Friday, July 30, 2010

26. public information is, uh... public?

i don't know whether or not to tag this post as part of my common damn sense series.  but what i do know from this story is that torrents can cause floods.

by now you might have read a story about the recent activities of one ron bowes, a security consultant and former employee of symantec (if not, check it here).  thanks to his handiwork there is now a torrent roaming the interwebs containing information on over 170 million facebook users.  now before you start to panic and check your account for hacks, understand that no private information was taken.  the torrent file, which weighs in at slightly under 3gb, is nothing more than a consolidated list of all public information that are made public by facebook users.  how did he do this?  all he had to do was make a crawler to scour the facebook directory, publicly available at, which on its own is still kind of spooky to look at.  no hacks.  no cracks.  technically not even a security breach.

so what was the motivation?  back when bowes worked at symantec, he posted something on the symantec blog called attack of the facebook snatchers (which i highly suggest all of you read).  this blog post was about data phishing, and went over the idea of how privacy is an illusion, and that illusion can cause people to be far more free with the information they share.  the spirit of this was to enlighten users as to how public information can be used to exploit you.  that's what he does.  facebook, of course, was not a fan of the post.  in the same vein came this torrent he recently created, which is, in my opinion, in that same spirit of awareness in the digital age, even though it started as a pool of test users for a security tool.  by his own words (i'd link his blog at skull security but it seems to be down):

"Why do I bring this up? Well last week @FSLabsAdvisor wrote an interesting Tweet: it turns out, by heading to, you can get a list of every searchable user on all of Facebook!

My first idea was simple: spider the lists, generate first-initial-last-name (and similar) lists, then hand them over to @Ithilgore to use in Nmap's awesome new bruteforce tool he's working on, Ncrack.

But as I thought more about it, and talked to other people, I realized that this is a scary privacy issue. I can find the name of pretty much every person on Facebook. Facebook helpfully informs you that "[a]nyone can opt out of appearing here by changing their Search privacy settings" -- but that doesn't help much anymore considering I already have them all (and you will too, when you download the torrent). Suckers!

Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details. If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops :)"

i've left the link to the torrent out of this because i don't think you really need to have it.  well those of you that do want it probably know how to get your hands on it anyway.  but think about how scary the ease of this actually is.  even though this torrent only contains "public" information, and nothing more than what can be googled for, it can still provide a lot of useful information, depending on who you are and what your intentions are.  the amount of information people voluntarily make public is sometimes nauseating - i've seen mild to medium levels of incriminating photographs, as well as phone numbers.  that's a big one - kind of counteracts that no-call list you signed up for, doesn't it?  it's almost cute that some people think privacy still exists on the internet.

so what's the point here?  as it always is with social networks, make sure you are the one who controls what others see.  the problem in this particular story isn't the bad security man hacking your info, it's not really big bad facebook not protecting users, it's that your public info is in fact, public.  and therefore easily accessible.  don't publicize anything that could remotely come back to bite you later.  given that the facebook service has extended from the chosen social network of twenty somethings to teenagers makes this all the more important.  facebook's response to this whole thing is that they offer a number of controls to allow users to take their name out of the directory, and make their profiles unsearchable by engines like google or bing.  this is too bad for people that fall into the "didn't know why" or "don't know how" category of users.  even though this isn't really facebook's fault, they should go out of their way to make sure that users are fully aware of the privacy controls offered to them.  facebook, as mr. bowes says, "has a special responsibility to go beyond doing the bare minimum."

on top of that, there are reports from gizmodo that large corporations and groups are downloading the torrent, either authorized or not.  this includes computing giants like apple and HP, as well as groups like the united nations and the church of scientology.  i'm not sure how legit this is, but gizmodo's generally pretty good about that.  i'm not really surprised - i mean think about the statistical relevance of a sample size of 170 milion.  their marketing departments must be very happy.

at any rate, hopefully this whole thing will make people re-think the way they share information in the future.

Thursday, July 22, 2010

25. microsoft's mobile hail mary - windows phone 7

microsoft's kin two
in mobile device tech, the last two years have generally been the era of two companies - apple and google.  apple successfully took the "device" approach, focusing all of their efforts into the iphone line.  google focused more on a platform rather than a device, tuning their android system the run with an array of hardware behind it.  both companies produced and continue to produce solid products.  but they were not to be outdone by software giant microsoft, who had been talking some pretty big game about their windows phone 7.  you know, the one that lets you hook up to xbox live?  the one that provides office integration and lets you cleanly manage your social networks?  yeah, that one.  so we all held our breath as they released the brand new... kin?

... what?

ultimately the kin one and kin two were a pair of horrible failures.  i mean what can you do when no one wants the product?  what i can say is that they definitely were different than other available smartphones, but at the same time served as an illustration that different doesn't always mean good.  a casualty of a botched project with the creators of what became t-mobile's sidekick, the kin was finally relieved of the twisted misery that was its existence by microsoft last week.  kin has been the latest misstep in microsoft's quest to become relevant in the mobile/smartphone market again, and combined with the lukewarm reviews of the windows mobile 6.5 OS that is currently running on windows-based smartphones, they have no choice but to pick it up.  windows phone 7 is supposed to be their answer, but after two years of development do they have what it takes to compete with the iphone and droid-based devices?

coming off the heels of the kin debacle, microsoft promised that all focus has been shifted to windows phone 7, and that it was going to be awesome.  based on what i first saw months ago on it, i thought that maybe it would live up to the hype.  but what about the timing?  within the last 2-3 months, apple's iphone 4, motorola's droid x, and htc's incredible emerged as the most sought-after smartphone devices in history between at&t and verizon wireless.  windows phone 7 is slated to be available by the upcoming holiday season, after most of us have had one of the aforementioned devices for only 4-5 months.  and while i can't speak for others, i generally will wait until i have an upgrade discount on my mobile account to buy a new phone - otherwise, most smartphones range from $500-$600 at full price.  and i don't know how many people have that kind of spare scratch just laying around.

microsoft's windows phone 7
to combat the timing issue (at least i think) microsoft recently conducted a "technical preview" of windows phone 7 for developers, and while it looks fairly slick overall, it looks like it still needs some work to compete with the heavy hitters.  tech bloggers that were fortunate enough to get hands on with it (you know, the ones that do this for a job, like engadget) have some video of the UI navigation.  it shows that that the touch response is super fast, and scrolling through the "tiles" on screen is effortless.  zoom, much like its competitors' handsets, are controlled by easy pinch movement, and the virtual keyboard gets high marks for accuracy while typing.  the familiar zune music interface is pretty smooth too.

regardless, i still see some issues that will prevent microsoft from converting iphone/droid users to windows phone 7.  first, copy and paste isn't supported.  on its own i guess it's not that big of a deal, since this was already known information from the MIX10 conference in march, but when microsoft's trying to highlight the business focus of the device, it seems like that would be an important function for the on-the-go business user.  it would definitely enhance their office mobile and exchange integration functionality.  second is a lack of multitasking for third party apps.  android introduced this first, with the iphone following suit, which puts windows phone 7 behind on that front.  third, and this is a big one for me, no navigation.  they do a good job of integrating bing and bing maps into the UI, but neither of those provide turn-by turn navigation or gps-style functions.  in an era where a lot of consumers are looking to have one strong multifaceted device, such as using their phone as a gps unit in their car, this might be a problem.

overall, for mainstream users or users that want email, web browsing, and high levels of social integration, the windows phone 7 looks like it would be a solid choice.  for the "super user," however - the user who wants it all, are going to find it a little wanting vs the existing options from apple, motorola, and htc.  but there's still time, and developers have some stuff in hand, so let's see what they can throw together by the holiday release.

the thought of many is that if this mobile hail mary from microsoft doesn't work then they should consider permanently getting out of the mobile game.  the problem is that they can't.  the prevalent trend among tech users, both personal and business, is that an increasing amount of work (and play) is being done on mobile platforms, not seated behind a desk on a pc.  it's the basic convergence of two forms of tech - pc's got smaller and more portable while cell phones became more powerful.  soon the two became one.  and as one of the standards in computing, microsoft has no choice but to extend their brand into the mobile sphere, like apple and google have successfully done.  if the windows phone 7 doesn't fly, they have no choice but to keep trying.

Tuesday, July 6, 2010

24. iphone's antenna issues - motorola with the burn, new york times with the assist.

apple iphone 4
in what seems like the eternal saga of apple and google's android (for my younger readers, it's kind of like edward and jacob, just for phones), the war continues to play out in the media.  generally the two tech giants have been playing nice, trying to talk up their own product with little to no insult of their competition.  until now.  the most recent shot was fired by team verizon against their, well, fruitier opponent in a recent edition of the new york times.  anyone who opened it up on june 30th saw a full page advertisement (click below for full size), in color of course, of motorola's upcoming droid x mobile device, which will descend upon the public on july 12th.  in this ad, the core features and selling points surround a large image of the device itself, following a traditional "here's why we're awesome" approach.  until the very end:

"and most importantly, it comes with a double antenna design.  the kind that allows you to hold the phone any way you like and use it just about anywhere to make crystal clear calls."

the ad that launched 1000 burns
BURN.  if apple and google were playing battleship, the appropriate response here would be "hit."  i wonder if this ad ran on the new york times ipad edition.  hmm.

verizon / motorola / google put a spotlight on apple's most recent public problems.  the antenna in question was to revolutionize (surprise, surprise) antenna design, by having it external, and integrated into the unit's casing.  holding the phone in the so-called "death grip" (tightly on the outside rim) in this configuration visibly causes signal strength (i.e. how many bars you have) to decrease and cause calls to drop.  spencer webb, an an antenna consultant working for apple, says differently - that short bars don't mean dropped calls, and that "full bar" and "short bar" calls are the same in call quantity.  apple claims that it's just a software calculation issue, there is no signal strength issue, and that users will be able to see a fix in the visual problem in the next iOS software update, 4.0.1.  another test run by anandtech did some more quantitative testing on their own, and calculated a difference of 24dB when the iphone is tightly held, which is enough to drop a call if you live in an area where you have consistently 4 bars or less.  if you have 5 bars constantly, then don't worry about it.

by itself, that should have been the end of it, but it was only the beginning of the complaints.  it turns out that a $29 "bumper" is available from apple, and it's almost required to minimize the death grip induced antenna fail.  some users became so irate that ultimately class action lawsuits (this is the first one, but there's more) have been filed against both apple and at&t for this plus a number of complaints, all the way up to intentional, negligent misrepresentation and fraud.  are these lawsuits bordering on the ridiculous?  sure.  i don't see how some of the claims really stand.  do i think that users deserve compensatory damages?  well, yes.  exactly what they paid for the iphone to begin with.  it's called a return policy.  and given that most iphone 4 purchases are upgrades, if they charge you a restocking fee then that's your penalty for blind loyalty.

apple and steve jobs have remained pretty silent on the issue, not addressing customers' requests that apple provide bumpers at no charge to alleviate this problem.  big steve's expert advice is to buy their bumper case or "just avoid holding it in that way."  but every photograph or television spot shows users and steve jobs himself holding it the "wrong" way!  i mean what is a loyal apple head to do??  don't believe me?  check out the compiled gallery here.

i know, i thought the same thing - absolute wonderment.  in addition to all of this, the folks at boy genius report have gotten their hands on apple's troubleshooting procedures on this issue.  reading them over definitely shows a lack of concern for their loyal customer base.  in my opinion, apple should at bare minimum send out free bumpers to current iphone 4 customers to rectify a problem they acknowledge exists.  gizmodo is of the same mind, and has started a petition to convince apple to come around on this one. is sending out free iphone 4 "lifegrip" cases, for the cost of shipping, which is as low as $3.39 for first class mail.

this amid even more rumors about iphones for verizon wireless.  give it a rest, with android powerhouses like the htc incredible, motorola droid x (my next digital acquisition) and upcoming droid 2, my guess is that verizon will be trying to foster that partnership before renewing any interest in the iphone.  just doesn't make sense.