The popular social-messaging service is partnering with American Express to let you make purchases just by tweeting. Twitter, in its seemingly endless quest to effectively monetize itself, is looking across the Internet to Amazon for a little inspiration. The social-messaging network now wants to become something of an e-tailer, and is partnering with American Express to let consumers purchase products by — you guessed it — tweeting.
The project is still in the experimental phase, but so far, here's what The Week
knows about how Amex Sync would work: Retailers would make deals with
Twitter to sell specific products and services at a discount to Twitter
users. Then on the consumer end, you'd link your Amex credit card with
your Twitter handle. Once signed in, you'd send a tweet containing a
special hashtag
to make a purchase, something like #BuyAmexGiftCard25. A reply to
@AmexSync confirms the purchase, and — tada! — you are now the owner of a
$25 American Express Gift Card.
Twitter believes this initiative could help the company diversify its revenue streams, which are currently heavily reliant on online advertising.
"We're convinced that commerce is going to be one of the areas (for
which) advertisers are going to start using our platform," Joel
Lunenfeld, Twitter’s vice president of global brand strategy, told The Wall Street Journal. It's unclear, however, if or how much of a cut Twitter will take from each transaction.
But tweets could just be the beginning. According to All Things D, Amex is bringing the initiative over to Facebook, Foursquare, and Microsoft's Xbox Live, too.
So
what's in it for you? Discounts on a range of products — Amex gift
cards, Kindle Fire tablets from Amazon, jewelry from designer Donna
Karan, and the like. Of course, that means you'll have to openly
advertise to your followers what it is you're buying, which many
consumers will understandably see as a dealbreaker.
For
marketers, it establishes that almighty link between the mysterious
value of a tweet and a measurable purchase at the end of the online
retail funnel. Expect the service to roll out slowly over the next few
days
- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
Twitter's Weird Plan to Become an Online Shopping Mall
The Dark Side of Meeting People Online
Not a day goes by in New York City that I don't hear about some kind
of abduction. But when it happens because people get to know each other
online and then meet in real life, I must report on it so you know the
dangers, even if you're an adult!
According to Alison Bowen of Metro New York, police are
searching for a suspect they think may have murdered a Queens teacher
after they met online. David Rangel, 53, was found choked to death and
shoved under his couch in his Jackson Heights apartment Sunday,
officials said. A police spokesman said cops responded to a 911 call,
after a friend checking on him found the door unlocked and ajar.
Police found Rangel with trauma to his head and blood on the floor
and the walls. Councilman Daniel Dromm asked the NYPD to investigate the
murder as a hate crime. “The horrific crime committed against David
Rangel, an openly gay public school teacher who lived in one of the
city's most tolerant communities, is deeply distressing,” Dromm said.
Dromm spokesman Alex Florez said Rangel appears to have met someone
online. The councilman's concern is that someone may have targeted him
because he is openly gay, and that this perhaps led into a potential
bias-motivated murder. “Something obviously went terribly wrong there,”
Florez said. Rangel taught seventh- and eighth-grade Spanish at P.S.
219. “We are deeply saddened by the loss of a well-liked and respected
teacher, David Rangel,” the school’s president, Fred Wright, wrote on
Twitter yesterday.
Meanwhile, the family of a Staten Island
woman, Sarai Sierra, is searching for her in Turkey, where she
disappeared while traveling this month. They, too, are concerned she may
have met someone online. She had planned to meet with strangers she met
through Instagram, according to the Daily News. Online safety expert
Hemu Nigam said that when people sit behind a computer screen, they may
wrongly lower their guard.
“When you’re going online, it’s very
much like you’re going down a New York alley,” he said. “You don’t know
where you’re going, you don’t know what might pop up … yet when you’re
on a computer, you do it without thinking twice.”
“If you’re connecting with somebody in the online world, unless you
are seeing the whites of their eyes, they should be treated as a
stranger to you,” Nigam said. Instead, he said, when people talk online,
they can feel very comfortable, because they are in the comfort of
their own home. But people should have the opposite reaction. If
something seems off, ask for clarification, he advised. “I think your
first best friend in all of this is Google,” he said. “You can see if
the job they’re talking about actually exists. … if your instincts say
there’s something wrong, you’ve got to go with it.”
He also
suggests a face-to-face chat on the computer or phone. “If the person
refuses because they’re giving you examples like, ‘My hair doesn’t look
good today, I’m just not feeling well,’ your senses should go up,” he
said. If you do meet someone, perhaps through an online dating website,
make sure it is in a public place, and consider having a friend show up
two or three tables down or suggesting a group setting.
Subscribe to the NetLingo Blog via Email or RSS here!
The 25 Most Popular Passwords of 2012
Happy New Year, it's time to change your passwords again. You can't go anywhere online without a password
these days. Want to access Xbox Live through your PC? You'll need a
password. Logging onto the PlayStation Store? Cough it up. Playing any
online games? You know what to do. Not to mention all of your social
networking, email, website, and e-commerce passwords.
The problem though, according to Chris Morris at Plugged In, is that most of us just aren't very password-creative. hacker delight in posting usernames and passwords
online when they raid a database. To prove the point -- and to help us
all make better password decisions -- SplashData compiles an annual list
of the most common (and therefore, the worst) passwords from those
listings.
The top passwords of 2012 are the same three from a
year ago - "password," "123456," and "12345678." In 2012, however, there
were some new additions, including "welcome, " "jesus," "ninja," and
"mustang." Our favorite newcomer to the list (and yes, we're being
sarcastic here), is "password1," a particularly weak attempt at pleasing
providers who require a number in your password somewhere.
"At
this time of year, people enjoy focusing on scary costumes, movies and
decorations, but those who have been through it can tell you how
terrifying it is to have your identity stolen because of a hacked
password," said Morgan Slain, CEO of SplashData. "We're hoping
that with more publicity about how risky it is to use weak passwords,
more people will start taking simple steps to protect themselves by
using stronger passwords and using different passwords for different
websites."
Gamers
in particular need to be vigilant in keeping their passwords strong and
safe. Hackers have targeted a number of game companies in recent years,
including Blizzard, Bethesda, and, most famously, Sony. Earlier this
month, PlaySpan, who handles microtransactions for hundreds of online
games, was breached.
If you've got any of these phrases as your
password on any system — be it a gaming network, email client, or
especially an online banking account -- change it. Change it fast.
You're leaving yourself open for hacking that could result in the loss
of everything, from hard-won Diablo III items to Microsoft Points you
spent real-world money acquiring.
Here's the full 2012 list, along with how the popularity of the phrase has increased or decreased in the past year:
1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)
Keep creating the same old passwords? Here's a few tips on how to create an cryptic password:
-
Use the first letter from each word in a phrase or line from a song.
For example, "Hey, I just met you... And this is crazy... But here's my
number... So call me maybe" could be "hijmyaticbhmnscmm." Of course,
you'll be stuck singing the damn thing in your head every time you log
in.
