Internet data breaches, Google+ and more…

Google_blog-1180x480

Yesterday, the news broke that Google is to kill off its social media platform Google+ because of a massive unreported data breach.

The official line is reported to be:

“The company discovered a bug in one of Google+’s People APIs that allowed apps access to data from Google+ profiles that weren’t marked as public. It included static data fields such as name, email, occupation, gender and age. It did not include information from Google+ posts. The bug was patched in March 2018, but Google didn’t inform users at that point. “We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks,” the company said in a blog post. “That means we cannot confirm which users were impacted by this bug.”

However, Google+ will continue as a product for Enterprise users. It’s by far the most popular use of the social network. Therefore, the company has made the decision that Google+ is better suited as an internal social network for companies, rather than a consumer product. Google will announce new Enterprise-focused products for Google+ soon”.

(engadget.com)

A ‘leaked’ memo included:

‘Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.

(theguardian.com) 

 

My own view is:

As Google is re-developing a form of G+ for inter-corporate communications, yesterdays confirmation of data loss is timed to coincide with their new platform’s progress. Large-scale commercial internal networks are major revenue earners. They require far less maintenance and development than massive public platforms.

My conclusion is, the move by Google, seen by many as ‘dumping’ their dedicated public users, is one of pure commercial practice. We must wait and see if G+ simply fade away as Google hope, or if this decision will alienate users to the point they ditch Googles other products.

I know there are many other companies, both large and small, waiting to grab a slice of Googles internet cake who are ready to provide alternatives.

We shall have to wait and see. But looking at Google’s history, G+ will simply become history and Google will have made another profitable corporate decision.

151027-facebook-headquarters-1-100624905-large

Now, I use Google+ along with Facebook and other (social) media platforms. I shop, online and on the ‘high street’, at major retailers. I bank, have a passport and a driving license. I am registered with the National Health Service and the Inland Revenue. I do the thousand and one things most of us do in our everyday lives.

Which means I am on one million and one billion various computer databases, from Government statistical through to tax, health, police, social and political. I am sure, somewhere, I am in MI5 and MI6’s database, most probably the CIA, Mossad, SVR, GRU, and MSS because I have a military background and a connection with the British Royal Family.

unnamed

 

I know, without any doubts whatsoever my information is on and shared by/with, thousands of commercial enterprises around the world. I have junk mail, email and phone call logs as proof.

I know this, yet I do let it worry me because there is nothing I can do about it unless I escape to the lost world of Neverlandislandjungleretreat and never raise my head above the totally off-grid parapet. Which sounds pretty good in some ways but is impractical for most of us.

So, I accept my details are not private and live accordingly.

Data breaches and hacking are as much part of this world’s current situation and social culture as is terrorism, gender disruption and socio-economic inflation.

Personally, I cannot understand what satisfaction someone could get from creating and spreading a computer virus, although I can see the intent with ransom-wear and state-sponsored cyber-attacks. (Practice for the cyberwars to come?)

download

Sadly, I can also see where the criminal element of data theft fits into the larger information technological world we all now, by default, live in.

Greed, avarice and power have always been the prime motives behind most illegalities. Nothing has changed except the methods and opportunities presented.

Governments and the less informed members of society will jump up and down and stomp their feet each time a major breach of information protocol is reported.

The government ministers will shout, saying it is their job to do so on behalf of the electorate, while most will be doing so simply to be seen, for self-promotion, regardless to what ‘spin’ or ‘party line’ mantra they mutter.

The less informed members of our society because, they are influenced, even controlled, by fickle, shallow, manipulative journalistic propaganda and bullshite.

So, Google has issues with G+ and what else are they not revealing?

Facebook still has ongoing issues.

But so, do:

Yahoo, Reddit, Instagram, FedEx, Ticketmaster, Adidas, U.S. Air Force, The FriendFinder Network, eBay, UnityPoint Health, St. Peter’s Surgery & Endoscopy Center, TaskRabbit, Equifax, Ticketfly, Heartland Payment Systems, Air Canada, University at Buffalo, Target Stores, Partners HealthCare, TJX Companies, Inc., Uber, Facebook, Aultman Health Foundation, Orbitz, Aetna, JP Morgan Chase, Inogen, US Office of Personnel Management (OPM), British Airways, Sony’s PlayStation Network, BJC Healthcare, Anthem, Dignity Health, RSA Security, CarePlus, Stuxnet, VeriSign, Home Depot, Jason’s Deli, Click2Gov – Midwest City, Under Armour, Saks Fifth Avenue, Bithumb, Med Associates, Chili’s, Nuance Communications, Lord & Taylor, SunTrust Banks, Panera Bread, City of Goodyear, Rail Europe, LifeBridge Health, MyHeritage, Coinrail, Chicago Public Schools (CPS) and Adobe?

ALL THE ABOVE SUFFERED MAJOR DATA AND SECURITY BREACHES IN THE LAST COUPLE OF YEARS, MANY DURING 2018.

In 2017, the world saw more data breaches than any year prior. On December 20th, the downloadIdentity Theft Resource Center (ITRC) reported that there were 1,293 total data breaches, compromising more than 174 million records. That’s 45% more breaches than 2016.

 

In truth, what can ‘Little ‘ol you and me’ do when major multi conglomerates and the world governments agencies cannot protect their own systems.

The answer is “Not a lot”.

Like any other crime, do what you can to stay safe, hope you are not a target and carry on with your regular, normal life.

Data breaches and information theft is, sadly and ashamedly, something we must learn to live with. Fretting and worrying about cyber attacks and data loss will not change a single thing, but it will give your face wrinkles and make you look older sooner.

41530671_446651229159319_7854224569849085952_n
©PaulWhite2018

Personally, I have better things to do with my life than sit here worrying.

Which is why I am such a handsome, young looking lad!

 

A ‘Heads Up’ about that little green padlock (HTTPS – Secure)… or NOT.

A secure connection does not mean a secure site

The green lock means that the site has been issued a certificate and that a pair of cryptographic keys has been generated for it. Such sites encrypt information transmitted between you and the site. In this case, the page URLs begin with HTTPS, with the last “S” standing for “Secure.”

button-41707_960_720

Sure, encrypting transmitted data is a good thing. It means that information exchanged between your browser and the site is not accessible to third parties—ISPs, network administrators, intruders, and so on. It lets you enter passwords or credit card details without worrying about prying eyes.

But the problem is that the green lock and the issued certificate say nothing about the site itself. A phishing page can just as readily get a certificate and encrypt all traffic that flows between you and it.

Put simply, all a green lock ensures is that no one else can spy on the data you enter. But your password can still be stolen by the site itself if it’s fake.

Phishers make active use of this: According to Phishlabs, a quarter of all phishing attacks today are carried out on HTTPS sites (two years ago it was less than 1 percent). Moreover, more than 80 percent of users believe that the mere presence of a little green lock and the word “Secure” next to the URL means the site is safe, and they don’t think too hard before entering their data.

 

What if the lock isn’t green?

If the address bar shows no lock at all, that means the website does not use encryption, exchanging information with your browser using standard HTTP.

HTTPS-versus-HTTP-380x283

Google Chrome has started tagging such websites as insecure. They might, in fact, be squeaky clean, but they don’t encrypt traffic between you and the server. Most website owners don’t want Google to label their websites as unsafe, so more and more are migrating to HTTPS. In any case, entering sensitive data on an HTTP site is a bad idea — anyone can spy on it.

https3

 

The second variant you might see is a lock icon crisscrossed with red lines and the HTTPS letters marked in red. That means the website has a certificate, but the certificate is unverified or out of date. That is, the connection between you and the server is encrypted, but no one can guarantee that the domain really belongs to the company indicated on the site. This is the most suspicious scenario; usually, such certificates are used for test purposes only.

cert_error_chrome-600x361

Alternatively, if the certificate has expired and the owner has not gotten around to renewing it, browsers will tag the page as unsafe, but more visibly, by displaying a red lock warning. In either case, take the red as the warning it is and avoid those sites — never mind entering any personal data on them.

 

How not to fall for the bait

To sum up, the presence of a certificate and the green lock means only that the data transmitted between you and the site is encrypted, and that the certificate was issued by a trusted certificate authority. But it doesn’t prevent an HTTPS site from being malicious, a fact that is most skillfully manipulated by phishing scammers.

So always be alert, no matter how safe the site seems at first glance.

  • Never enter logins, passwords, banking credentials, or any other personal information on the site unless you are sure of its authenticity. To do so, always check the domain name — and very carefully; the name of a fake site might differ by only one character. And ensure links are reliable before clicking.
  • Always consider what a particular site is offering, whether it looks suspicious, and whether you really need to register on it.
  • Make sure your devices are well protected: Kaspersky Internet Security checks URLs against an extensive database of phishing sites, and it detects scams regardless of how “safe” the resource looks.

 

I hope this highlights some areas you may not have been aware of. It’s always good to know ‘stuff’

Feel free to check out my books, Wip’s, blogs and more on my own HTTPS secure website at https://paulznewpostbox.wixsite.com/paul-white

You may also want to read about Ads.txt on this blog HERE

You Won’t Finish This Article

This is an interesting article I found while searching for something completley different!

It is primarily about online writing, blogs, posts, articles, websites etc.

Let me know what you think.


Why people online don’t read to the end.slate

By Farhad Manjoo                                                                                                For Slate.com

slate
She’s already stopped reading
Photo by Roslan Rahman/AFP/Getty Images

 

I’m going to keep this brief because you’re not going to stick around for long. I’ve already lost a bunch of you. For every 161 people who landed on this page, about 61 of you—38 percent—are already gone. You “bounced” in Web traffic jargon, meaning you spent no time “engaging” with this page at all.

So now there are 100 of you left. Nice round number. But not for long! We’re at the point in the page where you have to scroll to see more. Of the 100 of you who didn’t bounce, five are never going to scroll. Bye!

OK, fine, good riddance. So we’re 95 now. A friendly, intimate crowd, just the people who want to be here. Thanks for reading, folks! I was beginning to worry about your attention span, even your intellig … wait a second, where are you guys going? You’re tweeting a link to this article already? You haven’t even read it yet! What if I go on to advocate something truly awful, like a constitutional amendment requiring that we all type two spaces after a period?

Wait, hold on, now you guys are leaving too? You’re going off to comment? Come on! There’s nothing to say yet. I haven’t even gotten to the nut graph.

I better get on with it. So here’s the story: Only a small number of you are reading all the way through articles on the Web. I’ve long suspected this, because so many smart-alecks jump into the comments to make points that get mentioned later in the piece. But now I’ve got proof. I asked Josh Schwartz, a data scientist at the traffic analysis firm Chartbeat, to look at how people scroll through articles. Schwartz also did a similar analysis for other sites that use Chartbeat and have allowed the firm to include their traffic in its aggregate analyses.

Schwartz’s data shows that readers can’t stay focused. The more I type, the more of you tune out. And it’s not just me. It’s not just here. It’s everywhere online. When people land on a story, they very rarely make it all the way down the page. A lot of people don’t even make it halfway. Even more dispiriting is the relationship between scrolling and sharing. Schwartz’s data suggest that lots of people are tweeting out links to articles they haven’t fully read. If you see someone recommending a story online, you shouldn’t assume that he has read the thing he’s sharing.

OK, we’re a few hundred words into the story now. According to the data, for every 100 readers who didn’t bounce up at the top, there are about 50 who’ve stuck around. Only one-half!

Take a look at the following graph created by Schwartz, a histogram showing where people stopped scrolling in Slate articles. Chartbeat can track this information because it analyzes reader behaviour in real time—every time a Web browser is on a Slate page, Chartbeat’s software records what that browser is doing on a second-by-second basis, including which portion of the page the browser is currently viewing.

A typical Web article is about 2000 pixels long. In the graph below, each bar represents the share of readers who got to a particular depth in the story. There’s a spike at 0 percent—i.e., the very top pixel on the page—because 5 percent of readers never scrolled deeper than that spot. (A few notes: This graph only includes people who spent any time engaging with the page at all—users who “bounced” from the page immediately after landing on it are not represented. The X axis goes beyond 100 percent to include stuff, like the comments section, that falls below the 2,000-pixel mark. Finally, the spike near the end is an anomaly caused by pages containing photos and videos—on those pages, people scroll through the whole page.)

percent


Chartbeat’s data shows that most readers scroll to about the 50 percent mark, or the 1,000th pixel, in Slate stories. That’s not very far at all. I looked at a number of recent pieces to see how much you’d get out of a story if you only made it to the 1,000thpixel. Take Mario Vittone’s piece, published this week, on the warning signs that someone might be drowning. If the top of your browser reached only the 1,000th pixel in that article, the bottom of your browser would be at around pixel number 1,700 (the typical browser window is 700 pixels tall). At that point, you’d only have gotten to warning signs No. 1 and 2—you’d have missed the fact that people who are drowning don’t wave for help, that they cannot voluntarily control their arm movements, and one other warning sign I didn’t get to because I haven’t finished reading that story yet. Or look at John Dickerson’s fantastic article about the IRS scandal or something. If you only scrolled halfway through that amazing piece, you would have read just the first four paragraphs. Now, trust me when I say that beyond those four paragraphs, John made some really good points about whatever it is his article is about, some strong points that—without spoiling it for you—you really have to read to believe. But of course, you didn’t read it because you got that IM and then you had to look at a video and then the phone rang … The worst thing about Schwartz’s graph is the big spike at zero. About 5 percent of people who land on Slate pages and are engaged with the page in some way—that is, the page is in a foreground tab on their browser and they’re doing something on it, like perhaps moving the mouse pointer—never scroll at all. Now, do you know what you get on a typical Slate page if you never scroll? Bupkis. Depending on the size of the picture at the top of the page and the height of your browser window, you’ll get, at most, the first sentence or two. There’s a good chance you’ll see none of the articles at all. And yet people are leaving without even starting. What’s wrong with them? Why’d they even click on the page? Schwarz’s histogram for articles across lots of sites is in some ways more encouraging than the Slate data, but in other ways even sadder:

percent2

On these sites, the median scroll depth is slightly greater—most people get to 60 percent of the article rather than the 50 percent they reach on Slate pages. On the other hand, on these pages a higher share of people—10 percent—never scroll. In general, though, the story across the Web is similar to the story at Slate: Few people are making it to the end, and a surprisingly large number aren’t giving articles any chance at all.

We’re getting deep on the page here, so basically only my mom is still reading this. (Thanks, Mom!) But let’s talk about how scroll depth relates to sharing. I asked Schwartz if he could tell me whether people who are sharing links to articles on social networks are likely to have read the pieces they’re sharing.