Apple could release a 16-inch MacBook Pro and a a 31-inch 6K display

Apple analyst Ming-Chi Kuo is quite reliable when it comes to Apple’s roadmap. And he shared a ton of information over the weekend in a new report obtained by 9to5mac. In 2019, you can expect a bigger MacBook Pro, a new display and upgrades to iPhones, iPads and AirPods.

Let’s start with the Mac. According to Kuo, Apple has been working on a MacBook Pro with an all-new design. It’s unclear if those future models will retain the same keyboard as many users have been complaining about the reliability of the butterfly keyboard.

But Kuo learned that there will be a bigger model with a 16-inch to 16.5-inch display. Let’s hope that Apple is going to trim down the bezels around the display.

TechCrunch already reported that Apple will release a new Mac Pro in 2019. But Kuo believes that the company is also going to release a high-end display to go with this Mac Pro. It could be a gigantic 31.6-inch display with a 6k resolution.

When it comes to iPhones, Kuo believes that Apple will release three models just like in 2018. They should retain the same screen sizes and Lightning connector. Some models may have three camera sensors on the back of the device. Face ID and wireless charging could both receive an upgrade with bilateral wireless charging.

It means that you could charge a second device using your phone, which is a great idea when you know that updated AirPods with a wireless charging case are also coming in 2019.

On the iPad front, the entry-level 9.7-inch iPad could become a 10.2-inch iPad with slimmer bezels. iPad Pro models will receive an update with faster processors.

As previously reported, a new iPad mini is still on the roadmap as well as an updated iPod touch. Finally, it sounds like the Apple Watch might only receive a minor update with ECG coming to international markets as well as a return of the ceramic option for the next version of the Apple Watch.

Read Full Article

Physics Suppression

Physics Suppression

How to Get Wi-Fi Without an Internet Service Provider: 5 Methods

10 Apple Music Features to Use on Your iPhone

The 5 Best Color Picker Apps for Mac

How cool would it be if our eyes could act as our very own color pickers? Since that’ll (probably) never happen, we have to rely on digital color pickers to get accurate color readings.

While the built-in macOS Digital Color Meter is a helpful tool for graphic designers and web developers, you have several third-party color pickers to choose from as well. Check out this list of the top color pickers for macOS to help you decide which to use.

1. Digital Color Meter

Let’s start with the basics. You can easily access the built-in Digital Color Meter through your Utilities folder or by searching with Spotlight (press Cmd + Space). You’ll find that it offers a simple solution to your color-picking problem.

When you open the app, a tiny window will appear that presents an image of the area your mouse is hovering over, along with the corresponding RGB color code. Drag the Aperture size slider to change how large of an area this selects.

Next to this is a dropdown menu. It gives you various value display options such as P3, sRGB, Adobe RGB, and L*a*b*.

Digital Color Meter doesn’t only display RGB values. Clicking the View option on the top of your screen and mousing over Display Values gives you the option to switch between hexadecimals and percentages.

You can quickly master this tool just by learning a couple of shortcuts. If you’re frustrated because the app won’t stop following your mouse when you want to lock onto a single color, all you need to do is press Cmd + X. This will let you zero in on one specific color.

To save the swatch, make sure your mouse is placed over the color you want to capture, and hit Option + Cmd + C. You can then paste the swatch into TextEdit and save it on your computer.

Alternatively, you can save the values of the color by pressing Shift + Cmd + C. You can paste these values in TextEdit and save them as well.

2. ColorSlurp

ColorSlurp has deemed itself as “the best color picker in the universe,” but that’s up to you to decide.

You can download ColorSlurp for free from the App Store. Instantly upon opening it, you’ll notice that it has a more user-friendly interface than Digital Color Meter.

Clicking the eyedropper icon at the top-right corner of the window brings out your magnifier, which you can move with your arrow keys or mouse. Holding down Shift will slow the magnifier’s speed, making it easier to get an accurate color reading.

What makes ColorSlurp more advanced than Digital Color Meter is its ability to create color collections. See several colors you like? Organize them into a collection and develop a color scheme.

Colorslurp allows you to copy a color to the format of your choice. Conversely, taking a color from your clipboard and pasting it into ColorSlurp also lets you switch formats.

For even more features, you can upgrade to ColorSlurp Pro. This version is perfect for color gurus who need access to 20 color formats, swatch history, and other advanced settings.

Download: ColorSlurp (Free, premium version available)

3. Skala Color

Skala Color is a bit different from other color-picking apps in that it only opens within other applications. Luckily, most software supports it.

For example, if you want to use Skala Color in TextEdit, you have to open it from the menu bar. Selecting Format > Font > Show Colors will open TextEdit’s color picker. Clicking the last icon on the color picker’s menu bar opens Skala Color.

Since it’s made specifically for developers working on projects for macOS, iOS, Android, or the web, it comes armed with several color formats to suit your needs. The app allows you to change saturation and brightness with a single drag, or alter hues with a bit of toggling.

If you want to copy a specific color to your clipboard, simply click the clipboard icon. To change the format of the copied color, hit the gear icon and select Copy As to display different formatting options.

Download: Skala Color (Free)

4. Sip

The Sip color picker sits right on your menu bar for effortless access. Clicking the icon turns your cursor into a magnifier that you use to select a color on your screen. When you “sip” a color (or multiple colors at once), it’s stored in the dropdown menu.

