For the first time Japanese commission ordered Facebook to improve security

For the first time Japanese commission ordered Facebook to improve security:

The Japanese government ordered Facebook to improve the protection of users’ personal information following the recent data breaches that exposed data from millions of people.

… On Monday, Japan’s Personal Information Protection Commission ordered a further investigation of the data breach and asked the company to implement preventive security measures.

This is the first time that the commission has issued warnings to the social network giant after it has conducted an investigation along with British authorities.

According to government spokesman Yoshihide Suga, Facebook told Japanese authorities that the recent data breach also included Japanese users.

The commission also ordered the company to improve communication with users being more transparent of the way it manages their data and promptly responding to request for deleting accounts.

… “It is the first time that the commission, which investigated the data leak with British authorities, has issued warnings to Facebook,” an official told AFP.

Facebook added to be committed to “promptly inform users if the platform was inappropriately used and cooperate with the commission and other countries’ regulators” on its website.

Pierluigi Paganini

(Security Affairs – social network, cybersecurity)

The post For the first time Japanese commission ordered Facebook to improve security appeared first on Security Affairs.

(Via Security Affairs)

I wonder if this will translate into actual change.

Also on:

Are we all suffering from data breach fatigue?

Are we all suffering from data breach fatigue?:

It could also be, as New York Times reporter Mike Isaac noted on Twitter, that the constant barrage of news about Supreme Court nominee Brett Kavanaugh and the never-ending outrage about whatever Donald Trump just tweeted tends to use up the oxygen in the media; there is little left for things like a garden variety Facebook data leak. But as Isaac and others have also pointed out, this wasn’t just a routine breach—in this case, hackers got access to the full accounts of certain users, which means they also got access to whatever other services those users had logged into using their Facebook credentials. That significantly expands the potential damage of the hack, since many people sign into other services such as Tinder and Spotify with their Facebook login (on Tuesday, Facebook said in an update that it hadn’t detected any evidence of compromised third-party logins, although its investigation is still ongoing) …

Some users threaten to delete their accounts, and it’s possible that some do, but the vast majority don’t seem to care.

(Via Columbia Journalism Review)

I’m tired of the breach news barrage and it’s my job to stay current. Other topics dominating the news outside of my immediate personal and professional needs I muffle or mute if possible.

Also on:

ICYMI: Facebook Is Allowing Ad Targeting Based on Contact Information You Have No Control Over

Facebook Is Allowing Ad Targeting Based on Contact Information You Have No Control Over:

Even for Facebook’s low standards, this is exceptionally unethical: you haven’t given them permission to use this information; someone you know or someone you purchased products from has done that for you, probably with consent buried in an opaque privacy policy. There’s no way to opt out. And there are few-to-no regulations governing this.

(Via Pixel Envy)

This is a disaster from the security perspective. Users should enable 2FA to protect themselves with an expectation that this data is restricted for only this use.

Also on:

Facebook Lenses ←

Facebook Lenses:

Back when Stratechery started I wrote in the very first post that one of the topics I looked forward to exploring was “Why Wall Street is not completely insane”; I was thinking at the time about Apple, a company that, especially at that time, was regularly posting eye-popping revenue and profit numbers that did not necessarily lead to corresponding increases in the stock price, much to the consternation of Apple shareholders. The underlying point should be an obvious one: a stock price is about future earnings, not already realized ones; that the iPhone maker had just had a great quarter was an important signal about the future, but not a determinant factor, and that those pointing to the past to complain about a price predicated on the future were missing the point.

Of course that is exactly what I did in that tweet.

(Via Stratechery by Ben Thompson)

Ben has a long write-up on the Facebook financial news and how one can look at the data:

To be clear, I agreed with the Apple-investor sentiment all along: several of my early articles — Apple the Black Swan, Two Bears, and especially What Clayton Christensen Got Wrong — were about making the case that Apple’s business was far more sustainable with much deeper moats than most people realized, and it was that sustainability and defensibility that mattered more than any one quarter’s results.

The question is if a similar case can be made for Facebook: certainly my tweet taken literally was naive for the exact reasons those Apple investor complaints missed the point five years ago; what about the sentiment, though? Just how good of a business is Facebook?

As with many such things, it all depends on what lens you use to examine the question.

He looks at Facebook using several different “lenses”:  finances, products, ad infrastructure, multiplying moats, and reason for being (Facebook’s Raison D’être). While I follow his various lines of thinking, I think Ben spends a little too much effort on linking back to things he already said and not enough on expanding upon those thoughts. This is most apparent in his moats lens which needs fleshing out (it feels half-baked).

As it stands it’s a useful exercise in understanding a company’s financial and business drivers. Obviously, any discussion of Facebook will include security and privacy (and GDPR and …). Too often professionals in our industry fail to consider these things fully which leads us to the cyber security startup VC and blockchain bubbles we’re in.

Also on:

John Oliver Calls Facebook ‘History’s Most Profitable Data-Harvesting Machine’

John Oliver Calls Facebook ‘History’s Most Profitable Data-Harvesting Machine’:

“We came here for your data and the data of everyone you’ve ever come into contact with,” the ad’s narrator says. “Your data allowed us to make a fuckton of ad money … but here’s the thing. Nothing’s going to change. We’ve got your data, we’ve got your friends. And really, where are you going to go?”

(Via Motherboard)

Also on:

Why Do We Care So Much About Privacy? | The New Yorker

Why Do We Care So Much About Privacy? | The New Yorker:

Possibly the discussion is using the wrong vocabulary. “Privacy” is an odd name for the good that is being threatened by commercial exploitation and state surveillance. Privacy implies “It’s nobody’s business,” and that is not really what Roe v. Wade is about, or what the E.U. regulations are about, or even what Katz and Carpenter are about. The real issue is the one that Pollak and Martin, in their suit against the District of Columbia in the Muzak case, said it was: liberty. This means the freedom to choose what to do with your body, or who can see your personal information, or who can monitor your movements and record your calls—who gets to surveil your life and on what grounds.

