Posts tagged ‘Condé Nast’

A quick read from Prof Stephen Hawking in Wired UK


The late Prof Stephen Hawking’s interview with Condé Nast’s Wired UK is excellent, and a quick read. For those following me on the duopoly of Facebook and Google, here’s what the professor had to say:

I worry about the control that big corporations have over information. The danger is we get into the situation that existed in the Soviet Union with their papers, Pravda, which means “truth” and Izvestia, which means “news”. The joke was, there was no truth in Pravda and no news in Izvestia. Corporations will always promote stories that reflect well on them and suppress those that don’t.

   That last bit definitely applies to a lot of the media today, especially those owned outside our country.
   The rest makes for a great read as Prof Hawking talks about AI, the anti-science movement, Donald Trump, and what humanity needs to do urgently in science. Here’s that link again.

Tags: , , , , , , , , , , , , , , , , ,
Posted in business, politics, publishing, technology, USA | No Comments »

Has Facebook stopped forcing its “malware scanner” on to users after being busted by Wired?


Since Louise Matsakis’s story on Facebook’s malware scanner came out in Wired, the number of hits to my pieces about my experience has dwindled.
   This can mean one of two things: (a) Wired’s getting the hits, which I don’t mind, considering they are the only tech media who had the cohones to talk about it; (b) Facebook, after being busted by the mainstream media, has stopped falsely accusing its users of having malware on their systems.
   Certainly on Twitter, although Twitter has broken its search function recently, far fewer Tweets with Facebook malware appear in a search.
   Of the two, (b) is more likely, because in previous circumstances, Facebook has only backed down after being embarrassed by the media, or after they receive a threat that could land them in an embarrassing situation.
   That includes the times it kicked off drag queens and kings, only to have them fight back with the media’s help; or leave porn and kiddie porn up, till they’re threatened with reports to the authorities.
   Otherwise, they ignore you—as they have done with users who have complained about the malware scanner for four years.
   It’s not unlike Google, who only stopped hacking Iphones in 2012 after The Wall Street Journal busted them for doing so, or only changed their cookie policies to be in line with their own claims after I busted them in 2011 to the Network Advertising Initiative for lying.
   These firms do have too much power because the law means nothing to them, but embarrassment in the court of public opinion does.
   After Louise’s article came out, Bloomberg did a story on it, as did one independent media outlet.
   So while a very small part of me isn’t thrilled that my hits on this blog have dropped, I’m actually far more pleased to know far fewer people are being lied to by Facebook about having malware on their systems. I’m also happy that tens of thousands, maybe even millions, aren’t wasting their time downloading and running a fake scanner which sends their private data to Facebook.
   It’s also interesting how quickly Facebook switched off their fake-warning system, within days of Louise’s article.
   It wasn’t as quick as Google switching off their Iphone privacy circumventing after the WSJ (same day) but the speed at which Facebook ceased telling people they have malware does suggest that those warnings were, as I said all along, fake. Louise asked the right questions and none of Facebook’s answers made sense.
   Facebook has plenty more misdeeds, and, in time, I am sure the tech media will get to them.
   It may find that despite its wealth, on a lot of things it actually needs to play by the very rules it claims to follow. And that means no more forced downloads of software that send your private data to them.

Tags: , , , , , , , , , ,
Posted in business, culture, internet, media, publishing, technology, USA | 3 Comments »

Wired’s Louise Matsakis did what no other journalist could: break the story on Facebook’s forced malware scans


