Facebook appears to be getting tougher on people who break its rules.
Hot on the heels of banning the Britain First group from its network, Facebook has announced it has suspended political data analytics firm Cambridge Analytica, and its parent company Strategic Communication Laboratories (SCL).
But the reason for the organisations being blocked from Facebook are very different. Britain First is accused of spreading vile hateful messages about Muslims, but Cambridge Analytica is accused of acquiring the data of more than 50 million Facebook users via an illegitimate route.
Cambridge Analytica is the shady data analytics firm that specialises in “psychographic” profiling. In short, they scoop up data online and use it to create personality profiles for voters.
That knowledge could be extremely useful, as individuals can then be targeted with content targeted to appeal to them, and perhaps influence their behaviour. Maybe even change their likelihood to vote in a particular direction.
Cambridge Analytica is widely credited for helping Donald Trump’s successful campaign on social media to be elected President of the United States.
Investigations published this weekend by the New York Times and The Guardian have said that the profiles of some 50 million Facebook users were gathered without their knowledge, with a little help from a personality quiz created by a University of Cambridge professor.
Here’s what appears to have happened:
- Psychology professor Aleksandr Kogan, created an app called “thisisyourdigitallife” which offered to make personality predictions. 270,000 people downloaded it, and in the process made it possible for the app to scoop up personal information and details of their Facebook activity.
- The app also asked for permission to request “more limited information” from a user’s friends. As a consequence details from some 50 million Facebook profiles were gathered.
- Facebook app developers aren’t supposed to share users’ personal information with third parties, but Kogan appears to have passed the details on to SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies.
- Facebook says it learned of the violation in 2015, removed the app, and demanded assurances that Kogan and third-parties had destroyed the data.
- Facebook has heard that the data was not deleted as promised, and has suspended the various parties pending further information.
- Cambridge Analytica has issued a press release saying that it deleted the data “when it became clear” that the data had not been obtained in line with Facebook’s terms of service.
Much of the fuel on the fire has been poured by Christopher Wylie, Cambridge Analytica’s former director of research who the media has styled as a whistleblower.
Here is Wylie speaking to the UK’s Channel 4 News:
Never forget. Without your data, Facebook can’t make its fortune.
You may wish to ponder that next time you take an online personality quiz. You may want to rethink how wise it is to share so much information on social networks. You may wish to take a long look at your privacy settings, and determine if they configured appropriately.
You may simply want to opt out of social networks that exploit your data in the first place.
For more discussion on this topic, listen to this episode of the “Smashing Security” podcast.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
I saw your tweet, Graham. You are not a fan of the whole bio implant thing, are you?
Not really.
It's always those that need it most that complain the most.
We'll skip over that. Yes. Smashing Security, Episode 70: Facebook and Cambridge Diabolica with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 70. My name is Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 70. My name is Graham Cluley.
I'm Carole Theriault.
And we are joined today by a returning guest. It's Scott Helmeee. Hello, Scott.
Hello, guys.
How's it going? Not too bad at all. Now we've got a packed agenda today, so sorry, Scott, no time for chitchat.
You've been here before.
Exactly.
We can skip the courtesies.
Let's find out who our sponsor is and let's get on with it! Thanks to MetaCompliance for supporting this episode of Smashing Security.
People are the key to minimizing your cybersecurity risk posture, and MetaCompliance makes this easier by providing a single platform for phishing, cybersecurity training, policy, privacy, and incident management.
Listeners can get a 10% discount off the high-quality cybersecurity e-learning catalog by quoting the code SMASHING. Just visit www.meta-compliance.com/smashing.
Www.metacompliance.com. That's www.metacompliance.com. Righty-ho. We've got a lot to cover today because I think there's a huge story right now. It's exploding.
Yes, hundreds of headlines.
People are the key to minimizing your cybersecurity risk posture, and MetaCompliance makes this easier by providing a single platform for phishing, cybersecurity training, policy, privacy, and incident management.
Listeners can get a 10% discount off the high-quality cybersecurity e-learning catalog by quoting the code SMASHING. Just visit www.meta-compliance.com/smashing.
Www.metacompliance.com. That's www.metacompliance.com. Righty-ho. We've got a lot to cover today because I think there's a huge story right now. It's exploding.
Yes, hundreds of headlines.
All right, welcome back. It's probably one of your favorite guilty pleasures on Facebook. I'm talking about those personality quizzes. They seem pretty harmless, right?
Well, now a data firm associated with the Trump campaign has been suspended by Facebook after reportedly using information from those quizzes without permission to target voters.
Well, now a data firm associated with the Trump campaign has been suspended by Facebook after reportedly using information from those quizzes without permission to target voters.
New developments tonight on Cambridge Analytica, the firm that worked for the Trump campaign and tried to influence American voters using information harvested from 50 million Facebook users.
Hi everyone, I'm Reena Ninen. Thank you for joining us. We begin with a major data breach carried out by a firm that worked with President Trump's campaign team.
The Guardian is reporting that Cambridge Analytica used personal information from the profiles of millions of US voters without permission.
The Guardian is reporting that Cambridge Analytica used personal information from the profiles of millions of US voters without permission.
Cambridge Analytica, rather shady data analytics firm which has managed to get its paws on information about some 50 million Facebook users which were collected by somebody else's personality testing app.
Now, before I go on, I need to give you a little caveat. We are recording this with Scott on Tuesday afternoon. In the sunshine, yeah. And this story is changing by the hour.
There are new things happening.
In fact, I know tonight Channel 4 here in the UK are going to be broadcasting another in its series of undercover investigations into Cambridge Analytica.
And they're going to be focusing on what the firm may have done to help the election of US President David Dennison. Get the popcorn! That's definitely a popcorn job.
Now, before I go on, I need to give you a little caveat. We are recording this with Scott on Tuesday afternoon. In the sunshine, yeah. And this story is changing by the hour.
There are new things happening.
In fact, I know tonight Channel 4 here in the UK are going to be broadcasting another in its series of undercover investigations into Cambridge Analytica.
And they're going to be focusing on what the firm may have done to help the election of US President David Dennison. Get the popcorn! That's definitely a popcorn job.
He's not admitted it's his name yet, as far as I know.
Dirk Diggler? No, he has. No, wait, has he? Yes, yes. Potentially the first thing he's ever admitted to.
I'm David Dennison.
I don't think he's done it on audio, but on legal papers now says Donald J. Trump, aka David Dennison, from his lawyer. So there you go.
Anyway, it's a fast-moving story about Cambridge Analytica, so I wanted to cover it, explain what we know so far. Excellent.
And some of the implications for all those people out there who are on Facebook. So Cambridge Analytica, who are they?
Well, they are a company which do something really kind of in a technical way, really very cool and clever.
What they do is they analyze social network data in order to create personality profiles of people online, which you then could influence in different ways, maybe to buy something, or maybe, just maybe, to vote in a particular direction.
Anyway, it's a fast-moving story about Cambridge Analytica, so I wanted to cover it, explain what we know so far. Excellent.
And some of the implications for all those people out there who are on Facebook. So Cambridge Analytica, who are they?
Well, they are a company which do something really kind of in a technical way, really very cool and clever.
What they do is they analyze social network data in order to create personality profiles of people online, which you then could influence in different ways, maybe to buy something, or maybe, just maybe, to vote in a particular direction.
