Leaked Document Shows How Big Companies Buy Credit Card Data On Millions of Americans
An anonymous reader quotes a report from Motherboard:
Yodlee, the largest financial data broker in the U.S., sells data pulled from the bank and credit card transactions of tens of millions of Americans to investment and research firms, detailing where and when people shopped and how much they spent. The company claims that the data is anonymous, but a confidential Yodlee document obtained by Motherboard indicates individual users could be unmasked. The findings come as multiple Senators have urged the Federal Trade Commission (FTC) to investigate Envestnet, which owns Yodlee, for selling Americans' transaction information without their knowledge or consent, potentially violating the law.
The Yodlee document describes in detail what type of data its clients gain access to, how the company manages that data across its infrastructure, and the specific measures Yodlee takes to try and anonymize its dataset. The transaction data itself comes from banks, credit card companies, and apps that Yodlee works with, including Bank of America, Citigroup, and HSBC, according to previous reporting from The Wall Street Journal. According to the 2019 document Motherboard obtained, the data includes a unique identifier given to the bank or credit card holder who made the purchase; the amount spent for the transaction; the date of the sale; the city, state, and zip code of the business the person bought from, and other pieces of metadata. Once logged into Yodlee's server, clients download the data as a large text file, rather than interacting with the data in a dashboard or interface that stays solely within Yodlee's control, according to the document. Yodlee does remove personal identifiable information (PII), such as names, email addresses, account numbers, SSNs, and phone numbers, but it "does not remove spatio-temporal traces of people that can be used to connect back the data to them," says Vivek Singh, assistant professor at Rutgers University. As Motherboard notes, "spatio-temporal traces are the various pieces of metadata that the document shows are included with the transaction -- the date, the merchant, the physical location of the sale, and more."
"If an attacker can get hold of the spatio-temporal coordinates for just three to four randomly picked transactions in the dataset, then the attacker can unmask the person with a very high probability. With this unmasking, the attacker would have access to all the other transactions made by that individual," Singh said.
Google Users In UK To Lose EU Data Protection: Reuters
Sources told Reuters that Google is
planning to move its British users' accounts out of the control of European Union privacy regulators, placing them under U.S. jurisdiction instead. From the report:
The shift, prompted by Britain's exit from the EU, will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement. The change was described to Reuters by three people familiar with its plans. Google intends to require its British users to acknowledge new terms of service including the new jurisdiction.
Ireland, where Google and other U.S. tech companies have their European headquarters, is staying in the EU, which has one of the world's most aggressive data protection rules, the General Data Protection Regulation. Google has decided to move its British users out of Irish jurisdiction because it is unclear whether Britain will follow GDPR or adopt other rules that could affect the handling of user data, the people said. If British Google users have their data kept in Ireland, it would be more difficult for British authorities to recover it in criminal investigations.
Coinbase Becomes a Visa Principal Member To Double Down On Debit Card
Coinbase has become the
only cryptocurrency company with a Visa Principal Member certification. TechCrunch reports:
Cryptocurrency company Coinbase has been working with Paysafe to issue the Coinbase Card, a Visa debit card that works with your Coinbase account balance. The company is now a Visa Principal Member, which should help Coinbase rely less on Paysafe and control a bigger chunk of the card payment stack.
The company will offer the Coinbase Card in more markets in the future. The new status could open up more possibilities and features as well. While Coinbase originally launched the Coinbase Card in the U.K., it is now available in 29 European countries. It works with any Visa-compatible payment terminal and ATM. Users can decide in the app which wallet they want to use for upcoming transactions. This way, you can spend money in 10 cryptocurrencies. There are some conversion fees just like on Coinbase. In addition to those fees, there can be some additional fees if you withdraw a lot of money or make a purchase abroad.
IRS Sues Facebook For $9 Billion, Says Company Offshored Profits To Ireland
An anonymous reader quotes a report from Fox Business:
Facebook is slated to begin a tax trial in a San Francisco court on Tuesday, as the Internal Revenue Service tries to convince a judge the world's largest social media company owes more than $9 billion linked to its decision to shift profits to Ireland. The trial, which Facebook expects will take three to four weeks, could see top executives including hardware chief Andrew Bosworth and Chief Technology Officer Mike Schroepfer called to testify, according to a document the company filed in January. The witness list also includes Naomi Gleit and Javier Olivan, veterans of Facebook's aggressive growth team, and Chief Revenue Officer David Fischer.
The IRS argues that Facebook understated the value of the intellectual property it sold to an Irish subsidiary in 2010 while building out global operations, a move common among U.S. multinationals. Ireland has lower corporate tax rates than the United States, so the move reduced the company's tax bill. Under the arrangement, Facebook's subsidiaries pay royalties to the U.S.-based parent for access to its trademark, users and platform technologies. From 2010 to 2016, Facebook Ireland paid Facebook U.S. more than $14 billion in royalties and cost-sharing payments, according to the court filing. The company said the low valuation reflected the risks associated with Facebook's international expansion, which took place in 2010 before its IPO and the development of its most lucrative digital advertising products.
Microsoft Has a Subdomain Hijacking Problem
A security researcher has pointed out that Microsoft has a problem in managing its thousands of subdomains,
many of which can be hijacked and used for attacks against users, its employees, or for showing spammy content. From a report:
The issue has been brought up this week by Michel Gaschet, a security researcher and a developer for NIC.gp. In an interview with ZDNet, Gaschet said that during the past three years, he's been reporting subdomains with misconfigured DNS records to Microsoft, but the company has either ignored those reports or silently secured some subdomains, but not all. Gaschet says he reported 21 msn.com subdomains that were vulnerable to hijacks to Microsoft in 2017, and then another 142 misconfigured microsoft.com subdomains in 2019. Further, the researcher also privately shared with ZDNet another list of 117 microsoft.com subdomains that he also reported to Microsoft last year.
Larry Tesler, Computer Scientist Who Created Cut, Copy, and Paste, Dies At 74
Larry Tesler, a computer scientist who created the terms "cut," "copy," and "paste,"
has passed away at the age of 74. Gizmodo reports:
Born in 1945 in New York, Tesler went on to study computer science at Stanford University, and after graduation he dabbled in artificial intelligence research (long before it became a deeply concerning tool) and became involved in the anti-war and anti-corporate monopoly movements, with companies like IBM as one of his deserving targets. In 1973 Tesler took a job at the Xerox Palo Alto Research Center (PARC) where he worked until 1980. Xerox PARC is famously known for developing the mouse-driven graphical user interface we now all take for granted, and during his time at the lab Tesler worked with Tim Mott to create a word processor called Gypsy that is best known for coining the terms "cut," "copy," and "paste" when it comes to commands for removing, duplicating, or repositioning chunks of text.
Xerox PARC is also well known for not capitalizing on the groundbreaking research it did in terms of personal computing, so in 1980 Tesler transitioned to Apple Computer where he worked until 1997. Over the years he held countless positions at the company including Vice President of AppleNet (Apple's in-house local area networking system that was eventually canceled), and even served as Apple's Chief Scientist, a position that at one time was held by Steve Wozniak, before eventually leaving the company.
In addition to his contributions to some of Apple's most famous hardware, Tesler was also known for his efforts to make software and user interfaces more accessible. In addition to the now ubiquitous "cut," "copy," and "paste" terminologies, Tesler was also an advocate for an approach to UI design known as modeless computing, which is reflected in his personal website. In essence, it ensures that user actions remain consistent throughout an operating system's various functions and apps. When they've opened a word processor, for instance, users now just automatically assume that hitting any of the alphanumeric keys on their keyboard will result in that character showing up on-screen at the cursor's insertion point. But there was a time when word processors could be switched between multiple modes where typing on the keyboard would either add characters to a document or alternately allow functional commands to be entered.
Google Launches Android 11 Developer Preview 1
An anonymous reader writes:
Google today launched the first Android 11 developer preview, available for download now at developer.android.com. The preview includes a preview SDK for developers with system images for the Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, and the official Android Emulator. While it's the fifth year running that Google has released the first developer preview of the next Android version in Q1, this is the earliest developer preview yet. Android N (later named Android Nougat), Android O (Android Oreo), Android P (Android Pie), and Android Q (Android 10) were all first shown off in the month of March. Last year, Google used the Android Beta Program, which lets you get early Android builds via over-the-air updates on select devices. This year, however, Google is not making the first preview available as a beta (you'll need to manually flash your device). In other words, Android 11 is not ready for early adopters to try, just developers.
