thought the creepiest things to happen to social networking was when old guys, claiming to be eighteen-years-old started roaming social networks like MySpace and FaceBook looking to hook up with fifteen-year-olds.But now there’sa whole different kind of creepiness. Il pensiero creepiest cose che accada di social networking è stato quando è vecchio ragazzi, che dichiara di essere di diciotto anni ha iniziato il roaming reti sociali come MySpace e FaceBook cercando di collegare con quindici anni-olds.But adesso c'è tutto diverso tipo di Creepiness. And this one includes old guys in white lab coats roaming through FaceBook profiles. E questo include uno vecchio ragazzi e camici bianchi di roaming attraverso FaceBook profili. A bunch of scholars at Harvard University and University of California have decided to turn the vastly popular FaceBook into a Un gruppo di studiosi della Harvard University e la University of California hanno deciso di girare immensamente popolare in un FaceBook giant mouse maze Gigante del mouse labirinto .

If you’re a constant visitor of the site then you’ve probably added those quirky applications that let you throw your friend out window, bake them a cake, head butt – or make up your own little creative action. Se sei un costante visitatore del sito, quindi è probabile che tu abbia aggiunto quirky quelle applicazioni che consentono di gettare la finestra del tuo amico, cuocere loro una torta, capo butt - o compongono il tuo piccolo azione creativa.

Researchers have begun studying one class of students at a particular college, where applications like ‘Hot or Not’, ‘Pirates vs. Ninjas’, and cute little digital pets have become tools in determining certain aspects of social interactions online. I ricercatori hanno cominciato a studiare una classe di studenti in un determinato collegio, in cui le applicazioni come 'Hot o non', 'Pirates vs Ninjas', e simpatici piccoli animali domestici digitali sono diventati strumenti per la determinazione di alcuni aspetti sociali interazioni online.

The story in the New York Times didn’t specify if the class being studied knew that these creeps – I mean – scholars had informed them that they were looking at every little program they added, picture they posted, and whether or not they liked the movie Fight Club or not. La storia e il New York Times non ha specificato se la classe in fase di studio sapeva che questi si insinua - voglio dire - studiosi li aveva informato che erano in cerca a ogni piccolo programma hanno aggiunto, hanno pubblicato foto, e se o non l'hanno voluto Film Fight Club o meno.

Now, I understand that if you want to get a juicy perspective on youth culture – Facebook would be a good place to start. Ora, mi sembra di capire che, se si vuole ottenere una succosa prospettiva sulla cultura giovanile - Facebook sarebbe un buon punto di partenza. But there’s something about social science freaks digging through my profile and trying to find meaning in the fact that I just dropkicked my friend that makes me a little uncomfortable. Ma c'è qualcosa di scienze sociali freaks scavare attraverso il mio profilo e cercando di trovare significato e il fatto che ho appena dropkicked mio amico che mi fa un po 'a disagio.

Most of the time, I think social networking profiles are just a plastic exterior that doesn’t necessarily represent us as an individual. La maggior parte del tempo, credo di social networking sono solo profili di plastica esterno, che non rappresentano necessariamente noi come un individuo. It’s more like an external attachment, like a external hard drive. E 'più come un attacco esterno, come un disco rigido esterno. It isn’t really apart of us but it can be – but it’s temporary and changes without us having to change along with it. Non è proprio di là di noi, ma può essere - ma è temporaneo e modifiche senza dover cambiare noi con essa. Trying to draw together some conclusion and hidden meaning in stuff like this can only end with misinterpretations. Cercando di trarre qualche conclusione e insieme significato nascosto e roba come questa può solo concludere con errate.
—Eming Piansay - Eming Piansay

Alexi Mostrous and Dominic Kennedy Alessio Mostrous e Dominic Kennedy

Security breaches that are allowing the financial details of tens of thousands of Britons to be sold on the internet are to be investigated by the country’s information watchdog. Violazioni della sicurezza che sono i dettagli finanziari consentendo di decine di migliaia di cittadini britannici ad essere venduti su Internet devono essere oggetto di indagini da parte del paese informazioni watchdog.

Without paying a single penny, The Times downloaded banking information belonging to 32 people, including a High Court deputy judge and a managing director. Senza pagare un solo centesimo, The Times scaricato informazioni bancarie appartenenti a 32 persone, tra cui un giudice della High Court e un vice direttore generale. The private account numbers, PINs and security codes were offered as tasters by illegal hacking sites in the hope that purchases would follow. Il privato numeri di conto, codici PIN e di sicurezza sono stati offerti come degustatori illegale da siti di hacking, nella speranza che gli acquisti di seguire.

Richard Thomas, the Information Commissioner, will begin an investigation into the security breach today and Scotland Yard is also investigating. Richard Thomas, il Commissario Informazioni, avrà inizio l'indagine sulla violazione della sicurezza di oggi e di Scotland Yard è anche istruttore. Experts said that the findings suggested that more personal data than ever before was going astray. Esperti, ha detto che i risultati più suggerito che i dati personali che mai avrebbe sviato. The Times found: More than 100 websites trafficking British bank details A fraudster offering to sell 30,000 British credit card numbers for less than £1 each A British “e-passport” for sale, although the Government insists that they are unhackable. The Times trovati: Più di 100 siti web di traffico dati bancari britannici Un truffatore offerta di vendere 30000 britannico numeri di carte di credito per meno di £ 1 ogni Un britannico "e-passaporto" per la vendita, anche se il governo insiste sul fatto che essi sono unhackable.

The discovery comes as public alarm is growing about the dangers of identity theft. La scoperta viene come pubblico è crescente allarme sui pericoli di un furto di identità. HM Revenue & Customs has yet to retrieve two lost CDs containing the banking details of 25 million Britons, which ministers admitted had vanished in the post a fortnight ago. HM Revenue & Customs deve ancora recuperare perso due CD contenenti i dettagli bancario di 25 milioni di cittadini britannici, che aveva ammesso ministri e il post scomparso quindici giorni fa. At current underworld prices, these could fetch more than £100 million if they fell into the hands of hackers. A prezzi correnti inferi, questi potrebbe recuperare più di £ 100 milioni se ne cadde nelle mani di hacker.