That dropdown menu contains a few different tools. As a web developer or designer, you know that choosing the right color scheme is crucial. That’s why in addition to keeping track of your color history, Sip’s dropdown menu also holds onto your color palettes.

Don’t miss out on Sip’s awesome palate sharing feature: you can export, share by email, and even transfer them to a design program. Press the Cmd key while selecting a color on Sip and it will appear on the software you’re using. Popular software like Photoshop, Illustrator, Sketch, Xcode, Sublime, and more are currently supported.

Sip’s color editor also helps you organize and adjust colors. Choose to rename your color palettes, type in specific color codes, or customize your color’s hue, saturation, brightness, and transparency.

Need to make a quick change to your palette on the go? No worries; Sip even syncs to your iPhone.

Download: Sip (Free trial, $10)

5. ColorSnapper 2

Like Sip, ColorSnapper 2 is a handy menu bar app. It comes with an improved magnifier that can handle different types of displays and resolutions. This highly-accurate magnifier lets you view color pixel-by-pixel.

ColorSnapper 2 maintains a list of your recently picked colors, and stores the ones that you’ve marked as favorites. You can adjust a color’s properties with the convenient incorporation of Apple’s Color Panel.

When you’re finally ready to export your colors, the app offers a huge variety of formats.

Don’t forget to match your colors’ export format to your preferred coding style. ColorSnapper 2 can alter code to fit the needs of Generic, Swift, CSS, UICoder, NSColor, Android, Java, OpenGL, CGColor, and .NET.

You can try out ColorSnapper 2 with a free 14-day trial. After that, you’ll need to purchase the full version.

Download: ColorSnapper 2 (Free trial, $9)

Find Your Perfect Color Palette

When you have the ability to determine the color code of anything on your screen, uncertainty won’t get in your way. Your design or web development project shouldn’t have to come to a standstill when you can’t find a certain color. Instead, the next time you find inspiration when browsing the web, let one of these color pickers help build your palette.

Were you surprised to find the Digital Color Meter app on your Mac? Discover some other great built-in Mac apps.

Read the full article: The 5 Best Color Picker Apps for Mac

Read Full Article

The Rise of IoT Botnets (And How to Protect Your Smart Devices)

Connecting all of your gadgets to the internet isn’t always a great idea. While the Internet of Things allows you to perform tasks remotely and monitor your devices from anywhere in the world, it also provides a way in for malicious hackers who want to use your devices for their own good.

In this article, we explore how the Internet of Things and smart home devices are being used to form a “digital army” that obeys the whims of hackers with malintent.

What Is a Botnet?

The concept of computers and devices being conscripted against a user’s will is nothing new. The technical term for it is a “botnet“, and the name explains it all. It’s a network of compromised devices that receive commands from a central server. When a command is sent out, the hacked devices carry it out without question and in unison—much like a swarm of robots.

The owner of a botnet wants to compromise as many devices as possible. More devices mean more processing power under their control, which makes the botnet stronger. Once enough devices have been gathered under a botnet, the owner has the power to perform website-crippling attacks or worse.

How Botnets Affect the Internet of Things

Due to the autonomous nature of a botnet, it’s not very picky about what devices it brings into its web. If a device has a consistent internet connection, a processor, and the ability to have malware installed on it, it can be used in a botnet.

Previously, this was limited to computers and mobile devices, as they were the only things that matched the criteria. With the spread of the Internet of Things, more and more devices are entering the pool of potential candidates for a botnet.

Even worse, with the Internet of Things still in its teething phase, security hasn’t been fully fleshed out yet. A good example of this is when a benevolent hacker gained access someone’s Nest home security system and talked to them through their own security cameras.

With IoT security being this lax, it’s no wonder that botnet developers are keen to capitalize on this new trend.

How Much Damage Can an IoT Botnet Do?

The Mirai Botnet

While IoT botnets are a new concept, the tech world has already witnessed some devastating attacks from them. We saw one such attack during late 2017, when the Mirai botnet rose in power. It scanned the internet for IoT devices, then tried 60 default usernames and passwords to gain access.

Once successful, the attack infected the compromised device with the Mirai botnet malware.

With its rapidly-forming army, Mirai began to attack sites around the internet. It did this by using its army to perform Direct Denial of Service (DDoS) attacks, swarming websites with connections from the devices on the botnet. The Krebs on Security site suffered a 620Gb/s attack, and Ars Technica came under siege from a 1Tb/s swarm.

Mirai is open source, which allowed eager botnet owners to make their own copycat variants of the malware.

The Torii Botnet

In late 2018, we saw a new contender; Torii. Unlike the other IoT botnets that used Mirai’s code, this one was its own strain. It used highly advanced code, able to infect a large majority of internet-connected devices. Torii hasn’t attacked anything just yet, but it may simply be amassing an army for a huge attack.

MadIoT

A study by Princeton demonstrated that IoT botnets may hold the power to take out power grids. The report describes a method of attack called “Manipulation of demand via IoT” (MadIoT), which acts similar to a DDoS attack but targets the power grid instead. Hackers could install botnets on high-power IoT devices, then enable them all at the same time to trigger a blackout.

What Other Threats Do Botnets Pose?

While collective processor power is very useful for performing DDoS attacks, it’s not the only thing botnets are capable of. Botnets specialize in any task that requires a lot of processing power. What those tasks consist of is decided by the person controlling the botnet.