- Combine two words, such as "hungrydog" or "choppywater."
For added security, separate those words with symbols or numbers, or
swap numbers in place of certain letters. So instead of "hungrydog,"
use"hungry$d0g."
- If the site is case-sensitive, vary upper and
lower case letters, as well as using numbers and symbols. ("ViDeOgAmE,"
for example, is much more secure than "videogame.")
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
Your Life Is Fully Mobile: We walk, talk and sleep with our phones, but are we more or less connected?
Just as remarkable as the power of mobility, over everything from
love to learning to global development, is how fast it all happened.
Nancy Gibbs of Time points out, it is hard to think of any
tool, any instrument, any object in history with which so many developed
so close a relationship so quickly as we have with our phones. Not the
knife or match, the pen or page. Only money comes close—always at hand,
don’t leave home without it. But most of us don’t take a wallet to bed
with us, don’t reach for it and check it every few minutes, and however
useful money is in pursuit of fame, romance, revolution, it is inert
compared with a smart phone—which can replace your wallet now anyway.
Whatever
people thought the first time they held a portable phone the size of a
shoe in their hands, it was nothing like where we are now, accustomed to
having all knowledge at our fingertips. A typical smart phone has more
computing power than Apollo 11 when it landed a man on the moon. In many
parts of the world, more people have access to a mobile device than to a
toilet or running water; for millions, this is the first phone they’ve
ever had. In the U.S., close to 9 in 10 adults carry a mobile, leaving
its marks on body, mind, spirit. There’s a smart-phone gait: the slow
sidewalk weave that comes from being lost in conversation rather than
looking where you’re going. Thumbs are stronger, attention shorter,
temptation everywhere: we can always be, mentally, digitally, someplace
other than where we are.
So how do we feel about this? To better
understand attitudes about mass mobility, Time, in cooperation with
Qualcomm, launched the Time Mobility Poll, a survey of close to 5,000
people of all age groups and income levels in eight countries: the U.S.,
the U.K., China, India, South Korea, South Africa, Indonesia and
Brazil. Even the best survey can be only a snapshot in time, but this is
a crisp and textured one, revealing a lot about both where we are now
and where the mobile wave is taking us next.
A tool our parents
could not have imagined has become a lifeline we can’t do without. Not
for a day—in most cases not even for an hour. In Time’s poll, 1 in 4
people check it every 30 minutes, 1 in 5 every 10 minutes. A third of
respondents admitted that being without their mobile for even short
periods leaves them feeling anxious. It is a form of sustenance, that
constant feed of news and notes and nonsense, to the point that twice as
many people would pick their phone over their lunch if forced to
choose. Three-quarters of 25-to-29-year-olds sleep with their phones.
If
Americans have developed surprisingly intimate relationships with their
gadgets, they are still modest compared with people in other countries.
The Time Mobility Poll found that 1 in 5 Americans has asked someone on
a date by text, compared with three times as many Brazilians and four
times as many Chinese. Fewer than 1 in 10 married U.S. respondents
admitted to using texting to coordinate adultery, vs. one-third of
Indians and a majority of Chinese. It may be shocking that nearly a
quarter of all U.S. respondents, including a majority of
18-to-35-year-old men, have sent a sexually provocative picture to a
partner or loved one. But that trails South Africans’ 45% and Indians’
54%. Brazilians are especially exuberant, with 64% baring and sharing
all.
In most respects, overseas mobile users value their devices
the same way Americans do but with a few revealing exceptions. Americans
are grateful for the connection and convenience their phones provide,
helping them search for a lower price, navigate a strange city, expand a
customer base or track their health and finances, their family and
friends. But in some ways Americans are still ambivalent; more than 9 in
10 Brazilians and Indians agreed that being constantly connected is
mostly a good thing. America’s 76% was actually the lowest score.
Carve
up the U.S. population into the general public vs. high-income, highly
educated elites and some contrasts come into focus. Elites are more
likely to say that they work longer hours and have less time to think
but also that mobile has made them more efficient and productive, able
to manage more, be away from the office, stay informed about the news
and be a better parent. Four in 10 Americans think mobility has helped
them achieve a better work-life balance, vs. three-quarters or more of
Indians, Indonesians, Chinese and South Africans.
Like any
romance moving from infatuation to commitment, the connection between
people and their mobile devices reflects what they brought into the
relationship in the first place. In countries where connection and
convenience were difficult, these mobiles offer a kind of time travel,
delivering in the push of a button or touch of a screen the kind of
progress other countries built over decades. Which makes you wonder:
Just how much smaller and smarter and faster and better might our
devices be a decade from now? And how much about our lives and work and
relationships is left to be completely transformed as a result? What do
you think?!
- As seen in Time
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
How Companies and Cops Snoop on Your Digital Life – Whether You Realize It or Not!
If someone wanted to create a global system for tracking human beings
and collecting information about them, it would look a lot like the
digital mobile-device network. It knows where you are, and--the more you
text, tweet, shop, take pictures and navigate your surroundings using a
smart phone--it knows an awful lot about what you're doing.
Which
is one reason federal officials turned to Sprint, Verizon, AT&T and
T-Mobile in early 2009 when they needed to solve the robbery of a
Berlin, Conn., branch of Webster Bank. Using a loophole in a 1986 law
that allows warrantless searches of stored communications, the feds
ordered the carriers to provide records of phones that used a nearby
cell tower on the day of the crime. The carriers turned over to the
prosecutors the identities, call records and other personal information
of 169 cell-phone users--including two men who were eventually sentenced
to prison for the robbery. With a simple request, the feds cracked a
case that might have otherwise taken years to solve. In the process,
they collected information on 167 people who they had no reason to
believe had committed a crime, including details like numbers dialed and
times of calls that would have been protected as private on a landline.
Such
cases are common. In response to a request from Representative Ed
Markey, major cell carriers revealed in July, 2012 that they had
received more than 1.3 million requests for cell-phone tracking data
from federal, state and local law-enforcement officials in 2011. By
comparison, there were 3,000 wiretap warrants issued nationwide in 2010.
That revelation has added to a growing debate over how to balance the
convenience and security consumers now expect from their smart phones
with the privacy they traditionally have wanted to protect. Every second
we enjoy their convenience, smart phones are collecting information,
recording literally millions of data points every day.
The
potential for good is undeniable. In recent years, the average time it
takes the U.S. Marshals Service to find a fugitive has dropped from 42
days to two, according to congressional testimony from Susan Landau, a
Guggenheim fellow. Cell phones have changed criminal investigation from
the ground up. "There is a mobile device connected to every crime
scene," says Peter Modafferi, the chief of detectives in Rockland
County, New York.