The News of the World disclosed yesterday that it had been handed two discs mislaid by the Department for Work and Pensions containing the national insurance numbers of 18,000 claimants. Il News of the World divulgato ieri, che era stato tramandato due dischi smarrita dal Dipartimento per il Lavoro e la Previdenza contenente i numeri nazionali di assicurazione di 18000 aventi diritto.

Last year The Times discovered internet chatrooms where the hacked credit card details of 400 British people were being sold every day. L'anno scorso il Times ha scoperto internet chat dove l'inciso dettagli della carta di credito di 400 cittadini britannici sono stati venduti ogni giorno.

A spokesman for Mr Thomas said: “We will be looking at the evidence you have provided and investigating the circumstances. Un portavoce del signor Thomas ha detto: "Noi prenderemo in considerazione le prove che ci avete fornito e lo studio delle circostanze. This looks serious and is a matter of genuine concern. Questo aspetto è grave e di una questione di vera e propria preoccupazione.

“We can take action against UK-based organisations that flout the Data Protection Act. "Siamo in grado di agire contro il Regno Unito, basato su organizzazioni che violano la legge sulla protezione dei dati. If some of these websites are not UK-based we will work with our counterparts in the relevant country.” Se alcuni di questi siti web non sono UK-based noi lavoreremo con i nostri omologhi nel paese ".

Mr Thomas will address the Commons Justice Committee tomorrow on the addional powers that he says are needed to prevent breaches of data protection. Signor Thomas affronterà la commissione giustizia Commons domani sul addional poteri che egli dice sono necessari per impedire violazioni della protezione dei dati. He believes that reckless failure to protect information should result in prosecution and that his staff should have powers to raid government and business premises. Egli ritiene che il fallimento sconsiderate per proteggere le informazioni dovrebbe tradursi in azione penale e il suo staff, che dovrebbe avere il potere di raid del governo e delle imprese locali.

Hacking sites act as online bazaars for stolen personal information. Agire come siti di hacking online bazar per furto di informazioni personali. They are well run, hierarchical groups structured like businesses. Essi sono ben gestito, gerarchicamente strutturata, come gruppi di imprese. Some even have review sections where buyers can recommend a particular fraudster. Alcuni addirittura hanno recensione sezioni in cui gli acquirenti possono raccomandare una particolare truffatore.

Geraldine Hernon, 30, of St Ives, Cambridgeshire, was shocked to hear that her credit card number, expiry date and security number were online with her address, telephone number and e-mail address. Geraldine Hernon, 30, di St Ives, Cambridgeshire, è stato sconvolto nel sentire che il suo numero di carta di credito, data di scadenza e il numero di sicurezza sono stati in linea con il suo indirizzo, numero di telefono e indirizzo e-mail. She said: “I can’t believe it. Ha detto: "Non posso credere. I will have to change my whole account. Dovrò cambiare il mio account. It is terrifying that people have the information. E 'terribile che le persone hanno le informazioni. It is personal information. Si tratta di informazioni personali. I feel really scared.” Mi sento davvero paura ".

The bank details of Robert Seabrook, QC, a deputy judge and former chairman of the Bar Council, were also freely available. La banca dati di Robert Seabrook, QC, un giudice ed ex vice presidente del Consiglio degli avvocati, sono stati inoltre disponibile liberamente. He, too, described the breach as terrifying. Egli, inoltre, ha descritto la violazione come terrificante. “I am profoundly concerned,” he said. "Io sono profondamente interessati", ha detto. “One reads about the anxieties of data in the public domain but it is disconcerting to hear something so personal being available. "Una legge sulle ansie dei dati di dominio pubblico, ma è sconcertante sentire qualcosa di così personale disponibile. If you can get this sort of thing for free who knows what is below the water line?” Se si riesce a ottenere questo tipo di cose gratuitamente che conosce ciò che è al di sotto della linea d'acqua? "

Neil Munroe, the director of the credit reference agency Equifax and an expert on internet fraud, said that the depth of information obtained by The Times was greater than he had ever seen. Neil Munroe, il direttore del credito, agenzia di riferimento Equifax e un esperto di internet frode, ha detto che la profondità di informazioni ottenute da The Times era più grande di lui aveva mai visto. “The detail you have got is very disturbing,” he said. "Il dettaglio avete ottenuto è molto preoccupante", ha detto. “Normally we only see credit card numbers coming up but you have got e-mails, addresses, security and PINs. "Normalmente vediamo solo numeri di carte di credito fino a venire, ma avete le e-mail, indirizzi, di sicurezza e di codici PIN. Everything. Tutto. It is very scary.” E 'molto inquietante ".

Senior police officers are concerned that current methods of dealing with large-scale data protection breaches are unworkable. Alti ufficiali di polizia sono preoccupati che gli attuali metodi di trattare con grandi violazioni della protezione dei dati sono impraticabili. Detective Chief Inspector Charlie McMurdie, of the Metropolitan Police e-crime unit, said: “At the moment people report internet crimes to a local police station but no one locally has the resources to investigate properly.” Detective Chief Inspector Charlie McMurdie, della Metropolitan Police e-unità di criminalità, ha detto: "Al momento le persone internet crimini relazione a una stazione di polizia a livello locale, ma nessuno ha le risorse per indagare correttamente".

Since April customers have been told to report card crimes to their banks rather than to the police. Da aprile clienti è stato detto di riferire al loro carta di crimini di banche piuttosto che alla polizia. Mr McMurdie, backed by the main banks, has asked the Home Office for £1.3 million to fund a central e-crime unit. Signor McMurdie, sostenuta dalle principali banche, ha chiesto l'Home Office per € 1,3 milioni per finanziare un centro di e-criminalità.

