FacebooK: 'We didn't mean to track you' says as social network giant admits to 'bugs' in new privacy row

'We didn't mean to track you' says Facebook as social network giant admits to 'bugs' in new privacy row

By DANIEL BATES

Last updated at 4:35 PM on 28th September 2011

Facebook has admitted that it has been watching the web pages its members visit – even when they have logged out.

In its latest privacy blunder, the social networking site was forced to confirm that it has been constantly tracking its 750million users, even when they are using other sites.

The social networking giant says the huge privacy breach was simply a mistake - that software automatically downloaded to users' computers when they logged in to Facebook 'inadvertently' sent information to the company, whether or not they were logged in at the time.

Most would assume that Facebook stops monitoring them after they leave its site, but technology bloggers discovered this was not the case. In fact, data has been regularly sent back to the social network’s servers – data that could be worth billions when creating 'targeted' advertising based on the sites users visit.

The website’s practices were exposed by Australian technology blogger Nik Cubrilovic and have provoked a furious response across the internet. Facebook claims to have 'fixed' the issue - and 'thanked' Mr Cubrilovic for pointing it out - while simultaneously claiming that it wasn't really an issue in the first place.

Mr Cubrilovic found that when you sign up to Facebook it automatically puts files known as ‘cookies’ on your computer which monitor your browsing history.

This is still the case. But Facebook claims the cookies no longer send information while you are logged out of its site. If you are logged in to Facebook, the cookies  will still send the information, and they remain on your computer unless you manually delete them.

They send Facebook your IP address - the 'unique identifier' address of your PC - and information on whether you have visited millions of websites: anything with a Facebook ‘like’ or ‘recommend’ button on it.

'We place cookies on the computer of the user,' said a Facebook spokesperson - and admitted that some Facebook cookies send back the address of users' PCs and sites they had visited, even while logged out.

'Three of these cookies inadvertently included unique identifiers when the user had logged out of Facebook. We did not store these for logged out users. We could not have used this information.'

However, the site spokesperson said that the 'potential issue' had now been 'fixed' so that the cookies will no longer broadcast information: 'We fixed the cookies so they won't include unique information in the future when people log out.'

'It's just the latest privacy issue to affect a company that has a long history of blunders relating to user's private information.

Mr Cubrilovic wrote: ‘Even if you are logged out, Facebook still knows and can track every page you visit.

‘The only solution is to delete every Facebook cookie in your browser, or to use a separate (web) browser for Facebook interactions. ‘This is not what "logout" is supposed to mean’.

The admission is the latest in a series of privacy blunders from Facebook, which has a record of only correcting such matters when they are brought to light by other people.

Earlier this year it stopped gathering browser data from users who had never even been to Facebook.com after it was exposed by a Dutch researcher. The site was forced into a partial climbdown over changes to privacy settings which many claimed made too much public.

It also came under attack for launching a ‘stalker button’ which allowed users to track another person’s every move in a list which was constantly being updated.

Arturo Bejar, one of Facebook’s directors of engineering, admitted that users continue to be tracked after they log out but said that the data was deleted right away.

He said it was to do with the way the ‘like’ feature works, which is a button users can click on to show they like something.

He said: ‘The onus is on us is to take all the data and scrub it. What really matters is what we say as a company and back it up.’

On technology blog CNET, however, users were outraged at what was going on.

One wrote: ‘Who the hell do these people think they are? ‘Trust us?’ Why? Why should we trust a company that spies on us without our knowledge and consent?’

Another added: ‘Holy wow.... they've just lept way past Google on the creepy meter’.

According to U.S. reports Facebook has recently set up its own Political Action Committee, an American term for a lobbying outfit to get its views heard on Capitol Hill.

So far this year it has already spent £352,000 on lobbying, already ahead of last year’s total of £224,000.

The website has also been forced to deny Internet rumours it will begin charging for its services and said it will ‘always be free’. A spokesman for Facebook said that the login and log out measures were designed for security and were there to prevent fraud. He added: ‘We to do not use this information to target adverts’.

Read more: http://bit.ly/ppYCos

Android Saw Twice As Many Buyers As iPhone Over The Past 3 Months

By GREG KUMPARAK

Head down into the bunkers and lock the door, friends - there be flamewars a comin'.

Nielsen released a new mobile research report this morning, with at least one big landmark stat within: over the past 3 months, Android has pulled in twice as many new smartphone buyers as the iPhone.

The new-buyers breakdown, over the past 3 months:

56% of those buying a new smartphone bought an Android device 28% bought an iPhone 9% bought BlackBerry 6% bought "Other" (which contains Windows Phone, amongst others)

Of course, these stats really should have a little asterisk tucked somewhere inside. The iPhone is one phone (or two, counting the 3GS), by one manufacturer. Android is, at this point, hundreds of models, across dozens of manufacturers. That's not said to knock Android in any way - but it's worth noting that when the pie is split so many ways across so many manufacturers and models within, the iPhone is probably making exponentially more money for Apple than Android phones are for anyone.

Also worth noting, but immeasurable: how many would-be iPhone buyers held off with the knowledge that a new iPhone was not only on the way, but was actually behind its normal release schedule? It'll be interesting to see these numbers for the next three months.

Read more: http://tcrn.ch/mSpihb

Faster-than-light particle measured? Speed-of-light experiments give baffling result at Cern

22 September 2011 Last updated at 13:28 ET

Speed-of-light experiments give baffling result at Cern

By Jason Palmer

Science and technology reporter, BBC News

Puzzling results from Cern, home of the LHC, have confounded physicists - because it appears subatomic particles have exceeded the speed of light.

Neutrinos sent through the ground from Cern toward the Gran Sasso laboratory 732km away seemed to show up a tiny fraction of a second early.

The result - which threatens to upend a century of physics - will be put online for scrutiny by other scientists.

In the meantime, the group says it is being very cautious about its claims.

"We tried to find all possible explanations for this," said report author Antonio Ereditato of the Opera collaboration.

"We wanted to find a mistake - trivial mistakes, more complicated mistakes, or nasty effects - and we didn't," he told BBC News.

"When you don't find anything, then you say 'Well, now I'm forced to go out and ask the community to scrutinise this.'"

Caught speeding?

The speed of light is the Universe's ultimate speed limit, and much of modern physics - as laid out in part by Albert Einstein in his special theory of relativity - depends on the idea that nothing can exceed it.

Thousands of experiments have been undertaken to measure it ever more precisely, and no result has ever spotted a particle breaking the limit.

But Dr Ereditato and his colleagues have been carrying out an experiment for the last three years that seems to suggest neutrinos have done just that.

Neutrinos come in a number of types, and have recently been seen to switch spontaneously from one type to another.

The team prepares a beam of just one type, muon neutrinos, sending them from Cern to an underground laboratory at Gran Sasso in Italy to see how many show up as a different type, tau neutrinos.

In the course of doing the experiments, the researchers noticed that the particles showed up a few billionths of a second sooner than light would over the same distance.

The team measured the travel times of neutrino bunches some 15,000 times, and have reached a level of statistical significance that in scientific circles would count as a formal discovery.

But the group understands that what are known as "systematic errors" could easily make an erroneous result look like a breaking of the ultimate speed limit, and that has motivated them to publish their measurements.

"My dream would be that another, independent experiment finds the same thing

- then I would be relieved," Dr Ereditato said.

But for now, he explained, "we are not claiming things, we want just to be helped by the community in understanding our crazy result - because it is crazy".

"And of course the consequences can be very serious."

Source: http://bbc.in/nKNkmq

http://www.bbc.co.uk/news/science-environment-15017484

U.S. companies playing by Chinese cyber-rules

Posted at 01:00 AM ET, 09/20/2011

U.S. companies playing by Chinese cyber-rules

By Ellen Nakashima

U.S.-based tech firms seeking access to China's exploding population of computer users bend too easily to China's rules of censorship and surveillance, according to a new report by SecDev Group, a think tank focused on regions at risk from violence and insecurity.

And though the United States is at the forefront of nations supporting freedom of expression online, the report says that voluntary codes of ethical conduct so far have not worked.

In "Collusion and Collision: Searching for guidance in Chinese cyberspace," SecDev researchers criticized search engine firms for "conforming to China's censorship and surveillance policies" as the price of doing business in a market with 450 million Internet users.

"Internet companies operate in a narrow space between collusion and collision with the Chinese government," said the Ottawa-based group, which has produced illuminating reports on vast campaigns of Chinese cyber espionage on the Dalai Lama, dissidents and other groups.

