Posts tagged ‘Wired’


A quick read from Prof Stephen Hawking in Wired UK

14.03.2018

The late Prof Stephen Hawking’s interview with Condé Nast’s Wired UK is excellent, and a quick read. For those following me on the duopoly of Facebook and Google, here’s what the professor had to say:

I worry about the control that big corporations have over information. The danger is we get into the situation that existed in the Soviet Union with their papers, Pravda, which means “truth” and Izvestia, which means “news”. The joke was, there was no truth in Pravda and no news in Izvestia. Corporations will always promote stories that reflect well on them and suppress those that don’t.

   That last bit definitely applies to a lot of the media today, especially those owned outside our country.
   The rest makes for a great read as Prof Hawking talks about AI, the anti-science movement, Donald Trump, and what humanity needs to do urgently in science. Here’s that link again.

Tags: , , , , , , , , , , , , , , , , ,
Posted in business, politics, publishing, technology, USA | No Comments »


Has Facebook stopped forcing its “malware scanner” on to users after being busted by Wired?

10.03.2018

Since Louise Matsakis’s story on Facebook’s malware scanner came out in Wired, the number of hits to my pieces about my experience has dwindled.
   This can mean one of two things: (a) Wired’s getting the hits, which I don’t mind, considering they are the only tech media who had the cohones to talk about it; (b) Facebook, after being busted by the mainstream media, has stopped falsely accusing its users of having malware on their systems.
   Certainly on Twitter, although Twitter has broken its search function recently, far fewer Tweets with Facebook malware appear in a search.
   Of the two, (b) is more likely, because in previous circumstances, Facebook has only backed down after being embarrassed by the media, or after they receive a threat that could land them in an embarrassing situation.
   That includes the times it kicked off drag queens and kings, only to have them fight back with the media’s help; or leave porn and kiddie porn up, till they’re threatened with reports to the authorities.
   Otherwise, they ignore you—as they have done with users who have complained about the malware scanner for four years.
   It’s not unlike Google, who only stopped hacking Iphones in 2012 after The Wall Street Journal busted them for doing so, or only changed their cookie policies to be in line with their own claims after I busted them in 2011 to the Network Advertising Initiative for lying.
   These firms do have too much power because the law means nothing to them, but embarrassment in the court of public opinion does.
   After Louise’s article came out, Bloomberg did a story on it, as did one independent media outlet.
   So while a very small part of me isn’t thrilled that my hits on this blog have dropped, I’m actually far more pleased to know far fewer people are being lied to by Facebook about having malware on their systems. I’m also happy that tens of thousands, maybe even millions, aren’t wasting their time downloading and running a fake scanner which sends their private data to Facebook.
   It’s also interesting how quickly Facebook switched off their fake-warning system, within days of Louise’s article.
   It wasn’t as quick as Google switching off their Iphone privacy circumventing after the WSJ (same day) but the speed at which Facebook ceased telling people they have malware does suggest that those warnings were, as I said all along, fake. Louise asked the right questions and none of Facebook’s answers made sense.
   Facebook has plenty more misdeeds, and, in time, I am sure the tech media will get to them.
   It may find that despite its wealth, on a lot of things it actually needs to play by the very rules it claims to follow. And that means no more forced downloads of software that send your private data to them.

Tags: , , , , , , , , , ,
Posted in business, culture, internet, media, publishing, technology, USA | 4 Comments »


Wired’s Louise Matsakis did what no other journalist could: break the story on Facebook’s forced malware scans

