Monthly Archives: October 2013

Reports that NSA taps into Google and Yahoo data hubs infuriate tech giants

Files obtained from Edward Snowden suggest NSA can collect information sent by fibre optic cable between Google and Yahoo data hubs ‘at will’

Google office

Google and Yahoo, two of the world’s biggest tech companies, reacted angrily to a report on Wednesday that the National Security Agency has secretly intercepted the main communication links that carry their users’ data around the world.

Citing documents obtained from former NSA contractor Edward Snowden and interviews with officials, the Washington Post claimed the agency could collect information “at will” from among hundreds of millions of user accounts.

The documents suggest that the NSA, in partnership with its British counterpart GCHQ, is copying large amounts of data as it flows across fiber-optic cables that carry information between the worldwide data centers of the Silicon Valley giants. The intelligence activities of the NSA outside the US are subject to fewer legal constraints than its domestic actions.

The story is likely to put further strain on the already difficult relations between the tech firms and Washington. The internet giants are furious about the damage done to their reputation in the wake of Snowden’s revelations.

In a statement, Google’s chief legal officer, David Drummond, said the company was “outraged” by the latest revelations.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” he said.

“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

Yahoo said: “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

According to a top-secret document cited by the Post dated 9 January 2013, millions of records a day are sent from Yahoo and Google internal networks to NSA data warehouses at the agency’s headquarters in Fort Meade, Maryland. The types of information sent ranged from “metadata”, indicating who sent or received emails, the subject line and where and when, to content such as text, audio and video.

The Post’s documents state that in the preceding 30 days, field collectors had processed and sent on 181,280,466 new records.

Internet firms go to great lengths to protect their data. But the NSA documents published by the Post appear to boast about their ability to circumvent those protections. In one presentation slide on “Google Cloud Exploitation,” published by the Post, an artist has added a smiley face, in apparent celebration of the NSA’s victory over Google security systems.

The Post said that the interception took place on the cables that connect the internet giants’ data centers. The New York Times reported on Wednesday evening that one of the companies that provides such cables for Google was Level 3. It said in a statement provided to the Times: “We comply with the laws in each country where we operate. In general, governments that seek assistance in law enforcement or security investigations prohibit disclosure of the assistance provided.”

In its report, the Post suggested the intercept project was codenamed Muscular, but the Guardian understands from other documents provided by Snowden that the term instead refers to the system that enables the initial processing of information gathered from NSA or GCHQ cable taps.

The data outputted from Muscular is then forwarded to NSA or GCHQ databases, or systems such as the XKeyscore search tool, previously reported by the Guardian.

The Post said that by collecting the data overseas, the NSA was able to circumvent the legal restrictions that prevent it from accessing the communications of people who live in the United States, and that it fell instead under an executive order, signed by the president, that authorised foreign intelligence operations.

In response, the NSA specifically denied that it used the presidential order to circumvent the restrictions on domestic spying, though the agency said nothing about the rest of the story.

The NSA statement said, in full: “NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true.

“The assertion that we collect vast quantities of US persons’ data from this type of collection is also not true. NSA applies attorney general-approved processes to protect the privacy of US persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention and dissemination.

“NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”

A GCHQ spokesman said: “We are aware of the story but we don’t have any comment.”

The NSA statement was much more narrowly drawn than the initial response by the agency’s director, General Keith Alexander. At a Washington conference on Wednesday as the Post story broke, Alexander issued an immediate denial, but was not specifically asked to address allegations that the NSA intercepted data transiting between the companies’ data centers.

The latest disclosures may shed new light on a reference in a GCHQ document, first reported in September by the Guardian, the New York Times and ProPublica. As part of its efforts with the NSA to defeat internet encryption, GCHQ, the 2012 document said, was working on developing ways into the major webmail providers, including Google and Yahoo. It added that “work has predominantly been focused this quarter on Google due to new access opportunities being developed”.

Other documents provided to the Guardian by Snowden suggest that GCHQ’s work on Muscular, and a related tool called Incensor, is regarded as particularly valuable by the NSA, providing intelligence unavailable from other sources.

“Muscular/Incensor has significantly enhanced the amount of benefit that the NSA derives from our special source access,” one 2010 GCHQ document notes. It adds that this highlights “the unique contribution we are now making to NSA, providing insights into some of their highest priority targets”.

Relations between the tech companies and the government are already strained over the Snowden revelations. Speaking at a tech conference in September, Facebook co-founder Mark Zuckerberg said the government had done a “bad job” of balancing people’s privacy. “Frankly, I think the government blew it,” he said.

