Parallels’ KeyGenie lets you play for a free product key — but you can’t ever win – gpgmail


When is a game not a game? When you never win.

For years, virtualization software maker Parallels offered the chance to win a free product keys if you “stump the KeyGenie,” a virtual robot which users can play against. Normally, users must buy a product key to run the software beyond its two-week free trial. But if you can make it through five questions without the robot guessing what you’re thinking, the robot says a key “may be yours.”

But it turns out it’s an impossibility.

Security researcher John Wethington alerted gpgmail to the KeyGenie game, more than a year after he told Parallels that the game was impossible to win. He examined at the source code of the webpage to see how it worked. He quickly found that no matter what a user does, the code never allows a user to win a free product key.

“It’s to get people to sign up for a trial by pretending to give them a chance at a free license,” he said. “But the source code proves it never will.”

We asked three security researchers to independently verify our findings. Spoiler alert: they did.

Yonathan Klijnsma, a threat researcher at cyberthreat intelligence firm RiskIQ, looked at the code and found that the robot’s responses were hardcoded.

“There’s never any product key,” he told gpgmail. “You have that winning screen but there’s never a product key on the page,” he said. “You can trigger the case for getting a key but there is no way to get to it.”

Though it’s possible to trick the game into thinking you’ve won, nothing happens — and no key is ever awarded.

A screencap of the KeyGenie game. No product key is ever produced. (Image: gpgmail)

“It’s a bunch of hardcoded if-else statements that just take you to the same widget in the end,” said Edwin Foudil, a security researcher who also performed a cursory review of the site. And Baptiste Robert, who’s known for finding security vulnerabilities in apps and websites, said his own checks show nothing is ever pulled from the server after the user wins, suggesting the winner is never served a product key.

“It seems to be a fake game,” said Robert.

We contacted Parallels prior to publication but spokesperson John Uppendahl did not comment. If that changes, we’ll update.

The KeyGenie site was born more than five years ago after Parallels found its popular desktop emulation software was regularly falling victim to software piracy. Hackers would crack the software’s product key algorithm, then build and share their product key generators — known as keygens — on file-sharing sites. Quickly, these keygens floated to the top of search engines, making user piracy even easier.

Parallels built the aptly named “KeyGenie” game so it would rise to the top of search results and replace the illegal keygen search results.

One of Parallels’ marketing agencies at the time published a blog post claims that KeyGenie “will actually hand out keys,” and that the game was “programmed randomly.” The post, published seven months later, “generated dozens of trials” and “four-figures in revenue.”

The Federal Trade Commission, which regulates potentially deceptive advertising and marketing, did not comment outside business hours.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

State attorneys general to launch antitrust investigation into big tech companies, reports say – gpgmail


The state attorneys in more than a dozen states are preparing to begin an antitrust investigation of the tech giants, the Wall Street Journal and the New York Times reported Monday, putting the spotlight on an industry that is already facing federal scrutiny.

The bipartisan group of attorneys from as many as 20 states is expected to formally launch a probe as soon as next month to assess whether tech companies are using their dominant market position to hurt competition, WSJ reported.

If true, the move follows the Department of Justice, which last month announced its own antitrust review of how online platforms scaled to their gigantic sizes and whether they are using their power to curb competition and stifle innovation. Earlier this year, the Federal Trade Commission formed a task force to monitor competition among tech platforms.

It won’t be unprecedented for a group of states to look at a technology giant. In 1998, 20 states joined the Justice Department in suing Microsoft . The states could play a key role in building evidence and garnering public support for major investigations.

Because the tentacles of Google, Facebook, Amazon, and Apple reach so many industries, any investigation into them could last for years.

Apple and Google pointed the Times to their previous official statements on the matter, in which they have argued that they have been vastly innovative and created an environment that has benefited the consumers. Amazon and Facebook did not comment.

Also on Monday, Joseph Simons, the chairman of FTC, warned that Facebook’s planned effort to integrate Instagram and WhatsApp could stymie any attempt by the agency to break up the social media giant.

“If they’re maintaining separate business structures and infrastructure, it’s much easier to have a divestiture in that circumstance than in where they’re completely enmeshed and all the eggs are scrambled,” Simons told the Financial Times.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Facebook denies making contradictory claims on Cambridge Analytica and other ‘sketchy’ apps – gpgmail


Facebook has denied contradicting itself in evidence to the UK parliament and a US public prosecutor.

