Aleksandra Korolova has turned off Facebook’s access to her location in every way that she can. She has turned off location history in the Facebook app and told her iPhone that she “Never” wants the app to get her location. She doesn’t “check-in” to places and doesn’t list her current city on her profile.
Despite all this, she constantly sees location-based ads on Facebook. She sees ads targeted at “people who live near Santa Monica” (where she lives) and at “people who live or were recently near Los Angeles” (where she works as an assistant professor at the University of Southern California). When she traveled to Glacier National Park, she saw an ad for activities in Montana, and when she went on a work trip to Cambridge, Massachusetts, she saw an ad for a ceramics school there.
Facebook was continuing to track Korolova’s location for ads despite her signaling in all the ways that she could that she didn’t want Facebook doing that.
This was especially perturbing for Korolova, as she recounts on Medium, because she has studied the privacy harms that come from Facebook advertising, including how it could be previously used to gather data about an individual’s likes, estimated income and interests (for which she and her co-author Irfan Faizullabhoy got a $2,000 bug bounty from Facebook), and how it can currently be used to target ads at a single house or building, if, say, an anti-choice group wanted to target women at a Planned Parenthood with an ad for baby clothes.
Korolova thought Facebook must be getting her location information from the IP addresses she used to log in from, which Facebook says it collects for security purposes. (It wouldn’t be the first time Facebook used information gathered for security purposes for advertising ones; advertisers can target Facebook users with the phone number they provided for two-factor protection of their account.) As the New York Times recently reported, lots of apps are tracking users’ movements with surprising granularity. The Times suggested turning off location services in your phone’s privacy settings to stop the tracking, but even then the apps can still get location information, by looking at the wifi network you use or your IP address.
When asked about this, Facebook said that’s exactly what it’s doing and that it considers this a completely normal thing to do and that users should know this will happen if they closely read various Facebook websites.
“Facebook does not use WiFi data to determine your location for ads if you have Location Services turned off,” said a Facebook spokesperson by email. “We do use IP and other information such as check-ins and current city from your profile. We explain this to people, including in our Privacy Basics site and on the About Facebook Ads site.”
Strangely, back in 2014, Facebook told businesses in a blog post that “people have control over the recent location information they share with Facebook and will only see ads based on their recent location if location services are enabled on their phone.” Apparently, that policy has changed. (Facebook said it would update this old post.)
Hey, maybe this is to be expected. You need an IP address to use the internet and, by the nature of how the internet works, you reveal it to an app or a website when you use them (though you can hide your IP address by using one provided by the Tor browser or a VPN). There are various companies that specialize in mapping the locations of IP addresses, and while it can sometimes be wildly inaccurate, an IP address will give you a rough approximation of your whereabouts, such as the state, city or zip code you are currently in. Many websites use IP address-derived location to personalize their offerings, and many advertisers use it to show targeted online ads. It means showing you ads for restaurants in San Francisco if you live there instead of ads for restaurants in New York. In that context, Facebook using this information to do the same thing is not terribly unusual.
“There is no way for people to opt out of using location for ads entirely,” said a Facebook spokesperson by email. “We use city and zip level location which we collect from IP addresses and other information such as check-ins and current city from your profile to ensure we are providing people with a good service—from ensuring they see Facebook in the right language, to making sure that they are shown nearby events and ads for businesses that are local to them.”
A server containing personal information, including social security numbers, of current and former NASA workers may have been hacked, and its data stolen, it emerged today.
According to an internal memo circulated among staff on Tuesday, in mid-October the US space agency investigated whether or not two of its machines holding employee records had been compromised, and discovered one of them may have been infiltrated by miscreants.
It was further feared that this sensitive personal data had been siphoned from the hijacked server. The agency’s top brass stressed no space missions were affected, and identity theft protection will be offered to all affected workers, past and present. The boffinry nerve-center’s IT staff have since secured the servers, and are combing through other systems to ensure they are fully defended, we’re told.
Anyone who joined, left, or transferred within the agency from July 2006 to October 2018 may have had their personal records swiped, according to NASA bosses. Right now, the agency employs roughly 17,300 people.
Facebook gave more than 150 companies, including Microsoft, Netflix, Spotify, Amazon, and Yahoo, unprecedented access to users’ personal data, according to a New York Times report published Tuesday.
The Times obtained hundreds of pages of Facebook documents, generated in 2017, that show that the social network considered these companies business partners and effectively exempted them from its privacy rules.
Facebook allowed Microsoft’s search engine Bing to see the names of nearly all users’ friends without their consent, and allowed Spotify, Netflix, and the Royal Bank of Canada to read, write, and delete users’ private messages, and see participants on a thread.
It also allowed Amazon to get users’ names and contact information through their friends, let Apple access users’ Facebook contacts and calendars even if users had disabled data sharing, and let Yahoo view streams of friends’ posts “as recently as this summer,” despite publicly claiming it had stopped sharing such information a year ago, the report said. Collectively, applications made by these technology companies sought the data of hundreds of millions of people a month.
On Tuesday night, a Facebook spokesperson explained to BuzzFeed News that the social media giant solidified different types of partnerships with major tech and media companies for specific reasons. Apple, Amazon, Yahoo, and Microsoft, for example, were known as “integration partners,” and Facebook helped them build versions of the app “for their own devices and operating systems,” the spokesperson said.
Facebook solidified its first partnerships around 2009–2010, when the company was still a fledgling social network. Many of them were still active in 2017, the spokesperson said. The Times reported that some of them were still in effect this year.
Around 2010, Facebook linked up with Spotify, the Bank of Canada, and Netflix. Once a user logged in and connected their Facebook profile with these accounts, these companies had access to that person’s private messages. The spokesperson confirmed that there are probably other companies that also had this capability, but stressed that these partners were removed in 2015 and, “right now there is no evidence of any misuse of data.”
Other companies, such as Bing and Pandora, were able to see users’ public information, like their friend lists and what types of songs and movies they liked.
The finger here is being justly pointed at Facebook – but what they are missing is the other companies also knew they were acting unethically by asking for and using this information. It also shows that privacy is something that none of these companies respect and the only way of safeguarding it is by having legal frameworks that respect it.
Back in 2015, a woman named Imy Santiago wrote an Amazon review of a novel that she had read and liked. Amazon immediately took the review down and told Santiago she had “violated its policies.” Santiago re-read her review, didn’t see anything objectionable about it, so she tried to post it again. “You’re not eligible to review this product,” an Amazon prompt informed her.
When she wrote to Amazon about it, the company told her that her “account activity indicates you know the author personally.” Santiago did not know the author, so she wrote an angry email to Amazon and blogged about Amazon’s “big brother” surveillance.
I reached out to both Santiago and Amazon at the time to try to figure out what the hell happened here. Santiago, who is an indie book writer herself, told me that she’d been in the same ballroom with the author in New York a few months before at a book signing event, but had not talked to her, and that she had followed the author on Twitter and Facebook after reading her books. Santiago had never connected her Facebook account to Amazon, she said.
Amazon wouldn’t tell me much back in 2015. Spokesperson Julie Law told me by email at the time that the company “didn’t comment on individual accounts” but said, “when we detect that elements of a reviewer’s Amazon account match elements of an author’s Amazon account, we conclude that there is too much risk of review bias. This can erode customer trust, and thus we remove the review. I can assure you that we investigate each case.”
“We have built mechanisms, both manual and automated over the years that detect, remove or prevent reviews which violate guidelines,” Law added.
A new report in the New York Times about Facebook’s surprising level of data-sharing with other technology companies may shed light on those mechanisms:
Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
If Amazon was sucking up data from Facebook about who knew whom, it may explain why Santiago’s review was blocked. Because Santiago had followed the author on Facebook, Amazon or its algorithms would see her name and contact information as being connected to the author there, according to the Times. Facebook reportedly didn’t let users know this data-sharing was happening nor get their consent, so Santiago, as well as the author presumably, wouldn’t have known this had happened.
