Facebook changes privacy settings again
- "Ever considerate of its users, Facebook has determined that its privacy settings needed a bit of a shuffle to keep things clear and easy to find. To that end they’ve taken the “privacy settings” settings and scattered them mischievously among the other categories." - Tech Crunch
- This is another example of Dark Patterns
- "A dark pattern is "a user interface that has been carefully crafted to trick users into doing things, such as buying overpriced insurance with their purchase or signing up for recurring bills"- Wikipedia
- In 2018, Facebook wrote on their blog: "We’ve redesigned our entire settings menu on mobile devices from top to bottom to make things easier to find. Instead of having settings spread across nearly 20 different screens, they’re now accessible from a single place"
- The most recent update says: "Settings are now grouped into six broad categories, each containing several related settings: Account, Preferences, Audience and Visibility, Permissions, Your Information, and Community Standards and Legal Policies … We’ve unbundled the Privacy Settings category and moved the settings previously contained within it into other categories."
- Rather than go to one place to update your "privacy" settings, they are spread across these six categories, simple and clear, right?
- They also made "Privacy Checkup", a "guided review" of your privacy settings, more prominent. This could give them the opportunity to use dark patterns to guide you to privacy settings that are less favorable for you and more favorable for Facebook
- Here's great article from Tech Crunch that calls out Facebook and Google for Dark Patterns:https://techcrunch.com/2018/06/27/study-calls-out-dark-patterns-in-facebook-and-google-that-push-users-towards-less-privacy/
The T-Mobile breach is a disaster for privacy and security:
- T-Mobile has had another, data breach, its sixth in four years
- Unfortunately, more than 48 million people had their data compromised
- The data includes full names, dates of birth, social security numbers, and driver’s license information
- 850,000 prepaid customers also had their phone numbers and PINs exposed
- The investigation continues, meaning that it may be determined that more information and/or more users were exposed, this is often the case
- T-Mobile said that more than 40 million of these people are former or prospective customers who had applied for credit meaning that the vast majority are not T-Mobile customers!
- International Mobile Equipment Identity numbers are implicated in the breach, the IMEI makes it easier for SIM-swap attacks
- Why was T-Mobile sitting on this information for 40 million people who are not customers?
- "Generally speaking, it’s still the Wild West in the United States when it comes to the types of information companies can keep about us," says said Amy Keller, a partner at the law firm DiCello Levitt Gutzler
- Until the US has laws like GDPR that take a very hard line on privacy, expect more of this
- T-Mobile has implemented some protections for victims:
- Two years of identity protection services from McAfee’s ID Theft Protection Service
- Reset the PINs of the 850,000 prepaid customers
- Recommendation thatcurrent postpaid customers change their PINs
- Adding an Account Takeover Protection service to block SIM-swap attacks
- T-Mobile customers:
- Change your PIN and password
- Sign up for the ID monitoring
- Use an authentication app for MFA codes rather than text based One Time Passcodes (OTP)
Back-to-School cyber safety tips from CISA:
- CISA is the Cybersecurity and Infrastructure Security Agency:
- https://us-cert.cisa.gov/ncas/current-activity/2018/08/10/Back-School-Cyber-Safety