Category Archives: Breaking News

Dropbox users report spam emails amidst fears of data breach

Dropbox users are reporting receiving spam messages through the unique email addresses associated with their accounts on the file hosting service. The issue is a particular cause for concern given Dropbox’s high-profile security breach last year.

The issue was first raised by user Forrest F, who asked in Dropbox’s support forum why the company had leaked or given out his email address. 

“I have an internal to my company email address that I used for Dropbox only and I am getting the same fake Paypal scam emails. This has been happening since about Monday,” explained another user.


Since then, more users have stepped forward claiming that they were also receiving spam emails in the dedicated email addresses they created for their Dropbox subscriptions.

The initial response from Dropbox is that this might be yet more fallout from the 2012 security breach and that it is investigating the matter. The company said it doesn’t believe the spam emails are the result of a new data breach, but said it “remains vigilant given the recent wave of security incidents at other tech companies.”

Why IT security pros can be scarier than the ‘bad guys’

I thought I harbored a healthy amount of paranoia before I went to this week’s RSA Conference for IT security professionals in San Francisco. But now I’m just plain scared—and not about hackers and phishers, the perennial bogeymen of the Internet underground.

No, the people who scare me even more are the security professionals who work for big business. They want my online data, your online data, everyone’s online data. And they want it more than even the bad guys who make headlines.

Big business isn’t evil incarnate, and the companies clamoring for our data aren’t the agents of destruction who would steal our identities for profit or erase our family photos just for kicks. But to the business leaders at e-commerce sites, social networks, and even banks, online privacy is something that must be managed at best, and mitigated at worse.

It’s an annoyance that must be dealt with. It’s something that gets in their way.

They want our data so they can track us, categorize us, and use what they know about us to sell us something—or sell what they know about us to someone else. Or, as Trevor Hughes, the President and CEO of the International Association for Privacy Professionals (IAPP), told me directly, “Your data is the currency of the information economy.”

And our online activity is minting more money all the time.

Our data is hard currency

It took just one shocking hour at the RSA conference to destroy every naive hope I might have had about online privacy. Hughes spoke to a large audience of IT professionals tasked with managing customer and user data, and named what he considered to be the hot-button privacy issues of the year: location data, facial recognition, and Do Not Track, among others. He also touched on more sweeping topics like federal regulations and public policy.

IAPP
“Your data is the currency of the new information economy,” said Trevor Hughes, of the IAPP.

I was intensely interested in all of these issues as an active, web-surfing individual, but I also quickly realized that the other attendees in the room looked at these issues from the other side—from the perspective of their companies, which gather customer data and use it for business opportunity.

Their job is not to worry about protecting our privacy, but to worry about navigating privacy regulations, and protecting themselves from lawsuits and fines. One thorny example Hughes cited was the mobile privacy guidelines paper released by the California Attorney General’s office earlier this year, to supplement the California Online Privacy Protection Act (COPPA). In a message accompanying the guidelines, Attorney General Kamala Harris encouraged mobile app developers to adopt a “‘surprise minimization’ approach…to alert users and give them control over data practices that are not related to an app’s basic functionality or that involve sensitive information.” Easier said than done on the small screens of mobile platforms, said Hughes: “That user interface is incredibly limited.”

Your location, your activity, your face: all fair game

Hughes also delved into issues surrounding “contextualization”—using your online data to customize “content” (read: advertisements) to your browsing habits and personal demographics. Obviously, contextualization is already a widespread (and profitable) business tool, as anyone who’s experienced targeted ads on Google already knows.

The data set used for contextualization is diving ever deeper, though. “Context will put the debate on targeted ads on steroids,” Hughes told the crowd. “Not only are we going to have the sensitivity of where you’ve been online, but where you are in the world, and what you are doing and thinking.”

Oh, but it gets better. Facial recognition, anyone? You can tell your friends not to tag you in their photos all you want, but that’s small potatoes.

“We will see the anonymity of crowds dissipate,” Hughes said, predicting that photos taken by other people, or by cameras installed in public places, will be used to find you wherever you are. Remember the Where’s Waldo? children’s books, where you had to find Waldo among huge crowds in famous places around the world? Who knew that the happy, wool-capped Waldo would be the harbinger of privacy problems to come.

Do not track me… please?

When the Obama Administration introduced its Consumer Privacy Bill of Rights in February, 2012, the bill cited “privacy-enhancing technologies such as the ‘Do Not Track’ mechanism” as safeguards against many of the tactics that Hughes’ audiences members would like to preserve. Choose not to be tracked, and web sites wouldn’t be able to collect information about you. It’s the ultimate protection, right? No, think again.

“Do Not Track is a very, very complicated and challenging issue,” Hughes said. Indeed, there’s no standard implementation for data tracking from browser to browser, and that’s an inconvenient truth for anyone who would need to implement Federal policy (which hasn’t yet been passed). But for Hughes, the real problem for privacy professionals is, “how do you switch it off or maintain it switched-off.”

Yes, you heard right: Do Not Track would be just another hoop that big business needs to jump through—or circumvent entirely.

Unfortunately, for now, businesses that want to track our data don’t even have to worry about the technical vagaries of Do Not Track. “None of this has the force of law yet,” said Hughes. “Without the ability of regulators to enforce, we may not have any enforcement at all. Do Not Track may not have any consequences.”

You can see where this is heading. And Hughes confirmed as much: “Some organizations have come out and said they will ignore Do Not Track.”

Giving away your online data—willingly

Unless you’re some sort of virtual exhibitionist who actually wants to sacrifice online privacy for fun and profit, data tracking should scare you. But it’s also important to remember that the basic operating principles of our open Internet—an Internet where very expensive content is given away for free—require a certain amount of data sacrifice.

Indeed, if you want all the complex, nuanced benefits of social sharing, you have to actually share yourself. And you’re probably already doing this, sacrificing your data quite willingly.

Ted Schlein, of venture capital firm Kleiner Perkins Caufield Byers, brought up this paradox while speaking at a cybersecurity session at RSA. “People kind of care about privacy, and then they don’t,” he said. “Facebook has a conversation about a new privacy policy, people get excited about it, and then Zuckerberg says something, and they calm down.”

Oez/Shutterstock

He’s right, of course. Periodic privacy imbroglios haven’t slowed the popularity of social networking sites, photo-sharing sites, and apps like Foursquare, even though all of these services gather information about us in order to grow revenue. Pinterest was recently valued at $2.5 billion—not because it’s making any money, but because its users are enthusiastically pinning products to their pages, making them ripe for retail sales pitches. Their data is the currency.

Big business is working over-time to collect data about us, and the more time we spend online, the more opportunities we give them to do so. So in the end, I wonder whether it’s scarier that businesses are collecting our data, or that we’re so willingly letting them do it.

OruxMaps Lets You Go as Far as Your Mapmaking Skill Takes You

OruxMaps Donate,
a mobile app from Jose Vazquez, is available for US$2.62 at Google Play.

OruxMaps

Have you ever considered becoming a cartographer? It’s not as hard as you might think.

I’ve been trying out OruxMaps, a map viewer for Android that functions two ways. One
mode is online with the usual suspects like Google maps, OpenStreetMap, and so on;
the second and more intriguing method is offline with maps you’ve created yourself.

Creating your own maps, while not hard, is a project. The basic concept is that you take
a paper map — someone else’s or your own — and scan it to a PC as an image. You then
calibrate that image with known geo-reference points that are understood by the map
viewer and its GPS.

Trip-ups stem from the fact that the Earth is round, while electronic screens and paper are flat,
so you need to come to grips with projections. There are hundreds of different types of datums.

Another issue is that there are multiple ways of entering the calibration data, all subject to interpretive error. Plus, there are obvious copyright concerns if you’re using someone else’s map.

I’ve been experimenting with desktop tools like OkMap, which help the 21st century mapmaking process.

The App

Jose Vasquez’s OruxMaps Donate is $2.62 in the Google Play Store. There’s also a free
ad-supported version that you can try.

This app is a real mapmakers app. I’ve reviewed other map apps for LinuxInsider, including classy
Backcountry Navigator, but none of those that I’ve seen thus far provide the map-geek flexibility of OruxMaps.

Online maps supplied with the app include Google and OpenStreetMap, as well as Chartbundle US
Aviation, Google Earth and niche maps like OpenPisteMap.

I counted 36 different maps, including multiple overseas maps like UK Multimap and German Hike
Bike — part of the OpenStreetMap project. All of the included maps can be cached offline.

Among OruxMaps’ features: ability to display your position in 3D view; relief maps; trip
computer; multitracking for following your friends; sharing position; barometer support;
and multiple-route displays.

Neat tricks include an on-map night mode switch to dim the map and preserve night vision, plus heart-rate Bluetooth support.

Waypoint management is extremely comprehensive, with photo-waypoint functionality
and geocache-specific settings.

Making a Map

I was able to load a map of a section of Southern California that I had created in Gian
Paolo Saliola’s OkMap for Windows, as well as one that I had made using the OruxMaps
desktop conversion tool. They look fabulous — just like commercially available online maps.

However, they both unfortunately got placed in China, within the app’s scheme of things.
Same latitude — different continent. This was due to a datum mismatch totally unrelated
to OruxMaps and due to my inexperience with Universal Transverse Mercator (UTM)
datums. I won’t bore you with the details. Suffice it to say, I need to read up on it some
more. It is a project, after all.

However, I was able to create waypoints within my maps, which was highly satisfying — despite the fact that they look as though they’re on the wrong continent.

Greetings From China

Mapmaking has been an important part of mankind’s development, and I recommend a
sojourn into mapmaking for those interested in how we got to where we are.

This is one of funnest projects I’ve gotten involved with through an app, and I’m looking
forward to getting the datum mismatch figured out. I intend to create a map and use it in
OruxMaps for a spring Southern California desert road trip.


Patrick Nelson has been a professional writer since 1992. He was editor and publisher of the music industry trade publication Producer Report and has written for a number of technology blogs. Nelson studied design at Hornsey Art School and wrote the cult-classic novel Sprawlism. His introduction to technology was as a nomadic talent scout in the eighties, where regular scrabbling around under hotel room beds was necessary to connect modems with alligator clips to hotel telephone wiring to get a fax out. He tasted down and dirty technology, and never looked back.