Not
knowing who gathered the data means we can’t ensure another batch
won’t be coming.
The
Unattributable "db8151dd" Data Breach
I
was reticent to write this blog post because it leaves a lot of
questions unanswered, questions that we should
be
able to answer. It's about a data breach with almost 90GB of
personal information in it across tens of millions of records -
including mine. Here's what I know:
Back
in Feb, Dehashed
reached
out to me with a massive trove of data that had been left exposed on
a major cloud provider via a publicly accessible Elasticsearch
instance.
… It's
mostly scrapable data from public sources, albeit with some key
differences. Firstly, my phone number is not usually exposed and
that was in there in full. Yes, there are many places that
(obviously) have it, but this isn't a scrape from, say, a public
LinkedIn page. Next, my record was immediately next to someone else
I've interacted with in the past as though the data source understood
the association. I found that highly unusual as it wasn't someone
I'd expect to see a strong association with and I couldn't see any
other similar folks.
(Related)
If it is not your breach, who else had your data?
Security
Firm claims to have discovered ‘Huge security breach at European
Parliament’ that Parliament denies is theirs
Rebecca
Nicholson reports:
Yash Kadakia, founder of Security Brigade and Shadow Map, said his group had found a major data breach. The security expert, a self-proclaimed “Code Monkey”, was able to easily access data and passwords from members. After Brussels denied the claims, Mr. Kadakia doubled down and revealed more details of the alleged breach.
This
is another one of those cases where a researcher goes public with
allegations of a leak or breach while the entity allegedly breached
firmly denies any breach. In response to a statement from the
European Parliament that they investigated and
can confirm no official accounts or mailboxes of the European Parliament are involved. This information may be related to an old service account of a political group.
Kadakia
told the Daily
Express a
breach had definitely occurred and provided what he considers proof
of his claim.
Read
more on Express.co.uk.
As of the time I’m posting this, I don’t see where this story has
really picked up any traction or further assessment in EU news
outlets other than those just republishing the Express’s reporting.
Nor is there any formal write-up on Shadow Brigade or Shadow Map.
Most of the claims appear to be on Twitter in Kadakia’s
account.
One hour ago, Kadakia posted this update on his timeline:
Update: The issue has been fixed and the portals have been taken offline. I’d love to understand if appropriate GDPR disclosure and incident handling policies are being followed.
So
it sounds like somebody did something to lock down the data. But it
was it the European Parliament? As yet, we do not know.
Perspective.
Media,
Regulators, and Big Tech; Indulgences and Injunctions; Better
Approaches
From
Ben Smith in the New
York Times:
[Chairman of the Australian Competition and Consumer Commission Rod] Sims and a like-minded regulator in France, Isabelle de Silva, are challenging a universally accepted fact [??? Bob] of the internet: that Google and Facebook can carry content created by news organizations without directly paying the organizations for creating it. Last month, as the coronavirus put hundreds of publishers out of business around the world, the Australian government instructed Mr. Sims to force the platforms to negotiate payments with newspaper publishers — making it the first country to do so.
I
hesitated to write about this article for two reasons: first, I have
written on
multiple occasions about
how the free distribution enabled by the Internet is what hurt the
newspaper business, rendering geographic monopolies predicated on
owning printing presses and delivery trucks obsolete, dramatically
increasing competition for attention even as new platforms predicated
on delivering consumers individualized content turned out to be
massively superior options for advertisers looking to target
individual users. Does it need to be said again?
The
second reason, though, works against the first: the sheer number of
flat-out wrong statements in this article is so overwhelming that I
seriously despair about the long-term effects: unintended
consequences are always
a
concern when it comes to creating new regulation; they are inevitable
when regulation is rooted in facts completely unmoored from reality.
Take
this paragraph: it is just assumed that Google and Facebook ought to
be paying publishers for their content, but any sort of rational
evaluation would suggest that money should flow in the opposite
direction. Google and Facebook direct traffic to publishers, and in
Facebook’s case in particular, that traffic comes from the
publishers themselves and their readers placing links on the service.
Google does, of course, crawl the web for its search results and for
Google News (which it doesn’t monetize), but we already know what
happens if Google simply stops crawling publications: they start
losing money, and lots of it (more on this in a moment).
Mr. Sims, a pugnacious 69-year-old who has spent much of his career tangling with railroads, ports and phone companies, sees echoes of those classic monopolies in this battle: “The digital platforms need media generally, but not any particular media company, so there is an acute bargaining imbalance in favor of the platforms. This creates a significant market failure which harms journalism and so, society.”
When
you ask: If it can do that, can it do this?
THE
NEXT WAVE OF AI IS EVEN BIGGER
… According
to Ellison, the major trends in AI for this year and the near future
include those applications building on computer vision, the
development of data generation and data labelling algorithms for
training AI models, and the rapid progress of natural language
processing thanks to transformer-based models.
Let’s
take a closer look at Lenovo’s overview of some of the major
near-term trends in AI.
Tools for
online teachers.
Ten
Ways to Use Wakelet
One
of the reasons that Wakelet
has
become popular in schools in the last couple of years is that it can
be used for a wide range of activities.
1.
Make an online art gallery.
2.
Make and share
instructional videos.
3.
Question/ Picture/ Video of the Day.
4.
Organize research.
5.
At-home activity collections.
6.
Video collections.
7.
Archive a Twitter chat.
8.
Simple blog or journal.
9.
Aspirations board.
10.
End-of-year reflections and highlights.
Games for
shut-ins.
GTA
V Is Now Free on the Epic Games Store
You can now
get Grand Theft Auto V for free from the Epic Games Store.
… available
to download for free until May 21st, 2020.
To
grab a copy of GTA V for free, all you need is a Epic Games account,
which is also completely free. Once you have set one up, sign in and
head over to the
Grand Theft Auto: Premium Edition page on the Epic Games Store,
where it should be listed as Free.