Stolen identities Identità rubati

Criminals use three main methods to extract personal information Criminali utilizzano tre metodi principali per estrarre informazioni personali

- Viruses contained in e-mails that install malicious software to collect information such as login names, bank account details and credit card numbers. -- I virus contenuti in e-mail che installare software dannoso per la raccolta di informazioni quali nomi di login, coordinate bancarie e numeri di carte di credito. Make sure you use up-to-date antivirus software Assicurarsi di usare up-to-date software antivirus

- Handheld credit card readers are used to “skim” cards and copy data that is then used to clone another one. -- Palmare lettori di carta di credito sono utilizzati per "sfogliare" le carte e copiare dati, che viene poi usata per clonare un altro. Check your accounts regulary for unusual transactions Controllare regolarmente i vostri conti per inusuali

- Bin raiders go through rubbish bins to find discarded bank statements and utility bills. -- Bin raiders passare attraverso spazzatura per trovare scartati conto bancari e fatture di utilità. Make sure that all personal documents are shredded before you throw them out Assicurarsi che tutti i documenti personali vengono triturati prima di buttare fuori

In October, two security experts at hacker conference ToorCon9 in San Diego hacked into their hotel’s corporate network using a Cisco VoIP phone Nel mese di ottobre, due esperti in sicurezza hacker ToorCon9 conferenza a San Diego ha inciso nel loro hotel's rete aziendale utilizzando un telefono VoIP di Cisco

By Da Linda Leung Framingham Linda Leung Framingham

Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones. Cisco ha confermato che è possibile ascoltare le conversazioni remoto utilizzando Cisco telefoni VoIP. In its Nella sua security response Sicurezza di risposta , Cisco says: “an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream.” , Cisco dice: "con un attaccante valido Extension Mobility credenziali di autenticazione potrebbe causare un Cisco Unified IP Phone configurato per l'utilizzo della funzione di estensione della mobilità di trasmettere o ricevere un Real-Time Transport Protocol (RTP) flusso audio."

Cisco adds that Extension Mobility authentication credentials are not tied to individual IP phones and that “any Extension Mobility account configured on an IP phone’s Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack.” Cisco aggiunge che le credenziali di autenticazione di estensione della mobilità non sono legate a singoli telefoni IP e che "qualsiasi estensione della mobilità account configurati su un telefono IP Cisco Unified Communications Manager / CallManager (CUCM), il server può essere utilizzato per eseguire un attacco di tipo eavesdropping."

The Il technique was described La tecnica è stata descritta by Telindus researcher Joffrey Czarny at HACK.LU 2007 in Luxembourg in October. Telindus da ricercatore presso Joffrey Czarny HACK.LU 2007 a Lussemburgo nel mese di ottobre.

Cisco has published some workarounds to this problem in its Cisco ha pubblicato alcune soluzioni a questo problema nella sua security response Sicurezza di risposta . .

Also in October, two security experts at hacker conference ToorCon9 in San Diego hacked into their hotel’s corporate network using a Cisco VoIP phone. Anche nel mese di ottobre, due esperti in sicurezza hacker ToorCon9 conferenza a San Diego ha inciso nel loro hotel's rete aziendale utilizzando un telefono VoIP di Cisco.

The hackers, John Kindervag and Jason Ostrom said they were able to access the hotel’s financial and corporate network and recorded other phone calls, according to a L'hacker, John Ostrom Kindervag e Jason hanno dichiarato di essere in grado di accedere l'hotel finanziari e rete aziendale e registrate altre telefonate, in base a un blog on Wired.com Blog su Wired.com . .

The hackers used penetration tests propounded by a tool called VoIP Hopper, which mimics the Cisco data packets sent at three minute intervals and then trades a new Ethernet interface, getting the PC — which the hackers switched in place of the hotel phone — into the network running the VoIP, according to the L'hacker utilizzati test di penetrazione proposto da uno strumento chiamato VoIP Hopper, che imita la Cisco pacchetti di dati inviati a intervalli di tre minuti e poi mestieri di una nuova interfaccia Ethernet, ottenendo il PC - che gli hacker acceso al posto del telefono hotel - nella rete Eseguendo il VoIP, secondo il blog post Post del blog . .

The Avaya configuration is superior to Cisco, according to the hackers, because you have to send requests beyond a sniffer. La configurazione di Avaya è superiore a Cisco, secondo l'hacker, perché dovete inviare richieste al di là di uno sniffer. Although it can be breached the same way, by replacing the phone with a PC. Anche se può essere violata allo stesso modo, sostituendo il telefono cellulare con un PC.

Many users resented Facebook grabbing and sharing data Molti utenti risentì Facebook afferra e la condivisione di dati

Facebook members have forced the social networking site to change the way a controversial ad system worked. More than 50,000 Facebook users signed a petition calling on the company to alter or abandon its Beacon advertising technology. Facebook membri hanno costretto il sito di social networking di cambiare il modo in cui un controverso sistema di annunci di lavoro. Più di 50000 utenti Facebook firmato una petizione chiedendo alla società di modificare o abbandonare la sua tecnologia pubblicitaria Beacon.

When Facebook users shopped online, Beacon told friends and businesses what they looked at or bought. Quando gli utenti Facebook acquisti online, Beacon detto amici e le imprese che hanno guardato o acquistato.

Many considered the data sharing to be an intrusion that exposed them to more scrutiny than was comfortable. Molti considerata la condivisione dei dati di una intrusione che essere esposti ad un maggiore controllo di quanto non fosse confortevole.

Privacy please Si prega di privacy

In response to the demands, Facebook’s 55 million members will have more control over whether data about what they do online is used for Beacon. In risposta alle richieste, Facebook di 55 milioni di membri avrà più il controllo su se i dati su quello che fanno online è utilizzato per Beacon.

Before the changes, Beacon was an “opt out” system and many complained that they missed the chance to avoid using it when it was introduced in early November. Prima che le modifiche, Beacon è stato un "opt-out" del sistema e molti hanno lamentato il fatto che perdere la possibilità di evitare l'uso di essa, quando è stato introdotto agli inizi di novembre.

