STE WILLIAMS

comScore sued over ‘sinister’ data collection methods

Data collection outfit comScore has rejected a lawsuit that alleges the company violates US privacy laws, by saying the claims are “without merit and full of factual inaccuracies”.

On Tuesday, a suit (30-page PDF/270KB) was filed in the US District Court, Northern District of Illinois, by Chicago-based law firm Edelson McGuire on behalf of two plaintiffs who are pushing for class-action status and damages in their case against comScore.

“As one of the biggest players in the internet research industry, statistics gleaned from comScore’s consumer data are featured in major media outlets on a daily basis,” notes the suit.

“However, what lies beneath comScore’s data gathering techniques is far more sinister and shocking to all but the few who fully understand its business practices,” it goes on to claim.

“Namely, comScore has developed highly intrusive and robust data collection software known by such names as RelevantKnowledge, OpinionSpy, Premier Opinion, OpinionSquare, PermissionResearch, and MarketScore… to surreptitiously siphon exorbitant amounts of sensitive and personal data from consumers’ computers.

“Through subsidiaries bearing innocuous names, comScore uses deceitful tactics to disseminate its software and thereby gain constant monitoring access to millions of hapless consumers’ computers and networks.”

The lawsuit is also seeking injunctions against a variety of practices that it alleges are violating a number of US laws.

It cites the Stored Communications Act, the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act and Illinois Consumer Fraud and Deceptive Practices Act.

The plaintiffs claim that comScore scanned their computers and modified their security settings after they installed the software.

comScore sells its data to over 1,800 businesses worldwide and lists Yahoo!, Facebook and Microsoft among its clientbase. None of those customers are accused of any wrongdoing in the lawsuit.

The company is upfront about its operations:

Once you install our application, it monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions, such as filling a shopping basket, completing an application form or checking your online accounts … we make commercially viable efforts to automatically filter confidential personally identifiable information such as UserID, password, credit card numbers, and account numbers. Inadvertently, we may collect such information about our panelists; and when this happens, we make commercially viable efforts to purge our database of such information.

“We have reviewed the lawsuit and find it to be without merit and full of factual inaccuracies. comScore intends to aggressively defend itself against these claims,” said the company in a brief statement to The Register. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/24/comscore_privacy_lawsuit/

Data for 43,000 at Yale winds up in Google search results

Yale University has warned 43,000 people that their names and Social Security numbers were publicly accessible for 10 months to anyone with an internet connection.

According to The Yale Daily News, the sensitive information was stored on an FTP server that was primarily used to store open-source materials. The mistake came to light only after Google introduced a change to its search index that included the contents of FTP servers.

Members of Yale’s Information Technology Services didn’t learn of the change until June 30.

There’s no way of knowing how many people may have accessed the data, so Yale is offering those whose information was exposed free credit monitoring and identity theft insurance. Those affected were affiliated with the university in 1999.

Until now, the change to Google’s search engine has largely gone unnoticed. With little attention paid to the contents stored on untold numbers of FTP servers, there’s no telling what other sensitive data is only a search query away. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/24/yale_ftp_server/

Facebook ditches Places

Facebook is abandoning its Places feature after just one year since it launched the function – at the same time, location settings within the social network are being ramped up.

The company buried the news yesterday that Places would be “going away” in a blog post announcing Facebook’s latest “privacy” tweaks.

“In the same way we know people want to say who they’re with or what they want to talk about, we also know people like to say where [sic] are or where they are off to – in order to help people do this we created ‘check-ins’,” said Facebook.

“We have now matured the ‘check-in’ and your chosen location can now be tagged in your posts by any device (mobile or laptop). This is an opt-in function and can be as broad as a town or country, or specific as your favourite pub.”

Previously, Places was a separate function clumsily bolted on to Facebook that could only be used via smartphones.

The location changes will gradually be rolled into Facebook over the next few weeks starting tomorrow (25 August). The firm will turn the function off by default, in a clear effort to appease privacy campaigners, who are increasingly scrutinising the social network’s settings.

Facebook, of course, is in the business of data-farming. Like other interwebs players it shares that information – in an anonymised form – with advertisers.

And users who enable the new location settings can expect more granular results. For example, a person no longer has to be physically standing in the KFC off Piccadilly Circus to geo-tag it in a Facebook post.

All of this links nicely into the company’s Deals offering, which is a Groupon-like service to encourage Facebook users to snap up local coupon discounts at coffee shops, retail outlets and so on.

Arguably, the location changes are about to clog up Facebook’s News Feed with much more ad-related content, given that it is becoming a central part of the social network. That’s because any “friends” that opt-in to the service will be broadcasting to the world exactly which coffee house or fried-chicken joint they’re hanging out in.

Meanwhile, a Facebook spokeswoman downplayed early reports about the privacy changes that suggested the company was simply competing with Google+ on how it handles its social graph.

