Arul Kumar, a 21 year old Indian Electronics and Communications engineer hailing from Tamil Nadu, has been awarded bounty of $12,500 by Facebook for recognizing a bug within website which allowed users to delete an image or an interaction from other users without his or her concern.
The whole story started when Kumar, also a researcher, posted in his blog about a flaw within the Facebook Support Dashboard. According to the blog, it is easy to exploit the Facebook Support Dashboard and delete any picture from any user page, including verified ones. The blog also had a detailed structure of the bug. For more confirmation, Kumar even had made a video on the bug and send it to the Facebook security team.
About the flaw, it works well with any browser, but according to Kumar, it works better through mobile devices. Initially, the doer needs two profiles, one as the receiver and the other as a sender. Parameters used are Photo_iD and Owner Profile_iD. Once exploited, hackers can delete any photos from any user profile without the owner even knowing about it.
Interestingly, this event shares great similarities to that of Khalil’s, a security expert who couple of weeks before broke into Mark Zuckerberg’s profile. When Khalil came across multiple faults in Facebook, he tried to report the openness to Facebook Security Team, who instead of rewarding dismissed his bounty or even didn’t take it seriously. Impatient and desperate, Khalil hacked into Mark Zuckerberg’s wall and displayed the bug that gave the freedom to post on any Facebook user’s wall. Apart from hacking, Khalil also wrote a huge post explaining about the bug and his discontent against Facebook Security Support team for not taking his efforts seriously.
Soon after the whole event, Khalil’s profile was suspended and eventually he didn’t receive any bounties. According to Facebook, Khalil had broken the golden rule of ‘never to compromise a real-time user’s profile while displaying a bug’ and eventually was disregarded.
As Khalil, Kumar also faced some initial refusals from the Facebook team. But what made the difference was that Kumar detailed the whole bug in a comprehensive video and had sent it to the security team. He even exploited Zuckerberg’s Facebook photo, but did not delete it. This move certainly impressed Facebook as they have recognized the bug and decided to reward Kumar $12,500. The social networking giant also approved 3 Open Redirectors by Kumar, making him eligible for an extra bounty of $1,500.
The Delhi High Court Friday said that social networking site Facebook Inc and search engine Google Inc are bound by the rules of this country and cannot flout the law just because they are foreign companies.
A division bench of Acting Chief Justice B.D. Ahmed and Justice Vibhu Bakhru also directed the two companies to display on their websites the name and contact details of their grievance officers.
“We direct Google Inc and Facebook Inc to display the name of grievance officer on their respective sites. We also direct other intermediaries that the compliance (of the rules) be done in two weeks,” the court said.
It said the Information Technology (Intermediaries) Rules mandate that all social networking sites have to publish the name of grievance officer and their contact details.
“Just because you are a foreign company, you cannot flout the law. Like us, you are bound by the rule of law of this country,” said the court, also asking the central government to take steps to ensure that the social networking sites comply with the rules.
The bench also asked the central government to file its response on the allegations of petitioner that Delhi Police, Indian Railways and others have created accounts on social networking sites despite government departments being barred from doing so under the law.
The petitioner submitted that government departments like Delhi Police and the Indian Railways are not entitled to create accounts on social networking sites.
The court was hearing the PIL filed by former Bharatiya Janata Party (BJP) leader K.N. Govindacharya through his advocate Virag Gupta alleging that the websites have no mechanism for protection of children from online abuse.
The PIL has said that children below 18 years are entering an agreement with the social networking sites to open accounts which is against the Indian Majority Act, the Indian Contract Act and also the Information and Technology Act.
The plea has also sought recovery of taxes from the websites on their income from operations in India.
An imposter pretending to be the UB group scion is posting status messages about them among other things.
Sid’s team has approached Facebook and even asked them to shut down all impostor accounts, especially this one. According to the statement from Siddhartha’s spokesperson, “On behalf of Sid, would like to clarify that, there is no truth whatsoever to the matter of the so-called creation of UB Motion Pictures. This update has been posted on Facebook by an impostor who is posing as Sid and NOT by Sid himself. Hence would request everyone to completely disregard any updates on these fake accounts and only consider news that are issued from official sources.”
This is not a random case. A lot of celebrities are being impersonated on social networking sites. Recently model Sahil Shroff discovered that someone had hacked into his Facebook account and was fooling around with girls using his name. Actress Amrita Rao wanted her identity to be undisputed on a popular micro-blogging site. And to this effect, the actress had filed five impersonation complaints recently. “In fact two accounts that were impersonating me have already been deleted by the authorities recently, and three others are under close scrutiny,” she had shared.
Actor Hurman S Baweja was in shock when an unknown person created a fake account in his name on a networking website and sent random requests to several girls.
Actress Shruti Haasan was taken aback to find out that there are more than 20 Facebook accounts all posing to be Shruti. However, the actress has no Facebook account and only interacts with her fans through Twitter.
Researchers led by Dr Hanna Krasnova of the Humboldt-Universitat zu Berlin surveyed Facebook members regarding their feelings after using the platform.
Krasnova, explained that, “Although respondents were reluctant to admit feeling envious while on Facebook, they often presumed that envy can be the cause behind the frustration of ‘others’ on this platform – a clear indication that envy is a salient phenomenon in the Facebook context”.
“Indeed, access to copious positive news and the profiles of seemingly successful ‘friends’ fosters social comparison that can readily provoke envy. By and large, on-line social networks allow users unprecedented access to information on relevant others — insights that would be much more difficult to obtain offline,” Krasnova said in a statement.
Those who do not engage in any active, interpersonal communications on social networks and primarily utilise them as sources of information, eg reading friends’ postings, checking news feeds, or browsing through photos, are particularly subject to these painful experiences.
The study also found that about one-fifth of all recent on-line/offline events that had provoked envy among the respondents took place within a Facebook context. This reveals a colossal role of this platform in users’ emotional life.
Paradoxically, envy can frequently lead to users embellishing their Facebook profiles, which, in turn, provokes envy among other users, a phenomenon that the researchers have termed “envy spiral”.
The researchers were also able to establish a negative link between the envy that arises while on Facebook and users’ general life satisfaction. Indeed, passive use of Facebook heightens invidious emotions that, in turn, adversely affect users’ satisfaction with their lives.
“Considering the fact that Facebook use is a worldwide phenomenon and envy is a universal feeling, a lot of people are subject to these painful consequences,” study co-author Helena Wenninger of the TU-Darmstadt said.
- How Facebook and Twitter can boost your ego and make you more impulsive in just five minutes (ktrmurali.wordpress.com)
- Policy-makers need to consider the impacts, warn researchers
- Inability to concentrate found to be one of the effects
- Browsing social networks for just five minutes can cause loss of control
Facebook and other social network sites can cause users to lose control and may lead to violence, obesity and debt.
Browsing for just five minutes on social networks can boost user’s self-belief so much that they become more impulsive.
Effects can include an increase in binge-eating, loss of concentration and lack of application, a study showed.
Researchers are also concerned that the loss of control prompted by using Facebook could lead to social problems such as aggression and violence.
‘Given that self-control is important for maintaining social order and personal well-being, this subtle effect could have widespread impact,’ the study from the US warned.
‘This is particularly true for adolescents and young adults who are the heaviest users of social networks and have grown up using social networks as a normal part of their daily lives.’
Dr Andrew Stephen, of the University of Pittsburgh, and Dr Keith Wilcox of Columbia University in New York, carried out the study with more than 1,000 Facebook users and said it was the first time it has been demonstrated that facebook and other social networking sites lead to loss of control.
They urged policy-makers to investigate social network use to better understand how people behave after using Facebook and other sites.
‘We have demonstrated that using today’s most popular social network, Facebook, may have a detrimental effect on people’s self-control,’ said Dr Stephen.
The researchers found that the key to behavioral changes after using social networking sites is the way they boost a user’s feeling of self-worth.
For people who send and receive posts from a number of friends with whom they have ‘strong ties’ even using a site for a short period of time was observed to increase self-esteem.
This is thought to happen because the social conventions that prevent boasting in face to face meetings are weakened when posting online, the researchers argued.
Users are also likely to focus on presenting positive images of themselves which are reinforced by supportive responses.
Having had their self-esteem boosted, the study showed, the self-control of users was weakened and resulted in different types of behaviour.
Volunteers taking part in one test were instructed to either spend a few minutes browsing social network sites or to look through CNN.com and TMZ.com.
Participants were then asked to choose between a healthy snack or a chocolate chip cookie and it was found that those using social network sites were more likely to opt for the unhealthy option.
‘Social network use enhanced self-esteem, making them more likely to make an unhealthy food choice compared to those who did not browse Facebook,’ the academics reported in a paper – Are Close Friends the Enemy? Online Social Networks, Self-Esteem, and Self-Control – published online in the Journal of Consumer Research.
A similar test in which volunteers were asked to solve anagrams after going online showed that the Facebook users were more likely to lose concentration and give up on the puzzles.
Researchers also asked volunteers a series of questions to establish their Body Mass Index (BMI), how many credit cards they had and what their levels of debt were.
‘The results suggest that greater social network use is associated with a higher body-mass index, increased binge eating, a lower credit score, and higher levels of credit-card debt for individuals with strong ties to their social network,’ the researchers found.
‘This research advances our knowledge of social networks by demonstrating that social networks can have significant effects on consumer judgment and decision-making, even in tasks that are unrelated to social network use or more general social behavior.’
They added: ‘Our research demonstrates that social network use may also have a detrimental effect on well-being by leading certain people to exhibit lower self-control.
‘It would be worthwhile for researchers and policy makers to further explore social network use in order to better understand which consumers may be particularly vulnerable to suffering negative psychological or social consequences.’
Here are 10 tips for you to share with your youngsters, to help make sure they’re clued up about .
1. Lock down your Facebook page. Make sure your profile is only shown to your friends – not their friends too and certainly not the whole world! It’s good to check your privacy settings regularly, too, because Facebook often updates them.
2. If you don’t know someone on Facebook, don’t be tempted to accept their Friend request.
3. Don’t post anything anywhere on the internet if you don’t want the world to see it. Once you’ve uploaded something, you cannot be sure that it will stay with just the person you’ve sent it to. So if it’s private, don’t share it!
4. Never give out your address, unless your parents have said it’s safe and it’s absolutely necessary (eg. when you are requesting a delivery). And never agree to meet in person someone you’ve met online.
5. Make sure you password protect your phone or any other device you use. And lock it when you’re not using it.
6. Don’t click on suspicious-looking links. If something looks strange to you, ask a parent or teacher if it’s ok to click on it.
7. If your friend has sent you a message but it looks weird, or isn’t something they’d usually say, check with them before you open it. It could be that someone is using their account to send messages which could be infected with something nasty.
8. Always log out! Make sure you don’t leave any account open when you go away from your computer, phone or other device.
9. Follow these password rules:
- Never choose passwords which are real words you’d find in the dictionary. Use a mixture of upper and lower case letters, swap out letters for numbers, and use symbols like % and $ too.
- Make your password as long as possible. The longer it is, the harder it is to crack.
- Be creative! Never just use the name of your favourite sports team or band, or your pet’s name. They are too easy to guess, especially if you’re previously shared that information online.
- Use a different password for each website you use. If you struggle to remember them, you can use online ‘password management‘ software to save them for you. But remember to make your ‘master’ password VERY hard to crack!
- Don’t save your password to your computer if you share it with anyone. And never give anyone your password. Not even your best friend. It’s not silly to keep your password to yourself, it’s safe!
10. And finally, if it doesn’t look right, speak up! If you think something is suspicious or if you see something upsetting online, tell a parent or teacher, or report it to the website you’re trying to use.
There is no black and white answer concerning consumers’ online privacy.
More and more each day the internet infiltrates commerce and social life and consumers are becoming more aware that their personal information is becoming less and less personal. Some websites and apps have transparent sharing policies. Some of them state exactly what information they will use for advertising but others aren’t so clear.
So what if one day you’re fed up? Tired of the eerie advertisements that seem to cater perfectly to your personal history, hobbies and wants? What if you want to erase your online identity with no strings attached, which brings us to the question: Once your information is on the web, does it ever really go away?
The problem with online privacy
That was the question some of the top names in tech privacy were trying to answer at Churchill Club’s “The Privacy Gap” panel on Wednesday, including Brendon Lynch, chief privacy officer at Microsoft, and Facebook’s former chief privacy officer, Chris Kelly.
“There are still people who don’t know what they’re giving up when they sign up for services,” Lynch said. “They don’t know how much value is being derived from their data.”
The general theme of the talk seemed to center around the fact that in today’s climate, there is no black and white answer concerning consumers’ online privacy. While some panelists called for major innovation in regards to online privacy – World Privacy Forum’s Pam Dixon urged that the industry needs to start looking at “privacy as a feature, not a bug” – some saw privacy as a user problem.
“If I say to a consumer, ‘I am collecting every single piece information about you but I am telling you this up front,’ and you choose to continue to use my app, that is an educated informed choice and consumers have the right to make that choice,” explained Jon Potter, president of the Application Developer’s Alliance.
The general consensus was that online privacy issues are growing and consumers’ tolerance level with companies using their private information is dwindling fast.
Even Facebook was the target of FTC privacy charges back in 2011, accusing the social networking site of deceiving their users by telling them they could keep their Facebook information private, and then allowing it to be shared and made public. They have since reached a settlement, and one of Facebook’s requirements now is to post a clear and prominent sharing notice and have users consent to having their information shared. Judging from Facebook’s over 1 billion users, most people continue to use the site despite knowing that their information is being shared and tracked.
It’s the same story with the thousands of mobile applications and other sites that share your information, essentially making your every online step traceable back to you.
These experts on privacy admit and agree that not only should there be more innovation that closes the rift between consumer privacy and sharing practices, but there also needs to be new technology surrounding deleting your data from the web.
“There needs to be an educated technological discussion about whether it’s possible to erase your data from the Internet, and what does it mean when you no longer use a website and you want to back your data out,” Potter said at the panel.
Tricks to erasing yourself from the Internet
So what can you do?
- Check out Google’s removal request tool: It allows you to ask Google to remove search results or cached content.
- Deleting accounts: When deleting accounts, you will notice that some sites simply “deactivate” it. A tip for these situations is to delete every bit of your information from these sites, then link the site to a newly-created email address, and then delete that email address (tedious, we know).
- Contact sites directly: You can also contact particular sites and companies that have your personal information and politely ask them to erase it (again, tedious).
- Do not track: AVG security software has developed a tool that allows you to opt out of tracking on most web browsers. This means that browsers like Internet Explorer, Google Chrome and Mozilla Firefox won’t be able to track your Internet behavior.
- Keep your identity protected: Remember, if you find false information, or are afraid that your data is being used fraudulently, signing up for an identity theft protection service can help notify you of any fraudulent activity concerning your identity.
If you’d still like to use the Internet while protecting your privacy, you’ll need to keep reading privacy policies and exercising your choice of whether to continue using a website or application knowing their sharing practices.
Until there is more innovation and maybe some uniformity surrounding online privacy, being aware of what you are sharing when signing up for a service is very important, as well as knowing that your personal data is extremely valuable.
The moral of the story? Once you’re on the Internet, it’s very difficult to leave.
A billion people offer their two cents every month to Facebook, literally. That’s about how much income Facebook generated per user each month over the last quarter.
Add it all up and the company made just $64 million on revenue of $1.59 billion. That means the company is generating about half a buck a month of revenue per user, and just $0.02 a month in income. Facebook says that a run-up in R&D hurt their profitability for the quarter.
Nonetheless, compared with the other tech giants (save Amazon, which has its own profitability problems), Facebook is not much of a money machine. It isn’t even within an order of magnitude of old-school companies like Microsoft or Oracle, let alone Apple.
But hey, it’s young. And detailed data on all of our lives has got to be worth something, right? Right? And the good news is that for the full year 2012, Facebook generated $13.58 in revenue per user in its most developed markets, the US and Canada. That’s up more than $2 over 2011 and $4 over 2010.
Update: Facebook would also probably like me to note that if you don’t follow the GAAP method and use Facebook’s own accounting, they made $426 million for the quarter, which is considerably more money than $64 million. Then again, there’s a reason they’re called Generally Accepted Accounting Principles.
WhatsApp has been found guilty of breaching international privacy laws because it forces customers (bar those using iOS 6) to grant it access to their entire address book. It indiscriminately retains all that information, meaning millions of non-consenting, non-users have had their data given up over the years.
The announcement was made by the Office of the Privacy Commissioner of Canada and the Dutch Data Protection Authority, which both maintain WhatsApp directly breached its privacy laws. However, the joint investigation took place in 2012, giving the company time to make some adjustments before the public ever found out — it has encrypted messages (from September 2012), strengthened its authentication process and also plans on developing manual addition of contacts. There are, however, still “outstanding issues” that the authorities intend to follow-up on, despite the instant messaging provider claiming non-users’ numbers are encrypted and that they don’t store corresponding names and emails.
WhatsApp has been dogged with security flaws since its launch, with one hacker releasing a Windows tool to show how easy it is to change user statuses in early 2012. This latest find, with even non-users being drawn into a privacy data dispute, has somewhat irked the authorities since international law clearly states data should only be kept “for so long as it is required for the fulfilment of an identification purpose”.
“This lack of choice contravenes privacy law,” said Jacob Kohnstamm, chairman of the Dutch Data Protection Authority, in a statement. “Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp.”
It flags up an issue Facebook, Google and others are currently having to deal with: user consent, or the lack thereof.
“This case puts the spotlight on a key issue within privacy law: can the use of a service be made conditional on access being given to personal data?” Stewart Room, a partner at Field Fisher Waterhouse specialising in privacy law, told Wired.co.uk. “On my reading of the law, the EU data protection regime does recognise the legitimacy of making service use conditional in this way, but the law will expect sufficient mechanisms to be put in place to draw the user’s attention to the data access before the service commences. In other words, people need to know what they are signing up for in advance.”
It’s taken the Dutch and Canadian authorities a good few years, and plenty of warnings from the public over the app’s security issues, to carry out its investigation and apply some pressure on the US-based company. So what other less high-profile apps are getting away with more?
“I suspect that these breaches are much more common than we think, with many businesses not paying due attention to their data collection practices when developing or deploying their services,” Daniel Cooper, head of global privacy and data security at Covington and Burling, told Wired.co.uk. “Many companies simply collect data, despite having no clear business need for it, on the basis that it may be useful in the future [WhatsApp says it keeps the data on file to populate its own contact list]. This situation has not been helped by the relatively limited amount of regulatory enforcement that has occurred to date.”
So we’ll probably start seeing more cases such as these arise as attention is drawn to the issue.
With that in mind, Stewart says: “I would encourage all app developers to look at how they bring key privacy issues to the attention of users during signing-up… I expect that where there are problems these are more often the result of a lack of focus or clarity of thought, rather than a deliberate attempt to have people over. I do expect that many app developers are in a similar position to WhatsApp.”