Make your router hacker-proof

By Sandeep Nair Narayanan, Anupam Joshi and Sudip Mittal for The Conversation 

In late April, the top federal cybersecurity agency, US-CERT, announced that Russian hackers had attacked internet-connected devices throughout the U.S., including network routers in private homes. Most people set them up – or had their internet service provider set them up – and haven’t thought much about them since. But it’s the gateway to the internet for every device on your home network, including Wi-Fi connected ones. That makes it a potential target for anyone who wants to attack you, or, more likely, use your internet connection to attack someone else.

As graduate students and faculty doing research in cybersecurity, we know that hackers can take control of many routers, because manufacturers haven’t set them up securely. Router administrative passwords often are preset at the factory to default values that are widely known, like “admin” or “password.” By scanning the internet for older routers and guessing their passwords with specialized software, hackers can take control of routers and other devices. Then they can install malicious programs or modify the existing software running the device.

Once an attacker takes control
There’s a wide range of damage that a hacker can do once your router has been hijacked. Even though most people browse the web using securely encrypted communications, the directions themselves that let one computer connect to another are often not secure. When you want to connect to, say, theconversation.com, your computer sends a request to a domain name server – a sort of internet traffic director – for instructions on how to connect to that website. That request goes to the router, which either responds directly or passes it to another domain name server outside your home. That request, and the response, are not usually encrypted.

A hacker could take advantage of that and intercept your computer’s request, to track the sites you visit. An attacker could also attempt to alter the reply, redirecting your computer to a fake website designed to steal your login information or even gain access to your financial data, online photos, videos, chats and browsing history.

In addition, a hacker can use your router and other internet devices in your home to send out large amounts of nuisance internet traffic as part of what are called distributed denial of service attacks, like the October 2016 attack that affected major internet sites like Quora, Twitter, Netflix and Visa.

Has your router been hacked?
An expert with complex technical tools may be able to discover whether your router has been hacked, but it’s not something a regular person is likely to be able to figure out. Fortunately, you don’t need to know that to kick out unauthorized users and make your network safe.

The first step is to try to connect to your home router. If you bought the router, check the manual for the web address to enter into your browser and the default login and password information. If your internet provider supplied the router, contact their support department to find out what to do.

If you’re not able to login, then consider resetting your router – though be sure to check with your internet provider to find out any settings you’ll need to configure to reconnect after you reset it. When your reset router restarts, connect to it and set a strong administrative password. The next step US-CERT suggests is to disable older types of internet communications, protocols like telnet, SNMP, TFTP and SMI that are often unencrypted or have other security flaws. Your router’s manual or online instructions should detail how to do that.

After securing your router, it’s important to keep it protected. Hackers are very persistent and are always looking to find more flaws in routers and other systems. Hardware manufacturers know this and regularly issue updates to plug security holes. So you should check regularly and install any updates that come out. Some manufacturers have smartphone apps that can manage their routers, which can make updating easier, or even automate the process.

Creating successful digital content is based on the design team addressing several basic pointers.

Conduct market research
Whilst a news broadcast may be interesting for some patrons in a restaurant, it may illicit groans from others. Market research needs to be conducted in order to understand what content will perk the customer’s interest whilst sitting, relaxing and enjoying a meal, or what will drive the irritated customer mad and straight out the door.
For example, if people on the road enjoy listening to music, a petrol station’s digital display could play top music videos. And if the petrol station is located on a national highway to the coast, various coastal regions could be featured, thus enhancing the holiday maker’ s trip.

What screen will the content be displayed on?
When digital content is created, the screen that it will be displayed on needs to be considered and the following questions asked: – Where is the screen located? Who will be looking at it? What will they be doing while they look at it?

What type of content should be displayed where?

  • Text heavy content generally takes more than a few seconds to read and is best reserved for waiting areas or long queues
  • Shorter content should be used in areas where customers come and go quickly
  • Content for displays that are placed near a point of sale, such as a cash register or reception desk, create tempting impulse buys
  • Storefront digital signage that attracts customers to a store, should consist of advertising and promotional content
  • Call to action content should take the form of a video. Content may be king, but when it comes to digital signage, so is context

Be a stickler for text design
With numerous fonts, sizes, and colours to select, it seems as if text design is the part of digital signage content that lends itself most to creativity. However, depending on the application, poor font choice can derail an entire project. Fonts should always be simple and legible, especially from a reasonable distance, and too many fonts will muddy the message and may lose viewers.