Amazon declined to tell the New York Times about its data-sharing deal with Facebook but “said it used the information appropriately.” I asked Amazon how it was using the data obtained from Facebook, and whether it used it to make connections like the one described by Santiago. The answer was underwhelming.
“Amazon uses APIs provided by Facebook in order to enable Facebook experiences for our products,” said an Amazon spokesperson in a statement that didn’t quite answer the question. “For example, giving customers the option to sync Facebook contacts on an Amazon Tablet. We use information only in accordance with our privacy policy.”
Amazon declined our request to comment further.
Why was Facebook giving out this data about its users to other tech giants? The Times report is frustratingly vague, but it says Facebook “got more users” by partnering with the companies (though it’s unclear how), but also that it got data in return, specifically data that helped power its People You May Know recommendations. Via the Times:
The Times reviewed more than 270 pages of reports generated by the system — records that reflect just a portion of Facebook’s wide-ranging deals. Among the revelations was that Facebook obtained data from multiple partners for a controversial friend-suggestion tool called “People You May Know.”
The feature, introduced in 2008, continues even though some Facebook users have objected to it, unsettled by its knowledge of their real-world relationships. Gizmodo and other news outlets have reported cases of the tool’s recommending friend connections between patients of the same psychiatrist, estranged family members, and a harasser and his victim.
Facebook, in turn, used contact lists from the partners, including Amazon, Yahoo and the Chinese company Huawei — which has been flagged as a security threat by American intelligence officials — to gain deeper insight into people’s relationships and suggest more connections, the records show.
‘You scratch my algorithm’s back. I’ll scratch your algorithm’s back,’ or so the arrangement apparently went.
Back in 2017, I asked Facebook whether it was getting information from “third parties such as data brokers” to help power its creepily accurate friend recommendations. A spokesperson told me by email, “Facebook does not use information from data brokers for People You May Know,” in what now seems to be a purposefully evasive answer.
Facebook doesn’t want to tell us how its systems work. Amazon doesn’t want to tell us how its systems work. These companies are data mining us, sometimes in concert, to make uncomfortably accurate connections but also erroneous assumptions. They don’t want to tell us how they do it, suggesting they know it’s become too invasive to reveal. Thank god for leakers and lawsuits.
Five minutes away from the town of Tiquina, on the shores of Lake Titicaca, archaeologists found the remains of an ancient civilization under the waters of the lake.
The find was made 10 years ago, by Christophe Delaere, an archaeologist from the Free University of Belgium, by following information provided by the locals. 24 submerged archaeological sites have been identified under the lake, according to the BBC.
The most significant of these sites is at Santiago de Ojjelaya, and the Bolivian government has recently agreed to build a museum there to preserve both the underwater structures and those which are on land.
Lake Titicaca. Photo by Alex Proimos CC BY SA 2.0
The project is supposed to be finished in 2020 and will cost an estimated $10 million. The Bolivian government is funding the project with help from UNESCO and is backed by the Belgian development cooperation agency.
The proposed building will have two parts and cover an area of about 2.3 acres (9,360 square meters). One part of the museum will be on the shore, and it will display artifacts that have been raised from the lake bottom. The second part will be partially submerged, with enormous glass walls that will look out under the lake, allowing visitors to see the “hidden city” below.
Old pottery from Tiwanaku at the Ethnologisches Museum, Berlin-Dahlem.
According to the Bolivia Travel Channel, the museum will facilitate the beginning of an archaeological tourism enterprise, which “will be a resort and archaeology research center, geology and biology, characteristics that typified it unique in the world [sic],” according to Wilma Alanoca Mamani, holder of the portfolio of the Plurinational State. Christophe Delaere said that the building’s design incorporates elements of architecture used by the Andean cultures who inhabited the area.
Jose Luis Paz, who is the director of heritage for Bolivia’s Ministry of Culture, says that two types of underwater ruins will be visible when the building is complete: religious/spiritual offering sites, primarily underwater, and places where people lived and worked, which were primarily on the shoreline. He went on to say that the spiritual sites were likely flooded much later than the settlements.
Chullpas from Tiwanaku epoch. Photo by Diego Delso CC BY-SA 4.0
A team of archaeological divers and Bolivian and Belgian experts have located thousands of items in the underwater sites. Some of these pieces will be brought up, but the majority will remain underwater as they are quite well-preserved.
Wilma Mamani said that more than 10,000 items have been found including gold and ceramic pieces and various kinds of bowls and other vessels. The items are of pre-Inca Tiwanaku civilizations. Some of the artifacts have been estimated to be 2,000 years old, and others have been dated back to when the Tiwanaku empire was one of the primary Andean civilizations.
Gateway of the Sun, Tiwanaku, drawn by Ephraim Squier in 1877.
Tiwanaku was a major civilization in Bolivia, with the main city built around 13,000 feet above sea level, near Lake Titicaca, which made it one of the highest urban centers ever built.
The city reached its zenith between 500 AD and 1000 AD, and, at its height, was home to about 10,000 people. It’s unclear exactly when the civilization took hold, but it is known that people started settling around Lake Titicaca about 2,000 BC.
The Gateway of the Sun from the Tiwanaku civilization in Bolivia.
According to Live Science, the city’s ancient name is unknown, since they never developed a written language, but archaeological evidence suggests that Tiwanaku cultural influence reached across the southern Andes, into Argentina, Peru, and Chile, as well as Bolivia.
Tiwanaku began to decline around 1,000 AD, and the city was eventually abandoned. Even when it fell out of use, it stayed an important place in the mythology of the Andean people, who viewed it as a religious site.
Machine-learning research published in two related papers today in Nature Geoscience reports the detection of seismic signals accurately predicting the Cascadia fault’s slow slippage, a type of failure observed to precede large earthquakes in other subduction zones.
Los Alamos National Laboratory researchers applied machine learning to analyze Cascadia data and discovered the megathrust broadcasts a constant tremor, a fingerprint of the fault’s displacement. More importantly, they found a direct parallel between the loudness of the fault’s acoustic signal and its physical changes. Cascadia’s groans, previously discounted as meaningless noise, foretold its fragility.
“Cascadia’s behavior was buried in the data. Until machine learning revealed precise patterns, we all discarded the continuous signal as noise, but it was full of rich information. We discovered a highly predictable sound pattern that indicates slippage and fault failure,” said Los Alamos scientist Paul Johnson. “We also found a precise link between the fragility of the fault and the signal’s strength, which can help us more accurately predict a megaquake.”
With Microsoft’s decision to end development of its own Web rendering engine and switch to Chromium, control over the Web has functionally been ceded to Google. That’s a worrying turn of events, given the company’s past behavior.
[…]
Google is already a company that exercises considerable influence over the direction of the Web’s development. By owning both the most popular browser, Chrome, and some of the most-visited sites on the Web (in particular the namesake search engine, YouTube, and Gmail), Google has on a number of occasions used its might to deploy proprietary tech and put the rest of the industry in the position of having to catch up.
[…]
This is a company that, time and again, has tried to push the Web into a Google-controlled proprietary direction to improve the performance of Google’s online services when used in conjunction with Google’s browser, consolidating Google’s market positioning and putting everyone else at a disadvantage. Each time, pushback has come from the wider community, and so far, at least, the result has been industry standards that wrest control from Google’s hands. This action might already provoke doubts about the wisdom of handing effective control of the Web’s direction to Google, but at least a case could be made that, in the end, the right thing was done.
But other situations have had less satisfactory resolutions. YouTube has been a particular source of problems. Google controls a large fraction of the Web’s streaming video, and the company has, on a number of occasions, made changes to YouTube that make it worse in Edge and/or Firefox. Sometimes these changes have improved the site experience in Chrome, but even that isn’t always the case.
A person claiming to be a former Edge developer has today described one such action. For no obvious reason, Google changed YouTube to add a hidden, empty HTML element that overlaid each video. This element disabled Edge’s fastest, most efficient hardware accelerated video decoding. It hurt Edge’s battery-life performance and took it below Chrome’s. The change didn’t improve Chrome’s performance and didn’t appear to serve any real purpose; it just hurt Edge, allowing Google to claim that Chrome’s battery life was actually superior to Edge’s. Microsoft asked Google if the company could remove the element, to no avail.
