Online Data Trove of Passwords Grows to Over 2 Billion
Articles

Spotlight

News You Need to Know Now

 

Good Monday morning. It’s February 4th. Google parent company Alphabet announces earnings when the markets close this afternoon.

Today’s Spotlight takes about 4 minutes to read.

Breaking Sunday night: Family Tree DNA is vehemently denying media reports that it has given the FBI access to its database of more than one million genetic profiles. Family Tree says that the FBI has the same permissions that any consumer has and that law enforcement has used the free-to-all service fewer than ten times.

 

Highlights

 

  • Amazon and Facebook posted record financials last week. Analysts liked Facebook’s story and rewarded the company’s stock. Amazon warned that it would invest more in 2019, and its stock took a hit despite record holiday earnings. Remember that the execs involved most often are compensated based on stock performance, not earnings.

 

  • The FCC was in court before a three judge panel Friday to present oral arguments regarding its rollback of net neutrality consumer protections. Among the FCC’s arguments was the contention that broadband is not a telecommunications service. The FCC also faced questions about Verizon throttling service used by the Santa Clara Fire Department as they fought deadly wildfires last year.

 

  • Hackers uploaded password and email combinations in more files last week, bringing the total to 2.2 billion password records that researchers say have now been downloaded more than 1,000 times. Please stop right now if you’re using your old passwords “now that time has passed”.

Wild Online Data Days Continue

 

Apple users, pay attention to the Group FaceTime bug called Face Palm. The company confirmed that users could add a third person to a FaceTime call, creating a Group, and eavesdrop on the person who was being added even if that person didn’t answer. Apple disabled group video chatting last week and is due to push out an update to users this week.

Apple was also on the dishing out side of things after it learned that Google and Facebook had both violated their App Store agreements and promoted programs that captured lots of data. Facebook’s case was egregious because Apple had already made Facebook remove a similar program. Instead, Facebook launched an online data program targeting people between the ages of 13 (with parental consent) and 35. They paid each person $20 per month to load a program on their phone that allowed Facebook to see virtually everything that was done on the phone. Plenty of survey companies do exactly this, but Facebook bypassed Apple’s App Store, and Apple responded by revoking Facebook’s developer access permission for nearly three days.

When Apple discovered that Google was doing something similar, they also revoked Google’s access even though this was their first offense.

The control that Apple places on its App store far outweighs anything that Google does for Android apps. And Apple is ruthless about protecting this advantage. We learned during Apple’s financial reports that its revenue sharing from Netflix alone is $130 million per year. For accounts smaller than Netflix, Apple’s revenue sharing costs publishers 15-20 percent of total revenue. And you thought that only their phones were expensive.

Children and teens are also spending millions on Facebook apps and games that parents are often unaware of, according to reporting by the Center for Investigative Reporting. The organization reported that Facebook’s chargeback rate for contested credit card charges made by children is more than 9 percent–18 times the regular rate.

Even municipalities are getting involved. New York City will begin receiving data from Uber and Lyft as part of its agreements allowing them to operate. Among the data being received is date, time, locations, and the route driven. The city says that its goal is traffic planning and new programs, but skeptics have already pointed out that the database when combined with cameras and taxicab data provide the city with a database of non-private vehicle travel.

Some Help Is Coming

Google’s Chrome browser will warn users when it is visiting a spoofed website. It’s still in an early beta, but I’ve tested it, and it’s got promise.

What’s App–one of Facebook’s most popular programs–will start limiting the number of times that a message can be forwarded in an effort to cut down on disinformation.

New York’s Attorney General reached a settlement last week that it says is “…the first finding by a law enforcement agency that selling fake social media engagement and using stolen identities to include in online activity is illegal.” Gizmodo has an excellent summary of what it means and how it came to be.

EU regulators also continue pursuing tech data issues. Polish and UK authorities last week began taking action to limit an online advertiser’s ability to identify and target a consumer who has been the victim of sexual abuse, substance abuse, or medical conditions. This has fallen into the “we know how to do it technically, but it’s not permitted and it’s evil” bucket. Regulators would like to put that into the “make it impossible to do” bucket.

Reporter Kashmir Hill–one of our favorites and one whose work we’ve referred to you before–is publishing a fantastic series called “Life Without the Tech Giants”.  She is a data privacy expert who is enlisting great tech resources to help her block companies like Google and Amazon from her life. And as she writes, it’s not always working. Start with her intro to the series here.

 

Spotlighted

Worth your time this week:

  • Google is finally removing Google+ data from the publicly-accessible Internet. Your stuff–if there was any there-will be deleted April 2.
  • Snopes is ending its fact-checking partnership with Facebook.
  • Steve Buscemi’s face on Jennifer Lawrence’s body? It’s not a Snickers commercial. It’s a well done 75 second Deep Fake video that reporter Mikael Thalen posted to Twitter.

 

 

More Personal Data Found Online – Spotlight #280
Articles

Good Monday morning. It’s January 28th. Happy Tech Earnings Week. Apple and telecoms report Tuesday, Microsoft and Facebook are reporting Wednesday, and Amazon is up Thursday. Count on lots of news all week.

Today’s Spotlight takes about 4 minutes to read.

Highlights

  • Fifteen U.S. Senators have written the FTC and FCC to urge an investigation of the “sale of Americans’ location data by wireless carriers, location aggregators, and other third parties.” (PDF of the letter)

 

  • Facebook announced plans to combine Instagram, Messenger, and WhatsApp. It’s a gamble. All 3 are on every list of the most popular mobile apps.

 

  • U.S. regulators are considering whether and how to fine Facebook for its role in the Cambridge Analytical data scandal. This is on the heels of the EU fining Google $57 million for violations of its GDPR data privacy law.

