Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

June 05 2013

Phishing in Facebook’s Pond

A recent blog post inquired about the incidence of Facebook-based spear phishing: the author suddenly started receiving email that appeared to be from friends (though it wasn’t posted from their usual email addresses), making the usual kinds of offers and asking him to click on the usual links. He wondered whether this was a phenomenon and how it happened — how does a phisherman get access to your Facebook friends?

The answers are “yes, it happens” and “I don’t know, but it’s going to get worse.” Seriously, my wife’s name has been used in Facebook phishing. A while ago, several of her Facebook friends said that her email account had been hacked. I was suspicious; she only uses Gmail, and hacking Google isn’t easy, particularly with two-factor authentication. So, I asked her friends to send me the offending messages. It was obvious that they hadn’t come from my wife’s account; they were Yahoo accounts with her name but an unrecognizable email address, exactly what this blogger had seen.

How does this happen? How can a phisher discover your name and your Facebook friends? I don’t know, but Facebook is such a morass of weird and conflicting security settings that it’s impossible to know just how private or how public you are. If you’ve ever friended people you don’t know (a practice that remains entirely too common), and if you’ve ever enabled visibility to friends of friends, you have no idea who has access to your conversations.

The day I read this post, I also read about Facebook’s deal with Acxiom and other information vendors. If you know anything about Acxiom, you know that they’re one of the biggest brokers of personal data in the country. Acxiom’s data is supposedly “anonymized,” but if you know anything about data de-anonymization, and how much easier de-anonymization becomes when you have access to multiple data sources, you know that’s not much comfort. As Jeff Jonas has pointed out, given sufficient data and a few pieces to the puzzle, it’s easy to locate, say, the Turkish guy who lives near the O’Reilly employee in Connecticut. If you’ve never searched for yourself online, you should; you’ll be surprised what’s known about you.

Facebook is buying data, not selling it, and they would certainly argue that there’s no way someone reading Facebook pages could reverse-engineer the information that they’ve bought from Acxiom. I’m not so certain, particularly given Facebook’s history as a company that pushes the limits, then apologizes, and adds even more arcane security settings. It’s not as if personal information hasn’t leaked out many times over the years, going back to a surprise marriage proposal that was spoiled when Facebook told the groom’s friends that he had just bought an engagement ring. Facebook is trying to build a legit ad placement business on top of their social graph, but in doing so, have they inadvertently built the greatest asset for cybercrime that the world has ever seen?

The issue isn’t that Facebook will be phishing you themselves. It’s that your Facebook pages will be scraped, whether Facebook likes it or not, and all the data that can be extracted about you will be in the phisher’s hands. The recent phishes that I’ve seen have been primitive. It’s fairly easy to look at a message that says “Hey, Mike, lower your credit card rate” and realize that it’s spam, even if it looks like it came from one of your friends. But that’s not the end of the road. It’s not hard to craft a message that really looks like it came from a friend, and offers you something that you might genuinely be interested in. Such a message might refer to things you’ve said online or know facts that you’ve only shared with friends. At that point, it’s much harder to resist. And we’re not necessarily talking about phishes trying to sell bogus credit card services: we’re talking about attempts to get at corporate data (“Hey, Mike, who’s going to be in the 10 a.m. meeting tomorrow? I’ve forgotten. BTW, loved your Radar post on Facebook”), other personal data, passwords, etc. And any message that can be crafted by humans could, without too much work, be generated by machines.

Our future will inevitably include lots of carefully personalized, machine-generated spam; that spam might be so good that it will be indistinguishable from a message you might legitimately receive from a friend. And that’s not going to be pleasant.

January 24 2013

Commerce Weekly: Analytics for people, the next big thing in retail

Here are a few stories that caught my attention in the commerce space this week.

New trend in retail customer tracking: Smartphone Wi-Fi

my wifi hotspot is cooler than yours, on Flickrmy wifi hotspot is cooler than yours, on FlickrDan Tynan posted a two-part series (here and here) on IT World this week looking at growing trend of retail Wi-Fi tracking — retailers keeping track of you via your smartphone as you shop, much like online retailers keep track of your movements across the Internet. Tynan explains how they’ll do it:

“When you come within range of a properly configured Wi-Fi access point, it can record the wireless MAC address of your phone — a unique 12-digit number. Every time you pass by, that AP can log that number. … Think of it as Google Analytics for people; instead of measuring Web traffic, they’re measuring foot traffic.”

Tynan takes a look at Euclid Analytics’ software, which works with tracking device systems to help stores gather data on customers, from which aisles they spend time in to how many times they’ve visited the store to which locations they frequent. “[T]hey can even track people who walk by the store every day but never go in,” Tynan writes, “or [know] if more people enter after a window display is changed.” He notes that Euclid gathers data anonymously and in aggregate, storing the MAC address “in a one-way hash, so nobody can go backwards and figure out your actual MAC address,” but that the minute a shopper swipes a credit card, all anonymity is lost, at least as far as connecting a particular phone to a particular purchase.

Once an identity is linked to a MAC address, “all kinds of fun things can happen,” Tynan reports — retailers could text you as you walk by their stores in the mall and offer discounts or coupons to lure you inside, connect your in-store data to your online data for even deeper analysis, or even sell your data to someone else. He explores some of the privacy concerns and scenarios in his first piece and talks with Euclid Analytics director of marketing John Fu for some context in his second piece. Fu says their technology is — purposefully — not as Big Brother as it sounds:

“There are some powerful and potentially scary things you could do with this data if you wanted to, but I want to clarify that we are not doing any of those things. We anticipated these scenarios and came up with ways to prevent them from happening.”

In addition to creating a one-way hash for a customer’s MAC address, Euclid requires retailers to contractually agree “to not combine the behavioral data they collect with information they have about an individual’s identity,” and the company also “salts its data with a ‘statistically insignificant’ number of fictional customers” to further prevent customer identification, Tynan reports. He takes an in-depth look at some real world examples of Euclid’s use in retail locations and their efforts to protect consumer privacy, but also notes that “Euclid is only one of a half dozen companies using different techniques to help retailers track shoppers, most of which don’t bother to tell you.” You can read his complete report at IT World — part one, part two.

Payleven gets investment boost in pursuit of Square-like success

Europe’s Square-like mobile payments platform Payleven announced a new funding round — and a new mystery investor — this week. Ingrid Lunden reports at TechCrunch that “neither the exact funding figure, nor the investor, have been disclosed — except to note that the value is in the ‘high single-digit millions’ of dollars, and that it is ‘largely’ from the new backer.” Along with the funding round announcement, Lunden reports, Payleven also confirmed reports of a group of backers who invested “double-digit millions” last year: New Enterprise Associates, Holtzbrinck Ventures, ru-Net and Rocket Internet.

Lunden says Payleven, which has launched in Germany, the Netherlands, Italy, the UK, Poland and Brazil, still hasn’t disclosed its number of users, but a company spokesperson told her the new funding will be used to build out current markets and to continue Payleven’s international push.

Back stateside, Fast Company’s Austin Carr took a look at what’s making Square successful in the U.S. — and now Canada. Carr writes that part of Square’s success stems from an atmosphere of collaboration geared toward problem solving and a blurring of the lines between engineering and design teams. Square CTO Bob Lee told Carr:

“We’re not just a design company; we’re not just an engineering company. We’re strong in both areas — we need to be. … From an engineering perspective, design is not just about how something looks, but about how something works. We look at reliability, robustness, and performance as features of the design.”

Carr takes an in-depth look at how the company’s teams foster a high level of collaboration through weekly town square meetings, “where everyone from engineers to PR workers can show off their latest projects;” through the design team’s weekly creative reviews, where all work is pinned up and presented gallery-style for all designers to peruse and comment; and through internal education. He also looks at Jack Dorsey’s leadership style and how he manages to make credit card processing, receipts and point-of-sale systems “whimsical and interesting.” You can read Carr’s full report at Fast Company.

NFC’s real role in mobile commerce: Consumer engagement

Mark Bonchek argued this week at Harvard Business Review that the potential for NFC technology in mobile phones goes way beyond payments. “It has the potential to, as no technology before, bridge the gap between virtual and real,” he writes. Bonchek offered up the example of Kraft Foods’ pilot program, which tested consumer responses to an NFC marketing campaign:

“In select grocery stores, small signs were placed on shelves in front of Kraft cheese and Nabisco cookie brands. The signs invited consumers to get recipes, download a mobile app, or share with friends. Consumers could either tap with an NFC-enabled device or snap a QR code — up to now the main technology for linking mobile devices to physical displays. The results were quite remarkable. People were 12 times more likely to tap than snap. Considering that the ratio of QR to NFC-enabled phones is currently about 10 to 1, this means tapping was 120 times more engaging than snapping.”