Last month the Department for Digital, Culture, Media and Sport (DCMS) committee wrote to the company to raise what it said were discrepancies in evidence Facebook has given to international parliamentarians vs evidence submitted in response to the Washington, DC Attorney General — which is suing Facebook on its home turf, over the Cambridge Analytica data misuse scandal.

Yesterday Bloomberg obtained Facebook’s response to the committee.

In the letter Rebecca Stimson, the company’s head of U.K. public policy, denies any inconsistency in evidence submitted on both sides of the Atlantic, writing:

The evidence given to the Committees by Mike Schroepfer (Chief Technology Officer), Lord Allan (Vice President for Policy Solutions), and other Facebook representatives is entirely consistent with the allegations in the SEC 
Complaint filed 24 July 2019. In their evidence, Facebook representatives truthfully answered questions about when the company first learned of Aleksandr Kogan / GSR’s improper transfer of data to Cambridge Analytica, which was in 
December 2015 through The Guardian’s reporting. We are aware of no evidence to suggest that Facebook learned any earlier of that improper transfer.

 As we have told regulators, and many media stories have since reported, we heard speculation about data scraping by Cambridge Analytica in September 2015. We have also testified publicly that we first learned Kogan sold data to Cambridge Analytica in December 2015. These are two different things and this 
is not new information.

Stimson goes on to claim that Facebook merely heard “rumours in September 2015 that Cambridge Analytica was promoting its ability to scrape user data from public Facebook pages”. (In statements made earlier this year to the press on this same point Facebook has also used the word “speculation” to refer to the internal concerns raised by its staff, writing that “employees heard speculation that Cambridge Analytica was scraping data”.)

In the latest letter, Stimson repeats Facebook’s earlier line about data scraping being common for public pages (which may be true, but plenty of Facebook users’ pages aren’t public to anyone other than their hand-picked friends so… ), before claiming it’s not the same as the process by which Cambridge Analytica obtained Facebook data (i.e. by paying a developer on Facebook’s platform to build an app that harvested users’ and users friends’ data).

The scraping of data from public pages (which is unfortunately common for any internet service) is different from, and has no relationship to, the illicit transfer to third parties of data obtained by an app developer (which was the subject of the December 2015 Guardian article and of Facebook representatives’ evidence),” she writes, suggesting a ‘sketchy’ data modeling company with deep Facebook platform penetration looked like ‘business as usual’ for Facebook management back in 2015. 

As we’ve reported before, it has emerged this year — via submissions to other US legal proceedings against Facebook — that staff working for its political advertising division raised internal concerns about what Cambridge Analytica was up to in September 2015, months prior to The Guardian article which Facebook founder Mark Zuckerberg has claimed is the point when he personally learned what Cambridge Analytica was doing on his platform.

These Facebook staff described Cambridge Analytica as a “sketchy (to say the least) data modeling company that has penetrated our market deeply” — months before the newspaper published its scoop on the story, per an SEC complaint which netted Facebook a $100M fine, in addition to the FTC’s $5BN privacy penalty.

Nonetheless, Facebook is once claiming there’s nothing but ‘rumors’ to see here.

The DCMS committee also queried Facebook’s flat denial to the Washington, DC Attorney General that the company knew of any other apps misusing user data; failed to take proper measures to secure user data by failing to enforce its own platform policy; and failed to disclose to users when their data was misused — pointing out that Facebook reps told it on multiple occasions that Facebook knew of other apps violating its policies and had taken action against them.

Again, Facebook denies any contradiction whatsoever here.

“The particular allegation you cite asserts that Facebook knew of third party applications that violated its policies and failed to take reasonable measures to enforce against them,” writes Stimson. “As we have consistently stated to the Committee and elsewhere, we regularly take action against apps and developers who violate our policies. We therefore appropriately, and consistently with what we told the Committee, denied the allegation.”

So, turns out, Facebook was only flat denying some of the allegations in para 43 of the Washington, DC Attorney General’s complaint. But the company doesn’t see bundling responses to multiple allegations under one blanket denial as in any way misleading…

In a tweet responding to Facebook’s latest denial, DCMS committee chair Damian Collins dubbed the company’s response “typically disingenuous” — before pointing out: “They didn’t previously disclose to us concerns about Cambridge Analytica prior to Dec 2015, or say what they did about it & haven’t shared results of investigations into other Apps.”