 

Your Data Is Out There

 Have I Been Pawnd (HIBP) founder Troy Hunt wrote a “post for the masses” instead of the techies and detailed “Collection 1”–a data file that combines 1.1 billion combinations of email addresses and passwords. The article is easy to understand with links to more info for the data curious. Troy’s HIBP service is free and should be part of your data routines, along with a password manager and a physical key like the ones sold by Yubico.

We learned about other data out there this week. More than 24 million financial records, including mortgage and tax information from the country’s biggest banks, were found online by security analyst Bob Diachenko, according to TechCrunch. Luckily Bob is a responsible researcher and discloses only after notifying affected organizations. The third parties managing the personal data didn’t even have current relationships with the banks in some cases, but still had to maintain the records.

No matter what search, social media, and other data privacy targets do, the data breaches that have caused the most trouble have been at the federal government or companies like Equifax and Marriott. In short, data security is a bigger issue than Google or Facebook although they certainly play a role.

If all of this was Greek to you and you’re unsure about what to do next, you should email George since he’s Greek and can help.

What’s With All The Fines?

Seven months after the EU passed its GDPR, a set of stringent personal data regulations, French regulators have fined Google $56.8 million. The main infringements were related to “transparency, information, and consent”, specifically Google requiring users to accept new privacy policies.

The ‘right to be forgotten’ is another troubling EU concept for Google and search engines. A Dutch surgeon who was disciplined for medical negligence has won her suit against Google in an Amsterdam court to have that information removed from the search engine according to The Guardian.

This is an important concept that we’ve helped U.S. entities navigate. European courts have established that search engines must adhere to a European citizen’s ‘right to be forgotten’, which allows inadequate, excessive, or irrelevant content to be ignored. The guidelines are often considered vague. This is not U.S. law, which generally provides for truth as a defense against removing data from a search engine.

Facebook is also dealing with the possibility of regulatory fines in the U.S. for its role in privacy violations. The FTC is the lead agency considering “a record-setting fine” for Facebook according to the Washington Post. A prior consent decree Facebook entered into with the FTC and the lingering effects of the government shutdown are complicating the final resolution.

Google and Facebook may also create future liabilities in Europe under the continent’s Copyright Directive, which permits companies to demand money when fragments of their articles appear on third party sites. Google is considering blocking access to Google News throughout Europe as a result, reports Bloomberg.

This negative activity has led to some predictable actions. The five biggest tech companies, including Microsoft, Apple, and Amazon, joined Facebook and Google in accounting for nearly $60 million in federal lobbying during 2017 according to a study in The Hill.  Facebook is also receiving increasingly negative attention from the media, according to a Recode analysis of consumer sentiment about Facebook articles in The New York

 

Spotlighted

Worth your time this week:

  • More than 11,000 Microsoft employees are caught up in a Reply-All fiasco that is equal parts amusing and sad. (Business Insider)
  • Gmail’s mobile interface is adding strikethroughs, undo and redo, more. (TechCrunch)
  • Netflix now has 139 million subscribers worldwide. And in line with our entertainment article last issue, raised prices. Who knew they read Spotlight? (CNN)

 

Like this summary? You can get a free copy emailed  at the beginning of each work week.

Articles

How Unusual Pricing Can Slow Sales

One of the strangest promotions I’ve seen in a long time is buying a drink at McDonald’s for one dollar.  The kicker is that you choose the size without the price changing. Would you like a small or a large for one dollar?

One conversation went like this:

I’ll have a small Coke.

The person’s friend whispered, They’re all one dollar. Get a large.

No, a small is fine. I’m not that thirsty.

Soda calories and waste  notwithstanding, the person could have saved part of her drink for later. She also could have shared some of her drink with her companion. Or she could have simply asked for the large size in case she turned out to be more thirsty than she anticipated.

The bigger point is this: a moment of wary hesitation is caused when pricing doesn’t seem intuitive to a purchaser as they scan the offer for a hidden catch. The McDonald’s offer is strange and its results are a marketing psychology paper waiting to be written.

I saw the same phenomenon at online grocer Peapod. As grocery shoppers, we’re conditioned to understand that a larger bulk size often results in a lower unit price. That’s been a retailing axiom for decades and created the rise of the warehouse superstores.

But on this particular day, the larger size was once again less expensive than the smaller size. As you can see below, the unit cost for a larger box of Raisin Bran was lower as one would expect. This difference was so great, however, that anyone buying a smaller box was paying a premium at the unit cost level and at the total price level.

Almost no one understands that without first thinking about the issue.

Buying an extra 4.8 ounces of cereal (25% more) reduced the total cost by $1.29 (34%).  And that just doesn’t make sense to people. We understand that the unit cost is and should be lower, but the 45% decrease made buying more cost less.

There was undoubtedly a good reason for this price just as there are reasons why someone might prefer a box of cereal that is 25% smaller. You’ve already thought of several reasons for both when you read that sentence.

And that’s the problem.

Display of two prices

 

 Pricing should never make someone think, “Why is this deal different than the pricing I’ve come to expect?”  More of something does not normally have a total cost lower than less of something. Yet that’s exactly what happened. At least the drinks were the same price for a larger size. The cereal actually cost less.

Your takeaway as a business leader is that pricing outside the norm of expectations  without an explanation leads to hesitation when a prospective buyer searches for a hidden gotcha. That kind of pricing slows and possibly risks the entire sale because anything unexpected slows down a sale.

I understand when the local bakery posts a sign late in the day that says “Oops, we baked too much” or why Broadway-savvy theatergoers buy tickets the day of their show. Those are norms we’ve learned as American consumers.

Ask someone unfamiliar with your pricing strategy to see if they can look at your prices and articulate your pricing strategy. If they can’t, you’ve got a potential sales objection that may leave prospects wary of doing business with your organization.