The level of engagement wasn’t simply the result of novelty, Boncheck reports. Data from the pilot showed that 36% of the people who tapped the sign “converted it into action, whether saving a recipe, downloading the Kraft app or sharing with friends, etc.” Boncheck also notes that consumers who tapped the sign spent 48 seconds engaged in the experience, as opposed to the standard five to 10 seconds of normal brand engagement at the shelf.

Boncheck looks at several advantages NFC wields over current technology and notes that though it won’t happen overnight, “the ability to make the real world clickable holds great promise. … Taps are the new clicks.” You can read his full report at Harvard Business Review.

Photo: my wifi hotspot is cooler than yours by woodleywonderworks, on Flickr

Tip us off

News tips and suggestions are always welcome, so please send them along.

Related:

December 26 2012

Big, open and more networked than ever: 10 trends from 2012

In 2012, technology-accelerated change around the world was driven by the wave of social media, data and mobile devices. In this year in review, we look back at some of the stories that mattered here at Radar and look ahead to what’s in store for 2013.

Below, you’ll find 10 trends that held my interest in 2012. This is by no means a comprehensive account of “everything that mattered in the past year” — try The Economist’s account of the world in 2012 or The Atlantic’s 2012 in review or Popular Science’s “year in ideas” if you’re hungry for that perspective — but I hope you’ll find something new to think about as 2013 draws near.

Social media

Social media wasn’t new in 2012, but it was bigger and more mainstream than ever. There were some firsts, from the first Presidential “Ask Me Anything” on Reddit to the first White House Google Hangout on Google Plus to presidential #debates to the first billion-user social network. The election season had an unprecedented social and digital component, from those hyperwired debates to a presidential campaign built like a startup. Expect even more blogging, tweeting, tumbling, streaming, Liking and pinning in 2013, even if it leaves us searching for context.

Open source in government

Open source software made more inroads in the federal government, from a notable policy at the Consumer Financial Protection Agency to more acceptance in the military.

The White House made its first commits on GitHub, including code for its mobile apps and e-petition platform, where President Obama responded personally to an e-petition for the first time.. The House Oversight Committee’s crowdsourced legislative platform  also went on GitHub. At year’s end, the United States (code) was on GitHub.

Responsive design

According to deputy technical lead Jeremy Vanderlan, the new AIDS.gov, launched in June, was the first full-site implementation of responsive web design for a federal government domain. They weren’t the first to automatically adapt how a website is displayed for the device a visitor is using — you can see next-generation web design at open.nasa.gov or in the way that fcc.gov/live optimizes to provide video to different mobile devices — but this was a genuine milestone for the feds online. By year’s end, Congress had also become responsive, at least with respect to its website, with a new beta at Congress.gov.

Free speech online

Is there free speech on the Internet? As Rebecca MacKinnon, Ethan Zuckerman and others have been explaining for years, what we think of as the new “public square online” is complicated by the fact that these platforms for free expression are owned and operated by private companies. MacKinnon explored these issues, “Consent of the Networked,” one of best technology policy books of the year. In 2012, “Twitter censorship” and the Terms of Service for social networking services caused many more people to suggest a digital Bill of Rights, although “Internet freedom” is an idea that varies with the beholder.

Open mapping

On January 9th, I wondered whether 2012 would be “the year of the open map.” I started reporting on digital maps made with powerful new software and open data last winter. The prediction was partially born out, from Foursquare’s adoption to StreetEast moving from Google Maps to new investments in OpenStreetMap. In response to the shift, Google slashed its price for using the Google Maps API by 88%. In an ideal world, the new competition will result in both better maps and more informed citizens.

Data journalism

Data journalism took on new importance for society. We tracked its growing influence, from the Knight News Challenge to new research initiatives to Africa, and are continuing to investigate data journalism with a series of interviews and a forthcoming report.

Privacy and security

Privacy and security continued to dominate technology policy discussions in the United States, although copyright, spectrum, patents and Internet governance had significant prominence. While the Supreme Court decided GPS monitoring constitutes search under the 4th Amendment, expanded rules for data sharing in the U.S. government raised troubling questions.

In another year that will end without updated baseline privacy legislation from Congress, bills did advance in the U.S. Senate to reform electronic privacy and address location-based technology. After calling for such legislation, the Federal Trade Commission opened an investigation into data brokers.

No “cyber security” bill passed the Senate either, leaving hope that future legislation will balance protections with civil liberties and privacy concerns.