But as smart phones' tracking abilities have
become more sophisticated, law enforcement, phonemakers, cell carriers
and software makers have come under fire for exploiting personal data
without the knowledge of the average user. Much of the law protecting
mobile privacy in the U.S. was written at the dawn of the cell-phone era
in the 1980s, and it can vary from state to state. Companies have
widely differing privacy policies. Now conservatives and liberals on
Capitol Hill are pushing legislation that would set new privacy
standards, limiting law-enforcement searches and restricting what kinds
of information companies can collect.
Government snooping is part
of the worry. But market demand is driving some of the biggest
collectors of data. Mobile advertising is now a $6 billion industry, and
identifying potential customers based on their personal information is
the new frontier. Last year, reports showed that free and cheap apps
were capable of everything from collecting location information to
images a phone is seeing. One app with image-collection capabilities,
Tiny Flashlight, uses a phone's camera as a flashlight and has been
installed at least 50 million times on phones around the world. Tiny
Flashlight's author, Bulgarian programmer Nikolay Ananiyev, tells Time
that his program does not collect the images or send them to third
parties.
In November 2012, news broke that a company named
Carrier IQ had installed software on as many as 150 million phones that
accesses users' texts, call histories, Web usage and location histories
without users' knowing consent. Carrier IQ says it does not record,
store or transmit the data but uses it to measure performance. In
February, Facebook, Yelp, Foursquare and Instagram apps, among others,
were reported to be uploading contact information from iPhones and
iPads. The software makers told the blog VentureBeat that they only use
the contact information when prompted by users. "No app is free," says
one senior executive at a phone carrier. "You pay for them with your
privacy."
Many consumers are happy to do so, and so far there
hasn't been much actual damage, at least not that privacy advocates can
point to. The question is where to draw the line. For instance, half of
smart-phone users make banking transactions via their mobile device. The
Federal Trade Commission has brought 40 enforcement cases in recent
years against companies for improperly storing customers' private
information.
Law enforcement is subject to some oversight. Absent
an emergency, prosecutors and police must convince a judge that the
cell information they are seeking from wireless companies is material to
a criminal case under investigation. An unusual alliance between
liberals and conservatives is pushing a bill to impose the same
requirements for getting cell tracking data as those that are in place
when cops want to get a warrant to search a house. Another bill would
increase restrictions on what app writers can do with personal
information. Cases moving through the courts may limit what law
enforcement can do with GPS tracking.
Tech companies are trying
to get a handle on the issue. Apple has a single customer-privacy
policy. Google posts the permissions that consumers give each app to
operate their phones' hardware and software, including authorization to
access camera and audio feeds and pass on locations or contact info. The
rush to keep up with technology
will only get harder: the next surge in surveillance is text messaging,
industry experts say, as companies and cops look for new ways to tap
technology for their own purposes.
- As seen in Time
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
Happy New Year: Now Measure My Results, Not My Hours
Too many businesses judge an employee’s performance by hours worked
rather than by value created. It's time to get with the program and
understand that "face time" is beyond overrated.
Accolades to Robert Pozen of The New York Times
who, yet again, brings up the fact too many businesses judge an
employee’s performance by hours worked rather than by value created. As a
result, workers who complete their tasks faster wind up
procrastinating, surfing the Web, or rereading emails long after the
clock strikes five, simply in order to be seen in the office.
Studies suggest that workers are right to believe they are better off
sticking around to avoid getting labeled as slackers. Managers in one
recent study described employees seen in the office as “dependable” and
“reliable,” and those who came in over the weekend as “committed” and
“dedicated.” These reactions are unfortunate “remnants of the industrial
age,” when hours logged on the assembly line translated directly into
more products.
But measuring performance by hours worked “makes no sense for
knowledge workers” in the 21st century, and bosses who implicitly reward
those who stay late “are undermining incentives for workers to be
efficient.” Many organizations will struggle with learning to focus on
results rather than hours. But if you can convince your boss to make
that switch, it “will help you accomplish more at work”—and that’s
something any boss can value.
- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
My Digital Nightmare: A Hacker Stole My Family Photos and Upended My Life, and It Could Easily Happen to You
In the space of one hour, my entire digital life was destroyed, said Mat Honan of Wired.
"First my Google account was taken over, then deleted. Next my Twitter
account was compromised, and used as a platform to broadcast racist and
homophobic messages. And worst of all, my AppleID account was broken
into, and my hackers used it to remotely erase all of the data on my
iPhone, iPad, and MacBook.
In many ways, this was all my fault.
My accounts were daisy-chained together. Getting into Amazon let my
hackers get into my Apple ID account, which helped them get into Gmail,
which gave them access to Twitter. Had I used two-factor authentication
for my Google account, it’s possible that none of this would have
happened, because their ultimate goal was always to take over my Twitter
account and wreak havoc. Lulz.
Had I been regularly backing up
the data on my MacBook, I wouldn’t have had to worry about losing more
than a year’s worth of photos, covering the entire lifespan of my
daughter, or documents and e-mails that I had stored in no other
location.
Those security lapses are my fault, and I deeply, deeply regret them.
But
what happened to me exposes vital security flaws in several customer
service systems, most notably Apple’s and Amazon’s. Apple tech support
gave the hackers access to my iCloud account. Amazon tech support gave
them the ability to see a piece of information — a partial credit card
number — that Apple used to release information. In short, the very four
digits that Amazon considers unimportant enough to display in the clear
on the web are precisely the same ones that Apple considers secure
enough to perform identity verification. The disconnect exposes flaws in
data management policies endemic to the entire technology industry, and
points to a looming nightmare as we enter the era of cloud computing
and connected devices.
This isn’t just my problem. Since Friday,
Aug. 3, 2012, when hackers broke into my accounts, I’ve heard from other
users who were compromised in the same way, at least one of whom was
targeted by the same group. The very four digits that Amazon considers
unimportant enough to display in the clear on the Web are precisely the
same ones that Apple considers secure enough to perform identity
verification.
Moreover, if your computers aren’t already
cloud-connected devices, they will be soon. Apple is working hard to get
all of its customers to use iCloud. Google’s entire operating system is
cloud-based. And Windows 8, the most cloud-centric operating system
yet, will hit desktops by the tens of millions in the coming year. My
experience leads me to believe that cloud-based systems need
fundamentally different security measures. Password-based security
mechanisms — which can be cracked, reset, and socially engineered — no
longer suffice in the era of cloud computing.
I realized
something was wrong at about 5 p.m. on Friday. I was playing with my
daughter when my iPhone suddenly powered down. I was expecting a call,
so I went to plug it back in.
It then rebooted to the setup
screen. This was irritating, but I wasn’t concerned. I assumed it was a
software glitch. And, my phone automatically backs up every night. I
just assumed it would be a pain in the ass, and nothing more. I entered
my iCloud login to restore, and it wasn’t accepted. Again, I was
irritated, but not alarmed.
I went to connect the iPhone to my
computer and restore from that backup — which I had just happened to do
the other day. When I opened my laptop, an iCal message popped up
telling me that my Gmail account information was wrong. Then the screen
went gray, and asked for a four-digit PIN.
