Archive
iOS7 Security issues give access to your photos and more
E-Crime Expert brings once again to your attention a security issue, thanks to Jose Rodriguez, from Canary Islands which has found this iOS7 Security glitch that gives access to your photos, and enables the sharing of them via Twitter, Mail, Flickr, Message.
The following demo, pictures and testing is done entirely by E-Crime Expert (Dan Manolescu) on one of our devices. This security issues apply to any Apple device (iPhone, Ipad) that runs on iOS7.
How it works:
From the locked screen menu (Fig.1), pull the “Control center” tab up (Fig.2) and click the “Clock” pictogram (Fig.3)
Fig.1
Fig.2
Fig.3
Then, press the “sleep button” until “turn off your device” (Fig.4) message appears. Instead, press “cancel” and right after double click the Home button (Fig.5).
Fig.4
Fig.5
The “Multitasking” screen will appear (Fig.6). You can now chose the “Camera” app from there and click the “Camera roll” (Fig.7) and you will instantly have access to your photos (Fig.8).
Fig.6
Fig.7
Fig.8
From here, you can share them via Twitter, Facebook, Mail, Flickr (Fig.9).
Fig.9
In order to avoid this security glitch, update your iOS:
Go to “Settings” (Fig.10), then to “General” (Fig.11) and after to “Software update” (Fig.12).
Fig.10
Fig.11
Fig.12
Done Deal!
Again, credit goes to: Jose Rodriguez, from Canary Islands (Spain).
Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: http://www.e-crimeexppert.com
To find out more about Dan Manolescu, visit his LinkedIn page here.
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
Do you know what is your child’s age requirement to sign up online?
As the Internet permeates every aspect of the economy and society, it is also becoming an essential element of our children’s lives. While it can bring considerable benefits for their education and development, it also exposes them to online risks such as access to inappropriate content, harmful interactions with other children or with adults, and exposure to aggressive marketing practices.
Children online can also put their computer systems at risk and disseminate their personal data without understanding the potential long-term privacy consequences.
In addition, there are other risks for children using online environments, such as:
–Privacy risks
-cyber-bullying
-cyber-stalking
-age-inappropriate content
-online grooming
-identity theft
-emotional implications.
Beside support and guidance from parents when using the online environment, an appropriate mental development and understanding is important for a child when using an online platform. For these reasons, in both the United States and the European Union, a minimum age requirements for accessing the “online world” was set as a legal requirement.
E-Crime Expert thinks that the minimum age requirements a child should meet when signing up for an email account, Facebook, etc., should be a topic of interest for parents. For these reasons, we researched the minimum age requirements on some of the most popular online sites and platforms.
The Children’s Online Privacy Protection Act (COPPA) in United States applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children’s privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents’ permission, many websites altogether disallow underage children from using their services due to the amount of work involved.
In the European Union, the European Commission released in January 2012, a Proposal on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
This Proposal has specific requirements with regards to Children. They deserve specific protection of their personal data, as they may be less aware of risks, consequences, safeguards and their rights in relation to the processing of personal data. To determine when an individual is a child, this Regulation should take over the definition laid down by the UN Convention on the Rights of the Child.
“Article 8
Processing of personal data of a child
For the purposes of this Regulation, in relation to the offering of information society services directly to a child, the processing of personal data of a child below the age of 13 years shall only be lawful if and to the extent that consent is given or authorised by the child’s parent or custodian. The controller (i.e. the person in charge with the collection, use and disclosure of personal data) shall make reasonable efforts to obtain verifiable consent, taking into consideration available technology”.
Following, are the minimum age requirements for children using different Internet websites or Social Networking Services and other online platforms:
1. Facebook:
How old do you have to be to sign up for Facebook?
In order to be eligible to sign up for Facebook, you must be at least 13 years old.
The minimum age requirement on Facebook is more or less enforceable. Simply lying about your birthdate easily circumvents the policy.