On the app audit issue, Stimson’s letter justifies Facebook’s failure to provide the DCMS committee with the requested information on other ‘sketchy’ apps it’s investigating, writing this is because the investigation — which CEO Mark Zuckerberg announced in a Facebook blog post on March 21, 2018; saying then that it would “investigate all apps that had access to large amounts of information”; “conduct a full audit of any app with suspicious activity”; “ban any developer from our platform that does not agree to a thorough audit”; and ban any developers found to have misused user data; and “tell everyone affected by those apps” — is, er, “ongoing”.

More than a year ago Facebook did reveal that it had suspended around 200 suspicious apps out of “thousands” reviewed. However updates on Zuckerberg’s great app audit have been thin on the ground since then, to say the least.

“We will update the Committee as we publicly share additional information about that extensive effort,” says Stimson now.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Democratic Presidential nominees are ignoring the issue of our cybersecurity infrastructure – gpgmail


With the long battle for the Democratic nominee for president in 2020 firmly underway, more than 20 political hopefuls are talking about spreading the fruits of a solid economy to millions of middle-class Americans who may have missed the good times, implementing Medicare for all to solve financial healthcare pitfalls, and free college education.

One would-be candidate – Jay Inslee, the governor of the state of Washington – is talking almost exclusively about the need to address climate change far more quickly and far more seriously.

But what has not been discussed by any of them, even briefly, is the stunning existential threat to our critical national security and the entire well-being of the U.S. posed by mounting and painful cyber breaches of infrastructure and other targets. If no would-be candidates can acknowledge the significance and magnitude of the cyber threat – let alone put forward a strategy and plan to defend against the threat – it’s hard to take them seriously as prospective national leaders.

I’m hardly the only one with this view. “When we think about existential threats, government has to understand that electricity doesn’t reside in its own silo and that if something happens to (companies like) us, it would have a potentially cataclysmic impact on finance as well,” utility Southern Company CEO Tom Fanning recently told Fox Business.

Specifically, consider just a few examples of what is going on every day:

 

Election malfeasance. We hear daily outrage about threats to our increasingly digital electoral infrastructure, and yet there is no policy discussion.

 

Rampant theft of intellectual property. The strength of our economy is based on our ability to innovate, as encapsulated in IP. And yet our economic and military rivals are brazenly stealing this IP with impunity. They take our innovation and weaponize it to challenge U.S. industry leadership and compromise our defense military technologies.

 

Targeting of critical infrastructure. When most of our infrastructure was built, it was not with security in mind. Our society is dependent upon our infrastructure. What if our phones didn’t work, we couldn’t bank, electrical and gas service was cut off, our planes couldn’t fly and our ports could not function? Massive financing is required to boost security.

 

Manipulation of privacy by select technology giants. What is, in effect, another sort of breach, is the collection, aggregation and manipulation of our privacy by digital aggregators such as Google and Facebook, which is then further manipulated and stolen by criminals. (Note here: A positive response has been the Federal Trade Commission’s endorsement this month of a $5 billion settlement with Facebook over a long-running probe into its privacy missteps.)

How do we solve these problems? Blatantly dictating solutions would inevitably fail. What we can do successfully is set standards of performance and responsibility, coupled with timelines and severe penalties for failure to perform. There must be accountability –something that sometimes exists in industry (albeit at inadequate levels), but that is wholly missing in government at all levels.

While I care deeply about cybersecurity, I am not naïve about the extreme pressure confronting politicians to score well in polls – a requirement to have a shot at winning their party’s presidential nomination. Arguably, cybersecurity awareness may not fit this bill.

If enhanced cybersecurity is to be injected into the Democratic election agenda, the public must actively promulgate such a step. Supporting an outcry is the irrefutable fact that the signs of risk are flagrant. Earlier this year, Global Risks Report 2019 – published by the World Economic Form – said that the rapid evolution of cyber and technological threats poses one of the most significant dangers to societies around the world.

In the U.S., meanwhile, cybersecurity is now at the forefront of policy discussions and planning for future conflicts. The cyber threat has leveled the playing field in many ways, presenting unique concerns to the U.S. and its allies. Two years ago, the final report of the Department of Defense Science Board Task Force on Cyber Deterrence concluded that cyber capabilities of other nations exceeded U.S. ability to defend systems and said this would remain the case for at least another five to 10 years.

These and other threats manifest themselves through attacks on our digital infrastructure. And as the largest and most digitized economy in the world, we have the most to lose when our infrastructure is comprised. There is no higher priority threat to the U.S. If those who would be our leaders, including Donald Trump, cannot acknowledge such a huge external threat to our security, economy and lifestyle and take steps to resolve it, they have no business vying to become the leader of our nation in 2020.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Reports say White House has drafted an order putting the FCC in charge of monitoring social media – gpgmail


In the executive order, the White House says it received more than 15,000 complaints about censorship by the technology platforms. The order also includes an offer to share the complaints with the Federal Trade Commission.