“Naturally people are going to make comparisons but these are changes that Facebook has been working on for six months in order to make sure it is right for users and that it can be scaled for the 750 million users on Facebook,” she said.

“So not something that has been developed as a response to Google+, it has been developed in response to what we’re hearing from people who use Facebook.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/24/facebook_location_settings_places/

Agency sends contractors’ day rates to 800 RBS staff

Recruitment agency Hays has committed a massive blunder at the Royal Bank of Scotland.

An email reminding managers to update timesheets in time for the bank holiday included an attachment with the day rates of 3,000 contractors. It was sent to 800 people at the bank.

The row will likely deepen divisions between temporary and permanent staff – top rates for contractors were £2,000 a day. RBS is, of course, owned by the British taxpayer and has been busy sacking permanent IT staff – 1,000 jobs went and some 800 were offshored.

Such cuts of course always mean more work for contractors.

Sky got the story first. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/24/hays_rbs_email_fail/

Chinese PLA video shows cyber-attack software

It’s being called an accident, but it could also be a show of force: a piece of state propaganda from China shows an attack being launched against Falun Gong computers.

New York-based newspaper The Epoch Times says this image, taken from a TV spot aired in July, shows the software in use.

The newspaper translates the labels in the image as “Select attack target”, a drop-down list of Falun Gong Websites, and an “attack” button. It says the video, some of which is posted on F-Secure’s blog, provides direct evidence of government involvement in cyber-attacks.

That’s because The Epoch Times says the video identifies the software as being written by the Electrical Engineering University of the People’s Liberation Army, while the IP address the video shows as originating the attack, 138.26.72.17, resolves to the University of Alabama at Birmingham. The university told the newspaper that the address has not been used since 2010, and it believes its network has not been compromised.

While the video may have been seen as propaganda claiming a capability that didn’t actually exist, the government-run TV channel CCTV7 has since removed the original video from its Website and replaced it with a more generic slot, leading F-Secure’s Mikko Hypponen to agree with the newspaper that the footage is genuine, and was included in the original footage by mistake.

China has consistently denied launching state-sponsored attacks against international targets (as has practically every government accused of espionage of any kind). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/pla_video_attack_software/

Hong Kong police cuff suspect in stock market attacks

Hong Kong police cuff suspect in stock market attacks

  • alert
  • print
  • comment
  • tweet

Crashed website disrupted trading

Free whitepaper – Power and Cooling Capacity Management for Data Centers

Police have arrested a man they say is connected to a website attack earlier this month that disrupted trading on the Hong Kong Stock Exchange.

Officers investigating the August 10 attack for the Hong Kong Police’s Technology Crime Division of Commercial Crime Bureau arrested the 29-year-old man late last week, they said in a brief statement. He was arrested for “Access to Computer with Dishonest or Criminal Intent.”

The attack crashed an HKEx website that locally listed companies use to announce price sensitive news. HKEx, which is Asia’s third-biggest securities exchange, responded by suspending trading of at least seven companies that were scheduled to make announcements during that day’s lunch break. A smaller attack broke out the following day.

Police arresting the unnamed suspect from Kwun Tong also seized 17 sets of computers, two mobile phones and five digital storage devices. He faces up to five years in prison. ®

Free whitepaper – Data Center Projects

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/stock_exchange_hacker/

Facebook revamps privacy settings (again)

Facing heat from finer-grained privacy settings in Google+, Facebook has revamped the controls account holders use to designate who gets to see their pictures, posts, and other content.

Over the coming days, the controls will move from a dedicated settings page to the main profile page, right beside the posts, photos and tags they affect. The goal is to integrate the privacy settings with the content they control to make it easier for users to decide who gets to see what. As a result, birthdates, hometowns and other potentially sensitive data included in profiles will appear next to a drop-down menu that can be changed without having to visit a separate settings page.

“The profile is getting some new tools that give you clearer, more consistent controls over how photos and posts get added to it, and who can see everything that lives there,” Facebook Vice President of Product Chris Cox wrote Tuesday in a blog post announcing the changes.

Screen shot of new Facebook Privacy control

The changes come as Google has been promoting its Google+ service as a way for users to better control the online groups they frequent. The service had more than 25 million users as of earlier this month, according to an article from PC Magazine that cited comScore figures.

Another change includes the ability to approve or reject photos or posts that contain tags naming the user before they’re visible on the user’s profile. Facebook is also introducing the ability to change who can see posts after they are published. Additionally, the company is changing the designation for content that is freely available online.

“We are changing the name of this label from Everyone to PUblic so that the control is more descriptive of the behavior: anyone may see it, but not everyone will see it,” Cox wrote. “This is just to make the setting more clear, and it’s just a language change.

Additional changes affect tag locations in posts and expanded options for to removing tags and content from the user’s own profile or requesting other users remove content from their profiles.