24.02.2018

With how widespread Facebook’s false malware accusations were—Facebook itself claims millions were “helped” by them in a three-month period—it was surprising how no one in the tech press covered the story. I never understood why not, since it was one of many misdeeds that made Facebook such a basket case of a website. You’d think that after doing everything from experimenting on its users to intruding on users’ privacy with tracking preferences even after opting out, this would have been a story that followed suit. Peak Facebook has been and gone, so it amazed me that no journalist had ever covered this. Until now.
   Like Sarah Lacy at Pando, who took the principled stand to write about Ãœber’s problems when no one else in the tech media was willing to, it appears to be a case of ‘You can trust a woman to get it right when no man has the guts,’ in this case social media and security writer for Wired, Louise Matsakis. I did provide Louise with a couple of quotes in her story, as did respondents in the US and Germany; she interviewed people on four continents. Facebook’s official responses read like the usual lies we’ve all heard before, going on the record with Louise with such straw-people arguments. Thank goodness for Louise’s and Wired’s reputations for getting past the usual wall of silence, and it demonstrates again how dishonest Facebook is.
   I highly recommend Louise’s article here—and please do check it out as she is the first journalist to write about something that has been deceiving Facebook users for four years.
   As some of you know, the latest development with Facebook’s fake malware warnings, and the accompanying forced downloads, is that Mac users were getting hit in a big way over the last fortnight. Except the downloads were Windows-only. Basically, Mac users were locked out of their Facebook accounts. We also know that these warnings have nothing to do with malware, as other people can sign on to the same “infected” machines without any issue (and I had asked a few of these Mac users to do just that—they confirmed I was right).
   Facebook has been blocking the means by which we can get around the forced downloads. Till April 2016, you could delete your cookies and get back in. You could also go and use a Linux or Mac PC. But steadily, Facebook has closed each avenue, leaving users with fewer and fewer options but to download their software. Louise notes, ‘Facebook tells users when they agree to conduct the scan that the data collected in the process will be used “to improve security on and off Facebook,” which is vague. The company did not immediately respond to a followup request for comment about how exactly it uses the data it collects from conducting malware checks.’ But we know data are being sent to Facebook without our consent.
   Facebook also told Louise that a Mac user might have been prompted to download a Windows program because of how malware spoofs different devices—now, since we all know these computers aren’t infected, we know that that’s a lie. Then a spokesman told Louise that Facebook didn’t collect enough information to know whether you really were infected. But, as she rightly asks, if they didn’t collect that info, why would they force you to download their software? And just what precedent is that setting, since scammers use the very same phishing techniques? Facebook seems to be normalizing this behaviour. I think they got themselves even deeper in the shit by their attempts at obfuscation.
   Facebook also doesn’t answer why many users can simply wait three days for their account to come right instead of downloading their software. Which brings me back to the database issues I discovered in 2014.
   Louise even interviewed ESET, which is one of the providers of the software, only to get a hackneyed response—which is better than what the rest of us managed, because the antivirus companies all are chatty on Twitter till you bring this topic up. Then they clam up. Again, thank goodness for the fourth estate and a journalist with an instinct for a great story.
   So please do give Louise some thanks for writing such an excellent piece by visiting her article, or send her a note via Twitter, to @lmatsakis. To think this all began one night in January 2016 …

Tags: , , , , , , , , , , , , , , , ,
Posted in internet, media, publishing, technology, USA | 2 Comments »


Of course Facebook knew about stolen accounts, even back in 2014: I told them

17.02.2018


Official White House photo by Pete Souza

In Wired today: ‘Russian trolls stole US identities to hide in plain sight’. This included hacking to steal Social Security details, then create social media presences using real identities.
   I could have told you about the fake Facebook presences in 2014. Hang on, I did. There was an entire series of blog posts about it here and on my Tumblr.
   While I couldn’t have known who was behind these accounts, I said Facebook had an ‘epidemic’ of bots back then. Some were really fake. But many used convincing American names and US cities and towns. Some were hacked existing accounts but most, back then, were newly created. I even tended to list them before I got tired of doing so. In one night in 2014, I found 277 fake accounts. Facebook wouldn’t even let me report more than 50 per day. After reporting them, they left many of them up, and they necessitated repeated reports.
   You can go on my Tumblr and find more posts like that, but with fewer than 277. Still, that wasn’t an outlier. I had another night were there were 240 or so.
   Now, if one guy can find 200-plus in one night, just how many were there?
   Wired says:

According to the indictment, the Russians not only created Paypal accounts, bank accounts, and false identity documents with stolen American identities, but also created social media accounts, using victims’ names to more authentically fabricate political sock puppets and avoid detection.

And:

WIRED reached out to both Twitter and Facebook to ask if the companies had any prior knowledge of those impersonation instances, and Twitter declined to respond.
   Facebook didn’t respond to WIRED’s specific questions on those stolen accounts.

   Let me tell you now that Facebook did have prior knowledge of impersonation instances and stolen accounts, and I allege they go back many years. Special counsel Robert Mueller’s indictment alleges that the accused started their social media work (the ‘translator project’) in April 2014, the same year I reported what I saw. (A few years later, a massive bunch of South Korean Facebook accounts were hacked and renamed.) Commercial bot nets (my original suspicion, but then I’m lousy at thinking up crimes and would make an appalling crime novelist), or something more sinister?
   To this day, Holly Jahangiri and I can still find them. I don’t even use my Facebook wall any more, and just have a glance at a few groups and pages I run. Even there the bots are coming thick and fast, and many of the ones Holly finds impersonate US military family members.
   Maybe it’s a stretch to say it’s “the Russians”. I still find it hard to believe I could have stumbled upon anything like that, but reading that indictment, and the years the US Justice Department names, makes me wonder. There’s that list of 277—feel free to investigate them if you can, whether you are American or Russian. It’s open to all, and I’d love to know who was behind them. My only real surprise is that others, surely, must have seen this? So many of us use Facebook. I didn’t hunt for these people, they were just around, joining groups and pages, and sending friend requests to cover how fake they were. It didn’t take a genius to work out they were fake. I spent days reporting them because I didn’t want a site I was using to be full of bots, sucking up resources.

Tags: , , , , , , , ,
Posted in internet, politics, USA | 1 Comment »


I remember one of IMI’s scare campaigns

29.10.2011

I came across a fascinating article in Wired’s online edition about two scammers who promote “scareware”: those inferior antivirus programs designed to rid users of fake viruses they tell you about through fake pop-ups. And once you install them, you get a virus.
   This paragraph struck a chord:

But those troubles didn’t do much to stifle IMI’s scare campaign. Starting around 2007, the company cranked up both its aggression and its ingenuity. Leading advertising networks had banned IMI, so the company set up a series of fake online ad agencies that placed banners on popular websites, including those of The Economist, eHarmony, and Major League Baseball. IMI embedded the ads with hidden code, so if someone from inside the hosting site’s offices looked at them, they saw appeals from mainstream companies like Travelocity, Priceline, and Weight Watchers. But if regular users viewed the ads, they saw quickie come-ons for used cars or diet pills. When consumers clicked on an ad, it would redirect their browser to a site selling antivirus software or, worse, trigger an auto-download. All the while, IMI was engaged in an arms race against established antivirus companies, continually tweaking its software to make it unrecognizable to the databases of known threats.

   In 2007, we had come across these very ads. Luckily, we caught them within hours of their surfacing on our sites, thanks to browsing the pages ourselves, and using proxies to see what people overseas could be viewing. We removed all banners from the affected ad network, replacing them with ads from another one. The ad network who fed the ads to us removed the ads ASAP. Four years on, we discover who was behind them.
   Not that we can blame the ad network. The actual ads looked legit: the ones I remember pretended to be from Careerbuilder. Unfortunately, when they loaded, it launched one of IMI’s websites with a fake virus scan.
   I tended to be more fortunate, as I customized my machines enough so that the standard fonts do not display—though I got caught out earlier this year with one fake ad with a defrag alert, on my laptop, where I had not removed Segoe as the default UI font in favour of one of our in-house ones.
   The two blokes behind IMI are on an Interpol most-wanted list, though that’s just the tip of the iceberg.
   There are plenty more following in their footsteps, as I’ve noticed that these sorts of ads have continued. Panda Security, the article reveals, estimates that the number of phony antivirus programs has leapt from 92,215 in 2008 to 3,084,410 last year. Fortunately, as far as I know, advertisements for these programs, and the fake virus alerts that accompany them, haven’t surfaced on the ad networks we’re using. We’ll keep monitoring.

Tags: , , , , , , ,
Posted in business, internet, marketing, media, publishing, technology, USA | No Comments »


