Zoosk data breach? Or something else?

Sell the data?

I recently got a message from you’ve been pwned, suggesting that its likely some of my personal data has been leaked via dating site Zoosk.

In approximately 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of almost 53 million records, the data contained email addresses and plain text passwords. However, during extensive verification in May 2016 no evidence could be found that the data was indeed sourced from the dating service. This breach has consequently been flagged as fabricated; it’s highly unlikely the data was sourced from Zoosk.

I had a idea what fabricated meant, but I had a little read…

What is a “fabricated” breach?

Some breaches may be flagged as “fabricated”. In these cases, it is highly unlikely that the breach contains legitimate data sourced from the alleged site but it may still be sold or traded under the auspices of legitimacy. Often these incidents are comprised of data aggregated from other locations (or may be entirely fabricated), yet still contain actual email addresses of unbeknownst to the account holder. Fabricated breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web. Further background on unverified breaches can be found in the blog post titled Introducing “fabricated” breaches to Have I been pwned.

Sold or traded!

People laughed ages ago about the idea of selling user data but lets say dating site z had lost a lot of the market due to new players in the space. They needed to stay a float, prove to their investors they are still profitable? User data would be a useful resource for revenue… Of course this is illegal but you would cover your tracks… right! Make it look like “hackers!”

The example Tony Hunt uses is Justdate.com as a example

There’s a whole other discussion to be had about what causes a bundle of data to be fabricated and called a breach in the first place. Attempts to monetise the data by selling the alleged breach, extortion of the company involved or just simple big-noting by individuals seeking notoriety are all feasible explanations for many of the fabricated breaches I see. For now, the important thing is that if your data is circulating in one of these dumps, there’s now a way to know about it.

To be clear I’m not saying Zoosk is doing this, but someone is certainly pointing the finger.

Dark data experiments?

Untitled - man in the dark
I have a lot of curiosity and one of the things which has consistently got me curious, is the challenges of the hidden. Hidden being the trick, the data, the technique, the place or the knowledge. This is why I’m very interested in Hacker House (it was almost added to my new years resolutions for 2017 even).

Currently data is the hidden which intrugued me the moment, hence my massive interest in data ethics. There’s been 3 experiments which have really got me jumping up and down about this all… thought I’d share while I eat cheese and drink wine on Christmas day

  • Click Click Click
    A perfect and fun demonstration of mouse tracking on websites using just JavaScript. This is the data the likes of Facebook, Google, Amazon, etc use to track users dwell time and implicit actions on the website. Found via some folks on our BBC R&D internal slack.
  • I know what you downloaded (…last summer or even last Christmas)
    This site collects IPs from public torrent swarms by parsing torrent sites and listening to the DHT network. They have more than 500.000 torrents which where classified and have data on peers sharing habits. The slightly twisted feature is the ability to share a link and see what people have been sharing. I promise not to do this but highlights the problem with shortern urls and long query strings you can’t be bother to read or don’t understand how they work (knowledge). Found via Torrentfreak
  • Find my phone
    Man’s smartphone is stolen in Amsterdam, so the same man decides to root another phone and deliberately track the phone. Along with the person who stole it! The results are turned into a video which you can watch on youtube.
    Found via Schneier

A new bitcoin wallet needed

Bitcoin

I caught wind of ChangeTip closing down Reddit. Then later today received this email.

As you may have heard, ChangeTip will be discontinuing services soon 🙁

You are receiving this email because you have money in your wallet, and we want you to get it back before we close our doors.

BTC balance: *************
USD balance: $************

Please login to your account and withdraw your funds. If you like, you may also log in and donate remaining funds to charity when you close your account.

I heard they were changing things up but this news is a shame. So I’m looking for somewhere to move my bitcoins. Bitcoin wallet looks popular and well I don’t know how long ChangeTip will enable the feature to transfer bitcoins (thank goodness for Dataportability eh?)

I found the micropayment side interesting and its a shame its gone of course there are others which I’ll check out in the future.

Replacing Instapaper with Wallabag

WallabagI’ve been meaning to switch from Instapaper to Wallabag a long while ago but been so busy. Originally I was going to install it on my own server using Docker as a container then looked into Rkt after a talk with Jack from work. Lofty goals but I did install Rkt and installed the Docker app via Rkt. But thats as far as I got…

Then I tried using framabag.org server but couldn’t get it to connect to any of my clients because its version 1.x it seems. Then I saw a email about app.wallabag.it.

I joined, ported all my instapaper archives over and paid.

