Domain: myfoxdc.com
Stories and comments across the archive that link to myfoxdc.com.
Stories · 12
-
Man Claims Cell Phone Taken By DC Police For Taking Photos
First time accepted submitter hawkinspeter writes "Just one day after Chief Cathy Lanier made it illegal for MPD cops to take recording equipment, a 26-year-old local man had his phone taken as he was trying to record a violent arrest. They eventually gave back his phone, but without the memory card which also contained photos of his daughter along with the record of the alleged police brutality." -
SFPD Breathalyzer Mistake Puts Hundreds of DUI Convictions In Doubt
Mr. Shotgun writes "According to CBS, 'Hundreds, or even thousands, of drunk driving convictions could be overturned because the San Francisco Police Department has not tested its breathalyzers, officials said Monday. For at least six years, the police officers in charge of testing the 20 breathalyzers used by the Police Department did not carry out any tests on the equipment. Officers instead filled the test forms with numbers that matched the control sample, said Public Defender Jeff Adachi, throwing countless DUI convictions into doubt.' Apparently this has happened before." -
Privacy Hacking Worse Than PR Flacking
Here's frequent Slashdot contributor Bennett Haselton who writes "Facebook apparently hired a PR firm that tried to seduce some pundits into writing negative editorials about Google. The 'attack angle' would have been that Google was endangering users' privacy by scraping information about users from Facebook and making such information easier to find with a Google search." Hit the link below to read the rest of Bennett's story.The reliably cynical Seth Finkelstein commented that the attempted editorial-planting was just "often implicit dealing made explicit", (i.e. that pundits are drafted as fronts for corporate publicity campaigns like this all the time, and that the PR firm in this case spoiled the game by rudely blurting out the terms of the deal, like a guy offering to buy a girl dinner if she'll sleep with him). Steven Levy of Wired opined that with regard to the privacy issues, Facebook was the real villain for exposing information in the first place that many users would rather keep private.
Some perspective here: In 2008, I was corresponding with a high school student (using one of the Circumventor sites to get around their local school Internet blocker, naturally) who mentioned that he was able to see all the personal information of other students in his Facebook high school network -- including email address, phone number, and home address, if the user had uploaded that information to Facebook -- even if those users had not confirmed him as a friend. (Facebook allows users to join one or more "networks" indicating their school affiliation, workplace, city of residence, etc. -- such networks are distinct from Facebook groups and fan pages.) Double-checking with a few more users in the same network and in other high school networks, we found that it really was possible for any member of a high school network to view the profiles of any other member of that high school network and see all of their personal information.
Unlike other types of "networks" on Facebook, it is not possible to join a high school network simply by specifying it in your preferences. However, all of the students that I corresponded with said that in order to join their high school networks, they simply had to request to join the network, and then get a friend request confirmed by an existing member of that high school network. Which means that conning your way into the network would be easy: either (1) create a profile with the name and photo of a real student at that school, and send out friend requests to that student's friends, hoping that one of them would confirm you (not remembering that they had already friended that person under their real account), or (2) create a profile with a hot girl's picture and send out random friend requests to a bunch of guys in the network. Once you got confirmed, you'd have access to all the personal information that any student in that high school had posted on their profile. (I hasten to add that we did not actually try either of these things, but it stands to reason that it would work, since it wasn't functionally any different from what all of those students actually had to do in order to join their networks in the first place!)
I sent a message to Facebook's security team about this, and got a non-form-letter response from a real person -- their reply, however, was that this behavior was by design:
We believe this allows for greater sharing and helps make the site more useful for people, though we also recognize the potential for misuse. That's why we've built a peer verification system around the joining of high school networks. We also use automated systems to detect and flag anomalous behavior, like lots of messages sent to non-friends or a high percentage of ignored friend requests.
Smart, but probably not secure enough. For one thing, if someone is creating disposable accounts to send out friend requests in hopes of getting into a high school network, it only has to work once, so even if most of their accounts get flagged for "anomalous behavior," they only need one that doesn't get flagged. And even if that account does get flagged and cancelled later, by that time it might be too late, if they've already grabbed enough users' information. In any case, some time between 2008 and 2011, Facebook did change the behavior of high school networks so that members can no longer see the personal information of other members without a confirmed friend request. But this loophole was not that difficult to find, and it's likely that at least a few other users had discovered the same issue.
Now, imagine what would have happened if Facebook had announced that, for a fee of a few hundred dollars, they were offering CDs for sale containing the names, addresses, mobile phone numbers, and instant messenger names of all the high school students on their site (along with, of course, all the photos those students had posted of themselves). It goes without saying that after the class action lawsuits had finished, there'd be nothing left of the company but a smoldering crater. Now, I'm not suggesting that Facebook's security policy for high school networks was anywhere near as bad as selling CDs with all the personal information of their high school users, but it's worth thinking about why it should not be considered as bad. In either case, anybody willing to spend a few hundred dollars (or, equivalently, a few hundred dollars' worth of effort -- the effort to discover the loophole, and then to crank out the friend requests) could obtain the personal information of as many high school students as they wanted. What's the difference?