Choose colour wisely
Too many colours or the wrong colours together, can be a distraction or even worse, convey the incorrect emotion. In addition, combining certain colours may be a hit in the retail marketing arena, but garish colour combinations, used in an airport or train station, may be disconcerting for the traveller who is seeking basic information such as schedules.

Use motion selectively
Often silhouettes and animation may interfere with readability or comprehension. As viewers should be given enough time to read text, movement should not be too abrupt.

Alliteration and rhyme
For quicker viewer retention and memorization, rhyme and alliteration could be considered. Most viewers remember up to three items at any given time. By keeping the message clear and concise, and holding the screen views long enough, the message can be read and absorbed effectively.

A place for humour
There are times when a playful injection of humour can transform digital signage content from ordinary to eye-catching and attention-grabbing. Once a viewer’s attention is caught, a conversation can be started with excellent content to follow. For many marketers, getting a customer ‘in the door’ is the first step to converting them into a sale.

Keep it fresh
One major element separating digital signage from traditional signage is its ability to display dynamic content. If only static content is being displayed on the screen, the question remains, why even use digital signage? Dynamic content captures an individual’s attention, keeps the viewer interested and remains top of mind.
Customers and employees are 10 times more likely to observe dynamic digital signage content than static messages. Examples of dynamic digital signage content are videos, animations, social media feeds or RSS feeds. The latter two are the most likely to keep the content as fresh and exciting as possible, and they’re low maintenance. However, if a company’s social media account is being displayed, it’s essential that it is kept updated!

Keep it simple
At first glance, simplicity may seem contradictory to producing amazing content, however good visual communication should always be concise, easy to understand and memorable. Establish whether your content is interactive or not and then focus on delivering one key message, as too much information can overload and distract the viewer.

Place a call to action on every screen
Start a call to action with a verb, keep the verb and subject close together, and embed it in each screen being used (e.g. “Get Yours Today,” “Get Started Now,” “Try it for Free.)

Make it useful, not only colourful
When content is being designed, make sure it enhances the experience, not detracts from it. For example, many menu boards will use a dedicated attract screen for this type of animated content, such as McDonald’s where the content flows well and the actual menu is not affected. All content elements must work together and not compete against one another.

Offer value, not technology
Often companies engage in technology, whilst not fully understanding how it will add value to the customer experience. The key question needs to be asked, “What will the customer gain if they pay attention to my content?” Will they be entertained or more likely to make a purchase, or both? Does it offer them some sort of discount?

Customers may not pay attention to your digital signage if the design contains the following issues:

  • Lack of relevance – certain digital signage software solutions are available that allow you to examine how long your customers will look at a display, whether they engage with it and what their emotional reaction is. This information can be used to your advantage when you know your customer’s profile and needs, so that suitable and relevant content can be created.
  • Uninspiring content – even if your content is relevant, that doesn’t mean it’s a winner. Sometimes digital displays simply advertise a product’s price, and nothing else. It’s not useless, as it may drive a few sales, however it’s only revealing a fraction of the message. A key element to inspiring content is that it doesn’t just deliver sales, it also boosts brand awareness and value. So, with all your content, you need to ask, “how will this improve my brand?”
  • Lack of engagement – some displays fail to engage the audience in a conversation with the product, brand or service. Digital signage offers many tools one of which includes social media integration. You can integrate a social media newsfeed from your brand and encourage your audience to like or follow your pages. Or you can integrate a camera in your display, so users can take selfies against backdrops or augmented reality elements, such as a virtual sports jersey. However, having said that you don’t need to turn your display into an interactive marvel, but you do need to discover a way for your audience to care about and communicate with your brand. Neglecting engagement to advance sales is a recipe for disaster.

Data network operators to roll data over

By Bekezela Phakathi for Business Live

Data network operators will soon be required to give subscribers the option to roll over their unused data.

According to the final End-User and Subscriber Service Charter Regulations announced by the Independent Communications Authority of SA (Icasa) on Thursday, this is to ensure consumers do not lose unused data, as is currently the practice. The regulations are expected to bring relief to consumers, who have long bemoaned usage limits.

The government is pulling out all the stops to reduce the cost of communicating, saying it is only through legislative means that it can ensure reasonable pricing and market structure in the sector.

Network operators have been under intense scrutiny in recent months for allegedly ripping off consumers, especially when it comes to data expiry dates and out-of-bundle billing.

Icasa said the new regulations would be published in the Government Gazette in the next few days. In terms of the regulations, all licensees will be required to send usage depletion notifications to consumers when their usage is at 50%, 80% and 100% depletion levels. The regulator said this will enable consumers to monitor their usage and control spend on communication services.

Furthermore, all licensees will be required to provide an option for consumers to transfer data to other users on the same network. Operators are no longer allowed to charge consumers out-of-bundle rates — without the consumers’ specific prior consent — for data when their ascribed data has run out. This, according to Icasa, will ensure consumers are not defaulted to out-of-bundle data charges, which are significantly higher than in-bundle charges.

“The End-User and Subscriber Service Charter Regulations seek to protect the rights of consumers by, among other things, ensuring they are provided with sufficient information that will assist them in making informed decisions, as well as facilitate redress for those consumers who have been unfairly treated by network providers,” said Icasa councillor Botlenyana Mokhele

“It is a well-known reality that South African citizens are concerned about the money they spend every month on their consumption of data services.

“While the authority acknowledges the concern with regard to the perceived high cost of data and high out-of-bundle rates, it is important to note that the review of the End-User and Subscriber Service Charter Regulations of 2016 does not seek to directly or indirectly regulate the price of data services. Our objective is to develop minimum standards in respect of the provision of data, SMS and voice services in line with Section 69 of the Electronic Communications Act of 2005.”

Source: Media Update

According to GfK’s international ViewScape survey, which covers Africa (South Africa, Kenya and Nigeria) for the first time, 20% of South Africans who sign up for a subscription video on demand (SVOD) service such as Netflix or Showmax do so with the intention of cancelling their pay television subscription.

The study, which surveyed 1 250 people representative of urban South African adults with Internet access, shows that 90% of the country’s online adults today use at least one online video service, and that just over half are paying to view digital online content.

The study reveals that average user spends around seven hours and two minutes a day consuming video content, with broadcast television accounting for just 42% of the time South Africans spend in front of a screen.

Viewers in South Africa spend nearly as much of their daily viewing time – 39% of the total – watching free digital video sources such as YouTube and Facebook as they do on linear television.

The study also shows that people aged 18 to 24 years spend more than eight hours a day watching video content, as they tend to spend more time with free digital video than people above their age.

Benjamin Ballensiefen, managing director for sub-Saharan Africa at GfK, says, “The media industry is experiencing a revolution, as digital platforms transform viewers’ video consumption behaviour.”

“The GfK ViewScape study is one of the first to not only examine broadcast television consumption in Kenya, Nigeria and South Africa, but also to quantify how linear and online forms of content distribution fit together in the dynamic world of video consumption,” adds Ballensiefen.

The study finds that just over a third of South African adults are using streaming video on demand (SVOD) services, with only 16% of SVOD users subscribing to multiple services.

Around 23% use per-pay-view platforms such as DSTV Box Office, while about 10% download pirated content from the Internet. Around 82% still watch content on disc-based media.

“Linear and non-linear television both play significant roles in South Africa’s video landscape, though disruption from digital players poses a growing threat to the incumbents,” says Molemo Moahloli, general manager for media research and regional business development at GfK Sub Sahara Africa.

Moahloli concludes, “Among most demographics, usage of paid online content is incremental to consumption of linear television. However, there are signs that younger consumers are beginning to substitute SVOD for pay-television subscriptions.”

By Katie Canales for Business Insider US 

Facebook CEO Mark Zuckerberg has announced a new privacy control called “Clear History”.

It would be similar to clearing your Web browser’s history — what you’ve clicked on, the websites you frequent, and the like would be wiped from your Facebook account.

Zuckerberg says that if you choose to clear that information, your Facebook experience “won’t be as good while it relearns your preferences”.

Facebook CEO Mark Zuckerberg said on Tuesday that users would for the first time be able to clear the data from their account that keeps track of their activities on the social network.

The new feature, called “Clear History,” would be similar to a web browser’s option for users to clear their history and cookies from the cache, Zuckerberg wrote in a Facebook post.

“Once we roll out this update, you’ll be able to see information about the apps and websites you’ve interacted with, and you’ll be able to clear this information from your account,” Zuckerberg added.

He said he would provide more details during Facebook’s annual developer conference, F8, which kicks off on Tuesday.

Facebook has been under pressure to improve privacy controls for its users since news reports in March revealed that the data firm Cambridge Analytica had improperly harvested the data of up to 87 million Facebook users.

Zuckerberg said in the post that users who choose to clear the data from their Facebook profiles might have a less smooth experience on the social network.

“Your Facebook won’t be as good while it relearns your preferences,” Zuckerberg said.

A Facebook representative told Recode that a user’s wiped browsing data wouldn’t be tied to them or used for targeting but could still be kept anonymously for companies that use Facebook for analytics.

By Alison DeNisco Rayome for Tech Republic

Microsoft is doubling down on its promise to rid the world of passwords and replace them with more convenient and secure options, the company announced in a Tuesday blog post.

“Nobody likes passwords. They are inconvenient, insecure, and expensive,” according to the post. The tech giant wants to deliver on two key promises: That end users “should never have to deal with passwords in their day-to-day lives,” and to replace passwords with “user credentials [that] cannot be cracked, breached, or phished.”

Microsoft first made a move to reduce password use with Windows Hello, introduced in Windows 10, which uses biometric sensors to verify a user’s identity based on a fingerprint or face scan. It has since introduced the Authenticator app, which allows users to log into their Microsoft account on their desktop using their phone. Finally, Microsoft is working with the Fast Identity Online (FIDO) working group to update Windows Hello with physical FIDO2 security keys that allow for more secure authentication.

The Windows Hello FIDO2 Security Key feature is now in limited preview, the post noted.

“At its core, our fundamental philosophy is simple: devalue the password, and replace it with something that eradicates its use for the end user and drains its value for an attacker,” according to the post.

The Windows 10 April 2018 Update includes the ability to do just that, the post noted: Using Windows 10 in S mode, cloud users (with Managed Service Account or Azure Active Directory) can use their PC without ever entering a password. Users can take advantage of this feature by setting up the Microsoft Authenticator App, installing the Windows 10 April 2018 Update with S mode enabled, and setting up Windows Hello.

To achieve a password-less future for all devices, Microsoft laid out a four-step plan:

1. Develop password-replacement offerings. This would involve replacing passwords with a new set of alternatives that retain the positive elements of passwords while also improving their shortcomings.

2. Reduce user visible password-surface area. Microsoft wants to upgrade all elements in the lifecycle of a user’s identity, including provisioning of an account, setting up a new device, and accessing apps and websites, to make sure they work with password replacements.

3. Simulate a password-less world. This means helping end users and IT administrators to transition into a password-less world easily.

4. Eliminate passwords from the identity directory. Deleting passwords from the identity directory represents “the final frontier,” according to the post.

It remains to be seen if other tech giants will follow Microsoft’s lead and eliminate passwords. With the rise of biometric security in a number of fields, the future for businesses could very well be password-less.

Top tricks used by card fraudsters in SA

By Timothy Rangongo for Business Insider SA 
Source: South African Banking Risk Information Centre

The South African Banking Risk Information Centre (Sabric) has released its card fraud statistics for 2017.

South Africa’s banking industry was hit with a 1% increase in credit card fraud in 2017, which rose to R436.7 million, according to the latest report on card fraud.

Debit cards were the least hit by fraud, which declined by 8.5% to R342.2 million in the same period.

