Data Digest № 002

Hey there and welcome to the second edition of the Data Digest, where we summarize all events you should know about in the world of data. Here are the stories you should pay attention to…

FB stored (is storing?) “hundreds of millions” of passwords in plaintext for years

Flip the “days since last Facebook security incident” back to zero. — Zack Whittaker

The prospect of Keeping up with the Zuckerbergs becoming a hit TV show seem minuscule given it’s predictable lack of pizzazz (i.e. Zuck’s uniform wardrobe and questionable food choices), but one thing is sure to deliver drama week after week: the Zuckerbergs’ Sisyphean efforts to keep up with data security.

In the latest edition of data news coming out of Facebook’s HQ, we learned that the company stored hundreds of millions of passwords in plaintext. Brian Krebbs (the cybersecurity reporter who broke the story) reports a source inside Facebook indicates somewhere between 200 and 600 million users could be affected, which is more than 20% of Facebook’s 2.7 billion users. Facebook has yet to officially confirm any numbers, and states no one saw or abused these passwords. Misuse or not, the fact that Facebook did not care to encrypt the most sensitive data of their customers is not just grossly negligent, but speaks volumes about the company’s attitude regarding their customer’s privacy and data ownership. This is especially true since sloppy password protection does not just have immediate impacts on a person’s Facebook profile, but any app that a person has ever used a Facebook OAuth log in for.

“Suck it Ad-tech”, say 47% of consumers

47% of consumers are using Ad Blockers, which we hope is a wake-up call to marketing departments that the time has come for a better way to reach out and engage with consumers. The primary reasons for blocking ads were the sheer amount of noise created by ads (48%) closely followed by a lack of relevance of ads (47%). Luckily, we’re working on something that can fix both issues. More to come.

Phone secure storage is all the rage — now let’s add blockchain and rage harder

Some recent history of secure storage (sometimes called Trusted Execution Environments, or TEEs) on smartphones: Samsung and other Android phones have used ARM’s TrustZone tech in the past; Google’s Pixel 3 has a Titan M chip; Apple has it’s Secure Enclaves; and these architectures, while slightly different, are all useful and important in the same ways.

Samsung now steps into the blockchain-phone ring with the Galaxy S10, which will use it’s secure storage to hold private keys (for the layperson: the thing you use to unlock your blockchain assets). We should note (as the article explains in more depth) that they’re not the first, but certainly the biggest to announce this feature. Many blockchain enthusiasts think that making blockchain more user-friendly through secure devices and simple key management is the best way forward; we, at least, are pumped.

High quality journalism and sci-fi — Mark Sullivan promotes the virtues of data sharing

Mr. Sullivan explains the incredible potential value of sharing data with companies, and fears that the recent outcries might quash that possibility through user apathy/skepticism and governmental intervention. We have similar fears, but instead of giving big tech companies a second chance, we (obviously) think a self-sovereign data wallet is the solution. Because the notion of users having to forfeit data ownership in order to reap in the spoils of personalization is, while highly propagated, simply wrong. We encourage you to check out our white paper if you’d like to understand the base layer technology that makes both concepts possible at the same time. Of course, we also encourage you to give Mr. Sullivan’s article a read; his examples of a personalized future are vivid and compelling.

The EU takes no prisoners, and that includes itself

The EU is a class act and leading by example, as this week it adopted rules to prevent misuse of personal data by EP (European Parliament) elections. And like GDPR, there’s a 5% fine on the annual budget of any European party or foundation found wanting. Good for you EU.

Speaking of EU and no prisoners… a third fine for Google, this time €1.5 billion

This €1.5 billion fine adds to a €4.3 billion last year and a €2.4 billion fine before, coming at a grand total of €8.2 billion (~$9.3 billion at current exchange rates).

The fine is for an antitrust violation related to its AdSense business. Whatever you think of the details of the fines, I think we all sympathize with the perspective of EU antitrust commissioner Margrethe Vestager when she said “For me, the most important thing here is to enable user choice.”

And speaking of Google; meet it’s newest user product, an entirely server-powered gaming platform.

Lots of thoughts and predictions are swirling around Google’s announcement of Stadia, which will allow people to play top-tier video games on almost all major devices is to be launched later this year. Data-wise though, it’ll be interesting to see how Google’s plans to integrate Stadia with YouTube will be yet another major data play from them. Not only are they setting themselves to directly compete with Amazon’s Twitch and the entire $43.8 billion in 2018 revenue gaming industry, but they’ll have unbelievable access into personal preferences for video games. We’re not planning on holding our breaths before we hear about any meaningful privacy settings, but with international and GDPR pressure, perhaps there’s hope…

Wipe it!

Who needs to hack someone if old devices are filled with troves of personal data? Josh Frantz (security researcher at Rapid7) spent 6 months collecting old desktop, hard disks, cellphones, etc. and found they contained personal and valuable data — including credit card, driver’s license, social security, and passport numbers. Take a look at the article for a few recommendations on how to properly wipe a device before you trash or donate it.

New study exposes data sharing practices of Medicine/Health related apps

In short, it’s a bit worrying. While we normally like summarizing, such research is best read and interpreted individually, but we’ll quote the Objectives, Results, and Conclusions for your convenience:

“Objectives To investigate whether and how user data are shared by top rated medicines related mobile applications (apps) and to characterise privacy risks to app users, both clinicians and consumers….

The importance of data to the Chinese GDP

New research by AlphaBeta suggest that China’s lack of data and intellectual property protection could lead the nation to miss out on 37 trillion yuan (~$5.5 trillion) in growth by 2030, or about ⅕ of GDP.

That’s all for now. See you again next week!

Serafin