The latest version of Edge addresses the YouTube issue and reinstated Edge’s performance. But when the company talks of having to do extra work to ensure EdgeHTML is compatible with the Web, this is the kind of thing that Microsoft has been forced to do.
[…]
Microsoft’s decision both gives Google an ever-larger slice of the pie and weakens Microsoft’s position as an opposing voice. Even with Edge and Internet Explorer having a diminished share of the market, Microsoft has retained some sway; its IIS Web server commands a significant Web presence, and there’s still value in having new protocols built in to Windows, as it increases their accessibility to software developers.
But now, Microsoft is committed to shipping and supporting whatever proprietary tech Google wants to develop, whether Microsoft likes it or not. Microsoft has been very explicit that its adoption of Chromium is to ensure maximal Chrome compatibility, and the company says that it is developing new engineering processes to ensure that it can rapidly integrate, test, and distribute any changes from upstream—it doesn’t ever want to be in the position of substantially lagging behind Google’s browser.
[…]
Web developers have historically only bothered with such trivia as standards compliance and as a way to test their pages in multiple browsers when the market landscape has forced them to. This is what made Firefox’s early years so painful: most developers tested in Internet Explorer and nothing else, leaving Firefox compatibility to chance. As Firefox, and later Chrome, rose to challenge Internet Explorer’s dominance, cross-browser testing became essential, and standards adherence became more valuable.
With Chrome, Firefox, and Edge all as going concerns, a fair amount of discipline is imposed on Web developers. But with Edge removed and Chrome taking a large majority of the market, making the effort to support Firefox becomes more expensive.
Mozilla CEO Chris Beard fears that this consolidation could make things harder for Mozilla—an organization that exists to ensure that the Web remains a competitive landscape that offers meaningful options and isn’t subject to any one company’s control. Mozilla’s position is already tricky, dependent as it is on Google’s funding.
[…]
By relegating Firefox to being the sole secondary browser, Microsoft has just made it that much harder to justify making sites work in Firefox. The company has made designing for Chrome and ignoring everything else a bit more palatable, and Mozilla’s continued existence is now that bit more marginal. Microsoft’s move puts Google in charge of the direction of the Web’s development. Google’s track record shows it shouldn’t be trusted with such a position.
That means starting this holiday season, you should be able to ask the Google Assistant if your flight is on time and get a response showing the status of your flight, the length of a delay (if there is one), and even the cause (assuming that info is available)
“Over the next few weeks,” Google says its flight delay predictor will also start notifying you in cases where its system is 85 percent confident, which is deduced by looking at data from past flight records and combining that with a bit a machine learning smarts to determine if your flight might be late. That leaves some room for error, so it’s also important to note that even when Google predicts that your flight is delayed, it may still recommend for you to show up to the airport normally.
Still, in the space of a year, Google seems to have upped its confidence threshold for predicted delays from 80 to 85 percent
For the first time, an object in our solar system has been found more than 100 times farther than Earth is from the sun.
The International Astronomical Union’s Minor Planet Center announced the discovery Monday, calling the object 2018 VG18. But the researchers who found it are calling it “Farout.”
They believe the spherical object is a dwarf planet more than 310 miles in diameter, with a pinkish hue. That color has been associated with objects that are rich in ice, and given its distance from the sun, that isn’t hard to believe. Its slow orbit probably takes more than 1,000 years to make one trip around the sun, the researchers said.
The distance between the Earth and the sun is an AU, or astronomical unit — the equivalent of about 93 million miles. Farout is 120 AU from the sun. Eris, the next most distant object known, is 96 AU from the sun. For reference, Pluto is 34 AU away.
The object was found by the Carnegie Institution for Science’s Scott S. Sheppard, the University of Hawaii’s David Tholen and Northern Arizona University’s Chad Trujillo — and it’s not their first discovery.
The team has been searching for a super-Earth-size planet on the edge of our solar system, known as Planet Nine or Planet X, since 2014. They first suggested the existence of this possible planet in 2014 after finding “Biden” at 84 AU. Along the way, they have discovered more distant solar system objects suggesting that the gravity of something massive is influencing their orbit.
A team of researchers from Austria, Italy and Sweden has successfully demonstrated teleportation using on-demand photons from quantum dots. In their paper published in the journal Science Advances, the group explains how they accomplished this feat and how it applies to future quantum communications networks.
Scientists and many others are very interested in developing truly quantum communications networks—it is believed that such networks will be safe from hacking or eavesdropping due to their very nature. But, as the researchers with this new effort point out, there are still some problems standing in the way. One of these is the difficulty in amplifying quantum signals. One way to get around this problem, they note, is to generate photons on-demand as part of a quantum repeater—this helps to effectively handle the high clock rates. In this new effort, they have done just that, using semiconductor quantum dots.
Prior work surrounding the possibility of using semiconductor quantum dots has shown that it is a feasible way to demonstrate teleportation, but only under certain conditions, none of which allowed for on-demand applications. Because of that, they have not been considered a push-button technology. In this new effort, the researchers overcame this problem by creating quantum dots that were highly symmetrical using an etching method to create the hole pairs in which the quantum dots develop. The process they used was called a XX (biexciton)–X (exciton) cascade. They then employed a dual-pulsed excitation scheme to populate the desired XX state (after two pairs shed photons, they retained their entanglement). Doing so allowed for the production of on-demand single photons suitable for use in teleportation. The dual pulsed excitation scheme was critical to the process, the team notes, because it minimized re-excitation.
The researchers tested their process first on subjective inputs and then on different quantum dots, proving that it could work across a broad range of applications. They followed that up by creating a framework that other researchers could use as a guide in replicating their efforts. But they also acknowledged that there is still more work to be done (mostly in raising the clock rates) before the process could be used in real-world applications. They expect it will be just a few more years.
AI systems can now create images of humans that are so lifelike they look like photographs, except the people in them don’t really exist.
See for yourself. Each picture below is an output produced by a generative adversarial network (GAN), a system made up of two different networks including a generator and a discriminator. Developers have used GANs to create everything from artwork to dental crowns.
Some of the images created from Nvidia’s style transfer GAN. Image credit: Karras et al. and Nvidia
The performance of a GAN is often tied to how realistic its results are. What started out as tiny, blurry, greyscale images of human faces four years ago, has since morphed into full colour portraits.
Early results from when the idea of GANs were first introduced. Image credit: Goodfellow et al.
The new GAN built by Nvidia researchers rests on the idea of “style transfer”. First, the generator network learns a constant input taken from a photograph of a real person. This face is used as a reference, and encoded as a vector that is mapped to a latent space that describe all the features in the image.
These features correlate to the essential characteristics that make up a face: eyes, nose, mouth, hair, pose, face shape, etc. After the generator learns these features it can begin adjusting these details to create a new face.
The transformation that determines how the appearance of these features change is determined from another secondary photo. In other words, the original photo copies the style of another photo so the end result is a sort of mishmash between both images. Finally, an element of noise is also added to generate random details, such as the exact placement of hairs, stubble, freckles, or skin pores, to make the images
“Our generator thinks of an image as a collection of ‘styles,” where each style controls the effects at a particular scale,” the researchers explained. The different features can be broken down into various styles: Coarse styles include the pose, hair, face shape; Middle styles are made up of facial features; and Fine styles determines the overall colour.
How the different style types are learned and transferred by crossing a photo with a source photo. Image credit: Kerras et al. and Nvidia.
The different style types can, therefore, be crossed continuously with other photos to generate a range of completely new images to cover pictures of people of different ethnicities, genders and ages. You can watch a video demonstration of this happening below.
The discriminator network inspects the images coming from the generator and tries to work out if they’re real or fake. The generator improves over time so that its outputs consistently trick the discriminator.