If someone wants to run a spam email campaign, they can use the processing power of the botnet to send out millions of messages at once. They could direct all the bots to a website or advertisement to generate false traffic and earn some extra income. They could even command their botnet to install malware on itself, such as ransomware.

Some botnet owners may not even want to use what they create. Instead, they’ll aim to make a large and impressive network to sell on the dark net for a tidy profit. Some even rent out their botnets under a subscription service that’s not too different from renting a server!

Why It’s Difficult to Detect a Breach

The main issue with the IoT botnet is how silently it works. This isn’t a kind of malware that makes a drastic difference on how the compromised device works. It quietly installs itself and stays dormant until it’s called by the command server to perform an action.

People using the device may report that it’s “sluggish” or “acting slow”, but nothing will alert them that their smart camera is being used to stage a cyberattack!

As such, it’s totally normal for people to continue their daily lives without knowing their devices are part of a botnet. This makes it very hard to take down a botnet, as the people who own the devices don’t realize they’re a part of it.

Even worse, some botnets will install malware that persists through resets, so a power cycle won’t get rid of it.

How to Protect Your Smart Devices

If you’re a big fan of the Internet of Things, don’t fret too much! While this attack sounds scary, you can do your part to ensure your own devices aren’t added to a botnet.

Remember how the Mirai botnet gained access to devices by using 60 usernames and passwords? The only reason it could achieve this was due to people not setting up their devices correctly. If the username and password for your IoT devices is both “admin”, it will be compromised very quickly.

Be sure to log onto any devices with an account system and set up a unique, strong password.

Be sure to install security software on any device that allows it. This acts as an additional layer of defense that should catch the malware when it tries to spread onto your system. Can’t decide which antivirus software to use? Read our list of the top security and antivirus tools for inspiration.

Botnets can also spread via vulnerabilities in the device’s firmware. To stop this, always ensure your IoT gadgets have the latest version of their firmware installed. Also, only purchase brand new devices made by reputable and respected companies. That way, you know the device has gone through all the proper security checks before it enters your home.

More Ways to Keep Your Devices Safe

As more of our devices connect to the internet, botnet developers are keen to capitalize on this increase of targets. With Mirai and Torii demonstrating what IoT botnets can do, device security is very important. By buying reputable hardware and ensuring it’s set up correctly, your devices won’t be added to a digital army.

If you’d like to secure your smart home, be sure to read our tips for securing your devices.

Read the full article: The Rise of IoT Botnets (And How to Protect Your Smart Devices)

Read Full Article

3 Ways to Downgrade to an Older Version of macOS

It’s always tempting to install the latest version of macOS, full of new features and updates. Even so, you might find that once you’ve gone through the upgrade process, your system isn’t working right.

Fortunately, if you need to, you can drop back to the previous macOS version you were running. On the downside, the downgrading process isn’t as easy as it used to be. We’ll walk you through how to downgrade macOS.

Why You Might Want to Downgrade macOS

Apple tries to make macOS upgrades as backward-compatible as possible, but there are still edge cases. Certain types of hardware and software might not function correctly after upgrading.

This is especially true when it comes to audio, video, and graphics-related hardware and software. For that reason, many vendors of this type of software will recommend that you never upgrade your operating system in the middle of a project. Still, you may realize you need to return to a project that won’t work on the latest version of macOS.

Before You Downgrade, Back Up Your Data!

No matter which way you downgrade your macOS version, you’ll erase everything on your hard drive. To ensure you don’t end up missing anything, your best bet is to back up your entire hard drive.

You can back up with the built-in Time Machine, although you must be careful if you use this option. One of the ways you can downgrade is by restoring an old Time Machine backup (if you have one available). If you do this and then want to restore a recent backup, be sure to only restore your personal data so you don’t undo the downgrade.

If you want to be safe, or if you’re just not a fan of Time Machine, fear not. We’ve covered different Mac backup solutions that are solid picks too.

1. Downgrade Using macOS Recovery

Assuming your Mac didn’t come with the most recent version of macOS installed, downgrading is fairly easy. You can use the built-in macOS Recovery to downgrade. Just make sure you have internet access during the installation, as the software will download a previous version of macOS.

The process is similar to reinstalling macOS, but will instead download the version of macOS that your computer shipped with. If your computer is quite old, this will instead download the oldest version that’s still available.

Make sure you’re fully backed up, because this will erase your startup disk:

1. Fully shut down your Mac.
2. Power on your computer and immediately hold Shift + Option + Cmd + R. You’ll notice startup takes longer than normal as macOS Recovery loads.
3. Once the macOS Utilities screen loads, choose Reinstall macOS (or Reinstall OS X) and click Continue.
4. Follow the prompts and choose your startup disk. Now click Install.
5. Walk through the on-screen instructions to complete the rest of the installation process.
6. Once the installation is complete, restore your files from the backup you created.

2. Downgrade Using a Time Machine Backup

Using a Time Machine backup is another simple way to install an older version of macOS. This of course assumes that you created the backup on an older version of macOS.

To downgrade using a prior Time Machine backup:

1. Plug your Time Machine disk into your Mac and power it down or restart it.
2. During startup, hold Cmd + R to enter macOS Recovery.
3. When the macOS Utilities screen appears, select Restore From Time Machine Backup and click Continue.
4. On the next screen, click Continue again.
5. Select your Restore Source. In this case, that’s the backup drive you plugged in earlier.
6. On the following screen, select the backup you want to restore from. You’ll be able to see which version of macOS was used to create that backup.
7. Follow the prompts to complete the reinstallation, then restore your files from the backup you created.

3. Downgrade Using an OLder macOS Installer

Before the release of macOS Mojave, it was possible to download older versions of macOS through the App Store. With Mojave’s updated Mac App Store, this is no longer possible. However, it’s still an option on older macOS versions.

If you have an older Mac around, it’s possible to download an older version of the OS as long as you haven’t upgraded that machine to Mojave. You can also sign into your iCloud account on a friend or family member’s Mac and download older versions that way. It’s also possible that you might have the installer as part of a backup.

Moving forward, it’s worth remembering that older macOS versions are now harder to download. The next time you upgrade, you might want to make a backup of the previous version’s installer, just in case.

For this process, you’ll need a 16GB or larger USB flash drive or external hard drive.

Preparing the External Drive

Before you can create the installer, you need to format the drive. If your drive is already formatted, you can skip this section.

1. Plug in your external drive.
2. Launch the Disk Utility app. You can find this with Spotlight (Cmd + Space), or by going to the Applications folder in Finder, then to the Utilities menu and double-clicking on the app.
3. Under External in the list on the left, select your disk and then click the Erase button at the top of the window.
4. Under Format, choose either the HFS+ or APFS file system. Which file system you should pick for a Mac external drive depends on what you plan to use it for.
5. Click Erase, then Done once the process completes.

Creating the Installer

You’ll need to follow these steps on the machine that has the installer for the older macOS version.

Plug in your formatted external hard drive and launch the Terminal app. You’ll need to enter a command, which will differ based on what version of macOS you’re using. For macOS 10.13 High Sierra and an external drive named External, the command would look like this:

sudo /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/createinstallmedia --volume /Volumes/External --applicationpath /Applications/Install\ macOS\ High\ Sierra.app

This will create the installer, erasing the external drive in the process. See our guide to booting macOS from USB for a full list of commands by version.

Using the Installer

Finally, to run the installer you’ve created and downgrade macOS:

1. Shut down the Mac that you want to downgrade and plug in the newly created external drive.
2. Power on the Mac while holding Option + R.
3. When the macOS Utilities screen appears, select Disk Utility
4. Select your Startup Disk and click Erase. Pick the same format you chose when creating your installer.
5. Restart the Mac again, this time holding down Option. The Startup Manager will appear.
6. Select the drive you created with the installer and click Install macOS.
7. Once the installation is finished, you can restore your files from the backup you created.

You Might Not Need to Downgrade at All

If you’re thinking about downgrading your macOS version because your computer is getting slow, you might want to rethink that decision. While this may solve your speed problem, you could go through all that trouble only to find that your Mac still feels slow.

Before you take any drastic steps to speed up your computer, take a moment to examine how you use it. It’s possible that you might be making some common mistakes that can slow your Mac down.

Read the full article: 3 Ways to Downgrade to an Older Version of macOS

Read Full Article

A Beginner’s Guide to Using the Mac Terminal

For most of your everyday Mac tasks, a soft and friendly GUI is both an asset and a comfort. Sometimes, though, Finder is a clunky middleman.

There are faster ways to find out where that pesky 5GB file is hiding, or the path of every file related to that app you thought you deleted. For these jobs and others, the command line is your new best friend.

What Is Terminal?

Terminal is a utility that allows you to interact with your Mac through the command line. Linux operating systems include similar tools, since both Linux and macOS are Unix-like OSes. The command line interface (CLI), or the language that you type into Terminal to interact with your Mac, is called bash. Everything we discuss below is a bash command.

Before you start using Terminal, you can customize it to your own personal preference. If you prefer, it’s even possible to download a third-party Terminal alternative for a customized look and feel.

General Mac Command Line Tips

First, let’s look at some basic Terminal facts you should know.

General Syntax

A bash command typically follows this pattern:

[Command] [Options] [Input or Path to File or Directory]

For example, in:

ls -la /Applications

ls is the command, -la is a compound of two individual options (-l and -a), and /Applications is the path to list.

The Path

Understanding paths will help you understand how macOS actually sees your files. Essentially, the path of a file is the Russian dolls’ nest of folders in which it’s contained, followed by the name of the file itself.

For example, on a Mac, the path of a file called My Secrets that lives on user John Doe’s Desktop is /Users/jdoe/Desktop/"My Secrets".

White Space

You must escape white space for the Terminal to process it properly. When bash sees a space, it interprets it as the end of a command. So if you have a folder with spaces in its name, like Path Test, and you try to list its contents with ls /Applications/Path Test, you’ll get this:

What’s going on here? Well, bash thinks that you called ls on /Applications/Path. When it couldn’t find that file, it stopped.

If you want bash to recognize the full name of your folder, you can either wrap the name in quotes or use a backslash, like so:

• ls /Applications/"Path Test" or
• ls /Applications/Path\ Test

Sudo

Many of the commands below require administrator-level access. If you’re not currently signed into administrator account, but you know the administrator’s password, you can place sudo (which stands for “single user do”) in front of the command to temporarily give it administrator-level privileges.

Terminal Commands to Improve Your Workflow

Now that you know the basics, let’s take a look at some extremely handy commands. Note that you can pull up full information on these commands, including all their options and examples, by typing man <command name> into the Terminal.

find

• Replaces: Spotlight
• Why it’s better: It’s faster and searches system folders that Spotlight excludes, or has trouble indexing.

