Tuesday, September 2. 2014
Whoever could have predicted that naked pictures of famous people stuck up in the Cloud would ever be hacked and published. Surely not, I hear you say?
Well, in ths case it was an open secret the system was compromised- Business Insider:
The ability to gain access to Apple's iCloud accounts has been an open secret among users of porn message boards for years, with enterprising users charging others to "rip" accounts and share nude photos.
But even if it was not an open secret, from an information security point of view data in Cloud systems is a nightmare compared to data on your own systems. Consider the ways data can be compromised when shifted to the Cloud:
What could possibly go wrong?
Of course there is now much examination of the stable door post horse bolting, but it's a basic truism of data security that there are always more smart people trying to break in than people trying to keep them out, and putting one's precious private eggs in public baskets doesn't help matters. There shall be more of these attacks for some time. If you want to keep something private, the Cloud is not yet the place for it.
The Second Law of the Internet is still true - If you don't want private stuff made public, don't stick it on the Internet.
Wednesday, March 5. 2014
Yes, another one has found it has some Bitcoins missing:
A bitcoin bank has been forced to close after hackers stole 896 bitcoin, worth £365,000, in an attack on Sunday....
We told ya so....
Wednesday, February 5. 2014
Was interviewed today by Resonance FM on the "Dark Side" of Data (soundcast is over here, I'm about 1 minute in).
Anyway, apart from blowing my own trumpet, there is another piece in the 30 minute section, about 7 minutes in, about Loyalty Cards which I wanted to comment on.
I was at a Futurist conference many years ago (if thats not an oxymoron) looking at online trends, and I always remember one person saying that the endgame will be data mining YOU! to get an accurate prediction of your future Net Present Value. At the time the only datamining was Loyalty cards and low rent Credit cards as these were the only people who could collect lots of "Big Data" at the time (shop till data and credit card data) and could afford the very expensive computers of the day to process them. Today, there is a lot more valuable data and a lot more and cheaper computing power
Anyway, the view taken by one respondent in the audio piece is that people are starting to get more savvy about the value of their own data, and will start to broker it for higher prices than the sh*tty fractions of a % the loyalty cards currently offer, and that will shift the payback economics of datamining in all sorts of ways. Interesting idea, but if the very slow takeoff of awareness of the risks to privacy is anything to go by, this will take some time. The main problem I see, as with all things VRM (which is really the endgame of this thesis) is the lack of low cost, easy us tools for people to use, and the hassle factor of using them. But thinking about that possible economic shift made me realise another major risk of untramelled Open Data release - done unwisely, it will effectively crash the value of your knowledge of YOU!rself to near zero. If its easy to find where you live, what you earn, some basics about your life, what your major assets are and how you pay for them etc, its fairly easy to construct a model of your future NPV without asking you. And if I can buy your credit card transactions or shopping data from someone....
One ray of hope - on the programme it mentions the Chaos Computer Club in Germany, which is facilitating its members swopping their loyalty cards so the dataminers can't pick up a useful pattern, That sounds like a very good swallow in the wind of early grassroots resistance. Worth keeping an eye on that trend. Which is a good thing, because, as i point out at the end of my talk, short of trying to mimimise data you give out, opting out where you can, or just entering downright wrong data, there is very little Joe or Joanna Average can do right now to obscure their digital footprints. The tools don't exist, and most obvious remedies (like setting up a 2nd identity) are either illegal or very hard to manage.
Friday, October 11. 2013
I wrote this on Friday, but forgot to hit "Post" from Draft" till Monday.
Anyway, it was just to note in passing the benefits of anonymity in the MumsNet Penis Beaker Episode . In summary, a poster on MumsNet wondered if her husband - sorry, "DH" - was odd in that he kept a beaker by the bedside to dip his wick in after action. The responses on the thread ranged from the horrified to the hilarious, but #penisbeaker went viral and hit all the news media (see link above), crashing MumsNets servers in the process.
But here is the real lesson. The poster was anonymous (her handle - saracrewe - is a character in a novel. I wonder how many tabloid journos were trying to find all the Sara Crewe's in the UK all day ) and that - so far anyway - has saved her (and especially her "DH"'s) blushes*. Imagine if that was said by a real identity. Or if she had admitted something far more serious. The race to "true" identities is great for advertisers, but does have real drawbacks for social network users.
*So far - I do hope the poster has removed her identity** and all her posts on the site, it is amazing what you can tell from people's posting back history.......
**Oh dear - she hasn't.
Wednesday, June 26. 2013
The misunderstanding between the law and new media gets more ridiculous - Part 437.
In the last few weeks, in the UK, there was a trial of a teacher who ran off with a pupil to France, eventually returned, and was put on trial and imprisoned. The case itself has been somewhat interesting, for a whole bunch of reasons (try this for starters), but that is not the point of this post.
What happened, when the Teacher and the Pupil fled to France, was that her name and photos were blazoned all over the papers, blogs and social media - to the extent that her name and image pops up instantly if you even start to Google the name of the teacher. When she returned to the UK, there was a similar papparazigasm.
Cometh the trial, and the Powers That Be decreed the media could not mention her name, as she is supposed to be un-named forevermore. So the Print Media have religiously avoided using her name, even though she had been on their front pages (and many others inside) just a few short months earlier. However, everyone in the whole country (and you, with the stroke of a keypad) knows:
(i) Who she is
In other words she is about as anonymous as the standard B list celebrity
And yet would you believe, dear reader, that some people mentioned her name on Twitter while discussing the case! Yes, and now it appears the Long Arm Of the Law may go after them - Grauniad:
When a sexual offence becomes apparent, anonymity applies to the victim, for their lifetime. In the days of print and broadcast media, this was reasonably easy to maintain. The only way a member of the public could ascertain a victim's identity would be by trawling newspaper archives. By this weekend, about 200 people had referred to Forrest's victim by name on social media, despite the fact that she has two forms of legal anonymity – that for victims of sexual offences, and also by way of a court-imposed order under section 39 of the Children and Young Persons Act 1933.
That did not stop the tweets though. Some were clearly confused at what they saw as an illogical legal bar to naming her, when her identity had been known so widely at the time of her abduction. Others clearly knew the legal position, but were intent on defying it because it did not make sense to them, or somewhat disturbingly, they did not think the victim deserved anonymity in this case. One taunted the authorities to sue him for it if they dared (apparently unaware that this is not a civil matter, it is a criminal one; naming a victim of a sexual offence is itself a sexual offence). This is perhaps the most disturbing aspect of the behaviour of those on social media: not those who were confused, but those who decided that because the law did not make sense to them, they would identify the victim anyway.
So, to paraphrase the old Russian saw, we now have to pretend to not know who she is, so the law can still pretend that it works. And despite the Guardian's harrumphing above, at the end of the day laws can only work when the majority of the population agree to obey them - and in this space, we are getting to the point where the law risks becoming an ass.
And this matters for another more important reason, because if left unopposed the Powers that Be will try to use this sort of case to silence people who talk about things that really do need talking about, like people and companies hiding unpleasant activities behind legal threats.
Friday, June 14. 2013
Like many others I've been watching the whole PRISM issue unfurl with an increasing measure of amusement and amazement, mainly that people are surprised and shocked. There is so much BS being spouted in every direction, I thought it may help to remind everyone of the 10 Rules Of Social Data Mining:
1. "Data wants to be Free", and most people give it away as if it was. It may want to be free, but it is very valuable.
If, while reading all the hoo-ha, you keep all that in mind, you may not lose your head
And (again) be careful what you put online. Datamining algorithms can tell a hell of a lot even from 30 days worth of your "what I had for lunch" tweet data once it's cross correlated with all the others in your network and teh other data out there that can be cross referenced to you
*They who can give up essential liberty to obtain a little temporary safety will get neither liberty nor safety - Benjamin Franklin
Saturday, June 1. 2013
I'm liking Microsoft's Kate Crawford, she too is a Big Data sceptic - her "6 Myths of Big Data" in the NYT is exactly the sort of thing we would write, so we've copied it (expurgated) here, with a few comments [in brackets]. In essence she thinks that Big Data boosters (aka Fundamentalists) are labouring under the misapprehension that more data = more facts = more accuracy, and she has pointed out 6 myths around this:
In other words, Big Data behaves in much the same way as Not-So-Big Data really.
We'd also add a Coda - Statistics, and to an extent Operations Research (or Decision Maths or whatever the latest in-word is), is the science (or art, too often) of estimating what large data sets will contain from much smaller datasets, and once those sample datasets are above a certain size they are fairly indistinguishable from the overall dataset, so long as they are properly randomly sampled. A lot of the "insights" from Big Data - the "80/20" in my experience - are usually quite easy to glean from small datasets and "Big Maths". In fact, if I may be so bold, I do think a lot of the Big Data hoo-ha is from people whose main grasp of maths is spreadsheets with $ sign denominations.
We will definitely keep a closer eye on Ms Crawford's work. I suspect Microsoft may as well
Thursday, March 28. 2013
Rapid7 discovered the files by searching for storage 'buckets' - logical pool of storage capacity - whose access setting has been changed to 'public', from the default setting of 'private'. This means that a list of the contents of the bucket can be seen to anyone that knows or guesses the URL.
Goes right back to the absolute basics of Security theory, i.e. nothing f*cks up a secure system quite like the "Man in the Middle" giving it all away, whether by design or accident. If you are going to put data in the cloud, make certain the company security procedures are up to it.
Clouds. Caveat Emptor.
Monday, February 11. 2013
Story in the Grauniad on the Social Media Tracking Big Data system built by Raytheon, ample demonstration of what the art (if that is the word) of the possible (see Guardian video above):
It's called RIOT and is an an "extreme-scale analytics" (Extreme data?) system created by Raytheon, a large US defence contractor, and gathers vast amounts of information about people from Facebook, Twitter, Gowalla and Foursquare, i.e it used different Social Media devices to cross collate individuals with different data, including the latitude and longitude co-ords in smartphones, and mashes it with Google Earth. The Grauniad notes that:
The technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing "trillions of entities" from cyberspace.
Quite. And here is the future, imperfectly spread, in these vignettes of RIOT:
The Employee as Corporate property
Digital Stalking Made Easy
The video shows that Nick, who posts his location regularly on Foursquare, visits a gym frequently at 6am early each week. Urch quips: "So if you ever did want to try to get hold of Nick, or maybe get hold of his laptop, you might want to visit the gym at 6am on a Monday."
Mining from public websites for law enforcement is considered legal in most countries. In February last year, for instance, the FBI requested help to develop a social-media mining application for monitoring "bad actors or groups".
Underlying all this is the issue that most people don't have a clue about what is really possible with Big Data. Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre:
"Social networking sites are often not transparent about what information is shared and how it is shared," McCall said. "Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search."
Add to this the developents in automatic face recognition software, and you start to see Big Brother's face emerging from the matrix.
But, we have been consistently over-optimistic when we have predicted people will start to realise what these systems can do, but we seem to way over estimate user concern for privacy. Maybe it's one of these things that has a slow fuse, and then one particular episode ignites it (like Millie Dowler in the phone-hacking cases). In which case, can we predict a riot at that point?
Tuesday, February 5. 2013
Yesterday a UK Was-Once-Important Politico got found guilty for speeding, and transferring the penalty points to his wife (illegal, but lots of couples do it) to avoid a driving ban. Anyway, after he did the original speed deed, there was then a rather textbook affair/acrimonious divorce/etc etc, and the points swopping somehow ( ) got into the public arena, cue faux meedja outrage (as if no-one else does same...), cue the politico still lying about it in public, cue the Wheels of Justice finally grinding out a verdict - and he gets done (backround here - BBC).
So far, so good, I hear you say - justice was done, a speed cheat was punished, what's the issue? (apart from the nagging worry that the only way the British seem to be able to get the Great and Good-gone-Bad into the clink is by going after minor misdemeanors like speeding and expenses rather than oh, lying to parliament, crashing the economy, fiddling the global LIBOR rate etc etc. Mind you, as Sophia Bennet reminded me, it was ever thus - Al Capone would be smiling wryly....).
But the point of this post is that the issue for digital media watchers to note is this one. Some of Huhne's teenage son's anguished private texts to his father were presented as evidence in court, but in such away that the Press were then allowed to publish them. And that the Press did then publish them, all over the front pages, despite there being no public interest at all. There are two major lessons from this, to mark very well:
In the Olde Days of email, it used to be said that you should never write what you didn't want to be read out in a court of law. In Social Media days it needs upgrading to "you should never write what you don't want to be read out in a court of law, picked over by millions on social media, and stored forever on multiple databases". Episodes like this show that there clearly needs to be a far stronger discussion about the rights people need to have over their own data, especially if it is going to be stored and datamined into perpetuity. The new media tools are a wonderful thing, but there needs to be a new social contract, backed up legally, about how they handle private data. If the new technology becomes seen as Just More Big Brother, it won't be trusted, which will - eventually, one byte at a time - massively reduce if not kill its utility
*And I mean sundry - the poor kid is now being lambasted online for some of the words he chose in those private texts, in his anguish. O Tempora, O Mores...
(Page 1 of 15, totaling 144 entries) » next page
More Broad Stuff
Poll of the Week
Will Augmented reality just be a flash in the pan?
Creative Commons Licence
Original content in this work is licensed under a Creative Commons License