Connect with us

Biz & IT

Facebook is the new crapware

Published

on

Welcome to 2019, where we learn Facebook is the new crapware.

Sorry #DeleteFacebook, you never stood a chance.

Yesterday Bloomberg reported that the scandal-beset social media behemoth has inked an unknown number of agreements with Android smartphone makers, mobile carriers and OSes around the world to not only pre-load Facebook’s eponymous app on hardware but render the software undeleteable; a permanent feature of your device, whether you like how the company’s app can track your every move and digital action or not.

Bloomberg spoke to a U.S. owner of a Samsung Galaxy S8 who, after reading forum discussions about Samsung devices, found his own pre-loaded Facebook app could not be removed. It could only be “disabled,” with no explanation available to him as to what exactly that meant.

The Galaxy S8 retailed for $725+ when it went on sale in the U.S. two years ago.

A Facebook spokesperson told Bloomberg that a disabled permanent app doesn’t continue collecting data or sending information back to the company, but declined to specify exactly how many such pre-install deals Facebook has globally.

Samsung told the news organization it provides a pre-installed Facebook app on “selected models” with options to disable it, adding that once disabled, the app is no longer running.

After Bloomberg’s report was published, mobile research and regular Facebook technical tipster Jane Manchun Wong chipped in via Twitter to comment — describing the pre-loaded Facebook app on Samsung devices as “stub.”

Aka “basically a non-functional empty shell, acts as the placeholder for when the phone receives the ‘real’ Facebook app as app updates.”

Albeit many smartphone users have automatic updates enabled, and an omnipresent disabled app is always there to be re-enabled at a later date (and thus revived from a zombie state into a fully fledged Facebook app one future day).

While you can argue that having a popular app pre-installed can be helpful to consumers (though not at all helpful to Facebook competitors), a permanent pre-install is undoubtedly an anti-consumer move.

Crapware is named crapware for a reason. Having paid to own hardware, why should people be forever saddled with unwanted software, stub or otherwise?

And while Facebook is not the only such permanent app around (Apple got a lot of historical blowback for its own undeleteable apps, for instance, finally adding the ability to delete some built-in apps with iOS 12), it’s an especially egregious example given the company’s long and storied privacy-hostile history.

Consumers who do not want their digital activity and location surveilled by the people-profiling giant will likely crave the peace of mind of not having any form of Facebook app, stub or otherwise, taking up space on their device.

But an unknown number of Android users are now finding out they don’t have that option.

Not cool, Facebook, not cool.

Another interesting question the matter raises is how permanent Facebook pre-installs are counted in Facebook’s user metrics, and indeed for ad targeting purposes.

In recent years, the company has had to revise its ad metrics several times. So it’s valid to wonder whether a disabled Facebook app pre-install is being properly accounted for by the company (i.e. as minus one pair of eyeballs for its ad targeting empire) or not.

We asked Facebook about this point, but at the time of writing it declined to comment beyond its existing statements to Bloomberg.

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

A white supremacist website got hacked, airing all its dirty laundry

Published

on

Enlarge / Patriot Front members spray painting in Springfield, IL.

Unicornriot.ninja

Chat messages, images, and videos leaked from the server of a white supremicist group called the Patriot Front purport to show its leader and rank-and-file members conspiring in hate crimes, despite their claims that they were a legitimate political organization.

Patriot Front, or PF, formed in the aftermath of the 2017 Unite the Right rally, a demonstration in Charlottesville, Virginia, that resulted in one death and 35 injuries when a rally attendee rammed his car into a crowd of counter-protesters. PF founder Thomas Rousseau, started the group after an image posted online showed the now-convicted killer, James Alex Fields, Jr., posing with members of Vanguard America shortly before the attack. Vanguard America soon dissolved, and Rousseau rebranded it as PF with the goal of hiding any involvement in violent acts.

Since then, PF has strived to present itself as a group of patriots who are aligned with the ideals and values of the founders who defeated the tyranny of British colonists in the 18th century and paved the way for the United States to be born. In announcing the the formation of PF in 2017, Rousseau wrote:

The new name was carefully chosen, as it serves several purposes. It can help inspire sympathy among those more inclined to fence-sitting, and can be easily justified to our ideology [sic] and worldview. The original American patriots were nothing short of revolutionaries. The word patriot itself comes from the same root as paternal and patriarch. It means loyalty to something intrinsically based in blood.

Turbo cans and rubber roofing cement

But a published report and leaked data the report is based on present a starkly different picture. The chat messages, images, and videos purport to show Rousseau and other PF members discussing the defacing of numerous murals and monuments promoting Black Lives Matter, LGBTQ groups, and other social justice causes.

This chat, for instance, appears to show a PF member discussing the targeting of a civil rights mural in Detroit. When a member asks what the best way is to fully cover up a mural with paint, Rousseau is shown replying “It’s in the stencil guide. Turbo cans.” The stencil guide refers to these instructions provided to PF members showing how to effectively use spray paint and not get caught. The PF member also sent Rousseau pictures taken while scouting the mural.

When a different member discussed whether rubber roofing cement was suitable to covering a George Floyd memorial that had been treated with anti-graffiti clear coating, Rousseau allegedly responded: “Keep me posted as to your research and practice with this substance. Orders will be given out at the event.”

The data dump also appears to document the defacing of a monument in Olympia, Washington.

What it looked like before.
Enlarge / What it looked like before.

Unicorn.ninja

What it looked like after.
Enlarge / What it looked like after.

Unicorn.ninja

The leaked data purports to show a range of other illegal activities the group discussed. They include Rousseau informing members planning a rally in Washington DC that one participant will call 911 from a burner phone and make a false report to authorities.

“He will cite that there is a protest, he sees shields BUT NO WEAPONS, and everyone involved appears to be behaving peacefully, waving and handing out flyers, nonetheless he is a concerned citizen and suggests the police take a look into it to ensure everyone’s civil rights are safe,” Rousseau appeared to write. “He will add that it looks like we just arrived from the metro. This will soften the police up before our big visual contact on the bridge, and provide a little confusion and misinfo that’s within the realm of honest dialogue.”

Attempts to reach Rousseau or other PF members didn’t succeed.

Friday’s published report said that the leak comprised about 400 gigabytes of data and came from a self-hosted instance of RocketChat, an open source chat server that’s similar to Slack and Discord. It’s only the latest example of a hate group being hacked and its private discussions being dumped online. In 2019, the breach of the Iron March website revealed, among other things, that many of its members were members of the US Marines, Navy, Army, and military reserves.

Continue Reading

Biz & IT

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Published

on

Getty Images

Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system.

The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress.com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected.

Unknowingly providing access to the attacker

In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean.

“Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites,” Ben Martin, a researcher with Web security firm Sucuri, wrote in a separate analysis of the backdoor.

He said the tainted software contained a script named initial.php that was added to the main theme directory and then included in the main functions.php file. Initial.php, the analysis shows, acted as a dropper that used base64 encoding to camouflage code that downloaded a payload from wp-theme-connect[.]com and used it to install the backdoor as wp-includes/vars.php. Once it was installed, the dropper self-destructed in an attempt to keep the attack stealthy.

The Jetpack post said evidence indicates that the supply chain attack on AccessPress Themes was performed in September. Martin, however, said evidence suggests the backdoor itself is much older than that. Some of the infected websites had spam payloads dating back nearly three years. He said his best guess is that the people behind the backdoor were selling access to infected sites to people pushing web spam and malware.

He wrote, “With such a large opportunity at their fingertips, you’d think that the attackers would have prepared some exciting new payload or malware, but alas, it seems that the malware that we’ve found associated with this backdoor is more of the same: spam, and redirects to malware and scam sites.”

The Jetpack post provides full names and versions of the infected AccessPress software. Anyone running a WordPress site with this company’s offerings should carefully inspect their systems to ensure they’re not running a backdoored instance. Site owners may also want to consider installing a website firewall, many of which would have prevented the backdoor from working.

The attack is the latest example of a supply chain attack, which compromises the source of a legitimate piece of software rather than trying to infect individual users. The technique allows miscreants to infect large numbers of users, and it has the benefit of stealth, since the compromised malware originates from a trusted provider.

Attempts to contact AccessPress Themes for comment were unsuccessful.

Continue Reading

Biz & IT

Red Cross implores hackers not to leak data for 515k “highly vulnerable people”

Published

on

Getty Images

The Red Cross on Wednesday pleaded with the threat actors behind a cyberattack that stole the personal data of about 515,000 people who used a program that works to reunite family members separated by conflict, disaster or migration.

“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director-general of the International Committee for the Red Cross, said in a release. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

Wednesday’s release said the personal data was obtained through the hack of a Switzerland-based subcontractor that stores data for the Red Cross. The data was compiled by at least 60 different Red Cross and Red Crescent National Societies worldwide. The ICRC said it has no “immediate indications as to who carried out this cyber-attack” and is so far unaware of any of the compromised information being leaked or shared publicly.

Those affected had used Restore Family Links, a service the Red Cross operates in cooperation with the Red Crescent to reunite families. On Wednesday, the site was down. The Internet Archive last updated it on December 27, raising the possibility of the breach occurring a few weeks ago.

The release provided few details about the attack. It’s not clear if it was done by profit-motivated ransomware criminals, nation-state hackers, or others. Over the past few years, a rash of ransomware breaches has hit healthcare providers, forcing them in many cases to reroute ambulances and cancel elective surgeries. In 2020, the ICRC helped lead a coalition that called on nations around the world to crack down on cyberattacks involving hospitals and healthcare providers.

Last September, the ICRC confirmed it was on the receiving end of a hack the previous April that compromised login credentials and other data that could be used to target agencies within the intergovernmental organization. The earliest known date the hackers obtained access to the UN’s systems, Bloomberg News reported, was April 5, and the hackers remained active through at least August. The breach came to light when private researchers noticed login credentials for sale on the dark web.

Continue Reading

Trending