Okay, I would agree it's technologically cool, but not societally cool at all. I think these things are scary. Not ethically cool. Not ethically cool either. Downright yucky.
Anyway, carry on, Chris. I think I probably agree with you.
Now, the knowledge which you can ascertain from people's social network data and what they're sharing online can be immensely useful to these kind of organizations and the people who employ them, because it means individuals can be targeted with content designed to appeal to them and perhaps influence their behavior.
Oh, like propaganda. Right. So Alexander Nix, he is the chap who runs Cambridge Analytica, and he's basically a bit of a— he's shady as anything.
Well, he's a bit like an old-style Bond villain. He's an Old Etonian.
Now, the knowledge which you can ascertain from people's social network data and what they're sharing online can be immensely useful to these kind of organizations and the people who employ them, because it means individuals can be targeted with content designed to appeal to them and perhaps influence their behavior.
Oh, like propaganda. Right. So Alexander Nix, he is the chap who runs Cambridge Analytica, and he's basically a bit of a— he's shady as anything.
Well, he's a bit like an old-style Bond villain. He's an Old Etonian.
He does look like— oh, is he?
Is he? He does look a bit of a villain, and he's described his company's, what they do as this.
He said, "Our job is to understand what are those really deep-seated underlying fears and concerns.
It's no good fighting an election campaign on the facts because actually it's all about emotion." So you're a typical really great guy. Right. Yeah.
Now, so he's in one corner of the boxing ring, right? In the other corner, up against him, is pink-haired whistleblower Christopher Wylie, who used to work at Cambridge Analytica.
And left under a cloud because he went to the press with information about what had happened because he thought it was wrong.
In fact, he describes their operations as Steve Bannon's psychological warfare mindfuck tool, TM. Which he helped build. Well, yes, which he helped build.
But the controversy here is how they got their data to make this thing.
Now, there is a Cambridge psychology professor, University of Cambridge, not connected with Cambridge Analytica, it's just a cool name, isn't it?
His name is Alexander Kogan, and he is, of course, Russian. He created an app called This Is Your Digital Life, and he encouraged people to take part in a personality test.
270,000 people ran that Facebook app. Yeah.
He said, "Our job is to understand what are those really deep-seated underlying fears and concerns.
It's no good fighting an election campaign on the facts because actually it's all about emotion." So you're a typical really great guy. Right. Yeah.
Now, so he's in one corner of the boxing ring, right? In the other corner, up against him, is pink-haired whistleblower Christopher Wylie, who used to work at Cambridge Analytica.
And left under a cloud because he went to the press with information about what had happened because he thought it was wrong.
In fact, he describes their operations as Steve Bannon's psychological warfare mindfuck tool, TM. Which he helped build. Well, yes, which he helped build.
But the controversy here is how they got their data to make this thing.
Now, there is a Cambridge psychology professor, University of Cambridge, not connected with Cambridge Analytica, it's just a cool name, isn't it?
His name is Alexander Kogan, and he is, of course, Russian. He created an app called This Is Your Digital Life, and he encouraged people to take part in a personality test.
270,000 people ran that Facebook app. Yeah.
It told you whether you were anxious or things like that. It had 5 different profiles or something.
All kinds of information it requested, and then they put up a profile of you. You can imagine this is the kind of thing people run on Facebook all of the time. Yeah, totally.
But it didn't just grab information about users and find out about their personalities, it also scooped up personal information about their Facebook friends and details of their Facebook activity.
So it was able to collect an enormous amount of information. Now, under Facebook rules, that information should have stayed with Kogan, okay, because he was the app developer.
Although they can collect data, and that may be alarming in itself that people can do that and collect so much information about you by just getting you to run an app or try and work out what your porn star name is.
You know, Peggy Pegscroft or Dirk Diggler. Is that yours? What, mine? Wow.
But it didn't just grab information about users and find out about their personalities, it also scooped up personal information about their Facebook friends and details of their Facebook activity.
So it was able to collect an enormous amount of information. Now, under Facebook rules, that information should have stayed with Kogan, okay, because he was the app developer.
Although they can collect data, and that may be alarming in itself that people can do that and collect so much information about you by just getting you to run an app or try and work out what your porn star name is.
You know, Peggy Pegscroft or Dirk Diggler. Is that yours? What, mine? Wow.
I wasn't going to ask where that came from.
What's it meant to be? It's meant to be— Oh, sexy. Your name of your first pet and— Oh, there's loads of them.
Yeah, first pet, first street you lived on.
Yes. I think mine is— Yes, I will. Actually, I shouldn't say, should I?
Mother's maiden name. Yeah.
Well, you almost got him then. Yeah, yeah.
His quiz questions. Yeah. So, what happened was, that data which Cogan collected ended up with Cambridge Analytica.
I don't know if they bought it or he gave it to them or what the deal was, but they got hold of it. And that shouldn't have happened.
That was against Facebook's terms and conditions. So the story became very big, very quickly.
In fact, on Monday night, apparently at Cambridge Analytica's offices in London, there was a digital forensics team sent by Facebook who were there.
The ICO, the Information Commissioner's Office, found out that they were there and they said, "Oi, clear off." Because obviously there are concerns that they could be cleaning out data and things because the ICO want a warrant to go in and examine those computers and find out what's going on there.
I don't know if they bought it or he gave it to them or what the deal was, but they got hold of it. And that shouldn't have happened.
That was against Facebook's terms and conditions. So the story became very big, very quickly.
In fact, on Monday night, apparently at Cambridge Analytica's offices in London, there was a digital forensics team sent by Facebook who were there.
The ICO, the Information Commissioner's Office, found out that they were there and they said, "Oi, clear off." Because obviously there are concerns that they could be cleaning out data and things because the ICO want a warrant to go in and examine those computers and find out what's going on there.
There's one thing here though I think you've kind of skipped over, which is kind of big, right?
So 270,000 people downloaded and took part in the quiz, but under this friends permission feature that existed in Facebook up until 2015, they were able to grab all the data of every single person they were connected to.
So their friends, for instance. So they were able to kind of scoop up not just that 270,000, but up to 50 million profiles of people.
So 270,000 people downloaded and took part in the quiz, but under this friends permission feature that existed in Facebook up until 2015, they were able to grab all the data of every single person they were connected to.
So their friends, for instance. So they were able to kind of scoop up not just that 270,000, but up to 50 million profiles of people.
50 million.
So people that did not take part at all's information were snarfed up by Facebook's data feature that existed until 2015.
And 50 million is a pretty big number. That's what, 1 in every 4 people in the United States, for instance. Yeah, huge.
Pretty significant for the little pokey little personality test which they were running. So this has been in the news.
The ICO last night at Cambridge Analytica's offices, and on Channel 4 last night as well, there was hidden camera footage shown of Cambridge Analytica talking about some of the shady things they could do to try and influence people, including claiming they could send sexy Ukrainian girls to act as honey traps.
Yes! Unbelievable. Unbelievable. In fact, there's a really ironic part of the video. The guy who runs Cambridge Analytica says, "We can secretly record them with video cameras." Yeah.
And then release the information on the internet. Okay, so I thought that was quite amusing.
Pretty significant for the little pokey little personality test which they were running. So this has been in the news.
The ICO last night at Cambridge Analytica's offices, and on Channel 4 last night as well, there was hidden camera footage shown of Cambridge Analytica talking about some of the shady things they could do to try and influence people, including claiming they could send sexy Ukrainian girls to act as honey traps.
Yes! Unbelievable. Unbelievable. In fact, there's a really ironic part of the video. The guy who runs Cambridge Analytica says, "We can secretly record them with video cameras." Yeah.
And then release the information on the internet. Okay, so I thought that was quite amusing.
It's just the irony of that one, huh?
And apparently Facebook and Cambridge Analytica are threatening to sue the journalists over the story, so The Guardian, The Observer, Channel 4, for breaking the news.
And apparently Facebook and Cambridge Analytica are threatening to sue the journalists over the story, so The Guardian, The Observer, Channel 4, for breaking the news.
Well, yeah, I think they are less than impressed. Cambridge Analytica are suddenly saying that the video has been edited in a way which doesn't reflect the true conversation.
They claim that all this talk about sexy Ukrainian girls and some of the other things was them actually trying to ascertain the ethics of the potential customer.
And so they were trying to draw her out. They were going along with the conversation, then they would decide, "Oh, these aren't the sort of people we would want to work with."
They claim that all this talk about sexy Ukrainian girls and some of the other things was them actually trying to ascertain the ethics of the potential customer.
And so they were trying to draw her out. They were going along with the conversation, then they would decide, "Oh, these aren't the sort of people we would want to work with."
Yeah, I mean, The Guardian's been working on this for over a year, more than that in fact, and I bet they've crossed their T's and dotted every single I, because this would have been hot.
Well, it's certainly a major investigation, and we're putting links to The Guardian and some of the Channel 4 content as well, so other people can go and check it out in full.
So one of the big questions is, was this a breach?
And there was quite a discussion about this in the last day or so on Twitter in particular, because Alex Stamos, who is the chief security officer of Facebook, posted a tweet which he subsequently deleted saying, you know, it was wrong to classify this as a breach.
And indeed on Facebook's press release about this incident as well, because they've banned Cambridge Analytica from Facebook now as a consequence of this, they said, you know, it's wrong to portray this as a breach.
And I actually think maybe Facebook is right about that. Maybe this wasn't a data breach because certainly there were no malicious hackers breaking into any servers.
There was no vulnerability exploited. There were no grabbing of passwords.
So one of the big questions is, was this a breach?
And there was quite a discussion about this in the last day or so on Twitter in particular, because Alex Stamos, who is the chief security officer of Facebook, posted a tweet which he subsequently deleted saying, you know, it was wrong to classify this as a breach.
And indeed on Facebook's press release about this incident as well, because they've banned Cambridge Analytica from Facebook now as a consequence of this, they said, you know, it's wrong to portray this as a breach.
And I actually think maybe Facebook is right about that. Maybe this wasn't a data breach because certainly there were no malicious hackers breaking into any servers.
There was no vulnerability exploited. There were no grabbing of passwords.
Facebook were aware that they were doing this and were— it was within the guidelines at the time what they were grabbing. Oh, absolutely.
And Facebook— and just today, there's a great article in The Guardian all about how Facebook actually didn't properly necessarily vet what their third parties were doing with the data they were collecting.
And Facebook— and just today, there's a great article in The Guardian all about how Facebook actually didn't properly necessarily vet what their third parties were doing with the data they were collecting.
Well, how could they, right?
Yeah, because exactly, this ex-Facebooker saying, I never once saw any audit.
Right.
If they're allowing third parties to scoop up this data and then put it on their servers and, you know, interact with it in some fashion, Facebook doesn't have any visibility on that.
The concern is that this actually is how Facebook is designed to work.
Many apps, over the years have scooped up users' information and privacy settings permitting those of their friends as well. So this isn't news.
Facebook has been doing this for years, and maybe the data shouldn't have been shared with Cambridge Analytica by the Cambridge professor. Because that does breach their terms.
If they're allowing third parties to scoop up this data and then put it on their servers and, you know, interact with it in some fashion, Facebook doesn't have any visibility on that.
The concern is that this actually is how Facebook is designed to work.
Many apps, over the years have scooped up users' information and privacy settings permitting those of their friends as well. So this isn't news.
Facebook has been doing this for years, and maybe the data shouldn't have been shared with Cambridge Analytica by the Cambridge professor. Because that does breach their terms.
And then sold to other third parties who use it to basically change the way people vote. Big deal. It's a big deal.
Well, it is, exactly. So I think this isn't necessarily a security breach, but it is maybe a data policy breach.
Ugh, you're splitting hairs. I don't know.
I think that's a really important clarification, 'cause especially from my background in the security world, when you say breach, my mind goes to somebody in a dark room hacked into the servers and stole all the data.
I think there's a breach of something. You know, this is a breach of trust, a breach of policy, a breach of ethics. But I don't think, you know, security wasn't breached.
And that's kind of typically where people's mind wanders when you say breach. They think security. You know what? That's fair.
I think there's a breach of something. You know, this is a breach of trust, a breach of policy, a breach of ethics. But I don't think, you know, security wasn't breached.
And that's kind of typically where people's mind wanders when you say breach. They think security. You know what? That's fair.
That's fair. So because Facebook were aware and the people taking the data didn't bypass security and steal it, we shouldn't call it a data breach.
I think the real failing here is from Facebook users who haven't realized this is what Facebook is all about. You are outrageous. No, what do you mean I'm outrageous?
You are outrageous blaming users. Don't blame the victim.
Yes. Look, if you read the teaser— How many times have you tried to get me on Facebook?
How many times? Just for, you know, even for Smashing Security.
Look, the fact is, this is how Facebook is supposed to work, right? And I actually believe that makes it worse than any data breach.
People joined Facebook and they thought, "Oh, this is fun. I can keep in touch with my mother-in-law. We can poke each other and pretend to be a vampire," or whatever it is.
And Facebook has turned a blind eye to these sort of abuses and the information because that doesn't work for their business model.
Their business model is to get as much data about you as possible and find ways to monetize it and make it an attractive platform for companies.
People joined Facebook and they thought, "Oh, this is fun. I can keep in touch with my mother-in-law. We can poke each other and pretend to be a vampire," or whatever it is.
And Facebook has turned a blind eye to these sort of abuses and the information because that doesn't work for their business model.
Their business model is to get as much data about you as possible and find ways to monetize it and make it an attractive platform for companies.
Yeah, and get as many people on it as possible. So they want to spread far and wide, and this might hinder their spread, so they just kept schtum about it, which is illegal, right?
Well, that's the thing. Is it illegal? What's illegal? Yeah, yeah, you're right, you're right.
I was thinking it was illegal that they didn't tell individuals, hey, by the way, your data was given away, but GDPR isn't in effect yet.
Well, that's the thing. Is it illegal? What's illegal? Yeah, yeah, you're right, you're right.
I was thinking it was illegal that they didn't tell individuals, hey, by the way, your data was given away, but GDPR isn't in effect yet.
No, gosh, can you imagine if this was next month though? Or actually the month after, sorry.
Oh, you know what?
