Zoosk data breach? Or something else?

Sell the data?

I recently got a message from you’ve been pwned, suggesting that its likely some of my personal data has been leaked via dating site Zoosk.

In approximately 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of almost 53 million records, the data contained email addresses and plain text passwords. However, during extensive verification in May 2016 no evidence could be found that the data was indeed sourced from the dating service. This breach has consequently been flagged as fabricated; it’s highly unlikely the data was sourced from Zoosk.

I had a idea what fabricated meant, but I had a little read…

What is a “fabricated” breach?

Some breaches may be flagged as “fabricated”. In these cases, it is highly unlikely that the breach contains legitimate data sourced from the alleged site but it may still be sold or traded under the auspices of legitimacy. Often these incidents are comprised of data aggregated from other locations (or may be entirely fabricated), yet still contain actual email addresses of unbeknownst to the account holder. Fabricated breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web. Further background on unverified breaches can be found in the blog post titled Introducing “fabricated” breaches to Have I been pwned.

Sold or traded!

People laughed ages ago about the idea of selling user data but lets say dating site z had lost a lot of the market due to new players in the space. They needed to stay a float, prove to their investors they are still profitable? User data would be a useful resource for revenue… Of course this is illegal but you would cover your tracks… right! Make it look like “hackers!”

The example Tony Hunt uses is Justdate.com as a example

There’s a whole other discussion to be had about what causes a bundle of data to be fabricated and called a breach in the first place. Attempts to monetise the data by selling the alleged breach, extortion of the company involved or just simple big-noting by individuals seeking notoriety are all feasible explanations for many of the fabricated breaches I see. For now, the important thing is that if your data is circulating in one of these dumps, there’s now a way to know about it.

To be clear I’m not saying Zoosk is doing this, but someone is certainly pointing the finger.

Dark data experiments?

Untitled - man in the dark
I have a lot of curiosity and one of the things which has consistently got me curious, is the challenges of the hidden. Hidden being the trick, the data, the technique, the place or the knowledge. This is why I’m very interested in Hacker House (it was almost added to my new years resolutions for 2017 even).

Currently data is the hidden which intrugued me the moment, hence my massive interest in data ethics. There’s been 3 experiments which have really got me jumping up and down about this all… thought I’d share while I eat cheese and drink wine on Christmas day

  • Click Click Click
    A perfect and fun demonstration of mouse tracking on websites using just JavaScript. This is the data the likes of Facebook, Google, Amazon, etc use to track users dwell time and implicit actions on the website. Found via some folks on our BBC R&D internal slack.
  • I know what you downloaded (…last summer or even last Christmas)
    This site collects IPs from public torrent swarms by parsing torrent sites and listening to the DHT network. They have more than 500.000 torrents which where classified and have data on peers sharing habits. The slightly twisted feature is the ability to share a link and see what people have been sharing. I promise not to do this but highlights the problem with shortern urls and long query strings you can’t be bother to read or don’t understand how they work (knowledge). Found via Torrentfreak
  • Find my phone
    Man’s smartphone is stolen in Amsterdam, so the same man decides to root another phone and deliberately track the phone. Along with the person who stole it! The results are turned into a video which you can watch on youtube.
    Found via Schneier

A new bitcoin wallet needed

Bitcoin

I caught wind of ChangeTip closing down Reddit. Then later today received this email.

As you may have heard, ChangeTip will be discontinuing services soon 🙁

You are receiving this email because you have money in your wallet, and we want you to get it back before we close our doors.

BTC balance: *************
USD balance: $************

Please login to your account and withdraw your funds. If you like, you may also log in and donate remaining funds to charity when you close your account.

I heard they were changing things up but this news is a shame. So I’m looking for somewhere to move my bitcoins. Bitcoin wallet looks popular and well I don’t know how long ChangeTip will enable the feature to transfer bitcoins (thank goodness for Dataportability eh?)

I found the micropayment side interesting and its a shame its gone of course there are others which I’ll check out in the future.