I didn’t have a four-digit PIN.
By
now, I knew something was very, very wrong. For the first time it
occurred to me that I was being hacked. Unsure of exactly what was
happening, I unplugged my router and cable modem, turned off the Mac
Mini we use as an entertainment center, grabbed my wife’s phone, and
called AppleCare, the company’s tech support service, and spoke with a
rep for the next hour and a half.
It wasn’t the first call they
had had that day about my account. In fact, I later found out that a
call had been placed just a little more than a half an hour before my
own. But the Apple rep didn’t bother to tell me about the first call
concerning my account, despite the 90 minutes I spent on the phone with
tech support. Nor would Apple tech support ever tell me about the first
call voluntarily — it only shared this information after I asked about
it. And I only knew about the first call because a hacker told me he had
made the call himself.
At 4:33 p.m., according to Apple’s tech
support records, someone called AppleCare claiming to be me. Apple says
the caller reported that he couldn’t get into his Me.com e-mail — which,
of course was my Me.com e-mail.
In response, Apple issued a
temporary password. It did this despite the caller’s inability to answer
security questions I had set up. And it did this after the hacker
supplied only two pieces of information that anyone with an internet
connection and a phone can discover.
At 4:50 p.m., a password
reset confirmation arrived in my inbox. I don’t really use my me.com
e-mail, and rarely check it. But even if I did, I might not have noticed
the message because the hackers immediately sent it to the trash. They
then were able to follow the link in that e-mail to permanently reset my
AppleID password.
At 4:52 p.m., a Gmail password recovery e-mail
arrived in my me.com mailbox. Two minutes later, another e-mail arrived
notifying me that my Google account password had changed.
At
5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud’s
“Find My” tool to remotely wipe my iPhone. At 5:01 they remotely wiped
my iPad. At 5:05 they remotely wiped my MacBook. Around this same time,
they deleted my Google account. At 5:10, I placed the call to AppleCare.
At 5:12 the attackers posted a message to my account on Twitter taking
credit for the hack.
By wiping my MacBook and deleting my Google
account, they now not only had the ability to control my account, but
were able to prevent me from regaining access. And crazily, in ways that
I don’t and never will understand, those deletions were just collateral
damage. My MacBook data — including those irreplaceable pictures of my
family, of my child’s first year and relatives who have now passed from
this life — weren’t the target. Nor were the eight years of messages in
my Gmail account. The target was always Twitter. My MacBook data was
torched simply to prevent me from getting back in.
Lulz.
I
spent an hour and a half talking to AppleCare. One of the reasons it
took me so long to get anything resolved with Apple during my initial
phone call was because I couldn’t answer the security questions it had
on file for me. It turned out there’s a good reason for that. Perhaps an
hour or so into the call, the Apple representative on the line said
“Mr. Herman, I….”
“Wait. What did you call me?”
“Mr. Herman?”
“My name is Honan.”
Apple
had been looking at the wrong account all along. Because of that, I
couldn’t answer my security questions. And because of that, it asked me
an alternate set of questions that it said would let tech support let me
into my me.com account: a billing address and the last four digits of
my credit card. (Of course, when I gave them those, it was no use,
because tech support had misheard my last name.)
It turns out, a
billing address and the last four digits of a credit card number are the
only two pieces of information anyone needs to get into your iCloud
account. Once supplied, Apple will issue a temporary password, and that
password grants access to iCloud.
Apple tech support confirmed to
me twice over the weekend that all you need to access someone’s AppleID
is the associated e-mail address, a credit card number, the billing
address, and the last four digits of a credit card on file. I was very
clear about this. During my second tech support call to AppleCare, the
representative confirmed this to me. “That’s really all you have to have
to verify something with us,” he said.
We talked to Apple
directly about its security policy, and company spokesperson Natalie
Kerris told Wired, “Apple takes customer privacy seriously and requires
multiple forms of verification before resetting an Apple ID password. In
this particular case, the customer’s data was compromised by a person
who had acquired personal information about the customer. In addition,
we found that our own internal policies were not followed completely. We
are reviewing all of our processes for resetting account passwords to
ensure our customers’ data is protected.”
On Monday, Wired tried
to verify the hackers’ access technique by performing it on a different
account. We were successful. This means, ultimately, all you need in
addition to someone’s e-mail address are those two easily acquired
pieces of information: a billing address and the last four digits of a
credit card on file. Here’s the story of how the hackers got them.
By
exploiting the customer service procedures employed by Apple and
Amazon, hackers were able to get into iCloud and take over all of Mat
Honan’s digital devices — and data.
On the night of the hack, I
tried to make sense of the ruin that was my digital life. My Google
account was nuked, my Twitter account was suspended, my phone was in a
useless state of restore, and (for obvious reasons) I was highly
paranoid about using my Apple email account for communication.
I
decided to set up a new Twitter account until my old one could be
restored, just to let people know what was happening. I logged into
Tumblr and posted an account of how I thought the takedown occurred. At
this point, I was assuming that my seven-digit alphanumeric AppleID
password had been hacked by brute force. In the comments (and, oh, the
comments) others guessed that hackers had used some sort of keystroke
logger. At the end of the post, I linked to my new Twitter account.
And then, one of my hackers @ messaged me. He would later identify himself as Phobia. I followed him. He followed me back.
We
started a dialogue via Twitter direct messaging that later continued
via e-mail and AIM. Phobia was able to reveal enough detail about the
hack and my compromised accounts that it became clear he was, at the
very least, a party to how it went down. I agreed not to press charges,
and in return he laid out exactly how the hack worked. But first, he
wanted to clear something up:
“didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”
I
asked him why. Was I targeted specifically? Was this just to get to
Gizmodo’s Twitter account? No, Phobia said they hadn’t even been aware
that my account was linked to Gizmodo’s, that the Gizmodo linkage was
just gravy. He said the hack was simply a grab for my three-character
Twitter handle. That’s all they wanted. They just wanted to take it, and
fuck shit up, and watch it burn. It wasn’t personal.
“I honestly
didn’t have any heat towards you before this. i just liked your
username like I said before” he told me via Twitter Direct Message.
After
coming across my account, the hackers did some background research. My
Twitter account linked to my personal website, where they found my Gmail
address. Guessing that this was also the e-mail address I used for
Twitter, Phobia went to Google’s account recovery page. He didn’t even
have to actually attempt a recovery. This was just a recon mission.
Because
I didn’t have Google’s two-factor authentication turned on, when Phobia
entered my Gmail address, he could view the alternate e-mail I had set
up for account recovery. Google partially obscures that information,
starring out many characters, but there were enough characters
available, m••••n@me.com. Jackpot.
This was how the hack
progressed. If I had some other account aside from an Apple e-mail
address, or had used two-factor authentication for Gmail, everything
would have stopped here. But using that Apple-run me.com e-mail account
as a backup meant told the hacker I had an AppleID account, which meant I
was vulnerable to being hacked.
