survey was conducted from January 12 to February 8, 2016 and included 4,654 respondents (4,339 by web and 315 by mail). The methodology included a randomly-selected subset of U.S. adults (6,301 total web-based persons and 474 total mail persons.


Safer Internet Day: Do Your Part

Safer Internet Day 2016 logo Today is Safer Internet Day (SID) #SID2016. This event occurs every year in February to promote safer and more responsible use of online technology and mobile phones, especially among children. This year's theme is:

"Play your part for a better Internet"

There are events in 100 countries worldwide. The European Commission’s Safer Internet Programme started the event, which has continued under the Connecting Europe Facility (CEF). This is the 13th annual event. According to its press release:

"Last year’s celebrations saw more than 19,000 schools and 28 million people involved in SID actions across Europe, while over 60 million people were reached worldwide..."

Hans Martens, Digital Citizenship Programme Manager at European Schoolnet and Coordinator of the Insafe Network said:

“The theme of ‘Play your part for a better internet’ truly reflects how stakeholders from across the world can and should work together to build a trusted digital environment for all. This approach is at the core of the Better Internet for Kids agenda, and we look forward to seeing many exciting onitiatives and collaborations, both on the day of SID itself and beyond."

Sophos, a security firm, described six safety tips for families. That includes learning to spot phishing scams to avoid password-stealing computer viruses and ransomware. Children need to learn how to create strong passwords, and never use these weak passwords. Read about several SID events in California, including teens brainstorming ways to fight online bullying and teens helping adults.

To learn more, watch the video below and then visit SaferInternetDay.org for events in your country.

Or, watch the video on Youtube.


Membership On Social Networking Sites Requires Diligence

Facebook logo Recently, a friend posted this message on Facebook:

"I need advice. I looked in my Facebook notifications and received a notification that someone I don't even know shared my post. I looked at the post on this person's timeline and it has a picture of my female cousin and it has me tagged with her and a caption that she is my wifey with a little wedding ring icon. What??!! What's going on?"

My response with advice:

  1. Review your list of friends and delete people you don't know,
  2. Review the privacy settings on your account. You can set them to provide notice when anyone tags you in a photo. Along with that notice you can approve or decline each photo-tag request,
  3. Go to the existing, offending photos and remove that tag with your name,
  4. Contact offline the person that tagged you in the photo to verify that it was indeed that person. Sometimes, spammers or criminals create bogus accounts pretending to be a friend so they can access your account and steal personal information.
  5. When you contact that person offline, you can ask them not to tag you in any future photos. You have that right. It's your image. If he/she complies, fine. If not, delete them from your friends list,
  6. Make sure all of your posts have the "Friends Only" setting. Facebook will often inherit the "Public" setting on re-posts, which opens you to spammers, criminals, and trolls,
  7. Understand the issues associated with facial-recognition software on Facebook. Zuckerberg and the executives at Facebook have implemented a strategy of "friction-less sharing." That's great for Facebook and not necessarily good for you,
  8. Don't accept new Friend Requests from people you don't know. Finally,
  9. Realize that your information on Facebook is only secure as your friend with the weakest security settings in his/her profile, or none. Those persons probably violate #6.

So, maintaining a presence with privacy on social networking sites requires diligence. If you're not up to the task or don't want to do it, then don't join that social networking site (or delete your account on an existing site). What would you recommend?


Hello Barbie Doll Cited As A Threat At Security Conference

Image of the upcoming Hello Barbie doll. Click to view larger image At a recent cyber-security conference at New York University, a MasterCard executive raised concerns about the WiFi-enabled Barbie doll. The New York Post newspaper reported:

"The chief executive of MasterCard on Friday singled out the $75 Mattel doll as a security threat — the second time the tech-smart Barbie has run into trouble. Ajay Banga said hackers can gain control of Barbie’s voice and then “talk” to a child. The hackers can then win the confidence of the kid and, under certain circumstance, attempt to gain access to your home..."