An explosive new report by Reuters released Friday may upturn the narrative surrounding the potential cancer risks of talcum powder. According to the report, Johnson & Johnson—the makers of the most popular consumer talc product, Baby Powder—knew for decades that its products at times contained carcinogenic asbestos, but did everything possible to keep its findings shrouded from the public and even health officials.
The report’s allegations are sourced from hundreds of internal company documents, according to Reuters, which the news agency has also made available to the public. Many of the documents were obtained during the course of legal battles waged against Johnson & Johnson over the years by customers alleging its products had caused their cancers; others were obtained by various journalists and news organizations.
Collectively, the documents seem to paint a damning picture of the company’s actions—and inaction—surrounding its products.
Talc is a soft white clay pulled up from the earth in mines. In these mines, asbestos—a broad term for six kinds of minerals that can be found in long, thin fibers—is regularly found alongside deposits of talc. But for decades, the company assured the public and regulators that its products were free of asbestos, even as some internal and independent tests found otherwise, according to the report.
Per Reuters:
In 1976, as the U.S. Food and Drug Administration (FDA) was weighing limits on asbestos in cosmetic talc products, J&J assured the regulator that no asbestos was “detected in any sample” of talc produced between December 1972 and October 1973. It didn’t tell the agency that at least three tests by three different labs from 1972 to 1975 had found asbestos in its talc – in one case at levels reported as “rather high.”
Reuters reports that the company was particularly sneaky in handling the first known lawsuit from a former customer, Darlene Coker, who alleged in 1997 that its products had caused her mesothelioma, a form of lung cancer. According to the Reuters report, J&J successfully denied requests by Coker’s attorney to turn over internal documents that would have demonstrated the presence of asbestos in its mining operations and products (Coker’s lungs were shown to be loaded with the sort of asbestos often seen in workers who are exposed to talc in large quantities). Without the documents, Coker dropped the case in 1999 and died a decade later.
Since Coker’s failed lawsuit, there have been more than 11,000 plaintiffs who have alleged that J&J’s products caused their cancers, according to Reuters. Many of these lawsuits, which often did not assert that asbestos contamination might have been the major contributing factor, have similarly failed, but cases that have gone to trial have resulted in verdicts in favor of the plaintiff. Just this July, a Missouri jury ordered the company to pay $4.69 billion in damages to 22 women and their families. In 2017, however, a California judge reversed a $417 million verdict and ordered a new trial.
Follow along to see the most interesting data points amassed by our
team of statisticians, all presented with colorful charts and insightful
commentary. Enjoy!
MIT researchers have invented a way to fabricate nanoscale 3-D objects of nearly any shape. They can also pattern the objects with a variety of useful materials, including metals, quantum dots, and DNA.
“It’s a way of putting nearly any kind of material into a 3-D pattern with nanoscale precision,” says Edward Boyden, an associate professor of biological engineering and of brain and cognitive sciences at MIT.
Using the new technique, the researchers can create any shape and structure they want by patterning a polymer scaffold with a laser. After attaching other useful materials to the scaffold, they shrink it, generating structures one thousandth the volume of the original.
These tiny structures could have applications in many fields, from optics to medicine to robotics, the researchers say. The technique uses equipment that many biology and materials science labs already have, making it widely accessible for researchers who want to try it.
Boyden, who is also a member of MIT’s Media Lab, McGovern Institute for Brain Research, and Koch Institute for Integrative Cancer Research, is one of the senior authors of the paper, which appears in the Dec. 13 issue of Science. The other senior author is Adam Marblestone, a Media Lab research affiliate, and the paper’s lead authors are graduate students Daniel Oran and Samuel Rodriques.
Implosion fabrication
Existing techniques for creating nanostructures are limited in what they can accomplish. Etching patterns onto a surface with light can produce 2-D nanostructures but doesn’t work for 3-D structures. It is possible to make 3-D nanostructures by gradually adding layers on top of each other, but this process is slow and challenging. And, while methods exist that can directly 3-D print nanoscale objects, they are restricted to specialized materials like polymers and plastics, which lack the functional properties necessary for many applications. Furthermore, they can only generate self-supporting structures. (The technique can yield a solid pyramid, for example, but not a linked chain or a hollow sphere.)
To overcome these limitations, Boyden and his students decided to adapt a technique that his lab developed a few years ago for high-resolution imaging of brain tissue. This technique, known as expansion microscopy, involves embedding tissue into a hydrogel and then expanding it, allowing for high resolution imaging with a regular microscope. Hundreds of research groups in biology and medicine are now using expansion microscopy, since it enables 3-D visualization of cells and tissues with ordinary hardware.
By reversing this process, the researchers found that they could create large-scale objects embedded in expanded hydrogels and then shrink them to the nanoscale, an approach that they call “implosion fabrication.”
As they did for expansion microscopy, the researchers used a very absorbent material made of polyacrylate, commonly found in diapers, as the scaffold for their nanofabrication process. The scaffold is bathed in a solution that contains molecules of fluorescein, which attach to the scaffold when they are activated by laser light.
Using two-photon microscopy, which allows for precise targeting of points deep within a structure, the researchers attach fluorescein molecules to specific locations within the gel. The fluorescein molecules act as anchors that can bind to other types of molecules that the researchers add.
“You attach the anchors where you want with light, and later you can attach whatever you want to the anchors,” Boyden says. “It could be a quantum dot, it could be a piece of DNA, it could be a gold nanoparticle.”
“It’s a bit like film photography—a latent image is formed by exposing a sensitive material in a gel to light. Then, you can develop that latent image into a real image by attaching another material, silver, afterwards. In this way implosion fabrication can create all sorts of structures, including gradients, unconnected structures, and multimaterial patterns,” Oran says.
Once the desired molecules are attached in the right locations, the researchers shrink the entire structure by adding an acid. The acid blocks the negative charges in the polyacrylate gel so that they no longer repel each other, causing the gel to contract. Using this technique, the researchers can shrink the objects 10-fold in each dimension (for an overall 1,000-fold reduction in volume). This ability to shrink not only allows for increased resolution, but also makes it possible to assemble materials in a low-density scaffold. This enables easy access for modification, and later the material becomes a dense solid when it is shrunk.
“People have been trying to invent better equipment to make smaller nanomaterials for years, but we realized that if you just use existing systems and embed your materials in this gel, you can shrink them down to the nanoscale, without distorting the patterns,” Rodriques says.
Currently, the researchers can create objects that are around 1 cubic millimeter, patterned with a resolution of 50 nanometers. There is a tradeoff between size and resolution: If the researchers want to make larger objects, about 1 cubic centimeter, they can achieve a resolution of about 500 nanometers. However, that resolution could be improved with further refinement of the process, the researchers say.
Another day, another tech company being disingenuous about its privacy practices. This time it’s Microsoft, after it was discovered that Windows 10 continues to track users’ activity even after they’ve disabled the activity-tracking option in their Windows 10 settings.
You can try it yourself. Pull up Windows 10’s Settings, go to the Privacy section, and disable everything in your Activity History. Give it a few days. Visit the Windows Privacy Dashboard online, and you’ll find that some applications, media, and even browsing history still shows up.
Application data found on the Windows Privacy Dashboard website
Screenshot: Brendan Hesse
Sure, this data can be manually deleted, but the fact that it’s being tracked at all is not a good look for Microsoft, and plenty of users have expressed their frustration online since the oversight was discovered. Luckily, Reddit user a_potato_is_missing found a workaround that blocks Windows and the Windows Store from tracking your PC activity, which comes from a tutorial originally posted by Tenforums user Shawn Brink.
We gave Brink’s strategy a shot and found it to be an effective workaround worth sharing for those who want to limit Microsoft’s activity-tracking for good. It’s a simple process that only requires you to download and open some files, but we’ll guide you through the steps since there a few caveats you’ll want to know.
How to disable the activity tracker in Windows 10
Brink’s method works by editing values in your Window Registry to block the Activity Tracker (via a .REG file). For transparency, here’s what changes the file makes:
These changes only apply to Activity Tracking and shouldn’t affect your operating system in any other way. Still, if something does go wrong, you can reverse this process, which is explained in step 7. To get started with Brink’s alterations:
Download the “Disable_Activity_history.reg” file from Brink’s tutorial to any folder you want.