Spotlight tends to skip macOS system files unless you tell it not to, and even then can have trouble indexing them. Conversely, the bash find command can search for anything, in any place, and will output the full path of what you’re looking for.

The syntax of find consists of four parts. In order, they are:

1. find
2. the path of the directory you want to search (/Applications below)
3. options (the below example has -name, which means that find will search for files that match that name)
4. the string to search (the below example has Google Chrome)

You should know that find uses regex (also called regular expressions). A full explanation of this topic is outside the scope of this article (or anything short of a textbook). However, the below example introduces a vital concept in regex, which is the asterisk (*), or wildcard character.

Putting it at the beginning and end of the search string means that find will output results that have characters before and after the search term. In this case, Google Chrome will bring up Google Chrome.app.

It all comes together to look like this:

du

• Replaces: Cmd + I to show info.
• Why it’s better: It can show you multiple folders at once, and typically takes less time to load.

du stands for “disk usage,” and can quickly tell you the size of a file or folder, or even a list of files within a folder.

The best options for du are:

• -d (depth): When followed by a number, tells find to limit its search to a -d level of depth in the directory where it runs.
  • For example, if you run du -d 1 /Applications, it will only show you the total size of the folders and files in your Applications folder, not the sizes of subfolders within those folders.
• -h (human readable): This will show you the size of your files in K, M, or G, which stands for kilo, mega, or gigabytes.

Take a look at du in action:

mv

• Replaces: Point-and-click moving of folders and files.
• Why it’s better: It’s faster and requires no navigation.

You can quickly move a file or folder into another folder using mv. It works by simply changing the name of the path.

The syntax is mv <old file path> <new file path>.

For example, mv /Users/jdoe/Documents/file1 /Users/jdoe/Desktop/file1 will move file1 from jdoe’s Documents to his Desktop.

ls

• Replaces: Cmd + i to show info.
• Why it’s better: It’s faster, can show info on multiple files at once, and is highly customizable.

ls is an incredibly powerful command for showing you exactly what’s in your folders. It also reveals who’s allowed to see them, if you have any hidden files or folders, and much more.

The best options for ls are:

• -l (long): Shows the permissions for each file in the folder, the most recent modification time, the file owner, and filename.
• -a (all): Shows you all the files in a folder, including the hidden files (great for showing the user library in macOS, which is hidden by default).

Here’s what the output looks like:

mkdir

• Replaces: Finder > File > New Folder
• Why it’s better: It’s faster, and you can set the name right in the command instead of double-clicking the new folder.

Create new folders in an instant with this command.

Example: mkdir /Users/jdoe/Desktop/cool_stuff

rm

• Replaces: Moving files to the Trash and emptying it.
• Why it’s better: It’s faster, and good for deleting pesky files that the Trash won’t get rid of.

This command will delete, immediately and without prejudice, any file you put in its path. Obviously, use it with extreme caution. Unlike clicking Empty Trash, rm will not ask if you’re sure. It assumes you know what you’re doing.

One thing to note about rm is that by default, it will only delete files, not folders. To delete folders, you must use the -R option, which stands for recursive.

Example: rm -R /Users/jdoe/Desktop/cool_stuff

Master Your Mac With the Terminal

Now you know some essential Terminal commands and can start integrating them into your daily Mac workflow. Once you get comfortable using bash, you can go beyond simply replacing your everyday tasks and start exploring powers that only the command line can offer.

Start off by installing Homebrew, the best package manager for macOS. It allows you to install new programming languages, software repositories, and more.

Read the full article: A Beginner’s Guide to Using the Mac Terminal

Read Full Article

UK parliament calls for antitrust, data abuse probe of Facebook

A final report by a British parliamentary committee which spent months last year investigating online political disinformation makes very uncomfortable reading for Facebook — with the company singled out for “disingenuous” and “bad faith” responses to democratic concerns about the misuse of people’s data.

In the report, published today, the committee has also called for Facebook’s use of user data to be investigated by the UK’s data watchdog.

In an evidence session to the committee late last year, the Information Commissioner’s Office (ICO) suggested Facebook needs to change its business model — warning the company risks burning user trust for good.

Last summer the ICO also called for an ethical pause of social media ads for election campaigning, warning of the risk of developing “a system of voter surveillance by default”.

Interrogating the distribution of ‘fake news’

The UK parliamentary enquiry looked into both Facebook’s own use of personal data to further its business interests, such as by providing access to user data to developers and advertisers in order to increase revenue and/or usage; and examined what Facebook claimed as ‘abuse’ of its platform by the disgraced (and now defunct) political data company Cambridge Analytica — which in 2014 paid a developer with access to Facebook’s developer platform to extract information on millions of Facebook users in build voter profiles to try to influence elections.

The committee’s conclusion about Facebook’s business is a damning one with the company accused of operating a business model that’s predicated on selling abusive access to people’s data.

“Far from Facebook acting against “sketchy” or “abusive” apps, of which action it has produced no evidence at all, it, in fact, worked with such apps as an intrinsic part of its business model,” the committee argues. “This explains why it recruited the people who created them, such as Joseph Chancellor [the co-founder of GSR, the developer which sold Facebook user data to Cambridge Analytica]. Nothing in Facebook’s actions supports the statements of Mark Zuckerberg who, we believe, lapsed into “PR crisis mode”, when its real business model was exposed.