CEO of SABRIC, Kalyani Pillay, attributes the decrease in debit card fraud to a reduction in lost and/or stolen and counterfeit card fraud.
“Criminals are always adjusting their tactics to take advantage of innovations in the banking landscape.”

Sabric lists these as the trending types of fraud in South Africa:

Lost and/or stolen card fraud
In many cases lost and/or stolen cards are obtained by interfering with customers while transacting at an ATM; criminals distract victims by offering them assistance during which the card and PIN are obtained.
The card is then used repeatedly at ATMs until the daily cash withdrawal limit on the card is reached, after which high value transactions are made at merchants.

Not-received issued-card fraud
Here, criminals intercept a genuinely-issued card before it reaches the customer.

False-application card fraud
Accounts are opened by falsifying a credit applications.

Counterfeit card fraud
Counterfeit cards are made using information stolen from the magnetic strip of a genuine card, usually through card skimming.

Card-skimming via Point of Sale (POS) devices
The first POS skimming devices were retrieved in South Africa in 2014, according to Sabric. Criminals steal legitimate POS devices from merchants and then convert them into skimming devices. In some instances, devices are swapped between different merchants to make it seem as if all devices are accounted for.

Account-takeover card fraud
The common denominator for both account-takeover fraud and false-application fraud is access to the personal information of victims. Takeovers are done by obtaining personal or client-specific information, pretending to be the client and then applying for a replacement card.

Card not present card fraud (CNP)
These transactions are done via telephone or internet. Criminals source card data in various ways such as phishing, vishing, malware, and data breaches.

How you can protect yourself against card fraud:

  • Don’t disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, or even email
  • Don’t write down PINs and passwords, and avoid obvious choices like birth dates and first names
  • Don’t use any Personal Identifiable Information (PII) as a password, user ID, or personal identification number (PIN)
  • Don’t use internet cafes or unsecured terminals (hotels, conference centres etc.) to do your banking
  • Review your account statements on a timely basis and query disputed transactions with your bank immediately
  • When shopping online, only place orders with your card on secure websites
  • Do not send e-mails that quote your card number and expiry date
  • Ensure that you get your own card back after every purchase
  • Report lost and stolen cards immediately
  • If you have a debit, cheque and credit card, don’t choose the same PIN for all of them. If you lose one, the others will still be safe
  • While transacting always keep an eye on the ATM card slot to ensure that your card is not taken out, skimmed, and replaced without your knowledge
  • Should your card be retained by an ATM, contact your bank and block your card before you leave the ATM
  • Subscribe to your bank’s SMS notification services to inform you of any transactional activity on your account

 

The reinvention of Nokia

By Wesley Diphoko for IOL 

Nokia has existed for more than 100 years. Nokia has brought us what we know today as the mobile phone. It has also experienced ups and downs that saw it changing hands from one company to the other. Now that the oldest mobile phone brand is making a full come back it’s worth reflecting on its past as we look at its latest products.

In the year 1865, Fredrik Idestam built a paper manufacturing mill in Southern Finland and followed it up by launching a second mill in the nearby town of Nokia in 1868.
Three years later Idestam transformed his company into a share company and the Nokia company was formed.

Nokia kept growing through the 19th century and it was only in the 1960s that the company branched out into electronics. In the next two years, it developed a host of electronic devices including radio telephones for the army.

In 1979 Nokia took its first steps into telephony by creating Mobira in a Joint Venture (JV) with Finnish TV maker Salora, and they created the Nordic Mobile Telephone
(NMT) service. This was the world’s first international cellular network and in the 80s, Nokia launched its first car phone called the Mobira Senator.

Five years later Nokia launched the Mobira Cityman, the first mobile phone that would run on the company’s NMT network. At 800 grams and priced at $6,308, it may be heavy and pricey by today’s standards, but the device soon hit cult status when Mikhail Gorbachev was photographed using the device.

The ’90s

The ’90s were the glory years for the Finnish company. In 1994, Nokia launched 2100 with the now iconic Nokia ringtone.
Three years later it launched Snake, one of the most widely recognised mobile games of all time. In 1997, Nokia also launched the Communicator, which 11 years before the first iPhone was considered to be much ahead of its time. The device not only looked cool but also offered features like email, fax, calendar and a massive display.

The same year, Nokia also launched the 6110 and the 5110 two more devices, which were way ahead of their time and competition. These devices offered a much sleeker way of text messaging, a beautiful menu system customization options like multiple colour snap-on covers. These devices were followed by the 7110, which offered basic web functions, the 7650, with a built-in camera and the 6650, the company’s first 3G enabled smartphone.

By 1998, Nokia had firmly established itself as the global leader. Where its rivals like Apple, Sony and Siemens had failed to predict the global demand, Nokia sailed through these years with a turnover that increased 500 percent from $ 8.9 billion to $42.8 billion.

After the glorious 90s, in 2007 things began to go downhill — and rapidly. In the year 2009, Nokia posted its first quarterly loss in more than a decade. This was largely due to HTC developing a smartphone running on the yet new Google Android operating system.
With the iPhones and various Android smartphones taking the market by storm, Nokia failed to keep up with them. Instead of joining the horde of Android adopters, Nokia’s new CEO Stephen Elop joined hands with Microsoft to develop smartphones running on the Windows Phone platform.

The Microsoft acquisition

Microsoft’s acquisition of Nokia’s smartphone business brought an end to an era, which has seen plenty of ups and an equal number of downs.
On September 3, 2013, Nokia announced that its hardware department would be acquired by Microsoft in a deal that was worth $7.2 billion. After eight months, the deal was completed.

Nokia , once the world’s biggest maker of mobile phones, was wrong-footed by the rise of smartphones and eclipsed by Apple and Samsung.
It sold its entire handset business to Microsoft Corp in 2014 and focused on telecoms network equipment.
Microsoft struggled with phones after the 2014 deal with Nokia, and it decided to write off $7.5 billion from the business.

Nokia brand

Nokia, however, held on to its phone patents with a view to eventually striking a licensing deal, though it had to wait due to a non-compete deal with Microsoft.

Recently, HMD, a company backed by one of its former executives teamed up with manufacturer Foxconn (2354.TW) to buy the rights to the brand for mobile devices.

Microsoft also decided to sell its entry-level phones business to HMD and Foxconn subsidiary FIH Mobile for $350 million.

Nokia, whose global market share in handsets peaked at around 40% in 2008, believed that its brand remained widely recognised, especially in developing markets.

Nokia also believed that its brand was strong in the feature phone space. The company now has 1% of the global market share and falls just outside the top 10 phone brands.

The Nokia 1 is accessible technology, delivering smartphone essentials for just R999. The legendary Nokia 8110 is a 4G feature phone that comes with the iconic curved slider design. It will be available for purchase from May 2018.

By Lizzie Plaugic for The Verge

On a recent Sunday, creative director Jason Debiak was having breakfast with his family in New Jersey, when something strange happened.

“I was having an adorable breakfast with my family, my 2-year-old daughter and my wife,” he says. “Something came up [on my phone] and I usually try not to check my email, but I checked my email and it said, ‘You have 10 new matches on Match.com.’ I was like … what?”

Debiak’s long-forgotten — and, he assumed, long-deleted — dating profile from over a decade ago had suddenly been reactivated. “I log in, and there I am, from 15 years prior, with less gray hair,” he said. “And my whole profile is there, everything.” Judging by the messages he received, Debiak says it seemed like the account had been reopened for about a week.

“I contacted customer service, and they said, ‘Oh, we’re sorry you got email notifications. We’ll turn off email notifications,’” Debiak said. “And I was like, ‘No, you don’t understand. Not only do I not want email notifications – I don’t want to be on your website, ever.’”

Old, ‘deleted’ accounts reactivated
A Match Group spokesperson confirmed that a “limited number” of old accounts had been accidentally reactivated recently and that any account affected received a password reset. Match.com’s current privacy statement, which was last updated in 2016, says that the company can “retain certain information associated with your account” even after you close it. But that Match Group spokesperson also told The Verge that the company plans to roll out a new privacy policy “in the next month or so,” in order to comply with the EU’s General Data Protection Regulation (GDPR); under the new policy, all those years-old accounts will be deleted. The Verge has requested clarification on which accounts will qualify for deletion, and what “deletion” will specifically entail, but has not received a response as of press time.

In the past, it hasn’t been uncommon for dating websites to use and retain your data for research, marketing, or, as Match.com’s current privacy policy says, “record-keeping integrity.” In a 2009 ComputerWorld report, eHarmony’s then-VP of technology Joseph Essas said, “We have an archiving strategy, but we don’t delete you out of our database. We’ll remember who you are.” Herb Vest, the founder and CEO of the now-defunct dating website True.com, said in the same report: “The data just sits there.” Even if the profile reactivations were just a glitch in Match’s system, they’re a stark reminder that the internet doesn’t easily forget.

Although there is no federal data destruction law in the US, 32 states — including Texas, where Match Group is headquartered — have data disposal laws that require “entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.” In addition to that, 13 states, also including Texas, have laws that require private companies to maintain reasonable cybersecurity practices. If that sounds vague, that’s because it is. “A lot of this is still, I don’t want to call it amorphous, but it’s still being defined, frankly,” explains Scott Shackelford, an associate professor and Cybersecurity Program chair at Indiana University-Bloomington. “What ‘reasonable’ is, is a moving target.”

But that doesn’t change the fact that many former Match.com users feel blindsided by this, not to mention misled by Match. It’s not clear how many people saw their years-dormant Match.com profiles reactivated recently, but it’s not hard to find complaints about the ghost profiles online.

First launched in 1993, Match.com has since become a dating behemoth. Its parent company, Match Group, now owns dating apps like OkCupid, PlentyofFish, and Tinder. (It reportedly tried to buy Bumble last year, and it’s now embroiled in a messy lawsuit with the app involving trade secrets and intellectual property.) OkCupid allows users to delete or disable their accounts but still retains data. PlentyofFish and Tinder’s privacy policies both claim to retain data “only as long as we need it for legitimate business purposes and as permitted by applicable legal requirements.” Tinder, like Match.com. also notes it will “retain certain data” after you close your account.

“There probably are good reasons to keep deleted profiles for some period of time — for example, to prevent or detect repeat users or fake users, etc,” Albert Gidari, consulting director of privacy at the Stanford Center for Internet and Society, wrote in an email. “But that doesn’t mean forever.”

Data is forever
Rob P., who had been an active online dater since around 2005, recently had his Match.com profile resurface, even though he’s engaged now. And his experience with Match.com’s customer service after the fact was frustrating. He just wanted someone to delete his profile, but no one would do it. “They kept using terminology that was… not saying it’s permanently deleted, just ‘unviewable’ or ‘inaccessible’,” he says. “And I kept saying, ‘It needs to be deleted.’”

Match Group has run into complaints about this before. A class action lawsuit filed in 2010 by former subscribers claimed that Match.com was trying to deceive users by keeping inactive and fraudulent accounts viewable. “With regard to inactive members (i.e., members who have cancelled their subscriptions and / or allowed their subscriptions to lapse),” the filing reads, “Match takes virtually no action to remove these profiles (that remain on the system, are searchable by members, appear as and are in fact counted among Match’s ‘active members’) for months and sometimes years after the individuals have become inactive.” The suit was dismissed in 2012 after US District Judge Sam Lindsay found that Match’s user agreement didn’t require it to remove these profiles.

In 2015, California resident Zeke Graf filed a class action lawsuit against Match claiming the company was knowingly violating a California civil code which requires every dating service contract to include a statement allowing the buyer to cancel their subscription. That lawsuit was later voluntarily dismissed by Graf.

In an increasingly privacy-conscious world, the sudden zombie appearance of an old social media profile would be an unnerving experience for anyone. But online dating, in particular, puts people in a vulnerable position, often encouraging users to reveal as much of themselves as possible. “You’re filling out questionnaires about your beliefs and feelings and who you are as a person,” Rob P. says. “Hopefully the algorithm uses that information to match you up with the best compatible mate, but it’s scary to think they’re holding on to that data even after you close your account.”