“Taken together, we hope these new tools make it easier to share with exactly who you want, and that the resulting experience is a lot clearer and a lot more fun,” Cox wrote.

The revamp will roll out “in the coming days” and will be announced with a prompt for a tour that walks each user through the updated features. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/facebook_privacy_controls/

Four months’ porridge for 20-minute Facebook riot page

A 21-year-old man has been sentenced to four months in jail for a brief riot-supporting post on Facebook.

David Glyn Jones, Bangor, posted “Let’s start Bangor riots”, then removed it 20 minutes later. But the post was seen by a woman who used to work with Jones and she reported it to the police, the Beeb reports.

His solicitor told the court his client did not expect his words to be taken seriously.

Reactions to such posts have varied wildly around the country – some forces have chosen to give posters a stern talking to or told people to write letters of apology, while others have pushed for custodial sentences.

The non-organiser of the world’s crappest flashmob got four years for posting an event invitation to “Smash dwn in Northwich Lootin”. He is appealing his sentence and there was no rioting in Northwich.

The Met has denied it told officers to keep all offenders in custody, despite a document handed to the Guardian that appeared to confirm this.

The Operation Withern Prisoner Processing Strategy explained to officers: “A strategic decision has been made by the MPS that in all cases an application will be made for remand in custody both at the police station and later at court.”

The Met denied this meant that everyone arrested should be held in custody. The force said 623 people had been bailed pending further enquiries, 125 were simply released and 17 were cautioned.

In total the Met arrested 1,881 people and 1,063 have so far been charged in connection with the disturbances.

Facebook, Twitter and RIM have been called to meet the Home Secretary on Thursday to discuss issues around the disturbances and Cameron’s apparent desire to get such networks switched off as he or subsequent Prime Ministers may order. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/facebook_sentence/

iPhone app tracks Android-equipped Surrey cops

Residents of Runnymede can now follow the goings-on of their local plod on a free iPhone app, assuming plod decides to record his location on his Huawei-supplied handset.

The pair of apps were developed by UK-based Multizone, and the public component is being launched on the iPhone today. That free app can be used to pick up the police feeds on Twitter, Flickr, and YouTube, as well as showing a live feed of what officers are doing now and allowing the public to say if they think that’s appropriate use of police time.

Screen shot

The live feed is fed by the officer’s side of the application: the copper selects from a list of activities they’d like people to think they’re doing, and the geotagged data is uploaded for public viewing. The public can then use a sliding scale to say how important that activity is to them.

Huawei, along with Vodafone, volunteered to provide Android handsets for the police, though many are apparently using their own iPhones instead.

Angus Fox, of Multizone, told us he’s had individual coppers asking if they can use their personal kit, as they’re keen to tell people how they spend their days. Despite Huawei’s generosity, there aren’t enough Android handsets to go around the 40 or so officers on the streets in Runnymede.

The app was developed using Appcenter’s JavaScript-cross-compilation technology to ensure iOS, Android and BlackBerry supported it: RIM’s platform is popular among those trying to stop riots as well as those trying to start them. The iPhone version is being launched first, but public apps for the other platforms should follow quickly.

We can only hope the service proves more useful than Manchester’s effort, which was so quickly and effectively lampooned despite the real tweets being as surreal as any comedy effort:

“Call 384 report of man holding baby over bridge – police immediately attended and it was man carrying dog that doesn’t like bridges #gmp24” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/23/police_iphone_app/

Traumatic scenes for car geeks as forum falls over

There were fears of further outbreaks of violence on the streets yesterday when the UK’s busiest motoring forum site, PistonHeads.com, disappeared offline.

Desperate car geeks were forced to work, make a Victoria sponge and even talk to the wives, or so they claimed once the forum was back up and running.

The Reg was contacted by a worried reader, and PistonHeads fan, who had seen a posting on a hackers’ forum claiming to have pinched the site’s user database.

But an insider at the site assured us customer data was safe, although techies were still going through the final lines of the logs.

Our source explained the site had been contacted by a “white hat” – a hacker who offered to share vulnerabilities in exchange for a small fee. The two co-operated to close holes.

He said: “We’ve learnt the hard way to be honest with people. We have a very technical readership and the site was started by an IT consultant who drove a TVR – back when all IT consultants drove TVRs.”

It is believed the post in the hackers’ forum was put up by an associate of the white hat hacker and was subsequently removed.

Our source said final checks were being made but that the site was 99 per cent sure that nothing sensitive had gone: the downing of the site was treated as a possible hack only as a precaution.

The site’s transactions are dealt with by WorldPay, so no card details are stored. All passwords for the forum are encrypted and the site collects limited other information about forum posters.

The site is back up and running now, although some users are complaining it is slower than usual.

PistonHeads is here, and the thread explaining the downtime is here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/08/12/pistonheads_down_not_out/