Friend of the show, Martin Grütten, he posted a great tweet earlier today where he said, "Remember, if you don't delete your Facebook account or set your privacy settings correctly by the 25th of May, GDPR requires you to inform all of your European-based friends that you've sold their details to Steve Bannon."
Friend of the show, Martin Grütten, he posted a great tweet earlier today where he said, "Remember, if you don't delete your Facebook account or set your privacy settings correctly by the 25th of May, GDPR requires you to inform all of your European-based friends that you've sold their details to Steve Bannon."
Yeah, because he's of course involved as well, isn't he?
Well, yeah, he used to have a senior position at Cambridge Analytica, and of course he was very involved in — what's his name again? David Dennison's presidential campaign.
I wonder how our professor's doing as well right now. You know, that seems—
I think he's keeping his head down, to be honest.
Well, the press are certainly talking about him.
So what I hope comes from all of this is that people have a little bit more awareness about what Facebook is doing with everything that you like, every piece of information you share.
And if you've left your privacy settings open, you may want to go and — I'll put in a link.
There's a good article on the EFF website where it tells you how to reconfigure your privacy settings to reduce the chances and the ability for apps to scrape your information.
So if you're concerned about that, you can do that. And of course you can, although none of you probably will, delete your Facebook account. Oh, I think people are.
And if you've left your privacy settings open, you may want to go and — I'll put in a link.
There's a good article on the EFF website where it tells you how to reconfigure your privacy settings to reduce the chances and the ability for apps to scrape your information.
So if you're concerned about that, you can do that. And of course you can, although none of you probably will, delete your Facebook account. Oh, I think people are.
I think people are doing it. Delete Facebook movement is gaining steam.
I've seen it hashtagged on Twitter quite a lot.
Yeah, it's big. It's big. I think a lot of people, and it's not easy to do. It's kind of hidden, you know, how to delete.
I know you should provide a link to that as well, exactly how to delete your account.
I know you should provide a link to that as well, exactly how to delete your account.
Yeah, and it takes 90 days and they keep on saying, "Are you sure?
You really, really sure that you can do this?" And you can download any data which you have given them in the past.
But I understand it's not necessarily an easy thing to do because it may be one of your primary ways of keeping in touch with people.
You really, really sure that you can do this?" And you can download any data which you have given them in the past.
But I understand it's not necessarily an easy thing to do because it may be one of your primary ways of keeping in touch with people.
What about an alternative though? The one thing that's always baffled me, especially with my security focus, is, you know, how much per month do Facebook make off each user?
Because they've got billions and billions of users. So if I was just to do, hey, look, here's $2 a month subscription. Please don't sell all of my data. I just want to use Facebook.
You know, would that not be — I wonder if that would be viable, $2 a month times their user base.
Because they've got billions and billions of users. So if I was just to do, hey, look, here's $2 a month subscription. Please don't sell all of my data. I just want to use Facebook.
You know, would that not be — I wonder if that would be viable, $2 a month times their user base.
It's like a Spotify model, isn't it?
I mean, wouldn't it be great if you could just rent Facebook for £2 or Netflix £6 or whatever it is and get some additional, you know, like Facebook Pro or something?
I guess that's kind of admitting though that if you don't do that, it's okay if they sell your data. Yes, your data is being monetized in a fashion.
I can't imagine Facebook ever making that change. I think unless there was a really large number of people leaving the site because of this—
I mean, wouldn't it be great if you could just rent Facebook for £2 or Netflix £6 or whatever it is and get some additional, you know, like Facebook Pro or something?
I guess that's kind of admitting though that if you don't do that, it's okay if they sell your data. Yes, your data is being monetized in a fashion.
I can't imagine Facebook ever making that change. I think unless there was a really large number of people leaving the site because of this—
There is right now. Do you think so, Carole? Yes. Eat your popcorn, sit back, watch Channel 4 tonight. I honestly don't think so.
Read the papers tomorrow. I don't think so.
It's one of these news cycles where we have this big flare-up and everyone gets irate and it just fizzles out.
I think they're going to lose about 20% of the users. That's what I'm going to say.
I think they're growing so fast— 20%. Come on, guys. They can replace that.
How many people closed their Yahoo account?
I have no idea.
Their what account? Do you remember Yahoo? Their what? What? All right then. And Scott, what have you got for us this week?
So the headline that caught my eyes was the one about Uber with the accident in the vehicle that was in autonomous drive mode. You know, this is quite a sad story.
Of course, you know, there's been an accident with a vehicle and that resulted in a fatality.
And Uber has subsequently suspended all of their testing across America, actually, of all of their autonomous fleet.
You know, it's a real shame because this technology is in its proving ground right now. It's obviously being tested.
I think here in the UK we're actually apparently pretty good for autonomous driving as well. It's very favorable with the legislation here.
And I think the reaction and the wider response to this has been really polarizing, and I think it's difficult to decide which side I come down on because, you know, many people are saying that this vehicle was in autonomous mode and it's caused a fatality.
Of course, you know, there's been an accident with a vehicle and that resulted in a fatality.
And Uber has subsequently suspended all of their testing across America, actually, of all of their autonomous fleet.
You know, it's a real shame because this technology is in its proving ground right now. It's obviously being tested.
I think here in the UK we're actually apparently pretty good for autonomous driving as well. It's very favorable with the legislation here.
And I think the reaction and the wider response to this has been really polarizing, and I think it's difficult to decide which side I come down on because, you know, many people are saying that this vehicle was in autonomous mode and it's caused a fatality.
So what happened? Do you know the story? Like, how did it exactly happen?
So from the reports, this lady was, you know, just apparently walked out into the road.
One of the news stories said that it wasn't a crossing, it was just, you know, she was just crossing the street somewhere, you know, in the middle of the street or wherever, assuming the driver would stop or slow down for her, I guess.
Well, I mean, I guess we don't know. Maybe she just didn't see the car coming and stepped out. But I guess one way or another, this vehicle has been involved in a collision.
And unfortunately, of course, later that day, the lady passed away.
One of the news stories said that it wasn't a crossing, it was just, you know, she was just crossing the street somewhere, you know, in the middle of the street or wherever, assuming the driver would stop or slow down for her, I guess.
Well, I mean, I guess we don't know. Maybe she just didn't see the car coming and stepped out. But I guess one way or another, this vehicle has been involved in a collision.
And unfortunately, of course, later that day, the lady passed away.
Oh. So this is the first kind of death by autonomous car.
Yeah. Was there a driver in it, but just wasn't in control of it? Yeah, so there was— Sitting there reading the paper or something.
I can't remember the official term, but there was a human safety advisor or something behind the wheel.
So there was a person in the vehicle, but it was in full autonomous mode at the time, meaning the vehicle was in full control. You know what I mean?
The human drivers do have the ability to take control. You place your foot on the brake pedal, the car will brake.
You don't have to go into some system and disable autopilot or whatever.
So there was a person in the vehicle, but it was in full autonomous mode at the time, meaning the vehicle was in full control. You know what I mean?
The human drivers do have the ability to take control. You place your foot on the brake pedal, the car will brake.
You don't have to go into some system and disable autopilot or whatever.
But you're never going to be as alert as you would be if you were normally driving, I think. As alert as you could be, rather.
Because you will be distracted or doing something else or picking your nose or, you know. Yeah, this is where—
Because you will be distracted or doing something else or picking your nose or, you know. Yeah, this is where—
You would. I don't know. Just to clarify, you would. Yeah, Graham would.
But it's, I don't know, it's kind of like the Tesla Autopilot because this, the Uber one here is full autonomous, which means that the person behind the wheel is not really supposed to be paying attention.
The vehicle does it all itself.
The Tesla Autopilot system, because we did have a news headline about that last year when a gentleman crashed into the side of a tractor or something and the Tesla vehicle was in Autopilot at the time.
Now, autopilot is, it's kind of like cruise control. It's a driver aid.
You're supposed to still pay full attention, but it just takes away the boring bits, you know, going up and down 10 miles an hour on the motorway when it's slightly—
But it's, I don't know, it's kind of like the Tesla Autopilot because this, the Uber one here is full autonomous, which means that the person behind the wheel is not really supposed to be paying attention.
The vehicle does it all itself.
The Tesla Autopilot system, because we did have a news headline about that last year when a gentleman crashed into the side of a tractor or something and the Tesla vehicle was in Autopilot at the time.
Now, autopilot is, it's kind of like cruise control. It's a driver aid.
You're supposed to still pay full attention, but it just takes away the boring bits, you know, going up and down 10 miles an hour on the motorway when it's slightly—
What else do you do if you have to still pay attention? It's just you can't even turn the wheel even at a centimetre each way.
I do kind of— it's weird because I was very apprehensive at first, and I've actually test-driven a couple of Teslas, and I do— Yeah, they're such great cars.
And I have actually got one on order. Oh, wow.
And I really— because I drive a lot in traffic, you know, you're in stop-start traffic where you kind of drive for 100 metres and stop, drive 100 metres.
And it's so monotonous having to do everything. You can kind of sit there and pay attention and just let the car nudge you along gracefully.
And I have actually got one on order. Oh, wow.
And I really— because I drive a lot in traffic, you know, you're in stop-start traffic where you kind of drive for 100 metres and stop, drive 100 metres.
And it's so monotonous having to do everything. You can kind of sit there and pay attention and just let the car nudge you along gracefully.
But don't you think your eyes are going to go down to your phone a few times to see when you get a text? Are you going to avoid that?
Well, no, I mean, because you could theoretically still do that now, I guess, in stop-start traffic.
I just, you know, my phone goes onto the Bluetooth on the car so I can take calls. And anything that requires a screen is just, you know, tough luck.
If the world ends on Twitter, then I'll just have to read it when I get out the car.
I just, you know, my phone goes onto the Bluetooth on the car so I can take calls. And anything that requires a screen is just, you know, tough luck.
If the world ends on Twitter, then I'll just have to read it when I get out the car.
The bots will tell you eventually.
Scott, this is quite a step up because you're famous, of course, for hacking your Nissan Leaf. And now you're going to go up to the Tesla.
And his arm. Oh, yes.
Put something in his arm. Oh, yeah, we don't.
Oh, for goodness' sake. I saw your tweets, Graham. You are not a fan of the whole bio implant thing, are you?
Not really. It's always those that need it most that complain the most.
We'll skip over that. Yes, I was involved with the Nissan Leaf research with Troy Hunt. And yes, I am moving onwards and upwards into Tesla ownership when they eventually deliver.
So are you at all worried that when you get your Tesla, rather like the Uber, it may, you know, act inappropriately?
Because wasn't there a Tesla recently which went dramatically off-road, as it were?
Because wasn't there a Tesla recently which went dramatically off-road, as it were?
In fact, heading towards Mars or something? Yes. Unfortunately, that one's not coming back, is it? I think it's in high Earth orbit right now.
But, you know, they're imperfect systems because they're built by people. You know, no software or hardware system built by a human is ever going to be flawless.
And I think if autonomous vehicles or even Autopilot can vastly reduce the number of fatalities on our roads, then— I mean, it was always going to happen.
But, you know, they're imperfect systems because they're built by people. You know, no software or hardware system built by a human is ever going to be flawless.
And I think if autonomous vehicles or even Autopilot can vastly reduce the number of fatalities on our roads, then— I mean, it was always going to happen.
There was always going to be— Of course, yeah.
Nothing can be perfect. But, you know, just— It still sucks, though. Yeah.
I think you're right. My expectation is that, of course, there will be accidents with driverless cars and autonomous vehicles. I mean, that's just going to happen.
There's accidents with driving cars.
Well, and there were accidents with horse-drawn carriages.
And there are probably people who said, my goodness, you're going to get rid of the horse, you know, this is all, you know, even though it's — there have been accidents with it in the past.
So I think there's almost this desire now to have 100% safety, and that's just going to be unachievable, isn't it?
And there are probably people who said, my goodness, you're going to get rid of the horse, you know, this is all, you know, even though it's — there have been accidents with it in the past.
So I think there's almost this desire now to have 100% safety, and that's just going to be unachievable, isn't it?
Yeah, we can't let the perfect be the enemy of the good. You know, if we can reduce fatalities by 90%, then why on earth would we not?
You know, yes, the autonomous or the driverless car might be responsible for those 10%, but that could be, you know, hundreds of families that don't lose a child or a husband or — I can totally see that with this particular incident, the pain and the problems with that, but at the same time, if I cross the road or my little boy crosses the road, if there's something that we can do to reduce the chances of him being involved in an incident, then I absolutely want to see us take that step.
You know, yes, the autonomous or the driverless car might be responsible for those 10%, but that could be, you know, hundreds of families that don't lose a child or a husband or — I can totally see that with this particular incident, the pain and the problems with that, but at the same time, if I cross the road or my little boy crosses the road, if there's something that we can do to reduce the chances of him being involved in an incident, then I absolutely want to see us take that step.
Did you say we can't let the perfect be the enemy of the good? Is that a quote from Star Trek or something? Or was that you? Was that your deep action?
No, no, I totally — where did that come from? I will have totally heard that somewhere, stored it in the back of my mind and just brought it up now.
It's probably from the Daily Mail. I don't read my toilet paper.
It's probably from the Daily Mail. I don't read my toilet paper.
So, Carole, what have you got for us this week?
Well, I want to talk to you about ransomware or ransomware-like scam that's been going on.
You know, obviously ransomware is where scammers take sensitive and valuable assets from you and hold them until you pay up.
Well, in this instance, we're seeing numerous reports of people being held up for ransom for sending nudie shots of themselves.
So this morning, this is Tuesday, 20th of March, Australian media warned West Australians to be wary of being targeted on social media as part of what they're dubbing sextortion scams.
So this is how it works. I really don't like the name.
You know, obviously ransomware is where scammers take sensitive and valuable assets from you and hold them until you pay up.
Well, in this instance, we're seeing numerous reports of people being held up for ransom for sending nudie shots of themselves.
So this morning, this is Tuesday, 20th of March, Australian media warned West Australians to be wary of being targeted on social media as part of what they're dubbing sextortion scams.
So this is how it works. I really don't like the name.
The media love that name, don't they?
So here's how it works. So the scammers friend their victim and convince them to record and then send sexually explicit videos and photographs.
The scammers have created a real-looking online profile, and then they lure the victim by reportedly sending images first to the victim.
So basically saying, hey, look at me nude, you send me some nude pictures back.