Replacing Instapaper with Wallabag

WallabagI’ve been meaning to switch from Instapaper to Wallabag a long while ago but been so busy. Originally I was going to install it on my own server using Docker as a container then looked into Rkt after a talk with Jack from work. Lofty goals but I did install Rkt and installed the Docker app via Rkt. But thats as far as I got…

Then I tried using framabag.org server but couldn’t get it to connect to any of my clients because its version 1.x it seems. Then I saw a email about app.wallabag.it.

I joined, ported all my instapaper archives over and paid.

Now I have Wallabag on my Eink Android tablet, Nexus 5x, Nexus 7 and Chrome. The only problem I’ve had is getting the Firefox add-on to work with it. Theres some really nice features like the ability to add automatic tags on the fly, custom RSS feeds, 2 factor auth and a kind of Oauth for new clients.

Generally I’m pretty pleased. I would like to see IFTTT support (although RSS helps with this), Gnome shell support and federated server support. I haven’t quite killed my instapaper account but I’m pretty close now. Give it a few days and its goodbye!

Smithsonian nonsense, instapaper spam?

instapaper-spam-from-smithsonian

When instapaper got bought by Pinterest, I always wondered what would change. The first thing was the end of preminum subscriptions. I got my email telling me I had a refund and the paypal subscription was now terminated. But I also noticed I seemed to be getting a lot of spam or ads in my instapaper.

Some may say, well you accidently clicked something or you got some external thing making this happen. Very unlikely, especially since each one links to a different page.

As you can see above I’m getting a lot of Smithsonian links. Of course I never added it myself, never even heard of the site and if you search you will find 408 results in my instapaper! Interestingly my public profile doesn’t show of them and to be fair its not got a lot the stuff I’ve shared with instapaper. But I did actually go through deleting a load of them on my instapaper app and they are back!

This is why I don’t have a good feeling about what Instapaper has done. I got a good mind to read the End User licence agreement to see what the difference is between the previous preminum one and freenium one (which is the only option now).

I know correlation does not imply causation but this is so weird, I can’t seem to find anyone else with the same problem but I’m seeing lots of questions about instapaper spam.

Its not about change Tony, its about forcing the users into a corner against their original intention. This is why I have to leave instapaper and now I invested in a Android epaper tablet, there really is no need for instapaper anymore.

Goodbye instapaper it was good but now its not.

Pokemon Go: Return of the ARG?

Looking out my window watching small groups of people playing Pokemon Go and listening to yet another podcast talking about it. I started thinking does the mainstream success of Pokemon Go, indicate it would be time for alternative reality gaming (ARG) to make a come back?

I mean there’s been a whole ton of successful ARGs in the past and the dynamics got watered/broken down into transmedia (which isn’t meant in disrespect, but a must read from Dan Hon); but they are quite different beasts (pun intended). Looking back at previous ARGs they didn’t take advantage of mobile. Mobile data was expensive and was quite unreliable back in the early days. This is before you even look at many of the other things mobile can give you.

Of course there’s a lot of debate if Pokemon Go is augmented realty or location based gaming. The later would put it in the same ball park of Google’s Ingress and many others. But does it matter? There will always be privacy concerns (here’s a fix for those early adopters) and those who seek to take advantage for their own gain; but it’s certainly getting people out and about, for now at least.

If I was to design a ARG say for example We Dream The City (swear I wrote about it somewhere, but maybe I haven’t yet? findery.com is close);  I would be using the phone and building in functionality which brings groups together into little adhoc clouds like Firechat. Pokemon go shows there is appetite for these types of games and the technology can scale to this extent. Now’s a good time to build these systems and hopefully think about what useful things we could do for local community and society, not just collecting virtual goods?

My photo used in Seattle and Ride Sharing article

Uber Lux in Amsterdam

Ben Metcalfe sent me a link to my photo which was used in a article about ride sharing in Seattle. from when I used Uber in Amsterdam,. Of course theres no problem with it because I mark most of my photos creative commons attribution, non-commercial sharealike.

Match, OkCupid, Tinder and now POF?

Swallow your fish

Big news on the online dating scene… The picture above sums it up

The Match Group, the global operator of digital dating products such as Match, Tinder, OkCupid and Meetic), and a subsidiary of IAC, announced today that it has entered into a definitive agreement to purchase PlentyOfFish for US$575 million in cash.

Yes if you didn’t already know IAC own Match, Okcupid, Tinder and now Plenty of Fish.

Plenty of fish has had its ups and downs… but $575 million isn’t bad for a dating service which was independently run and managed. Remember Instagram was sold to Facebook for just under double that at $1billion, which goes to show.  The community aspects certainly made it stand out from the rest and this was emulated by some of the others. While the freenium approach back then was quite unique.

Cheers Chris for the heads up

What happens when your dog is no longer serviceable?

Aibo meets Nabaztag: first meeting

The Aibo went the way of the Nabaztag

When Rob told me about Sony shutting down the last one of its service centre for Aibo robotic dogs, I instantly thought about the consequences of a locked down iot device. This is going to be bad

Back in 1999, Sony released a robotic dog called Aibo, a canine companion that didn’t crap everywhere and only ate electricity. It sold pretty well — 150,000 units, despite the $2,000 price tag. Some owners became remarkably attached, which makes it even more sad that Sony has stopped repairing Aibo. Slowly but surely, they’re all dying.

It was bad in my mind but then I watched the NYtimes video and remembered how the Japanese think of most things having a soul/spirit of some kind.

The New York Times has recorded the plight of current-day Aibo owners in a completely heartbreaking video. They interviewed a series of owners, whose Aibos are a central part of their lives, but are slowly having to come to the fact that their dogs have a life expectancy.

What you are left with is something which is kind of heart breaking to watch. Seriously, especially having experience the culture first hand, I can just imagine. I liked my Aibo but nothing like the Japanese love theirs.

Still remember the first time I saw a Aibo in real life. It was at the ICA in London and some guy kicked it off the stage to the outrage of half the audience. Just to make a point about humans attaching human emotion to artificial objects or robots. Fascinating in the face of UK remake of Humans on Channel4.

Social Media’s Common ground

Commonground

Social media cafe Manchester was a diamond in Manchester’s tech scene for a long while. It was inspired  on Loyd Daves’ Tuttle club which was in turn inspired by my own Geekdinners. Who says you can inspire, eh?

Started in 2008 Social Media Cafe became an institution. Meeting regularly on the first Tuesday of the month, it ran for over 5 years bringing an eclectic and sometimes bizarre selection of topics to discuss. From emoji madness and a requiem for Ceefax to more grounded subjects. Through #smc_mcr, Manchester kicked off its open data journey and became a stopping off place for people passing through, who had projects and passions to share. Most importantly #smc_mcr was a place where anyone with a passion could pitch up and propose a topic that they wanted to share with others – either to inform or to find help. Because of this #smc_mcr developed an unConference format that allowed multiple subjects to be discussed at the same time.

Fast forward to November last year in the snug of the Briton’s Protection a group of ex-#smc_mcr types came together to discuss how this venerable event could be reinstated. So Common Ground was born, an event with the same #smc_mcr goodness with a more pronouncable name.

Common Ground Launch Event – On the Cluetrain

To kick off Common Ground we look at The Cluetrain and the enigmatic release of new clues after 15 years.

The Cluetrain manifesto was written in an age before social media, when user generated content was but a tiny fraction activity banded around by a tiny number of people. The Cluetrain manifesto went beyond the current day thinking of the dot com boom – 1999 and the catastrophic bust – 2001. It rewrote the rules for a hyperconnected world and it could be argued, is as relevant today as it was then.

The new clues attempt to do the same, taking our thinking into the next 10 years. The event will discuss the new clues and asks if they will have the same impact as the original clues have now. Did Doc Searls and David Weinburger, undermine or add another chapter to the brilliance of the Cluetrain?

Join us

Why the need for another event in Manchester? Its similar to the problem of why Manchester Technights started. The current selection of events are too narrow. Don’t get me wrong its great if you are really into that thing but if you want to get a variety of ideas and thoughts, then you are stuck. I bang on about diversity and how critical it is, this also starts to answer the problem of the filter bubble. You should join us and invite friends…

Event link

Welcome to the MMU Shed

The first event is Tuesday 17th February at its new home, the shed.  The Shed is a new space by MMU (Manchester Metropolitan University)  just opposite where the old BBC just off  Oxford Road on Chester Street.

Its a great space with a lot of potential for all types events and can hold between 2 and 200 people depending on the event and space you require. This does mean there are lots of spaces, so you could go back to the original unconference style of social media cafe. Theres also plenty of room, so noise won’t be a massive issue.

To be fair its a great space and just right for a barcamp, but I’m not doing those anymore (of course).

So whats the first commonground?

The first one on the 17th Feb, will centre around the Cluetrain manifesto. Julian one of the key organisers asked me for a quick summary and I sent this via my phone.

On the Cluetrain

The cluetrain manifesto was written in a age before social media, when user generated content was but a tiny fraction banded around by a tiny number of people. The cluetrain manifesto went beyond the current day thinking of the dot com boom – 1999 and the catastrophic bust – 2001. It rewrote the rules for a hyperconnected world and I would argue is as relevant as it was then as it is today.
The new clues attempts to do the same and in some case does a great job taking our thinking into the next 10 years. The event will discuss the newclues and asks if they will have the same impact as the original clues have now. Did Doc Searls and David Weinburger, undermine or add another chapter to the brilliance of the cluetrain?

Ello and welcome to no pesky ads

inspired by ello, the network

Been keeping my eye on the move to create ethical social networks which don’t take the living piss with our data. Things like Tent.io, Known and now Ello are gathering some momentum…

We originally built Ello as a private social network. Over time, so many people wanted to join Ello that we built a public version of Ello for everyone to use.

Ello recently got quite serious about its non-ad and no selling of personal data.

Ad-free

Ello doesn’t sell ads. Nor do we sell data about you to third parties.

Virtually every other social network is run by advertisers. Behind the scenes they employ armies of ad salesmen and data miners to record every move you make. Data about you is then auctioned off to advertisers and data brokers. You’re the product that’s being bought and sold.

Collecting and selling your personal data, reading your posts to your friends, and mapping your social connections for profit is both creepy and unethical. Under the guise of offering a “free” service, users pay a high price in intrusive advertising and lack of privacy.

We also think ads are tacky, that they insult our intelligence and that we’re better without them.

To be fair its way off being something massive, but thats what makes it interesting I feel. I’m now on the network, so if you are interested in a invite and we are friends, drop me a email or tweet…

Back to instant messaging

instant messaging sites

I bet the figure above has changed in recent times, as everybody turned back to messaging it would seem. Maybe realising that using social networks as a way to do instant messages is a bad idea (not judging, as I have been lured into a one 2 one conversation quite a few times over twitter).

I use to be a jabber/xmpp fan and when GTalk adopted xmpp, I was pretty happy. However over time the xmpp standard was built upon and in the end removed. I was one of those people who ran a client (pidgin) which supported multiple im protocols.

I considered installing pidgin again but I thought I’d give the alternatives a try. However Josh tweeted something which I wanted to consider when choosing a client and protocol.

Looking at the list I decided to try Silent Text/Phone from Silent Circle and Telegram. Telegram has clients across operating systems and devices, while silent text/phone is mainly mobile. Telegram also has the option of working within Pidgin if I decide to switch back.

For me its not that I actively want to hide secret messages, I just want the option to flex my privacy. Instant messenger for me is more private than social broadcasting platforms like Twitter and Facebook. Do I trust facebook messenger? Do I heck! I actively don’t have it on my phone along with the Facebook app.

I know theres rumors twitter are due to spin out their direct messaging part but looking at the rest of the crowd, are we really expecting twitter to adopt a secure and private system? Their track record hasn’t be bad. Actually there are twitter direct messaging clients which is cool but how many times has twitter changed the rules of the system, how long till direct messages are treated differently?

Do you want to join Scoblebook?

Robert scoble at London's Geek DinnerIts worth watching or at least listening to this week in tech. Robert scoble tries to explain the twisted logic of the Facebook algorithm live. For 40+ mins!

Scoble says… “Facebook is running away with the game!

Really? As Clayton Morris says, the amount of curation Robert needs to do is shocking… Out of the 1 billion people who use facebook, the percentage who use lists is so close to zero even Mark Zuckerberg admitted it was kind of broken (thanks Nicole).