Double-click on the .REG file to open it, and then click “Run” to begin applying the changes to your registry.
You will get the usual Window UAC notification to allow the file to make changes to your computer. Click “Yes.”
A warning box will pop up alerting you that making changes to your registry can result in applications and features not working, or cause system errors—all of which is true, but we haven’t run into any issues from applying this fix. If you’re cool with that, click “Yes” to apply the changes. The process should happen immediately, after which you’ll get one final dialogue box informing you of the information added to the registry. Click “OK” to close the file and wrap up the registry change.
After the registry edit is complete, you’ll need to sign out of Windows (press Windows Key+X then Shut down or Sign out>Sign out) then sign back in to apply the registry changes.
When you sign back in, your activity will no longer be tracked by Windows, even the stuff that was slipping through before.
To reverse the registry changes and re-enable the Activity Tracker, download the “Enable_Activity_history.reg” file also found on the Tenforums tutorial, then follow the same steps above.
Update 12/13/2018 at 12:30pm PT: Microsoft has released a statement to Neowin about the aforementioned “Activity History.” Here’s the statement from Windows & devices group privacy officer Marisa Rogers:
“Microsoft is committed to customer privacy, being transparent about the data we collect and use for your benefit, and we give you controls to manage your data. In this case, the same term ‘Activity History’ is used in both Windows 10 and the Microsoft Privacy Dashboard. Windows 10 Activity History data is only a subset of the data displayed in the Microsoft Privacy Dashboard. We are working to address this naming issue in a future update.”
As Neowin notes, Microsoft says there are two settings you should look into if you want to keep your PC from uploading your activity data:
“One is to go to Settings -> Privacy -> Activity history, and make sure that ‘Let Windows sync my activities from this PC to the cloud’ is unchecked. Also, you can go to Settings -> Privacy -> Diagnostics & feedback, and make sure that it’s set to basic.”
Virgin Galactic completed its longest rocket-powered flight ever on Thursday, taking a step ahead in the nascent business of space tourism.
The two pilots on board Virgin Galactic’s spacecraft Unity became the company’s first astronauts. Virgin Group founder Richard Branson was on hand to watch the historic moment.
“Many of you will know how important the dream of space travel is to me personally. Ever since I watched the moon landings as a child I have looked up to the skies with wonder,” Branson said after the flight. “This is a momentous day and I could not be more proud of our teams who together have opened a new chapter of space exploration.”
Virgin Galactic said the test flight reached an altitude of 51.4 miles, or nearly 83 kilometers. The U.S. military and NASA consider pilots who have flown above 80 kilometers to be astronauts. The Federal Aviation Administration announced on Thursday that pilots Mark Stucky and C.J Sturckow would receive commercial astronaut wings at a ceremony in Washington, D.C. early next year.
Lifted by the jet-powered mothership Eve, the spacecraft Unity took off from the Mojave Air and Space Port in the California desert. Upon reaching an altitude above 40,000 feet, the carrier aircraft released Unity. The two-member crew then piloted the spacecraft in a roaring burn which lasted 60 seconds. The flight pushed Unity to a speed of Mach 2.9, nearly three times the speed of sound, as it screamed into a climb toward the edge of space.
After performing a slow backflip in microgravity, Unity turned and glided back to land at Mojave. This was the company’s fourth rocket-powered flight of its test program.
Unity is the name of the spacecraft built by The Spaceship Company, which Branson also owns. This rocket design is officially known as SpaceShipTwo (SS2).
Unity also carried four NASA-funded payloads on this mission. The agency said the four technology experiments “will collect valuable data needed to mature the technologies for use on future missions.”
“Inexpensive access to suborbital space greatly benefits the technology research and broader spaceflight communities,” said Ryan Dibley, NASA’s flight opportunities campaign manager, in a statement.
The spacecraft underwent extensive engine testing and seven glide tests before Virgin Galactic said it was ready for a powered test flight — a crucial milestone before the company begins sending tourists to the edge of the atmosphere. Each of the previous three test flights were successful in pushing the spacecraft’s limits farther.
Yes, it can be done without rockets exploding all over the place or going the wrong direction. Well done, this is how commercial space flight should look.
At a Taylor Swift concert earlier this year, fans were reportedly treated to something they might not expect: a kiosk displaying clips of the pop star that served as a covert surveillance system. It’s a tale of creeping 21st-century surveillance as unnerving as it is predictable. But the whole ordeal has left us wondering what the hell is going on.
As Rolling Stone first reported, the kiosk was allegedly taking photos of concertgoers and running them through a facial recognition database in an effort to identify any of Swift’s stalkers. But the dragnet effort reportedly involved snapping photos of anyone who stared into the kiosk’s watchful abyss.
“Everybody who went by would stop and stare at it, and the software would start working,” Mike Downing, chief security officer at live entertainment company Oak View Group and its subsidiary Prevent Advisors, told Rolling Stone. Downing was at Swift’s concert, which took place at the Rose Bowl in Los Angeles in May, to check out a demo of the system. According to Downing, the photos taken by the camera inside of the kiosk were sent to a “command post” in Nashville. There, the images were scanned against images of hundreds of Swift’s known stalkers, Rolling Stone reports.
The Rolling Stone report has taken off in the past day, with Quartz, Vanity Fair, the Hill, the Verge, Business Insider, and others picking up the story. But the only real information we have is from Downing. And so far no one has answered some key questions—including the Oak View Group and Prevent Advisors, which have not responded to multiple requests for comment.
For starters, who is running this face recognition system? Was Taylor Swift or her people informed this reported measure would be in place? Were concertgoers informed that their photos were being taken and sent to a facial recognition database in another state? Were the photos stored, and if so, where and for how long? There were reportedly more than 60,000 people at the Rose Bowl concert—how many of those people had their mug snapped by the alleged spybooth? Did the system identify any Swift stalkers—and, if they did, what happened to those people?
It also remains to be seen whether there was any indication on the kiosk that it was snapping fans’ faces. But as Quartz pointed out, “concert venues are typically private locations, meaning even after security checkpoints, its owners can subject concert-goers to any kind of surveillance they want, including facial recognition.”
The Earth is far more alive than previously thought, according to “deep life” studies that reveal a rich ecosystem beneath our feet that is almost twice the size of all the world’s oceans.
Despite extreme heat, no light, minuscule nutrition and intense pressure, scientists estimate this subterranean biosphere is teeming with between 15bn and 23bn tonnes of micro-organisms, hundreds of times the combined weight of every human on the planet.
Researchers at the Deep Carbon Observatory say the diversity of underworld species bears comparison to the Amazon or the Galápagos Islands, but unlike those places the environment is still largely pristine because people have yet to probe most of the subsurface.
“It’s like finding a whole new reservoir of life on Earth,” said Karen Lloyd, an associate professor at the University of Tennessee in Knoxville. “We are discovering new types of life all the time. So much of life is within the Earth rather than on top of it.”
The team combines 1,200 scientists from 52 countries in disciplines ranging from geology and microbiology to chemistry and physics. A year before the conclusion of their 10-year study, they will present an amalgamation of findings to date before the American Geophysical Union’s annual meeting opens this week.
Samples were taken from boreholes more than 5km deep and undersea drilling sites to construct models of the ecosystem and estimate how much living carbon it might contain.
The results suggest 70% of Earth’s bacteria and archaea exist in the subsurface, including barbed Altiarchaeales that live in sulphuric springs and Geogemma barossii, a single-celled organism found at 121C hydrothermal vents at the bottom of the sea.
One organism found 2.5km below the surface has been buried for millions of years and may not rely at all on energy from the sun. Instead, the methanogen has found a way to create methane in this low energy environment, which it may not use to reproduce or divide, but to replace or repair broken parts.
Lloyd said: “The strangest thing for me is that some organisms can exist for millennia. They are metabolically active but in stasis, with less energy than we thought possible of supporting life.”
Rick Colwell, a microbial ecologist at Oregon State University, said the timescales of subterranean life were completely different. Some microorganisms have been alive for thousands of years, barely moving except with shifts in the tectonic plates, earthquakes or eruptions.
Guess what? A bunch of apps like knowing where you are, so that their developers can then take that data, package it up for various advertising companies, and make a quick buck off of your precise whereabouts—including where you go and how long you spend there.
The millions of dots on the map trace highways, side streets and bike trails — each one following the path of an anonymous cellphone user.
One path tracks someone from a home outside Newark to a nearby Planned Parenthood, remaining there for more than an hour. Another represents a person who travels with the mayor of New York during the day and returns to Long Island at night.
Yet another leaves a house in upstate New York at 7 a.m. and travels to a middle school 14 miles away, staying until late afternoon each school day. Only one person makes that trip: Lisa Magrin, a 46-year-old math teacher. Her smartphone goes with her.
An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds, according to a database of more than a million phones in the New York area that was reviewed by The New York Times. While Ms. Magrin’s identity was not disclosed in those records, The Times was able to easily connect her to that dot.
The app tracked her as she went to a Weight Watchers meeting and to her dermatologist’s office for a minor procedure. It followed her hiking with her dog and staying at her ex-boyfriend’s home, information she found disturbing.
“It’s the thought of people finding out those intimate details that you don’t want people to know,” said Ms. Magrin, who allowed The Times to review her location data.
Like many consumers, Ms. Magrin knew that apps could track people’s movements. But as smartphones have become ubiquitous and technology more accurate, an industry of snooping on people’s daily habits has spread and grown more intrusive.
Lisa Magrin is the only person who travels regularly from her home to the school where she works. Her location was recorded more than 800 times there, often in her classroom .
A visit to a doctor’s office is also included. The data is so specific that The Times could determine how long she was there.
Ms. Magrin’s location data shows other often-visited locations, including the gym and Weight Watchers.
In about four months’ of data reviewed by The Times, her location was recorded over 8,600 times — on average, once every 21 minutes.
By Michael H. Keller and Richard Harris | Satellite imagery by Mapbox and DigitalGlobe
At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information, The Times found. Several of those businesses claim to track up to 200 million mobile devices in the United States — about half those in use last year. The database reviewed by The Times — a sample of information gathered in 2017 and held by one company — reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.
These companies sell, use or analyze the data to cater to advertisers, retail outlets and even hedge funds seeking insights into consumer behavior. It’s a hot market, with sales of location-targeted advertising reaching an estimated $21 billion this year. IBM has gotten into the industry, with its purchase of the Weather Channel’s apps. The social network Foursquare remade itself as a location marketing company. Prominent investors in location start-ups include Goldman Sachs and Peter Thiel, the PayPal co-founder.
Businesses say their interest is in the patterns, not the identities, that the data reveals about consumers. They note that the information apps collect is tied not to someone’s name or phone number but to a unique ID. But those with access to the raw data — including employees or clients — could still identify a person without consent. They could follow someone they knew, by pinpointing a phone that regularly spent time at that person’s home address. Or, working in reverse, they could attach a name to an anonymous dot, by seeing where the device spent nights and using public records to figure out who lived there.
Many location companies say that when phone users enable location services, their data is fair game. But, The Times found, the explanations people see when prompted to give permission are often incomplete or misleading. An app may tell users that granting access to their location will help them get traffic information, but not mention that the data will be shared and sold. That disclosure is often buried in a vague privacy policy.
“Location information can reveal some of the most intimate details of a person’s life — whether you’ve visited a psychiatrist, whether you went to an A.A. meeting, who you might date,” said Senator Ron Wyden, Democrat of Oregon, who has proposed bills to limit the collection and sale of such data, which are largely unregulated in the United States.
“It’s not right to have consumers kept in the dark about how their data is sold and shared and then leave them unable to do anything about it,” he added.
Mobile Surveillance Devices
After Elise Lee, a nurse in Manhattan, saw that her device had been tracked to the main operating room at the hospital where she works, she expressed concern about her privacy and that of her patients.
“It’s very scary,” said Ms. Lee, who allowed The Times to examine her location history in the data set it reviewed. “It feels like someone is following me, personally.”
The mobile location industry began as a way to customize apps and target ads for nearby businesses, but it has morphed into a data collection and analysis machine.
Retailers look to tracking companies to tell them about their own customers and their competitors’. For a web seminar last year, Elina Greenstein, an executive at the location company GroundTruth, mapped out the path of a hypothetical consumer from home to work to show potential clients how tracking could reveal a person’s preferences. For example, someone may search online for healthy recipes, but GroundTruth can see that the person often eats at fast-food restaurants.
“We look to understand who a person is, based on where they’ve been and where they’re going, in order to influence what they’re going to do next,” Ms. Greenstein said.
Financial firms can use the information to make investment decisions before a company reports earnings — seeing, for example, if more people are working on a factory floor, or going to a retailer’s stores.
A device arrives at approximately 12:45 p.m., entering the clinic from the western entrance.
It stays for two hours, then returns to a home.
By Michael H. Keller | Imagery by Google Earth
Health care facilities are among the more enticing but troubling areas for tracking, as Ms. Lee’s reaction demonstrated. Tell All Digital, a Long Island advertising firm that is a client of a location company, says it runs ad campaigns for personal injury lawyers targeting people anonymously in emergency rooms.
“The book ‘1984,’ we’re kind of living it in a lot of ways,” said Bill Kakis, a managing partner at Tell All.
Jails, schools, a military base and a nuclear power plant — even crime scenes — appeared in the data set The Times reviewed. One person, perhaps a detective, arrived at the site of a late-night homicide in Manhattan, then spent time at a nearby hospital, returning repeatedly to the local police station.
Two location firms, Fysical and SafeGraph, mapped people attending the 2017 presidential inauguration. On Fysical’s map, a bright red box near the Capitol steps indicated the general location of President Trump and those around him, cellphones pinging away. Fysical’s chief executive said in an email that the data it used was anonymous. SafeGraph did not respond to requests for comment.
Data reviewed by The Times includes dozens of schools. Here a device , most likely a child’s, is tracked from a home to school.
The device spends time at the playground before entering the school just before 8 a.m., where it remains until 3 p.m.
More than 40 other devices appear in the school during the day. Many are traceable to nearby homes.
By Michael H. Keller | Imagery by Google Earth
More than 1,000 popular apps contain location-sharing code from such companies, according to 2018 data from MightySignal, a mobile analysis firm. Google’s Android system was found to have about 1,200 apps with such code, compared with about 200 on Apple’s iOS.
The most prolific company was Reveal Mobile, based in North Carolina, which had location-gathering code in more than 500 apps, including many that provide local news. A Reveal spokesman said that the popularity of its code showed that it helped app developers make ad money and consumers get free services.
To evaluate location-sharing practices, The Times tested 20 apps, most of which had been flagged by researchers and industry insiders as potentially sharing the data. Together, 17 of the apps sent exact latitude and longitude to about 70 businesses. Precise location data from one app, WeatherBug on iOS, was received by 40 companies. When contacted by The Times, some of the companies that received that data described it as “unsolicited” or “inappropriate.”
WeatherBug, owned by GroundTruth, asks users’ permission to collect their location and tells them the information will be used to personalize ads. GroundTruth said that it typically sent the data to ad companies it worked with, but that if they didn’t want the information they could ask to stop receiving it.
Records show a device entering Gracie Mansion, the mayor’s residence, before traveling to a Y.M.C.A. in Brooklyn that the mayor frequents.
It travels to an event on Staten Island that the mayor attended. Later, it returns to a home on Long Island.
Gracie
Mansion
By Michael H. Keller | Satellite imagery by Mapbox and DigitalGlobe
The Times also identified more than 25 other companies that have said in marketing materials or interviews that they sell location data or services, including targeted advertising.
The spread of this information raises questions about how securely it is handled and whether it is vulnerable to hacking, said Serge Egelman, a computer security and privacy researcher affiliated with the University of California, Berkeley.
