Bloomberg

Facebook Paid Hundreds of Contractors to Transcribe Users’ Audio

Bloomberg

Facebook Inc. has been paying hundreds of outside contractors to transcribe clips of audio from users of its services, according to people with knowledge of the work.

The work has rattled the contract employees, who are not told where the audio was recorded or how it was obtained — only to transcribe it, said the people, who requested anonymity for fear of losing their jobs. They’re hearing Facebook users’ conversations, sometimes with vulgar content, but do not know why Facebook needs them transcribed, the people said.

Facebook confirmed that it had been transcribing users’ audio and said it will no longer do so. “We paused human review of audio more than a week ago,” the company said Tuesday. The company said the users who were affected chose the option in Facebook’s Messenger app to have their voice chats transcribed. The contractors were checking whether Facebook’s artificial intelligence correctly interpreted the messages, which were anonymized.

Full article

EFF

Victory! Lawsuit May Proceed Against Facebook’s Biometric Surveillance

Electronic Frontier Foundation

Biometric surveillance by companies against consumers is a growing menace to our privacy, freedom of expression, and civil rights. Fortunately, a federal appeals court has ruled that a lawsuit against Facebook for its face surveillance may move forward.

The decision, by the federal Ninth Circuit about an Illinois privacy law, is the first by an American appellate court to directly identify the unique hazards of face surveillance. This is an important victory for biometric privacy, access to the courts for ordinary people, and the role of state governments as guardians of our digital liberty.

Full article

EFF

How to: Use PGP for Linux

Electronic Frontier Foundation

To use PGP to exchange secure emails you have to bring together three programs: GnuPG, Mozilla Thunderbird and Enigmail. GnuPG is the program that actually encrypts and decrypts the content of your mail, Mozilla Thunderbird is an email client that allows you to read and write emails without using a browser, and Enigmail is an add-on to Mozilla Thunderbird that ties it all together.

What this guide teaches is how to use PGP with Mozilla Thunderbird, an email client program that performs a similar function to Outlook. You may have your own favorite email software program (or use a web mail service like Gmail or Outlook.com). This guide won’t tell you how to use PGP with these programs. You can choose either to install Thunderbird and experiment with PGP with a new email client, or you can investigate other solutions to use PGP with your customary software. We have still not found a satisfactory solution for these other programs.

Full article

ZDNet

Facebook files lawsuit against two Android app developers for click fraud

ZDNet

Facebook said it filed a lawsuit today against two Android app developers from Asia for orchestrating a “click injection fraud” scheme against Facebook ads.

The two app developers are LionMobi, based in Hong Kong, and JediMobi, based in Singapore. Facebook said the two companies created apps with malware-like features and made them available via the official Google Play Store.

Both LionMobi and JediMobi apps were using Facebook ads to monetize their apps. Once real users installed the apps on their phones, malicious code hidden inside the apps would generate fake user clicks on Facebook ads.

These fake clicks would give the Facebook advertising platform the false impression that real users had clicked on the ads.

Full article

Cybersecurity Insiders

Keyboard warriors to save Britain from Russian Cyber Threats

Cybersecurity Insiders

A special group of Britain’s military personnel dubbed as ‘Keyboard Warriors’ is reportedly being trained as tech-savvy soldiers to fight Russian Trolls and Twitter terrorists. And this news piece was shared by Lieutenant General Ivan Jones through a media update.

“The objective of establishing such a digital army is simple, to fight bad actors spreading fake news and to curb cyber-attacks on the UK’s digital infrastructure. Officially known as ‘Six Division’, members of the team will be recruited from special forces, Royal Air Force, Navy and Field Army” said Lieu. Jones in a recent interview to ‘Telegraph’.

And all these tech warriors will be professionally trained in Information Warfare, will have to pass all the standard physical and fitness tests like traditional soldiers and will also be trained in advanced weaponry along with covert surveillance added Mr. Jones.

Full article

Naked Security

GitHub ‘encourages’ hacking, says lawsuit following Capital One breach

Naked Security

GitHub has been named in a class action lawsuit because the hacker who allegedly stole data from more than 100 million Capital One users posted details about the theft onto the platform.

GitHub is a code hosting platform for software development version control that uses Git and which lets coders remotely collaborate on projects. Microsoft bought the open-source developers’ site for $7.5 billion in stock in 2018.

The lawsuit, filed in US district court for the Northern District of California, names Capital One as well.

The suit says that GitHub had an obligation under California law and industry standards to keep off or remove Social Security numbers (SSNs) and personal information from its site. It says that it should be easy to do, given that SSNs are all nine digits long, in the sequence of XXX-XX-XXXX, but that GitHub “nonetheless chose not to.” Ditto for the other sensitive information that was leaked and posted, such as individuals’ addresses, which are all “similarly readily identifiable.”

The information was available on GitHub for over three months, until a bug hunter spotted it and notified Capital One.

The lawsuit alleges that by allowing the hacker to store information on its servers, GitHub violated the federal Wiretap Act. It also alleges that GitHub is guilty of negligence, negligence per se, and violation of the California civil code.

Full article

Cybersecurity Insiders

North Korea generated $2 billion from Cyber Attacks to fund its nuclear intentions

Cybersecurity Insiders

In a shocking revelation made by Reuters, North Korea is reported to have generated an estimated $2 billion to fund its nuclear intentions- all through increasingly sophisticated cyber attacks.

These facts were revealed by a secret report sent by UN which was compiled by an independent experts committee which was monitoring the events over six months.

“Pyongyang has been paused it’s nuclear and missile programs such as Intercontinental Ballistic Missile Launch (ICBM) for time being. But its state-funded hackers are steal active in launching cyberattacks to steal crypto and fiat currency from banks and financial institutions around the world”, says the report which was submitted to UN by a Security Council Committee.

Full article

EFF

‘IBM PC Compatible’: How Adversarial Interoperability Saved PCs From Monopolization

Electronic Frontier Foundation

Adversarial interoperability is what happens when someone makes a new product or service that works with a dominant product or service, against the wishes of the dominant business.

Though there are examples of adversarial interoperability going back to early phonograms and even before, the computer industry has always especially relied on adversarial interoperability to keep markets competitive and innovative. This used to be especially true for personal computers.

From 1969 to 1982, IBM was locked in battle with the US Department of Justice over whether it had a monopoly over mainframe computers; but even before the DOJ dropped the suit in 1982, the computing market had moved on, with mainframes dwindling in importance and personal computers rising to take their place.

The PC revolution owes much to Intel’s 8080 chip, a cheap processor that originally found a market in embedded controllers but eventually became the basis for early personal computers, often built by hobbyists. As Intel progressed to 16-bit chips like the 8086 and 8088, multiple manufacturers entered the market, creating a whole ecosystem of Intel-based personal computers.

In theory, all of these computers could run MS-DOS, the Microsoft operating system adapted from 86-DOS, which it acquired from Seattle Computer Products, but, in practice, getting MS-DOS to run on a given computer required quite a bit of tweaking, thanks to differences in controllers and other components.

When a computer company created a new system and wanted to make sure it could run MS-DOS, Microsoft would refer the manufacturer to Phoenix Software (now Phoenix Technologies), Microsoft’s preferred integration partner, where a young software-hardware wizard named Tom Jennings (creator of the pioneering networked BBS software FidoNet) would work with Microsoft’s MS-DOS source code to create a custom build of MS-DOS that would run on the new system.

Full article

Linux Journal

Open Source Is Good, but How Can It Do Good?

Naked Security

Open-source coders: we know you are good—now do good.

The ethical use of computers has been at the heart of free software from the beginning. Here’s what Richard Stallman told me when I interviewed him in 1999 for my book Rebel Code:

The free software movement is basically a movement for freedom. It’s based on values that are not purely material and practical. It’s based on the idea that freedom is a benefit in itself. And that being allowed to be part of a community is a benefit in itself, having neighbours who can help you, who are free to help you – they are not told that they are pirates if they help you – is a benefit in itself, and that that’s even more important than how powerful and reliable your software is.

The Open Source world may not be so explicit about the underlying ethical aspect, but most coders probably would hope that their programming makes the world a better place. Now that the core technical challenge of how to write good, world-beating open-source code largely has been met, there’s another, trickier challenge: how to write open-source code that does good.

Full article