I like changing the argument to liberty. There’s a ton of Founding Fathers materials on the topic.

Of course, in my professional capacity there’s a different argument to make but one that still applies to the individual.

As we are learning, the danger of data collection by online companies is not that they will use it to try to sell you stuff. The danger is that that information can so easily fall into the hands of parties whose motives are much less benign.

Intentional Twitter Usage

Intentional Twitter Usage:

Turning my notifications off mediated this somewhat, I am no longer poked to go back to Twitter by dings. I have never really viewed those notifications as important that need instant attention. The answer has been simply removing the app from my phone, I have drastically reduced my exposure to Twitter, and I really do feel better for it.

My Twitter usage is now restricted to when I want to ‘go and check’ Twitter on my computer. The downside is that I don’t reply to messages and mentions like I used to, and also my tweets will come in short bursts of quite a few in a short space of time. So I must apologise for the time line spam, however I will still continue to share things to Twitter using Linky, and posts to micro.blog will appear there also. I am not gone, just using Twitter far more intentionally and it has worked wonders.

(Via Greg Morris)

I did a version of Greg’s write-up a while ago. I was going to take the extra step of killing off my Twitter accounts but changed by mind, at least for now.

Also on:

Document: Trump’s Blocking of Critics on Twitter is Unconstitutional, U.S. District Court for the Southern District of New York Rules

Saw this coming …

Document: Trump’s Blocking of Critics on Twitter is Unconstitutional, U.S. District Court for the Southern District of New York Rules:

The U.S. District Court for the Southern District of New York has issued a declaratory judgment holding that President Trump’s blocking of his critics on Twitter violates the First Amendment. The ruling is included in full below.

 

 

(Via Lawfare – Hard National Security Choices)

UPDATE: Here’s more …

Federal Court Rules Trump Can’t Block People on Twitter:

A federal court ruled Wednesday that President Donald Trump’s wanton smashing of the “block” button on Twitter is unconstitutional.

In July 2017, civil liberties group Knight First Amendment Institute at Columbia University sued Trump on behalf of seven people whom he’d blocked on Twitter.

The ruling, made by Judge Naomi Reice Buchwald of the US District Court for the Southern District of New York, determines that the president’s @realDonaldTrump account is a “public forum,” and therefore his blocking people based on their political speech constitutes viewpoint discrimination that violates the First Amendment. It also includes an agonizingly thorough description of what Twitter is and how it works but manages to leave out the phrase “hellscape” entirely.

 

(Via Motherboard)

Also on:

Accessing Facebook …

Quick summary of how I use Facebook:

  1. Launch a VPN
  2. Use a private browser (with ad blocking) to navigate
  3. I do my Facebook stuff
  4. I log out of Facebook and then out of said private browser after clearing my browsing history
  5. I disconnect from the VPN

The moral of the story is that I use Facebook so long as it offers me value. However, I do not use it trivially. If and when I log in, it is with purpose and my session lasts exactly as long as I want.

I set myself up for success:

  • I have no app connections or integrations (with my personal website posts going away soon)
  • I don’t use Facebook for authentication anywhere
  • I do not have any of the mobile apps installed (other than Instagram, and only for the moment)
  • I set up two-factor authentication for Facebook login using an Authenticator app (not SMS or email)

What I thoughtlessly shared on Facebook is out there. Time and experience will tell the usefulness of that information and the impact of my data hygiene regimens.

What are you doing to reduce your social media surface and/or take ownership of your data?

Also on:

Reviews: Hollow, Go On Forever & Full of Stars

When I first managed people, just as I’d taken over a troubled retail sales department and had to do performance evaluations, I got a great piece of advice from my then mentor:

> If all your reviews are a 5 you are doing it wrong. You may have reasons to rationalize such scores, but you do no one – especially yourself – any favors by doing so.

We, my new team, turned the department around quickly. I ignored my mentor’s advice and went ahead with my “All 5” reviews (the best possible) and … they were rejected. I had to do them all over again, this time with supervision.

My mentor rightly chastised me for ignoring his guidance and then gave me the next nugget:

> If your team is all 5s, they’re all 2s.

Meaning if your baseline is so high and everyone gets the highest level, normalize the baseline. And it’s probably still too high.

> If people don’t have a challenge to overcome they will tend toward complacency.

I was lucky to have smart leaders. They saw my naïveté as an advantage. My short sighted management style was converted into a galvanizing experience for the team. Meanwhile, I reassessed.

Fast forward to today. We rank all kinds of things: Amazon purchases and podcasts and Lyft drivers and restaurants and beers and so on. How many of us default to 5 stars or equivalents? What about vapid or useless “me, too” comments? And how about the essay review? My approach is evolving, but in short:

> Am I adding value and what value am I adding?

If I experience something enjoyable but otherwise unremarkable, am I doing anyone any favors by assigning a 5? Better to make 2.5 the baseline.

What about the skew toward high scoring? Am I not making it worse for some things?

I try to add content to the review. A 3 beer, for example, is better than the average mass produced brew. If I give a beer such a score I will add the context to the score. Maybe it’s dry or fruity or hoppy or has some other attribute placing it above the norm.

Until this becomes normal I do not rely on straight up scored reviews for anything substantial. Again with beer or food I will trend toward the high scores with high review counts.

I suggest all embrace circumspection in scoring of things, services & people.

Let me know if you can identify the post’s title reference.

Also on: