By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

FACEBOOK IS BROKEN, says whistleblower Frances Haugen, who worked on the company’s civic integrity team. In testimony before Congress and in the media, Haugen has argued that the social giant’s algorithms contribute to maladies that range from teen mental health issues to ethnic violence in Ethiopia. There’s no one solution that will fix all that’s wrong with Facebook—no, not even a new name—but one of Haugen’s suggestions stood out. “I’m a strong proponent of chronological ranking, ordering by time with a little bit of spam demotion,” she told the Senate earlier this month. “We should have software that is human-scaled, where humans have conversations together, not computers facilitating who we get to hear from.” Imagine that! Humans … having conversations together. Haugen essentially recommends a Facebook News Feed where items appear as people post them, rather than in an order divined by the company’s algorithmic wizardry. In this world, likes and comments wouldn’t dictate what you see. It’s all a matter of timing—which would also prevent the algorithm from tossing logs onto the platform’s most inflammatory posts. It’s not that radical a notion. Instagram only handed the algorithm the reins to your feed in 2016. Twitter took away chronology altogether that same year, only to reintroduce it as an option in 2018. And you can also ditch the algorithm in the Facebook News Feed right now, today. I know, because I’ve been doing it for the past two weeks. In fairness, it’s not like Facebook hides the option. On desktop, you just click Most Recent in the lefthand pane. On mobile, you’ll find Most Recent under the hamburger menu in the upper-right corner. As Facebook itself warns, though, the experience is fleeting. “You can sort your News Feed to see recent posts,” a company help page says, “but News Feed will eventually return to its default setting.” (Or you can just use this link instead of facebook dot com, and load a ranking-free experience every time.) To get a possibly obvious caveat out of the way: I am by no means a Facebook power user. I’ve posted three or four times a year since 2019, all of which were either WIRED stories or attempts to drum up business for my daughter’s Girl Scout cookie side hustle. My account is private, and while I’m somehow a member of 14 groups, more than half of those haven’t posted anything in the past year, I sporadically check in on three, and had forgotten the rest existed. Still, any honest accounting would put me on Facebook a few times a week. Call it a force of habit, call it Marketplace voyeurism. Regardless, I am familiar with how the News Feed typically functions—and was struck by just how different an experience a healthy dose of chronology imparted. I also don’t want to overstate things. The ills that Haugen proposes chronology may fix are largely not present in my social media bubble, to begin with, at least that I’ve seen. Facebook also uses a multitude of algorithms; here it's referring only to the platform's News Feed ranking. And I hesitate to say whether the experience is necessarily better, at least for me than what Facebook currently has on offer. Far more interesting, anyway, is what it says about Facebook itself. I have 975 Facebook friends, accumulated over the past 13 years or so. I “like” 15 pages, a list that primarily comprises news outlets, plus a few friends who converted their profiles into Pages, and Cheez-Its, for some reason. (The reason is that Cheez-Its are delicious.) You might imagine that in a healthy social network, even in chronological mode, the ratio of posts from friends to brands would roughly reflect the proportion in which you follow them. You don’t even have to imagine, actually; chronological Twitter functions basically like this, with ebbs and flows throughout the day that map the real human activity of the people you follow. More in-depth details can be found on OUR FORUM.