Be careful with your Amazon account — or someone might buy merchandise on your credit card, but send it to their home.
“You
honestly can get into any email associated with apple,” Phobia claimed
in an e-mail. And while it’s work, that seems to be largely true.
Since
he already had the e-mail, all he needed was my billing address and the
last four digits of my credit card number to have Apple’s tech support
issue him the keys to my account.
So how did he get this vital
information? He began with the easy one. He got the billing address by
doing a whois search on my personal web domain. If someone doesn’t have a
domain, you can also look up his or her information on Spokeo,
WhitePages, and PeopleSmart.
Getting a credit card number is
tricker, but it also relies on taking advantage of a company’s back-end
systems. Phobia says that a partner performed this part of the hack, but
described the technique to us, which we were able to verify via our own
tech support phone calls. It’s remarkably easy — so easy that Wired was
able to duplicate the exploit twice in minutes.
First you call
Amazon and tell them you are the account holder, and want to add a
credit card number to the account. All you need is the name on the
account, an associated e-mail address, and the billing address. Amazon
then allows you to input a new credit card. (Wired used a bogus credit
card number from a website that generates fake card numbers that conform
with the industry’s published self-check algorithm.) Then you hang up.
Next
you call back, and tell Amazon that you’ve lost access to your account.
Upon providing a name, billing address, and the new credit card number
you gave the company on the prior call, Amazon will allow you to add a
new e-mail address to the account. From here, you go to the Amazon
website, and send a password reset to the new e-mail account. This
allows you to see all the credit cards on file for the account — not the
complete numbers, just the last four digits. But, as we know, Apple
only needs those last four digits. We asked Amazon to comment on its
security policy, but didn’t have anything to share by press time.
And
it’s also worth noting that one wouldn’t have to call Amazon to pull
this off. Your pizza guy could do the same thing, for example. If you
have an AppleID, every time you call Pizza Hut, you’ve giving the
16-year-old on the other end of the line all he needs to take over your
entire digital life.
And so, with my name, address, and the last
four digits of my credit card number in hand, Phobia called AppleCare,
and my digital life was laid waste. Yet still I was actually quite
fortunate.
They could have used my e-mail accounts to gain access
to my online banking, or financial services. They could have used them
to contact other people, and socially engineer them as well. As Ed Bott
pointed out on TWiT.tv, my years as a technology journalist have put
some very influential people in my address book. They could have been
victimized too.
Instead, the hackers just wanted to embarrass me, have some fun at my expense, and enrage my followers on Twitter by trolling.
I had done some pretty stupid things. Things you shouldn’t do.
I
should have been regularly backing up my MacBook. Because I wasn’t
doing that, if all the photos from the first year and a half of my
daughter’s life are ultimately lost, I will have only myself to blame. I
shouldn’t have daisy-chained two such vital accounts — my Google and my
iCloud account — together. I shouldn’t have used the same e-mail prefix
across multiple accounts — mhonan@gmail.com, mhonan@me.com, and
mhonan@wired.com. And I should have had a recovery address that’s only
used for recovery without being tied to core services.
But,
mostly, I shouldn’t have used Find My Mac. Find My iPhone has been a
brilliant Apple service. If you lose your iPhone, or have it stolen, the
service lets you see where it is on a map. The New York Times’ David
Pogue recovered his lost iPhone just last week thanks to the service.
And so, when Apple introduced Find My Mac in the update to its Lion
operating system last year, I added that to my iCloud options too.
After all, as a reporter, often on the go, my laptop is my most important tool.
But
as a friend pointed out to me, while that service makes sense for
phones (which are quite likely to be lost) it makes less sense for
computers. You are almost certainly more likely to have your computer
accessed remotely than physically. And even worse is the way Find My Mac
is implemented.
When you perform a remote hard drive wipe on
Find my Mac, the system asks you to create a four-digit PIN so that the
process can be reversed. But here’s the thing: If someone else performs
that wipe — someone who gained access to your iCloud account through
malicious means — there’s no way for you to enter that PIN.
A
better way to have this set up would be to require a second method of
authentication when Find My Mac is initially set up. If this were the
case, someone who was able to get into an iCloud account wouldn’t be
able to remotely wipe devices with malicious intent. It would also mean
that you could potentially have a way to stop a remote wipe in progress.
But that’s not how it works. And Apple would not comment as to whether stronger authentification is being considered.
As
of Monday, both of these exploits used by the hackers were still
functioning. Wired was able to duplicate them. Apple says its internal
tech support processes weren’t followed, and this is how my account was
compromised. However, this contradicts what AppleCare told me twice that
weekend. If that is, in fact, the case — that I was the victim of Apple
not following its own internal processes — then the problem is
widespread.
I asked Phobia why he did this to me. His answer
wasn’t satisfying. He says he likes to publicize security exploits, so
companies will fix them. He says it’s the same reason he told me how it
was done. He claims his partner in the attack was the person who wiped
my MacBook. Phobia expressed remorse for this, and says he would have
stopped it had he known.
“yea i really am a nice guy idk why i do
some of the things i do,” he told me via AIM. “idk my goal is to get it
out there to other people so eventually every1 can over come hackers”
I
asked specifically about the photos of my little girl, which are, to
me, the greatest tragedy in all this. Unless I can recover those photos
via data recovery services, they are gone forever. On AIM, I asked him
if he was sorry for doing that. Phobia replied, “even though i wasnt the
one that did it i feel sorry about that. Thats alot of memories im only
19 but if my parents lost and the footage of me and pics i would be
beyond sad and im sure they would be too.”
But let’s say he did
know, and failed to stop it. Hell, for the sake of argument, let’s say
he did it. Let’s say he pulled the trigger. The weird thing is, I’m not
even especially angry at Phobia, or his partner in the attack. I’m
mostly mad at myself. I’m mad as hell for not backing up my data. I’m
sad, and shocked, and feel that I am ultimately to blame for that loss.
But
I’m also upset that this ecosystem that I’ve placed so much of my trust
in has let me down so thoroughly. I’m angry that Amazon makes it so
remarkably easy to allow someone into your account, which has obvious
financial consequences. And then there’s Apple. I bought into the Apple
account system originally to buy songs at 99 cents a pop, and over the
years that same ID has evolved into a single point of entry that
controls my phones, tablets, computers and data-driven life. With this
AppleID, someone can make thousands of dollars of purchases in an
instant, or do damage at a cost that you can’t put a price on."
Additional
reporting by Roberto Baldwin and Christina Bonnington. Portions of this
story originally appeared on Mat Honan’s Tumblr.
- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
Virtual Princeton: A Guide to Free Online Ivy League Classes
Elite universities are opening their classrooms' doors to anyone with
an Internet connection — for free! The company Coursera has teamed up
with 16 universities (including Stanford, Duke, and Princeton) to offer
more than 100 free online courses to anyone with Internet access.
Why are colleges offering free classes?