Regular readers of this blog are familiar with the security issues from Internet-connected toys, such as this doll, which also contain a voice-recognition interfaces. As Banga accurately emphasized, a criminal can hack the toy and ask the child what valuables the family owns, plus when the home will be vacant. Adolescents and toddlers are too young to understand security concepts, what not to disclose to strangers, and when a toy asks inappropriate questions.

Think of it this way, criminals regularly use phone spam to trick adults into revealing sensitive personal and financial information. It would probably be easier to trick young children. With Internet-connected devices in homes, criminals can easily bypass do-not-call registries.

Banga also mentioned that MasterCard is a favorite target of hackers, with 15,000 attempted hacks daily. That reinforces the observation that criminals go where the money is. The newspaper also reported:

"Several of the most prominent names in cybersecurity said during the conference that most people aren’t aware of the growing number of cybersecurity threats that they’re exposed to as manufacturers keep making products that hook up to the Internet. One of the biggest vulnerabilities is the so-called “Internet of things” — everything from TVs to refrigerators to vending machines that automatically connect to the Internet, and then transmit data to another source."


Smart Devices Create Challenges And Privacy Threats For Consumers

There are plenty of smart devices you can buy online or in retail stores for your smart home: smart televisions, home audio speakers, fitness bands, smart watches, light switches, talking dolls and toys, smart home thermometers, cars with GPS and sensors, drones, and much more. And, your utility company probably uses smart meters to transmit via wireless your usage, instead of paying technicians to visit your home.

Many or most of these devices have hands-free voice controls. That feature provides a huge convenience, but along with it comes the privacy threat that it can (or does) record everything you say... whether you intend it for the device or not.

The Times Union highlighted several problems smart devices create for consumers. The first is the hope that the device manufacturer adequately protects your information from data breaches and thieves:

"You may never know for sure. At best, you can hope the company keeps its promises on privacy. More important, you have to trust that its computer systems are really secure, or those promises are suddenly worthless. That part is increasingly difficult to guarantee — or believe — as hacking becomes routine."

At least one fitness maker already had a substantial data breach. People want to try the new devices to see if and how they might benefit. There's nothing wrong with that. The second problem:

"Every technological benefit comes with a cost in the form of a threat to privacy. Yet not paying that price has its own cost: an inability to participate in some of technology's greater achievements."

There has to be a better way. Consumers should not have a to choose between giving up privacy in order to use smart devices versus living under a rock without smart devices to maintain privacy. What are your opinions?


Data Breach: Unprotected Online Database Exposed The Sensitive Information Of About 3.3 Million Hello Kitty Users

Hello Kitty logo A security researcher found online a database containing the sensitive information of customers of the Hello Kitty gaming site. Just before the Christmas holiday, C|Net reported:

"Personal information for fans who connect through SanrioTown.com has been sitting openly viewable on the Internet and easily accessible with the click of a mouse, no hack required... SanrioTown.com, designed for fans of Sanrio characters like Hello Kitty, hosts all the accounts for players of a popular game called Hello Kitty Online."

C|Net also reported that the security researcher:

"... showed CNET a sample of the records he saw, which includes a list of usernames, scrambled up passwords, first and last names, genders, birth dates and answers to security questions like "What is your favorite food." In the random sample of 15 records, two appeared to be of minors. Sanrio declined to verify whether the data listed in the sample was from its database. Vickery found the database, he said, while looking for unprotected information on the Internet by searching a website that can find data stored in the cloud."

Reportedly, the database sat open and exposed for about a month. This breach was found by the same security researcher that found earlier in December a flaw in the Mackeeper security software, which exposed the sensitive information of 13 million Apple users. SanrioTown is still investigating its breach, and its users must change both their passwords and security questions.

The Washington Times reported:

"Sanrio Digital, a subsidiary of the Japanese owner of “Hello Kitty,” a popular children’s brand, told Reuters on Tuesday that it patched a security glitch that had affected one of its databases being tipped off by Chris Vickery, a U.S.-based researcher who helps identify and fix vulnerable computer systems... Sanrio has insisted that evidence has so far failed to suggest that anyone other than Mr. Vickery had accessed the database with authorization..."