Networked politics

Politics were more wired in Election 2012 than they’d ever been in history, from social media and debates to the growing clout of the Internet. The year started off with the unprecedented wave of networked activism that stopped the progress of the Stop Online Piracy Act (SOPA) and PROTECT-IP Act (PIPA) in Congress.

At year’s end, the jury remains out on whether the Internet will act as a platform for collective action to address societal challenges, from addressing gun violence in the U.S. to a changing climate.

Open data

As open data moves from the information age to the action age, there are significant advances around the globe. As more data becomes available, its practical application has only increased in importance.

After success releasing health care data to fuel innovation and startups, US CTO Todd Park sought to scale open data and agile thinking across the federal government.

While it’s important to be aware of the ambiguity of open government and open data, governments are continuing to move forward globally, with the United Kingdom relaunching Data.gov.uk and, at year’s end, India and the European Commission launching open data platforms. Cities around the world also adopted open data, from Buenos Aires to Berlin to Palo Alto.

In the United States, friendly competition to be the nation’s preeminent digital city emerged between San Francisco, Chicago, Philadelphia and New York. Open data releases became a point of pride. Landmark legislation in New York City and Chicago’s executive order on open data made both cities national leaders.

As the year ends, we’re working to make dollars and sense of the open data economy, explicitly making a connection between releases and economic growth. Look for a report on our research in 2013.

Open government

The world’s largest democracy officially launching an open government data platform was historic. That said, it’s worth reiterating a point I’ve made before: Simply opening up data is not a replacement for a Constitution that enforces a rule of law, free and fair elections, an effective judiciary, decent schools, basic regulatory bodies or civil society — particularly if the data does not relate to meaningful aspects of society. Adopting open data and digital government reforms is not quite the same thing as good government. Beware openwashing in government, as well as in other areas.

On that count, at year’s end, The Economist found that global open government efforts are growing in “scope and clout.” The Open Government Partnership grew, with new leadership, added experts and a finalized review mechanism. The year to come will be a test of the international partnership’s political will.

In the United States, an open government reality check at the federal level showed genuine accomplishments, but it leaves many promises only partially fulfilled, with a mixed record on meeting goals that many critics found transparently disappointing. While some of the administration’s transparency failures concern national security — notably, the use of drones overseas — science journalists reported restricted access to administration officials at the Environmental Protection Agency, Federal Drug Administration and Department of Health and Human Services.

Efforts to check transparency promises also found compliance with the Freedom of Information Act lacking. While a new FOIA portal is promising, only six federal agencies were on it by year’s end. The administration record on prosecuting whistleblowers has also sent a warning to others considering coming forward regarding waste or abuse in the national security.

Despite those challenges, 2012 was a year of continuing progress for open government at the federal level in the United States, with reasons for hope throughout states and cities. Here’s hoping 2013 sees more advances than setbacks in this area.

Coming tomorrow: 14 trends to watch in 2013.

Reposted bycheg00 cheg00

July 23 2012

The dark side of data

Map of France in Google Earth by Steven La Roux

A few weeks ago, Tom Slee published “Seeing Like a Geek,” a thoughtful article on the dark side of open data. He starts with the story of a Dalit community in India, whose land was transferred to a group of higher cast Mudaliars through bureaucratic manipulation under the guise of standardizing and digitizing property records. While this sounds like a good idea, it gave a wealthier, more powerful group a chance to erase older, traditional records that hadn’t been properly codified. One effect of passing laws requiring standardized, digital data is to marginalize all data that can’t be standardized or digitized, and to marginalize the people who don’t control the process of standardization.

That’s a serious problem. It’s sad to see oppression and property theft riding in under the guise of transparency and openness. But the issue isn’t open data, but how data is used.

Jesus said “the poor are with you always” not because the poor aren’t a legitimate area of concern (only an American fundamentalist would say that), but because they’re an intractable problem that won’t go away. The poor are going to be the victims of any changes in technology; it isn’t surprisingly that the wealthy in India used data to marginalize the land holdings of the poor. In a similar vein, when Europeans came to North America, I imagine they told the natives “So, you got a deed to all this land?,” a narrative that’s still being played out with indigenous people around the world.