The scammers have created a real-looking online profile, and then they lure the victim by reportedly sending images first to the victim.
So basically saying, hey, look at me nude, you send me some nude pictures back.
Hasn't this been going on for a long time though?
Obviously there's a new alert going out in Australia about this right now.
Not just in Australia, not just in Australia.
I know a lot of things are online.
It's always struck me as strange, this, the idea that if someone sends you nude images of them, that you would want — the last thing I would want to do is send them genuine nude pictures of me back.
I might go on the internet and find something —
I might go on the internet and find something —
Graham, you're not 24, you're not a 24-year-old teenager, are you?
No one's a 24-year-old teenager.
You wouldn't need to worry that someone, you know, someone would get the pictures and just go, oh, okay, move on. All those 24-year-old teenagers out in the world. Oh, sorry.
I didn't even hear I did that.
I didn't even hear I did that.
But the point, you know, but it just seems a very strange thing to do to me. I don't know why anyone would want to send a nudie pic online.
My guess is that it all starts banally enough, but then, you know, becomes an online romance or something. Then it's, oh, take a look at me and all the rest of it.
And they might even want you to go on Skype or something. So video, that would be more difficult to fake. If that's happening, just wait.
My guess is that it all starts banally enough, but then, you know, becomes an online romance or something. Then it's, oh, take a look at me and all the rest of it.
And they might even want you to go on Skype or something. So video, that would be more difficult to fake. If that's happening, just wait.
Just wait, right? So the scammers of course then threatened to post the images and footage on the internet, sharing with family and friends and partners, employers, and teachers.
And then they say, look, I don't want this to happen, pay between $500 and $5,000 via Western Union. So this is the Australian scam going on.
But also this week, across the world in Somerset, UK, a 16-year-old student named Jacob made headlines for performing explicit acts on video for what he thought was a girl he'd met online.
But his performances were actually being recorded by a scammer. And the scammer, still pretending to be the girl after they got the recording, asked for Jacob's phone number.
And Jacob answered the phone when the phone rang, expecting to hear the dulcet tones of his new lady friend, but instead got this aggressive, threatening guy who self-proclaimed himself as a pro hacker.
And he said, I have a list of all your Facebook friends, I'll ruin your life. And Jacob was saying his heart was bleeding out of his chest.
He was shocked and he went in panic mode and he was just picturing all his family and friends at school seeing the video and looking at him differently.
He wanted it to stop, so he asked what he wanted. And it was 800 quid.
And he says he doesn't care about the money and he paid it up because he can make the money again, but he can't, you know, rebuilding his reputation after that would be too hard.
And then they say, look, I don't want this to happen, pay between $500 and $5,000 via Western Union. So this is the Australian scam going on.
But also this week, across the world in Somerset, UK, a 16-year-old student named Jacob made headlines for performing explicit acts on video for what he thought was a girl he'd met online.
But his performances were actually being recorded by a scammer. And the scammer, still pretending to be the girl after they got the recording, asked for Jacob's phone number.
And Jacob answered the phone when the phone rang, expecting to hear the dulcet tones of his new lady friend, but instead got this aggressive, threatening guy who self-proclaimed himself as a pro hacker.
And he said, I have a list of all your Facebook friends, I'll ruin your life. And Jacob was saying his heart was bleeding out of his chest.
He was shocked and he went in panic mode and he was just picturing all his family and friends at school seeing the video and looking at him differently.
He wanted it to stop, so he asked what he wanted. And it was 800 quid.
And he says he doesn't care about the money and he paid it up because he can make the money again, but he can't, you know, rebuilding his reputation after that would be too hard.
He must be thinking, no, why did Cambridge Analytica target me in this fashion?
Yeah, and this is also happening in the States.
So this is not a new scam, but there seems to be a new surge of authorities in pockets around the world, giving warnings to their communities about this.
So this is not a new scam, but there seems to be a new surge of authorities in pockets around the world, giving warnings to their communities about this.
And I mean, I just joked about this, but I've heard stories in the past of people who have actually sadly committed suicide as a result of this because they've been too petrified to tell their parents.
They've been too alarmed about the images or whatever the video footage is being released. And it is ghastly that this goes on.
They've been too alarmed about the images or whatever the video footage is being released. And it is ghastly that this goes on.
In 2016, the UK National Crime Agency's Anti-Kidnap and Extortion Unit dealt with 1,250 reports of cyber-enabled blackmail offenses.
There were 4 deaths by suicide in 2015, all in the UK and all linked to sextortion. I think it's very worrying because they're obviously targeting teens, right?
There were 4 deaths by suicide in 2015, all in the UK and all linked to sextortion. I think it's very worrying because they're obviously targeting teens, right?
And those are the ones we know about, right? In many cases, people will not report this kind of thing because they're simply too ashamed and embarrassed.
Well, exactly. So, okay, so some advice. First, don't accept friend requests from people you don't actually know, right?
Change your settings to ensure only contacts can see your details on social accounts. And, you know, there's always going to be risks doing sexy pics or shows online, you know.
So I'd say think twice before you whip it out here. No, get off Facebook. Literally. Yeah, I know. It's good. Think before you snap. How about that? Okay. And get off Facebook.
Yet another reason to kill your account. You see, Graham, this is why everyone's going to get off because of the story.
Now, if this happens to you, if you're in this situation, it's really important if the videos are uploaded on things like YouTube and Facebook, it's important to report them immediately for it to be taken down and flag them as inappropriate.
That tends to work quite well. And don't assume that someone is going to actually honor the ransom deal that they're making with you.
In other words, just because you're paying up doesn't mean that you're going to get all the pictures and the problem goes away.
Change your settings to ensure only contacts can see your details on social accounts. And, you know, there's always going to be risks doing sexy pics or shows online, you know.
So I'd say think twice before you whip it out here. No, get off Facebook. Literally. Yeah, I know. It's good. Think before you snap. How about that? Okay. And get off Facebook.
Yet another reason to kill your account. You see, Graham, this is why everyone's going to get off because of the story.
Now, if this happens to you, if you're in this situation, it's really important if the videos are uploaded on things like YouTube and Facebook, it's important to report them immediately for it to be taken down and flag them as inappropriate.
That tends to work quite well. And don't assume that someone is going to actually honor the ransom deal that they're making with you.
In other words, just because you're paying up doesn't mean that you're going to get all the pictures and the problem goes away.
Can't destroy the originals of a digital picture, can you?
Exactly. And the biggest thing is, especially if you're a teen, telling a trusted adult what's happened.
And yeah, of course, of course it's embarrassing and it's awful, but you are the victim. You know, doing nude dances online is kind of stupid, but not criminal.
And yeah, of course, of course it's embarrassing and it's awful, but you are the victim. You know, doing nude dances online is kind of stupid, but not criminal.
And it's a shame though, isn't it? Because I kind of see your point.
And I think from one of the reasons they're targeting the younger people is perhaps they're slightly lesser foresight of, you know, how this could go wrong into the future, which I think as we grow older, we start to cast our minds much further forward on our actions.
And I think from one of the reasons they're targeting the younger people is perhaps they're slightly lesser foresight of, you know, how this could go wrong into the future, which I think as we grow older, we start to cast our minds much further forward on our actions.
I felt pretty invincible as a teen, and I don't think I would have ever thought this would have happened to me. I just don't think it occurred to me. I think that's partly it.
And I think also, it feels more like the end of the world when you're a youngster.
I mean, it's a bit like being in your first relationship or whatever, you know, and it goes sour and you really think that you're never going to find anyone who will love you ever again.
Whereas if you get to your 30s and 40s, you've been through a few of those rodeos and you think, "Okay, this isn't pleasant, but I'll be able to pick myself up." So I think it's actually more intense when you're a teen.
I mean, it's a bit like being in your first relationship or whatever, you know, and it goes sour and you really think that you're never going to find anyone who will love you ever again.
Whereas if you get to your 30s and 40s, you've been through a few of those rodeos and you think, "Okay, this isn't pleasant, but I'll be able to pick myself up." So I think it's actually more intense when you're a teen.
Yeah, you don't have the capacity for, you know, to deal with that kind of trauma or emotion or—
Okay, so do we have any advice for parents as well though? Probably there are lots of people listening who've got young kids in their family.
Yeah, I think it's wise to read up on scams like this targeting young folk, you know, and understand how they're being duped.
And the thing is, is you've got to hold your judgment back. It's a really scary time for a kid. I imagine many parents' reactions would be explosive in this situation.
Like, how could you have been so dumb? You know? And I think you really want to hold that back.
And the thing is, is you've got to hold your judgment back. It's a really scary time for a kid. I imagine many parents' reactions would be explosive in this situation.
Like, how could you have been so dumb? You know? And I think you really want to hold that back.
Well, we just have to remember the dumb things which we did, but we did them without the problem of everybody having a smartphone in the vicinity.
How about you share one of the dumb things you did, Graham?
One of the many. I kidnapped the school's Christmas tree once and held it hostage. Okay. We'll go to the Pick of the Week? Yeah, maybe we should.
And thanks once again to MetaCompliance for supporting this episode of Smashing Security. People are the key to minimizing your cybersecurity risk posture.
You can save 10% as a Smashing Security listener off the high-quality cybersecurity e-learning catalog by going to metacompliance.com and quoting the code SMASHING.
That's metacompliance.com, and don't forget the code SMASHING.
And welcome back to that part of the show which we like to call— it's our favorite time of the show, it's Pick of the Week. Pick of the Week.
And thanks once again to MetaCompliance for supporting this episode of Smashing Security. People are the key to minimizing your cybersecurity risk posture.
You can save 10% as a Smashing Security listener off the high-quality cybersecurity e-learning catalog by going to metacompliance.com and quoting the code SMASHING.
That's metacompliance.com, and don't forget the code SMASHING.
And welcome back to that part of the show which we like to call— it's our favorite time of the show, it's Pick of the Week. Pick of the Week.
Pick of the Week.
During Pick of the Week, everyone on the show chooses something they like.
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, podcast, whatever they like. Doesn't have to be security related necessarily.
Sorry, Carole, what was that? Shouldn't be. Oh, and my one this week isn't security related so much, but it is privacy related. What's wrong with that?
Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, podcast, whatever they like. Doesn't have to be security related necessarily.
Sorry, Carole, what was that? Shouldn't be. Oh, and my one this week isn't security related so much, but it is privacy related. What's wrong with that?
When I, you know— Yeah, go ahead. Go ahead. I'll take a snooze while you—
It is. Now, many people, many privacy wonks tend to recommend a search engine called DuckDuckGo instead of Google, right?
But I've tried DuckDuckGo and I've never really gotten with it very well, although it's got a very cute logo, which is normally my decision as to what website I use.
I just don't find its search engine results to be as good as Google. And so I keep on thinking, oh, I'm going to use Google instead.
So for the last few years, I haven't been using Google.
I have, because I don't really like the idea of them tracking what I'm doing and keeping records and targeting me with ads and all that sort of nonsense.
So I use a site called Startpage, startpage.com, and I've set up my browsers to use that as the search engine instead.
And what's really sneaky about Startpage is it actually acts as a proxy for Google.
What it does, it displays Google search results within its own little frame, as it were, on its own website.
And you get all the benefits of the Google search engine, but without the privacy concerns, no tracking, no targeted ads.
And so it's just as good a search engine, but you don't get all of the horribleness. Now, I don't quite know what Google thinks about this.
But I've tried DuckDuckGo and I've never really gotten with it very well, although it's got a very cute logo, which is normally my decision as to what website I use.
I just don't find its search engine results to be as good as Google. And so I keep on thinking, oh, I'm going to use Google instead.
So for the last few years, I haven't been using Google.
I have, because I don't really like the idea of them tracking what I'm doing and keeping records and targeting me with ads and all that sort of nonsense.
So I use a site called Startpage, startpage.com, and I've set up my browsers to use that as the search engine instead.
And what's really sneaky about Startpage is it actually acts as a proxy for Google.
What it does, it displays Google search results within its own little frame, as it were, on its own website.
And you get all the benefits of the Google search engine, but without the privacy concerns, no tracking, no targeted ads.
And so it's just as good a search engine, but you don't get all of the horribleness. Now, I don't quite know what Google thinks about this.
I was just going to say, how do they get away with this?
I don't know, but they do. And they have been for some years.
They're probably just selling their information over to Google afterwards.
Maybe, maybe I shouldn't publicize it, but they seem like a good bunch. That is my brief, short, helpful, topical pick of the week, and it's startpage.com.
I would agree. I've used it as well, and I think it's very good. I think it's a great service. So good pick of the week.
So Scott, what's your pick of the week?
So my pick of the week is a new feature that I've been playing with over the last couple of weeks, actually.
A big security and CDN cloud company called Cloudflare, they kind of sit in front of your website, shield you from all the bad guys and all of the bad things, and they've just deployed or released a new feature called Cloudflare Workers.
Normally they just sit in between your visitors and you, and they only let the good visitors through and they stop the bad ones.
But now with workers, you can actually write some code that they will also run as they analyze your traffic in and out. You can start to do some really cool stuff with it.
I don't get impressed by stuff because I fidget around with new technology all of the time. But I've been sat at my keyboard this last week and been like, "Can we do this?
Can we do that?" I've been like, "Whoa." Oh, that's awesome. Yeah, we could do this, we can do that, and it's been really exciting. It gives you more control.
A big security and CDN cloud company called Cloudflare, they kind of sit in front of your website, shield you from all the bad guys and all of the bad things, and they've just deployed or released a new feature called Cloudflare Workers.
Normally they just sit in between your visitors and you, and they only let the good visitors through and they stop the bad ones.
But now with workers, you can actually write some code that they will also run as they analyze your traffic in and out. You can start to do some really cool stuff with it.
I don't get impressed by stuff because I fidget around with new technology all of the time. But I've been sat at my keyboard this last week and been like, "Can we do this?
Can we do that?" I've been like, "Whoa." Oh, that's awesome. Yeah, we could do this, we can do that, and it's been really exciting. It gives you more control.
You can do a lot more with it. You've got more—
Yeah. Normally they just fetch the page from your website and then pass it on over to the visitor.
Whereas now you can say, okay, take that page and do XYZ with it, or add this thing, or move this thing, or in our case, we're using it for adding some security features to the page.
It's like, okay, pass the page down to this user, but also add all with these security features. It's been really awesome.
I've just, I don't often kind of get excited in, you know, using something and then look at the clock and be like, whoa, it's 2 AM.
Whereas now you can say, okay, take that page and do XYZ with it, or add this thing, or move this thing, or in our case, we're using it for adding some security features to the page.
It's like, okay, pass the page down to this user, but also add all with these security features. It's been really awesome.
I've just, I don't often kind of get excited in, you know, using something and then look at the clock and be like, whoa, it's 2 AM.
So you've customized a lot already with it?
Yeah. So I've got two of our websites are using it right now.
The one of the companies that I run and we've literally just scratched the surface and done our first blog post of some of the awesome things we've done with it already.
And there's gonna be a lot more coming over the next week or two.
The one of the companies that I run and we've literally just scratched the surface and done our first blog post of some of the awesome things we've done with it already.
And there's gonna be a lot more coming over the next week or two.
Cool. Yeah, I read your blog post. It looks very neat. Yes, it definitely is. Looks like a cool thing to do, and I'm sure many people would love to take advantage of it. Groovy.
Okay, well, we will put a link in our show notes to that. And Carole Theriault, what's your pick of the week?
Okay, well, we will put a link in our show notes to that. And Carole Theriault, what's your pick of the week?
Well, mine is very much not privacy or security related. As you know, Mr. Graham Cluley, I've been studying music theory and guitar for the last few years.
You can play the guitar? I'm so jealous.
Yeah, not great yet. I wish, I wish. I'm getting better every day.
Carole, will you do our outro?
Not today. No, I'm going to work on it. I will work on it though. I need to get an electric guitar. I'm holding myself off until I can actually play beautifully.
Anyway, because I've been learning, I've been doing a lot of online study, and I have a few YouTube channels I wanted to shout out in case anyone wants to learn some music theory or some guitar.
So 3 sites. Number 1, PNG Piano. But this is great at reviewing chords, intervals, scales, and more. And it's a 2.5-hour intro on piano. And it's a great way to learn music theory.
It's the best instrument because of its layout. And then the next one is Move Forward Guitar. Now this is pretty comprehensive.
And if you can stand the guy's voice, you're in for a treat. But I know, and I feel bad, but it did grate on me.
Anyway, because I've been learning, I've been doing a lot of online study, and I have a few YouTube channels I wanted to shout out in case anyone wants to learn some music theory or some guitar.
So 3 sites. Number 1, PNG Piano. But this is great at reviewing chords, intervals, scales, and more. And it's a 2.5-hour intro on piano. And it's a great way to learn music theory.
It's the best instrument because of its layout. And then the next one is Move Forward Guitar. Now this is pretty comprehensive.
And if you can stand the guy's voice, you're in for a treat. But I know, and I feel bad, but it did grate on me.
It's a very great review. I've got to check this one out. Hi, I'm Chad with Move Forward Guitar. This lesson is from our core Beginner Course 1.
This course will take you from an absolute beginner to a budding guitarist with a solid foundation.
By the end of this course, you'll have all the tools you need to start learning songs. Yeah, you've got to be pretty dedicated to learning the guitar to put up with that.
I watched every single one.
This course will take you from an absolute beginner to a budding guitarist with a solid foundation.
By the end of this course, you'll have all the tools you need to start learning songs. Yeah, you've got to be pretty dedicated to learning the guitar to put up with that.
I watched every single one.
Did you really? Yep.
Well, it sounds like fantastic content.
It's great. It's great. It's a great free way to just dip your toe into the world of music. So I did it in little chunks, but there's a lot of really good information in here.
And the third one is called FretJam. This is my favorite resource. Not as introductory, but really well-presented, explained, useful resource.
Really good about modes, chord changes, and everything. Really nice site. So there you go. FretJam, Move Forward Guitar, and PNG Piano. All the links are in the show notes.
And the third one is called FretJam. This is my favorite resource. Not as introductory, but really well-presented, explained, useful resource.
Really good about modes, chord changes, and everything. Really nice site. So there you go. FretJam, Move Forward Guitar, and PNG Piano. All the links are in the show notes.
Marvelous. Well, Carole, we look forward to you playing the theme tune for us in some future episode. I cannot wait. I'll be there on the kazoo. Scott, do you play anything?
I don't, and that's why I'm always incredibly jealous of people that can play instruments.
Just go buy a tiny keyboard and go get started. Just do it.
I would. It's time. I have so many little projects and things, and I— Cloudflare, WordPress, code, I break websites, I break cars.
Carole bought me some bagpipes once. They were great fun.
What, really? Yes.
Like full-on massive, big, like not worth anything?
Yeah, they were wonderful until they mysteriously got punctured by my wife in the loft. I'm not quite sure why that happened exactly.
Anyway, that just about wraps it up for this week. You can follow us on Twitter @smashinsecurity without G. Twitter wouldn't let us have a G.
On Facebook, we're in the Smashing Security Podcast Facebook group if you are still on Facebook after listening to this episode.
Or you can go and get stickers and t-shirts and mugs and things like that at smashingsecurity.com/store.
Before we go, we need to say, Scott, where's the best place for people to follow you or find out about you online?
Anyway, that just about wraps it up for this week. You can follow us on Twitter @smashinsecurity without G. Twitter wouldn't let us have a G.
On Facebook, we're in the Smashing Security Podcast Facebook group if you are still on Facebook after listening to this episode.
Or you can go and get stickers and t-shirts and mugs and things like that at smashingsecurity.com/store.
Before we go, we need to say, Scott, where's the best place for people to follow you or find out about you online?
Probably my Twitter account, @Scott_Helme.
Terrific. Thank you, everybody. Thank you, Scott, for joining us. Thank you for tuning in. If you like the show, rate us on Apple Podcasts. It really does help new listeners.
Yes, thanks to everyone who did last week. Really amazing, the outflow of love.
I know, wasn't it? Wasn't it great? We mentioned a couple of bad reviews and we got some really nice ones in return to rebalance things.
So go to our site to check out past episodes and for details how to get in touch with us. Until next time, cheerio, bye-bye, bye-bye, bye guys!
So go to our site to check out past episodes and for details how to get in touch with us. Until next time, cheerio, bye-bye, bye-bye, bye guys!
Smelly cat, smelly cat, what are they feeding you?
Smelly cat, smelly cat, it's not your fault.
And out.
For much more information and background on the controversy surrounding Facebook and Cambridge Analytica, read the following articles:
- Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach
- ‘I created Steve Bannon’s psychological warfare tool’: meet the data war whistleblower
- How Trump Consultants Exploited the Facebook Data of Millions
Further reading: Cambridge Analytica controversy: Was there a Facebook data breach?
Update: Facebook now admits that as many as 87 million people have had their details improperly shared with Cambridge Analytica.
(sigh) the Muslim movement IS dangerous. READ their books. READ their history. They don't want to be our friends. They consider us all to be inferior and they have no intention of being equal. They are the discriminatory ones.
(sigh) the Christianity movement IS dangerous. READ their books. READ their history. They don’t want to be our friends. They consider us all to be inferior and they have no intention of being equal. They are the discriminatory ones. – Works that way too.
I see big lawsuit coming >>>>>>>>>> I'M IN.
Disgraceful all around.