Ex-user Katie Storms also saw her account, which she deactivated in 2014, pop up again this month. She’s concerned about data privacy, but also the more immediate impact that a new dating profile could have on her current relationship. “Thankfully I am married to an incredible man who, I immediately told him, ‘Hey, this happened, and I’m concerned about it,’ and we walked through it together,” she says. “I can’t imagine… not that I want to be married to anyone who wouldn’t be understanding about it, but what if you were?”

Jason Debiak also told his wife about the rogue profile immediately, but he later found out that some of her friends had seen it, and thought it was evidence of something more sinister. “That would’ve caused quite an issue if I hadn’t seen those emails,” he says.

Zombie profiles can also affect current users, who, again, are putting themselves in a vulnerable position, only to be confronted with people who aren’t actually looking to date. “I felt like it was a little bit of a violation of privacy for me, and misleading to the people who are on Match.com right now looking for people,” Storms says. “I don’t blame those people who saw my profile and winked at me, but I’m sorry, I’m happily married.”

Data retention policies, especially in the US, can vary from company to company. Match Group owns data from thousands of users, and — as recent scandals and controversies regarding the consequences of user data retention have taught us — it doesn’t have to be completely transparent about what it’s doing with that data. But these reactivations are a reminder that the internet has a long memory, and the burden often falls on the user to be mindful of what they share. “Obviously we need more transparency and control over our own data,” Rob P. says. “But it feels like uncharted territory.”

Is your Gmail account spamming you?

By Annie Palmer for Daily Mail

A new spam attack is tricking a wave of Gmail users into thinking their account has been hacked.

Numerous users have reported that their inboxes were flooded with spam emails titled things like ‘growth supplements’.

However, in a bizarre twist, the ads appeared to have been sent from their own accounts.

Reports of the spam campaign began to trickle out on Saturday and Google has since confirmed the issue.

Users posted in Gmail’s help forum that they’d been hit by the spam attack despite having two-factor authentication and worried that their accounts were hacked.

“My email account has sent out 3 spam emails in the past hour to a list of about 10 addresses that I don’t recognize,” one user posted on Google’s help forum.

“I changed my password immediately after the first one, but then it happened two more times. The subject of the emails is weight loss and growth supplements for men advertisements. I have reported them as spam. Please help, what else can I do to ensure my account isn’t compromised?”

As it turns out, spammers figured out a way to bypass Gmail’s spam filters by using forged headers that make it look like Gmail users’ own e-mail addresses.

Because the messages seemed to be sent by the account owner, Gmail mistakenly filed them to the users’ sent folder.

The forged e-mail headers also appeared to have been sent “via telus.com”.

However, Canadian telecom firm Telus denied that the emails had come from its servers.

Google said users don’t need to worry that their accounts were compromised by the incident.

“We are aware of a spam campaign impacting a small subset of Gmail users and have taken measures to protect against it,” the firm told Mashable.

“This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led those messages to erroneously appear in the Sent folder.

“We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as a scam,” the firm added.

How to check your account

A new spam attack is tricking a wave of Gmail users into thinking their account has been hacked.

Numerous users have reported that their inboxes were flooded with spam emails titled things like “growth supplements”.

However, in a bizarre twist, the ads appeared to have been sent from their own accounts.

The easiest way to check if you’ve been hit by the scam is to check your “sent” folder.

From there, check if any emails are listed as being sent by “via telus.com”.

If you find any, be sure to mark them as ‘spam’ so that they appear in the designated folder.

You can also report an email as a phishing scam by clicking on the dropdown menu, marked by an arrow, in the righthand corner.

Clicking this will give you the option to report an email as a phishing attempt.

Google said that the latest spamming attack hasn’t compromised any user accounts, so there’s no reason to believe your Gmail has been hacked.

Google employee Seth Vargo also addressed the spam attack in a tweet, saying that the firm’s “engineering teams are aware of this and are working on a resolution”.

The firm has developed sophisticated artificial intelligence that is capable of spotting fraudulent emails.

But it seems that this latest attack appears to be more alarming, as it was able to trick Gmail’s own spam filters, making it look like spammers hacked your account.

However, as Google pointed out, the spam attack isn’t a security issue because it doesn’t compromise the integrity of users’ data.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top