Facebook ha condiviso dati con 61 aziende

Già il mese scorso Facebook aveva ammesso di aver condiviso in maniera più o meno diretta di aver condiviso i dati relativi agli utenti con più di sessanta aziende fra cui Apple, Microsoft, Amazon, Spotify, Samsung e BlackBerry.

Questi ed altri dettagli sono contenuti in un documento di 748 pagine risalente a venerdì scorso e indirizzato al Congresso USA.

These integrations were reviewed by Facebook, which had to
approve implementations of the APIs. Typically, these apps were reviewed and approved by
members of our partnerships and engineering teams.

Google dice di no al Pentagono

Leaked Emails Show Google Expected Lucrative Military Drone AI Work to Grow Exponentially

Dopo la rivelazione del fatto che Google stesse lavorando con il Pentagono per fornire ai droni i suoi moduli di AI, alcuni impiegati hanno rassegnato le dimissioni e altri hanno creato una petizione chiedendo che il contratto venisse dismesso.

Oltre che per il malcontento, subodorando la pubblicità negativa per l’azienda e per Cloud AI (un progetto su cui Google sta investendo tantissimo) l’azienda ha deciso di tirarsi fuori.

“I don’t know what would happen if the media starts picking up a theme that Google is secretly building AI weapons or AI technologies to enable weapons for the Defense industry,” she continued. “Google Cloud has been building our theme on Democratizing AI in 2017, and Diane and I have been talking about Humanistic AI for enterprise. I’d be super careful to protect these very positive images.”

Un altro caso di dati malprotetti

Solo che stavolta tocca a dati di bambini: l’app TeenSafe, utilizzata per monitorare i minori (in maniera anche troppo invasiva, per i miei gusti) ha tenuto i dati dei suoi utenti su server di Amazon non protetti.

The database stores the parent’s email address associated with TeenSafe, as well as their corresponding child’s Apple ID email address. It also includes the child’s device name — which is often just their name — and their device’s unique identifier. The data contains the plaintext passwords for the child’s Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child’s account to access their personal content data. [link]

Aprire le porte degli hotel di tutto il mondo

Alcuni ricercatori han trovato un bel bug che permette di aprire le porte degli hotel, quando sono connessi a internet. E un bug mica male: si possono aprire le porte senza lasciare traccia. Per fortuna è un bug che riguarda alcuni lucchetti elettronici molto vecchi, che sono limitatamente in uso ora; e molti hotel hanno già iniziato a installare gli aggiornamenti di sicurezza relativi.

Researchers say flaws they found in the equipment’s software meant they could create “master keys” that opened the rooms without leaving an activity log. [link]

WhatsApp founder plans to leave after broad clashes with parent Facebook

WhatsApp founder plans to leave after broad clashes with parent Facebook

Jan Koum ha deciso di dimettersi dalla sua carica di CEO di WhatsApp.

Brian Acton, suo socio cofondatore si era già dimesso a Novembre.

Alla base della decisione ci sarebbe il disaccordo di Koum per le politiche di Facebook sul trattamento dei dati personali degli utenti e la disattenzione verso le tematiche della crittografia e della sicurezza delle comunicazioni.

“It is time for me to move on”

Trump signs controversial FOSTA-SESTA bill into law

Trump signs controversial FOSTA-SESTA bill into law

Giovedì scorso il Presidente Trump ha firmato il progetto di legge conosciuto come SESTA-FOSTA (abbreviazione di Stop Enabling Sex Traffickers Act and Allow States and Victims to Fight Online Sex Trafficking Act).

In breve, viene introdotta la responsabilità penale per tutte le piattaforme web che ospitano contenuti che favoriscono, assistono o supportano le attività di prostituzione.

Per evitare problemi, Craigslist ha addirittura eliminato la sezione di annunci personali prima ancora che la legge fosse approvata.

Oltre a importanti conseguenze per la privacy e per la censura che potrebbero operare delle piattaforme sui propri contenuti, c’è anche l’aspetto della compromissione della sicurezza dei sex-worker che utilizzano quei siti web e che potrebbero ricorrere a mezzi meno adatti per continuare a esercitare.