“This is just one example of the bad faith which we believe justifies governments holding a business such as Facebook at arms’ length. It seems clear to us that Facebook acts only when serious breaches become public. This is what happened in 2015 and 2018.”

“We consider that data transfer for value is Facebook’s business model and that Mark Zuckerberg’s statement that ‘we’ve never sold anyone’s data” is simply untrue’,” the committee also concludes.

We’ve reached out to Facebook for comment on the committee’s report.

Last fall the company was issued the maximum possible fine under relevant UK data protection law for failing to safeguard user data from Cambridge Analytica saga. Although Facebook is appealing the ICO’s penalty, claiming there’s no evidence UK users’ data got misused.

During the course of a multi-month enquiry last year investigating disinformation and fake news, the Digital, Culture, Media and Sport (DCMS) committee heard from 73 witnesses in 23 oral evidence sessions, as well as taking in 170 written submissions. In all the committee says it posed more than 4,350 questions.

Its wide-ranging, 110-page report makes detailed observations on a number of technologies and business practices across the social media, adtech and strategic communications space, and culminates in a long list of recommendations for policymakers and regulators — reiterating its call for tech platforms to be made legally liable for content.

Among the report’s main recommendations are:

• clear legal liabilities for tech companies to act against “harmful or illegal content”, with the committee calling for a compulsory Code of Ethics overseen by a independent regulatory with statutory powers to obtain information from companies; instigate legal proceedings and issue (“large”) fines for non-compliance
• privacy law protections to cover inferred data so that models used to make inferences about individuals are clearly regulated under UK data protection rules
• a levy on tech companies operating in the UK to support enhanced regulation of such platforms
• a call for the ICO to investigate Facebook’s platform practices and use of user data
• a call for the Competition Markets Authority to comprehensively “audit” the online advertising ecosystem, and also to investigate whether Facebook specifically has engaged in anti-competitive practices
• changes to UK election law to take account of digital campaigning, including “absolute transparency of online political campaigning” — including “full disclosure of the targeting used” — and more powers for the Electoral Commission
• a call for a government review of covert digital influence campaigns by foreign actors (plus a review of legislation in the area to consider if it’s adequate) — including the committee urging the government to launch independent investigations of recent past elections to examine “foreign influence, disinformation, funding, voter manipulation, and the sharing of data, so that appropriate changes to the law can be made and lessons can be learnt for future elections and referenda”
• a requirement on social media platforms to develop tools to distinguish between “quality journalism” and low quality content sources, and/or work with existing providers to make such services available to users

Among the areas the committee’s report covers off with detailed commentary are data use and targeting; advertising and political campaigning — including foreign influence; and digital literacy.

It argues that regulation is urgently needed to restore democratic accountability and “make sure the people stay in charge of the machines”.

Ministers are due to produce a White Paper on social media safety regulation this winter and the committee writes that it hopes its recommendations will inform government thinking.

“Much has been said about the coarsening of public debate, but when these factors are brought to bear directly in election campaigns then the very fabric of our democracy is threatened,” the committee writes. “This situation is unlikely to change. What does need to change is the enforcement of greater transparency in the digital sphere, to ensure that we know the source of what we are reading, who has paid for it and why the information has been sent to us. We need to understand how the big tech companies work and what happens to our data.”

The report calls for tech companies to be regulated as a new category “not necessarily either a ‘platform’ or a ‘publisher”, but which legally tightens their liability for harmful content published on their platforms.

Last month another UK parliamentary committee also urged the government to place a legal ‘duty of care’ on platforms to protect users under the age of 18 — and the government said then that it has not ruled out doing so.

“Digital gangsters”

Competition concerns are also raised several times by the committee.

“Companies like Facebook should not be allowed to behave like ‘digital gangsters’ in the online world, considering themselves to be ahead of and beyond the law,” the DCMS committee writes, going on to urge the government to investigate whether Facebook specifically has been involved in any anti-competitive practices and conduct a review of its business practices towards other developers “to decide whether Facebook is unfairly using its dominant market position in social media to decide which businesses should succeed or fail”. 

“The big tech companies must not be allowed to expand exponentially, without constraint or proper regulatory oversight,” it adds.

The committee suggests existing legal tools are up to the task of reining in platform power, citing privacy laws, data protection legislation, antitrust and competition law — and calling for a “comprehensive audit” of the social media advertising market by the UK’s Competition and Markets Authority, and a specific antitrust probe of Facebook’s business practices.

“If companies become monopolies they can be broken up, in whatever sector,” the committee points out. “Facebook’s handling of personal data, and its use for political campaigns, are prime and legitimate areas for inspection by regulators, and it should not be able to evade all editorial responsibility for the content shared by its users across its platforms.”

The social networking giant was the recipient of many awkward queries during the course of the committee’s enquiry but it refused repeated requests for its founder Mark Zuckerberg to testify — sending a number of lesser staffers in his stead.

That decision continues to be seized upon by the committee as evidence of a lack of democratic accountability. It also accuses Facebook of having an intentionally “opaque management structure”.

“By choosing not to appear before the Committee and by choosing not to respond personally to any of our invitations, Mark Zuckerberg has shown contempt towards both the UK Parliament and the ‘International Grand Committee’, involving members from nine legislatures from around the world,” the committee writes.