Now I have Wallabag on my Eink Android tablet, Nexus 5x, Nexus 7 and Chrome. The only problem I’ve had is getting the Firefox add-on to work with it. Theres some really nice features like the ability to add automatic tags on the fly, custom RSS feeds, 2 factor auth and a kind of Oauth for new clients.

Generally I’m pretty pleased. I would like to see IFTTT support (although RSS helps with this), Gnome shell support and federated server support. I haven’t quite killed my instapaper account but I’m pretty close now. Give it a few days and its goodbye!

Smithsonian nonsense, instapaper spam?

instapaper-spam-from-smithsonian

When instapaper got bought by Pinterest, I always wondered what would change. The first thing was the end of preminum subscriptions. I got my email telling me I had a refund and the paypal subscription was now terminated. But I also noticed I seemed to be getting a lot of spam or ads in my instapaper.

Some may say, well you accidently clicked something or you got some external thing making this happen. Very unlikely, especially since each one links to a different page.

As you can see above I’m getting a lot of Smithsonian links. Of course I never added it myself, never even heard of the site and if you search you will find 408 results in my instapaper! Interestingly my public profile doesn’t show of them and to be fair its not got a lot the stuff I’ve shared with instapaper. But I did actually go through deleting a load of them on my instapaper app and they are back!

This is why I don’t have a good feeling about what Instapaper has done. I got a good mind to read the End User licence agreement to see what the difference is between the previous preminum one and freenium one (which is the only option now).

I know correlation does not imply causation but this is so weird, I can’t seem to find anyone else with the same problem but I’m seeing lots of questions about instapaper spam.

Its not about change Tony, its about forcing the users into a corner against their original intention. This is why I have to leave instapaper and now I invested in a Android epaper tablet, there really is no need for instapaper anymore.

Goodbye instapaper it was good but now its not.

My photo used in Seattle and Ride Sharing article

Uber Lux in Amsterdam

Ben Metcalfe sent me a link to my photo which was used in a article about ride sharing in Seattle. from when I used Uber in Amsterdam,. Of course theres no problem with it because I mark most of my photos creative commons attribution, non-commercial sharealike.

Match, OkCupid, Tinder and now POF?

Swallow your fish

Big news on the online dating scene… The picture above sums it up

The Match Group, the global operator of digital dating products such as Match, Tinder, OkCupid and Meetic), and a subsidiary of IAC, announced today that it has entered into a definitive agreement to purchase PlentyOfFish for US$575 million in cash.

Yes if you didn’t already know IAC own Match, Okcupid, Tinder and now Plenty of Fish.

Plenty of fish has had its ups and downs… but $575 million isn’t bad for a dating service which was independently run and managed. Remember Instagram was sold to Facebook for just under double that at $1billion, which goes to show.  The community aspects certainly made it stand out from the rest and this was emulated by some of the others. While the freenium approach back then was quite unique.

Cheers Chris for the heads up

Ello and welcome to no pesky ads

inspired by ello, the network

Been keeping my eye on the move to create ethical social networks which don’t take the living piss with our data. Things like Tent.io, Known and now Ello are gathering some momentum…

We originally built Ello as a private social network. Over time, so many people wanted to join Ello that we built a public version of Ello for everyone to use.

Ello recently got quite serious about its non-ad and no selling of personal data.

Ad-free

Ello doesn’t sell ads. Nor do we sell data about you to third parties.

Virtually every other social network is run by advertisers. Behind the scenes they employ armies of ad salesmen and data miners to record every move you make. Data about you is then auctioned off to advertisers and data brokers. You’re the product that’s being bought and sold.

Collecting and selling your personal data, reading your posts to your friends, and mapping your social connections for profit is both creepy and unethical. Under the guise of offering a “free” service, users pay a high price in intrusive advertising and lack of privacy.

We also think ads are tacky, that they insult our intelligence and that we’re better without them.

To be fair its way off being something massive, but thats what makes it interesting I feel. I’m now on the network, so if you are interested in a invite and we are friends, drop me a email or tweet…

Back to instant messaging

instant messaging sites

I bet the figure above has changed in recent times, as everybody turned back to messaging it would seem. Maybe realising that using social networks as a way to do instant messages is a bad idea (not judging, as I have been lured into a one 2 one conversation quite a few times over twitter).

I use to be a jabber/xmpp fan and when GTalk adopted xmpp, I was pretty happy. However over time the xmpp standard was built upon and in the end removed. I was one of those people who ran a client (pidgin) which supported multiple im protocols.