It’s hard finding the old stuff on Google

26.02.2010

My Wired for March 2010 arrived today (things take a while to reach the antipodes), with the most interesting article being on the Google algorithm. And hold on, this isn’t a Google-bashing blog entry.
   Steven Levy’s article was probably written before the furore over the Google Buzz privacy flap. And it points out how Google has learned from users for search, producing more relevant results than its competitors. With 65 per cent of the search market (and close to 100 per cent of my searches for many years), it has a bigger pool to learn from, too.
   Recently I have noticed in ego-searches that Google is now smart enough to distinguish between searches for yours truly and those for Jack Yan & Associates (both in quotes), so that the former results in a mere 53,800 references, and the latter with 124,000 (quite a bit down from yesterday, when I first hatched the idea about blogging this topic). That is smart in itself: knowing when people are looking for me (or my blog) and when they seek the company. By comparison, Yahoo! lists 280,000 for the former and 42,500 for the latter, as the latter is (if you look at terms alone) a more specific search.
   Once upon a time—even as late as 2009—a search for my name would result in both my personal and work sites.
   I’m pretty proud of my company and the people who work with me, and in election year, if someone were checking out my background, I sure would not mind them getting to JY&A as well. On the other hand, thanks to this distinction, my mayoral campaign site comes up in the top 10 in a search for my name. Either way, it’s relevant to a searcher—so all is well.
   But is this really how people search? If I were searching for, say, Heidi Klum, I would probably want (I write this before I even attempt a search) her bio, a bit of news, pictures to ogle, and Heidi Klum GmbH, her company. This is exactly what Google delivers, with her Wikipedia entry in addition (as the first result). (Bing does this, too; Yahoo! puts Heidi Klum GmbH at number one.) Maybe someone could get back to me on their expectations for a name search although, as I said, Google is doing me a huge political favour by distinguishing me from my business. The ability to distinguish the two is, by all accounts, clever.
   Levy cites an example in his article about mike siwek lawyer mi which, when fed into Google at the time of his writing, gets a page about a Michigan lawyer called Mike Siwek. On Bing, ‘the first result is a page about the NFL draft that includes safety Lawyer Milloy. Several pages into the results, there’s no direct referral to Siwek.’ (A Bing search today still does not have Mr Siwek appear early on; in fact, most now discuss Levy’s article; sadly for Mr Siwek, the same now applies on Google, with the first actual reference to his name being the 18th result. Cuil, incidentally, returns nothing—so much for supposedly having a Google-busting index size.)
   But I have one that is puzzling to me. Ten years ago, Lucire published an article about the 10th anniversary of the Elle Macpherson Intimates range. One would think that the query “Elle Macpherson Intimates” “10th anniversary” would bring this up first—in fact, I did have to search for the URL last year when writing a blog post. On Google, this is, in fact, the last entry. On Bing, it is the first. On Yahoo!, it is second.
   Of course, Google may well have judged the Lucire article to be too old and that the overwhelming majority of searches is for current or recent information. And being 10 years old, I hardly imagine there to be too many links to it any more. However, I thought the fact that we can now, very easily, sort our searches by date—especially with the new layout of the results’ page—it might just give us the most precise result. The lead page to the article is in frames (yes, it’s that old), which may have been penalized by Google. But many of the leading results that turn up that have these two terms do not have them with great proximity (in fact, numbers one and two do not even have the term Elle Macpherson Intimates any more). However, I don’t think the page I hunted for should be last, especially as none of the preceding entries even have the words in their title.
   I am not complaining about the Google situation since a 2009 Lucire article that links to the old Elle Macpherson one comes up in the top 10, so it’s still reasonably easy to get to via the top search engine. (Cuil lists the 2009 article from Lucire in its top 10, too.) There’s also a blog entry from me that links it, and that appears on the second page.
   It’s just that I hold a belief that many people who search using Google (or any search engine) do so for research. They want to know about Brand X and, sometimes, about its history. If I type a person’s name, there is a fairly good chance I want to know the latest. But when I qualify that name with something that puts it in the past (anniversary), then I’d say I want something historical. That includes old pages.
   While few rely on a fashion magazine for historical research (though, believe me, we get queries from scholars who want citations of things they saw in Lucire), Google results nos. 1 through 53 and the majority of Cuil’s results (which are very irrelevant—the first two are of a domain that no longer exists and a blank page) don’t hit the spot.
   For the overwhelming majority of searches—well over 90 per cent—Google serves me just fine, which is why you don’t see me complain much about the quality of its results. Even here, it’s not so much a complaint, but professional curiosity. It would be sad for Bing or Yahoo! to be labelled as search engines for historical searches, but someone should fairly provide access to the older, yet still relevant, pages on the internet for everyday queries (so I don’t mean the Internet Archive).

PS.: There’s one more search engine that should be considered. Gigablast, which I have used on and off over the years, does not list the 2000 article, either. Like Google, the 2009 one is listed, and only five results are returned.—JY

Tags: , , , , , , , , , , , , , ,
Posted in internet, politics | 1 Comment »