They
don't want to be left behind in the digital revolution that has already
transformed the way we consume news, music, and books. Stanford, Duke,
Princeton, and Johns Hopkins are among the 16 universities that have
partnered with a newly launched company called Coursera to offer more
than 100 free online courses this academic year; MIT, Harvard, and the
University of California, Berkeley, are following suit through a
nonprofit venture called edX. Now people anywhere in the world can take
Stanford's "Introduction to Mathematical Thinking," learn the
"Principles of Obesity Economics" at Johns Hopkins, or have Duke
University behavioral economist Dan Ariely lead them through "A
Beginner's Guide to Irrational Behavior"—all without paying the $50,000
usually required to attend these world-class universities. More than 1
million people from scores of countries have already enrolled in the
free classes, which some believe could transform the mission and model
of higher education. Anant Agarwal, president of edX, calls it "the
single biggest change in education since the printing press."
What's in it for colleges?
Prestige
now, and possibly profit later. Schools say they're willing to give
their product away for free so they don't miss the chance to be among
the first to develop new forms of education. "The potential upside for
this experiment is so big that it's hard for me to imagine any large
research university that wouldn't want to be involved," said Richard
DeMillo, director of the Center for 21st Century Universities at Georgia
Tech. One day the schools will likely try to make some money, too,
possibly by charging students for credits or allowing companies to
sponsor courses. But universities recognize that they could be
jeopardizing their hard-won reputations and their time-tested business
model, said Jason Wingard, a vice dean of the University of
Pennsylvania's Wharton School. "You run the risk of potentially diluting
your brand."
How do the classes work?
Much
like a typical college lecture course, but with an audience in the tens
or even hundreds of thousands. At a time of their choosing, students
watch videos of lectures by respected professors, and complete
interactive quizzes and regular homework to prove they grasp the
material. The Web videos incorporate graphics and virtual games, and
students can pose questions and debate one another in online discussion
groups. Professors say it's thrilling to reach so many students at once,
from teenagers in India to baby boomers in Indiana. Coursera co-founder
Andrew Ng, a Stanford computer
science professor, recently taught an online class to more than 100,000
students. To reach that many people, Ng said, "I would have had to
teach my normal Stanford class for 250 years."
Are the classes effective?
Some
educators doubt that virtual classes can match the experience of
face-to-face learning. Online education "tends to be a monologue and not
a real dialogue," said University of Virginia English professor Mark
Edmundson. There's also an extremely high attrition rate: Of the 160,000
people who enrolled in a Stanford artificial intelligence course last
year, only 23,000 finished the work. But the feedback that could improve
these courses is just beginning to roll in, and there's already some
evidence that students who stick with online courses learn just as much
as those in conventional classes. "This is the Wild West," said Agarwal.
"There's a lot of things we have to figure out."
Will this trend make college cheaper?
There
are grounds for hope. Since 1985, U.S. college tuition rates and fees
have grown by 559 percent. In theory, online courses could cut costs by
enabling universities to outsource coursework to the Internet and do
away with or share some academic departments. Fewer students would need
campus housing and other services. Universities have so far opposed
giving credit for free classes, instead conferring certificates that
don't count toward a degree. But that's already starting to change, with
the University of Washington offering credit for Coursera classes this
fall.
Could the web replace universities?
Not
anytime soon. "Why do people pay $50,000 a year to attend an
institution like Caltech?" Ng said. "The real value is the interactions
with professors and other equally bright students." Still, even a remote
dose of elite education can have great value to students who have no
chance of setting foot on an Ivy League campus. And lessons drawn from
the courses could reshape how colleges approach teaching, turning the
ability to offer a mix of online and face-to-face learning into the new
gold standard for top-notch educators. Sebastian Thrun, a Stanford
research professor who offers free online computer science classes,
predicts that there will be only 10 higher-education institutions in the
world in 50 years. "It's pretty obvious that degrees will go away," he
said. "The idea of a degree is that you spend a fixed time right after
high school to educate yourself for the rest of your career. But careers
change so much over a lifetime now that this model isn't valid
anymore." In the future, he says, people will return to college
throughout their lives, updating what they know through online courses.
A fresh start for the jobless
Free
online courses might have millions of immediate beneficiaries among
unemployed workers who need job retraining. Even with a law degree from
the University of Chicago, Dennis Cahillane, 29, couldn't get hired. But
after taking several free Stanford courses in building databases, he
recently landed a job as a programmer for a media website. And now he is
planning to work his way through Coursera classes in his spare time
until he's earned "the equivalent of a B.A. in computer science from
Stanford," he told Fast Company. Andy Rice, who owns a weather
forecasting company in Minnesota, says he's heartened when he sees
resumes from job applicants listing free courses. "I definitely want to
hire people who are always questing for new knowledge," he said. "Life's
not about what you learn when you're 22."
- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
How Teens’ Texts Lead to Unsafe Sex
Teenagers who engage in sexting—sending
sexually explicit texts—are far more likely to begin having intercourse
at an early age and engage in other risky behavior, a new study has
found.
The study of 1,800 Los Angeles high school students shows that one in
seven has sent a “sext” message, and that those who have are seven
times more likely to be sexually active. Teens who sext—especially
girls— are also more likely to have unprotected sex, sleep with multiple
partners, and use drugs or alcohol before having intercourse.
“What we really wanted to know is, is there a link between sexting
and taking risks with your body? And the answer is a pretty resounding
‘yes,’” study author Eric Rice, a researcher at the University of
Southern California, tells Reuters.com. The fact that some teen
girls have suffered humiliation when ex-boyfriends widely distributed
photos of them naked doesn’t seem to be registering.
“There is an emerging sense of normalcy around sexting behavior,”
Rice says. Some 54 percent of teens say they have a friend who sexts,
which makes them 17 times more likely to try it themselves. “If their
friends do it,” Rice says, “they’re going to do it.”
- As seen in The Week
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
The Digital 100: The World's Most Valuable Private Tech Companies in 2012
Business Insider
evaluated private tech companies and ranked the top 100 by value. Their
rankings are based on several metrics, including revenue, users, market
opportunities, growth rates, and the perception of investors and tech
gurus.
Here they are, The Digital 100, enjoy!