Beyond Cambridge Analytica

Beyond Cambridge Analytica

Una società italiana, la Area, ha venduto un software per monitoraggio del traffico in Rete al regime siriano di Bashar Al-Assad.

Ora pubblicizza uno spyware che consente il monitoraggio e la manipolazione delle informazioni sui social media.

I got hacked mid-air while writing an Apple-FBI story

I got hacked mid-air while writing an Apple-FBI story

This is so fucking scary.

“I don’t really need to worry about online privacy,” I used to think. “I’ve got nothing to hide. And who would want to know what I’m up to, anyway?”

Sure, I’m a journalist, but I’m not an investigative reporter, not a political radical, not of much interest to anyone, really.

That was last week, when the standoff between the FBI and Apple seemed much more about principle than practice to me. That’s when I thought I’d write a column on whether this legal fight matters to regular folk — people like my mother, a retired social worker; my best friend, who works in retail; or even my 20-year-old niece in college. That was before I found out — in a chillingly personal way — just why it does matter. To all of us.

A County Worker May Have Wrecked Law Enforcements’ Chance to Extract Data from San Bernardino iPhone

A County Worker May Have Wrecked Law Enforcements’ Chance to Extract Data from San Bernardino iPhone

A San Bernardino county worker may be responsible for a contentious battle now playing out between Apple and the government over data on an iPhone that belonged to suspected San Bernardino shooter Syed Rizwan Farook.
(…)
The government touched on this detail in a motion it filed with the court today but placed it only in a lengthy footnote at the bottom of one page. The government also didn’t acknowledge in the footnote that this was likely the best chance it had of retrieving the data it wanted from the phone.

«We fucked this up.»
«And now?»
«Now we force Apple to crack its phone and if they refuse we’ll say it’s a marketing stunt!»
«Sounds good!»

It’s not about an iPhone

Tim_Cook_WWDC_2012

Probably Tim Cook’s and Apple’s move against court orders and FBI pressures will go on for quite some time. I have no idea who will win (if anyone will win at all), but I believe that Cook chose the right battle to fight. This is no ‘isolated case’, this is not about that one iPhone 5C. And I too, among others, think that FBI is taking advantage of the particular situation (an awful crime committed by a mass shooter, and the need to find out the most information possible) to create a precedent. Once they force Apple to build a modified iOS version that can break into that iPhone 5C, there’s no way to guarantee us that they won’t come after some other smartphone maker. If there’s something that the NSA-Snowden revelations should have taught us, it’s that those in charge are indeed trying to keep the Western World at peace, but they won’t respect fundamental rights such as privacy or security, in this peace-keeping quest.

The point is: even if we want to believe FBI is in good faith (and in a way they are, because if in that iPhone there are information about the shooter’s plan or activities, they should be retrieved), they cannot be trusted. In the last few decades, political organizations or even underground branches of government or authorities have misused their duties and faculties, to the detriment of the citizens. In Italy this is acknowledged: for many years, there was an enclave that pressured our legitimate representatives and abused their powers to protect their own power and position, with an awful lot of means. Imagine if they can also pry on our phones.

Smartphones should be more secure, and as many have already said, they should be inaccessible for everyone but their owner. There’s no magical security unicorn, no magic security feature that can be capitalized on by the good guys only. And even if we say that the FBI are the good guy, what about other governments in the world? More so: if our phones have backdoors and other weak security systems in place, terrorists around the world will use some kind of security means and we’re back to square one.

Tim Cook chose the right path, although the most dangerous, politically speaking. The EEF, WhatsApp, and to a certain extent Google and Microsoft stand with Apple: I’m waiting for all the other internet companies to stand up as well.

(And for those of you who think that this is a commercial stunt: yes, speak loudly about security, privacy and protection of one’s own clients is surely good business, but it can alienate a good chunk of user. Probably it will. Let’s see.)

Tim Cook’s Open Letter on Security and Privacy

Tim Cook’s Open Letter on Security and Privacy

We’re going to look closely to this matter, but let’s start with Apple’s CEO letter to its customers – and to everyone, actually.

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.