The UpStream

FTC fines TikTok for violating child privacy laws, others might follow

posted Saturday Mar 2, 2019 by Scott Ertz

FTC fines TikTok for violating child privacy laws, others might follow

Over the past year, the issue of child privacy and protection online has become a big topic, and for good reason. Many large companies have either passively ignored their responsibilities, or have actively gone out of their ways to target children. Last April, YouTube was accused of purposely collecting information from minors, with a significant amount of evidence. Only a week later, another report exposed a large number of violations in Google Play. In July, Facebook and Instagram began purging profiles of those who do not have parental permission for an account.

All of these problems come about because of a US law entitled Children's Online Privacy Protection Act (Coppa). Passed in 1998, and amended in 2012, the law regulates the way that information about children under 13 must be handled. Essentially, no company operating within the US can collect any identifying information about children. For some platforms, this is no problem. However, for platforms like Facebook, Instagram, or YouTube, it is the basis of their business model to collect info. By their very nature, if a child creates an account, authorized or not, their information will be tracked passively.

Some companies, however, go out of their way to try and attract children into their platforms. One of the biggest offenders of this is TikTok, the Chinese replacement for Musical.ly. The company, Beijing ByteDance, purchased the Musical.ly platform in December of 2017 and rebranded it under their existing TikTok brand. Musical.ly, however, was known for appealing to children, and the company, both before and after the buyout, knew that their userbase skewed very young. In fact, 7 of the most popular accounts were all under 13.

That is why the US FTC has fined the company $5.7 million, for violating various aspects of COPPA. For example, Musical.ly required users to enter their real names, email addresses, phone numbers, and profile pictures before using the app. In addition, the platform made profiles public by default and still exposed photos and usernames publicly if made private, as well as allowing direct messages. The company even turned a blind eye after thousands of parental complaints about this, plus the fact that there was no infrastructure for parental consent. The FTC's decision was 5-0 in favor of the fine.

PlayStation eliminates free games for PS3; Xbox, Nintendo expand

posted Saturday Mar 2, 2019 by Scott Ertz

PlayStation eliminates free games for PS3; Xbox, Nintendo expand

If you are a PlayStation Plus subscriber, you may have noticed a change to your free game selection this month. That's because, starting March 2019, Sony will no longer include PlayStation 3 or PlayStation Vita games in the selection. This is not a surprise, from the perspective that Sony announced a year ago that it was coming. It is a surprise, however, from the perspective that the company's competitors are moving the other way.

Over on the Xbox side of the world, the free games that are made available has recently begun including games from the original Xbox. For example, available right now is Star Wars Republic Commando

, a game originally released in 2005. While the free title won't play on the original Xbox itself, it will run on all models of the Xbox 360 and Xbox One. The only reason it won't run on the original hardware is that the original Xbox Live was shut down in favor of bringing new features for the 360 and One.

On the Nintendo Switch side of things, the recently launched Switch Online service has focused exclusively on classic titles. This service is only available on Switch, meaning that the games cannot be played on the NES, but that is obviously to be expected.

By eliminating the free games on Sony's older consoles, it creates a few new problems for the company. The most obvious is that anyone who is exclusively using the older hardware and has not upgraded to a PlayStation 4, have essentially no motivation to keep the service. This is because there are very few benefits, outside of the free games, on the older hardware. This is going to encourage the company, through financial means, to drop more support for this hardware in the near future. It also means that Sony is essentially bringing about the end-of-life for support of this hardware. Most of the PLuGHiTz Live team regularly uses older gaming hardware, and this abandonment is a disappointment for those who continue to support Sony.

Thunderbolt is the most recent way to hack into your computer

posted Friday Mar 1, 2019 by Scott Ertz

Thunderbolt is the most recent way to hack into your computer

Over the last couple of weeks, there have been a number of reminders that any device that plugs into a computer port can be a hazard. This is even truer when the device plugs into an actively powered port, like USB. A few weeks ago, a flaw was demonstrated that showed that a USB cable could easily be made to create an opening for remote hacking into a system. The flaw is called BadUSB and was actually discovered years ago. Only recently, however, was the flaw applied to anything other than storage devices.

This week, a similar flaw was discovered that affects Thunderbolt devices, rather than traditional USB. This discovery comes care of research conducted between the Department of Computer Science and Technology at the University of Cambridge, Rice University and SRI International. The more creatively named Thunderclap bypasses Input-Output Memory Management Units over Thunderbolt over USB-C, otherwise known as Thunderbolt 3. According to the report,

An essential insight is that, while IOMMUs allow peripheral devices to be constrained, the DMA interface between device drivers and peripherals is a porous and complex attack surface that malicious actors can manipulate to influence software behavior and trigger vulnerabilities.

All of this underscores a recurring problem: insecure innocuous items. Over the years, we've seen a number of seemingly safe devices and software turn out to be just the opposite. The most obvious situation is mobile apps that pretend to be games and productivity software, but actually, steal your data and upload them to remote servers. Less obvious, but potentially more dangerous, are phone charging stations, like what you see at the airport. It is possible to place a Raspberry Pi inside of the charging station designed specifically to read data over the USB port on your phone.

The important thing to remember is, don't plug your device, either computer, phone, or tablet, into anything you do not trust entirely. Purchase USB cables and flash drives from known brands. Don't charge your phone on someone else's plug - always use your own environment or a Qi charger. Your privacy and security are not worth the slight savings you might receive.

Big changes to monetization and content moderation for YouTube

posted Saturday Feb 23, 2019 by Scott Ertz

Big changes to monetization and content moderation for YouTube

For content creators, there is nothing worse than the strike system. Most users will receive one strike in their lifetime, often for things that are out of their control. That first strike will disable live streaming capabilities, and can even turn off monetization. The company has changed its policies on strikes, making the first rule violation a warning rather than a strike. This means that the majority of users will never receive an actual punishment anymore, making it far easier to build an audience. This applies to almost all rules but does not adjust YouTube's active content censorship.

Once YouTube began the process of censoring content, it was predicted that it would produce a slippery slope of continued censorship. While it started with advertisers complaining about terror videos, it has definitely evolved. Just last month, the company announced that they would define truth, and censor content that does not coincide with their truth. That policy has expanded its definition this week, officially declaring that anti-vaccination videos defied their truth. Because of this, any video that discusses anti-vaccination or the dubious science behind it can no longer be monetized. This decision was made after advertisers raised concerns that their products were appearing alongside these videos. YouTube said via statement,

We have strict policies that govern what videos we allow ads to appear on, and videos that promote anti-vaccination content are a violation of those policies. We enforce these policies vigorously, and if we find a video that violates them, we immediately take action and remove ads.

In addition to anti-vaccination videos, YouTube has taken action on another classification of videos: kids. Because of the way the YouTube algorithm works, once you start looking at certain videos, you create a profile that will continue to show that content. There is a large collection of videos of kids in compromising positions, usually girls in skirts who don't necessarily realize that they are flashing the camera. These videos have brought on inappropriate comments, timestamping, and sharing of "related content" by users. The process is detail by MattsWhatItIs.

Fortunately, YouTube has taken action on this problem by turning off comments on these videos, closing channels, and banning users. The problem has been known for years, but it took advertiser boycotts by companies like Epic Games before the company took action. It raises a question of what exactly is the driving force behind YouTube's motivations. The company willingly acts on videos that talk about flat-Earth, but it took advertiser interaction to respond to this.

Facebook pulls Android VPN that tracked users' internet usage

posted Saturday Feb 23, 2019 by Scott Ertz

Facebook pulls Android VPN that tracked users' internet usage

Over the past few years, more internet users have begun using VPNs (virtual private networks) to protect their browsing history from prying eyes. With companies like Facebook and Google, not to mention ISPs themselves, expanding their snooping methods, it is no surprise that users are looking for ways to protect their privacy. Unfortunately, not everything is always as it seems when it comes to the internet.

Take, for example, VPN service Onavo Protect VPN, which was available in the Google Play Store, as well as Apple's App Store. As with any VPN, users expected that the service would allow them to connect to the network with the intention of anonymizing their browsing. The reality, however, is that the service, purchased by Facebook in 2013, did just the opposite. In fact, Facebook used the VPN as a direct method of collecting browsing and user data from those who were using it. According to the archived Google Play listing, the app did disclose its behavior, but we all know how much of an app's description users actually read.

Apple discovered the behavior in 2018 and pulled the app from the App Store for violating its data collection policies. This week, Facebook officially killed the project, removing the app from Google Play as well. While the website still exists, the information is definitely incorrect. Links to both iOS and Android apps are dead, and the company is no longer offering the service.

This is not the first time Facebook has done this type of thing. In fact, Facebook Research ran an experiment, paying rewards to teens and adults that would install a similar VPN service, which gave the company root access to their phones and tracked all of their behavior. This app is not distributed through official channels, meaning that Google and Apple have had no recourse to stop the behavior. According to Facebook, this program is no longer recruiting new members but will continue with those who are already involved.

The end of these programs definitely signals a Facebook that is aware of consumers' mistrust in the brand. 2018 was not a good year for Facebook's brand image, especially when it comes to privacy and security. Between hacks and improper data usage, Facebook is quickly becoming synonymous with privacy violation, and this move is intended to prevent another scandal.

Fortnite Live Norwich disappoints everyone, threats of lawsuits follow

posted Saturday Feb 23, 2019 by Scott Ertz

Fortnite Live Norwich disappoints everyone, threats of lawsuits follow

For all of 2018, Fortnite was a force that could not be stopped. Not only gamers but really everyone heard of the game on a regular basis. Whenever something becomes such an iconic part of the culture, it is inevitable that people will try to make a dollar off of the trend. In the case of Fortnite, we saw the normal artwork, clothing, plushies, and collectibles, but this game wasn't quite the same as other trends.

In the UK, a supposed Fortnite-themed real-life event was planned: Fortnite Live Norwich. This convention of sorts promised attractions like archery practice, go-karts, rock climbing, and more. All of the attractions were supposed to be taken from current or previous game elements, allowing kids to experience the things they had played virtually in the real world. Unfortunately, the event did not go as planned.

As if trying to channel the massive failure that was Fyre Festival, Fortnite Live Norwich seemed to not plan for the possibility that people would actually attend. The number of attractions was incredibly limited, and the ones that were there were not designed for a lot of people. For example, the archery station could only accommodate 4 kids at a time. This poor planning meant that the 2,500 attendees, all of whom paid to enter, waited in very long lines and did not get the themed experience they were promised. In fact, the theming was light, to say the least. Staff, which were in very small quantity, were not even in costume.

Some attendees were able to get their money back on the day of the event, but most were either refused or were not willing to stand in another long line to get a refund. In response to the massive failure of an event that was not sponsored or endorsed by Epic Games, the maker of the game, Epic has said they will sue the organizers of the event. Obviously, this event has the potential to damage the reputation of Epic, whether or not they were involved.

Hopefully, in the end, the attendees will all get their money back, and the organizers will be punished to the point where others will not attempt anything like this without planning.

We're live now - Join us!
PLuGHiTZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats