Data Digest № 002

Data Digest ¦ March 23rd, 2019, 11:00 pm

Hey there and welcome to the second edition of the Data Digest, where we summarize all events you should know about in the world of data. Here are the stories you should pay attention to…

FB stored (is storing?) “hundreds of millions” of passwords in plaintext for years

Flip the “days since last Facebook security incident” back to zero. — Zack Whittaker

The prospect of Keeping up with the Zuckerbergs becoming a hit TV show seem minuscule given it’s predictable lack of pizzazz (i.e. Zuck’s uniform wardrobe and questionable food choices), but one thing is sure to deliver drama week after week: the Zuckerbergs’ Sisyphean efforts to keep up with data security.

In the latest edition of data news coming out of Facebook’s HQ, we learned that the company stored hundreds of millions of passwords in plaintext. Brian Krebbs (the cybersecurity reporter who broke the story) reports a source inside Facebook indicates somewhere between 200 and 600 million users could be affected, which is more than 20% of Facebook’s 2.7 billion users. Facebook has yet to officially confirm any numbers, and states no one saw or abused these passwords. Misuse or not, the fact that Facebook did not care to encrypt the most sensitive data of their customers is not just grossly negligent, but speaks volumes about the company’s attitude regarding their customer’s privacy and data ownership. This is especially true since sloppy password protection does not just have immediate impacts on a person’s Facebook profile, but any app that a person has ever used a Facebook OAuth log in for.

Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext – TechCrunch

Flip the “days since last Facebook security incident” back to zero. Facebook confirmed Thursday in a blog post, prompted by a report by cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account passwords in plaintext for years. The discovery was ma…

“Suck it Ad-tech”, say 47% of consumers

47% of consumers are using Ad Blockers, which we hope is a wake-up call to marketing departments that the time has come for a better way to reach out and engage with consumers. The primary reasons for blocking ads were the sheer amount of noise created by ads (48%) closely followed by a lack of relevance of ads (47%). Luckily, we’re working on something that can fix both issues. More to come.

47 Percent Of Consumers Are Blocking Ads

The latest infographic from GlobalWebIndex is a rapid fire repudiation of internet advertising. What motivates consumers to block ads, oh let me count the ways: Too many ads: 48 percent Ads that are annoying or irrelevant: 47 percent Ads are too intrusive: 44 percent

Phone secure storage is all the rage — now let’s add blockchain and rage harder

Some recent history of secure storage (sometimes called Trusted Execution Environments, or TEEs) on smartphones: Samsung and other Android phones have used ARM’s TrustZone tech in the past; Google’s Pixel 3 has a Titan M chip; Apple has it’s Secure Enclaves; and these architectures, while slightly different, are all useful and important in the same ways.

Samsung now steps into the blockchain-phone ring with the Galaxy S10, which will use it’s secure storage to hold private keys (for the layperson: the thing you use to unlock your blockchain assets). We should note (as the article explains in more depth) that they’re not the first, but certainly the biggest to announce this feature. Many blockchain enthusiasts think that making blockchain more user-friendly through secure devices and simple key management is the best way forward; we, at least, are pumped.

What the hell is a blockchain phone—and do I need one?

The crypto world is full of buzzwords, but if you can peel away the marketing fluff, you sometimes find innovation beneath the surface. You are often also reminded just how early it is in the history of this technology. Case in point: the blockchain phone. All of a sudden, several crypto-focused handsets are hitting the…

High quality journalism and sci-fi — Mark Sullivan promotes the virtues of data sharing

Mr. Sullivan explains the incredible potential value of sharing data with companies, and fears that the recent outcries might quash that possibility through user apathy/skepticism and governmental intervention. We have similar fears, but instead of giving big tech companies a second chance, we (obviously) think a self-sovereign data wallet is the solution. Because the notion of users having to forfeit data ownership in order to reap in the spoils of personalization is, while highly propagated, simply wrong. We encourage you to check out our white paper if you’d like to understand the base layer technology that makes both concepts possible at the same time. Of course, we also encourage you to give Mr. Sullivan’s article a read; his examples of a personalized future are vivid and compelling.

Actually, I want to hand over even more of my personal data to big tech

But thanks to Facebook and Google, even good-intentioned tech companies are now afraid to get to know me too well.

The EU takes no prisoners, and that includes itself

The EU is a class act and leading by example, as this week it adopted rules to prevent misuse of personal data by EP (European Parliament) elections. And like GDPR, there’s a 5% fine on the annual budget of any European party or foundation found wanting. Good for you EU.

EP elections: EU adopts new rules to prevent misuse of personal data by European political parties

The Council adopted amendments to the regulation on the statute and funding of European political parties and foundations to prevent misuse of data in EP elections.

Speaking of EU and no prisoners… a third fine for Google, this time €1.5 billion

This €1.5 billion fine adds to a €4.3 billion last year and a €2.4 billion fine before, coming at a grand total of €8.2 billion (~$9.3 billion at current exchange rates).

The fine is for an antitrust violation related to its AdSense business. Whatever you think of the details of the fines, I think we all sympathize with the perspective of EU antitrust commissioner Margrethe Vestager when she said “For me, the most important thing here is to enable user choice.”

Google hit with €1.5 billion antitrust fine by EU

The third major EU antitrust fine against Google

And speaking of Google; meet it’s newest user product, an entirely server-powered gaming platform.

Lots of thoughts and predictions are swirling around Google’s announcement of Stadia, which will allow people to play top-tier video games on almost all major devices is to be launched later this year. Data-wise though, it’ll be interesting to see how Google’s plans to integrate Stadia with YouTube will be yet another major data play from them. Not only are they setting themselves to directly compete with Amazon’s Twitch and the entire $43.8 billion in 2018 revenue gaming industry, but they’ll have unbelievable access into personal preferences for video games. We’re not planning on holding our breaths before we hear about any meaningful privacy settings, but with international and GDPR pressure, perhaps there’s hope…

What Google didn't say: Tech giant's plan to transform the way we play video games raises new questions 

Google announced its cloud-gaming platform Stadia with the expected pizazz and bullishness of one of the world’s biggest tech companies.

Wipe it!

Who needs to hack someone if old devices are filled with troves of personal data? Josh Frantz (security researcher at Rapid7) spent 6 months collecting old desktop, hard disks, cellphones, etc. and found they contained personal and valuable data — including credit card, driver’s license, social security, and passport numbers. Take a look at the article for a few recommendations on how to properly wipe a device before you trash or donate it.

It's Scary How Much Personal Data People Leave on Used Laptops and Phones, Researcher Finds

In a dusty plastic bin under my bed lies at least four laptops, six cellphones, and a half-dozen hard drives. I have no idea what’s on any of them. Most of these devices predate the cloud-storage era, and so likely contain solitary copies of photos, texts, and emails, among other confidential files (porn?) that I’d probably be horrified to learn had fallen into the hands of strangers.

New study exposes data sharing practices of Medicine/Health related apps

In short, it’s a bit worrying. While we normally like summarizing, such research is best read and interpreted individually, but we’ll quote the Objectives, Results, and Conclusions for your convenience:

Objectives To investigate whether and how user data are shared by top rated medicines related mobile applications (apps) and to characterise privacy risks to app users, both clinicians and consumers….

Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis

Objectives To investigate whether and how user data are shared by top rated medicines related mobile applications (apps) and to characterise privacy risks to app users, both clinicians and consumers. Design Traffic, content, and network analysis. Setting Top rated medicines related apps for the Android mobile platform available in the Medical store category of Google Play in the United Kingdom, United States, Canada, and Australia. Participants 24 of 821 apps identified by an app store crawling program. Included apps pertained to medicines information, dispensing, administration, prescribing, or use, and were interactive. Interventions Laboratory based traffic analysis of each app downloaded onto a smartphone, simulating real world use

The importance of data to the Chinese GDP

New research by AlphaBeta suggest that China’s lack of data and intellectual property protection could lead the nation to miss out on 37 trillion yuan (~$5.5 trillion) in growth by 2030, or about ⅕ of GDP.

China may miss out on $5.5 trillion in growth if it doesn't take data privacy more seriously

If China doesn't step up its efforts on issues such as data privacy and intellectual property protection, the country could miss out on a 37 trillion yuan ($5.5 trillion) growth opportunity in the decade ahead, according to analysis published Thursday by the Hinrich Foundation.

That’s all for now. See you again next week!


Get the Data Digest in your inbox