Reportedly, the breach exposed the following data elements: full names, birthdays, genders, email addresses and related information about 3.3 million account holders. That included information about 186,261 persons under the age of 18. Payment information (e.g., credit cards) was not exposed, according to the SanrioTown security statement.

Two items about this breach need to be highlighted:

  1. The operative phrase in the company's statement is, "that evidence so far..." More evidence may surface later; and
  2. The company did not discover its own database sitting open, unprotected in the wild. An external security researcher found it. That fact does not bode well for the company's security team and data security processes.

What are your opinions of this data breach?


Learning Apps Company Confirms Data Breach Affecting 11.6 Million Persons

Vtech logo Earlier today, educational toy maker VTech confirmed a data breach affecting 11.6 million persons. On November 27, Motherboard first reported the breach affecting 5 million parents and 200,000 children. The data breach is larger than first reported by many news organizations.

In its FAQ page, VTech confirmed that on November 14 hackers accessed its customer database:

"... on our Learning Lodge app store customer database and Kid Connect servers. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products.  Kid Connect allows parents using a smartphone app to chat with their kids using a VTech tablet."

The company learned of the data breach on November 24 when a journalist inquired. During its current breach investigation, During its breach investigation, Vtech has temporarily suspended operations at Learning Lodge, the Kid Connect network, and a dozen websites including both PlanetVtech and VSmileLink sites in the US, France, Germany, United Kingdom, and Spain. Vtech's customer data includes the USA, Canada, United Kingdom, Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Latin America, Hong Kong, China, Australia and New Zealand.

The number of persons affected by the breach:

"In total 4,854,209 customer (parent) accounts and 6,368,509 related kid profiles worldwide are affected, which includes approximately 1.2 million Kid Connect parent accounts.  In addition, there are 235,708 parent and 227,705 kids accounts in PlanetVTech. Kid profiles unlike account profiles only include name, gender and birthdate."

The VTech FAQ page also listed the number of breach victims by country. Parent accounts include the following data elements: name, e-mail address, security question and answer for password retrieval, IP address, mailing address, download history, and encrypted password. VTech's customer database does not contain credit card payment information, nor Social Security and similar identification information.

VTech describes itself as a global leader in electronic learning products for children and the world's largest manufacturer of cordless phones. Founded in 1976, VTech is headquartered in Hong Kong and has operations in 11 countries including manufacturing facilities in China. It employs about 30,000 employees, with 1,500 research and development professionals in Canada, Germany, Hong Kong, and China.

Even though customers' passwords were encrypted, VTech advised breach victims to change their passwords anyway, as skilled hackers may break the encryption. This is critical if breach victims used the same passwords, security questions, and security answers at other online sites.

This is not good. Whatever security detection software VTech used needs to be upgraded or replaced. A company should not learn about a breach from a journalist. The data elements stolen are sufficient for criminals to impersonate data breach victims, attempt to break into victims' other online accounts (e.g., banking), and send spam e-mail messages.

Do you or your children use VTech apps, games, or e-books? If so, what breach notifications have you received?


Safe Shopping Tips For the Holidays

The holiday shopping season is here. Experts estimate that consumers will spend about $83 billion. Everyone wants to shop safely and avoid both identity theft and fraud. The California Attorney General's office issued several safe-shopping tips for consumers that are applicable everywhere and not only in California. Some of the items were already covered in this blog, so I added links.

Online

  • Shop at secure websites. Look for https in the website address, or for the yellow lock icon
  • Don't shop online at public WiFi hotspots, such as coffee shops. This can put at risk your payment information (e.g., bank account, credit/debit card numbers, etc.). If you must use a public WiFi hotspot, use encryption software on your mobile device.
  • Do not send personal and payment information in e-mail messages. Legitimate companies won't ask you to do this, since it is an insecure way of transmitting information. Learn to spot package delivery scams.
  • Use reputable websites when booking travel or lodging for trips. However, scammers also insert listings on vacation websites. If the price is too good to be true, it usually is. Learn to spot vacation payment scams.
  • Identity thieves and fraudsters use mobile apps. Before purchasing an app, find and read independent reviews. Also, read the terms of use and privacy policy for the app desired. Download and buy apps only at reputable websites. Use these tips to protect your phone from online crime.
  • If you receive text messages on your phone claiming you have won a prize or gift card, do not click on the link in the message. It probably is a scam and may install a virus on your phone. E-mail scams are common. Learn to spot phishing e-mails. Be wary of e-mails from persons claiming to be a shipping company. These e-mail message often contain attached files that contain computer viruses. Do not open attached files from strangers.
  • Consider using a two-step process to protect your email account and sensitive personal information. For example, after inputting your password, you will then receive a text on your phone, that provides a one-time-use code to sign into your e-mail account. Your e-mail provider has instructions about how to set this up.