Now Beacon will be an “opt in” system that only tracks data if explicit permission is granted to Facebook to do so. Ora Beacon sarà un "opt-in" del sistema che tiene traccia dei dati solo se è concesso il permesso esplicito di Facebook a farlo.

More than 40 websites, including Fandango.com, Overstock.com and Blockbuster, signed up to use Beacon software on their webpages and report what Facebook users did when they visited. Più di 40 siti web, tra cui Fandango.com, Overstock.com e Blockbuster, firmato per l'utilizzo di software Beacon pagine web e sulla loro relazione Facebook utenti ciò che ha fatto quando hanno visitato.

Beacon embarrassed many doing Christmas shopping online Beacon imbarazzato molti di Natale facendo shopping online

Activist site MoveOn was at the forefront of protests against Beacon and set up the petition to gather signatures on 20 November. MoveOn attivista sito è stato all'avanguardia della protesta contro Beacon e impostare la petizione per raccogliere firme in data 20 novembre.

“It also says a lot about the ability of internet users to band together to make a difference,” said Adam Green, a spokesman for MoveOn. "E 'anche la dice lunga circa la capacità degli utenti Internet a banda insieme per fare la differenza", ha detto Adam Green, un portavoce di MoveOn.

Facebook apologised for its actions via a letter on its website. Facebook scusato per le sue azioni tramite una lettera sul suo sito web.

“We’re sorry if we spoiled some of your holiday gift-giving plans,” read the letter. "Ci scusiamo se abbiamo sciupate alcune delle tue vacanze regalo piani", di leggere la lettera. “We are really trying to provide you with new meaningful ways, like Beacon, to help you connect and share information with your friends.” "Stiamo veramente cercando di offrire al nuovo modo significativo, come Beacon, per aiutarti a connettersi e condividere informazioni con i tuoi amici."

Industry commentator Om Malik said Facebook users had to be certain to opt out completely from Beacon otherwise Facebook would still collect data from partner sites - even if that data was not shared more widely. Industria commentatore Om Malik Facebook utenti aveva detto di essere certo di rinunciare completamente da Beacon Facebook altrimenti sarebbe ancora raccogliere dati da siti partner - che i dati, anche se non è stato più ampiamente condivisa.

The changes to Beacon may not be the last that Facebook has to make to the technology. Le modifiche al Beacon potrebbe non essere l'ultimo che ha Facebook per rendere la tecnologia.

Two rights groups, the Electronic Privacy Information Center and the Center for Digital Democracy, are believed to be compiling a complaint to the US Federal Trade Commission about it. Due gruppi per i diritti, l'Electronic Privacy Information Center e il Centro per la democrazia digitale, si ritiene essere la compilazione di un reclamo alla US Federal Trade Commission about it.

http://news.bbc.co.uk/1/hi/technology/7120916.stm Http://news.bbc.co.uk/1/hi/technology/7120916.stm

Governments are using the Internet to spy and launch cyberattacks that target critical systems, according to McAfee’s cybersecurity report

By Da Jon Brodkin

Governments and allied groups worldwide are using the Internet to spy and launch cyberattacks on their enemies, targeting critical systems including electricity, air traffic control, financial markets, and government computer networks, according to McAfee’s annual report examining global cybersecurity.

This year, China has been accused of launching attacks against the United States, India, Germany and Australia, but the Chinese are not alone: 120 countries including the United States are said to be launching Web espionage operations, according to McAfee’s Virtual Criminology Report , issued today and developed with input from NATO, the FBI , the United Kingdom’s Serious Organized Crime Agency , and various groups and universities.

“Cyber assaults have become more sophisticated in their nature, designed to specifically slip under the radar of government cyber defenses,” McAfee states. “Attacks have progressed from initial curiosity probes to well-funded and well-organized operations for political, military, economic and technical espionage.”

One attack against Estonia , allegedly carried out by Russia, disrupted government, news and bank servers for several weeks in April, McAfee notes. In the United States, a Pentagon computer network allegedly was hacked by China-based perpetrators in June, the McAfee report states.

The Internet is simply a great tool for gathering intelligence, both for world powers like the United States and China and small countries with limited resources, says David Marcus, security research and communications manager at McAfee Avert Labs.
He doesn’t think cyberattacks will replace conventional warfare, but says they are becoming an important augmentation, with countries using technology to spread disinformation and disrupt communications. He also predicts it will be common for governments to license cybercriminals to attack enemies in a sort of privatized model. “We’re already starting to see that with state-sponsored malware,” he says. “I only think you’re going to start seeing more than that because it’s easier to attack government X’s database than it is to nuke their troops.”

McAfee said its research also found an increasing threat to banking and other online services, and “the emergence of a complex and sophisticated market for malware .” Malware today is more complex than ever before, capable of acting as if it were genetically modified. “These ’super-strength’ threats are more resilient, are modified over and over again like recombinant DNA,” McAfee writes. “Nuwar [ Storm Worm ] was the first example, and experts say there will be more examples in 2008.”

VoIP is a new target of cybercriminals, and such social-networking applications as MySpace and Facebook are sure to be exploited more often, going forward, McAfee says. NATO insiders say many governments are unaware of the Web espionage threats and have left themselves open to cyberattack.

One aspect that might be overlooked is the economy that distributes the tools of cybercrime. Software flaws are sold for as much as $75,000, and criminals can buy Software flaws are sold for as much as $75000, and criminals can buy custom-written Trojans designed to steal credit card data. Additionally, McAfee says an “underground economy already includes specialized auction sites, product advertising and even support services, but now competition is so fierce that ‘customer service’ has become a specific selling point.”

Network World is an InfoWorld affiliate.

By Louise Story and Brad Stone
The New York Times

Faced with its second mass protest by members in its short life span, Facebook, the enormously popular social networking Web site, is reining in some aspects of a controversial new advertising program.

