Tinder bolsters its security to ward off hacks and blackmail

tinder2014-10

This week, Tinder responded to a letter from Oregon Senator Ron Wyden calling for the company to seal up security loopholes in its app that could lead to blackmail and other privacy incursions.

In a letter to Sen. Wyden, Match Group General Counsel Jared Sine describes recent changes to the app, noting that as of June 19, “swipe data has been padded such that all actions are now the same size.” Sine added that images on the mobile app are fully encrypted as of February 6, while images on the web version of Tinder were already encrypted.

The Tinder issues were first called out in a report by a research team at Checkmarx describing the app’s “disturbing vulnerabilities” and their propensity for blackmail:

The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).

While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.

In February, Wyden called for Tinder to address the vulnerability by encrypting all data that moves between its servers and the app and by padding data to obscure it from hackers. In a statement to TechCrunch at the time, Tinder indicated that it heard Sen. Wyden’s concerns and had recently implemented encryption for profile photos in the interest of moving toward deepening its privacy practices.

“Like every technology company, we are constantly working to improve our defenses in the battle against malicious hackers and cyber criminals,” Sine said in the letter. “… Our goal is to have protocols and systems that not only meet, but exceed industry best practices.”

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

Amazon launches a last-mile delivery program powered by entrepreneurs

Amazon has gotten flack in the past for some of the challenges its crowdsourced “last-mile” delivery drivers face, but now it’s offering those with entrepreneurial ambitions the option to do more. Instead of showing up for gig work, drivers can opt for a new program where Amazon helps them establish their own delivery business.

The program will include access to Amazon’s delivery technology, hands-on training and discounts on a suite of assets and services, including the vehicle leasing and insurance, the retailer says.

That means drivers won’t have to use their own cars, as in the crowdsourced delivery program known as Amazon Flex. This gives them more space for organizing packages, the ability to use parking spots for delivery vehicles and the ability to haul extra equipment, like straps and dollies.

Amazon says the earning potential for successful owners is as much as $300,000 in annual profit operating a fleet of 40 vehicles. The company expects that, over time, hundreds of small business owners will hire tens of thousands of delivery drivers across the U.S., it says.

In other words, Amazon just launched its own UPS competitor of sorts, by offering leased vans, training and resources to those who want to drive for Amazon instead of Uber.

The retailer says people can start up their Amazon delivery businesses with as little as $10,000. Military vets can get that 10K reimbursed, as Amazon is investing a million into a program that funds their startup costs.

The business owners — who don’t need logistics experience, Amazon notes — will be offered discounts on the customized delivery vans, branded uniforms, fuel, comprehensive insurance coverage and more — deals the retailer pre-negotiated on their behalf.

This also addresses some of the problems the gig work Flex drivers faced — gas prices would often cut far too much into profits; the lack of insurance; and the general challenges associated with trying to deliver packages from an unbranded, small car.

“We have great partners in our traditional carriers and it’s exciting to continue to see the logistics industry grow,” said Dave Clark, Amazon’s senior vice president of worldwide operations, in a statement about the launch. “Customer demand is higher than ever and we have a need to build more capacity. As we evaluated how to support our growth, we went back to our roots to share the opportunity with small-and-medium-sized businesses. We are going to empower new, small businesses to form in order to take advantage of the growing opportunity in e-commerce package delivery.”

The changes come at a time when there’s been debate about Amazon’s financial impact on the U.S. Postal Service. But with this new program, Amazon could reduce its reliance on outside partners as the program scales.

However, Amazon will continue to work with existing partners, including UPS and FedEx, in addition to the USPS and smaller last-mile delivery partners, for some time. As Amazon’s business continues to grow, it will need these partners’ help to get packages to customers for the foreseeable future — a fleet of leased Prime vans can’t do it all.

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

Google Calendar gets an Out of Office mode

out of office cal

Google Calendar is the latest Google app to get an update focused on improving users’ “digital wellbeing.” The company announced today it’s rolling out a new “Out of Office” feature in Google Calendar, alongside a setting for customizable working hours. The working hours signal to others when you’re unavailable, and allows Google Calendar to automatically decline meetings on your behalf outside those hours.

For starters, you’ll find there’s a new “Out of Office” calendar entry type you can select when you’re creating an event via Google Calendar on the web.