With how widespread Facebook’s false malware accusations were—Facebook itself claims millions were “helped” by them in a three-month period—it was surprising how no one in the tech press covered the story. I never understood why not, since it was one of many misdeeds that made Facebook such a basket case of a website. You’d think that after doing everything from experimenting on its users to intruding on users’ privacy with tracking preferences even after opting out, this would have been a story that followed suit. Peak Facebook has been and gone, so it amazed me that no journalist had ever covered this. Until now.
   Like Sarah Lacy at Pando, who took the principled stand to write about Über’s problems when no one else in the tech media was willing to, it appears to be a case of ‘You can trust a woman to get it right when no man has the guts,’ in this case social media and security writer for Wired, Louise Matsakis. I did provide Louise with a couple of quotes in her story, as did respondents in the US and Germany; she interviewed people on four continents. Facebook’s official responses read like the usual lies we’ve all heard before, going on the record with Louise with such straw-people arguments. Thank goodness for Louise’s and Wired’s reputations for getting past the usual wall of silence, and it demonstrates again how dishonest Facebook is.
   I highly recommend Louise’s article here—and please do check it out as she is the first journalist to write about something that has been deceiving Facebook users for four years.
   As some of you know, the latest development with Facebook’s fake malware warnings, and the accompanying forced downloads, is that Mac users were getting hit in a big way over the last fortnight. Except the downloads were Windows-only. Basically, Mac users were locked out of their Facebook accounts. We also know that these warnings have nothing to do with malware, as other people can sign on to the same “infected” machines without any issue (and I had asked a few of these Mac users to do just that—they confirmed I was right).
   Facebook has been blocking the means by which we can get around the forced downloads. Till April 2016, you could delete your cookies and get back in. You could also go and use a Linux or Mac PC. But steadily, Facebook has closed each avenue, leaving users with fewer and fewer options but to download their software. Louise notes, ‘Facebook tells users when they agree to conduct the scan that the data collected in the process will be used “to improve security on and off Facebook,” which is vague. The company did not immediately respond to a followup request for comment about how exactly it uses the data it collects from conducting malware checks.’ But we know data are being sent to Facebook without our consent.
   Facebook also told Louise that a Mac user might have been prompted to download a Windows program because of how malware spoofs different devices—now, since we all know these computers aren’t infected, we know that that’s a lie. Then a spokesman told Louise that Facebook didn’t collect enough information to know whether you really were infected. But, as she rightly asks, if they didn’t collect that info, why would they force you to download their software? And just what precedent is that setting, since scammers use the very same phishing techniques? Facebook seems to be normalizing this behaviour. I think they got themselves even deeper in the shit by their attempts at obfuscation.
   Facebook also doesn’t answer why many users can simply wait three days for their account to come right instead of downloading their software. Which brings me back to the database issues I discovered in 2014.
   Louise even interviewed ESET, which is one of the providers of the software, only to get a hackneyed response—which is better than what the rest of us managed, because the antivirus companies all are chatty on Twitter till you bring this topic up. Then they clam up. Again, thank goodness for the fourth estate and a journalist with an instinct for a great story.
   So please do give Louise some thanks for writing such an excellent piece by visiting her article, or send her a note via Twitter, to @lmatsakis. To think this all began one night in January 2016 …

Tags: , , , , , , , , , , , , , , , ,
Posted in internet, media, publishing, technology, USA | 2 Comments »

Of course Facebook knew about stolen accounts, even back in 2014: I told them


Official White House photo by Pete Souza

In Wired today: ‘Russian trolls stole US identities to hide in plain sight’. This included hacking to steal Social Security details, then create social media presences using real identities.
   I could have told you about the fake Facebook presences in 2014. Hang on, I did. There was an entire series of blog posts about it here and on my Tumblr.
   While I couldn’t have known who was behind these accounts, I said Facebook had an ‘epidemic’ of bots back then. Some were really fake. But many used convincing American names and US cities and towns. Some were hacked existing accounts but most, back then, were newly created. I even tended to list them before I got tired of doing so. In one night in 2014, I found 277 fake accounts. Facebook wouldn’t even let me report more than 50 per day. After reporting them, they left many of them up, and they necessitated repeated reports.
   You can go on my Tumblr and find more posts like that, but with fewer than 277. Still, that wasn’t an outlier. I had another night were there were 240 or so.
   Now, if one guy can find 200-plus in one night, just how many were there?
   Wired says:

According to the indictment, the Russians not only created Paypal accounts, bank accounts, and false identity documents with stolen American identities, but also created social media accounts, using victims’ names to more authentically fabricate political sock puppets and avoid detection.