Well, obviously, there's the message that it would send if a company like Facebook offered to sell CDs full of users' personal information. It would lower the bar for future behavior by similar companies, it would make users extremely cynical about trusting the motivations of social networking sites, and in the long run it might even cause courts to decide that users had no reasonable expectation of privacy when joining those sites, because it was "common knowledge" and "common practice" that those sites offered up people's personal information for sale! On the other hand, if Facebook makes that information available indirectly through "benign neglect" -- by, for example, forcing you to create a fake high school profile and send out a bunch of friend requests and create a new profile from scratch if your first one gets canned -- that's far less likely to cause the side effects I just listed. MySpace is not going to get the idea that it's OK to start selling CDs of users' personal information because, hey, Facebook let people pry out the same information if they jumped through enough hoops.
But what this means is that fairly mild privacy issues, if they arise as a result of deliberate choice by a company like Facebook, are likely to get more press attention than far more serious privacy issues that arise as a result of benign neglect. Because when Facebook makes a deliberate choice that affects user privacy (like sharing users' preferences with Pandora), the pundits and the public are reacting to the direct privacy implications of that action, plus all the auxiliary issues, like the "message" that it sends, and the precedent that it sets for future actions by that company and other companies. Whereas if an issue arises as a result of neglect (as in the case of PlayStation Networks users' credit cards being stolen), people are reacting only to the direct privacy implications of the incident, so the issue has to be much more serious to get the equivalent amount of press.
For example, the right reason to be concerned about Facebook sharing users' personal information with Pandora, was the principle that it violated -- if users say "no" to sharing their personal information, Facebook shouldn't be allowed to switch that choice unilaterally. But as for the practical implications -- come on. Facebook and Pandora are both big faceless corporate behemoths as far as we're concerned, so why would we trust one with our personal data but not the other? Besides, what if Facebook had simply bought out Pandora? Then they could share all of our personal information with all the employees of the newly merged Facepanbookdora, and the exact same people would have had access to the exact same data, but it wouldn't have violated the agreement against sharing information with "third parties," because they wouldn't be a third party any more.
When I first found that email addresses of Ameritrade customers had been obtained by a pump-and-dump stock spammer, I was sure (as were most readers, probably) that Ameritrade was not deliberately selling its customers' email addresses; I figured that they had simply left their database inadequately secured, and some third party had broken in and stolen it. On the other hand, because the incident happened as a result of benign neglect and not deliberate choice, I figured the incident would not garner much press as a result, and that seems to have been the case -- the wholesale thievery of Ameritrade customers' personal information by financial criminals received far less press attention than, say, Facebook's decision to change their privacy policy so they could share information with Pandora.
What this means is that if you're an ardent cyber-rights hippie like me, then yes, you should care about the privacy issues that set the blogosphere afire, even if they're fairly minor privacy issues that are magnified out of proportion because they speak to the deliberate intentions of the companies involved. It matters that Facebook decided one day to share our music preferences with Pandora, even if it doesn't hurt anyone.
On the other hand, if you simply care about threats to your personal privacy, then you should heavily discount the noise being made about deliberate choices taken by companies like Facebook, and pay far more attention to dangers of benign neglect by the company guarding your privacy, when that benign neglect is exploited by malicious outsiders. If you have a stalker and you're worried about them finding your Facebook profile, it makes no sense to be worried about Google scraping the information from the public version of your Facebook profile, if it's the same information that your stalker would be able to see anyway if they were logged in to Facebook themselves. It's far more likely that your stalker would try to exploit a weakness in Facebook's privacy settings -- for example, ingratiating themselves with one of your Facebook friends and getting them to accept a friend request, so that they can then see any information on your Facebook profile that is viewable to "friends of friends." Maybe you knew about that already, but if you didn't, you wouldn't know it from reading all the punditry about the Facebook-Google kerfuffle.
-
Man Dies of Caffeine Overdose
morgan_greywolf writes "A British man died after poisoning himself with two spoonfuls of caffeine powder bought over the internet. Michael Lee Bedford, 23, from Mansfield, central England, was at a party in April when he swallowed caffeine powder that a friend bought online for £3.29 ($5.26), Nottingham Coroner's Court heard Thursday. He washed the powder down with an energy drink, and around 15 minutes later began sweating and vomiting blood. He later died at King's Mill Hospital in Nottinghamshire, central England, the Nottingham Post reported." -
Drug-Sniffing Dogs For Parents
For about $200 an hour, Maryland parents can have drug-sniffing dogs from a nonprofit called Dogs Finding Drugs search their homes, and destroy whatever bit of mutual respect they share with their children. The group won't confiscate any of the drugs they find, and promises not to notify the police. Owner Anne Willis says her phone is ringing off the hook with parents wanting their homes searched. -
"Super Monkey" Security Force Used At Commonwealth Games
The New Delhi Municipal Council (NDMC) has increased the strength of its monkey security team for the Commonwelath Games. The large langur monkeys are used to scare away smaller, more troublesome primate species from sporting arenas and food stalls. "From tomorrow onwards we will increase the number of langurs from 28 to 38. The additional langurs will take care of the Games venues and other important areas," an NDMC official told the Press Trust of India news agency. Sounds like a good idea until the monkeys learn how to throw barrels. -
French Police To Fine Shirtless Tourists
The locals of such seaside French towns as Cannes and St. Tropez are sick of looking at the pasty white skin and hairy chests or tourists who invade their towns every year. If you walk around shirtless you now face a $48 fine. From the article: "The tough laws came into force after locals were shocked by a group of British rugby fans who took off their shirts while watching a match. 'We're not saying there has been a general moral decline, but some people have complained,' Perpignan security chief Pierre Parrat said." -
ACLU Sues Over Legality of "Targeted Killing" By Drones
MacAndrew writes "The ACLU has sued the United States Government to enforce a Freedom of Information Act (FOIA) request for 'the release of records relating to the use of unmanned aerial vehicles — commonly known as 'drones' — for the purpose of targeting and killing individuals since September 11, 2001.' (Complaint.) The information sought includes the legal basis for use of the drones, how the program is managed, and the number of civilian deaths in areas of operation such as Iraq, Afghanistan, Pakistan, and Yemen. The ACLU further claims that 'Recent reports, including public statements from the director of national intelligence, indicate that US citizens have been placed on the list of targets who can be hunted and killed with drones.' Aside from one's view of the wisdom, effectiveness, and morality of these military operations, the inclusion of US citizens suggests that summary remote-control executions are becoming routine. Especially given the difficulty in locating and targeting individuals from aircraft, risks of human and machine error are obvious, and these likely increase as the robots become increasingly autonomous (please no Skynet jokes). This must give pause to anyone who's ever spent time coding or debugging or even driving certain willful late model automobiles, and the US government evidently doesn't want to discuss it." -
Man Threatened Spam Attack In $200,000 Extortion Plot
52-year-old Anthony Digati was arrested for trying to extort $200,000 from an insurance firm by threatening to spam them with six million emails unless they paid up. Digati said he would use a spam service and his amazing talents as a "huge social networker" to drag the company "through the muddiest waters imaginable" and presumably unfriend everyone. He added that the price would increase to $3 million if they failed to pay up by Monday, according to federal authorities. -
Man Arrested for Drinking Coffee While Naked in His Home
29-year-old Eric Williamson is facing indecent exposure charges after a passerby spotted the man naked in his kitchen making coffee. A spokesman for the Fairfax County Police said officers arrested Williamson because they believe he wanted to be seen naked by the public. Williamson says, "Yes, I wasn't wearing any clothes but I was alone, in my own home and just got out of bed. It was dark and I had no idea anyone was outside looking in at me." I have to agree with Eric. It's not like he was doing anything potentially dangerous like working a waffle iron without clothes first thing in the morning. -
Cell Phone Accidentally Turns On Stove
RevWaldo writes "A Brooklyn man can't sleep at night knowing that the bizarre inter-gadget relationship between his Sony Erickson PDA and his Maytag Magic Chef stove might leave him burned. Last Monday Andrei Melnikov discovered that his cellphone was turning on his stove when he got a call in the kitchen. The phone had been on the kitchen counter when it rang, and as he answered it and walked away, he recalls hearing a faint beep. Minutes later, he smelled smoke, and discovered that some plastic cookware left in the oven was on fire. The incoming call had somehow turned the broiler on high, a phenomenon which Melnikov demonstrated for his landlord and reporters. They believe this is the first time this has happened in the three years since Melnikov has owned the stove and the phone, but since neither device is talking, nobody really knows how long this hot affair's been going on. Melnikov and his girlfriend have put a stop to it by unplugging the oven, and they're afraid to plug it back in because of their pet chinchillas. Maytag is sending someone to "fix" the problem, but will the lonely old Maytag man really have the heart to stand in the way of such fiery passion?" -
McCain Campaign Sells Info-Loaded Blackberry PDAs
An anonymous reader writes "A news station in Washington D.C. has reported that the McCain Campaign has allegedly sold to reporters Blackberry handhelds with campaign-related information such as e-mail messages and phone numbers: 'We traced the Blackberry back to a staffer who worked for "Citizens for McCain" ... The emails contain an insider's look at how grassroots operations work, full of scheduling questions and rallying cries for support ... But most of the numbers were private cell phones for campaign leaders, politicians, lobbyists and journalists. "Somebody made a mistake," one owner told us. "People's numbers and addresses were supposed to be erased."'"