Within the last 10 days, more than 50,000 Facebook members have signed a petition objecting to the new program, which sends messages to users’ friends about what they are buying on Web sites like Travelocity.com, TheKnot.com and Fandango. Within the last 10 days, more than 50000 Facebook members have signed a petition objecting to the new program, which sends messages to users’ friends about what they are buying on Web sites like Travelocity.com, TheKnot.com and Fandango. The members want to be able to opt out of the program completely with one click, but Facebook won’t let them.

Late yesterday the company made an important change, saying that it would not send messages about users’ Internet activities without getting explicit approval each time.

MoveOn.org Civic Action, the political group that set up the online petition, said the move was a positive one.

”Before, if you ignored their warning, they assumed they had your permission” to share information, said Adam Green, a spokesman for the group. “If Facebook were to implement a policy whereby no private purchases on other Web sites were displayed publicly on Facebook without a user’s explicit permission, that would be a step in the right direction.”

Facebook, which is run by Mark Zuckerberg, 23, who created it while an undergraduate at Harvard, has built a highly successful service that is free to its more than 50 million active members. But now the company is trying to figure out how to translate this popularity into profit. Like so many Internet ventures, it is counting heavily on advertising revenue.

The system Facebook introduced this month, called Beacon, is viewed as an important test of online tracking, a popular advertising tactic that usually takes place behind the scenes, where consumers do not notice it. Companies like Google, AOL and Microsoft routinely track where people are going online and send them ads based on the sites they have visited and the searches they have conducted.

But Facebook is taking a far more transparent and personal approach, sending news alerts to users’ friends about the goods and services they buy and view online.

Charlene Li, an analyst at Forrester Research, said she was surprised to find that her purchase of a table on Overstock.com was added to her News Feed, a Facebook feature that broadcasts users’ activities to their friends on the site. She says she did not see an opt-out box.

”Beacon crosses the line to being Big Brother,” she said, “It’sa very, very thin line.”

Facebook executives say the people who are complaining are a marginal minority. With time, Facebook says, users will accept Beacon, which Facebook views as an extension of the type of book and movie recommendations that members routinely volunteer on their profile pages. The Beacon notices are “based on getting into the conversations that are already happening between people,” Mr. Zuckerberg said when he introduced Beacon in New York on Nov. 6.

”Whenever we innovate and create great new experiences and new features, if they are not well understood at the outset, one thing we need to do is give people an opportunity to interact with them,” said Chamath Palihapitiya, a vice president at Facebook. “After a while, they fall in love with them.”

Mr. Palihapitiya was referring to Facebook’s controversial introduction of the News Feed feature last year. More than 700,000 people protested that feature, and Mr. Zuckerberg publicly apologized for aspects of it. More than 700000 people protested that feature, and Mr. Zuckerberg publicly apologized for aspects of it. However, Facebook did not remove the feature, and eventually users came to like it, Mr. Palihapitiya said. He said Facebook would not add a universal opt-out to Beacon, as many members have requested.

MoveOn.org started the anti-Beacon petition on Nov. 20, and as of last night more than 50,000 Facebook users had signed it. MoveOn.org started the anti-Beacon petition on Nov. 20, and as of last night more than 50000 Facebook users had signed it. Other groups fighting Beacon have about 10,000 members in total. Other groups fighting Beacon have about 10000 members in total. Facebook, they say, should not be following them around the Web, especially without their permission.

The complaints may seem paradoxical, given that the so-called Facebook generation is known for its willingness to divulge personal details on the Internet. But even some high school and college-age users of the site, who freely write about their love lives and drunken escapades, are protesting.

”We know we don’t have a right to privacy, but there still should be a certain morality here, a certain level of what is private in our lives,” said Tricia Bushnell, a 25-year-old in Los Angeles, who has used Facebook since her college days at Bucknell. ”We know we don’t have a right to privacy, but there still should be a certain morality here, a certain level of what is private in our lives,” said Tricia Bushnell, a 25-year-old in Los Angeles, who has used Facebook since her college days at Bucknell. “Just because I belong to Facebook, do I now have to be careful about everything else I do on the Internet?”

Two privacy groups said this week that they were preparing to file privacy complaints about the system with the Federal Trade Commission. Among online merchants, Overstock.com has decided to stop running Facebook’s Beacon program on its site until it becomes an opt-in program. And as the MoveOn.org campaign has grown over the past week, some ad executives have poked fun at Facebook users.

”Isn’t this community getting a little hypocritical?” said Chad Stoller, director of emerging platforms at Organic, a digital advertising agency. “Now, all of a sudden, they don’t want to share something?”

Facebook users each get a home page where they can volunteer information like their age, hometown, college and religion. People can post photos and write messages on their pages and on their friends’ pages.

Under Beacon, when Facebook members purchase movie tickets on Fandango.com, for example, Facebook sends a notice about what movie they are seeing in the News Feed on all of their friends’ pages. If a user saves a recipe on Epicurious.com or rates travel venues on NYTimes.com, friends are also notified. There is an opt-out box that appears for a few seconds, but users complain that it is hard to find. Mr. Palihapitiya said Facebook is making the boxes larger and holding them on the Web pages longer.

Mr. Green of MoveOn.org said that his group would be tracking the effects of the latest changes before deciding if it would still push for a universal opt-out.

The whole purpose of Beacon is to allow advertisers to run ads next to these purchase messages. A message about someone’s purchase on Travelocity might run alongside an airline or hotel ad, for example. Mr. Zuckerberg has heralded the new ads as being like a “recommendation from a trusted friend.”

But Facebook users say they do not want to endorse products.

”Just because I use a Web site, doesn’t mean I want to tell my friends about it,” said Annie Kadala, a 23-year old student at the University of North Carolina at Chapel Hill. “Maybe I used that Web site because it was cheaper.”

Ms. Kadala found out about Beacon on Thanksgiving day when her News Feed told her that her sister had purchased the Harry Potter “Scene It?” game.

”I said, ‘Susan, did you buy me this game for Christmas?’” Ms. Kadala recalled. “I don’t want to know what people are getting me for Christmas.”

Feeling Betrayed, Facebook Users Force Site to Honor Their Privacy
By Ellen Nakashima
The Washington Post

Friday 30 November 2007

Sean Lane’s purchase was supposed to be a surprise for his wife. Then it appeared as a news headline - “Sean Lane bought 14k White Gold 1/5 ct Diamond Eternity Flower Ring from overstock.com” - last week on the social networking Web site Facebook.

Without Lane’s knowledge, the headline was visible to everyone in his online network, including 500 classmates from Columbia University and 220 other friends, co-workers and acquaintances.

And his wife.

The wraps came off his Christmas gift thanks to a new advertising feature called Beacon, which shares news of Facebook members’ online purchases with their friends. The idea, according to the company, is to allow merchants to effectively turn millions of Facebook users into a “word-of-mouth promotion” service.

Lane called it “Christmas ruined,” and more than 50,000 other users signed a petition in recent days calling on Facebook to stop broadcasting people’s transactions without their consent. Lane called it “Christmas ruined,” and more than 50000 other users signed a petition in recent days calling on Facebook to stop broadcasting people’s transactions without their consent.

Last night, Facebook backed down and announced that the Beacon feature would no longer be active for any transaction unless users click “ok.” Beacon is a core element of Facebook’s attempt to parlay the personal and behavioral information it collects about its members into a more sophisticated advertising business, an effort to turn a user’s preferences into an endorsement with commercial value. Last night, Facebook backed down and announced that the Beacon feature would no longer be active for any transaction unless users click “ok.” Beacon is a core element of Facebook’s attempt to parlay the personal and behavioral information it collects about its members into a more sophisticated advertising business, an effort to turn a user’s preferences into an endorsement with commercial value.

The merging of social networking and online advertising combines two of the most powerful forces on the Internet today, and privacy advocates say it raises issues about the way personal data are disclosed for marketing purposes.

”Sites like Facebook are revolutionizing how we communicate with each other and organize around issues together in a 21st century democracy,” said Adam Green, a spokesman for MoveOn.org, a liberal activist group that has launched the petition drive to pressure Facebook to stop broadcasting members’ purchases and using their names as endorsements without explicit permission. ”Sites like Facebook are revolutionizing how we communicate with each other and organize around issues together in a 21st century democracy,” said Adam Green, a spokesman for MoveOn.org, a liberal activist group that has launched the petition drive to pressure Facebook to stop broadcasting members’ purchases and using their names as endorsements without explicit permission. “The question is: Will corporate advertisers get to write the rules of the Internet or will these new social networks protect our basic rights, like privacy?”

The site, which was started in a Harvard dorm room, has become a Silicon Valley powerhouse, recently valued at $15 billion. It allows its users to share messages, photos and updates on their lives.

Facebook launched Beacon as part of a wider social advertising campaign Nov. 6, with 44 announced partners, including Overstock, Travelocity, the auction site eBay, the movie ticket site Fandango, Blockbuster and the shoe site Zappos. The Beacon feature, free to advertisers, is not restricted to commerce. A person’s high score on an online game might also be posted for friends to see.

Facebook puts a string of code called a cookie on a user’s computer, which tracks the user on Beacon partner sites. In the version that Facebook launched, a person logged into Facebook who bought, say, a movie ticket, was alerted that the Web site was sending a “story” to his profile and had a chance to opt out - both at the merchant’s site and on his own page, Facebook says. In the version that Facebook launched, a person logged into Facebook who bought, say, a movie ticket, was alerted that the Web site was sending a “story” to his profile and had a chance to opt out - both at the merchant’s site and on his own page, Facebook says.

But privacy advocates criticized the opt-out feature - a pop-up box - because it disappeared after a few seconds and said Facebook should allow users to turn off Beacon and include an “opt in” feature for those who wish to receive the service. Last night, Facebook apparently added an “opt in” feature for each transaction, which Green called “a huge step in the right direction,” but still did not include a way to shut off the service permanently.

Beacon is a key part of what Facebook founder and chief executive Mark Zuckerberg, 23, called “a completely new way of advertising online.” Sometimes, ads accompany the news feeds. The ads could contain a person’s photo.

Yesterday Facebook issued an apology on MoveOn’s Facebook page: “We’re sorry if we spoiled some of your holiday gift-giving plans.”

In a news release last night, Facebook said “we appreciate feedback from all Facebook users and made some changes to Beacon in the past day. Users now have more control over stories that get published.”

Marketers can target paid social ads on Facebook according to criteria such as age, gender, political views and taste in movies, Zuckerberg told media and ad executives at the launch, according to Online Media Daily.

”What’s unique about Facebook is it’s really turning over personal profile data to advertisers,” said Jeff Chester, executive director of the Center for Digital Democracy, a privacy advocacy group. “In essence, it’s telling advertisers, we know exactly who your targets are, what their favorite entertainment is, the books they read, the kinds of social networks they have, what their political leanings are.”

Chester’s group, along with the US Public Interest Research Group, has asked the Federal Trade Commission to investigate whether Facebook and MySpace, a rival social networking site that is also targeting members for ads, are using deceptive practices to violate people’s privacy. Chester’s group, along with the US Public Interest Research Group, has asked the Federal Trade Commission to investigate whether Facebook and MySpace, a rival social networking site that is also targeting members for ads, are using deceptive practices to violate people’s privacy .

MoveOn has created a blog on its Facebook page for people to post comments. The wall contained more than 800 as of yesterday.

They include Tasha Valdez from Michigan, who wrote: “Oh my gosh, my cousin’s entire Christmas shopping list this week was displayed on the [Facebook News] feed. That’s so messed up. This has gotta stop!”

Beacon’s risks go beyond ruining someone’s Christmas, said Mike Rogers, editor and publisher of a gay-oriented Web site, PageOneQ. “We teach young people to be very careful about what they post and all of a sudden comes along an automated system like this. What happens if a kid is on a football team and he buys a ticket to ‘Brokeback Mountain’ [a gay-themed film]?” he said, alluding to the possibility that the youth could be outed and harassed as a result.

