Monthly Archives: June 2015

“Marauders Map” – Is your location being tracked through Facebook Messenger?

A Chrome browser extension developed by a Harvard College computer science student allows people to pinpoint and track the location of Facebook Messenger users.

The extension – called Marauders Map after the magical chart from the Harry Potter books that reveals the location of every person within Hogwarts School – works by scooping up the location data of Facebook Messenger users and plotting it on a map.


That Facebook has that data at its disposal is probably no surprise, but the ease with which it can be extracted from the social network, and the accuracy with which it can track someone – to within just one metre – may comes as a shock.

Even developer Aran Khanna concedes that such accurate tracking is “a bit weird,” saying via Medium that:

The first thing I noticed when I started to write my code was that the latitude and longitude coordinates of the message locations have more than 5 decimal places of precision, making it possible to pinpoint the sender’s location to less than a meter.

To prove his own point, Khanna used Marauders Map to track one of his brother’s friends for a couple of weeks.


Even though he himself doesn’t know the Stanford student all that well, they are friends on Facebook, and so Khanna was able to use his target’s frequent use of the messaging service to work out his weekly routine.

Khanna was also able to determine where his casual acquaintance ended up at night, deducing not only exactly which dorm he slept in, but also which room.

Would-be stalkers will be even more overjoyed to hear that Khanna was able to collect enough location data to be able to start making predictions as to where his brother’s friend would be at any point during the week:

By gathering a couple weeks’ worth of chat data on the map and looking at the location clusters you can even figure out his weekly schedule. With this you can predict exactly which building he would be in at a given time.

In fact I found that I could infer a schedule for almost everyone in this chat as well as the other active chats I am in.

After experimenting further, Khanna soon realised that he didn’t even need to be Facebook friends to be able to track another user – simply being engaged in the same messaging thread was sufficient.

Khanna said that when he shared his findings with other people the overwhelming response was one of either surprise or disgust; everyone he spoke to was shocked at how much of their personal data was available to their friends and casual chat partners alike.

The root problem here of course is the fact that the sharing of location data is switched on by default.

Added to the fact that it is not clear that such data is being shared by Facebook Messenger – you need to click on the sent message to see it – and it is hardly surprising that many users have no idea what they are broadcasting to their friends, acquaintances and potential stalkers.

Although Marauders Map can still be added to Chrome, it is unlikely to remain functional, according to the Guardian, which reports that its API key has been revoked by Mapbox, a mapping platform from which the extension was developed.

But Khanna – who will be starting an internship at Facebook next month – has made the source code available via Github, meaning it could be picked up and modified by other developers.

So you might like to take this opportunity to disable location sharing on Facebook Messenger (you can disable it on a message by message basis but it’s tricky to always remember to do that!):

Disabling location tracking on iOS

Firstly, go to Settings, then Privacy and, finally, click on Location Services. Here you will see a list of every installed app that is capable of logging your location.

From this list, find Facebook Messenger and ensure it says ‘Never’ next to it. If it doesn’t, click on the appropriate entry and change it so it does.

It’s also worth checking all the other iOS apps listed under Location Services to see if you *really* need them to be tracking your location.

Disabling location tracking on Android

Unfortunately for Android users, Google has not provided the same per-app level of privacy control.

Instead, users are (for now at least), at the mercy of app developers and their ability to code in the means to disable location sharing.

As far as Facebook Messenger goes, this means opening the app, clicking on the Settings icon and then finding the “New messages include your location by default” field. Next to that is a checkbox – untick it.

Now may also be a good time to review other privacy and security settings associated with your Facebook account – check out our 5 tips to make your Facebook account safer.

 

 

 

Via: sophos

Target Wants To Offer Apple Pay, But Focus Is On Chip And Pin

Target CEO Brian Cornell said today at the Code conference that the company is committed to offering Apple Pay as an option for customers. “I’d love to have Apple Pay in our system right now,” said Cornell, adding that he sat down with Tim Cook and explained that Target would be supporting it.