The Children’s Online Privacy Protection Act (COPPA) mandates that websites that collect information about users aren’t allowed to sign on anyone under the age of 13. As a result, Facebook’s Statement of Rights and Responsibilities require users of the social network to be at least 13 years old (and even older, in some jurisdictions).
According to MinorMonitor, over 38 percent of children with Facebook accounts are 12-years-old and under. Even more worryingly, 4 percent of children on Facebook are reported to be 6-years-old or younger, which translates to some 800,000 kindergarteners on Facebook.
These results come from a survey of 1,000 parents of children under 18-years-old who use Facebook. The company provides a free, web-based parental tool that gives parents a quick view into their child’s Facebook use, including potential dangerous activities such as the friending of online predators, cyberbullying, violence, drug and alcohol use, as well as sexual references.
2. Google:
Age requirements on Google Accounts:
- United States: 13 or older
- Spain: 14 or older
- South Korea: 14 or older
- Netherlands: 16 or older
- All other countries: 13 or older
Some Google products have specific age requirements. Here are a few examples:
- YouTube: When a YouTube video has been age-restricted, a warning screen is displayed and only users who are 18 or older can watch it. Learn more about age-restricted videos.
- Google Wallet: 18+
- AdSense: 18+
- AdWords: 18+
3. Yahoo
When a child under age 13 attempts to register with Yahoo!, they ask the child to have a parent or guardian create a Yahoo! Family Account to obtain parental permission.
Yahoo! does not contact children under age 13 about special offers or for marketing purposes without a parent’s permission.
Yahoo! does not ask a child under age 13 for more personal information, as a condition of participation, than is reasonably necessary to participate in a given activity or promotion.
Yahoo! is concerned about the safety and privacy of all its users, particularly children. For this reason, parents of children under the age of 13 who wish to allow their children access to the Yahoo! Services must create a Yahoo! Family Account. When you create a Yahoo! Family Account and add your child to the account, you certify that you are at least 18 years old and that you are the legal guardian of the child/children listed on the Yahoo! Family Account. By adding a child to your Yahoo! Family Account, you also give your child permission to access many areas of the Yahoo! Services, including, email, message boards and instant messaging (among others). Please remember that the Yahoo! Services is designed to appeal to a broad audience. Accordingly, as the legal guardian, it is your responsibility to determine whether any of the Yahoo! Services areas and/or Content are appropriate for your child.
4. Hotmail
As on Hotmail’s Terms of Use is no reference to the age requirements to join the service, we did our own registration and it appears that 13 is the age requirement for joining Hotmail, as shown below:
I. Attempt indicating the user is 6 years old
Step 1
Step 2
Step 3
II. Second attempt, indicating the user is 13 years old.
Step 1
Step 2
5. MySpace
- You must be at least 13 years old to have a Myspace profile
- If you’re under 16 years old, you’re not allowed to list your age as over 16 and make your profile public (your profile must be set to private)
- If you’re under 18, you’re not allowed to list your age as over 18
- Users under 18 are not able to make changes to their listed age
Notes & Tips
- If you break any of the above rules, MySpace will be forced to delete your profile for safety and security reasons (it’s all in their Terms of Use)
6. Skype
Skype not directly sets up an age restriction within their Terms of Use.
“Jurisdiction’s Restrictions: If the law of Your country prohibits You from downloading or using Skype Software because You are under the age limit or because the Skype Software is not allowed in Your country, please don’t use it”.
According to this, for US the minimum age requirement is 13 + (COPPA).
7. LinkedIn
PRIVACY POLICY, 18!
In terms of LinkedIn’s Privacy Policy:
”Children are not eligible to use our service and we ask that minors (under the age of 18) do not submit any personal information to us or use the service.”
8. Twitter
Age screening on Twitter
Age screening is a way for brands and others to determine online whether a follower meets a minimum age requirement, in a way that is consistent with relevant industry or legal guidelines. This makes it easier for advertisers and others with content not suitable for minors (e.g. alcohol advertisers) to advertise on Twitter.
There apparently, is now age restriction for setting up an account on Twitter (as we set it up without being asked about our age). See below:
Step 1
Step 2: Done!
For more advice on how children could stay safe online (you could also share this with your child), click here to visit the material E-Crime Expert specially created for this purpose.
Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: www.e-crimeexppert.com
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
SHODAN, the search engine: is it “scarry” or not?
E-Crime Expert presents to you today a search engine which is totally different (in functionality and scope) than the ones we are used to (i.e Google, Bing etc).
For us (E-crime Expert), Shodan has a positive value as it uncovers security vulnerabilities. Used by others (i.e. cybercriminals), Shodan could have a negative side as enables access to different systems (routers, webcams, etc) which have little or no security protection.
According to the description available on their main page here, “SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners”.
Web search engines, such as Google and Bing, are great for finding websites. Rather than to locate specific content on a particular search term, SHODAN is designed to help the user find specific nodes (desktops, servers, routers, switches, etc.) with specific content.
How to use it:
Create and login using a SHODAN account, or Login using one of several other options (Google, Twitter, Yahoo, AOL, Facebook, OpenID).
Login is not required, but country and net filters are not available unless you login.
Basic Operations:
Filters
-country: filters results by two letter country code hostname;
-filtering by country can also be accomplished by clicking on the country map (available from the drop down menu);
-mouse over a country for the number of scanned hosts for a particular country.
-filters results by specified text in the hostname or domain net;
-filter results by a specific IP range or subnet operating system;
-search for specific operating systems port: narrow the search for specific services;
After the search returns some entries (webcams located in a certain area), just click on one of those entries and you will have instant access to what that webcam records live (Fig 1).
Figure 1.
Examples:
Note:
E-Crime Expert will try contact all the owners of these vulnerable systems in order to report their security issues and advise how to protect their devices with appropriate passwords and security measures.
Please watch the video or read our material on how to create a stronger password.
1. Run a search for all existing default passwords, as shown in Figure 2.
Having access to the password, one could enter the router’s settings and change them or even more, use the router as a back door to access any device connected to it such as a computer, printer, etc.
Figure 2.
2. Once we selected a webcam, click on it and wait for the live footage to play.
What we see is an intersection which could be considered as a public space. The live feeds record everything live (Fig. 3).
Figure 3.
3. The access is granted regardless the geographical location: E-Crime Expert had access to a webcam located in Russia from a computer located in North America (Figure 4).
Figure 4.
4. We next tested a webcam which was recording someone’s home front steps for security reasons perhaps. But the issue here is how that camera’s angle is recording as you can also see the next neighbor’s front alley, car and probably anyone entering their house (Fig. 5).
Figure 5.
5. Next example is more intrusive as transmits live feeds from a restaurant where clients could be identified along with the staff members. The purpose of this camera is theft protection but due to its non-existing security measures, now anyone on the Internet could check who came at that restaurant and at what time, transforming the purpose of that camera into a monitoring one (Fig. 6).
Figure 6.
6. Not surprisingly, the next webcam becomes even more intrusive by showing live the staff member working in a convenience store, with a “from behind the counter” view. Anytime the staff opens the money drawer, everyone having access to this webcam (available worldwide as shown in this blog post) could approximate how much money is available there. Beside the privacy invasive aspect of the clients and also of the staff member, potentially, could also lead to robberies or similar attacks (Fig. 7).
Figure 7.
7. Last examples is the most intrusive and concerning one as it transmits live video streaming from someone’s home. It is intrusive because most probably the guests visiting this person are not aware of the webcam, and also because the footage is now available not just to the security company in charge of protecting this home, but also to virtually anyone on the Internet. The second concerning aspect is that anyone could see what is available on the kitchen counter whether a large amount of cash or cheques or other valuable goods. This again, could lead to robberies or other violent crimes (Fig. 8).
Figure 8.
Conclusions:
SHODAN aggregates a significant amount of information that is not already widely available in an easy to understand format.