The Federal Trade Commission (FTC) found that the six largest internet service providers (ISPs) in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process. "Many internet service providers (ISPs) collect and share far more data about their customers than many consumers may expect—including access to all of their Internet traffic and real-time location data—while failing to offer consumers meaningful choices about how this data can be used," the FTC said. This was found as part of a study, started in 2019, into the privacy practices of U.S. broadband companies and related entities and how they collect, retain, use, and disclose info about consumers and their devices. The six broadband providers included in FTC's report are AT&T Mobility, Cellco Partnership (aka Verizon Wireless), Charter Communications Operating, Comcast (aka Xfinity), T-Mobile U.S., and Google Fiber. The FTC also included in the study three advertising entities affiliated with these companies: AT&T's Appnexus rebranded as Xandr, Verizon's Verizon Online, and Oath Americas rebranded as Verizon Media. Together, the six companies currently control roughly 98 percent of the nation's mobile Internet market, according to the FTC. The FTC also noted that these tech giants have expanded beyond fixed residential internet and mobile internet services into other areas. By including voice, content, smart devices, advertising, and analytics services, they could further increase the volume of customer data they can collect and share with third parties. Troubling data collection, protection, and sharing practices "The report identified several troubling data collection practices among several of the ISPs, including that they combine data across product lines; combine personal, app usage, and web browsing data to target ads; place consumers into sensitive categories such as by race and sexual orientation, and share real-time location data with third-parties," the FTC said. As the FTC further discovered, the ISPs amass huge pools of sensitive consumer data and use it in ways their customers do not expect and could cause them harm, primarily when classifying them by demographic characteristics, including race, ethnicity, gender, or sexuality. Although many ISPs claim to offer consumers choices, the choices they provide are often a sham, at times nudging them toward even more data sharing. "Even though several of the ISPs promise not to sell consumers personal data, they allow it to be used, transferred, and monetized by others and hide disclosures about such practices in the fine print of their privacy policies," the FTC added. "For example, several news outlets noted that subscribers' real-time location data shared with third-party customers were being accessed by car salesmen, property managers, bail bondsmen, bounty hunters, and others without reasonable protections or consumers' knowledge and consent, according to the report." Furthermore, because of their problematic privacy practices and protections, they can be at least as privacy-intrusive as large advertising platforms, given that they have direct access to their consumers' entire unencrypted internet traffic. Even when connecting to sites that encrypt their traffic or using VPNs, ISPs can still collect the domains their customers connect to and analyze their browsing behavior. Turn to OUR FORUM to learn more.

Windows 11 has become one of the most divisive and confusing OS releases in recent history, despite Microsoft's efforts to announce and detail the system's capabilities, requirements, and differences relative to Windows 10. While Microsoft has accompanied communications on Windows 11 with stringent system requirements, there are already numerous ways to circumvent hardware limitations floating through the internet. The latest such experiment, carried out by user @Carlos_SM1995 (via Notebookcheck), actually managed to install and run the OS on supposedly - according to Microsoft - incompatible hardware. What is this mysterious chip that can actually run Microsoft's latest OS? It's an all-powerful, single-core Pentium 4 661 CPU from 2006. It does feature Hyper-Threading, though. To be fair to Microsoft, the system requirements refer to the hardware configurations that can run Windows 11 out of the box, and which can sustain all of its features - including security-focused ones, which were the basis for the Trusted Platform Module (TPM) requirement, and others. It certainly sounds fair to say that Microsoft would finalize its system requirements based on users taking advantage of all of the OS' features - and it really wouldn't make much sense to take any other course of action. Some of Windows 11 security features require specific hardware implementations to run smoothly when they're actually active - but naturally, should those features be disabled, the performance hit doesn't actually register for the end-user. As such, we would say that the fault lies not on Microsoft; as it is one thing to run the OS as intended by the company. The other is to find ways to skirt some of those requirements by disabling features that one will not use - such as TPM, Secure Boot, or Virtualization-Based Security (VBS) features. This is exactly what was done to run this particular Windows 11 OS build and the system even receives updates via the integrated Windows Update functionality, as you can see in the video below. What Microsoft could have done, of course, is clarify which features can be disabled by users in order to achieve broader backward compatibility. But again, it doesn't seem like such a great idea for Microsoft to ship Windows 11 with security-facing features and then tell users how to disable them - that's just not a good IT security practice, period. There are natural risks when disabling OS features -  especially security-centric ones, and Microsoft is playing it safe. Yet ultimately, this proves that users can still have control over what hardware they run their Windows 11 build - even if it just so happens that the hardware is a Pentium 4 from 2006. Follow this and more on OUR FORUM.

Microsoft Corp., which has faced pressure from employees and shareholders over contracts with governments and law enforcement agencies, agreed to commission an independent human rights review of some of those deals. The move came in response to a June filing of a shareholder proposal asking the company to evaluate how well it sticks to its human rights statement and related policies. Microsoft committed to a review of any human rights impacts that its products have on those including communities of Black, Indigenous, and People of Color in contracts for police, immigration enforcement, and unspecified other government agencies, according to correspondence from the company viewed by Bloomberg. Microsoft pledged to publish the report next year, and the shareholders, who include faith-based investors like Religious of the Sacred Heart of Mary, have withdrawn their proposal ahead of Microsoft’s annual shareholder meeting next month. Microsoft spokesman Frank Shaw confirmed the company will undertake the review. “In response to shareholder requests, Microsoft Corp. will commission an independent, third-party assessment to identify, understand, assess, and address actual or potential adverse human rights impacts of the company’s products and services and business relationships with regard to law enforcement, immigration enforcement, and other government contracts. The assessment will include consultation with BIPOC communities, including immigrants, and other groups representing communities most impacted by Microsoft’s surveillance products, law enforcement, and government contracts,” the company said in a statement. As a government, military and police contracts have become targets of scrutiny and activism, Microsoft employees have circulated letters demanding the company abandons a deal to build versions of its HoloLens augmented reality headsets for the U.S. Army as well raising concerns about business with U.S. Immigration and Customs Enforcement. Chief Executive Officer Satya Nadella has stood behind software sales to the U.S. military, but paused selling facial recognition technology to police departments, although the company sells other programs to law enforcement. The California-based religious order agreed to lead the shareholder proposal because it wanted to make sure the company’s products don’t “cause human rights harms, including perpetuating systemic racial inequities,” Sister Joanne Safian, said in a statement. Microsoft told the investors the review will be conducted by the law firm Foley Hoag LLP. The proposal was filed by Investor Advocates for Social Justice, a nonprofit representing faith-based institutional investors. Microsoft didn’t specify which contracts will be examined, but shareholders “expect” it will include what the group said are about 16 active contracts with ICE and U.S. Customs and Border Protection. “This will be an ambitious and complicated process and we’re certainly putting our faith in Microsoft and Foley Hoag to be conscientious,” said Michael Connor, executive director of Open MIC, a nonprofit shareholder advocacy organization that worked with IASJ on the proposal. “They’re asking for input from affected rights holders, which was a very big request on our part and they agreed to that.” Human rights concerns have been raised by shareholders in areas related to labor and in the apparel industry around manufacturing conditions but are newer to the technology companies, he said. Open MIC has also made similar requests of Amazon.com Inc., related to its facial recognition technology, as well as Apple Inc., Facebook Inc., and Alphabet Inc., without a positive response from the companies or a win at shareholder meetings, Connor said. Follow this and more by visiting OUR FORUM.

More than $1.4 million has been stolen from victims through a cryptocurrency-related scam perpetrated through dating apps. Sophos has released a new report this week about a dating app scam that led to the theft of millions of dollars from people on Tinder, Bumble, Grindr, Facebook Dating, and similar apps. After gaining their trust in these dating apps, scammers convinced victims to download fake crypto apps, where they duped them into investing money before freezing the accounts. The scammers were somehow able to easily game Apple's Developer Enterprise program -- and the Apple Enterprise/Corporate Signature -- to distribute these fraudulent crypto apps, which were masquerading as Binance and other legitimate brands. Sophos said its threat hunters observed the scammers abusing Apple's Enterprise Signature to manage victims' devices remotely. Apple did not respond to requests for comment. Sophos also contacted Apple about the issue and did not get a response. Named "CryptoRom," according to Sophos researchers Jagadeesh Chandraiah and Xinran Wu, the scam has led to at least $1.4 million being stolen from victims in the US and EU. In their report, the two say that the attackers moved beyond going after victims in Asia and instead are now targeting people in Europe and the US. Sophos researchers even managed to find a Bitcoin wallet that was being controlled by the attacker's thanks to one victim, who shared the address he initially sent the money to before being shut out. Chandraiah said the CryptoRom scam relies heavily on social engineering at almost every stage. Victims came to Sophos to discuss the scam and the researchers found other reports of people being taken advantage of. "First, the attackers post convincing fake profiles on legitimate dating sites. Once they've made contact with a target, the attackers suggest continuing the conversation on a messaging platform," Chandraiah said. "They then try to persuade the target to install and invest in a fake cryptocurrency trading app. At first, the returns look very good but if the victim asks for their money back or tries to access the funds, they are refused and the money is lost. Our research shows that the attackers are making millions of dollars with this scam." Victims are initially contacted on apps like Bumble, Tinder, Facebook dating, and Grindr before the conversation is moved to other messaging apps. From there, the conversation is steered toward getting victims to install fake trading applications onto their devices. Once a victim is drawn in, they are asked to invest a small amount before being locked out of accounts if they demand their money back. The attack is two-pronged, giving cybercriminals the ability to steal money from victims and gain access to their iPhones. According to Wu and Chandraiah, the attackers are able to use "Enterprise Signature" -- a system built for software developers that assists enterprises with pre-test new iOS applications with selected iPhone users before they submit them to the official Apple App Store for review and approval. "With the functionality of the Enterprise Signature system, attackers can target larger groups of iPhone users with their fake crypto-trading apps and gain remote management control over their devices. This means the attackers could potentially do more than just steal cryptocurrency investments from victims. They could also, for instance, collect personal data, add and remove accounts, and install and manage apps for other malicious purposes," the researchers said. Chandraiah added that until recently, criminal operators mainly distributed the fake crypto apps through fake websites that resemble a trusted bank or the Apple App Store. "The addition of the iOS enterprise developer system introduces further risk for victims because they could be handing the attackers the rights to their device and the ability to steal their personal data," Chandraiah said. "To avoid falling victim to these types of scams, iPhone users should only install apps from Apple's App Store. The golden rule is that if something seems risky or too good to be true – such as someone you barely know telling you about some 'great' online investment scheme that will deliver a big profit – then sadly, it probably is." Follow this thread on OUR FORUM

A developer who designed a tool to let people essentially delete their Facebook news feeds says he was served with a cease-and-desist letter and permanently kicked off the tech giant's platform. Louis Barclay, a developer in the UK, is the creator of a browser extension called Unfollow Everything. The extension lets users automatically unfollow all their friends and pages on Facebook, leaving their news feed blank. Barclay told Insider people could still connect to their friends and family on Facebook when using the extension. Barclay published Unfollow Everything on the Google Chrome store in July 2020 and said it attracted attention from researchers at the University of Neuchâtel in Switzerland, who wanted to study the impact of having no news feed on people's happiness on Facebook, as well as the amount of time they spent on the platform. In July of this year, Barclay received a cease-and-desist letter from Facebook's lawyers, he said. Barclay published a redacted version of the letter online. Insider reviewed an unredacted version to verify its authenticity. Barclay, who published a Slate article on Thursday detailing his experience, told Insider he received the letter five hours after trying to log in to his Facebook account and finding it was disabled. The letter, from the law firm Perkins Coie, told Barclay that Unfollow Everything broke Facebook's rules on automated collection of user content without Facebook's permission and that it infringed Facebook trademarks. It also said Facebook's terms prohibited interfering with the "intended operation of Facebook" and encouraging others to break Facebook's rules. It also informed Barclay he was barred from both Facebook and Instagram. "I was really scared, and I was very anxious," Barclay told Insider. Facebook's letter took him by surprise, he said, adding that Unfollow Everything had only 2,500 weekly active users and 10,000 downloads. "It was definitely growing, but it wasn't huge," he said. "Apart from that I just very much saw it as something that improves the Facebook experience for Facebook users," he added, saying he got "amazing feedback" from people saying they "were using Facebook in a way that was much healthier for them." Barclay said he sought legal guidance on whether he could challenge the letter but learned that since he's based in the UK he'd be liable for Facebook's legal costs if he lost. "Facebook is a trillion-dollar company. I couldn't afford that risk," Barclay wrote in his Slate article. Barclay said getting banned after having an account on Facebook for 15 years was a blow, especially because he still used the platform, and Facebook Messenger in particular, to stay in touch with friends around the world. "It's really horrible to have been cut off from that for a reason that feels to me very unfair," Barclay told Insider. Nonetheless, he sees a silver lining in getting cut off from Facebook. "I've been trying to reduce my usage of Facebook for years now, including by making tools like Unfollow Everything. So I'm actually pretty grateful to Facebook that they've helped me take my addiction levels down to a flat zero," he told Insider. For more visit OUR FORUM.