For example, if you’re scheduling the dates of your vacation, you could mark that event as “Out of Office.” If others send you meeting invites during this period, Google Calendar will decline them without your involvement.

It’s a feature users have requested for years to complement Gmail’s Vacation Responder.

Google also says it will attempt to automatically detect when event types should be denoted “Out of Office,” based on the event title.

Another new feature will allow you to better customize your working hours in Google Calendar.

Currently, you can set working hours to one interval for all days of the week, but now you’ll be able to customize your hours for each day separately. This will help people who have irregular availability — not the usual 9 to 5, so to speak.

Google Calendar will also try to infer your working hours based on your prior scheduling patterns, and may prompt you to confirm them in the app’s Settings.

The changes, while seemingly small, are part of a broader movement at Google to promote digital wellbeing across its platforms.

In recent months, the company has introduced a number of features focused on helping people better manage their time, and fight back against the addictive nature of smartphones and digital services.

For example, at its I/O developer conference in May, Google introduced new time management controls for Android users, and it has a set of screen time tools for parents to use with children via Family Link.

It even rolled out new tools to help YouTube users cut down the time they spend mindlessly watching videos.

Other services, like Gmail and Google Photos, utilize machine learning and AI to reduce the time spent in-app, by doing things like prioritizing the important mail, or automatically editing your photos.

The new Google Calendar tools are rolling out now to G Suite users, Google says. Presumably, a broader consumer release will soon follow.

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

Instagram now lets you 4-way group video chat as you browse

Instagram Video Calling

Instagram’s latest assault on Snapchat, FaceTime and Houseparty launches today. TechCrunch scooped back in March that Instagram would launch video calling, and the feature was officially announced at F8 in May. Now it’s actually rolling out to everyone on iOS and Android, allowing up to four friends to group video call together through Instagram Direct.

With the feed, Stories, messaging, Live, IGTV and now video calling, Instagram is hoping to become a one-stop-shop for its 1 billion users’ social needs. This massive expansion in functionality over the past two years is paying off, SimilarWeb told TechCrunch in an email, which estimates that the average U.S. user has gone from spending 29 minutes per day on the app in September 2017 to 55 minutes today. More time spent means more potential ad views and revenue for the Facebook subsidiary that a Bloomberg analyst just valued at $100 billion after it was bought for less than $1 billion in 2012.

 

 

One cool feature of Instagram video calling is that you can minimize the window and bounce around the rest of Instagram without ending the call. That opens new opportunities for co-browsing with friends as if you were hanging out together. More friends can join an Instagram call in progress, though you can mute them if you don’t want to get more call invites. You’re allowed to call anyone you can direct message by hitting the video button in a chat, and blocked people can’t call you.

Here’s how Instagram’s group video calling stacks up to the alternatives:

  • Instagram – 4-way plus simultaneous browsing
  • Snapchat – 16-way with up to 32 people via listening via audio
  • FaceTime – 32-way (coming in iOS 12 this fall)
  • Houseparty – 8-way per room with limitless parallel rooms
  • Facebook Messenger – 6-way with up to 50 people listening via audio

Instagram is also rolling out two more features promised at F8. The Explore page will now be segmented to show a variety of topic channels that reveal associated content below. Previously, Explore’s 200 million daily users just saw a random mish-mash of popular content related to their interests, with just a single “Videos You Might Like” section separated.

Now users will see a horizontal tray of channels atop Explore, including an algorithmically personalized For You collection, plus ones like Art, Beauty, Sports and Fashion, depending on what content you regularly interact with. Users can swipe between the categories to browse, and then scroll up to view more posts from any they enjoy. A list of sub-hashtags appears when you open a category, like #MoGraph (motion graphics) or #Typeface when you open art. And if you’re sick of seeing a category, you can mute it. Strangely, Instagram has stripped Stories out of Explore entirely, but when asked, the team told us it plans to bring Stories back in the near future.

The enhanced Explore page could make it easier for people to discover new creators. Growing the audience of these content makers is critical to Instagram as it strives to be their favorite app amongst competition. Snapchat lacks a dedicated Explore section or other fan base-growing opportunities, which has alienated some creators, while the new Instagram topic channels is reminiscent of YouTube’s mobile Trending page.