1. Alibaba
2. Bloomberg
3. Twitter
4. 360Buy
5. Palantir
6. Dropbox
7. Square
8. MLB.com
9. Softlayer
10. Vente-Privee
11. VANCL
12. Airbnb
13. Pinterest
14. Datapipe
15. Spotify
16. Craigslist
17. Flipkart
18. Ozon Group
19. Coupang
20. Wonga
21. Hulu
22. Klarna
23. Kaspersky Lab
24. Rovio
25. Conduit
26. Aricent Group
27. Survey Monkey
28. Mu Sigma
29. ZocDoc
30. Just Eat
31. Gilt Groupe
32. Everyday Health
33. Evernote
34. LivingSocial
35. Criteo
36. Zulily
37. Zoosk
38. Redfin
39. Qualtrics
40. Seamless
41. Media Ocean
42. JustDial
43. 10gen
44. AppNexus
45. GitHub
46. Tumblr
47. Box.net
48. Glam Media
49. Stella & Dot
50. Marketo
51. Etsy
52. One Kings Lane
53. Nasty Gal
54. Klout
55. Automattic
56. Xiu
57. Manta
58. Eventbrite
59. Sugar, Inc
60. Kickstarter
61. Apptio
62. Fresh Direct
63. eHarmony
64. Veracode
65. Wix
66. Turn
67. Quantcast
68. Nest
69. Fab
70. Foursquare
71. Storm8
72. Flipboard
73. Vibrant Media
74. Rubicon Project
75. OpenX
76. Return Path
77. Quora
78. Snapdeal
79. Tremor Video
80. RightScale
81. Whaleshark/RetailMeNot
82. Break Media
83. Tagged
84. Yext
85. Stripe
86. Rocket Fuel
87. Mind Candy
88. AddThis
89. SoundCloud
90. Xirrus
91. Federated Media
92. Say Media
93. Yodle
94. Coupons.com
95. Path
96. Shazam
97. Plenty of Fish
98. Warby Parker
99. Thrillist
100. Vox Media
- As seen in Business Insider
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
How to Clean Up Your Online Image
1. Assess the damage. Now there's a reason to spend hours Googling yourself or better yet, to plug your name into 123people.com, which digs up harder-to-find info. You can tackle minor stains yourself but if there's a lot to bury, hire a pro like Reputation.com or ElixirInteractive.com
2. Start cleaning. Scour your Twitter, Facebook, and other social networking accounts and delete and dodgy photos or comments you've posted. If necessary, close down questionable accounts.
3. Push the positives. Blogs rank high in Google's algorithms so consider starting a blog about your interests. If you don't have time to post regularly, start a personal Web site instead, using a template from Wix.com or Webs.com. To find free, comprehensive advice on building a positive online presence, check out BrandYourself.com.
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
Meet Baxter: The Humanoid Robot to Revolutionize U.S. Manufacturing
Rethink Robotics unveils Baxter, a robot that can work alongside humans. According to Valentin Schmid at The Epoch Times,
Baxter could revolutionize the way American companies operate as they
shift production back to the United States using the humanoid robot to
save on costs. Rethink Robotics unveiled its flagship product to the
public September 18, 2012.
“Roboticists have been successful in
designing robots capable of super-human speed and precision. What’s
proven more difficult is inventing robots that can act as we do—in other
words, that are able to inherently understand and adapt to their
environments,” said company founder Rodney Brooks, an artificial
intelligence legend and robotics pioneer having spent much of his life
teaching at MIT. Rethink was founded in 2008 with the purpose of
designing a robot like Baxter and carries a few other products. It is
currently owned by venture capital firms and Brooks.
He further
notes that providing a flexible and inexpensive solution—the robot costs
only $22,000—Rethink specifically hopes to contribute to a revival in
American manufacturing. “We believed that if we could cross that chasm
with the manufacturing environment specifically in mind, we could offer
new hope to the millions of American manufacturers who are looking for
innovative ways to compete in our global economy.”
Baxter Solves Problem of Safety, Adaptability, and Programming
Baxter,
which is exclusively produced in the United States and will first ship
in October, aims to solve some of the long-standing issues with
automation. The most important one is safety, as most industrial robots
on assembly lines operate far away from humans or need to be caged to
prevent injury. Rethink’s robot, which has a screen as a head and big
flexible arms, is also equipped with Sonar sensors and software that
help it detect human activity. In addition, it is programmed to stop its
relatively gentle movements as soon as it detects resistance. A
promotional video shows the robot standing on a fixed platform and the
company has not commented on whether it can also walk.
“The
class of products that can work side by side with people without any
protection, those would be important developments. They could take
robots from a factory environment … where people would have to be kept
away, into more areas … some outside of factories,” says Jeff Burnstein,
president of the Robotic Industries Association, an organization that
provides education and information for companies interested in
automating workflows.
Another big advantage is the ease of use.
Normally, industrial robots need technical personnel to be programmed to
perform a limited amount of tasks in an effort that involves special
software and more often than not can take up to a full day. Baxter,
which can be employed in less than an hour after being delivered, can be
trained by any type of personnel by merely showing it how to perform a
wide range of tasks, such as material handling, line loading, light
assembly, or packing products.
In practice this would mean that
the employee would move Baxter’s arms to perform the desired process and
chose one of several preprogrammed options by way of twisting a few
dials. The robot can also adapt to changes in the environment, for
example if it drops an object, it knows to get another before trying to
finish the task, unlike other robots, which have been seen picking air
for a whole day, if no human supervises them.
“This class of
robots doesn’t need a whole lot of programming. … That’s important.
There are a number of companies that either don’t have the in-house
expertise or they don’t want to pay for outside assistance,” said
Burnstein in an Epoch Times interview.
“Because of its
versatility and the short amount of time it takes to retrain, Baxter can
be easily moved by production personnel to different and varying tasks
over the course of a day, week, and month,” says the company’s press
release. Most of the claims that the company makes in the press release
can be tracked in a promotional video and also have been tried in
practice when Baxter was on loan at Vanguard Plastics, a small
manufacturer based in Connecticut, writes Will Knight of
technologyreview.com.
Jeff Burnstein cautions, however, that the
ultimate success will be determined after the product is rolled out.
“Until these products are out in big numbers you don’t know if they are
safe or not.”
If Baxter or similar robots can be rolled out on a
large scale, it could mean big things for American manufacturing. Given
the fact that robots like Baxter are inexpensive, flexible, and do not
need much maintenance in terms of programming, they can be used in
companies of all sizes that face tough options in competing with
low-wage countries. AFL-CIO, the umbrella federation for 56 U.S. unions
cites Bureau of Labor Statistics data saying that 5.5 million jobs were
lost in the process of offshoring.
“This development will either
save or create new jobs,” believes Burnstein. “We would hope that
companies that would have otherwise either closed down because they
can’t compete or sent manufacturing jobs overseas will decide to
automate in order to keep jobs in the United States.”
Bob Baugh,
executive director of the AFL-CIO industrial union council,
representing the manufacturing unions within the umbrella organization
agrees: “If you are more productive this way, you can share the
benefits. … The productivity is shared with the workforce and the
community and the country in a sense that people earn better wages and
income. They are compensated for these productivity gains that come with
the interface with human interaction with technology to produce goods.”
The idea is as follows: A humanoid robot would boost human
labor productivity in such a way that it would reduce costs and boost
output without reducing employment here. Increased output at lower costs
would mean more capital accumulated and wages paid in the United
States, leading to greater economic prosperity, even outside
manufacturing.
A simple example would see an American company
closing its factory in China, because it is upset with intellectual
property theft and corrupt business practices as well as rising wages
over there. It would then reopen production in the United States, hiring
workers and supplementing them with flexible automation solutions. Jobs
and output are created in the United States, leading to more jobs and
output created in the United States.
Jeff Burnstein sees
numerous reasons why reshoring makes sense: “When you build domestically
you are closer to your customers, you don’t have to deal with political
instability … the fear of your IP being stolen. There are a lot of
reasons if all things are equal why you would want to build
domestically. … Automation and robotics in particular is allowing
companies to do that, we are seeing signs of that.”
According to
Bob Baugh, automation is also seen as a positive by the unions, as long
as some standards are met: “Workers need to be compensated well and
have a good work environment where they do these things and that they
have the skills to operate the technology and equipment.” These new
developments in automation seem to be a win-win situation that might
even lead to American companies becoming export leaders again one day in
the not too distant future.
- As seen in The Epoch Times
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!
U.S. is Tightening Web Privacy Rule to Protect Young
Federal regulators are about to take the biggest steps in more than a
decade to protect children online. According to Natasha Singer of The New York Tiems,
the moves come at a time when major corporations, app developers and
data miners appear to be collecting information about the online
activities of millions of young Internet users without their parents’
awareness.
Some sites and apps have also collected details like children’s
photographs or locations of mobile devices; the concern is that the
information could be used to identify or locate individual children. For
example, McDonald’s invites children who visit HappyMeal.com to upload
their photos so they can make collages or videos.
These
data-gathering practices are legal. But the development has so alarmed
officials at the Federal Trade Commission that the agency is moving to
overhaul rules that many experts say have not kept pace with the
explosive growth of the Web and innovations like mobile apps. New rules
are expected within weeks.
“Today, almost every child has a
computer in his pocket and it’s that much harder for parents to monitor
what their kids are doing online, who they are interacting with, and
what information they are sharing,” says Mary K. Engle, associate
director of the advertising practices division at the F.T.C. “The
concern is that a lot of this may be going on without anybody’s
knowledge.”
The proposed changes could greatly increase the need
for children’s sites to obtain parental permission for some practices
that are now popular — like using cookies to track users’ activities
around the Web over time. Marketers argue that the rule should not be
changed so extensively, lest it cause companies to reduce their
offerings for children.
“Do we need a broad, wholesale change of
the law?” says Mike Zaneis, the general counsel for the Interactive
Advertising Bureau, an industry association. “The answer is no. It is
working very well.”
The current federal rule, the Children’s Online Privacy Protection Act of 1998 (COPPA),
requires operators of children’s Web sites to obtain parental consent
before they collect personal information like phone numbers or physical
addresses from children under 13. But rapid advances in technology have
overtaken the rules, privacy advocates say.
Today, many
brand-name companies and analytics firms collect, collate and analyze
information about a wide range of consumer activities and traits. Some
of those techniques could put children at risk, advocates say.
Under
the F.T.C.’s proposals, some current online practices, like getting
children under 13 to submit photos of themselves, would require parental
consent.
Children who visit McDonald’s HappyMeal.com, for
instance, can “get in the picture with Ronald McDonald” by uploading
photos of themselves and combining them with images of the clown.
Children may also “star in a music video” on the site by uploading
photos or webcam images and having it graft their faces onto dancing
cartoon bodies.
But according to children’s advocates, McDonald’s
stored these images in directories that were publicly available. Anyone
with an Internet connection could check out hundreds of photos of young
children, a few of whom were pictured in pajamas in their bedrooms,
advocates said.
In a related complaint to the F.T.C. last month, a
coalition of advocacy groups accused McDonald’s and four other
corporations of violating the 1998 law by collecting e-mail addresses
without parental consent. HappyMeal.com, the complaint noted, invites
children to share their creations on the site by providing the first
names and e-mail addresses of their friends.
“When we tell
parents about this they are appalled, because basically what it’s doing
is going around the parents’ back and taking advantage of kids’
naivete,” says Jennifer Harris, the director of marketing initiatives at
the Yale Rudd Center for Food Policy and Obesity, a member of the
coalition that filed the complaint. “It’s a very unfair and deceptive
practice that we don’t think companies should be allowed to do.”
Danya Proud, a spokeswoman for McDonald’s, said in an e-mail that the company placed a “high importance” on protecting privacy, including children’s online privacy. She said that McDonald’s had blocked public access to several directories on the site.
Last
year, the F.T.C. filed a complaint against W3 Innovations, a developer
of popular iPhone and iPod Touch apps like Emily’s Dress Up, which
invited children to design outfits and e-mail their comments to a blog.
The agency said that the apps violated the children’s privacy rule by
collecting the e-mail addresses of tens of thousands of children without
their parents’ permission and encouraging those children to post
personal information publicly. The company later settled the case,
agreeing to pay a penalty of $50,000 and delete personal data it had
collected about children.
It is often difficult to know what kind
of data is being collected and shared. Industry trade groups say
marketers do not knowingly track young children for advertising
purposes. But a study last year of 54 Web sites popular with children,
including Disney.go.com and Nick.com, found that many used tracking
technologies extensively.
“I was surprised to find that pretty
much all of the same technologies used to track adults are being used on
kids’ Web sites,” said Richard M. Smith, an Internet security expert in
Boston who conducted the study at the request of the Center for Digital
Democracy, an advocacy group.
Using a software program called Ghostery, which detects and identifies tracking entities on Web sites, a New York Times
reporter recently identified seven trackers on Nick.com — including
Quantcast, an analytics company that, according to its own marketing
material, helps Web sites “segment out specific audiences you want to
sell” to advertisers.
Ghostery found 13 trackers on a Disney game
page for kids, including AudienceScience, an analytics company that,
according to that company’s site, “pioneered the concept of targeting
and audience-based marketing.”
David Bittler, a spokesman for
Nickelodeon, which runs Nick.com, says Viacom, the parent company, does
not show targeted ads on Nick.com or other company sites for children
under 13. But the sites and their analytics partners may collect data
anonymously about users for purposes like improving content. Zenia
Mucha, a spokeswoman for Disney, said the company does not show targeted
ads to children and requires its ad partners to do the same.
Another
popular children’s site, Webkinz, says openly that its advertising
partners may aim at visitors with ads based on the collection of
“anonymous data.” In its privacy policy, Webkinz describes the practice
as “online advanced targeting.”
If the F.T.C. carries out its
proposed changes, children’s Web sites would be required to obtain
parents’ permission before tracking children around the Web for
advertising purposes, even with anonymous customer codes.
Some
parents say they are trying to teach their children basic online
self-defense. “We don’t give out birth dates to get the free stuff,”
said Patricia Tay-Weiss, a mother of two young children in Venice,
Calif., who runs foreign language classes for elementary school
students. “We are teaching our kids to ask, ‘What is the company getting
from you and what are they going to do with that information?’ ”
- As seen in The New York Times
Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS here!