Google will have its first turn before a legislative panel to confront surveillance questions next month. Senators Al Franken and Dean Heller, who are backing a bill to compel the government to provide more transparency about bulk surveillance, announced Wednesday that the Internet giant will send a representative to a Senate hearing they will hold on 13 November.

Tagged , , , , ,

Facebook? Mnah… too mainstream.

Facebook admits young teens are losing interest in the site!

facebook earnings

Facebook shares soared 15% Wednesday on blowout quarterly results — but the stock lost steam after the company admitted young teens are losing interest in the site.

“We did see a decrease in [teenage] daily users [during the quarter], especially younger teens,” Facebook chief financial officer David Ebersman said Wednesday, during the company’s third-quarter earnings conference call with analysts. He said Facebook usage among overall U.S. teens was “stable,” however.

Previously, Facebook had defended itself against multiple recent studies and articles proposing that teens don’t find Facebook cool anymore. Last quarter, CEO Mark Zuckerberg said it “just isn’t true” that the company has a problem with the teen market.

Ebersman’s admission — coupled with other bits from Wednesday’s call, including the fact that Facebook isn’t planning to ramp up the number of ads in users’ feeds — sent Facebook shares slightly lower in after-hours trading.

That was a big disappointment given that Facebook (FBFortune 500) shares had been up as much as 15% earlier in the evening, after blowing away Wall Street’s sales and profit expectations for the third quarter.

Facebook’s sales jumped 60% over the year to more than $2 billion. Excluding one-time charges, Facebook earned $621 million — double the company’s profit during the same quarter last year.

Strong mobile results: Perhaps even more pleasing to investors was that Facebook’s mobile business in particular came in very strong. Mobile ads now account for 49% of all Facebook ad revenue, up from 41% last quarter and easily beating analysts’ expectations.

That’s impressively rapid growth, considering that Facebook began serving mobile ads just last summer.

Related story: Facebook kills search privacy setting

Before Facebook launched those ads, the company’s lack of mobile monetization had been a particular sticking point for investors. Shortly after the company filed for an initial public offering last May, Facebook disclosed that it wasn’t making “any meaningful revenue”from its growing pool of mobile users. That kept the stock in the doldrums until the company finally launched mobile ads in August 2012.

Now, Facebook stock is up 123% over the past year.

Ad revenue brought Facebook $1.8 billion in sales for the quarter — and the average price per ad rose 42% from last year.

The remaining $218 million of Facebook’s total sales came from fees that the company collects, including the cut off the top it takes from in-app payments.

Facebook now has 1.2 billion monthly active users overall, and 874 million mobile monthly active users.

On the negative side, Facebook’s expenses of $1.3 billion rose 45% over the year. The company attributed the jump to hiring more people and to increased infrastructure costs.

Facebook also said it had $9.3 billion in cash on hand at the end of the quarter.

Meanwhile Facebook has also been working to monetize Instagram, the photo-sharing app it purchased last year. Earlier this month, Instagram announced that it will begin placing ads in some U.S. users’ feeds over the next few months. 

Tagged , , , ,

With Nexus 5, Google finally gets flagship phone treatment

analysis: Google was close to getting its latest flagship smartphone on all of the carriers, with only Verizon Wireless opting out of selling the device.

The Nexus franchise is finally getting a little respect.

Google on Thursday pulled the wraps off its latest marquee smartphone, the Nexus 5, which comes loaded with high-end specifications and Android 4.4, or KitKat. But perhaps just as important is the confirmation that the phone will be broadly available in carrier stores across the nation.

That’s right, the Nexus 5 will be sold through AT&T, Sprint, and T-Mobile, with only Verizon Wireless opting out of carrying the device.

Broader distribution is critical at a time when all of the big flagship smartphones, from theiPhone 5S to the Galaxy S4, are sold on every carrier in the nation. The industry has shifted away from exclusives with nearly every player pushing a universal device with multiple partners.

The Nexus 5 multi-carrier push is a far cry from the launch of the Nexus One, Google’s first attempt to get into the phone business. It was sold through its own store, which eventually shut down amid complaints of poor customer service. Subsequent Nexus phones had one or two carrier partners, but little carrier support.

That was one of the knocks on the older Nexus phones — devices that were highly coveted by hardcore Android fans, but tough to get because of the select carrier support.

And it’s not like the support was consistent. The unlocked Nexus One would only work on AT&T or T-Mobile; the Nexus S was a Sprint exclusive; the Galaxy Nexus was available on Verizon Wireless — with its Google Wallet capability stripped out — and Sprint; and the Nexus 4 was only available through T-Mobile or unlocked.

A Nexus fan would have to jump through some hoops if that person wanted to keep upgrading from one Nexus device to another.

The Nexus 5 at least attempts to solve some of that confusion by offering a nearly universal single device able to run on all bands supported by the big three carriers. It will sell for the attractive unsubsidized price of $349, which comes with 16 gigabytes, and $399 for the 32GB version. It is available today unlocked in 10 countries through Google Play.

More importantly, the Nexus 5 will also sell in carrier stores. Despite Google’s attempts to shift the smartphone retail paradigm toward its online model, most people still buy their smartphones in retail stores, and largely run by carriers.

Google maintained it had a strong relationship with Verizon, and hinted at projects that it was working on for next year.

The Nexus 5 may not benefit from the same kind of marketing support that a Samsung will throw at the Galaxy Note 3 or Apple at the iPhone 5S, but it represents a step in the right direction.

It’s unclear whether AT&T or Sprint will subsidize the Nexus 5 at an even lower price (T-Mobile has eliminated subsidies), but the lower price could further entice buyers not normally familiar with the Nexus brand or not obsessed with the latest version of Android.

Perennially a favorite of Android fans, the Nexus franchise could reach the kind of mainstream awareness that the Galaxy S and iPhone family enjoys.

Now, if it can just get Verizon on board.

Tagged , ,

More rumors indicate that Samsung’s Galaxy S5 will have 4GB of RAM, 64-bit Exynos 6 processor

Samsung’s next flagship Android smartphone – the Galaxy S5 – is certainly in advanced stages of development. With the Galaxy S4 not selling as well as expected (although it’s still successful, since more than 40 million units have been shipped until now), the new S5 might be announced as soon as January 2014.

Not long ago, we told you that the Galaxy S5 may come with 4GB of RAM and a 64-bit eight-core processor. Now, Korean website DT reports the same thing. The Galaxy S5 should become Samsung’s first smartphone to offer 4GB of RAM, and possibly also the world’s first to do so, regardless of manufacturer. The company’s Galaxy Note 3, introduced in September, is already one step ahead of the competition, coming with 3GB of RAM.

As for the processor inside the S5, this will likely be a 64-bit Exynos 6 unit. It’s not clear if Samsung will also have a Qualcomm-based version of the Galaxy S5.

At the moment, Apple’s iPhone 5S (launched around the world last month) is the only smartphone that has a 64-bit processor (A7).

Samsung Galaxy S5 4GB of RAM 64 bit Exynos

Processor and memory aside, the Samsung Galaxy S5 should bring a handful of other enhanced specs, including a rear camera with 16MP CMOS sensor. The handset’s display is a mystery for now, but I assume Samsung will stick to the Full HD pixel resolution from the S4 and Note 3. We’ll see.

Tagged , , , ,

Android KitKat could focus on cheaper phones and wearables

Android 4.4 KitKat isn’t just an advertising coup. According to former Wall Street Journalreporter Amir Efrati, it will also be Google’s latest attempt to make cheaper Android devices attainable, and prep the mobile OS for wearable computing.

According to Efrati, who says he’s had covert access to the Android 4.4 feature list, the key improvement will be better memory management to allow “entry-level devices” to run with just 512MB of RAM. Presently, less than half of Android devices are running the latest version of the operating system, which can be an issue for app developers who can’t rely on their audience having recent features that are added in each subsequent revision. In July, Mozilla CTO Brendan Eich told us that Android 4.x was too bloated for cheap phones: perhaps if Google fixes that, it can help address the so-called fragmentation issue.

Other alleged new features in Android 4.4 could help make future Google smartwatchesmore useful and power-efficient than before. With support for three new sensors, including a step detector, step counter, and geomagnetic rotation vector, Android 4.4 devices could become more useful as fitness trackers or (as Efrati suggests) help pinpoint users more accurately than mere GPS and Wi-Fi. Bluetooth HID over GATTand Bluetooth MAP, two other additions, seem geared towards wearables as well.

Last but not least, Efrati reports that KitKat will include native support for your phone to become an infrared remote control, and to emulate payment cards that use near-field communication.

We’re expecting Google to announce the Nexus 5 and Android 4.4 KitKat any day now, so it shouldn’t be long before we confirm the truth.