“There are really no consequences” for companies that don’t protect the data, he said, “other than bad press that gets forgotten about.”
A Question of Awareness
Companies that use location data say that people agree to share their information in exchange for customized services, rewards and discounts. Ms. Magrin, the teacher, noted that she liked that tracking technology let her record her jogging routes.
Brian Wong, chief executive of Kiip, a mobile ad firm that has also sold anonymous data from some of the apps it works with, says users give apps permission to use and share their data. “You are receiving these services for free because advertisers are helping monetize and pay for it,” he said, adding, “You would have to be pretty oblivious if you are not aware that this is going on.”
But Ms. Lee, the nurse, had a different view. “I guess that’s what they have to tell themselves,” she said of the companies. “But come on.”
Ms. Lee had given apps on her iPhone access to her location only for certain purposes — helping her find parking spaces, sending her weather alerts — and only if they did not indicate that the information would be used for anything else, she said. Ms. Magrin had allowed about a dozen apps on her Android phone access to her whereabouts for services like traffic notifications.
An app on Lisa Magrin’s cellphone collected her location information, which was then shared with other companies. The data revealed her daily habits, including hikes with her dog, Lulu.Nathaniel Brooks for The New York Times
But it is easy to share information without realizing it. Of the 17 apps that The Times saw sending precise location data, just three on iOS and one on Android told users in a prompt during the permission process that the information could be used for advertising. Only one app, GasBuddy, which identifies nearby gas stations, indicated that data could also be shared to “analyze industry trends.”
More typical was theScore, a sports app: When prompting users to grant access to their location, it said the data would help “recommend local teams and players that are relevant to you.” The app passed precise coordinates to 16 advertising and location companies.
A spokesman for theScore said that the language in the prompt was intended only as a “quick introduction to certain key product features” and that the full uses of the data were described in the app’s privacy policy.
The Weather Channel app, owned by an IBM subsidiary, told users that sharing their locations would let them get personalized local weather reports. IBM said the subsidiary, the Weather Company, discussed other uses in its privacy policy and in a separate “privacy settings” section of the app. Information on advertising was included there, but a part of the app called “location settings” made no mention of it.
A notice that Android users saw when theScore, a sports app, asked for access to their location data.
The Weather Channel app showed iPhone users this message when it first asked for their location data.
The app did not explicitly disclose that the company had also analyzed the data for hedge funds — a pilot program that was promoted on the company’s website. An IBM spokesman said the pilot had ended. (IBM updated the app’s privacy policy on Dec. 5, after queries from The Times, to say that it might share aggregated location data for commercial purposes such as analyzing foot traffic.)
Even industry insiders acknowledge that many people either don’t read those policies or may not fully understand their opaque language. Policies for apps that funnel location information to help investment firms, for instance, have said the data is used for market analysis, or simply shared for business purposes.
“Most people don’t know what’s going on,” said Emmett Kilduff, the chief executive of Eagle Alpha, which sells data to financial firms and hedge funds. Mr. Kilduff said responsibility for complying with data-gathering regulations fell to the companies that collected it from people.
Many location companies say they voluntarily take steps to protect users’ privacy, but policies vary widely.
For example, Sense360, which focuses on the restaurant industry, says it scrambles data within a 1,000-foot square around the device’s approximate home location. Another company, Factual, says that it collects data from consumers at home, but that its database doesn’t contain their addresses.
In the data set reviewed by The Times, phone locations are recorded in sensitive areas including the Indian Point nuclear plant near New York City. By Michael H. Keller | Satellite imagery by Mapbox and DigitalGlobe
The information from one Sunday included more than 800 data points from over 60 unique devices inside and around a church in New Jersey. By Michael H. Keller | Satellite imagery by Mapbox and DigitalGlobe
Some companies say they delete the location data after using it to serve ads, some use it for ads and pass it along to data aggregation companies, and others keep the information for years.
Several people in the location business said that it would be relatively simple to figure out individual identities in this kind of data, but that they didn’t do it. Others suggested it would require so much effort that hackers wouldn’t bother.
It “would take an enormous amount of resources,” said Bill Daddi, a spokesman for Cuebiq, which analyzes anonymous location data to help retailers and others, and raised more than $27 million this year from investors including Goldman Sachs and Nasdaq Ventures. Nevertheless, Cuebiq encrypts its information, logs employee queries and sells aggregated analysis, he said.
There is no federal law limiting the collection or use of such data. Still, apps that ask for access to users’ locations, prompting them for permission while leaving out important details about how the data will be used, may run afoul of federal rules on deceptive business practices, said Maneesha Mithal, a privacy official at the Federal Trade Commission.
“You can’t cure a misleading just-in-time disclosure with information in a privacy policy,” Ms. Mithal said.
Following the Money
Apps form the backbone of this new location data economy.
The app developers can make money by directly selling their data, or by sharing it for location-based ads, which command a premium. Location data companies pay half a cent to two cents per user per month, according to offer letters to app makers reviewed by The Times.
Targeted advertising is by far the most common use of the information.
Google and Facebook, which dominate the mobile ad market, also lead in location-based advertising. Both companies collect the data from their own apps. They say they don’t sell it but keep it for themselves to personalize their services, sell targeted ads across the internet and track whether the ads lead to sales at brick-and-mortar stores. Google, which also receives precise location information from apps that use its ad services, said it modified that data to make it less exact.
Smaller companies compete for the rest of the market, including by selling data and analysis to financial institutions. This segment of the industry is small but growing, expected to reach about $250 million a year by 2020, according to the market research firm Opimas.
Apple and Google have a financial interest in keeping developers happy, but both have taken steps to limit location data collection. In the most recent version of Android, apps that are not in use can collect locations “a few times an hour,” instead of continuously.
Apple has been stricter, for example requiring apps to justify collecting location details in pop-up messages. But Apple’s instructions for writing these pop-ups do not mention advertising or data sale, only features like getting “estimated travel times.”
A spokesman said the company mandates that developers use the data only to provide a service directly relevant to the app, or to serve advertising that met Apple’s guidelines.
Apple recently shelved plans that industry insiders say would have significantly curtailed location collection. Last year, the company said an upcoming version of iOS would show a blue bar onscreen whenever an app not in use was gaining access to location data.
The discussion served as a “warning shot” to people in the location industry, David Shim, chief executive of the location company Placed, said at an industry event last year.
After examining maps showing the locations extracted by their apps, Ms. Lee, the nurse, and Ms. Magrin, the teacher, immediately limited what data those apps could get. Ms. Lee said she told the other operating-room nurses to do the same.
“I went through all their phones and just told them: ‘You have to turn this off. You have to delete this,’” Ms. Lee said. “Nobody knew.”
De impact van een buitenreclame campagne wordt voor 40% bepaald door de creatie van de uiting, voor 30% door het merk en voor 30% door de mediadruk. De Outdoor Ad Impact Forecaster analyseert vooraf een campagne op basis van deze drie kenmerken en geeft een rapport dat binnen 24 tot 48 uur de impact van een Out-of-Home campagne voorspelt.
Deze voorspelling is gebaseerd op ruim 300 effectmetingen uitgevoerd door MeMo², waarvan de data op basis van machine learning in een voorspellingstool is verwerkt. De impact van de campagne wordt weergegeven in de vorm van een sterrenrating en daaropvolgend geeft de Forecaster een concreet advies over aanpassingen die de campagne impactvoller maken. Dit wordt aangevuld met professioneel advies van zowel de onderzoekers van MeMo² als de specialisten van Exterion Media. Dit tezamen vormt een compleet rapport voor een nog effectievere buitenreclame campagne.
A corporate-issued laptop lifted from a Lenovo employee in Singapore contained a cornucopia of unencrypted payroll data on staff based in the Asia Pacific region, The Register can exclusively reveal.
Details of the massive screw-up reached us from Lenovo staffers, who are simply bewildered at the monumental mistake. Lenovo has sent letters of shame to its employees confessing the security snafu.