“The management structure of Facebook is opaque to those outside the business and this seemed to be designed to conceal knowledge of and responsibility for specific decisions. Facebook used the strategy of sending witnesses who they said were the most appropriate representatives, yet had not been properly briefed on crucial issues, and could not or chose not to answer many of our questions. They then promised to follow up with letters, which—unsurprisingly—failed to address all of our questions. We are left in no doubt that this strategy was deliberate.”

It doubles down on the accusation that Facebook sought to deliberately mislead its enquiry — pointing to incorrect and/or inadequate responses from staffers who did testify.

“We are left with the impression that either [policy VP] Simon Milner and [CTO] Mike Schroepfer deliberately misled the Committee or they were deliberately not briefed by senior executives at Facebook about the extent of Russian interference in foreign elections,” it suggests.

In an unusual move late last year the committee used rare parliamentary powers to seize a cache of documents related to an active US lawsuit against Facebook filed by a developer called Six4Three.

Seized cache of Facebook docs raise competition and consent questions

The cache of documents is referenced extensively in the final report, and appears to have fuelled antitrust concerns, with the committee arguing that the evidence obtained from the internal company documents “indicates that Facebook was willing to override its users’ privacy settings in order to transfer data to some app developers, to charge high prices in advertising to some developers, for the exchange of that data, and to starve some developers… of that data, thereby causing them to lose their business”.

“It seems clear that Facebook was, at the very least, in violation of its Federal Trade Commission [privacy] settlement,” the committee also argues, citing evidence from the former chief technologist of the FTC, Ashkan Soltani.

On Soltani’s evidence, it writes:

Ashkan Soltani rejected [Facebook’s] claim, saying that up until 2012, platform controls did not exist, and privacy controls did not apply to apps. So even if a user set their profile to private, installed apps would still be able to access information. After 2012, Facebook added platform controls and made privacy controls applicable to apps. However, there were ‘whitelisted’ apps that could still access user data without permission and which, according to Ashkan Soltani, could access friends’ data for nearly a decade before that time. Apps were able to circumvent users’ privacy of platform settings and access friends’ information, even when the user disabled the Platform. This was an example of Facebook’s business model driving privacy violations.

While Facebook is singled out for the most eviscerating criticism in the report (and targeted for specific investigations), the committee’s long list of recommendations are addressed at social media businesses and online advertisers generally.

It also calls for far more transparency from platforms, writing that: “Social media companies need to be more transparent about their own sites, and how they work. Rather than hiding behind complex agreements, they should be informing users of how their sites work, including curation functions and the way in which algorithms are used to prioritise certain stories, news and videos, depending on each user’s profile. The more people know how the sites work, and how the sites use individuals’ data, the more informed we shall all be, which in turn will make choices about the use and privacy of sites easier to make.”

The committee also urges a raft of updates to UK election law — branding it “not fit for purpose” in the digital era.

Its interim report, published last summer, made many of the same recommendations.

Russian interest

But despite pressing the government for urgent action there was only a cool response from ministers then, with the government remaining tied up trying to shape a response to the 2016 Brexit vote which split the country (with social media’s election-law-deforming help). Instead it opted for a ‘wait and see‘ approach.

The government accepted just three of the preliminary report’s forty-two recommendations outright, and fully rejected four.

Nonetheless, the committee has doubled down on its preliminary conclusions, reiterating earlier recommendations and pushing the government once again to act.

It cites fresh evidence, including from additional testimony, as well as pointing to other reports (such as the recently published Cairncross Review) which it argues back up some of the conclusions reached. 

“Our inquiry over the last year has identified three big threats to our society. The challenge for the year ahead is to start to fix them; we cannot delay any longer,” writes Damian Collins MP and chair of the DCMS Committee, in a statement. “Democracy is at risk from the malicious and relentless targeting of citizens with disinformation and personalised ‘dark adverts’ from unidentifiable sources, delivered through the major social media platforms we use every day. Much of this is directed from agencies working in foreign countries, including Russia.

“The big tech companies are failing in the duty of care they owe to their users to act against harmful content, and to respect their data privacy rights. Companies like Facebook exercise massive market power which enables them to make money by bullying the smaller technology companies and developers who rely on this platform to reach their customers.”

“These are issues that the major tech companies are well aware of, yet continually fail to address. The guiding principle of the ‘move fast and break things’ culture often seems to be that it is better to apologise than ask permission. We need a radical shift in the balance of power between the platforms and the people,” he added.

“The age of inadequate self-regulation must come to an end. The rights of the citizen need to be established in statute, by requiring the tech companies to adhere to a code of conduct written into law by Parliament, and overseen by an independent regulator.”

The committee says it expects the government to respond to its recommendations within two months — noting rather dryly: “We hope that this will be much more comprehensive, practical, and constructive than their response to the Interim Report, published in October 2018. Several of our recommendations were not substantively answered and there is now an urgent need for the Government to respond to them.”

It also makes a point of including an analysis of Internet traffic to the government’s own response to its preliminary report last year — in which it highlights a “high proportion” of online visitors hailing from Russian cities including Moscow and Saint Petersburg…

Source: Web and publications unit, House of Commons

“This itself demonstrates the very clear interest from Russia in what we have had to say about their activities in overseas political campaigns,” the committee remarks, criticizing the government response to its preliminary report for claiming there’s no evidence of “successful” Russian interference in UK elections and democratic processes.

