October 8, 2018

Link: Facebook Launches Portal ☍

Jacob Kastrenakes for The Verge:

As Facebook works to contain the fallout from its biggest-ever data breach, the company is introducing a product that will bring a camera and microphone into your living room. Facebook Portal, and the larger Portal Plus, are smart displays that are laser-focused on video chatting.

The first hardware products marketed under the Facebook brand, the Portals can be used to call other Portal users, or anyone who has Facebook or Facebook Messenger. The Portals can play music through Spotify and Pandora, or stream video from Facebook Watch, but these are intentionally limited devices. For better and for worse, you can’t even browse Facebook. […]

The Portal is designed to simplify video chatting by having a wide-angle camera capable of identifying your body, then tracking you as you move around the room. It makes for more comfortable chatting than holding a phone up to your face for extended periods of time. Facebook says the Portal is designed to create the sense that you’re sharing one big room with the people you’re talking to, and considers the chats you have on the device an augmented reality experience.

For a device designed to literally read the room (among other things), the timing of the launch shows that Facebook can’t do the same. No thanks.

October 5, 2018

Link: Bloomberg’s ‘The Big Hack’ ☍

John Gruber:

I see no way around it: either Bloomberg’s report is significantly wrong, at least as pertains to Amazon and Apple, or Apple and Amazon have issued blatantly false denials. You can, perhaps, chalk up Apple’s denial to it being written by Apple PR. I don’t think this would happen, but hypothetically this issue could be deemed so sensitive — either within the company or as a national security issue — that the people at Apple with knowledge of the situation lied to Apple PR. But in my experience, Apple PR does not lie. Do they spin the truth in ways that favor the company? Of course. That’s their job. But they don’t lie, because they understand that one of Apple’s key assets is its credibility. They’d say nothing before they’d lie.

I did a lot of thinking after reading the aforementioned report, and it strikes me as a very different tone that Apple (and Amazon) would issue a statement. There have been some other events that have been PR problems for Apple and more often than not, the company is quiet on the issue. In the case of hardware design flaws, the norm seems to be to keep quiet and then offer some sort of repair extension or fix for affected users.

As this would be a different scenario, the closest thing I could think of was the 2014 leak of celebrity photos. While it didn’t appear to be a flaw with Apple’s systems, their statement was very short and had a only-address-what-needed-to-be feel. In comparison, to state that the reporting is incorrect is a very different reaction, and while an individual can deny an accusation, a public company doing that could be opening themselves up to a nightmare by misleading investors.

“Maybe a little less pyrotechnics, and a little more horology would be a good start.”

October 1, 2018

Link: Clever Voice Phishing Scams ☍

Brian Krebs:

Phone phishing, like email scams, usually invokes an element of urgency in a bid to get people to let their guard down. If call has you worried that there might be something wrong and you wish to call them back, don’t call the number offered to you by the caller. If you want to reach your bank, call the number on the back of your card. If it’s another company you do business with, go to the company’s site and look up their main customer support number.

Unfortunately, this may take a little work. It’s not just banks and phone companies that are being impersonated by fraudsters. Reports on social media suggest many consumers also are receiving voice phishing scams that spoof customer support numbers at Apple, Amazon and other big-name tech companies. In many cases, the scammers are polluting top search engine results with phony 800-numbers for customer support lines that lead directly to fraudsters.

Caller ID is easy to spoof and with bits of information floating around from data breaches, it’s easy to get enough bits of data to sound convincing. Basically, just don’t trust incoming phone calls unless it’s someone you know personally. If it’s someone claiming to be your bank, credit union, credit card issuer, phone carrier, or favorite tech company, call the main customer service number—they’ll understand.

September 27, 2018

Link: Facebook Is Giving Advertisers Access to Your Shadow Contact Information ☍

Kashmir Hill for Gizmodo:

You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.

Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.

Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it. Luckily for those of us obsessed with the uncannily accurate nature of ads on Facebook platforms, a group of academic researchers decided to do a deep dive into how Facebook custom audiences work to find out how users’ phone numbers and email addresses get sucked into the advertising ecosystem.

What a terrible company.