As part of the order, the Federal Trade Commission would be required to open a public complaint docket and coordinate with the Federal Communications Commission on investigations of how technology companies curate their platforms — and whether that curation is politically agnostic.

Under the proposed rule, any company whose monthly user base includes more than one-eighth of the U.S. population would be subject to oversight by the regulatory agencies. A roster of companies subject to the new scrutiny would include Facebook, Google, Instagram, Twitter, Snap and Pinterest .

At issue is how broadly or narrowly companies are protected under the Communications Decency Act, which was part of the Telecommunications Act of 1996. Social media companies use the Act to shield against liability for the posts, videos or articles that are uploaded from individual users or third parties.

The Trump administration aren’t the only politicians in Washington are focused on the laws that shield social media platforms from legal liability. House Speaker Nancy Pelosi took technology companies to task earlier this year in an interview with Recode.

The criticisms may come from different sides of the political spectrum, but their focus on the ways in which tech companies could use Section 230 of the Act is the same.

The White House’s executive order would ask the FCC to disqualify social media companies from immunity if they remove or limit the dissemination of posts without first notifying the user or third party that posted the material, or if the decision from the companies is deemed anti-competitive or unfair.

The FTC and FCC had not responded to a request for comment at the time of publication.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Facebook could face billions in potential damages as court rules facial recognition lawsuit can proceed – gpgmail


Facebook is facing exposure to billions of dollars in potential damages as a federal appeals court on Thursday rejected Facebook’s arguments to halt a class action lawsuit claiming it illegally collected and stored the biometric data of millions of users.

The class action lawsuit has been working its way through the courts since 2015, when Illinois Facebook users sued the company for alleged violations of the state’s Biometric Information Privacy Act by automatically collecting and identifying people in photographs posted to the service.

Now, thanks to an unanimous decision from the 9th U.S. Circuit Court of Appeals in San Francisco, the lawsuit can proceed.

The most significant language from the decision from the circuit court seems to be this:

 We conclude that the development of face template using facial-recognition technology without consent (as alleged here) invades an individual’s private affairs and concrete interests. Similar conduct is actionable at common law.

The American Civil Liberties Union came out in favor of the court’s ruling.

“This decision is a strong recognition of the dangers of unfettered use of face surveillance technology,” said Nathan Freed Wessler, staff attorney with the ACLU Speech, Privacy, and Technology Project, in a statement. “The capability to instantaneously identify and track people based on their faces raises chilling potential for privacy violations at an unprecedented scale. Both corporations and the government are now on notice that this technology poses unique risks to people’s privacy and safety.”

As April Glaser noted in “Slate”, Facebook already may have the world’s largest database of faces, and that’s something that should concern regulators and privacy advocates.

“Facebook wants to be able to certify identity in a variety of areas of life just as it has been trying to corner the market on identify verification on the web,” Siva Vaidhyanathan told Slate in an interview. “The payoff for Facebook is to have a bigger and broader sense of everybody’s preferences, both individually and collectively. That helps it not only target ads but target and develop services, too.”

That could apply to facial recognition technologies as well. Facebook, thankfully, doesn’t sell its facial recognition data to other people, but it does allow companies to use its data to target certain populations. It also allows people to use its information for research and to develop new services that could target Facebooks billion-strong population of users.

As our own Josh Constine noted in an article about the company’s planned cryptocurrency wallet, the developer community poses as much of a risk to how Facebook’s products and services are used and abused as Facebook itself.

Facebook has said that it plans to appeal the decision. “We have always disclosed our use of face recognition technology and that people can turn it on or off at any time,” a spokesman said in an email to “Reuters”.

Now, the lawsuit will go back to the court of U.S. District Judge James Donato in San Francisco who approved the class action lawsuit last April for a possible trial.

Under the privacy law in Illinois, negligent violations could be subject to damages of up to $1,000 and intentional violations of privacy are subject to up to $5,000 in penalties. For the potential 7 million Facebook users that could be included in the lawsuit those figures could amount to real money.

“BIPA’s innovative protections for biometric information are now enforceable in federal court,” added Rebecca Glenberg, senior staff attorney at the ACLU of Illinois. “If a corporation violates a statute by taking your personal information without your consent, you do not have to wait until your data is stolen or misused to go to court. As our General Assembly understood when it enacted BIPA, a strong enforcement mechanism is crucial to hold companies accountable when they violate our privacy laws. Corporations that misuse Illinoisans sensitive biometric data now do so at their own peril.”

These civil damages could come on top of fines that Facebook has already paid to the U.S. government for violating its agreement with the Federal Trade Commission over its handling of private user data. That resulted in one of the single largest penalties levied against a U.S. technology company. Facebook is potentially on the hook for a $5 billion payout to the U.S. government. That penalty is still subject to approval by the Justice Department.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Don’t miss this epic Twitter fight between the IAB’s CEO and actual publishers – gpgmail


Grab popcorn. As internet fights go, this one deserves your full attention — because the fight is over your attention. Your eyeballs and the creepy ads that trade data on you to try to swivel ’em.

In the blue corner, the Internet Advertising Association’s CEO, Randall Rothenberg, who has been taking to Twitter increasingly loudly in recent days to savage Europe’s privacy framework, the GDPR, and bleat dire warnings about California’s Consumer Privacy Act (CCPA) — including amplifying studies he claims show “the negative impact” on publishers.

Exhibit A, tweeted August 1:

NB: The IAB is a mixed membership industry organization which combines advertisers, brands, publishers, data brokers* and adtech platform tech giants — including the dominant adtech duopoly, Google and Facebook, who take home ~60% of digital ad spend. The only entity capable of putting a dent in the duopoly, Amazon, is also in the club. Its membership reflects the sprawling interests attached to the online ad industry, and, well, the personal data that currently feeds it (your eyeballs again!), although some members clearly have pots more money to spend on lobbying against digital privacy regs than others.

In a what now looks to have been a deleted tweet last month, Rothenberg publicly professed himself proud to have Facebook as a member of his “publisher defence” club. Though, admittedly, per the above tweet, he’s also worried about brands and retailers getting “killed.” He doesn’t need to worry about Google and Facebook’s demise because that would just be ridiculous.

Now, in the — I wish I could call it “red top” corner, except these newspaper guys are anything but tabloid — we find premium publishers biting back at Rothenberg’s attempts to trash-talk online privacy legislation.

Here’s The New York Times’ data governance & privacy guy, Robin Berjon, demolishing Rothenberg via the exquisite medium of quote-tweet

I’m going to quote Berjon in full because every single tweet packs a beautifully articulated punch:

  • One of the primary reasons we need the #GDPR and #CCPA (and more) today is because the @iab, under @r2rothenberg’s leadership, has been given 20 years to self-regulate and has used the time to do [checks notes] nothing whatsoever.
  • I have spent much of my adult life working in self-regulatory environments. They are never perfect, but when they work they really deliver.
  • #Adtech had a chance to self-reg when the FTC asked them to — from which we got the joke known as AdChoices.
  • They got a second major chance with DNT. But the notion of a level playing field between #adtech and consumers didn’t work for them so they did everything to prevent it from existing.
  • At some point it became evident that the @iab lacked the vision and leadership to shepherd the industry towards healthy, sustainable behaviour. That’s when regulation became unavoidable. No one has done as much as the @iab has to bring about strong privacy regulation.
  • And to make things funnier the article that @r2rothenberg was citing as supporting his view is… calling for stronger enforcement of the #GDPR.
  • If that’s not a metaphor for where the @iab’s at, I don’t know what is.

Next time Facebook talks about how it can self-regulate its access to data I suggest you cc that entire thread.

Also chipping in on Twitter to champion Berjon’s view about the IAB’s leadership vacuum in cleaning up the creepy online ad complex, is Aram Zucker-Scharff, aka the ad engineering director at — checks notes — The Washington Post.

His punch is more of a jab — but one that’s no less painful for the IAB’s current leadership.

“I say this rarely, but this is a must read,” he writes, in a quote tweet pointing to Berjon’s entire thread.

Another top-tier publisher’s commercial chief also told us in confidence that they “totally agree with Robin” — although they didn’t want to go on the record today.

In an interesting twist to this “mixed member online ad industry association vs people who work with ads and data at actual publishers” slugfest, Rothenberg replied to Berjon’s thread, literally thanking him for the absolute battering.

Yes, thank you – that’s exactly where we’re at & why these pieces are important!” he tweeted, presumably still dazed and confused from all the body blows he’d just taken. “@iab supports the competitiveness of the hundreds of small publishers, retailers, and brands in our global membership. We appreciate the recognition and your explorations,@robinberjon.”

Rothenberg also took the time to thank Bloomberg columnist Leonid Bershidsky, who’d chipped into the thread to point out that the article Rothenberg had furiously retweeted actually says the GDPR “should be enforced more rigorously against big companies, not that the GDPR itself is bad or wrong.”

Who is Bershidsky? Er, just the author of the article Rothenberg tried to nega-spin. So… uh… owned.

But there’s more! Berjon tweeted a response to Rothenberg’s thanks for what the latter tortuously referred to as “your explorations” — I mean, the mind just boggles as to what he was thinking to come up with that euphemism — thanking him for reversing his position on GDPR, and for reversing his prior leadership vacuum on supporting robustly enforced online privacy laws. 

It’s great to hear that you’re now supporting strong GDPR enforcement,” he writes. “It’s indeed what most helps the smaller players. A good next step to this conversation would be an @iab statement asking to transpose the GDPR to US federal law. Want to start drafting something?”

We’ve asked the IAB if, in light of Rothenberg’s tweet, it now wishes to share a public statement in support of transposing the GDPR into U.S. law. We’ll be sure to update this post if it says anything at all.

We’ve also screengrabbed the vinegar strokes of this epic fight — as an insurance policy against any further instances of the IAB hitting the tweet delete button. (Plus, I mean, you might want to print it out and get it framed.)

Screenshot 2019 08 02 at 18.48.08

Some light related reading can be found here:




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

FTC Toadies for Equifax, Begs Citizens to Register for Largely Worthless Credit Monitoring


This site may earn affiliate commissions from the links on this page. Terms of use.

In theory, organizations like the FTC exist to safeguard United States citizens. In practice, all too often, these organizations are far more beholden to the companies they supposedly regulate than the citizens whose rights they protect. Last week, the FTC announced a settlement with Equifax, in which individuals whose data was stolen — that’s basically everyone in the United States — were eligible for $125 in compensation. Given the breadth and importance of the data Equifax allowed to be stolen, one might think that kind of minimal compensation would be the least the company could offer, given that it leaked social security numbers, addresses, phone numbers, dates of birth, and names.

Now, however, the FTC has changed its tune. Far too many people have registered for the $125 settlement. Under the proposed settlement structure, only $31M has been set aside to provide these refunds. That translates to $125 for 248,000 people. The Equifax hack affected 147 million people. In other words, according to the FTC, only 0.16 percent of Americans were estimated to request $125. Now our government is begging its own citizens to accept near-worthless free credit monitoring (which costs Equifax literally nothing to provide) rather than asking for a tiny cash settlement in exchange for one of the most egregious database thefts of all time.

Just Buy It Pick Free Credit Report Monitoring

The FTC’s new blog post is headlined “Equifax data breach: Pick free credit report monitoring.” Robert Schoshinski, the Assistant Director, Division of Privacy and Identity Protection, writes:

The free credit monitoring is worth a lot more – the market value would be hundreds of dollars a year. And this monitoring service is probably stronger and more helpful than any you may have already, because it monitors your credit report at all three nationwide credit reporting agencies, and it comes with up to $1 million in identity theft insurance and individualized identity restoration services.

The FTC blog post does not note that the only reason the pool of cash for refunds is so small is the FTC deal with Equifax only allocates $31M to the relevant fund. While the agreement with Equifax included up to $425M to help victims of the breach, the overwhelming majority of the money is earmarked for other purposes. That’s dealt with in a separate press release. The government also doesn’t note that under the terms of the deal, it will be extremely difficult for anyone to prove an incidence of identity theft was tied to the Equifax database theft because that database has never been detected for sale on any hacking website. This implies it was stolen by a state actor rather than a conventional hacker.

Hurrah. R0ckH4rd69Lvr doesn’t have your data; Russia or China probably does. That’s vastly better.

Most financial websites do not agree with the FTC’s claim that free credit monitoring is worth “a lot more.” To quote Levar Burton, “You don’t have to take my word for it.” Here’s a sampling of quotes and links on the topic:

NerdWallet: “NerdWallet recommends avoiding such offerings from credit bureaus.”
US News & World Report: “It’s of some value if you are a victim of identity theft, but its value is rather narrow.”
CNBC: “Credit monitoring services may not be worth the cost”
CNN Money: “Most of what these products provide you can easily do yourself, and for free.”
LendingTree: “The paid credit monitoring services won’t necessarily monitor your reports any better than a free service.”

Maryland Attorney General Brian Frosh captured the spirit of the issue far better in his comments about the settlement last week. Speaking about the ~147M victims of the Equifax hack, he noted: “Most of them—most of us—did not sign up… We did not choose Equifax,” Frosh said. “It chose us. It collected our personal information, it compiled it, analyzed that information, and sold the product and some of the raw data to other people. Their carelessness with our personal data will cause harm perhaps for millions of Americans.”

Slate’s argument, made last week, was that customers had a moral obligation to claim this funding, to send a message to Equifax and other companies about the critical importance of data security and to hold them accountable for failing to do so. Nobody chooses to do business with Equifax, TransUnion, or Experian. These institutions compile financial records and credit reports on Americans without consent, to provide global information about one’s credit history. There is no way to voluntarily withdraw from the system and credit checks are so important for so many life events, there would be little practical way for any but the richest Americans to do so.

Facebook got hit with a $5B fine for Cambridge Analytica, but Equifax is skating by with a $671M fine. According to the FTC, this was a deliberate decision to protect Equifax. “We want to make sure we don’t bankrupt the company or have them go out of business,” Maneesha Mithal, a data and privacy subject matter expert with the FTC, told Ars Technica. “We want to make sure they have the funds and resources to protect consumers going forward.”

Yes. Because nothing speaks to the importance of protecting consumers like a slap on the wrist when a company loses the data of 147 million Americans. Nothing promotes trust like the FTC publishing a shameful, toadying blog post declaring the value of worthless monitoring services that the company being fined can provide at no cost to itself.

Details on how to object to the settlement, should you wish to do so, are on the FAQ linked at the EquifaxBreachSettlement page. You cannot ask the Court to change the settlement, but you can advocate for it to be approved or denied. A $125 payment for a few million Americans was bad enough, but the government’s behavior in this case, not to mention the terms of the settlement itself, are both insulting.

Now Read:




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Capital One’s breach was inevitable, because we did nothing after Equifax – gpgmail


Another day, another massive data breach.

This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the company’s credit cards dating back to 2005.

That includes names, addresses, phone numbers, dates of birth, self-reported income and more credit card application data — including over 140,000 Social Security numbers in the U.S., and more than a million in Canada.

The FBI already has a suspect in custody. Seattle resident and software developer Paige A. Thompson, 33, was arrested and detained pending trial. She’s been accused of stealing data by breaching a web application firewall, which was supposed to protect it.

Sound familiar? It should. Just last week, credit rating giant Equifax settled for more than $575 million over a date breach it had — and hid from the public for several months — two years prior.

Why should we be surprised? Equifax faced zero fallout until its eventual fine. All talk, much bluster, but otherwise little action.

Equifax’s chief executive Richard Smith “retired” before he was fired, allowing him to keep his substantial pension packet. Lawmakers grilled the company but nothing happened. An investigation launched by the former head of the Consumer Financial Protection Bureau, the governmental body responsible for protecting consumers from fraud, declined to pursue the company. The FTC took its sweet time to issue its fine — which amounted to about 20% of the company’s annual revenue for 2018. For one of the most damaging breaches to the U.S. population since the breach of classified vetting files at the Office of Personnel Management in 2015, Equifax got off lightly.

Legislatively, nothing has changed. Equifax remains as much of a “victim” in the eyes of the law as it was before — technically, but much to the ire of the millions affected who were forced to freeze their credit as a result.

Mark Warner, a Democratic senator serving Virginia, along with his colleague since turned presidential candidate Elizabeth Warren, was tough on the company, calling for it to do more to protect consumer data. With his colleagues, he called on the credit agencies to face penalties to the top brass and extortionate fines to hold the companies accountable — and to send a message to others that they can’t play fast and loose with our data again.

But Congress didn’t bite. Warner told gpgmail at the time that there was “a failure of the company, but also of lawmakers” for not taking action.

Lo and behold, it happened again. Without a congressional intervention, Capital One is likely to face largely the same rigmarole as Equifax did.

Blame the lawmakers all you want. They had their part to play in this. But fool us twice, shame on the credit companies for not properly taking action in the first place.

The Equifax incident should have sparked a fire under the credit giants. The breach was the canary in the coal mine. We watched and waited to see what would happen as the canary’s lifeless body emerged — but, much to the American public’s chagrin, no action came of it. The companies continued on with the mentality that “it could happen to us, but probably won’t.” It was always going to happen again unless there was something to force the companies to act.