In 2005, Yahoo complied with a request by the Chinese government to hand over information related to the private e-mail correspondence of Chinese dissidents - including Chinese poet Shi Tao -- who were then jailed, the report said. (Yahoo later apologized. It sold its China business to Chinese tech firm Alibaba Group in 2005 but maintained a 40 percent stake in Alibaba Group.)

Microsoft, which has e-mail, search engine and blog platform services in China, shut down a popular blog by reporter Zhao Jing at the government's request in 2005, the report stated. And like Yahoo, Microsoft has complied with government requests to filter online content, the report said.

Microsoft "both respects local authority and culture and makes clear that we have differences of opinion with official content management policies," a company spokeswoman told SecDev, in a quote included in the report..

Router firm Cisco was also the subject of scrutiny. "Irrefutable evidence has surfaced that Cisco hardware is a critical component of China's online surveillance system," the report said. (Cisco has said in other news reports that its equipment is built to global standards and not customized for use in any particular nation.)

One company -- Google -- bucked the trend, opting to shutter its search engine business on the mainland rather than continue to censor at the government's request, SecDev noted. The firm did so after discovering that China had hacked into its computer networks and stolen valuable intellectual property, while also compromising e-mail accounts of dissidents.

As a result of its decision, however, Google has paid a price. Microsoft has moved in, partnered with Chinese search engine Baidu and grabbed more of the market.

The SecDev report applauds U.S. policy as articulated by Secretary of State Hillary Rodham Clinton, who has aligned Franklin D. Roosevelt's four freedoms - freedom of speech, freedom of religion, freedom from fear and freedom from want - with a fifth: freedom of expression online.

But voluntary codes of ethical behavior have not worked, SecDev concludes. The think tank urged a new approach: legally enforceable, binding, specific commitments. What is needed, it said, were polices that ensure that U.S.-based businesses operate ethically at home and abroad.

"As responsible corporate citizens, these companies -as well as their home governments-cannot continue 'business as usual,' " said Rafal Rohozinski, founder and chief executive of the SecDev Group.

Read online:  http://wapo.st/nf3dsW

http://www.washingtonpost.com/blogs/checkpoint-washington/post/us-companies-play-by-chinese-cyber-rules/2011/09/19/gIQAAUPNgK_blog.html

Should Faking a Name on Facebook Be a Felony?

Congress contemplates draconian punishment for Internet lies

By ORIN S. KERR

Imagine that President Obama could order the arrest of anyone who broke a promise on the Internet. So you could be jailed for lying about your age or weight on an Internet dating site. Or you could be sent to federal prison if your boss told you to work but you used the company's computer to check sports scores online. Imagine that Eric Holder's Justice Department urged Congress to raise penalties for violations, making them felonies allowing three years in jail for each broken promise. Fanciful, right?

Think again. Congress is now poised to grant the Obama administration's wishes in the name of "cybersecurity."

The little-known law at issue is called the Computer Fraud and Abuse Act. It was enacted in 1986 to punish computer hacking. But Congress has broadened the law every few years, and today it extends far beyond hacking. The law now criminalizes computer use that "exceeds authorized access" to any computer. Today that violation is a misdemeanor, but the Senate Judiciary Committee is set to meet this morning to vote on making it a felony.

The problem is that a lot of routine computer use can exceed "authorized access." Courts are still struggling to interpret this language. But the Justice Department believes that it applies incredibly broadly to include "terms of use" violations and breaches of workplace computer-use policies.

Breaching an agreement or ignoring your boss might be bad. But should it be a federal crime just because it involves a computer? If interpreted this way, the law gives computer owners the power to criminalize any computer use they don't like. Imagine the Democratic Party setting up a public website and announcing that no Republicans can visit. Every Republican who checked out the site could be a criminal for exceeding authorized access.

If that sounds far-fetched, consider a few recent cases. In 2009, the Justice Department prosecuted a woman for violating the "terms of service" of the social networking site MySpace.com. The woman had been part of a group that set up a MySpace profile using a fake picture. The feds charged her with conspiracy to violate the Computer Fraud and Abuse Act. Prosecutors say the woman exceeded authorized access because MySpace required all profile information to be truthful. But people routinely misstate the truth in online profiles, about everything from their age to their name. What happens when each instance is a felony?