In Stores

  • Thieves use handheld scanners and counterfeit credit cards to use gift cards that they do not actually have. Only buy gift cards that are kept behind the store’s customer service counter or activated upon checkout. Before buying the card ask for it to be scanned to show that it is fully valued.
  • Learn to spot and avoid prepaid gift card app fraud.
  • Package theft is happening more frequently. If you do not have a secure area for delivery companies to leave packages, consider requiring a signature for packages, or have your packages held for pickup at a nearby shipping center.

General

  • Review your bank and credit card statements frequently for fraudulent transactions. Contact your bank or card issuers immediately if you see unusual or suspicious transactions.
  • If you receive a phone call from somebody claiming to be your bank or credit card company, who asks you to verify your account information, don't. Instead, ask them for their phone number so you can call them back. Then, call the phone number listed on the back of your credit card.
  • Learn to spot and avoid prepaid card phone scams.
  • Parents and grandparents should be wary of phone calls, e-mails, and social networking posts by scam artists pretending to be a child, friend, or relative stuck in an emergency abroad and needing cash immediately. Scammers try to get the victim to wire cash or disclose sensitive personal and financial information. Don't do this. Before taking any action, verify the health or status of the child, friend, or relative abroad.
  • Use these ten tips for safe vacation travel.

Happy holidays!


Editor's Picks: Cruise Vacations

Considering a cruise ship vacation? Unsure which cruise line is best? Received an offer in the mail> You may find the resources below helpful:

  1. Considering A Cruise Ship Vacation? What Consumers Need To Know
  2. 8 Tips About Cruise Ship Vacations And Cruise Ship Maintenance
  3. Free Cruise Vacation Offer: Legit or Scam?
  4. Cruise Review: Sept. 13 - 27 Viking River Cruise From Amsterdam to Budapest
  5. Massachusetts Attorney General Announced Settlement WIth Travel Company For Pressure Sales And Over-Priced Vacations
  6. Traveling Abroad? New T.S.A. Rules For Inbound Flights To The U.S.A.
  7. 10 Ways To Avoid Identity Theft During Vacation Travel
  8. 7 Tips To Avoid A Rejected Credit Card During Vacation Travel
  9. Traveling Outside The Country? Before You Leave, Notify Your Credit Card Issuer So Your Purchases Aren't Denied
  10. Disney Cruise Ship Child Care Staff Lose Young Child. Frantic Search Ensues

The Internet Of Numerous Needless Things

If you aren't familiar with American culture, a key feature is: more is better. Bigger is better. Got one car? You'd be twice as happy with two cars. Got a $10,000 car? You'd be four times happier with a $40,000 luxury car. Got a 1,000 square-foot home? You'd be five times happier with a 5,000 square-foot mansion. Got a handgun at home? You'd be five times safer with five handguns. This is how we roll in the USA.

And, that cultural attitude applies to mobile devices. An Internet-connected device must be better than one that isn't, right? After all, it's better to live in a "smart home" than a dumb home, right?

A recent New York Times article highlighted several questionable mobile devices. These new Internet-connected gadgets seem fine at first glance, but upon closer inspection don't seem to solve consumer needs; or provide inefficient, clumsy, and costly solutions. Allison Arieff wrote:

"... I was introduced to Leeo, a new product that I initially understood to be a reboot of something really in need of a redesign: the smoke detector. As the designer explained his process, I quickly came to understand that Leeo was nothing of the sort. It was a gadget, a night light that “listens” for your smoke detector to go off and then calls your smartphone to let you know your house might be on fire. So, to “improve” a $20 smoke alarm, the designer opted to add a $99 night light and a several-hundred-dollar smartphone. This is not good design."