SHODAN collects basic information about the websites, the information “from the inside”, data covering the so-called back-end (simplified information about the type of your server software versions, and so on). On the one hand, it is therefore an excellent data base for those involved in security – but on the other, it is also a source of information for cybercriminals.
The Shodan software runs 24 hours a day. It automatically reaches out to the World Wide Web and identifies digital locators, known as internet protocol addresses, for computers and other devices. For security monitoring teams, Shodan may present some serious challenges. It is highly unlikely that security monitoring teams will ever be alerted to an attack that is using Shodan.
From a privacy perspective, there on the World Wide Web could be some available information accessible to the regular people by simply running a search, which it is not necessarily to be regarded as publically available information, such as the webcam in someone’s home, in a store, gas station etc. This is not publically available information from a legal perspective but it actually becomes available to anyone as some monitoring systems have little or no security measures. According to most international privacy legislation, a surveillance camera should be installed and used just on a legal basis and after a privacy impact assessment is done (as a best practice). That legal basis strictly refers to the purpose of why that camera is used for which definitely does not grant worldwide access to the footage, except where in question is a public space (i.e. park, street, etc).
Even though in question is a public domain under surveillance, there are cases when footage or pictures of those public spaces record more than the public space itself (i.e. Google maps litigations for capturing more than the streets, etc).
The Privacy Impact Assessment is specifically done (among others) to make sure that no unauthorized person has access to the footage recorded by a surveillance camera. Being able to publically find this footage on the Internet, is outside the Privacy and Security requirements and measures in place for a surveillance camera located either within a public space (with the potential of recording private areas as well) and or in a household which is by definition a private space. Probably some of these surveillance cameras are installed by the household owners, aiming to act as a theft protection and consequently be accessible just by the police or other law enforcement entities.
Contrary, by having access globally to this kind of footage, does not align with most of the international existing privacy legislation.
Once again, E-Crime Expert has taken this opportunity (SHODAN – search as a positive tool) to asses current privacy and security issues.
If you have any question you could contact: dan@e-crimeexpert.com
Additional information can be found at: www.e-crimeexppert.com
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
WHAT TO DO WHEN YOUR EMAIL GOT HACKED OR COMPROMISED
E-Crime Expert explains in this blog post the steps to be taken when your email or Social Networking Site has been hacked or compromised.
When someone’s friends or close contacts start telling that they are receiving emails or messages that one never sent, or when appears online content that one never posted, it could mean that another person has gained illegitimate control over this individual’s email or Social Networking Site.
If this happened, in order to limit the damage and the possibility of spreading malwares/viruses to others, firstly the passwords to all accounts that have been compromised and to other important accounts should be changed*, and also notifications to all contacts regarding that they may receive spam messages that appear to come from the compromised account, should be sent.
It could also happen that one cannot access his/her account anymore because a password has been changed.
If this happen, bellow are provided the contact details for the most popular email and Social Networking sites providers:
* Hacked account – click here:
* Account is sending spam – click here: 
* Help Center – click here: 
* Hacked account – click here: 
* Inaccessible account – click here:
* Hacked account – click here:
* Inaccessible account – click here:
* Help Center – click here: 
* Hacked account – click here:
* Inaccessible account – click here:
* Hacked account – click here:
* Help Center – click here:
* Hacked account – click here:
TIPS:
* How to choose a strong password:
Watch video : “Creatting a strong password video tutorial”
Read blog post: “Tips for a better, stronger password”
Frequently check your account activity/log in history as explained in this blog post: “Does anyone snoop in your email account? Find out”
If you have any question you could contact: dan@e-crimeexpert.com
Additional information can be found at: www.e-crimeexppert.com
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
LinkedIn new Scam: Upgrade free to LinkedIn Premium
Today, E-Crime Expert encountered a new scam, related to LinkedIn this time.
How it woks:
I received an email on my regular email address which said that because I am a valuable LinkedIn user, they will upgrade my Basic accoun to a Premium one for free, for one month period.
Picture 1
I did not know that this is a scam so I proceeded with the upgrade. After I clicked “upgrade” I was promted to introduce my LinkedIn password. I did so, but nothing hapenned.
Then, I checked my LinkedIn account on a different webpage and still there my account appears “Basic”, so no upgrade done as promised.
Picture 2
Instantly I realize that this is a scam having as purpose the access of your valuable friends database with email addresses, phone numbers, professions, etc. The purpose of this scam is to retrive for free this valuable information that later can be used for identity theft, or spam, or aother related scams.
Action:
if you did upgrade your account, please change your password as soon as possible
If you received this message but did not upgrade yet, please don’t do it.
If you have further questions, please fel free to contact us at: dan@e-crimeexpert.com
Cloud computing and the Internet part II
As announced on yesterday’s post “Cloud computing and the Internet part I, E-Crime Expert is posting the second part on cloud computing.
In addition to the methods in which Cloud computing is delivered, there are different types of the cloud computing which include: public cloud, hybrid cloud and private cloud.
Public cloud which is when a service provider offer services such as application usage, development or storage of data, to anyone on the Internet.
Hybrid cloud is when a business uses some applications in house and some provided by an external provider such as storage of data, etc.
Private cloud is when a provider offers cloud computing solutions, but on a private infrastructure network. A business does not want its employees files to be accessible for example on a public cloud and so it rents/buys a private cloud that no one else except that business has access to.
Besides the usefulness of cloud computing solutions, there are questions regarding how the Data Protection Directive applies to this situation? How the personal data of users is dealt with, stored, accessed, manipulated, and processed by the cloud-computing providers. A unique characteristic of cloud computing is that data is floating around from server to server located within the EU or also outside the EU for example to India, the US, etc. Part of someone’s data could be at the same time in the EU and India, on different servers.
There are some questions regarding cloud computing in Facebook’s. Facebook provides services to its clients such as: storage of information (e.g. pictures, videos, profiles, personal data, etc.), application access (e.g. Facebook Places or other applications where the user should agree with the access of that particular application to her personal data), or infrastructure for sending messages, invitations, updates, and posting comments which all deal with private information and data. Everything is done on the Facebook’s platform, which could host the users’ personal information on different servers inside or outside the EU.
The question is who has access to users’ personal data when uploaded and processed on Facebook? According to EU Data Protection Directive (DPD) the users have the right to know which personal data is stored and processed in regards at least to the online marketing advertisers that could be granted access to that data for advertising purposes, profiling, and delivery of targeted advertising. In addition, when a user delete her Facebook account, this operation is not done in real time, it has a delay and the account basically is not deleted but becomes inactive. For example, I ran a search under my name, and some entries showed pictures from my Facebook account that I deleted in the past. This shows that even if the users want to delete some information concerning his person, it would be still available on the Internet. Furthermore, some entries generate pictures or names of my friends on Facebook by associating them with my Facebook account friends’ list.
In other words, even if a user asks for all of his personal data provided on Facebook to be removed, this most likely would not happen. Facebook claims that some users’ personal data would not be available to any other user on Facebook, but some personal information and data will be kept for technical reasons (such as to provide service to other users which are inter-connected with the account that was deleted).
Regarding the compliance with the EU DPD, it is not clear which rules and regulations could apply to cloud computing, as the cloud concept itself is “volatile” (continually changing). Cloud computing is subject to multiple jurisdictions as the information is moved from one server to another or is stored on different servers located in different geographical areas. Kumaraswany and Latif scholars asked: how does moving the private information to the cloud impact the current privacy compliance requirements? Is information kept on the server, in the cloud or in a data center? These are questions that momentarily have no answer, at least in regards to how Facebook deals with, makes accessible, stores, and “floats” the users’ private data.
Who has the technical capabilities, jurisdiction and access to verify whether Facebook complies with these requirements?
For how long is the users’ personal data stored on its servers, cloud or in data centers?
According to the EU DPD, the user owns her personal data, but when this data is transferred and stored outside the EU, does the user still own her data?
How could a user enforce her right in this case?