In 2010, the Justice Department charged a defendant with unauthorized access for using a computer to buy tickets from Ticketmaster. Ticketmaster's website lets anyone visit. But its "terms of use" only permitted non-automated purchases, and the defendant used a computer script to make the purchases.

In another case, Justice has charged a defendant with violating workplace policies that limited use to legitimate company business. Prosecutors claimed that using the company's computers for other reasons exceeded authorized access. The Ninth Circuit Court of Appeals recently agreed.

The law even goes beyond criminal law. It allows civil suits filed by private parties. As a result, federal courts have been flooded with silly disputes. In one recent case, an employer sued a former employee for excessive Internet usage from work. The alleged offense: visiting Facebook and sending personal emails. In another case, a company posted "terms of use" on its website declaring that no competitors could visit—and then promptly sued a competitor that did.

Remarkably, the law doesn't even require devices to be connected to the Internet. Since 2008, it applies to pretty much everything with a microchip. So if you're visiting a friend and you use his coffeemaker without permission, watch out: You may have committed a federal crime.

Until now, the critical limit on the government's power has been that federal prosecutors rarely charge misdemeanors. They prefer to bring more serious felony charges. That's why the administration's proposal is so dangerous. If exceeding authorized access becomes a felony, prosecutors will become eager to charge it. Abuses are inevitable.

Real threats to cybersecurity must be prosecuted. Penalties should be stiff. But Congress must narrow the Computer Fraud and Abuse Act before enhancing its penalties. There's no reason to make breaching a promise a federal case, and certainly not a felony crime.

Mr. Kerr, a former federal prosecutor, is professor of law at George Washington University School of Law.

Read more: http://on.wsj.com/qXaROl

http://online.wsj.com/article/SB10001424053111903285704576562294116160896.html?mod=djemEditorialPage_h

Microsoft joins the anti-Flash crowd with IE10

By: Stephen Shankland SEPTEMBER 15, 2011 9:06 AM PDT

The first big blow to Flash was Apple's iOS. Now Adobe Systems' browser plug-in faces another major threat to its relevance: Microsoft has banned it and all other plug-ins from the "Metro" version of Internet Explorer 10.

Metro is the modern "touch-first" interface that plays a starring role in the radically new look of Windows 8, which Microsoft plans to release in 2012. Microsoft will ship the new OS with two versions of IE10, one for Metro and one a brushed-up version of the current Windows 7 interface.

While the legacy version of IE10 will accommodate plug-ins, the Metro won't, IE team leader Dean Hachamovitch said in a blog post last night during the company's Build conference.

His words should be music to the ears of those who are critical of Flash and those who are fans of a new swath of Web standards often designed to replace Flash. Dean wrote:

Running Metro-style IE plug-in free improves battery life as well as security, reliability, and privacy for consumers. Plug-ins were important early on in the Web's history. But the Web has come a long way since then with HTML5. Providing compatibility with legacy plug-in technologies would detract from, rather than improve, the consumer experience of browsing in the Metro-style UI.

Adobe isn't putting all its eggs in the Flash Player basket when it comes to wooing developers. It's got a growing range of software including Edge, Muse, Wallaby, and the years-old DreamWeaver for those using Web standards. And Adobe has begun participating in Web standards development.

But Flash Player remains an important priority for the company as it seeks to attract developers who want to write software that can span many browsers and operating systems. Adobe is working hard to bring it to the mobile realm, notably with Android, and Adobe's Flash team was triumphant when a Flash-based game rose to the top of the iPad charts.

In addition, Adobe is pushing Flash ahead as fast as it can. The new Flash Player 11 has reached release-candidate stage, bringing features such as accelerated 3D graphics and a 64-bit design. At the same time, Adobe is being more circumspect about the tasks best suited to Flash as HTML5, CSS3, faster JavaScript, and other Web standards advance. Those areas for Flash include games, advanced video, and companies' in-house applications.

Adobe didn't immediately respond to a request for comment.

Adobe isn't the only casualty of Microsoft's decision, though. Microsoft itself also loses out with its Silverlight plug-in, which never really succeeded in denting Flash's widespread use on desktop browsers.

Silverlight apps, though, can be converted to Metro apps, as Microsoft took pains to explain at the Build conference.

Read more: http://cnet.co/p4KUlI

http://news.cnet.com/8301-30685_3-20105870-264/microsoft-joins-the-anti-flash-crowd-with-ie10/#ixzz1YDyefax7