Posts with «social & online media» label

It took a TikToker barely 30 minutes to doxx me

In 30 minutes or less, TikToker and Chicago-based server Kristen Sotakoun can probably find your birth date. She’s not a cybersecurity expert, despite what some of her followers suspect, but has found a hobby in what she calls “consensual doxxing.”

“My first thing is to be entertaining. My second thing is to show you cracks in your social media, which was the totally accidental thing that I became on TikTok,” Sotakoun, who goes by @notkahnjunior, told me.

It’s not quite doxxing, which usually refers to making private information publicly available with malicious intent. Instead, it’s known in the cybersecurity field as open-source intelligence, or OSINT. People unknowingly spell out private details about their lives as a bread crumb trail across social media platforms that, when gathered together, paint a picture of their age, families, embarrassing childhood memories and more. In malicious cases, hackers gather information based on what you or your loved ones have published on the web to get into your accounts, commit fraud, or even socially engineer a user to fall for a scam.

Sotakoun mostly just tracks down an anonymous volunteer's birth date. She doesn’t have malicious intent or interest in a security career, she said she just likes to solve logic puzzles. Before TikTok, that was spending a ride home from a friend’s birthday dinner at Medieval Times discovering the day job of their “knight.” Sotakoun just happened to eventually go viral for her skills.

So, to show me her process, I let Sotakoun “consensually doxx” me. She found my Twitter pretty quickly, but because I keep it pretty locked down, it wasn’t super helpful. Information in author bios from my past jobs, however, helped her figure out where I went to college.

My name plus where I studied led her to my Facebook account, another profile that didn’t reveal much. It did, however, lead her to my sister, who had commented on my cover photo nine years ago. She figured out it was my sister because we shared a last name, and we’re listed as sisters on her Facebook. That’s important to note because I don’t actually share a last name with most of my other siblings, which could’ve been an additional roadblock.

My sister and I have pretty common names though, so Sotakoun also found my stepmom on my sister’s profile. By searching my stepmom’s much more unique name on Instagram, it helped lead Sotakoun to mine and my sister’s Instagram accounts, as opposed to one of the many other Malones online.

Still, my Instagram account is private. So, it was my sister’s Instagram account – that she took off “private” for a Wawa giveaway that ultimately won her a t-shirt – featuring years-old birthday posts that led Sotakoun to the day I was born. That took a ton of scrolling and, to correct for the fact that a birthday post could come a day late or early, Sotakoun relied on the fact that my sister once shared that my birthday coincided with World Penguin Day, April 25.

Then, to find the year, she cross-referenced the year I started college, which was 2016 according to my public LinkedIn, with information in my high school newspaper. My senior year of high school, I won a scholarship only available to seniors, Sotakoun discovered, revealing that I graduated high school in 2016. From there, she counted back 18 years, and told me that I was born on April 25, 1998. She was right.

“My goal is always to find context clues, or find people who care less about their online presence than you do,” Sotakoun said.

Many people will push back on the idea that having personal information online is harmful, according to Matt Edmondson, an OSINT instructor at cybersecurity training organization SANS Institute. While there are obvious repercussions to having your social security number blasted online, people may wonder what the harm is in seemingly trivial information like having your pet’s name easily available on social media. But if that also happens to be the answer to a security question, an attacker may be able to use that to get into your Twitter account or email.

In my case, I’ve always carefully tailored my digital footprint to keep my information hidden. My accounts are private and I don’t share a lot of personal information. Still, Sotakoun’s OSINT methods found plenty to work with.

Facebook and Instagram are Sotakoun’s biggest help for finding information, but she said she has also used Twitter, and even Venmo to confirm relationships. She specifically avoids resources like records databases that could easily give away information.

That means that there’s still a lot of data out there on each of us that Sotakoun isn’t looking for. Especially if you’re in the US, data like your date of birth, home address and more are likely already out there in some form, according to Steven Harris, an OSINT specialist that teaches at SANS.

“Once the data is out there, it’s very hard to take back,” Harris said. “What protects people is not that the information is securely locked away, it’s that most people don’t have the knowledge or inclination to go and find out.”

There are simple things you can do to keep attackers from using these details against you. Complex passwords and multi-factor authentication make it harder for unauthorized users to get into your account, even if they know the answers to your security questions.

That gets a bit more complicated, though, when we think about how much our friends and family post for us. In fact, Sotakoun said she noticed that even if a person takes many measures to hide themselves online, the lack of control over their social circle can help her discover their birth date.

“You have basically no control on your immediate social circle, or even your slightly extended social circle and how they present themselves online,” she said.