Instagram’s new Explore Channels (left) versus YouTube’s Trending page (right)

Finally, Instagram is rolling out camera effects designed by partners, starting with Ariana Grande, BuzzFeed, Liz Koshy, Baby Ariel and the NBA. If you’re following these accounts, you’ll see their effect in the Stories camera, and you can hit Try It On if you spot a friend using one you like. This opens the door to accounts all offering their own augmented reality and 2D filters without the Stories camera becoming overstuffed with lenses you don’t care about.

What’s peculiar is that all of these features are designed to boost the amount of time you spend on Instagram just as it’s preparing to launch a Usage Insights dashboard for tracking if you’re becoming addicted to the app. At least the video calling and camera effects promote active usage, but Explore definitely encourages passive consumption that research shows can be unhealthy.

Therein lies the rub of Instagram’s mission and business model with its commitment to user well-being. Despite CEO Kevin Systrom’s stated intention that “any time [spent on his app] should be positive and intentional“ and that he wants Instagram to “be part of the solution,” the company earns more by keeping people glued to the screen rather than present in their lives.

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

Federal Agencies Fell Short in Assessments of Cybersecurity Employees, Finds Report

The skills gap poses a persistent challenge to organizations. Enterprises need a qualified workforce if they are to adequately defend against digital threats. This is true for every industry and is especially so for the public sector.

Acknowledging that fact, Congress enacted the Federal Cybersecurity Workforce Assessment Act (Act) in 2015. This piece of legislation requires the Office of Personnel Management (OPM) to develop a coding structure under the National Initiative for Cybersecurity Education (NICE) for cybersecurity positions and create procedures that facilitate the coding structure’s implementation for civilian cybersecurity positions. It also stipulates that 24 agencies covered by the Chief Financial Officers (CFO) Act must submit baseline assessments of their workforces and establish processes to apply OPM’s coding structure to their workforces.

Most of the CFO Act agencies submitted baseline assessments. In an effort to examine the OPM’s coding procedures and understand the progress of the Act’s implementation, the U.S. Government Accountability Office (GAO) reviewed the baseline assessments and coding procedures from the reporting agencies. It also interviewed personnel at both the OPM and the CFO Act agencies and published its findings in a report to congressional committees.

What it learned was less than encouraging.

Of the 24 CFO Act agencies that were required to submit baseline assessments, 21 of them complied with the Act and sent their analyses to Congress. Three agencies—the Department of Homeland Security, the U.S. Department of Housing and Urban Development and the Small Business Administration—did not submit assessments due to a lack of tools and resources, among other reasons. Even then, four of the agency assessments didn’t contain all relevant information, namely, they didn’t discuss the level of preparedness of employees without certifications to take certification exams. Additionally, one agency failed to discuss in its assessment how it planned to mitigate certification gaps.

These findings point to a larger trend: agencies struggled to obtain certification information in general. For six of the 21 agencies that submitted assessment, the response rate on questions concerning certifications for cybersecurity positions was only 15-42 percent. Two agencies in particular said employees’ responses were voluntary due to union and legal concerns. Then again, participating agencies couldn’t expect much better. At the time of release for the GAO’s report, there was no government-wide requirement for cybersecurity employees to have certifications. Most agencies didn’t individually require certifications, six said they had some requirements and only the Department of Defense (DoD) required certifications for all cybersecurity jobs. However, the DOD still failed to establish coding procedures for non-civilian cybersecurity positions.

Timing likely played a role in all of these shortcomings. First, NICE had not identified a list of certifications by the December 2016 deadline for CFO Act agencies to submit their reports. As a result, agencies were forced to develop their own approaches to mapping cybersecurity certifications. Second, OPM didn’t submit its coding guidance until January 2017, and it specified that agencies weren’t supposed to complete their assignment of 3-digit codes for cybersecurity positions until April 2018. This means CFO Act agencies had to submit reports on cybersecurity employees’ certifications before having the chance to properly evaluate their workforce, a reality which forced them to come up with their own criteria for assessing their employees’ qualifications.

