Category: socialware-online

Zoosk data breach? Or something else?

Sell the data?

I recently got a message from you’ve been pwned, suggesting that its likely some of my personal data has been leaked via dating site Zoosk.

In approximately 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of almost 53 million records, the data contained email addresses and plain text passwords. However, during extensive verification in May 2016 no evidence could be found that the data was indeed sourced from the dating service. This breach has consequently been flagged as fabricated; it’s highly unlikely the data was sourced from Zoosk.

I had a idea what fabricated meant, but I had a little read…

What is a “fabricated” breach?

Some breaches may be flagged as “fabricated”. In these cases, it is highly unlikely that the breach contains legitimate data sourced from the alleged site but it may still be sold or traded under the auspices of legitimacy. Often these incidents are comprised of data aggregated from other locations (or may be entirely fabricated), yet still contain actual email addresses of unbeknownst to the account holder. Fabricated breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web. Further background on unverified breaches can be found in the blog post titled Introducing “fabricated” breaches to Have I been pwned.

Sold or traded!

People laughed ages ago about the idea of selling user data but lets say dating site z had lost a lot of the market due to new players in the space. They needed to stay a float, prove to their investors they are still profitable? User data would be a useful resource for revenue… Of course this is illegal but you would cover your tracks… right! Make it look like “hackers!”

The example Tony Hunt uses is Justdate.com as a example

There’s a whole other discussion to be had about what causes a bundle of data to be fabricated and called a breach in the first place. Attempts to monetise the data by selling the alleged breach, extortion of the company involved or just simple big-noting by individuals seeking notoriety are all feasible explanations for many of the fabricated breaches I see. For now, the important thing is that if your data is circulating in one of these dumps, there’s now a way to know about it.

To be clear I’m not saying Zoosk is doing this, but someone is certainly pointing the finger.

Dark data experiments?

Untitled - man in the dark
I have a lot of curiosity and one of the things which has consistently got me curious, is the challenges of the hidden. Hidden being the trick, the data, the technique, the place or the knowledge. This is why I’m very interested in Hacker House (it was almost added to my new years resolutions for 2017 even).

Currently data is the hidden which intrugued me the moment, hence my massive interest in data ethics. There’s been 3 experiments which have really got me jumping up and down about this all… thought I’d share while I eat cheese and drink wine on Christmas day

  • Click Click Click
    A perfect and fun demonstration of mouse tracking on websites using just JavaScript. This is the data the likes of Facebook, Google, Amazon, etc use to track users dwell time and implicit actions on the website. Found via some folks on our BBC R&D internal slack.
  • I know what you downloaded (…last summer or even last Christmas)
    This site collects IPs from public torrent swarms by parsing torrent sites and listening to the DHT network. They have more than 500.000 torrents which where classified and have data on peers sharing habits. The slightly twisted feature is the ability to share a link and see what people have been sharing. I promise not to do this but highlights the problem with shortern urls and long query strings you can’t be bother to read or don’t understand how they work (knowledge). Found via Torrentfreak
  • Find my phone
    Man’s smartphone is stolen in Amsterdam, so the same man decides to root another phone and deliberately track the phone. Along with the person who stole it! The results are turned into a video which you can watch on youtube.
    Found via Schneier

A new bitcoin wallet needed

Bitcoin

I caught wind of ChangeTip closing down Reddit. Then later today received this email.

As you may have heard, ChangeTip will be discontinuing services soon 🙁

You are receiving this email because you have money in your wallet, and we want you to get it back before we close our doors.

BTC balance: *************
USD balance: $************

Please login to your account and withdraw your funds. If you like, you may also log in and donate remaining funds to charity when you close your account.

I heard they were changing things up but this news is a shame. So I’m looking for somewhere to move my bitcoins. Bitcoin wallet looks popular and well I don’t know how long ChangeTip will enable the feature to transfer bitcoins (thank goodness for Dataportability eh?)

I found the micropayment side interesting and its a shame its gone of course there are others which I’ll check out in the future.

Replacing Instapaper with Wallabag

WallabagI’ve been meaning to switch from Instapaper to Wallabag a long while ago but been so busy. Originally I was going to install it on my own server using Docker as a container then looked into Rkt after a talk with Jack from work. Lofty goals but I did install Rkt and installed the Docker app via Rkt. But thats as far as I got…

Then I tried using framabag.org server but couldn’t get it to connect to any of my clients because its version 1.x it seems. Then I saw a email about app.wallabag.it.

I joined, ported all my instapaper archives over and paid.

Now I have Wallabag on my Eink Android tablet, Nexus 5x, Nexus 7 and Chrome. The only problem I’ve had is getting the Firefox add-on to work with it. Theres some really nice features like the ability to add automatic tags on the fly, custom RSS feeds, 2 factor auth and a kind of Oauth for new clients.

Generally I’m pretty pleased. I would like to see IFTTT support (although RSS helps with this), Gnome shell support and federated server support. I haven’t quite killed my instapaper account but I’m pretty close now. Give it a few days and its goodbye!

Smithsonian nonsense, instapaper spam?

instapaper-spam-from-smithsonian

When instapaper got bought by Pinterest, I always wondered what would change. The first thing was the end of preminum subscriptions. I got my email telling me I had a refund and the paypal subscription was now terminated. But I also noticed I seemed to be getting a lot of spam or ads in my instapaper.

Some may say, well you accidently clicked something or you got some external thing making this happen. Very unlikely, especially since each one links to a different page.

As you can see above I’m getting a lot of Smithsonian links. Of course I never added it myself, never even heard of the site and if you search you will find 408 results in my instapaper! Interestingly my public profile doesn’t show of them and to be fair its not got a lot the stuff I’ve shared with instapaper. But I did actually go through deleting a load of them on my instapaper app and they are back!

This is why I don’t have a good feeling about what Instapaper has done. I got a good mind to read the End User licence agreement to see what the difference is between the previous preminum one and freenium one (which is the only option now).

I know correlation does not imply causation but this is so weird, I can’t seem to find anyone else with the same problem but I’m seeing lots of questions about instapaper spam.

Its not about change Tony, its about forcing the users into a corner against their original intention. This is why I have to leave instapaper and now I invested in a Android epaper tablet, there really is no need for instapaper anymore.

Goodbye instapaper it was good but now its not.

My photo used in Seattle and Ride Sharing article

Uber Lux in Amsterdam

Ben Metcalfe sent me a link to my photo which was used in a article about ride sharing in Seattle. from when I used Uber in Amsterdam,. Of course theres no problem with it because I mark most of my photos creative commons attribution, non-commercial sharealike.

Match, OkCupid, Tinder and now POF?

Swallow your fish

Big news on the online dating scene… The picture above sums it up

The Match Group, the global operator of digital dating products such as Match, Tinder, OkCupid and Meetic), and a subsidiary of IAC, announced today that it has entered into a definitive agreement to purchase PlentyOfFish for US$575 million in cash.

Yes if you didn’t already know IAC own Match, Okcupid, Tinder and now Plenty of Fish.

Plenty of fish has had its ups and downs… but $575 million isn’t bad for a dating service which was independently run and managed. Remember Instagram was sold to Facebook for just under double that at $1billion, which goes to show.  The community aspects certainly made it stand out from the rest and this was emulated by some of the others. While the freenium approach back then was quite unique.

Cheers Chris for the heads up

Ello and welcome to no pesky ads

inspired by ello, the network

Been keeping my eye on the move to create ethical social networks which don’t take the living piss with our data. Things like Tent.io, Known and now Ello are gathering some momentum…

We originally built Ello as a private social network. Over time, so many people wanted to join Ello that we built a public version of Ello for everyone to use.

Ello recently got quite serious about its non-ad and no selling of personal data.

Ad-free

Ello doesn’t sell ads. Nor do we sell data about you to third parties.

Virtually every other social network is run by advertisers. Behind the scenes they employ armies of ad salesmen and data miners to record every move you make. Data about you is then auctioned off to advertisers and data brokers. You’re the product that’s being bought and sold.

Collecting and selling your personal data, reading your posts to your friends, and mapping your social connections for profit is both creepy and unethical. Under the guise of offering a “free” service, users pay a high price in intrusive advertising and lack of privacy.

We also think ads are tacky, that they insult our intelligence and that we’re better without them.

To be fair its way off being something massive, but thats what makes it interesting I feel. I’m now on the network, so if you are interested in a invite and we are friends, drop me a email or tweet…

Back to instant messaging

instant messaging sites

I bet the figure above has changed in recent times, as everybody turned back to messaging it would seem. Maybe realising that using social networks as a way to do instant messages is a bad idea (not judging, as I have been lured into a one 2 one conversation quite a few times over twitter).

I use to be a jabber/xmpp fan and when GTalk adopted xmpp, I was pretty happy. However over time the xmpp standard was built upon and in the end removed. I was one of those people who ran a client (pidgin) which supported multiple im protocols.

I considered installing pidgin again but I thought I’d give the alternatives a try. However Josh tweeted something which I wanted to consider when choosing a client and protocol.

Looking at the list I decided to try Silent Text/Phone from Silent Circle and Telegram. Telegram has clients across operating systems and devices, while silent text/phone is mainly mobile. Telegram also has the option of working within Pidgin if I decide to switch back.

For me its not that I actively want to hide secret messages, I just want the option to flex my privacy. Instant messenger for me is more private than social broadcasting platforms like Twitter and Facebook. Do I trust facebook messenger? Do I heck! I actively don’t have it on my phone along with the Facebook app.

I know theres rumors twitter are due to spin out their direct messaging part but looking at the rest of the crowd, are we really expecting twitter to adopt a secure and private system? Their track record hasn’t be bad. Actually there are twitter direct messaging clients which is cool but how many times has twitter changed the rules of the system, how long till direct messages are treated differently?

Do you want to join Scoblebook?

Robert scoble at London's Geek DinnerIts worth watching or at least listening to this week in tech. Robert scoble tries to explain the twisted logic of the Facebook algorithm live. For 40+ mins!

Scoble says… “Facebook is running away with the game!

Really? As Clayton Morris says, the amount of curation Robert needs to do is shocking… Out of the 1 billion people who use facebook, the percentage who use lists is so close to zero even Mark Zuckerberg admitted it was kind of broken (thanks Nicole).

Nice try Robert but I certainly won’t be following suit… I’m actually trying to get off it or at least using it as a dumping ground again.