If Facebook had provided the answers to these questions, there would be more transparency and less tensions regarding how users’ personal data is dealt with. The burden of proof regarding that the personal data is dealt with, stored, processed, and made available according to the EU DPD, falls on the provider’s shoulders, at least on an informal level when users are questioning more and more how their privacy is protected.
Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: www.e-crimeexppert.com
Do you think that cloud computing is a threat to privacy? Do you think that cloud computing is “out” of jurisdiction?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
Cloud computing and the Internet part I
From the same series that aims to contribute to a better understanding regarding why privacy and personal data are so vulnerable in relation to the Internet and its adjacent services/platforms today, E-Crime Expert shows in two different posts (today and tomorrow), what cloud computing is and how it works.
According to Forrester, “Cloud Computing is buying Information Technology (IT) capacities and utilities as need for a utility provider”. Cloud computing is the IT capabilities delivered as an internet-based service, software or IT infrastructure by a service provider accessible through the Internet protocols and accessible from any terminal (e.g. computer or smartphone). These services could be accessible through pay-per-use, pay-as-you-go or the provider could support it from the revenue generate by advertising (e.g. Google docs). One of its main characteristics is customer self-service, which means that the customer needs no assistance in uploading, modifying, accessing her files, applications, documents, etc. It is accessible anytime and anywhere, and has instant scalability.
Cloud computing is delivered under three forms: software as a service (SaaS); Infrastructure as a service (IaaS) and Platform as a service (PaaS).
Software as a service is when someone needs, for example, to create a word document; the person goes on Google docs where the word processor is located and creates the document without having Microsoft Office installed on her computer. The document is created on the server by having access to Google docs, which is a software being used as a service.
Infrastructure as a service is when a business, for example, does not have the technical capabilities to store all its information in house and they need to store and access it on a server. That server is the host that provides service in storing the data. That service rents the infrastructure (e.g storage medium) to the client.
Platform as a service is when the provider offers facilities for application design, development, testing, computer coding or hosting. For example, GoDaddy is a platform service provider as it offers website hosting services to its clients. Another example related to this research is Facebook, which provides the platform for its clients to upload photos, videos, play games, send messages, etc.
Stay tunned for the second part of this blog tomorrow.
Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: www.e-crimeexppert.com
Did you know what cloud computing is? Do you realize that already you are using it?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
Targeting and profiling users on the Internet for advertising purpose
From the same series that aims to contribute to a better understanding regarding why privacy and personal data are so vulnerable in relation to the Internet and its adjacent services/platforms today, E-Crime Expert shows how targeting and profiling users on the Internet for advertising purpose it is done.
In order to sell advertising, the Social Network Services (SNS) need traffic and also to know what their users preferences are. As similar to TV or Radio advertising, where the commercials are addressed to a certain group of people based on age, sex, needs, preferences (i.e. milk, beauty products, cars, clothes), online advertising has the same goal. But because online the audience is much broader and the target is reached very fast, sometimes in real time, the advertising is offered or delivered differently and it opens huge potential exposure to the audience. In the case of TV advertising, companies provide advertisements and after the post-advertisement sales are monitored for a certain period of time to determine if the commercial clip was effective and reached its target audience.
The audience for TV advertising is established by market studies and questionnaires were the subjects are interviewed in person, anonymously and they have the opportunity to refuse to participate. In the case of online advertising, the profiles of the audience’s preferences are established mostly by the users’ behavior.
Also online and offline advertising are directly connected to the market shares in terms of revenue generated from advertising. In December 2008, according to Mary Meeker from Morgan Stanley publication’s chart named: “Media Time spent vs. Ad spent Out of Whack”, the traditional media which includes TV, radio, and newspapers it is accountable for 8% of the users’ time (in the US) but receives 20% of the advertising money when the online media (the Internet) is accountable for 29% of the user time (in the US) but receives just 8% from the advertising money.
These numbers will balance out between them in the coming five years but in order for the appropriate revenue to be reached and counter-balanced to reflect the real market situation, more online advertising will be generated and produced which implies different ways of approaching and delivering the advertising in order to meet the target (the customers).
More behavioral advertising could be generated along with better user profiling. For example, a user wants to buy something from an online store (which often are advertised or connected to SNS); the user logs in, and first he is presented with the options related to his previous purchases and shopping history on that particular online store. For example, someone shops for Nike shoes, and all the online options are related to the Nike brand based on his previous shopping history. By predicting the user’s preferences based on his shopping history, it is not always accurate because it could be the case that he uses a shared computer where his father regularly uses it, and their personal preferences are totally opposite. Providing a user with products or services based on his shopping history is called targeted advertising. This new type of advertising (i.e. targeted advertising) is seen on SNS and is based on users’ behavior, search history and preferences. However, it is not always the case that the subject’s behavior and search history lead to the subject’s preferences (e.g. the father uses his son’s computer).
The users are monitored for their web browsing history in an attempt to sell them specific products or advertising based on their known preferences. The question, which comes from this model of advertising, could be more complex in terms of: how can someone else’s personal preferences be used for targeted advertising without their acknowledgment?
Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: www.e-crimeexppert.com
Do you feel monitored on the Internet? Does it ever happened to you to be surprised by the advertisng you were delivered on a particular site? Does the advertising changes to you when you are in a different location?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
Retrieving Private Information from SNS’s Users on the Internet
Last week, E-Crime Expert started a series that aims to contribute to a better understanding regarding why privacy and personal data are so vulnerable in relation to the Internet and its adjacent services/platforms.
Today, E-Crime Expert shows how Users’ private information can be retrieved.
Regarding users’ private information, according to Ron Bowes, a security consultant and blogger at Skull Security, anyone could download a Facebook user’s profile from the Facebook public profile directory. Ron Bowes, as a demo for how personal information could be retrieved from Facebook by employing data mining techniques, performed the following operation. He downloaded 171 million public profiles (including names and email addresses) from Facebook out of 500 million registered users. After this, he compiled all this data in a file, which he uploaded on The Pirate Bay torrent. From The Pirate Bay 2, 923 users (seeds) had downloaded the file by July 29, 2010, the date the article was written.
Fig. 1 List of top users
Fig. 2 List of users’ first name
Fig. 3 List of users’ first name and last name
Fig. 4 The torrent
Bernie Hogan, research fellow at Oxford Internet Institute employed another experiment, using NodeXL, aiming to prove that someone could download from Facebook entire networks related to a topic, group or entity. “NodeXL is a template for Excel 2007 and 2010 that lets you enter a network edge list, click a button, and see the network graph, all in the Excel window”.
Credits and copyright: Bernie Hogan, Research Fellow at Oxford Internet Institute.
Different networks represent different social worlds of users. In the network graphics, one could see the most connections a user makes with other users and the relationship among these users by reading the connection strength between the nod (central user) and his “friend’s list”. If one exchanges a few messages with another, the shown graph will be small, but if a user heavily exchanges messages with another, the graph will be high. The media’s usage of rapports between users could also be established by using NodeXL. To monetized that information downloaded with NodeXL it becomes easier as it refers to particular groups where the members share the same preferences in terms of products, services, publications, beliefs, etc. By establishing which group someone joins (with its particular themes or topics), it could be easily determined what kind of preferences a particular user has.
Credits and copyright: Bernie Hogan, Research Fellow at Oxford Internet Institute.
User preferences could be gained very easily through methods such as: the use of NodeXL to import various data stored on multiple formats including GraphML, UCINet, Pajek, and matrix. It could connect directly to Twitter and YouTube allowing the import of the network of users that “tweeted” on a certain topic or keyword. If one uses Email clients (Outlook, Windows Mail, etc), NodeXL could import the network to whom the user communicated in the past days or weeks. NodeXL features among others, permits to use an Auto filling option when the program is started in order to “command” the program on how much information to collect, from how many users, how the graph would be.
Credits and copyright: Bernie Hogan, Research Fellow at Oxford Internet Institute.
To conclude, by employing social network analysis (SNA) through systems such as NodeXL, for mapping connections and relations among users in a social network, key people, groups, activities, and changes, the core of that particular network could be determined, which could lead to more private information. Also, by knowing the “leader” of a group or community, it could enable someone to take positive or negative actions against that person which has “authority” among her community.
“Both online and off, people frequently perform particular social roles. These roles organize behavior and give structure to positions in local networks. As more of social life becomes embedded in online systems, the concept of social role becomes increasingly valuable as a tool for simplifying patterns of action, recognizing distinct user types, and cultivating and managing communities.”
Finally, the interests of a group and its preferences could be determined and could support the offering of mass advertising or marketing, profiling or behavioral advertising.
The question here is why should someone have access to a user’s preferences and social rapports with other users and be able to view the frequency of communications and social activity?
Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: www.e-crimeexppert.com
Did you know about this? Did you use these methods?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
Popularity of Social Network Services and user fees
Yesterday, E-Crime Expert posted a blog about the Development of Social Networking Systems on the Internet, as part of a series that aims to contribute to a better understanding regarding why privacy and personal data are so vulnerable in relation with the Internet and its adjacent services/platforms, today’s post briefly describes the development of SNS on the Internet.
All these examples of social network systems/services (SNS) were provided to show the evolution of human relations, interactions and networking. Indeed there is a great need and desire for people to interact with each other and these online forms of interaction embraced various forms such as: written, visual, musical, etc. People need to socialize, need to express themselves, need to exchange information. SNS also present a huge opportunity for people to become known publically, for example, they can express their artistic capabilities at no cost or very low cost (i.e. Justin Bieber-singer became a star because of his YouTube videos).
Those SNS became so popular and indispensable for users because there are provided these services free of charge. According to Jeff Jarvis: “Free it is impossible to compete against. The most efficient marketplace is a free marketplace.” Besides this, it is also more convenient for some people to socialize from their computer rather then going out to physically meet someone. When someone goes out with their friends, she can usually only meet a certain number of them, but with SNS she can interact in real time with hundreds of people.
Among all, Facebook has the highest audience and people around the world use this platform daily in order to interact, network, meet, share, and socialize with other people. In June 2010, 30.000 users in Canada closed their account symbolically as a form of protest to Facebook’s privacy intrusion. It was symbolic as this number represents a quarter of the total number of people that open an account daily at that time. Today, Facebook has the same amount of users as the Internet had in total in 2004!
SNS also, come together with some debatable hidden features as well. Besides the amazing opportunities given to human beings to socialize, these services have to be monetized (have to be profitable) in order for the developers to be able to provide them to the public at large. The monetization of SNS includes among classic advertising (i.e. someone buys time and space on a website and posts their advertisement), non-traditional ones too. This new form of advertising came with brand new features and concepts where the users could be individually targeted or grouped. According to Ken Auletta: Twitter, YouTube and Facebook have a vast number of users, but yet they are not profitable. Facebook and MySpace tried to sell user-friendly advertising such as the Nike brand for example. But according to Robert Pittman, the former President of AOL, this did not work because users did not want to be interrupted while interacting with other users and also they did not want to be identified with products they do not like, support or believe in. Though, in order to become profitable they need to find a solution to monetize their SNS. A solution to sell more advertising could work if they better knew their users’ profiles, preferences and private information and they could later sell it to commercial business or advertisers. Nonetheless that this does not come without some trades-off for users which what have to offer in exchange: their privacy, which is actually their “fee” for using these services!
Stay tunned for the next post which describes what is about the Retrieving Private Information From SNS’s Users.
Any questions can be submitted to: dan@e-crimeexpert.com
Additional information can be found at: www.e-crimeexppert.com
Did you think that those SNS are really free of charge? Are you on Facebook? Which other SNS are you using?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.
www.e-crimeexpert.com
E-Crime Expert for Android
Follow Dan Manolescu
E-Crime Expert Facebook page
Dan Manolescu
E-Crime Expert
Dan Manolescu
E-crime Expert blog 