Facetime Bug Lets People Eavesdrop on Friends
A bug in iOS 12.1 allows people to hear and possibly even see the people they call on Facetime even if the recipient doesn’t accept the call. The recipient has no indication that the caller can hear or see them. The bug affects both iPhones and iPads running iOS 12.1 and Apple computers running macOS Mojave.
The bug was found by 9to5Mac and replicated by everyone using iOS 12.1, including several CNN Business staff members. Apple said it has a fix or the problem and will release a software update later this week to address it. In the meantime, Apple has disabled Group FaceTime for all users.
Starting a FaceTime video call triggers the bug if, before the other person answers, tapping “Add Person” and then adding in your own phone number. You will then hear audio of the person you’re call even if they don’t answer and sometimes get video.
To protect yourself until the bug is fixed, on an iPhone or iPad go to Settings -> FaceTime and turn off the button the top of the screen. On a Mac, open the FaceTime app and at the top of the screen select “Turn FaceTime Off.”
For more information on the bug and other recent Apple issues, Wired magazine provides context.
Twitter Failed to Protect Android Users
A Twitter bug meant that when Android users selected “Protect My Tweets” they actually weren’t – and the breach lasted for years.
On January 17, 2019, Twitter disclosed that the Protect Tweets setting was disabled for Android users if certain changes, such as an email change, were made. It is now turned back on. The bug did not effect people using iOS apps or web-based Twitter.
While any privacy breach is disturbing, in this case, the fact that it existed from November 3, 2014, until January 14, 2019, without notification makes it worse.
According to Bloomberg Law (link https://news.bloomberglaw.com/privacy-and-data-security/twitter-faces-new-eu-query-into-data-security-flaw-corrected ), the Irish Data Protection Commission is investigating the protected tweets security flaw. Since Twitter is already under an EU investigation for GDPR-related data-collection issues, a finding against Twitter could lead to the top GDPR penalty, which is 4 percent of the company’s annual revenue.
Facebook Integrating WhatsApp, Instagram & Messenger
The New York Times is reporting that Facebook plans to integrate WhatsApp, Messenger and Instagram. While the three platforms would look the same to consumers after the change, their backend infrastructure would become the same, merging user profiles to make it easier for Facebook to target ads more precisely. When questioned about the report a spokesperson touted end-to-end encryption as a possible benefit. Increased data sharing behind the scenes won’t thrill privacy advocates but since the interfaces are expected to look the same, consumers are unlikely to notice or complain until the next Facebook data breach.
Google Partnering with WordPress
Google is working with Automatic/WordPress to create a low-cost system for publishing local news. Called Newspack, Google invested $1.2 million into its creation.
Google says Newspack is being developed to help small publishers write more stories and follow Google’s best practices without having to spend a lot of time on website design.
The Google blog has the official announcement and more details on the partnership.
Google’s Board of Directors Sued for Misconduct Cover-Up
Shareholders are suing the board of directors of Alphabet Inc., the parent company of Google, for covering up alleged sexual misconduct by Andy Rubin and other executives and approving Rubin’s $90 million exit payment. The complaint targets top executives including Google co-founders Larry Page and Sergey Brin, investor Ram Shriram, venture capitalist John Doerr, Alphabet Chief Legal Officer David Drummond and others.
The investors’ lawsuit claims that the board did not perform its duties by doing nothing about the alleged harassment, approving the large financial payouts and covering up the details after an internal investigation found the accusations of Rubin’s sexual harassment to be credible. The complaint, which was filed in California state court, claims that during his tenure at Google, Rubin was also engaged in human sex trafficking.
According to the complaint, the board’s audit and compensation committees, which includes Page, Brin and Schmidt, reviewed the findings of the investigation into Rubin. The complaint alleges that directors were informed, “the allegations are credible” yet they granted Rubin the hefty payout anyway.
A second lawsuit filed by the Northern California Pipe Trades Pension Plan and Teamsters Local 272 Labor Management Fund makes similar claims about Rubin and the board’s actions.
Rubin created the Android operating system and ran Google’s mobile division for years before leaving in 2014. In October 2018, The New York Times reported that an employee accused Rubin of sexual harassment and Google executives approved the financial package. In November, thousands of Google employees staged a protest in regard to the tech giant’s workplace sexual misconduct policy. Google’s board is also accused of behaving in a similar fashion when Amit Singhal resigned in 2016 after sexual harassment claims. Singhal was fired in 2017 from Uber Technologies for failing to disclose the accusations against him while at Google.
For more details, see Bloomberg’s official report.
Facebook Changes Group Rules
It’s been a long-standing point of complaint that people used to be able to add friends to Facebook groups without their approval or permission. Some people meant well but just didn’t take their friends’ preferences into account while other group owners used the method to inflate membership, even if it meant some people never participated in the group. Finally Facebook has updated the rules and procedures for adding to groups.
Under the new procedure, when a person is invited to join a group they’re added to a new “Invited” list the group admin can see. The person invited must manually accept the invitation and only then will they be counted in the membership numbers. Admins can sent prospects one reminder to encourage them to join the group.
If a group has a large number of people of who were invited to join but never interacted with the group, the group’s numbers could drop as a result of this change. However, it is a logical update that should please most Facebook users, even if it is long overdue.
The official Facebook announcement can be found here.
Twitter’s New Beta App
Twitter is giving select users access to a standalone app designed to test new features and ways of showing and organizing conversations. It’s no secret that Twitter has had a problem with abuse and toxic behavior. Finding a way to curb and manage abusive behavior without hurting the positive aspects of the platform is the challenge, hence the app.
For more information, read the Tech Crunch interview with Sara Haider, Twitter’s director of product management.
Facebook Political Ad Changes
2018 was a bad year for Facebook. Among other things, its leadership was called before Congress to answer questions about how the platform was used to influence votes and related data breaches.
Since then the company has introduced an authorization process for those wishing to place political ads in the United States. Now with elections looming in Brazil, Nigeria, and the United Kingdom, limitations have been placed on political ads in those countries, too.
Facebook has also stopped accepting political ads for local and state elections in Washington state. The Washington State Public Disclosure Commission adopted new rules for political advertising disclosure. Facebook is declining ads while it examines the rules. Facebook had to pay $238,500 to settle a lawsuit in Washington state alleging violation of political law.
See Facebook’s official announcement about Washington State ads for more information.
Twitter Timeline Switch Temporary, Android Users Delayed
Nearly a month after Twitter announced a “sparkle” button that allows users to switch back to the original, chronological timeline, Android users are finally getting access to it as well.
However, for all users, switching to the chronological timeline will require more work to maintain it. Twitter is “experimenting” with how often the choice lasts before defaulting users back to the “home” setting, which is the algorithm “top tweets” feed. The company says it could learn user preferences over time, but for the moment, it means you’ll have to regularly check which version of the timeline you have regardless of whether you’re an Android, web or iOS user.
Google Search Console Discontinuing Features
Despite previously indicating that all old features would be moved over to the new Google Search Console, John Mueller, the company’s senior webmaster trends analyst, said that some features from the old Search Console will be discontinued. As an example Mueller cited the crawl errors section because it’s not useful. The company might also get rid of reports that are common in third-party tools.
You can watch Mueller’s exact comments in the webmaster hangout video. Search Console comments begin about 28 minutes into the video.
Old Tweets Reveal Your Location
An algorithmic tool developed by a group of international researchers can use Twitter to predict where you live with greater than 90 percent accuracy and do it in minutes. LPAuditor, which is short for Location Privacy Auditor, can also predictor where you work and worship as well as more potentially sensitive information, such as if you went into a rehab facility or strip club.
The tool utilizes Twitter’s “invasive policy” when it introduced the ability to add a location tag to tweets from 2009 to 2015. During that period users who added a geotag to tweets, even if it was a broad range such as “New York City,” would automatically provide Twitter with their exact GPS locations. The person tagging their tweet wouldn’t see the coordinates and neither would their followers but the GPS data would be in the tweet’s metadata, and therefore accessible through Twitter’s API.
Twitter changed the policy in April 2015 so that users must opt-in to share their precise location but the GPS information previously collected is still accessible within the API, and LPAuditor uses it for its predictions.
The LPAuditor team described its process in a peer-reviewed paper that will be presented at the Network and Distribution System Security Symposium in February.
An unnamed member of Twitter’s site integrity team told Wired magazine that sharing location data has always been voluntary and users can delete data. However, few users realized that adding a broad geotag like “Houston” could disclose exactly where in Houston a person lived, worked or visited.
For more information on how LPAuditor was developed and works, check out Wired’s story here.