I agree. Ms. Arieff proceeds to list several more questionable mobile devices. You can read the descriptions yourself. One of my favorites:

"... Mimo, a smart baby monitor built into a onesie ($199) that takes helicopter parenting to new heights (or lows). Mimo notifies you when your baby wakes up or changes her breathing pattern, body position or skin temperature... When Mimo is connected to other devices in your home and discerns that your baby is stirring, the lights turn on, coffee begins brewing and some Baby Mozart starts playing on the stereo. Given the erratic wake-up times of my child when she was an infant, I can only imagine the delight all this activity might bring to new parents at midnight, 3 and 5:30 a.m."

Anyone who has raised a child knows that an infant's screams efficiently wake up everyone in the home. That's efficient, effective design by Mother Nature. With a mobile onesie, who is in control: the parents or the infant? Geez.

You don't have to look far for more questionable devices. One device that comes to mind is the privacy-busting Hello Barbie doll by Mattel. One person shared his experience attempting to upgrade his apartment to "smart home" status: programmable lighting, sensors, and adjustable shades. He never got the mobile app to work, and found the process far from simple and affordable.

The Internet of Things is here as companies race to connect all of the mobile devices in your home. A 2014 survey found that 69 percent of consumers said privacy was their biggest concern with smart homes. The smart home will include a variety of Internet-connected appliances: televisions, home security systems, refrigerators, washing machines, smart thermostats, trash or recycle bins, and more.

What badly designed mobile devices have you encountered? Please share below.


Location Privacy. Does Your State Allow Warrantless Searches Of Cellphones?

Does your state's laws allow law enforcement to perform warrantless searches for cellphone location data? The American Civil Liberties Union (ACLU) released a report where it researched each state's current laws to determine whether residents' location privacy is protected or not:

"... 18 states now require law enforcement to get a probable cause warrant before obtaining people’s cell phone location information. Six of those states protect both historical and real-time location information from warrantless search... This year alone, legislation was introduced in 17 states. Instead of waiting for Congress or the courts to act, state legislatures are leading the way..."

Metadata about your phone calls reveals who you called, who called you, when the call happened, and how long you talked. Geo-location data reveals your travel patterns: where you went, when you left, when you returned, how long you stayed, places you passed by and didn't enter, and travel patterns (e.g., places you visit frequently and/or at certain times or on certain days).

The report included what's known (so far) about stingrays, the technology using fake cellular phone towers to spy and collect your phone usage and geo-location data:

"... New Hampshire has joined the ranks of states offering full probable-cause warrant protection to both historical and real-time cell phone location information. The Washington legislature unanimously passed a law requiring a warrant for use of “StingRay” cell phone tracking equipment, and Virginia enacted a similar law."

You can browse the report to read detail about the laws (or lack thereof) in the state where you live. For example, the state where I live:

ACLU report on warrantless search laws by state. Massachusetts. Click to view larger version

Besides stingrays, the use of other technologies threaten consumers' location privacy. The ACLU of Southern California and the Electronic Frontier Foundation (EFF) asked the California Supreme Court to review their lawsuit seeking access to automated license plate-reader (ALPR) data collected by the Los Angeles Police and Sheriff’s Departments. The EFF said in July:

"This case has significant precedential impact, setting a troubling standard allowing police to keep these records and details of its surveillance of ordinary, law-abiding citizens from ever being scrutinized. The appeals court ruling may apply not only to records collected with license plate cameras, but to data collected using other forms of automatic and indiscriminate surveillance systems, from body cameras and dash cameras to public surveillance cameras and drones. Without access to these records, we can’t ensure police accountability."

The case started in 2012 when local law enforcement refused to disclose ALPR data after the EFF filed a public records request:

"... cameras mounted on patrol cars and at fixed locations around the city and county of Los Angeles. ALPRs automatically take a picture of all license plates that come into view and record the time, date, and location where the vehicle was photographed. Because the agencies store the data for two to five years, they have been able to collect a massive amount of sensitive location-based information on mostly innocent Los Angeles residents..."

Reportedly, the reasons given by local law enforcement agencies:

"The agencies refused to turn over the records, claiming they could withhold the millions of license plate data points as “records of law enforcement investigations,” which are exempt from public review under the California Public Records Act. Incredibly, they argued that all drivers in Los Angeles are under criminal investigation at all times—whether or not the police suspect them of being involved in any criminal activity. The ACLU has estimated that as many as 99.8% of the vehicles photographed by ALPR cameras are never linked to any ongoing criminal investigation..."

Sadly, both the trial and appeal courts sided with the law enforcement agencies. So, the threat to consumers is two-fold: a) collection of law-abiding citizens without notice nor consent, and b) lack of accountability of government surveillance programs that could extend into more technologies such as body cameras.

Last, all of this does not minimize nor condone surveillance by corporations, which is arguably more extensive than government surveillance. Terms such as behavioral advertising, geo-fencing, and targeted advertising are often used to describe private-sector surveillance, with vague promises of relevant advertising benefits. At the end of the day, surveillance is surveillance; tracking is tracking. Many law enforcement and spy executives have probably looked at the extensive private-sector surveillance with weak consumer protections and concluded, "if they can do it, so should we."

View the ACLU report and status of warrantless search laws in your state.


Reddit Shuts Down Racist Communities

Reddit logo Mashable reported that Reddit, a social networking, entertainment, and news website where registered users submit content:

"...  banned at least half a dozen offensive communities that focus on racist content or "animated" child pornography, marking the biggest one-day purge of groups on the social news service to date. The names of the newly banned groups speak for themselves: Coontown, WatchNiggersDie and CoonTownMeta. The bans coincide with the introduction of a new content policy for Reddit, which aims to provide a clearer set of guidelines for what the company considers to be acceptable posts..."

The new content policy prohibits content that is illegal, promotes violence, threatens or harasses others, bullies others, is personal and confidential information, is spam, and impersonates others in a misleading or deceptive manner.

Good. This was long overdue.


Survey: Almost Half Of Respondents Are Concerned About Data Breaches At Health Care Providers

There have been several high-profile data breaches recently at health care providers. You've probably heard about them, including the massive breach at Anthem that affected 80 million patients. Earlier this month, Software Advice released the results of an online survey. It found:

"...45 percent of patients surveyed are “very” or “moderately concerned” about a security breach (which we defined as their medical records and/or insurance information being accessed without their consent, and potentially resulting in identity theft). We also asked the 45 percent who are very or moderately concerned to list the reasons behind their level of concern... The highest percentage of respondents (47 percent) say they are concerned about becoming the victim of fraud or identity theft."

When criminals use stolen health care credentials, it is usually to gain access to expensive treatments under the victim's name, and/or to gain access to prescription drugs. The victims are often liable for any co-payments. Experts warn that resolving medical identity fraud can be costly, time, consuming and require plenty of effort and expertise since the victim's medical records have been corrupted with the thief's medical and health information.

The researchers surveyed 243 people. The survey explored how patients' security concerns affect their relationships with their physicians:

"... we asked respondents whether data security concerns lead them to withhold personal health information from their doctors. We defined “personal health information” as including their own (or their family’s) prescription, mental illness and substance abuse history. While the majority of our sample (79 percent) say this “rarely or never” happens, it is significant (and unfortunate) that 21 percent of patients withhold personal information from their physicians specifically because they are concerned about a security breach."

That equals one in every five patients withholding personal information. And, there's more. Many patients fail to read the privacy notices from their physicians or health care providers:

"... we wanted to see how many actually read the Notice of Privacy Practices (NPP) at their doctors’ offices. NPPs are written explanations of how a provider may use and share health information, and how patients can exercise their privacy rights. Patients usually get NPPs (which typically look like this) during their first visit to a health care provider. HIPAA requires NPPs be presented to all patients, but patients do not necessarily have to read or sign the forms. In fact, 44 percent of our sample tell us they “rarely or never” read NPPs all the way through before signing, and 3 percent simply “never sign” them."