I considered installing pidgin again but I thought I’d give the alternatives a try. However Josh tweeted something which I wanted to consider when choosing a client and protocol.

Looking at the list I decided to try Silent Text/Phone from Silent Circle and Telegram. Telegram has clients across operating systems and devices, while silent text/phone is mainly mobile. Telegram also has the option of working within Pidgin if I decide to switch back.

For me its not that I actively want to hide secret messages, I just want the option to flex my privacy. Instant messenger for me is more private than social broadcasting platforms like Twitter and Facebook. Do I trust facebook messenger? Do I heck! I actively don’t have it on my phone along with the Facebook app.

I know theres rumors twitter are due to spin out their direct messaging part but looking at the rest of the crowd, are we really expecting twitter to adopt a secure and private system? Their track record hasn’t be bad. Actually there are twitter direct messaging clients which is cool but how many times has twitter changed the rules of the system, how long till direct messages are treated differently?

Do you want to join Scoblebook?

Robert scoble at London's Geek DinnerIts worth watching or at least listening to this week in tech. Robert scoble tries to explain the twisted logic of the Facebook algorithm live. For 40+ mins!

Scoble says… “Facebook is running away with the game!

Really? As Clayton Morris says, the amount of curation Robert needs to do is shocking… Out of the 1 billion people who use facebook, the percentage who use lists is so close to zero even Mark Zuckerberg admitted it was kind of broken (thanks Nicole).

Nice try Robert but I certainly won’t be following suit… I’m actually trying to get off it or at least using it as a dumping ground again.

Do you really think Facebook will be around in 15 years?

me on facebook

I still have this strange relationship with Facebook. I don’t really like it but I end up using it because lots of friends are on it and for them its a core part of the Internet (rightly or wrongly). My volleyball teams also use Facebook to book sessions (yes so popular is volleyball in Manchester) and I do get comments from many more friends when I post things into  Facebook.

In the past I used Facebook as massive dumping ground and didn’t really care to login. My view that Facebook is the modern equivalent of the walled gardens of AOL. Although I still stand by this, I have also noticed my usage increasing too.

So when I read the piece titled I Left Facebook, And You Can Too. I reflected on my own increase usage.

Imagine, for a moment, that you must quit using Facebook forever, starting right now. No more posting to Facebook or checking Facebook for the rest of your life. But don’t worry, you can still e-mail all those friends. Does that make you feel panicky? If you’re panicky, it’s a clue. Maybe you’ve been on Facebook for most of your life, so this kind-of-addicted feeling seems normal to you. It’s not normal. I was talking with a woman in her 50s this weekend, who said to me, “I wish I could quit Facebook but it’s so addictive: ‘Oh, this person said this, that person said that, and oh, this person is taking boating lessons, let’s look at all the pictures of the boat,’ and then before I know it two hours have passed and I don’t even KNOW the person taking boating lessons!” This is what it feels like when your connections with a platform are being strengthened, as opposed to the connections with the people you love: you can spend two hours on Facebook looking at the boating lessons of people you don’t even know. This is very convenient for Facebook.

I barely look at the timeline/newsfeed as I’m generally just looking at the notifications. I can feel the lure of the notifications in facebook, this is why I removed Facebook from my mobile phone and only had it on my tablet (plus it was a massive battery hog). Then very recently I removed Facebook messenger from my phone too.

One of the things I have been thinking about recently is, Facebook as a dating site? The evidence is lots of people meet through facebook and lets be honest, its not any worst than the dating sites? The same sites which say they don’t really know what they are doing

Anyway the question I pose, is if Facebook will be around in 15years? Their move to split up the mobile app is frustrating but I can imagine a Facebook dating app in the next few years. Along with their photos app (I said it first!).
The next 15 years, I expect it will still be around but I’m expecting the innovators dilemma to come into effect at some point. And even splitting up the experiences into more niches won’t save them.

People’s enthusiasm for federated decentralised $WHATEVER

Adewale shooting me

Love following Ade and hearing some of the things he comes out with

People’s enthusiasm for federated decentralised $WHATEVER seems inversely proportional to the practicality of their plan for achieving it

And tell the truth he’s right… but one day someone will crack it and find a new business model which makes it all worth it.

On a related noted, suddenly everyones thinking about federated decentralised services with the discovery of what WebRTC is capable of doing.

One such use is decentralised chat rooms, which for some reason hit some of the smaller press.