Given these findings, the GAO concluded in its report that agencies’ assessments might not reflect their workforce accurately:

…[B]ecause agencies have not consistently defined the workforce and NICE had not developed a list of appropriate certifications, efforts such as conducting the baseline assessment to determine the percentage of cybersecurity personnel that hold appropriate certifications have yielded inconsistent and potentially unreliable results. By not conducting assessments or including all required information in the assessments, some of these agencies may lack valuable information that could help them identify the certification and training needs of their cybersecurity employees that are charged with protecting federal information and information systems from cyberattacks.

The GAO therefore proposed 30 recommendations to 13 agencies that will help them fulfill the Act’s requirements on baseline assessments and coding procedures. The specific details of those recommendations are available in the GAO’s report, which is available for download here.

Outside of the Federal Cybersecurity Workforce Assessment Act, federal agencies across the board need to take proper safeguards to protect themselves against digital threats and maintain compliance with federal information security standards. To learn how Tripwire can help with both of these objectives, click here.

 

via:  tripwire


Save pagePDF pageEmail pagePrint page

Facebook reverses its crypto ad ban

As there’s clearly too much ad revenue potential to ignore, Facebook today announced it’s reversing its cryptocurrency ad ban effective immediately. The decision comes with a few caveats, however. The company says it will allow ads and related content from “pre-approved advisers,” but will still not allow ads promoting binary options and initial coin offerings.

Facebook had first enacted the ban in January, saying at the time that too many companies in this space were “not currently operating in good faith.”

While it admitted that banning all crypto advertising was a broad change, the company said that its new policy would “improve the integrity and security of our ads, and to make it harder for scammers to profit from a presence on Facebook.”

But it had also said the policy would be revisited over time, as its ability to protect deceptive ads improved.

Fast forward six months, and apparently Facebook is ready for the crypto ad onslaught yet again.

This time around, it’s making advertisers go through an application process to determine their eligibility. Facebook will ask advertisers to include on their applications details like what licenses they’ve obtained, whether they’re a publicly traded company, and other relevant background information regarding their business.

How thoroughly this information is fact-checked by Facebook staff remains unclear.

The company reminded users in the same announcement that they should continue to flag ad content that violates its guidelines. In other words, expect some bad ads to get through.

Facebook explains its new requirements will keep some crypto advertisers from being able to hawk their businesses on the social network, but adds that its policy in this area continues to be a work in progress.

“…We’ll listen to feedback, look at how well this policy works and continue to study this technology so that, if necessary, we can revise it over time,” says Rob Leathern, Product Management Director, in Facebook’s announcement.

Facebook’s original decision to ban crypto ads was followed by Google in March, when the company cited the “unregulated” and “speculative” nature of many of the advertised products. Its new policy begin this month. Twitter and Snap also have some policies around crypto ads, with Twitter only showing ads for exchanges and wallets provided by publicly traded companies and Snap allowing crypto ads but banning those for ICOs.

The crypto industry is rife with scams, so it makes sense that these major platforms would need some rules around what’s allowed. According to the FTC, consumers lost $532 million to cryptocurrency-related scams in the first two months of 2018, Coindesk reported on Monday. And an agency official warned that consumers will lose more than $3 billion by the end of the year.

Facebook says the full crypto ad ban is lifted today for approved advertisers.

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

Got an old PC? Your time running Windows 7 may be up

Microsoft abandons support for Windows 7 on Pentium III-era machines.

Microsoft has dropped support for Windows 7 on a range of PCs dating back to turn of the millennium.

PCs whose processors lack support for multimedia instructions called SSE2 will no longer receive security updates for Windows 7, Microsoft has confirmed.

The issue first arose in March this year, when Microsoft issued a security update, (KB4088875), which generated a stop error on computers that didn’t support SSE2.

While Microsoft initially indicated it was working to resolve the error on Windows 7 machines, it later changed its advice, telling owners of affected PCs to “upgrade your machines with a processor that supports SSE2 or virtualize those machines”.

The result is that cumulative Windows 7 patches won’t install on PCs lacking SSE2 support from the March update onwards. Those who want to continue using Windows 7 on such machines will have to risk using PCs unpatched against the latest security threats.

Windows 7 was sold with the condition that security updates would continue to be issued until January 2020. But TechRepublic’s sister site ZDNet points out that Microsoft is entitled to make such a change under its Business, Developer and Desktop Operating Systems Policy, which states: “Older products may not meet today’s more demanding security requirements. Microsoft may be unable to provide security updates for older products”.