“It is surely a sufficient matter of concern that the Government has acknowledged that interference has occurred, irrespective of the lack of evidence of impact. The Government should be conducting analysis to understand the extent of Russian targeting of voters during elections,” it adds.

Three senior managers knew

Another interesting tidbit from the report is confirmation that the ICO has shared the names of three “senior managers” at Facebook who knew about the Cambridge Analytica data breach prior to the first press report in December 2015 — which is the date Facebook has repeatedly told the committee was when it first learnt of the breach, contradicting what the ICO found via its own investigations.

The committee’s report does not disclose the names of the three senior managers — saying the ICO has asked the names to remain confidential (we’ve reached out to the ICO to ask why it is not making this information public) — and implies the execs did not relay the information to Zuckerberg.

The committee dubs this as an example of “a profound failure” of internal governance, and also branding it evidence of “fundamental weakness” in how Facebook manages its responsibilities to users.

Here’s the committee’s account of that detail:

We were keen to know when and which people working at Facebook first knew about the GSR/Cambridge Analytica breach. The ICO confirmed, in correspondence with the Committee, that three “senior managers” were involved in email exchanges earlier in 2015 concerning the GSR breach before December 2015, when it was first reported by The Guardian. At the request of the ICO, we have agreed to keep the names confidential, but it would seem that this important information was not shared with the most senior executives at Facebook, leading us to ask why this was the case.

The scale and importance of the GSR/Cambridge Analytica breach was such that its occurrence should have been referred to Mark Zuckerberg as its CEO immediately. The fact that it was not is evidence that Facebook did not treat the breach with the seriousness it merited. It was a profound failure of governance within Facebook that its CEO did not know what was going on, the company now maintains, until the issue became public to us all in 2018. The incident displays the fundamental weakness of Facebook in managing its responsibilities to the people whose data is used for its own commercial interests.

Read Full Article

What business leaders can learn from Jeff Bezos’ leaked texts

Joel Wallenstrom Contributor

Joel Wallenstrom is president and chief executive of Wickr, a secure communications company. Before Wickr, Joel co-founded iSEC Partners, one of the world's leading information security research teams, later acquired by NCC Group, and served as Director for Strategic Alliances at @stake, one of the very first computer security companies in the industry.

More posts by this contributor

• Exposure of your sensitive data isn’t a bug, it’s a feature
• Taking the bite out of the non-malware threat

The ‘below the belt selfie’ media circus surrounding Jeff Bezos has made encrypted communications top of mind among nervous executive handlers. Their assumption is that a product with serious cryptography like Wickr – where I work – or Signal could have helped help Mr. Bezos and Amazon avoid this drama.

Jeff Bezos accuses National Enquirer of blackmailing him — and publishes the details himself

It’s a good assumption, but a troubling conclusion.

I worry that moments like these will drag serious cryptography down to the level of the National Enquirer. I’m concerned that this media cycle may lead people to view privacy and cryptography as a safety net for billionaires rather than a transformative solution for data minimization and privacy.

We live in the chapter of computing when data is mostly unprotected because of corporate indifference. The leaders of our new economy – like the vast majority of society – value convenience and short-term gratification over the security and privacy of consumer, employee and corporate data.  We cannot let this media cycle pass without recognizing that when corporate executives take a laissez-faire approach to digital privacy, their employees and organizations will follow suit. Two recent examples illustrate the privacy indifference of our leaders…

• The most powerful executive in the world is either indifferent to, or unaware that, unencrypted online flirtations would be accessed by nation states and competitors.

• 2016 presidential campaigns were either indifferent to, or unaware that, unencrypted online communications detailing “off-the-record” correspondence with media and payments to adult actor(s) would be accessed by nation states and competitors.

If our leaders do not respect and understand online security and privacy, then their organizations will not make data protection a priority. It’s no surprise that we see a constant stream of large corporations and federal agencies breached by nation states and competitors.  Who then can we look to for leadership?

GDPR is an early attempt by regulators to lead. The European Union enacted GDPR to ensure individuals own their data and enforce penalties on companies who do not protect personal data.  It applies to all data processors, but the EU is clearly focused on sending a message to the large US based data processors – Amazon, Facebook, Google, Microsoft, etc. In January, France’s National Data Protection Commission sent a message by fining Google $57 million for breaching GDPR rules. It was an unprecedented fine that garnered international attention. However, we must remember that in 2018 Google’s revenues were greater than $300 million … per day!  GPDR is, at best, an annoying speed-bump in the monetization strategy of large data processors.

It is through this lens that Senator Ron Wyden’s (Oregon) idealistic call for billions of dollars in corporate fines and jail time for executives who enable privacy breaches can be seen as reasonable.  When record financial penalties are inconsequential it is logical to pursue other avenues to protect our data.

Real change will come when our leaders understand that data privacy and security can increase profitability and reliability.  For example, the Compliance, Governance and Oversight Council reports that an enterprise will spend as much as $50 million to protect 10 petabytes of data, and that $34.5 million of this is spent on protecting data that should be deleted. Serious efficiencies are waiting to be realized and serious cryptography can help.  

So, thank you Mr. Bezos for igniting corporate interest in secure communications. Let’s hope this news cycle convinces our corporate leaders and elected officials to embrace data privacy, protection and minimization because it responsible, profitable and efficient. We need leaders and elected officials to set an example and respect their own data and privacy if we have any hope of their organizations to protect ours.

Read Full Article