WIRED reached out to both Twitter and Facebook to ask if the companies had any prior knowledge of those impersonation instances, and Twitter declined to respond.
   Facebook didn’t respond to WIRED’s specific questions on those stolen accounts.

   Let me tell you now that Facebook did have prior knowledge of impersonation instances and stolen accounts, and I allege they go back many years. Special counsel Robert Mueller’s indictment alleges that the accused started their social media work (the ‘translator project’) in April 2014, the same year I reported what I saw. (A few years later, a massive bunch of South Korean Facebook accounts were hacked and renamed.) Commercial bot nets (my original suspicion, but then I’m lousy at thinking up crimes and would make an appalling crime novelist), or something more sinister?
   To this day, Holly Jahangiri and I can still find them. I don’t even use my Facebook wall any more, and just have a glance at a few groups and pages I run. Even there the bots are coming thick and fast, and many of the ones Holly finds impersonate US military family members.
   Maybe it’s a stretch to say it’s “the Russians”. I still find it hard to believe I could have stumbled upon anything like that, but reading that indictment, and the years the US Justice Department names, makes me wonder. There’s that list of 277—feel free to investigate them if you can, whether you are American or Russian. It’s open to all, and I’d love to know who was behind them. My only real surprise is that others, surely, must have seen this? So many of us use Facebook. I didn’t hunt for these people, they were just around, joining groups and pages, and sending friend requests to cover how fake they were. It didn’t take a genius to work out they were fake. I spent days reporting them because I didn’t want a site I was using to be full of bots, sucking up resources.

Tags: , , , , , , , ,
Posted in internet, politics, USA | No Comments »

It’s full circle for back to its origins in fashion retail


Originally published in the online edition of Lucire, May 1, 2015

Top Earlier today, attempting to get into meant a virus warning—the only trace of this curiosity is in the web history. Above is back, with a note that it will be transforming into an e-tail site.

If there’s one constant in fashion, it’s change. The other one, which we notice thanks to a number of our team being well schooled on fashion history, is that trends always return, albeit in modified form. Both have come into play with, which announced earlier this week that it would become an ecommerce site.
   When Lucire started, we linked to, but it wasn’t in our fashion magazines’ directory. It was, instead, in our shopping guide.
   In 2000, that all changed, and it began appearing under our fashion magazine links, where it was until today. An attempt to log in to the home page was met by a virus warning, preventing us from going further. We figured that this was part of the transformation of the website as it readied itself for the next era, discouraging people from peering. However, having had these warnings splashed across our own pages two years ago courtesy of Google’s faulty bot, when our site was in fact clean, there was a part of us taking it with a grain of salt. In either case, given the impending change, it was probably the right time to remove the link.
   This evening, is back and virus-free, with an overlay graphic announcing that the website will be changing. Plenty of our media colleagues have analysed the closure over the past week: the Murdoch Press has gossiped about how the layoffs were announced, WWD suggests editor-in-chief Dirk Standen didn’t know it was coming, based on rumours, while Fashionista puts it all into context by analysing just where ecommerce is within the fashion sector, and that content should be the answer over clothing sales.
   What is interesting is no one that we’ve spotted has mentioned how the domain name (we’ve carefully noted it in lowercase there) has effectively come full circle. Perhaps we really are in the age of Wikipedia-based research, as this fact is not mentioned there at all.
   When Lucire launched in 1997, was the website for Express Style, later more prominently, and simply, branded Express, a US fashion retailer. It’s not hard to imagine that had Express remained at the URL, it would have become an e-tailer; it has, after all, made the move into ecommerce at its present home, Like a fashion trend that comes back two decades later, has gone back to its roots: by the autumn it’ll be e-tailing.
   The omission from the above paragraph is the sale of the domain name by Express to Condé Nast in the late 1990s. We never completely understood the need to start a new brand to be the US home of Vogue and W; for many  years, typing into the browser in the US would take one automatically to Then, somewhere along the line, Condé Nast decided that should be the online home of Vogue after all.
   But having made the decision to forge ahead with, Condé Nast did it with a lot of resources, and took its site to number one among print fashion magazine web presences in a remarkably short space of time. It devoted plenty of resources to it, and it’s thanks to that certain things that were once frowned upon—e.g. showing off catwalk collections after the show—became acceptable. Designers used to enjoy the fact that we and Elle US delayed online coverage, the belief being that the delay ensured that pirates could not copy their designs and beat them to the high street.
   To get itself known, Condé Nast bought advertising at fashion websites that were better known, including this one (yes, in 2000 that really was the case), at a time when online advertising cost considerably more than it does today.
   The muscle from the best known name in fashion publishing changed the way the media interacted with readers. Designers figured that if they wanted coverage, they would have to accept that their work would be shown nearly instantly. We became used to that idea, so much so that we now have to show the catwalk videos live in the 2010s.
   In some ways, the change makes sense: we’re talking about an Alexa rank in the 4,000s, which translates to plenty of traffic. The name is known, and most shoppers will make some association with Vogue. The official word is that Franck Zayan, formerly head of ecommerce for Galeries Lafayette, will helm the revised website, and he’s reporting that brands are coming on board rapidly.
   One shouldn’t mourn the loss of as a fashion news portal, since the content we’re all used to is bound to appear at Vogue. And in all the years we had it in our magazines’ directory, it was listed under our Vogue entry anyway. We await the new site to see what Condé Nast will do with it, and it may yet return to the spot where it once was in the 20th century, in the shopping guide.

Tags: , , , , , , , , , , , , , , ,
Posted in business, internet, media, New Zealand, publishing, USA, Wellington | No Comments »

I remember one of IMI’s scare campaigns


I came across a fascinating article in Wired’s online edition about two scammers who promote “scareware”: those inferior antivirus programs designed to rid users of fake viruses they tell you about through fake pop-ups. And once you install them, you get a virus.
   This paragraph struck a chord:

But those troubles didn’t do much to stifle IMI’s scare campaign. Starting around 2007, the company cranked up both its aggression and its ingenuity. Leading advertising networks had banned IMI, so the company set up a series of fake online ad agencies that placed banners on popular websites, including those of The Economist, eHarmony, and Major League Baseball. IMI embedded the ads with hidden code, so if someone from inside the hosting site’s offices looked at them, they saw appeals from mainstream companies like Travelocity, Priceline, and Weight Watchers. But if regular users viewed the ads, they saw quickie come-ons for used cars or diet pills. When consumers clicked on an ad, it would redirect their browser to a site selling antivirus software or, worse, trigger an auto-download. All the while, IMI was engaged in an arms race against established antivirus companies, continually tweaking its software to make it unrecognizable to the databases of known threats.

   In 2007, we had come across these very ads. Luckily, we caught them within hours of their surfacing on our sites, thanks to browsing the pages ourselves, and using proxies to see what people overseas could be viewing. We removed all banners from the affected ad network, replacing them with ads from another one. The ad network who fed the ads to us removed the ads ASAP. Four years on, we discover who was behind them.
   Not that we can blame the ad network. The actual ads looked legit: the ones I remember pretended to be from Careerbuilder. Unfortunately, when they loaded, it launched one of IMI’s websites with a fake virus scan.
   I tended to be more fortunate, as I customized my machines enough so that the standard fonts do not display—though I got caught out earlier this year with one fake ad with a defrag alert, on my laptop, where I had not removed Segoe as the default UI font in favour of one of our in-house ones.
   The two blokes behind IMI are on an Interpol most-wanted list, though that’s just the tip of the iceberg.
   There are plenty more following in their footsteps, as I’ve noticed that these sorts of ads have continued. Panda Security, the article reveals, estimates that the number of phony antivirus programs has leapt from 92,215 in 2008 to 3,084,410 last year. Fortunately, as far as I know, advertisements for these programs, and the fake virus alerts that accompany them, haven’t surfaced on the ad networks we’re using. We’ll keep monitoring.

Tags: , , , , , , ,
Posted in business, internet, marketing, media, publishing, technology, USA | No Comments »