For Lane, spoiling his wife’s surprise was bad enough.

Within two hours after he bought the ring on Overstock.com, he received an instant message from his wife, Shannon: Who is this ring for?

What ring, he messaged back, from his laptop at work in Waltham, Mass.

She said that Facebook had just put an item on his page saying he bought a ring. It included a link to Overstock, which noted that the 51 percent discount on the ring.

Lane, 28, a technical project manager at an online printing company, was crestfallen. He had gone to lengths to keep the ring a secret, even telling Shannon he was not going to give her jewelry this year.

Lane complained to Overstock. Company spokesman Judd Bagley said this week that on Nov. 21, Overstock abandoned its Beacon feature until Facebook changes its practice so that users must volunteer if they want to participate.

”I was really disappointed because for me the whole fun of Christmas is the surprise,” said Shannon Lane, 28, who married Sean a year ago in September. “I never want to know what I’m getting.”

———

Staff writer Ylan Mui contributed to this report.

YouTube stops account of Egypt anti-torture activist

Cynthia Johnston

CAIRO, Nov 27 (Reuters) - The video-sharing Web site YouTube has suspended the account of a prominent Egyptian anti-torture activist who posted videos of what he said was brutal behaviour by some Egyptian policemen, the activist said.

Wael Abbas said close to 100 images he had sent to YouTube were no longer accessible, including clips depicting purported police brutality, voting irregularities and anti-government demonstrations. YouTube, owned by search engine giant Google Inc <GOOG.O>, did not respond to a written request for comment. A message on Abbas’s YouTube user page, http://youtube.com/user/waelabbas, read: “This account is suspended.”

“They closed it (the account) and they sent me an e-mail saying that it will be suspended because there were lots of complaints about the content, especially the content of torture,” Abbas told Reuters in a telephone interview. Abbas, who won an international journalism award for his work this year, said that of the images he had posted to YouTube, 12 or 13 depicted violence in Egyptian police stations.

Abbas was a key player last year in distributing a clip of an Egyptian bus driver, his hands bound, being sodomised with a stick by a police officer — imagery that sparked an uproar in a country where rights groups say torture is commonplace.

That tape prompted an investigation that led to a rare conviction of two policemen, who were sentenced to three years in prison for torture. Egypt says it opposes torture and prosecutes police against whom it has evidence of misconduct.

YOUTUBE RULES

YouTube regulations state that “graphic or gratuitous violence” is not allowed and warn users not to post such videos. Repeat violators of YouTube guidelines may have their accounts terminated, according to rules posted on the site.

Rights activists said by shutting down Abbas’s account, YouTube was closing a significant portal for information on human rights abuses in Egypt just as Cairo was escalating a crackdown on opposition and independent journalists.

The Internet has emerged in Egypt as a major forum for critics of the Egyptian government.

“The goal is not showing the violence, it is showing police brutality. If his goal was just to focus on violence without any goal, that is a problem. But Wael is showing police brutality in Egypt,” said Gamal Eid, head of the Arabic Network for Human Rights Information.

This year, for the first time, an Egyptian court convicted and jailed a blogger over his Internet writings.

A string of court rulings since September has seen at least 12 Egyptian journalists ordered jailed on charges from defaming President Hosni Mubarak to misquoting the minister of justice.

Elijah Zarwan, a prominent blogger and activist in Egypt, said he thought it was unlikely that YouTube had come under official Egyptian pressure, and was more likely reacting to the graphic nature of the videos.

“I suspect they are doing it not under pressure from the Egyptian government but rather because it made American viewers squeamish,” he said. “But to shut them down because some people might find the truth disturbing is unconscionable.” (Writing by Cynthia Johnston)

By Da Ralph Lopez

Google has refused to run the following sponsored ad and link paid for by the Northeast Impeachment Coalition and YaliesForImpeachment.org:

Help Impeach Cheney NOW
Nonpartisan, the time is here.
House JC 202-225-3951 Demand ACTION
YaliesForImpeachment.org

Google’s explanation is the following:

“At this time, Google policy does not permit ad text that advocates against an individual, group, or organization. In addition, this policy doe not permit the advertisement of websites that advocate against a group protected by law.”

Protected by law? Since when is the Vice President of the United States protected from free speech? Political speech is protected speech. Cheney is a public figure. Google does run ads “against” the tobacco industry. We believe this is settled law in the print and TV worlds. Any legal beagles out there please weigh in. We’ll be forwarding this to the ACLU and the general media Monday morning. Following is the full text of the email Google sent to our coordinator. An example of political speech Google DOES allow: if you type in keywords “support the president” the following ad comes up:

Elect More Republicans
The Party of Lincoln, Reagan and You. Support the RNC today.
www.gop.com

Also included is a list of impeachment-related advertising which Google allows. What’s the difference between “Impeach Bush” and “Help Impeach Cheney Now?” Our feeling is the line is drawn at political advertising which might actually wake people up, is too effective. Please circulate widely, and in the meantime, use Yahoo for your search engine.

Encrypted E-Mail Company Hushmail Spills to Feds

By Ryan Singel

Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that “not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer.”

But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.

A September court document (.pdf) from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the US and Canada. The charging document alleges that many Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers do business over Hushmail.

The court revelation demonstrates a privacy risk in a relatively-new, simple webmail offering by Hushmail , which the company acknowledges is less secure than its signature product.

A subsequent and refreshingly frank e-mail interview with Hushmail’s CTO seems to indicate that government agencies can also order their way into individual accounts on Hushmail’s ultra-secure web-based e-mail service, which relies on a browser-based Java encryption engine. A subsequent and refreshingly frank e-mail interview with Hushmail’s CTO seems to indicate that government agencies can also order their way into individual accounts on Hushmail’s ultra-secure web-based e-mail service, which relies on a browser-based Java encryption engine.