Update: Efrati is answering questions on Twitter and on Google+ about Android 4.4’s feature list, and a few tidbits stand out. Android 4.4 will reportedly have a fullscreen mode that hides the status bar, allowing developers to use the entire screen’s real estate for their apps. There’s more evidence for wearable computing, too. Efrati says Android 4.4 will collect sensor data and other data in batches before transmitting it over a network, allowing devices to consume less power than if they were constantly sending data between, say, a smartwatch and a phone. Another addition is enhanced notification listener services, which could theoretically help a watch-like device display information on your wrist that’s generated by your phone.

Tagged , , ,

Facebook Tests Software to Track Your Cursor on Screen

Facebook Inc. is testing technology that would greatly expand the scope of data that it collects about its users, the head of the company’s analytics group said Tuesday.

The social network may start collecting data on minute user interactions with its content, such as how long a user’s cursor hovers over a certain part of its website, or whether a user’s newsfeed is visible at a given moment on the screen of his or her mobile phone, Facebook analytics chief Ken Rudin said Tuesday during an interview.

Mr. Rudin said the captured information could be added to a data analytics warehouse that is available for use throughout the company for an endless range of purposes–from product development to more precise targeting of advertising.

Facebook collects two kinds of data, demographic and behavioral. The demographic data—such as where a user lives or went to school—documents a user’s life beyond the network. The behavioral data—such as one’s circle of Facebook friends, or “likes”—is captured in real time on the network itself. The ongoing tests would greatly expand the behavioral data that is collected, according to Mr. Rudin. The tests are ongoing and part of a broader technology testing program, but Facebook should know within months whether it makes sense to incorporate the new data collection into the business, he said

New types of data Facebook may collect include “did your cursor hover over that ad … and was the newsfeed in a viewable area,” Mr. Rudin said. “It is a never-ending phase. I can’t promise that it will roll out. We probably will know in a couple of months,” said Mr. Rudin, a Silicon Valley veteran who arrived at Facebook in April 2012 fromZynga Inc., where he was vice president of analytics and platform technologies.

As the head of analytics, Mr. Rudin is preparing the company’s infrastructure for a massive increase in the volume of its data.

Facebook isn’t the first company to contemplate recording such activity. ShutterstockInc., a marketplace for digital images, records literally everything that its users do on the site. Shutterstock uses the open-source Hadoop distributed file system to analyze data such as where visitors to the site place their cursors and how long they hover over an image before they make a purchase. “Today, we are looking at every move a user makes, in order to optimize the Shutterstock experience….All these new technologies can process that,” Shutterstock founder and CEO Jon Oringer told the Wall Street Journal in March.

Facebook also is a major user of Hadoop, an open-source framework that is used to store large amounts of data on clusters of inexpensive machines. Facebook designs its own hardware to store its massive data analytics warehouse, which has grown 4,000 times during the last four years to a current level of 300 petabytes. The company uses a modified version of Hadoop to manage its data, according to Mr. Rudin. There are additional software layers on top of Hadoop, which rank the value of data and make sure it is accessible.

The data in the analytics warehouse—which is separate from the company’s user data, the volume of which has not been disclosed—is used in the targeting of advertising. As the company captures more data, it can help marketers target their advertising more effectively—assuming, of course, that the data is accessible.

“Instead of a warehouse of data, you can end up with a junkyard of data,” said Mr. Rudin, who spoke to CIO Journal during a break at the Strata and Hadoop World Conference in New York. He said that he has led a project to index that data, essentially creating an internal search engine for the analytics warehouse.

Tagged , ,

Adobe hack: At least 38 million accounts breached

Cyber, hackers, crime, infrastructure

Adobe has confirmed that a recent cyber-attack compromised many more customer accounts than first reported.

The software-maker said that it now believed usernames and encrypted passwords had been stolen from about 38 million of its active users.

It added that the attackers had also accessed details from an unspecified number of accounts that had been unused for two or more years.

The firm had originally said 2.9 million accounts had been affected.

Adobe has also announced that the hackers stole parts of the source code to Photoshop, its popular picture-editing program.

It had previously revealed that the source code for its Acrobat PDF document-editing software and ColdFusion web application creation products had also been illegally accessed.

The information could allow programmers to analyse how Adobe’s software works and copy its techniques.

In May, Adobe shifted several of its products to a subscription model, meaning its customers needed to register an account and provide their payment card details in order to qualify for upgrades.

Passwords reset

A spokeswoman for Adobe defended the fact its initial statement did not reveal the full scale of the issue.

“In our public disclosure, we communicated the information we could validate,” she said.

“As we have been going through the process of notifying customers whose Adobe IDs and passwords we believe to be involved, we have been eliminating invalid records. Any number communicated in the meantime would have been inaccurate.”

She added that the firm still believed that encrypted credit and debit card numbers, product expiration dates and other information relating to customer orders had only been compromised in the case of the original 2.9 million users identified.

Regarding the additional 35.1 million users, the company thinks only customer IDs and encrypted passwords have been affected.

It has since reset the passwords as a precaution against the encryption being cracked. However, this would not protect its customers from the threat of having their accounts on other services attacked if they used the same usernames and passwords.

According to Brian Krebs, a security blogger who first reported the breach, a file was uploaded to a hacking forum last weekend that appeared to contain millions of usernames and hashed passwords taken from Adobe.

The fact the passwords had been hashed means that they had been converted into a string of characters using a process that cannot be reversed to reveal the original text.

The spokeswoman for Adobe said the document had since been removed from the site at the firm’s request, and added that her company had seen no indication of unauthorised activity on any of the accounts involved in the incident.

Tagged , , ,

Google smartwatch with Google Now coming sooner than expected, ‘ready within months’

A Google-produced smartwatch is close to entering production, says a report from theWall Street Journal. The Google watch, which has been rumored multiple times, will run Android with a heavy focus on the company’s Google Now personal assistant. Google Now provides useful at-a-glance information such as travel alerts, weather reports, and news based on your email, browsing history, and location. According to WSJ‘s anonymous source, the watch could be “ready within months.”

The paper’s source also says that the watch will “be able to communicate with other devices such as a smartphone,” likely implying that it will tether for data needs. The company has reportedly been hard at work on reducing power consumption, a big issue with the most recent Android-based smartwatch, the Samsung Galaxy Gear. The Gear was maligned at launch for poor battery life, less-than-stellar performance, limited functionality, and a lack of compatibility with non-Samsung devices.

While it’s likely Google’s effort will be compatible with a wider range of devices, it’s not clear if Google will fix the Gear’s other shortcomings. Google acquired smartwatch maker WIMM Labs just two months ago in a deal that is likely related to today’s news. Will a Google Now-focused watch overcome the issues that present smartwatches have? We could be just months away from finding out.

Tagged , ,

Google Hangouts for Android gets SMS integration, location-sharing and support for animated GIFs

152807965-645x250

Google announced a slew of updates for its Hangouts cross-platform messaging service today, including SMS support, animated GIFs and one-tap location sharing for its Android app.

The update, which will be available in the Google Play store “over the next few days”, will give you the ability to instantly share your location with fellow Hangouts users. Just tap the new pin icon in the bottom right-hand corner of the app, and Hangouts will pull in your immediate position and post it within the conversation stream as a Google Maps thumbnail.

hangouts11 Google Hangouts for Android gets SMS integration, location sharing and support for animated GIFs

It was promised months ago, but the Android version of Hangouts is also being updated with SMS support. That means you’ll be able to use Hangouts as your default app both for traditional texting and web-based instant messaging, effectively replacing the default SMS app.

In addition, animated GIFs will also play inline now.

The video calling experience, meanwhile, is being revamped across all supported devices. Videos will now play full screen and Google has promised to fix and enhance webcam lighting on the desktop automatically.

It’s unclear whether location sharing and SMS support is planned for the iOS version of Hangouts. For now though, it’s worth checking to see if you can access the latest version on your Android smartphone or tablet.

Tagged ,

Google Hangouts for Android gets SMS integration, location-sharing and support for animated GIFs

152807965-645x250

Google announced a slew of updates for its Hangouts cross-platform messaging service today, including SMS support, animated GIFs and one-tap location sharing for its Android app.

The update, which will be available in the Google Play store “over the next few days”, will give you the ability to instantly share your location with fellow Hangouts users. Just tap the new pin icon in the bottom right-hand corner of the app, and Hangouts will pull in your immediate position and post it within the conversation stream as a Google Maps thumbnail.

hangouts11 Google Hangouts for Android gets SMS integration, location sharing and support for animated GIFs

It was promised months ago, but the Android version of Hangouts is also being updated with SMS support. That means you’ll be able to use Hangouts as your default app both for traditional texting and web-based instant messaging, effectively replacing the default SMS app.

In addition, animated GIFs will also play inline now.

The video calling experience, meanwhile, is being revamped across all supported devices. Videos will now play full screen and Google has promised to fix and enhance webcam lighting on the desktop automatically.

It’s unclear whether location sharing and SMS support is planned for the iOS version of Hangouts. For now though, it’s worth checking to see if you can access the latest version on your Android smartphone or tablet.

Tagged ,