“We are writing to notify you that Lenovo has learned that one of our Singapore employees recently had the work laptop stolen on 10 September 2018,” the letter from Lenovo HR and IT Security, dated 21 November, stated.
“Unfortunately, this laptop contained payroll information, including employee name, monthly salary amounts and bank account numbers for Asia Pacific employees and was not encrypted.”
The letter stated there is currently “no indication” that the sensitive employee data has been “used or compromised”, and Lenovo said it is working with local police to “recover the stolen device”.
In a nod to concerns that will have arisen from this lapse in security, Lenovo is “reviewing the work practices and control in this location to ensure similar incidents do not occur”.
On hand with more wonderfully practical advice, after the stable doors were left swinging open, Lenovo told staff: “As a precaution, we recommend that all employees monitor bank accounts for any unusual activities. Be especially vigilant for possible phishing attacks and be sure to notify your financial institution right away if you notice any unusual transactions.”
The letter concluded on a high note. “Lenovo takes the security of employee information very seriously. And while there is no indication any data has been compromised, please let us know if you have any questions.”
The staff likely do. One told us the incident was “extremely concerning” but “somehow not surprising in any way. How on Earth did they let this data exist on a laptop that was not encrypted?”
A US Congressional report outlining the breakdowns that led to the 2017 theft of 148 million personal records from Equifax has revealed a stunning catalog of failure.
The 96-page report (PDF) from the Committee of Oversight and Government Reform found that the 2017 network breach could have easily been prevented had the company taken basic security precautions.
“Equifax, however, failed to implement an adequate security program to protect this sensitive data,” the report reads.
“As a result, Equifax allowed one of the largest data breaches in US history. Such a breach was entirely preventable.”
The report noted some of the previously-disclosed details of the hack, including the expired SSL certificate that had disabled its intrusion detection system for 19 months and the Apache Struts patch that went uninstalled for two months because of that bad cert.
The report states that Equifax’s IT team did scan for unpatched Apache Struts code on its network. But it only checked the root directory, not the subdirectory that was home to the unpatched software
Both issues were blamed for allowing an attacker to compromise the Equifax Automated Consumer Interview System and then spend weeks moving throughout the network to harvest personal records from other databases. It was only when the certificate was renewed that Equifax saw the massive amounts of data being copied from its servers and realized something was very wrong.
While those two specific issues were pinpointed as the source of the attack, the report finds that the intrusion was allowed to happen because the IT operation at Equifax had grown far too large far too fast, without a clear management structure or coherent policies across various departments.
Lousy IT security by design
“In 2005, former Equifax CEO Richard Smith embarked on an aggressive growth strategy, leading to the acquisition of multiple companies, IT systems, and data. While the acquisition strategy was successful for Equifax’s bottom line and stock price, this growth brought increasing complexity to Equifax’s IT systems, and expanded data security risks,” the committee found.
“In August 2017, three weeks before Equifax publicly announced the breach, Smith boasted Equifax was managing ‘almost 1,200 times’ the amount of data held in the Library of Congress every day.”
What’s more, the report notes that Equifax had been aware of these shortcomings for years, with internal audits that found problems in their software patching process back in 2015, and in both 2016 and 2017 a report from MSCI Inc. rated Equifax network security as a “zero out of ten.”
A 2015 audit found that ACIS, a Solaris environment that dated back to the 1970s, was not properly walled off from other databases, a fault that allowed the attackers to access dozens of systems they would not have otherwise been able to get to.
“Although the ACIS application required access to only three databases within the Equifax environment to perform its business function, the ACIS application was not segmented off from other, unrelated databases,” the report noted.
“As a result, the attackers used the application credentials to gain access to 48 unrelated databases outside of the ACIS environment.”
After the pwning of its servers was revealed Equifax blamed its woes on an IT staffer who hadn’t installed the Apache patch, and fired the person. The report makes it clear that there were many more people involved in Equifax’s failings than this one scapegoat.
To help prevent similar attacks from occurring, the report recommends a number of additional requirements for credit reporting agencies to tell people what information is being gathered, how it is stored, and who it is shared with. The report also suggests moving away from social security numbers as personal identifiers and recommends that companies in the finance and credit sectors be pushed to modernize their IT structure. ®
Last year, U.S. Customs and Border Protection (CBP) searched through the electronic devices of more than 29,000 travelers coming into the country. CBP officers sometimes upload personal data from those devices to Homeland Security servers by first transferring that data onto USB drives—drives that are supposed to be deleted after every use. But a new government report found that the majority of officers fail to delete the personal data.
The Department of Homeland Security’s internal watchdog, known as the Office of the Inspector General (OIG), released a new report yesterday detailing CBP’s many failures at the border. The new report, which is redacted in some places, explains that Customs officials don’t even follow their own extremely liberal rules.
Customs officials can conduct two kinds of electronic device searches at the border for anyone entering the country. The first is called a “basic” or “manual” search and involves the officer visually going through your phone, your computer or your tablet without transferring any data. The second is called an “advanced search” and allows the officer to transfer data from your device to DHS servers for inspection by running that data through its own software. Both searches are legal and don’t require a warrant or even probable cause—at least they don’t according to DHS.
It’s that second kind of search, the “advanced” kind, where CBP has really been messing up and regularly leaving the personal data of travelers on USB drives.
[The Office of the Inspector General] physically inspected thumb drives at five ports of entry. At three of the five ports, we found thumb drives that contained information copied from past advanced searches, meaning the information had not been deleted after the searches were completed. Based on our physical inspection, as well as the lack of a written policy, it appears [Office of Field Operations] has not universally implemented the requirement to delete copied information, increasing the risk of unauthorized disclosure of travelers’ data should thumb drives be lost or stolen.
It’s bad enough that the government is copying your data as you enter the country. But it’s another thing entirely to know that your data could just be floating around on USB drives that, as the Inspector General’s office admits, could be easily lost or stolen.
The new report found plenty of other practices that are concerning. The report notes that Customs officers regularly failed to disconnect devices from the internet, potentially tainting any findings stored locally on the device. The report doesn’t call out the invasion of privacy that comes with officials looking through your internet-connected apps, but that’s a given.
The watchdog also discovered that Customs officials had “inadequate supervision” to make sure that they were following the rules, and noted that these “deficiencies in supervision, guidance, and equipment management” were making everyone less safe.
But one thing that makes it sometimes hard to read the report is the abundance of redactions. As you can see, the little black boxes have redacted everything from what happens during an advanced search after someone crosses the border to the reason officials are allowed to conduct an advanced search at all:
Screenshot: Department of Homeland Security/Office of the Inspector General
The report notes that an April 2015 memo spells out when an advanced search may be conducted. But, again, that’s been redacted in the report.
Screenshot: Department of Homeland Security/Office of the Inspector General
But the Department of Homeland Security’s own incompetence might be our own saving grace for those concerned about digital privacy. The funniest detail in the new report? U.S. Customs and Border Protection forgot to renew its license for whatever top secret software it uses to conduct these advanced searches.
Screenshot: Department of Homeland Security/Office of the Inspector General
Curiously, the report claims that CBP “could not conduct advanced searches of laptop hard drives, USB drives, and multimedia cards at the ports of entry” from February 1, 2017 through September 12, 2017 because it failed to renew the software license. But one wonders if, in fact, the issue wasn’t resolved for almost a year, then what other “advanced search” methods were being used?
A Russian online mapping company was trying to obscure foreign military bases. But in doing so, it accidentally confirmed their locations—many of which were secret.
Yandex Maps, Russia’s leading online map service, blurred the precise locations of Turkish and Israeli military bases, pinpointing their location. The bases host sensitive surface-to-air missile sites and facilities housing nuclear weapons.
The Federation of American Scientists reports that Yandex Maps blurred out “over 300 distinct buildings, airfields, ports, bunkers, storage sites, bases, barracks, nuclear facilities, and random buildings” in the two countries. Some of these facilities were well known, but some of them were not. Not only has Yandex confirmed their locations, the scope of blurring reveals their exact size and shape.