The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act are laws enacted to protect patients' privacy and medical information. The HIPAA law specifies which health care providers and entities (e.g., "covered entities," "business associates," "subcontractors") are required to comply with HIPAA privacy and data security requirements. The U.S. Department of Health & Human Services (HHS) federal agency operates the official HIPAA privacy web site.

So, too many consumers (and especially teenagers) have a bad habit of ignoring privacy policies at health care providers, just as they ignore privacy policies at websites in general. (Granted, the legalese makes most privacy policies difficult to understand. And, many mobile app developers avoided publishing privacy policies, until forced to do so.) That must change because consumers are only hurting themselves.

Another key finding from the survey:

"... 54 percent of respondents say they would be “very” or “moderately likely” to change providers as a result of their personal health information being accessed without their permission. Digging deeper, we asked patients in that 54 percent if there would be anything their provider could do to retain them in spite of a breach... While 28 percent say there is nothing their provider could do that would convince them to stay, the greatest percentage of our respondents (37 percent) would stick with their doctor if they provided specific examples of how the practice’s security policies and procedures had improved after the breach."

Patients were especially likely to switch health care providers if the breach was caused by staff members. Good. It's one way to hold health care providers accountable when they fail to protect patients' sensitive medical information. And, good data security and privacy makes for good health care practices. After a data breach, it is even more important for health care providers to perform explicit actions to regain patients' trust.

Informed consumers know that their medical information is very valuable to criminals. How valuable? The Pittsburgh-Post Gazette reported:

"The value of personal financial and health records is two or three times [the value of financial information alone], because there’s so many more opportunities for fraud... Combine a Social Security number, birth date and some health history, and a thief can open credit accounts plus bill insurers or the government for fictitious medical care... Hackers also can comb through clinical information, looking for material to blackmail wealthy or powerful patients..."

The newspaper described the troubling history and increasing number of data breaches in the health care industry:

"In 2011 and 2012, combined, there were 458 big breaches involving a total of 14.7 million people, according to the federal Department of Health and Human Services. In 2013 and 2014, there were 528 involving 19 million people. Around 10 percent of breaches stem from hacking, while around half are physical thefts of records or computers. The rest are inadvertent losses, unauthorized disclosures or improper disposals of health information."

You can browse details about many of those breaches in this blog. Select "Medical Fraud" or "Health Care/EHR" in the categories tag cloud on the right.

Another privacy threat for consumers is when non-covered entities, like social networking websites and fitness apps, collect medical and health information. Consumers don't realize that they share personal medical information with non-covered entities, they lose HIPAA privacy and data security protections.

Who are these non-covered entities? The Privacy Right Clearinghouse website provides a good description of HIPAA Basics, including:

"Here are just a few examples of those who aren’t covered under HIPAA but may handle health information: life and long-term insurance companies; workers' compensation insurers, administrative agencies, or employers (unless they are otherwise considered covered entities); agencies that deliver Social Security and welfare benefits; automobile insurance plans that include health benefits; search engines and websites that provide health or medical information and are not operated by a covered entity; marketers; gyms and fitness clubs; direct to consumer (DTC) genetic testing companies; many mobile applications (apps) used for health and fitness purposes; those who conduct screenings at pharmacies, shopping centers, health fairs, or other public places for blood pressure, cholesterol, spinal alignment, and other conditions; certain alternative medicine practitioners; most schools and school districts; researchers who obtain health data directly from health care providers; most law enforcement agencies; many state agencies, like child protective services; courts, where health information is material to a case"

So, the next time you hear a corporate apologist claim that breaches at health care providers don't matter, you now know how ridiculous that claim is. Breaches matter to patients. Hence, they matter. Period. No excuses. If health care entities archive data in cloud services, they'd better protect it and commit sufficient resources. Smart health care providers listen to their patients' needs. Woe to those that don't.

What are your opinions of the survey?