CPUs have supported SSE2 since 2000, with the multimedia instructions having been commonplace in processors since 2004 — meaning you’re unlikely to be affected unless you’ve held on to a Pentium III-era machine.

Last year Microsoft confirmed that laptops running on Intel Atom Clover Trail chipsets will not receive any Windows 10’s feature updates after the Anniversary Update, issued in summer last year.

 

 

via:  techrepublic


Save pagePDF pageEmail pagePrint page

State Officials Request More Federal Money for Election Security

State officials requested more money from the federal government to help fund their efforts towards better election security.

On 21 June, three state officials who appeared on a panel before the Senate Rules Committee said they’d welcome additional monies from the Election Assistance Committee (EAC), a U.S. agency created by the Help America Vote Act of 2002 (HAVA) which provides assistance to states via its Office of Grants Management.

One of those state officials was Jim Condos, Secretary of State for Vermont. As quoted by CyberScoop:

While our upgrades to equipment and cybersecurity will be an ongoing challenge for many states, the federal funding received will regrettably be insufficient to do all that we want or need. However, we are very grateful for the boost that these federal funds provide us at this time.

Minnesota’s secretary of state Steve Simon concurred by asking that “those in Congress consider some ongoing way to provide some resources for us along those same lines.” He said the $6.6 million already afforded to his state by the EAC was helpful but that election security is “expensive” and requires greater funding.

Jay Ashcroft, Secretary of State for Missouri, put it even more succinctly: “If you send it, we will use it.”

Together, the three officials said that additional monies could fund their states’ efforts to hire IT staff to maintain statewide voter registration systems, implement security measures like two-factor authentication and conduct post-election audits.

Condos, Simon and Ashcroft requested more funding despite uncertainty involving what role the federal government should play in state elections. In early 2017, the Department of Homeland Security (DHS) labeled the entire United States’ election system as “critical infrastructure.” This designation made protecting polling places and election systems a priority for the Department after reports of Russian interference in the 2016 U.S. presidential election.

Not everyone supported that decision. For example, the National Association of Secretaries of State issued a statement calling the DHS designation “legally and historically unprecedented.” Others worried the designation could lead to federal overreach into state elections.

Ahead of the 2018 midterm elections, state officials are still trying to figure out what type of balance will help them best defend against election hacking. That arrangement could involve a requirement that states run post-election audits in order to obtain additional funding, an option which was discussed at the hearing.

States aren’t the only government bodies that need to be worried about blackhat hackers. Federal agencies also need to take steps to secure their networks against computer criminals.

 

via:  tripwire


Save pagePDF pageEmail pagePrint page

AT&T collaborates on NSA spying through a web of secretive buildings in the US

A new report from The Intercept sheds light on the NSA’s close relationship with communications provider AT&T.

The Intercept identified eight facilities across the U.S. that function as hubs for AT&T’s efforts to collaborate with the intelligence agency. The site first identified one potential hub of this kind in 2017 in lower Manhattan.

The report reveals that eight AT&T data facilities in the U.S. are regarded as high-value sites to the NSA for giving the agency direct “backbone” access to raw data that passes through, including emails, web browsing, social media and any other form of unencrypted online activity. The NSA uses the web of eight AT&T hubs for a surveillance operation code-named FAIRVIEW, a program previously reported by The New York Times. The program, first established in 1985, “involves tapping into international telecommunications cables, routers, and switches” and only coordinates directly with AT&T and not the other major U.S. mobile carriers.

AT&T’s deep involvement with the NSA monitoring program operated under the code name SAGUARO. Messaging, email and other web traffic accessed through the program was made searchable through XKEYSCORE, one of the NSA’s more infamous search-powered surveillance tools.

The Intercept explains how those sites give the NSA access to data beyond just AT&T subscribers:

The data exchange between AT&T and other networks initially takes place outside AT&T’s control, sources said, at third-party data centers that are owned and operated by companies such as California’s Equinix. But the data is then routed – in whole or in part – through the eight AT&T buildings, where the NSA taps into it. By monitoring what it calls the “peering circuits” at the eight sites, the spy agency can collect “not only AT&T’s data, they get all the data that’s interchanged between AT&T’s network and other companies,” according to Mark Klein, a former AT&T technician who worked with the company for 22 years.