Nice try Robert but I certainly won’t be following suit… I’m actually trying to get off it or at least using it as a dumping ground again.

Do you really think Facebook will be around in 15 years?

me on facebook

I still have this strange relationship with Facebook. I don’t really like it but I end up using it because lots of friends are on it and for them its a core part of the Internet (rightly or wrongly). My volleyball teams also use Facebook to book sessions (yes so popular is volleyball in Manchester) and I do get comments from many more friends when I post things into  Facebook.

In the past I used Facebook as massive dumping ground and didn’t really care to login. My view that Facebook is the modern equivalent of the walled gardens of AOL. Although I still stand by this, I have also noticed my usage increasing too.

So when I read the piece titled I Left Facebook, And You Can Too. I reflected on my own increase usage.

Imagine, for a moment, that you must quit using Facebook forever, starting right now. No more posting to Facebook or checking Facebook for the rest of your life. But don’t worry, you can still e-mail all those friends. Does that make you feel panicky? If you’re panicky, it’s a clue. Maybe you’ve been on Facebook for most of your life, so this kind-of-addicted feeling seems normal to you. It’s not normal. I was talking with a woman in her 50s this weekend, who said to me, “I wish I could quit Facebook but it’s so addictive: ‘Oh, this person said this, that person said that, and oh, this person is taking boating lessons, let’s look at all the pictures of the boat,’ and then before I know it two hours have passed and I don’t even KNOW the person taking boating lessons!” This is what it feels like when your connections with a platform are being strengthened, as opposed to the connections with the people you love: you can spend two hours on Facebook looking at the boating lessons of people you don’t even know. This is very convenient for Facebook.

I barely look at the timeline/newsfeed as I’m generally just looking at the notifications. I can feel the lure of the notifications in facebook, this is why I removed Facebook from my mobile phone and only had it on my tablet (plus it was a massive battery hog). Then very recently I removed Facebook messenger from my phone too.

One of the things I have been thinking about recently is, Facebook as a dating site? The evidence is lots of people meet through facebook and lets be honest, its not any worst than the dating sites? The same sites which say they don’t really know what they are doing

Anyway the question I pose, is if Facebook will be around in 15years? Their move to split up the mobile app is frustrating but I can imagine a Facebook dating app in the next few years. Along with their photos app (I said it first!).
The next 15 years, I expect it will still be around but I’m expecting the innovators dilemma to come into effect at some point. And even splitting up the experiences into more niches won’t save them.

Uber drives its way on the UK scene

2014-01-26 | 23-52-16

Uber has soft launched (I guess, is the best term for it) in Manchester and the impact is interesting to watch. Uber is basically a ride sharing network (legally I don’t believe they can call it a taxi service Thanks Chris for pointing out UberX is a legal and licensed Taxi service).

Its quite simple, you sign up and install the app and you can see all the uber rides around you. To order one, you simply request that one pick you up from your exact location. Then say where you want to go. That simple. Unlike most taxis, you can see exactly when and when your ride is coming and heck you can even start walking somewhere and the driver will see your exact location change (great for when trying to get out of the rain for example). No phoning an operator, trying to get through and trying to explain where you are.

There have been apps for taxis but most of them suck and although Uber isn’t perfect, its better than 99% of whats out there.

The fact your payment is done through a connected credit card rather than cash or even debit card is a massive advantage. Frankly these guys have something which is pretty useful. I can’t tell you the amount of times, I have had the taxi driver pull over at a cash machine because I don’t have the cash or they don’t cards. Heck once I stopped at my destination and then had to get back on the road to find a cash machine because their card machine wasn’t working! (seriously!)

But its not all good news, I’ve been tracking Uber’s problems in America and theres even recent problems in Europe.

However, Uber is the perfect example of how the internet when embraced is disrupting traditional business forever…

From the Cluetrain manfesto… rule #89

We have real power and we know it. If you don’t quite see the light, some other outfit will come along that’s more attentive, more interesting, more fun to play with.

I do feel for the taxis company’s but they had their chances and may have blown it? Just like the music business and many others, they really need to up their game or feel the heat from Uber, as their drivers leave for the Uber deal…