The ICT division of NTT Group announced a free trial of the app, WebRTC Chat on Skyway, on Monday. WebRTC, or real-time communications, is a free, open-source project that turns supported web browsers into telephony engines so that devices can connect via IM, video, or voice chat.

Being open source, hopefully some of the enthusiasm will rub off on smart developers, and we’ll finally see non-vapourware?

Things which google have done which bug me in the last year

how google perpetuates itself

Most people would say I’m a fan of google services but I just find them the best of a bunch. Don’t necessary buy their old do no evil stance but they do a good job on most things. One of my favourates is of course Google Now. However there some thing which have bugged me over the last year, heres my list…

  • Offline maps
    I don’t quite understand why they got rid of offline maps but its frustrating, as it use to save me tons of money in roaming charges. If I go on holiday somewhere, I could make a offline version of that city and happily know I have most places to hand. The best thing is it still worked with GPS, so I could be in a taxi or on a bus and track where I was going to the exact moment. Now Google have removed the feature and I’m aware of the “OK Google” trick but its not the same.
  • Hangouts vs Gtalk vs Google Voice
    I know Google have changed Gtalk to fit into Hangouts. Great but whenever I say lets hangout, people assume you mean video and audio, which is a hangout on air? Where does Google Voice fit into this frame? I have no idea… Don’t get me wrong, I love hangouts but the application does kill batteries and I quite liked Gtalk, as I could use it with Pidgin.
  • Google Voice for the UK
    The one thing skype has over hangouts is the ability to call and text phones. Google Voice does this but its not come to the UK still, even after years. I also don’t understand why it works on my android tablet (I have £10 worth of credit) but it won’t work on my android phone?
  • The built in browser in Android
    On Android there is the built in browser but you can install multiple alternative browsers. So I have Browser, Chrome, Firefox and Opera on most of my android devices. You can make any of them the default but I don’t really understand why Chrome isn’t the default?
  • Circles vs Categories for contacts
    Google Plus has been on the market for some time now and I like the circles, but what I don’t get is the categories which run parallel to the circle methodology. Ideally would be able to convert your gmail contact categories into circles. But Google have done nothing. Worst still Circles acts like taxomomies rather then folksonomies meaning there a duplicate scheme to sort contacts. If one was tag/folksomy based then it would be understandable.
  • Google Task API
    I know there is a Task API but it seems so flaky or at least all the apps which connect to it like any.do
  • Inconsistency of staring something in Drive vs making it offline
    In the past, anything you stared in Drive/Doc would automatically be downloaded on Android devices. Some time recently that stopped being the case and you now have to manually select download on every device you want it on. This also can not be done remotely (from what I’ve seen). So I might have made it offline on my phone but not my tablet. The star system was better
  • Offline access generally
    Offline access generally isn’t ideal, its almost like someone at google hasn’t really experienced offline for long. Take for example Google Calendar. Offline mode, generally works without internet access, so you can go forward and backwards over a few months. But if you want to add or edit a something, forget it.
  • Google reader
    Of course no list about issues with Google wouldn’t be complete without a dig about Google Reader!

Goodbye MyOpenID?

OpenID Logo

I received this email recently…

I wanted to reach out personally to let you know that we have made the decision to end of life the myOpenID service. myOpenID will be turned off on February 1, 2014.

In 2006 Janrain created myOpenID to fulfill our vision to make registration and login easier on the web for people. Since that time, social networks and email providers such as Facebook, Google, Twitter, LinkedIn and Yahoo! have embraced open identity standards. And now, billions of people who have created accounts with these services can use their identities to easily register and login to sites across the web in the way myOpenID was intended.

By 2009 it had become obvious that the vast majority of consumers would prefer to utilize an existing identity from a recognized provider rather than create their own myOpenID account. As a result, our business focus changed to address this desire, and we introduced social login technology. While the technology is slightly different from where we were in 2006, I’m confident that we are still delivering on our initial promise – that people should take control of their online identity and are empowered to carry those identities with them as they navigate the web.

For those of you who still actively use myOpenID, I can understand your disappointment to hear this news and apologize if this causes you any inconvenience. To reduce this inconvenience, we are delaying the end of life of the service until February 1, 2014 to give you time to begin using other identities on those sites where you use myOpenID today.

Speaking on behalf of Janrain, I truly appreciate your past support of myOpenID.

Sincerely,
Larry

No more myOpenID, I guess it was on the cards and to be fair its surprising its stayed open this long? Shame openid has been pretty much co-opted by the massive internet corps. The same ones which seem to do little to protect our data.