The NSA describes these locations as “peering link router complex” sites while AT&T calls them “Service Node Routing Complexes” (SNRCs). The eight complexes are spread across the nation’s major cities, with locations in Chicago, Dallas, Atlanta, Los Angeles, New York City, San Francisco, Seattle and Washington, D.C. The Intercept report identifies these facilities:

Among the pinpointed buildings, there is a nuclear blast-resistant, windowless facility in New York City’s Hell’s Kitchen neighborhood; in Washington, D.C., a fortress-like, concrete structure less than half a mile south of the U.S. Capitol; in Chicago, an earthquake-resistant skyscraper in the West Loop Gate area; in Atlanta, a 429-foot art deco structure in the heart of the city’s downtown district; and in Dallas, a cube-like building with narrow windows and large vents on its exterior, located in the Old East district.

… in downtown Los Angeles, a striking concrete tower near the Walt Disney Concert Hall and the Staples Center, two blocks from the most important internet exchange in the region; in Seattle, a 15-story building with blacked-out windows and reinforced concrete foundations, near the city’s waterfront; and in San Francisco’s South of Market neighborhood, a building where it was previously claimed that the NSA was monitoring internet traffic from a secure room on the sixth floor.

While these facilities could allow for the monitoring of domestic U.S. traffic, they also process vast quantities of international traffic as it moves across the globe — a fact that likely explains why the NSA would view these AT&T nodes as such high-value sites. The original documents, part of the leaked files provided by Edward Snowden, are available in the original report.

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

Pokémon GO is finally going to let players trade Pokémon

Just shy of two years after launch, Pokémon GO is finally about to roll out one of its most notably absent features: Pokémon trading.

A staple of the series, trading lets players swap their Pokémon with another player in the never-ending quest to, well, catch ’em all.

The trading mechanics will be tied into a new Friend system; the Friend system will roll out later this week, with the trading mechanics going live “soon after” (though Niantic doesn’t want to get more specific than that, presumably in case something breaks).

Here’s how it all works:

    • To trade with someone, you must be their in-game friend *and* within 100 meters (~320 ft.) of them.
    • To become friends, you exchange your unique Trainer Codes.
    • Once friends, you’ll get in-game perks for playing together. Your Pokémon will get attack bonuses when battling gyms together, for example — and when you raid together, you’ll get extra Pokéballs.

    • The more you play together (raiding, battling gyms, etc), the higher your relationship level will be.
    • Certain Pokémon (Legendaries, Shinies and any Pokémon you don’t already have) are considered “special trades.” You can only make special trades with the players with whom you’ve reached the higher tiers of friendship. In other words, they mostly want you trading with the people you play with somewhat regularly — not rando spoofers selling Pokémon on eBay.
    • You can only make one special trade per day.
    • Trades cost stardust (the in-game resource otherwise required for powering up a Pokémon). The rarer the Pokémon, the more it’ll cost to trade. Having a higher friendship level, though, will offset that a bit (note in the example below, for instance, how it starts at a rather insane requirement of a million stardust and drops down to a more manageable 40,000 as the friendship level, shown in the upper right, increases).

Meanwhile, they’ve also introduced another entirely new concept as part of the friend system: Gifts. Every once in a while, spinning a Pokéstop will give you a “Gift” item. You can’t open it yourself — instead, you’re meant to send it to a friend for them to open. It’ll arrive marked with a photo of the stop where you picked it up — a little Pokéstop post card, of sorts, bundled with a handful of “helpful items.” Niantic doesn’t say exactly what those “helpful items” might be, though they do note that they could include eggs containing Alolan Pokémon (which, for the most part, haven’t been made available in-game yet).

While the trading/friend system might seem a bit complicated, with its stardust requirements and daily limits and friendship requirements, it theoretically helps limit some issues that a free-for-all trade system might face. It’s easy to imagine someone spoofing back and forth around the world to farm rare Pokémon as they pop up, slinging them on eBay (or wherever) for a few bucks a pop, and just spoofing to an agreed location to initiate a trade. Requiring players to have some history of playing/raiding/battling gyms together before they can trade the good stuff makes that a bit more challenging.

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page