But the rollout, he said, will have to wait until Target rolls out the required chip and pin upgrades to adhere to new standards. Chip and pin (or chip and signature) machines are ubiquitous in almost every other developed nation, but the U.S. is just getting around to sending out chipped cards and firing up terminals capable of taking the higher security cards. My own personal debit card just got a chip last month and I had to request it on my credit cards.

“People in our space are under attack,” said Cornell, explaining that he didn’t want to distract the team rolling out their chip and pin upgrades to all of their stores by adding in additional variables like Apple Pay.

The reason that Cornell is so gun-shy about security is obviously due to its incredibly high-profile hacking in 2013, where an enormous amount of credit card numbers were stolen. That breach cost Target an estimated $162 million in 2013 and 2014 and resulted in the hiring of Cornell, Target’s first outside CEO.

Apple Pay is currently offered in a host of retailers like Whole Foods, Walgreens and more. Best Buy announced in April that it would offer Apple Pay in its iOS apps that day and in its U.S. retail stores later this year.

 

 

Via: techcrunch

LogMeIn Buys Zamurai For $6M To Add Mobile Whiteboarding To Join.Me


LogMeIn has made one more acquisition to build out the features of its online collaboration and meeting app join.me: it has bought Zamurai, a San Francisco-based startup that had built a popular whiteboard app for the iPad.


Terms of the acquisition were not disclosed but we understand and have had confirmed by sources that it was a small acquisition worth $6 million — in fact a mystery startup that was alluded to in one of its recent quarterly reports, as BetaBoston pointed out last October.

LogMeIn says that the deal actually closed in late 2014. The app, which had won several distinctions in the productivity app category, appears to still be live in the app store, but it looks like that may not be the case for long: LogMeIn says that in the future the technology, which has now been integrated into new versions of join.me’s apps for the iPhone, iPad and Apple Watch, will now be offered exclusively through join.me.

Update: LogMeIn’s VP of communications, Craig VerColen, confirms that the Zamurai name will go away, and that current Zamurai users will be offered a migration path with the product completely folded into join.me.

In addition to whiteboarding, Zamurai was working on other technologies for real-time visual collaboration, and with the team all coming on to LogMeIn, it could point to further enhancements for join.me down the line.

That’s not much of a surprise: the growing ubiquity of cloud-based services, and improving network connectivity and better devices all mean that the competitive landscape for join.me is growing. Among recent developments, online communication/collaboration platform Slack last year acquired Screenhero, another screen-sharing and voice chat service (like join.me) that lets people come together from remote locations to work on documents that are local to one user or another.

“Mobile innovation is a key focus for join.me. And we believe that a true mobile-first approach means embracing the unique benefits of mobile to boost collaboration, as opposed to trying to duplicate desktop or in-person experiences on a mobile device,” said Bill Wagner, president and COO of LogMeIn, makers of join.me, in a statement. “With the acquisition of Zamurai team, we gain both a team and product that can help us rapidly accelerate join.me‘s mobile-first innovation – innovation aimed squarely at addressing the new realities of today’s inherently mobile workforce.”

This is LogMeIn’s fifth acquisition, with the most recent before this being of Meldium to improve security with single-sign-on management for its services.

Zamurai was founded in 2013 by alums from Symantec and Lockheed Martin. It’s not clear who was backing the company financially, although advisors to the company included the CEO of Wikimedia Lila Tretiakov, CMO of Palo Alto Networks René Bonvanie and the former CMO of Kodak Jeffrey Hayzlett.

Former Zamurai CEO and cofounder Michael Parker now becomes join.me’s VP of marketing. “Both join.me and Zamurai recognize that how people work has changed. We meet and collaborate in real time and more often than not, we interact online. And we were both passionate about the simplicity of the experience for our customers,” he said. “The fact is Zamurai was actually a join.me customer. We used it everyday, so it was obvious how complementary we were together.”

 

 

Via: techcrunch

California passes law requiring warrant to search computers, cellphones and tablets

The hodgepodge of US state and federal laws about phone searches, some of which say that police need a warrant and some of which say they don’t, just got a bit messier.

As the LA Times reports, California on Wednesday joined the ranks of states that require police to have a warrant if they want to search computers, mobile phones, tablets and other devices, or if they want to siphon off location data from any of those devices.

The new bill, SB 178, was approved unanimously by California’s Senate.

The bill comes from Senator Mark Leno (D-San Francisco), who introduced a similar law two years ago.

Governor Jerry Brown vetoed that earlier version, saying that it was redundant with federal law and that the bill’s requirement that people be notified if their devices are searched would compromise criminal investigations.

The new bill addresses such concerns with a broad exception to the notification requirement when it could hamper an ongoing law enforcement investigation or jeopardise efforts to protect the public, Leno said.

SB 178 also provides exceptions for when the owner of a device gives consent to a search and when police believe that they need access to device information in the event of an emergency involving imminent danger of death or serious physical injury.

The LA Times quotes what Leno said to his colleagues about the law:

What the bill does is brings our state statute into the 21st century to catch up with technology with regards to privacy. Of course law enforcement needs a warrant before it can go into your mailbox and read your mail, but it does not currently need a warrant to read your emails or text communications or other electronic communications.

The other thing the bill does is align California with those states that have similarly ruled that phone records are constitutionally protected, including MontanaMaine,MinnesotaMassachusetts, and New Jersey.

Even with the broad exceptions stitched into the passed version of the law, prosecutors and police don’t like it.

The California District Attorneys Association, the California Police Chiefs Association and the California State Sheriffs Association have criticized it as being redundant with other privacy-protecting laws, as well as presenting roadblocks to investigations.

By proposing new procedures, the bill “undermines critical efforts to stop child exploitation, mandates the destruction of evidence by law enforcement, and violates the California Constitution,” the prosecutors group said in a letter to Leno that the Electronic Frontier Foundation (EFF) posted.

The sheriffs’ group added that the bill…

…conflates existing procedures for obtaining certain electronic information under state and federal law, contains burdensome and unnecessary reporting requirements, and will undermine investigations that are fully compliant with the 4th Amendment.

The Feds have gone back and forth on this issue in recent cases, the most recent time siding with the prosecutors and police associations who criticized SB 178.

Last month, a federal appeals court ruled that police do not, in fact, need a warrant when seeking phone records from wireless carriers, thereby flip-flopping on its own decision from last year.

The reversal of the court’s June 2014 decision left the question of warrantless phone tracking in limbo, with state courts and some higher courts coming to contradictory decisions.

Until the Supreme Court takes on the issue, someone living in California, or in any of the other states that now require a warrant for searching phone or other device data, is still facing a muddle of contradictory laws, regardless of what their state lawmakers have done to try to protect their privacy.

 

 

Via: sophos

Google Opens Inbox To All, Adds Smart Reminders, Trip Bundles, Undo Send And More

 


Google announced that Inbox, the Gmail-based mobile email client the company launched late last year, is now open to all. Until today, you still needed an invitation to use the service, though invites have long been pretty easy to come by.

Google says it will also open up Inbox to all Google for Works customers (whose admins enable this feature for them) through the early-adopter program starting today.


With this update, Google is also bringing a couple of new features to its newest email client. The overarching theme for these updates (and really Inbox as a whole), is to help users save time, Google senior product manager for Inbox Shalini Agarwal told me.

If you’re a frequent traveller, you will appreciate Inbox’s new Trip Bundles feature. Inbox alreadyautomatically organizes your email into different groups based on their content (promotions, updates, emails from social networking sites, travel sites, etc.). Trip Bundles takes this to the next level — but only for email about upcoming trips.

Inbox now automatically groups all the messages about a trip into a single bundle, so you have direct access to your flight, hotel booking and rental car reservation information. Inbox will then extract the information from these emails and put it all into one easily readable format that’s not unlike what you would see in Google Now, for example.

As you go about your trip, the bundle will highlight what Google believes is the most important information you need right now. Before your flight, that’s obviously your flight data, but after that it’s probably your rental car reservation and then your hotel booking.

Another interesting new feature involves reminders, which have always been a key part of Inbox. Now, when Google notices that somebody asks you to do something in an email (maybe to buy that ticket for the next trip), Inbox will automatically suggest that you set yourself a reminder to do that. Agarwal tells me that this is powered by the same tech Google already uses to categorize emails.

Reminders will now also sync between Google Keep and Inbox.


With this update, developers will now also be able to embed deep links to native apps into emails. Google has long supported what it calls ‘highlights.’ That’s the special email markup airlines use, for example, to allow Google to easily get your flight information from an email and display it Gmail and Inbox, including the Trip Bundles feature. Now, they will also be able to add deep links to their native apps, so users don’t have to switch to a web view (where they may have to sign in to a service again, too) to see more information. Launch partners for this feature include Hotels Tonight and Eat24.

 

Other new features include the ability to recall any email within the first 10 seconds after you first hit send (just like you can do with the Undo experiment in Gmail Labs), custom email signatures for Inbox that will sync across devices (but not your Gmail account) and the ability to switch Inbox’s swipe gesture from marking emails as done to deleting them by default.

Agarwal told me all of this focus on Inbox doesn’t mean the company has forgotten about Gmail.

“We think about Gmail and Inbox differently,” she said. “Gmail is our best-in-class email product and we want to keep it that way.” Inbox’s focus is slightly different, though. With Inbox, Google wants to “help people get back to the things that matter in their life.”

Still, it’s probably fair to assume that some of these Inbox features will find their way into Gmail at some point.

 

 

Via: techcrunch

Google Centralizes Privacy And Security Controls On New Web Dashboard


Google announced an improved set of privacy controls for online users, as well as a dedicated website that attempts to answer people’s concerns regarding Google’s data collection practices across its online properties. Under a new Google settings page called My Account, users can now configure their privacy and security settings for a number of Google services, such as Search, Maps, YouTube and more, as well as disable Google’s ability to save web and app activity and your location history.

The name “My Account” is something of a misnomer, because, Google says, users don’t actually need to have a Google Account registered with the company in order to use the new service.

On the new site, users can run a Privacy Checkup as well as a Security Checkup, which helps walk them through making the changes they want to their account settings by checking which data they want public or private, and what data Google can use to personalize their experience. For example, users can customize what content is shown on their Google+ profile, whether or not people who have your phone number can locate you on services like Hangouts, whether your YouTube subscriptions are private, and much more.

You can also customize whether Google can save certain information, which is only available to you, like your YouTube Search or Watch History, device information, voice and audio activity, location history, web browser history and other items.

Meanwhile, the new site privacy.google.com attempts to answer questions about what sort of data Google collects and why. (Largely, these answers are related to offering a more customized experience when using Google products and showing users better targeted, more relevant ads.)


This is not the first time Google has attempted to put information about its services under one roof – the company first launched Google Dashboard back in 2009 to allow users to keep track of their Google activity. And in 2012, the company improved the level of detail it offered by rolling out even more granular metrics on a dedicated site.

Of course, before today, users had been able to adjust their privacy and security settings on Google’s properties, but the idea with the new My Account hub is to bring all those settings under one roof to make it easier and less confusing for users who didn’t know where to look for these controls before while also offering guided walkthroughs that help them make adjustments.

The changes come at a time when online users are increasingly concerned about how large Internet companies are storing and using the data they collect, following the reveal of government surveillance agendas which have involved the bulk collection of phone records and other online data.