Since its debut in 1999, Hushmail has dominated a unique market niche for highly-secure webmail with its innovative, client-side encryption engine.

Hushmail uses industry-standard cryptographic and encryption protocols ( OpenPGP and AES 256 )  to scramble the contents of messages stored on their servers. They also host the public key needed for other people using encrypted email services to send secure messages to a Hushmail account.

The first time a Hushmail user logs on, his browser downloads a Java applet that takes care of the decryption and encryption of messages on his computer, after the user types in the right passphrase. So messages reach Hushmail’s server already encrypted.  The Java code also decrypts the message on the recipient’s computer, so an unencrypted copy never crosses the internet or hits Hushmails servers.

In this scenario, if a law enforcement agency demands all the e-mails sent to or from an account, Hushmail can only turn over the scrambled messages since it has no way of reversing the encryption.

However, installing Java and loading and running the Java applet can be annoying. So in 2006, Hushmail began offering a service more akin to traditional web mail. Users connect to the service via a SSL (https://) connection and Hushmail runs the Encryption Engine on their side. Users then tell the server-side engine what the right passphrase is and all the messages in the account can then be read as they would in any other web-based email account.

The rub of that option is that Hushmail has — even if only for a brief moment — a copy of your passphrase. As they disclose in the technical comparison of the two options, this means that an attacker with access to Hushmail’s servers can get at the passphrase and thus all of the messages.

In the case of the alleged steroid dealer, the feds seemed to compel Hushmail to exploit this hole, store the suspects’ secret passphrase or decryption key, decrypt their messages and hand them over.

Hushmail CTO Brian Smith declined to talk about any specific law enforcement requests, but described the general vulnerability to THREAT LEVEL in an e-mail interview (You can read the entire e-mail thread here ):

The key point, though, is that in the non-Java configuration, private key and passphrase operations are performed on the server- side.

This requires that users place a higher level of trust in our servers as a trade off for the better usability they get from not having to install Java and load an applet.

This might clarify things a bit when you are considering what actions we might be required to take under a court order. Again, I stress that our requirement in complying with a court order is that we not take actions that would affect users other than those specifically named in the order.

Hushmail’s marketing copy largely glosses over this vulnerability, reassuring users that the non-Java option is secure.

Turning on Java provides an additional layer of security, but is not necessary for secure communication using this system[…]

Java allows you to keep more of the sensitive operations on your local machine, adding an extra level of protection. However, as all communication with the webserver is encrypted, and sensitive data is always encrypted when stored on disk, the non-Java option also provides a very high level of security.

But can the feds force Hushmail to modify the Java applet sent to a particular user, which could then capture and sends the user’s passphrase to Hushmail, then to the government?

Hushmail’s own threat matrix includes this possibility, saying that if an attacker got into Hushmail’s servers, they could compromise an account — but that “evidence of the attack” (presumably the rogue Java applet) could be found on the user’s computer. Hushmail’s own threat matrix includes this possibility, saying that if an attacker got into Hushmail’s servers, they could compromise an account — but that “evidence of the attack” (presumably the rogue Java applet) could be found on the user’ s computer.

Hushmail’s Smith:

[T]he difference being that in Java mode, what the attacker does is potentially detectable by the user (via view source in the browser).

“View source” would not be enough to detect a bugged Java applet, but a user could to examine the applet’s runtime code and  the source code for the Java applet is publicly available for review . But that doesn’t mean a user could easily verify that the applet served up by Hushmail was compiled from the public source code.

Smith concurs and hints that Hushmail’s Java architecture doesn’t technically prohibit the company from being able to turn over unscrambled emails to cops with court orders.

You are right about the fact that view source is not going to reveal anything about the compiled Java code. However, it does reveal the HTML in which the applet is embedded, and whether the applet is actually being used at all. Anyway, I meant that just as an example. The general point is that it is potentially detectable by the end-user, even though it is not practical to perform this operation every time. This means that in Java mode the level of trust the user must place in us is somewhat reduced, although not eliminated.

The extra security given by the Java applet is not particularly relevant, in the practical sense, if an individual account is targeted. (emphasis added) […]

Hushmail won’t protect law violators being chased by patient law enforcement officials, according to Smith.

[Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.

That’s also backed up by the fact that all Hushmail users agree to our terms of service, which state that Hushmail is not to be used for illegal activity. However, when using Hushmail, users can be assured that no access to data, including server logs, etc., will be granted without a specific court order.

Smith also says that it only accepts court orders issued by the British Columbia Supreme Court and that non-Canadian cops have to make a formal request to the Canadian government whose Justice Department then applies, with sworn affidavits, for a court order.

We receive many requests for information from law enforcement authorities, including subpoenas, but on being made aware of the requirements, a large percentage of them do not proceed.

To date, we have not challenged a court order in court, as we have made it clear that the court orders that we would accept must follow our guidelines of requiring only actions that can be limited to the specific user accounts named in the court order. That is to say, any sort of requirement for broad data collection would not be acceptable.

I was first tipped to this story via the Cryptography Mailing List, and Kevin, who had been talking with Hushmail about similar matters involving another case, followed up with Smith. We both agree Hushmail deserves credit for its frank and open replies (.pdf). Such candor is hard to come by these days, especially since most ISPs won’t even tell you how long they hold onto your IP address or if they sell your web-surfing habits to the highest bidders.

CBS News

Online auctioneer eBay Inc. spent almost US$2-million lobbying various departments of the federal government in the past year, including an entity rarely named on federal disclosure forms: the Central Intelligence Agency.

According to a database maintained by the Senate’s public records office, eBay is one of eight groups and companies to lobby the spy agency. The company listed the CIA on a form covering its lobbying activities for the first six months of 2007. Hani Durzy, an eBay spokesman, said that listing was an error.

But he said the company did meet with CIA officials in the second half of 2006 to discuss amendments to a 1994 law — the Communications Assistance for Law Enforcement Act — that required Internet phone companies to ensure their equipment can accommodate wiretaps. EBay owns the Internet phone company Skype.