Companies continue to vacuum up our data — knowingly and otherwise — and don’t do enough to protect it. As much as we can have laws to protect consumers from this happening again, these breaches will continue so long as the companies continue to collect our data and not take their data security responsibilities seriously.

We had an opportunity to stop these kinds of breaches from happening again, yet in the two years passed we’ve barely grappled with the basic concepts of internet security. All we have to show for it is a meager fine.

Thompson faces five years in prison and a fine of up to $250,000.

Everyone else faces just another major intrusion into their personal lives. Not at the hands of the hacker per se, but the companies that collect our data — with our consent and often without — and take far too many liberties with it.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Week in Review: Regulation boogaloo – gpgmail


Hello, weekenders. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on gpgmail this week to surface my favorites for your reading pleasure.

Last week, I talked about how services like Instagram had moved beyond letting their algorithms take over the curation process as they tested minimizing key user metrics such as “like” counts on the platform.


John Taggart/Bloomberg via Getty Images

The big story

The big news stories this week intimately involved the government poking its head into the tech industry. What was clear between the two biggest stories, the DoJ approving the Sprint/T -Mobile merger and the FTC giving Facebook a $5 billion slap on the wrist, is that big tech has little to worry about its inertia being contained.

It seems the argument from Spring and T-Mobile that it was better to have three big telecom companies in the U.S. rather than two contenders and two pretenders, seems to have stuck. Similarly, Facebook seems to have done a worthy job of indicating that it will handle the complicated privacy stuff but that they’ll let the government orgs see what they’re up to.

Fundamentally, none of these orgs seem to want to harm the growth of these American tech companies and I have a tough time believing that perspective is going to magically get more toothy in some of these early antitrust investigations. The government might be making a more concerted effort to understand how these businesses are structured, but even focusing solely on something like the cloud businesses of Microsoft, Google and Amazon, I have little doubt that the government is going to spend an awfully long time in the observation phase.

The danger is erraticism and for that the worst government fear for tech isn’t a three-letter agency, it’s the Twitter ramblings of POTUS.

Onto the rest of the week’s news.

Intel and Apple logos

(Photo: ALASTAIR PIKE,THOMAS SAMSON/AFP/Getty Images)

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • Apple dropping $1 billion on Intel’s modem business
    Apple is snapping up a missing link in its in-house component production with the $1B purchase of most of Intel’s modem business. This follows a dramatic saga between Intel, Qualcomm and Apple over the past year, but Apple will be making its own smartphone modems the question is when they actually end up in new iPhones. Read more here.
  • Microsoft dropping $1 billion on OpenAI
    Microsoft announced this week that it is dumping $1 billion into Sam Altman’s OpenAI research group. The partnership is pretty major, but it’s just one of the interesting avenues Microsoft is using to ensure its Azure services gain notable customers. Read more here.
  • Galaxy Fold is coming back!
    After a very embarrassing soft launch, Samsung which managed to make it a several devices beyond the Note 7 before another garbage fire is trying its hand at the Galaxy Fold again and will be releasing it sometime in September. It seems like the carriers are a little dubious of the prospect and T-Mobile has already opted out of carrying it. Read more here.

darkened facebook logo

GAFA Gaffes [Facebook Edition!!]

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Facebook gets five:
    [Facebook settles with FTC: $5 billion and new privacy guarantees]
  2. FTC isn’t quite done with Facebook:
    [Facebook says it’s under antitrust investigation by the FTC]
  3. Facebook dismissed CA warnings:
    [Facebook ignored staff warnings about sketchy Cambridge Analytica in September 2015]
  4. Facebook left kids vulnerable:
    [Facebook fails to keep Messenger Kids safety promise]

Extra Crunch

Our premium subscription service had another week of interesting deep dives. This week, my colleague Danny spoke with some top VCs about why fintech startups have been raising massive amounts of cash and he seemed to walk away with some interesting impressions.

“…The biggest challenge that has faced fintech companies for years — really, the industry’s consistent Achilles’ heel — is the cost of acquiring a customer. Financial customer relationships are incredibly valuable, and the cost of acquiring a user for any product is among the most expensive in every major channel.

And those costs are going up…”

Here are some of our other top reads for premium subscribers.

We’re excited to announce The Station, a new gpgmail newsletter all about mobility. Each week, in addition to curating the biggest transportation news, Kirsten Korosec will provide analysis, original reporting and insider tips. Sign up here to get The Station in your inbox beginning in August.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something