Google in particular has been of concern for a number of online users because of how extensively it reaches into users’ everyday lives; many use Google’s products for search, for entertainment, for email, for business productivity, and even to power their smartphones and other devices.

The company in 2012 had consolidated its privacy policies in order to connect users across Google services, painting an even more accurate picture of who someone is online. That change drew fire from a number of data-protection agencies around the world, and has still been drawing criticism and the threat of fines several years later.

The move to launch a dedicated privacy and security site is in direct response to these regulators’ concerns. Some groups have said Google must clearly explain to users what personal data is being obtained and why, and this information must be clearly conveyed in Google’s privacy policy, too. And in January, Google settled with the U.K. Information Commissioner’s Office over how it was to collect personal data in the country, and agreed to make privacy policy content more accessible to online consumers to see and understand.

The new hub appears to address some of the concerns over clarifying to users how their data is used and what they can do to make changes.

 

 

Via: techcrunch

Windows 10 Is Available July 29


Microsoft kicked off June with news that Windows 10 will ship on July 29, just a little under two months from now. The next big update for MS is designed as a unifying platform that will offer continuity across mobile, desktop, tablets and even the Xbox One gaming console, and it will be a free upgrade for Windows 7 and 8 users for the first year. To help ensure easy updates (and probably as a way to try to get a large installed base os Windows 10 users right away), Microsoft is also using a “reservation” system that allows users to sign up to be notified when the update is available, and to schedule it to install when you want.

A big new feature addition for Windows 10 is Siri, so here’s a message the company prepared from its virtual assistant ant announcing the news.

https://soundcloud.com/windows-blogs/upgrade-to-windows-10-july-29th

What else do you get? Well I’m glad you asked – here’s a quick look at the highlights:

  • Microsoft Edge: The successor to Internet Explorer, designed around minimalism and collaboration tools, plus with Cortana integration.
  • Word, Excel and PowerPoint built in.
  • Xbox Live and Xbox app for doing things like recording gameplay, interacting with your Xbox friends and also streaming Xbox games to the desktop.
  • Windows Continuum, which lets you smoothly jump between multiple Windows 10 devices, and which lets you use your phones like a PC with external input accessories.
  • Windows Hello, a new login method that uses face, iris or fingerprint recognition to log you in without a password, depending on hardware support.

Microsoft is doing everything it can to make the transition smooth, like ensuring it’ll work with your existing applications. Windows 8 was sort of an awkward generation, so here’s hoping the skipped numeral results in something that suits everyone’s needs.

 

Via: techcrunch

Play Lego Worlds, A New Minecraft Competitor From Lego, Right Now

 

When Minecraft came out, I heard a lot of people describe as sort of like virtual Lego. Now, there’s a game for which that description is even more apt: Lego Worlds, an open world building game that lets users create using virtual Lego bricks, and interact with the world as a customizable minifigure avatar.

The launch trailer for the title is above, but it’s actually already available via Steam’s Early Access program; you can get in on the beta via the Steam store here, and dive into an early playable version of the game before its full-scale launch.

Even the structure of the launch resembles Minecraft; developer Mojang made early versions of Minecraft available to the community far ahead of shipping the first stable version of the game, and that prototypical launch actually paved the way for the entire concept of Steam’s Early Access program.

Lego Worlds is built by TT Games, which also creates the popular series of franchise-based adventure story titles for consoles and PCs. The game includes open-form brick-by-brick customizations, large-scale tools to modify entire landscapes without having to get so granular, and inclusion of pre-defined building sets for making virtual kits that more closely approximate the types of thematic sets Lego ships for its real-world building blocks.

Commercially-sold play sets will actually have in-game equivalents, in fact, and some of this will be exclusively unlocked for Early Access players, with more to ship after the proper launch. Multiplayer isn’t included in this version, but is planned for later updates.

 

 

Via: techcrunch