This article originally appeared on Engadget at https://www.engadget.com/it-took-a-tiktoker-barely-30-minutes-to-doxx-me-120022880.html?src=rss

Meta is reportedly building a decentralized Twitter competitor

Meta might offer a Twitter alternative like Mastodon in the future, according MoneyControl and Platformer. The social networking giant is reportedly in the early stages of developing an app codenamed P92 that would let users post text-based updates, and it's going to support Mastodon's social networking protocol called ActivityPub. Meta confirmed that a decentralized social network is in the works at the company and told the publications:

"We're exploring a standalone decentralized social network for sharing text updates. We believe there's an opportunity for a separate space where creators and public figures can share timely updates about their interests."

P92 will carry Instagram's branding and will let users register and log in using their Instagram credentials, according to the sources. It will populate users' profile with their Instagram account details if they use their login on the photo-sharing app. But based on the product brief MoneyControl saw, "data sharing from Instagram to P92 will be minimal, if not none" after the initial sign up. 

Since the app is decentralized, that means users can set up their own servers and set their own rules for content moderation. A source told MoneyControl that the app will allow users to broadcast their posts to those on other servers, but it remains to be seen whether they will be able to follow each other, as well. If the app supports ActivityPub, though, people will likely expect it to be somewhat interoperable with Mastodon and other decentralized apps that use the protocol. 

Meta has a list of features it definitely wants the app to have, including tappable links for posts with previews, shareable images and videos, as well as verification badges. The sources didn't say whether the company will be charging a fee for its badges as well, but it's worth noting that Meta launched a $12-a-month paid verification service for Facebook and Instagram back in February. Users will have the ability to leave comments and send private messages, but they might not be available in the first version of the app. And at this point, Meta is unsure whether to give people the ability to reshare posts like they can on Twitter. 

MoneyControl says it's not quite quite clear whether the company has already started building the app, or if it's still in the planning period of development. By the time it launches, it's bound to have several more competitors to contend with, since Twitter rivals have been popping up to offer users an alternative after Elon Musk took over last year. 

This article originally appeared on Engadget at https://www.engadget.com/meta-decentralized-twitter-competitor-071316333.html?src=rss

Twitter's censorship-evading Tor service is no longer working

Visiting Twitter's Tor onion website will now show you a warning that its certificate has expired, and pushing forward will just send you to an error page. The Tor Project, the non-profit org responsible for maintaining software for the Tor network, has confirmed to The Verge that Twitter's onion site "is no longer available seemingly with no plans to renew." Pavel Zoneff, the group's communications director, said: "The Tor Project has reached out to Twitter to look into bringing the onion version of the social media platform back online. People who rely on onion services for an extra layer of protection and guarantee that they are accessing the content they are looking for now have one fewer way of doing so safely." It's worth noting, however, that you can still access Twitter on a Tor browser. 

Twitter launched its Tor service in 2022, shortly after Russia blocked its people's access to the website. A Tor service allows you to circumvent censorship and gives you the capability to visit an online destination even when it's supposedly restricted in your country. It also protects you from surveillance, thanks to its anonymization features that encrypt your traffic. You can use it anywhere, but it is perhaps especially helpful to people living in countries with more stringent censorship laws, including North Korea and China. 

The company has yet to announce whether it has any plans on reviving its Tor service. Alec Muffett, who helped Twitter's engineers adopt Tor services last year, told The Verge that the people within the company he interacted with "are all gone." He added that he's pretty sure it's going to stop working totally "unless Elon [Musk] takes an interest."

Musk, who purchased Twitter later in 2022, has laid off thousands of workers since he took over, including employees who supported his vision for the website. CNBC reported back in January that only 1,300 personnel were left from the 7,500 people who were working for Twitter before it changed hands. Seeing as Musk seems to be focusing on monetizing Twitter at the moment, and there are barely any employees left at the company, its Tor service may remain unavailable for a long time, if not for good. 

This article originally appeared on Engadget at https://www.engadget.com/twitter-tor-service-no-longer-working-063541843.html?src=rss

Messenger is returning to the Facebook mobile app after nine years away

It's been so long since Meta cut Messenger out of the Facebook mobile app that Windows Phone was still somewhat of a thing at the time. Almost nine years later, Meta is ready to bring them back together. "We are testing the ability for people to access their Messenger inbox within the Facebook app and you’ll see us expand this testing soon," Facebook head Tom Alison wrote. "Ultimately, we want it to be easy and convenient for people to connect and share, whether in the Messenger app or directly within Facebook."

When Meta removed Messenger from the Facebook app in 2014, it said that "our goal is to focus development efforts on making Messenger the best mobile messaging experience possible and avoid the confusion of having separate Facebook mobile messaging experiences." It's unclear whether Meta has any plans to bring messaging back to the mobile browser version of Facebook. It started pushing mobile web users toward the Messenger app in 2016. In any case, having one fewer app to juggle on your phone is probably not a bad thing. You might be able to send messages to Instagram users from the Facebook app too.

Meta made the announcement in a bizarrely framed blog post about Facebook's focus areas for 2023. The post seeks to assure people that "Facebook is not dead nor dying," as it now has more than 2 billion users.

In an effort to become more competitive with TikTok, Meta is attempting to shift Facebook away from an app where you keep up with friends and family to more of an entertainment and discovery platform. It's trying to "make Facebook the best place for social discovery and sharing," as Alison put it in the blog post. 

A key reason why Meta is bringing messaging back to the Facebook app is to "make it easier for people to share what they discover on Facebook via messaging, when, where and how it suits their needs, without needing to switch to another app," Alison wrote. TikTok enables users to share videos that they stumble upon with their friends through built-in direct messaging. So, on one hand Meta is reversing course and going back to an older way of doing things, but on the other it is, once again, aping a competitor.

This article originally appeared on Engadget at https://www.engadget.com/messenger-is-returning-to-the-facebook-mobile-app-after-nine-years-away-191426674.html?src=rss

Every link on Twitter is broken right now

Links are completely busted on Twitter at the minute across the company's website and mobile apps, as well as TweetDeck. Clicking on one brings up an error message that reads "Your current API plan does not include access to this endpoint, please see https://developer.twitter.com/en/docs/twitter-api for more information." As it happens, that link is also broken at the time of writing.

Developing...

This article originally appeared on Engadget at https://www.engadget.com/every-link-on-twitter-is-broken-right-now-165929931.html?src=rss

Jack Dorsey’s Twitter alternative Bluesky is now available in closed beta

Jack Dorsey’s new Twitter alternative, Bluesky, is now available in closed beta on the App Store. The invite-only app could soon join a crowded field of budding Twitter competitors, including Mastodon.

Interested users can submit their email addresses to join the waitlist. The Bluesky app reportedly borrows heavily from Twitter. However, it includes minor differences like “What’s up?” in place of “What’s happening?” along with a simplified process of creating a post (which can also include photos) by selecting a plus button. Otherwise, it has familiar features like searching for and following users and viewing their posts on a Home timeline.

Bluesky began in 2019 as a Twitter-funded side project. Dorsey, who co-founded Twitter and was still CEO when the initiative started, saw it as a more open alternative to an increasingly centralized Twitter. Then, Bluesky spun off as its own company in 2021. Dorsey has said he believes social media should be free of corporate or government control and that only authors should have the power to remove their social-media content. Additionally, although he said Twitter’s decision to ban Donald Trump after his role in inciting the January 6th insurrection was “the right decision,” he also worried about its precedent in endangering a “free and open global internet.”

Whether Twitter users will flee to Bluesky (or other platforms) in large enough numbers to make a significant difference is an open question. However, considering many people seeking an alternative are doing so because of current CEO / owner Elon Musk’s headline-grabbing embrace of far-right figures and ideology, it may be illogical to expect them to flock to a brainchild of someone who holds reservations about banning anyone for any reason.

This article originally appeared on Engadget at https://www.engadget.com/jack-dorseys-twitter-alternative-bluesky-is-now-available-in-closed-beta-190600041.html?src=rss

Twitter faces another global outage

The DownDetector pages for Twitter are exploding in activity — again — and users are sharing that the social network seems to be broken for them. Over the past couple of hours, thousands of users reported having issues accessing the website and its apps. Many trying to access Twitter.com have reported seeing a "Welcome to Twitter" message, while both Android and iOS timelines remained stuck in the past. 

Twitter's Support account has yet to issue a statement, but some parts of the website are working just fine. Users can still tweet if they want to, or read and respond to their notifications. If they need to see the latest tweets ASAP, they can switch over to Tweetdeck to see them. The outage comes shortly after the company reportedly laid off more employees. 

According to various sources, Twitter released around 200 people on Saturday night, a week after the company's Slack was taken offline. Twitter Blue head Esther Crawford is believed to be one of the affected personnel. It's unclear at the moment if the layoffs have anything to do with the outage, but since Twitter has no PR team, we'll have to wait for the company to issue a statement. 

This article originally appeared on Engadget at https://www.engadget.com/twitter-faces-another-global-outage-122800803.html?src=rss

Twitter updates violent speech policy to ban ‘wishes of harm’

Twitter is once again tightening its rules around what users are permitted to say on the platform. The company introduced an updated “violent speech” policy, which contains some notable additions compared with previous versions of the rules.

Interestingly, the new policy prohibits users from expressing “wishes of harm” and similar sentiments. “This includes (but is not limited to) hoping for others to die, suffer illnesses, tragic incidents, or experience other physically harmful consequences,” the rules state. That’s a reversal from Twitter’s previous policy, which explicitly said that “statements that express a wish or hope that someone experiences physical harm" were not against the company’s rules.

“Statements that express a wish or hope that someone experiences physical harm, making vague or indirect threats, or threatening actions that are unlikely to cause serious or lasting injury are not actionable under this policy,” Twitter’s previous policy stated, according to the Wayback Machine.

That change isn't the only addition to the policy. Twitter’s rules now also explicitly protects “infrastructure that is essential to daily, civic, or business activities” from threats of damage. From the rules:

You may not threaten to inflict physical harm on others, which includes (but is not limited to) threatening to kill, torture, sexually assault, or otherwise hurt someone. This also includes threatening to damage civilian homes and shelters, or infrastructure that is essential to daily, civic, or business activities.

These may not seem like particularly eyebrow-raising changes, but they are notable given Elon Musk’s previous statements about how speech should be handled on Twitter. Prior to taking over the company, the Tesla CEO stated that his preference would be to allow all speech that is legal. “I think we would want to err on the side of, if in doubt, let the speech exist,” he said at the time.

It’s also not the first time Twitter’s rules have become more restrictive since Musk’s takeover. The company’s rules around doxxing changed following his dustup with the (now suspended) @elonjet account, which shared the whereabouts of Musk’s private jet.

Twitter didn’t explain its rationale for the changes, but noted in a series of tweets that it may suspend accounts breaking the rules or force them to delete the tweets in question. The company no longer has a communications team to respond to requests for comment.

This article originally appeared on Engadget at https://www.engadget.com/twitter-updates-violent-speech-policy-to-ban-wishes-of-harm-214320985.html?src=rss

Facebook and Instagram will help prevent the spread of teens' intimate photos

Meta is taking further action as part of its long-running promise to combat sextortion and other forms of child sexual abuse material (CSAM). The company has revealed that Facebook and Instagram are founding members of Take It Down, an initiative from the National Center for Missing and Exploited Children (NCMEC) that helps young people and their parents remove intimate photos posted online. The system relies on locally stored photos, but theoretically protects privacy.

Instead of sharing the photos themselves, concerned users visit Take It Down to upload generated hashes. If Facebook, Instagram and other program members spot those hashes elsewhere, they can pull and block the content so it won't proliferate. Meta notes that this isn't just for those under 18, either. Parents can act on a child's behalf, and adults can scrub images taken of them when they were younger. The NCMEC warns that platforms may have "limited capabilities" to remove content that's already online, but this could still help mitigate or undo the damage from unwanted sharing. We've asked Meta for clarification.

Meta announced its anti-sextortion plans in November as part of a broader crackdown against "suspicious" adults messaging teens. The project is a follow-up to the StopNCII technology the company developed to fight revenge porn, and shares a similar implementation. This is the latest in a string of efforts to protect teens on Meta's social networks. The company already limits sensitive content for teen Instagram users and restricts ads targeting young audiences, for instance.

The action isn't entirely voluntary. Meta is under pressure from state attorneys general and other government bodies to show that it protects teens, particularly in light of whistleblower Frances Haugen's accusations that the firm downplayed research into Instagram's effects on mental health. The new takedown platform may lift some of that pressure even as it gives abuse survivors more control over their online presence.

YouTube is testing a '1080p Premium' playback option

Some YouTube viewers have reported seeing a new option for video quality in the website's drop-down menu. In addition to the basic 1080p playback option, they're also seeing another one labeled 1080p Premium with a note beneath it that says it offers "Enhanced bitrate." A spokesperson told The Verge that the website is testing the new video quality, which is currently available to "a small group of YouTube Premium subscribers." They described it as an "enhanced bitrate version of 1080p which provides more information per pixel that results in a higher quality viewing experience." Also, there's supposed to be no change to the quality of the standard 1080p resolution, which some people might not consider the good news YouTube deems it to be. 

Based on several comments on the Reddit thread discussing the test, viewers find the standard 1080p resolution on the website to be poor in quality. But a higher bitrate, which is used as a measurement for the amount of video data transferred within a certain timeframe, could mean getting better images without having to bump up the resolution. As XDA Developers notes, switching to 4K would give users access to better and sharper-looking videos, but they'd have to stream a much bigger file that could cost them more or eat up more of their data allowance. 

The enhanced 1080p option is just a test feature at this point, though, and YouTube might not approve it for a wide rollout at all. If it does make its way out of the experimental phase, only viewers paying for YouTube Premium will be able to access it. The subscription service will cost users $12 a month for an individual account or $23 a month for a family plan.