The issue is how data is used. If the wealthy can manipulate legislators to wipe out generations of records and folk knowledge as “inaccurate,” then there’s a problem. A group like DataKind could go in and figure out a way to codify that older generation of knowledge. Then at least, if that isn’t acceptable to the government, it would be clear that the problem lies in political manipulation, not in the data itself. And note that a government could wipe out generations of “inaccurate records” without any requirement that the new records be open. In years past the monied classes would have just taken what they wanted, with the government’s support. The availability of open data gives a plausible pretext, but it’s certainly not a prerequisite (nor should it be blamed) for manipulation by the 0.1%.

One can see the opposite happening, too: the recent legislation in North Carolina that you can’t use data that shows sea level rise. Open data may be the only possible resource against forces that are interested in suppressing science. What we’re seeing here is a full-scale retreat from data and what it can teach us: an attempt to push the furniture against the door to prevent the data from getting in and changing the way we act.

The digital publishing landscape

Slee is on shakier ground when he claims that the digitization of books has allowed Amazon to undermine publishers and booksellers. Yes, there’s technological upheaval, and that necessarily drives changes in business models. Business models change; if they didn’t, we’d still have the Pony Express and stagecoaches. O’Reilly Media is thriving, in part because we have a viable digital publishing strategy; publishers without a viable digital strategy are failing.

But what about booksellers? The demise of the local bookstore has, in my observation, as much to do with Barnes & Noble superstores (and the now-defunct Borders), as with Amazon, and it played out long before the rise of ebooks.

I live in a town in southern Connecticut, roughly a half-hour’s drive from the two nearest B&N outlets. Guilford and Madison, the town immediately to the east, both have thriving independent bookstores. One has a coffeeshop, stages many, many author events (roughly one a day), and runs many other innovative programs (birthday parties, book-of-the-month services, even ebook sales). The other is just a small local bookstore with a good collection and knowledgeable staff. The town to the west lost its bookstore several years ago, possibly before Amazon even existed. Long before the Internet became a factor, it had reduced itself to cheap gift items and soft porn magazines. So: data may threaten middlemen, though it’s
not at all clear to me that middlemen can’t respond competitively. Or that they are really threatened by “data”, as opposed to large centralized competitors.

There are also countervailing benefits. With ebooks, access is democratized. Anyone, anywhere has access to what used to be available only in limited, mostly privileged locations. At O’Reilly, we now sell ebooks in countries we were never able to reach in print. Our print sales overseas never exceeded 30% of our sales; for ebooks, overseas represents more than half the total, with customers as far away as Azerbaijan.

Slee also points to the music labels as an industry that has been marginalized by open data.  I really refuse to listen whining about all the money that the music labels are losing. We’ve had too many years of crap product generated by marketing people who only care about finding the next Justin Bieber to take the “creative industry” and its sycophants seriously.

Privacy by design

Data inevitably brings privacy issues into play. As Slee points out,(and as Jeff Jonas has before him), apparently insignificant pieces of data can be put together to form a surprisingly accurate picture of who you are, a picture that can be sold. It’s useless to pretend that there won’t be increased surveillance in any forseeable future, or that there won’t be an increase in targeted advertising (which is, technically, much the same thing).

We can bemoan that shift, celebrate it, or try to subvert it, but we can’t pretend that it isn’t happening. We shouldn’t even pretend that it’s new, or that it has anything to do with openness. What is a credit bureau if not an organization that buys and sells data about your financial history, with no pretense of openness?

Jonas’s concept of “privacy by design” is an important attempt to address privacy
issues in big data. Jonas envisions a day when “I have more privacy features than you” is a marketing advantage. It’s certainly a claim I’d like to see Facebook make.

Absent a solution like Jonas’, data is going to be collected, bought, sold, and used for marketing and other purposes, whether it is “open” or not. I do not think we can get to Jonas’s world, where privacy is something consumers demand, without going through a stage where data is open and public. It’s too easy to live with the illusion of privacy that thrives in a closed world.

I agree that the notion that “open data” is an unalloyed public good is mistaken, and Tom Slee has done a good job of pointing that out. It underscores the importance of of a still-nascent ethical consensus about how to use data, along with the importance of data watchdogs, DataKind, and other organizations devoted to the public good. (I don’t understand why he argues that Apple and Amazon “undermine community activism”; that seems wrong, particularly in the light of Apple’s re-joining the EPEAT green certification system for their products after a net-driven consumer protest.) Data collection is going to happen whether we like it or not, and whether it’s open or not. I am convinced that private data is a public bad, and I’m less afraid of data that’s open. That doesn’t make it necessarily a good; that depends on how the data is used, and the people who are using it.

Image Credit: Steven La Roux

Reposted bydatenwolf datenwolf
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl