STE WILLIAMS

Apple is planning to phase out unique device identifiers from iOS 5, according to documentation sent out to developers, possibly to stop people worrying about their privacy on iPhones and iPads.

Apple developers have been told that the serial number will be “deprecated” in iOS 5.0 and they should “create a unique identifier specific to your app”.

There has been some debate among developers on blogs and forums about the meaning of the word “deprecation”, but the majority seem to believe it signals a complete phase-out of the UDIDs. Or at least a phase-out of developer usage of the numbers, though Apple may still have access to them.

Christian Henschel, director of partner development at madvertise, told the Reg it was sometimes difficult to work out Apple’s intentions, adding “you never really know what those guys are up to”.

As of publication, Apple had not responded to requests for comment.

The main issue for app developers if the UDIDs are removed is in tracking their audience. While the number is not supposed to be connected to any personal information, it’s nevertheless useful for developers to know that UDID number X (a 40-digit alphanumeric string) has downloaded certain apps, uses them a certain number of times or spends so much time on them, etc. Some mobile ad networks also use the UDID to target their advertisements.

“I think it has some impact for developers because the most important thing for developers is to analyse their audience,” Henschel said.

He suggested that one reason Apple might be ditching UDID access is to stop people freaking out about how smartphones use the data they hold.

An article in the Wall Street Journal in December said that iPhone apps had passed on UDIDs along with location, gender and age information to outside ad companies. The makers of the apps in question said the data they passed on couldn’t be linked to an individual’s name. But these kind of fine-line privacy issues have thrown the spotlight on UDIDs.

“There are techniques to connect hardware to some software,” Henschel said, adding that the amount of information stored on smartphones alongside the UDID – such as Facebook or email login details – had led to fears about how it could be used.

Henschel also pointed to the recent spat between the notoriously secretive Apple and analytics firm Flurry as a possible spur for the move. In January, Flurry reported that it had identified around 50 tablet devices in testing at Apple’s campus in Cupertino using its analytics.

The ironic breach of Apple’s own privacy led Jobs and Co to change the iPhone’s SDK terms of service.

“Some company called Flurry had data on devices that we were using on our campus – new devices,” Jobs said live at the D8 conference in New York.

“They were getting this info by getting developers to put software in their apps that sent info back to this company! So we went through the roof. It’s violating our privacy policies, and it’s pissing us off! So we said we’re only going to allow analytics that don’t give our device info – only for the purpose of advertising.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/24/why_apple_is_phasing_out_unique_device_identifiers/

Data collection outfit comScore has rejected a lawsuit that alleges the company violates US privacy laws, by saying the claims are “without merit and full of factual inaccuracies”.

On Tuesday, a suit (30-page PDF/270KB) was filed in the US District Court, Northern District of Illinois, by Chicago-based law firm Edelson McGuire on behalf of two plaintiffs who are pushing for class-action status and damages in their case against comScore.

“As one of the biggest players in the internet research industry, statistics gleaned from comScore’s consumer data are featured in major media outlets on a daily basis,” notes the suit.

“However, what lies beneath comScore’s data gathering techniques is far more sinister and shocking to all but the few who fully understand its business practices,” it goes on to claim.

“Namely, comScore has developed highly intrusive and robust data collection software known by such names as RelevantKnowledge, OpinionSpy, Premier Opinion, OpinionSquare, PermissionResearch, and MarketScore… to surreptitiously siphon exorbitant amounts of sensitive and personal data from consumers’ computers.

“Through subsidiaries bearing innocuous names, comScore uses deceitful tactics to disseminate its software and thereby gain constant monitoring access to millions of hapless consumers’ computers and networks.”

The lawsuit is also seeking injunctions against a variety of practices that it alleges are violating a number of US laws.

It cites the Stored Communications Act, the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act and Illinois Consumer Fraud and Deceptive Practices Act.

The plaintiffs claim that comScore scanned their computers and modified their security settings after they installed the software.

comScore sells its data to over 1,800 businesses worldwide and lists Yahoo!, Facebook and Microsoft among its clientbase. None of those customers are accused of any wrongdoing in the lawsuit.

The company is upfront about its operations:

Once you install our application, it monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions, such as filling a shopping basket, completing an application form or checking your online accounts … we make commercially viable efforts to automatically filter confidential personally identifiable information such as UserID, password, credit card numbers, and account numbers. Inadvertently, we may collect such information about our panelists; and when this happens, we make commercially viable efforts to purge our database of such information.

“We have reviewed the lawsuit and find it to be without merit and full of factual inaccuracies. comScore intends to aggressively defend itself against these claims,” said the company in a brief statement to The Register. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/24/comscore_privacy_lawsuit/

Facebook is abandoning its Places feature after just one year since it launched the function – at the same time, location settings within the social network are being ramped up.

The company buried the news yesterday that Places would be “going away” in a blog post announcing Facebook’s latest “privacy” tweaks.

“In the same way we know people want to say who they’re with or what they want to talk about, we also know people like to say where [sic] are or where they are off to – in order to help people do this we created ‘check-ins’,” said Facebook.

“We have now matured the ‘check-in’ and your chosen location can now be tagged in your posts by any device (mobile or laptop). This is an opt-in function and can be as broad as a town or country, or specific as your favourite pub.”

Previously, Places was a separate function clumsily bolted on to Facebook that could only be used via smartphones.

The location changes will gradually be rolled into Facebook over the next few weeks starting tomorrow (25 August). The firm will turn the function off by default, in a clear effort to appease privacy campaigners, who are increasingly scrutinising the social network’s settings.

Facebook, of course, is in the business of data-farming. Like other interwebs players it shares that information – in an anonymised form – with advertisers.

And users who enable the new location settings can expect more granular results. For example, a person no longer has to be physically standing in the KFC off Piccadilly Circus to geo-tag it in a Facebook post.

All of this links nicely into the company’s Deals offering, which is a Groupon-like service to encourage Facebook users to snap up local coupon discounts at coffee shops, retail outlets and so on.

Arguably, the location changes are about to clog up Facebook’s News Feed with much more ad-related content, given that it is becoming a central part of the social network. That’s because any “friends” that opt-in to the service will be broadcasting to the world exactly which coffee house or fried-chicken joint they’re hanging out in.

Meanwhile, a Facebook spokeswoman downplayed early reports about the privacy changes that suggested the company was simply competing with Google+ on how it handles its social graph.

“Naturally people are going to make comparisons but these are changes that Facebook has been working on for six months in order to make sure it is right for users and that it can be scaled for the 750 million users on Facebook,” she said.

“So not something that has been developed as a response to Google+, it has been developed in response to what we’re hearing from people who use Facebook.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/24/facebook_location_settings_places/

Recruitment agency Hays has committed a massive blunder at the Royal Bank of Scotland.

An email reminding managers to update timesheets in time for the bank holiday included an attachment with the day rates of 3,000 contractors. It was sent to 800 people at the bank.

The row will likely deepen divisions between temporary and permanent staff – top rates for contractors were £2,000 a day. RBS is, of course, owned by the British taxpayer and has been busy sacking permanent IT staff – 1,000 jobs went and some 800 were offshored.

Such cuts of course always mean more work for contractors.

Sky got the story first. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/24/hays_rbs_email_fail/

Yale University has warned 43,000 people that their names and Social Security numbers were publicly accessible for 10 months to anyone with an internet connection.

According to The Yale Daily News, the sensitive information was stored on an FTP server that was primarily used to store open-source materials. The mistake came to light only after Google introduced a change to its search index that included the contents of FTP servers.

Members of Yale’s Information Technology Services didn’t learn of the change until June 30.

There’s no way of knowing how many people may have accessed the data, so Yale is offering those whose information was exposed free credit monitoring and identity theft insurance. Those affected were affiliated with the university in 1999.

Until now, the change to Google’s search engine has largely gone unnoticed. With little attention paid to the contents stored on untold numbers of FTP servers, there’s no telling what other sensitive data is only a search query away. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/24/yale_ftp_server/

It’s being called an accident, but it could also be a show of force: a piece of state propaganda from China shows an attack being launched against Falun Gong computers.

New York-based newspaper The Epoch Times says this image, taken from a TV spot aired in July, shows the software in use.

The newspaper translates the labels in the image as “Select attack target”, a drop-down list of Falun Gong Websites, and an “attack” button. It says the video, some of which is posted on F-Secure’s blog, provides direct evidence of government involvement in cyber-attacks.

That’s because The Epoch Times says the video identifies the software as being written by the Electrical Engineering University of the People’s Liberation Army, while the IP address the video shows as originating the attack, 138.26.72.17, resolves to the University of Alabama at Birmingham. The university told the newspaper that the address has not been used since 2010, and it believes its network has not been compromised.

While the video may have been seen as propaganda claiming a capability that didn’t actually exist, the government-run TV channel CCTV7 has since removed the original video from its Website and replaced it with a more generic slot, leading F-Secure’s Mikko Hypponen to agree with the newspaper that the footage is genuine, and was included in the original footage by mistake.

China has consistently denied launching state-sponsored attacks against international targets (as has practically every government accused of espionage of any kind). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/pla_video_attack_software/

Hong Kong police cuff suspect in stock market attacks

Crashed website disrupted trading

By Dan Goodin in San Francisco • Get more from this author

Posted in Crime, 23rd August 2011 19:54 GMT

Free whitepaper – Power and Cooling Capacity Management for Data Centers

Police have arrested a man they say is connected to a website attack earlier this month that disrupted trading on the Hong Kong Stock Exchange.

Officers investigating the August 10 attack for the Hong Kong Police’s Technology Crime Division of Commercial Crime Bureau arrested the 29-year-old man late last week, they said in a brief statement. He was arrested for “Access to Computer with Dishonest or Criminal Intent.”

The attack crashed an HKEx website that locally listed companies use to announce price sensitive news. HKEx, which is Asia’s third-biggest securities exchange, responded by suspending trading of at least seven companies that were scheduled to make announcements during that day’s lunch break. A smaller attack broke out the following day.

Police arresting the unnamed suspect from Kwun Tong also seized 17 sets of computers, two mobile phones and five digital storage devices. He faces up to five years in prison. ®

Free whitepaper – Data Center Projects

• Be the first to post a comment!

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/stock_exchange_hacker/

Facing heat from finer-grained privacy settings in Google+, Facebook has revamped the controls account holders use to designate who gets to see their pictures, posts, and other content.

Over the coming days, the controls will move from a dedicated settings page to the main profile page, right beside the posts, photos and tags they affect. The goal is to integrate the privacy settings with the content they control to make it easier for users to decide who gets to see what. As a result, birthdates, hometowns and other potentially sensitive data included in profiles will appear next to a drop-down menu that can be changed without having to visit a separate settings page.

“The profile is getting some new tools that give you clearer, more consistent controls over how photos and posts get added to it, and who can see everything that lives there,” Facebook Vice President of Product Chris Cox wrote Tuesday in a blog post announcing the changes.

The changes come as Google has been promoting its Google+ service as a way for users to better control the online groups they frequent. The service had more than 25 million users as of earlier this month, according to an article from PC Magazine that cited comScore figures.

Another change includes the ability to approve or reject photos or posts that contain tags naming the user before they’re visible on the user’s profile. Facebook is also introducing the ability to change who can see posts after they are published. Additionally, the company is changing the designation for content that is freely available online.

“We are changing the name of this label from Everyone to PUblic so that the control is more descriptive of the behavior: anyone may see it, but not everyone will see it,” Cox wrote. “This is just to make the setting more clear, and it’s just a language change.

Additional changes affect tag locations in posts and expanded options for to removing tags and content from the user’s own profile or requesting other users remove content from their profiles.

“Taken together, we hope these new tools make it easier to share with exactly who you want, and that the resulting experience is a lot clearer and a lot more fun,” Cox wrote.

The revamp will roll out “in the coming days” and will be announced with a prompt for a tour that walks each user through the updated features. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/facebook_privacy_controls/

A 21-year-old man has been sentenced to four months in jail for a brief riot-supporting post on Facebook.

David Glyn Jones, Bangor, posted “Let’s start Bangor riots”, then removed it 20 minutes later. But the post was seen by a woman who used to work with Jones and she reported it to the police, the Beeb reports.

His solicitor told the court his client did not expect his words to be taken seriously.

Reactions to such posts have varied wildly around the country – some forces have chosen to give posters a stern talking to or told people to write letters of apology, while others have pushed for custodial sentences.

The non-organiser of the world’s crappest flashmob got four years for posting an event invitation to “Smash dwn in Northwich Lootin”. He is appealing his sentence and there was no rioting in Northwich.

The Met has denied it told officers to keep all offenders in custody, despite a document handed to the Guardian that appeared to confirm this.

The Operation Withern Prisoner Processing Strategy explained to officers: “A strategic decision has been made by the MPS that in all cases an application will be made for remand in custody both at the police station and later at court.”

The Met denied this meant that everyone arrested should be held in custody. The force said 623 people had been bailed pending further enquiries, 125 were simply released and 17 were cautioned.

In total the Met arrested 1,881 people and 1,063 have so far been charged in connection with the disturbances.

Facebook, Twitter and RIM have been called to meet the Home Secretary on Thursday to discuss issues around the disturbances and Cameron’s apparent desire to get such networks switched off as he or subsequent Prime Ministers may order. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/facebook_sentence/

Residents of Runnymede can now follow the goings-on of their local plod on a free iPhone app, assuming plod decides to record his location on his Huawei-supplied handset.

The pair of apps were developed by UK-based Multizone, and the public component is being launched on the iPhone today. That free app can be used to pick up the police feeds on Twitter, Flickr, and YouTube, as well as showing a live feed of what officers are doing now and allowing the public to say if they think that’s appropriate use of police time.

The live feed is fed by the officer’s side of the application: the copper selects from a list of activities they’d like people to think they’re doing, and the geotagged data is uploaded for public viewing. The public can then use a sliding scale to say how important that activity is to them.

Huawei, along with Vodafone, volunteered to provide Android handsets for the police, though many are apparently using their own iPhones instead.

Angus Fox, of Multizone, told us he’s had individual coppers asking if they can use their personal kit, as they’re keen to tell people how they spend their days. Despite Huawei’s generosity, there aren’t enough Android handsets to go around the 40 or so officers on the streets in Runnymede.

The app was developed using Appcenter’s JavaScript-cross-compilation technology to ensure iOS, Android and BlackBerry supported it: RIM’s platform is popular among those trying to stop riots as well as those trying to start them. The iPhone version is being launched first, but public apps for the other platforms should follow quickly.

We can only hope the service proves more useful than Manchester’s effort, which was so quickly and effectively lampooned despite the real tweets being as surreal as any comedy effort:

“Call 384 report of man holding baby over bridge – police immediately attended and it was man carrying dog that doesn’t like bridges #gmp24” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/police_iphone_app/