Lambda School's Misleading Promises
Lambda School claims 86% of grads get jobs paying over $50,000 a year. In a new report,
Lambda's founder admits the real number is much lower. Additionally, internal documents show Lambda can be profitable if even 1 in 4 grads get a job. Lambda plans to enroll 10,000 students in 2020. From the report:
The point of a coding boot camp, obviously, is to help you get a better job. Lambda's claim, reproduced on its website, that "86% of Lambda School graduates are hired within 6 months and make over $50k a year" is an understandably attractive proposition for students -- and a key pillar of Lambda's marketing. Students I talked to confirmed that the feeling that it was likely that they would be able to land high-paying jobs was a key part of deciding to attend. However, a May 2019 Lambda School investment memo -- entitled "Human Capital: The Last Unoptimized Asset Class" -- written for Y Combinator and obtained by Intelligencer, tells a very different story. In a section warning that student-debt collections may prove too low, it matter-of-factly states that, "We're at roughly 50% placement for cohorts that are 6 months graduated." A recent interviewee for work at Lambda School also confirmed to me that the company's own internal numbers, which the interviewee was provided as part of their interview process, seem to indicate a roughly 50 percent or lower placement rate.
So where does that 86 percent figure come from? Lambda has reported graduate-outcome statistics at the Council on Integrity in Results Reporting (CIRR), a voluntary trade organization of coding boot camps whose purpose is to ensure that participating schools publish truthful information about student outcomes. Lambda School founder Austen Allred has often used this report to defend his company online. But where other boot camps have multiple reports spanning many student cohorts, Lambda has only reported statistics for its first 71 graduates -- 86 percent of who, the school claims, found jobs. Sheree Speakman, the CEO of CIRR, told me that Lambda has not undergone the standard independent auditing for the sole report it has submitted, and that her communications to Lambda School regarding further reporting and auditing have gone unanswered. Lambda's former director of career readiness, Sabrina Baez, told me that placing Lambda's first batch of students was extremely difficult, largely owing to how underdeveloped the curriculum was at the time. When asked about Lambda's claim that 86 percent of its first graduates were placed within six months, she told me, "I would say out of that 71 students, within six months of them graduating it was probably a 50-60 percent placement rate," and added that Allred sometimes exaggerated student-placement progress on Twitter -- recalling, as an example, an instance in which she told Allred that a student might receive an offer soon, only to find out later that he had tweeted that the student had already received an offer.
The High Cost of a Free Coding Bootcamp.
Indian Police Open Case Against Hundreds in Kashmir For Using VPN
Local authorities in India-controlled Kashmir have
opened a case against hundreds of people who used virtual private networks (VPNs) to circumvent a social media ban in the disputed Himalayan region in a move that has been denounced by human rights and privacy activists. From a report:
Tahir Ashraf, who heads the police cyber division in Srinagar, said on Tuesday that the authority had identified and was probing hundreds of suspected users who he alleged misused social media to promote "unlawful activities and secessionist ideology." On Monday, the police said they had also seized "a lot of incriminating material" under the Unlawful Activities Prevention Act (UAPA), the nation's principal counter-terrorism law. Those found guilty could be jailed up to seven years. "Taking a serious note of misuse of social media, there have been continuous reports of misuse of social media sites by the miscreants to propagate the secessionist ideology and to promote unlawful activities," the region's police said in a statement. The move comes weeks after the Indian government restored access to several hundred websites, including some shopping websites such as Amazon India and Flipkart and select news outlets in the disputed region. Facebook, Twitter and other social media services remain blocked, and mobile data speeds remain capped at 2G speeds.
Mozilla's Standalone Firefox VPN is Now Available in Beta
Mozilla has a new virtual private network service and if you have a Chromebook, a Windows 10 computer or an Android device in the US,
you can start using a beta version now. From a report:
Called Firefox Private Network, the new service is designed to function as a full-device VPN and give better protection when surfing the web or when using public Wi-Fi networks. The company offers two options: a free browser-extension version, which it launched in beta last year, that provides 12 one-hour VPN passes when using the Firefox browser and a Firefox account; and a second, $4.99-a-month option that provides a more complete VPN service across your whole device. The new paid option, which runs off of servers provided by Swedish open-source VPN company Mullvad, can protect up to five devices with one account. It allows for faster browsing and streaming, and gives you the ability to tap into servers located in "30-plus countries" for masking your location data.
Donald Trump 'Offered Julian Assange a Pardon if He Denied Russia Link To Hack'
Donald Trump offered Julian Assange a pardon if
he would say Russia was not involved in leaking Democratic party emails, a court in London has been told. From a report:
The extraordinary claim was made at Westminster magistrates court before the opening next week of Assange's legal battle to block attempts to extradite him to the US. Assange's barrister, Edward Fitzgerald QC, referred to evidence alleging that the former US Republican congressman Dana Rohrabacher had been to see Assange, now 48, while he was still in the Ecuadorian embassy in August 2017. A statement from Assange's lawyer Jennifer Robinson shows "Mr Rohrabacher going to see Mr Assange and saying, on instructions from the president, he was offering a pardon or some other way out, if Mr Assange ... said Russia had nothing to do with the DNC leaks," Fitzgerald told Westminster magistrates court.
A series of emails that were highly embarrassing for the Democrats and Hillary Clinton's presidential campaign were hacked before being published by WikiLeaks in 2016. District Judge Vanessa Baraitser, who is hearing the case at Westminster, said the evidence is admissible. Assange is wanted in America to face 18 charges, including conspiring to commit computer intrusion, over the publication of US cables a decade ago. He could face up to 175 years in jail if found guilty. He is accused of working with the former US army intelligence analyst Chelsea Manning to leak hundreds of thousands of classified documents.
Intel and QuTech Unveil Horse Ridge Cryogenic Control Chip For Quantum Computing
At the International Solid State Circuits Conference, which runs through this week in San Francisco, Intel and QuTech -- a partnership between Delft University of Technology and TNO (Netherlands Organization for Applied Scientific Research) -- are unveiling the
technical designs for a first-of-its-kind cryogenic control chip for quantum computing, which they call Horse Ridge. From a report:
Intel Labs and QuTech researchers outlined the technical features of the new cryogenic quantum control chip in a research paper. They designed the scalable system-on-chip (SOC) to operate at cryogenic temperatures, simplifying the control electronics and interconnects required to elegantly scale and operate large quantum computing systems. Horse Ridge addresses fundamental challenges in building a quantum system powerful enough to demonstrate quantum practicality -- scalability, flexibility, and fidelity.
The challenge of quantum computing is that right now, it only really works at near-freezing temperatures. Intel is trying to change that, but the control chip is a step toward enabling control at very low temperatures, as it eliminates hundreds of wires going into a refrigerated case that houses the quantum computer. Currently, quantum researchers are working with just a small number of qubits, or quantum bits, using smaller, custom-designed systems surrounded by complex control and interconnect mechanisms. Intel's Horse Ridge greatly minimizes this complexity.
Can You Solve the 'Hanging Cable' Problem, Used as an Amazon Interview Question?
An anonymous reader
shares a problem that Amazon asks in its interviews:
A cable of 80 meters is hanging from the top of two poles that are both 50 meters off the ground. What is the distance between the two poles (to one decimal point) if the center cable is (a) 20 meters off the ground and (b) 10 meters off the ground?
Microsoft's Office App That Replaces Word, Excel, and PowerPoint Hits General Availability
Microsoft today launched Office for Android and iOS in general availability. The unified app means you
no longer need to download, install, and switch between the individual Word, Excel, and PowerPoint apps. From a report:
The company today also announced new features coming to the app this spring: Word Dictation, Excel Cards View, and Outline to PowerPoint. You can use Office for free, and if you sign in with a Microsoft Account or connect a third-party storage service you can access and store documents in the cloud. Microsoft has over 200 million monthly active Office 365 business users and over 37 million Office 365 consumer subscribers. When the company launched the new Office mobile app as a public preview in November, "tens of thousands of people" rushed to try it. Microsoft has found that most users and businesses want to use the Office app as a hub or starting point for all their document work.
Malaysian Firm Offers AI-Based Profiling of Chinese Visitors for Virus
Malaysia's MYEG Services said on Wednesday it had
developed a coronavirus risk-profiling system for visitors from China and was offering the artificial intelligence-based service to the governments of Malaysia and the Philippines. From a report:
Malaysia has imposed a temporary ban on visitors from Chinese provinces placed on lockdown by the China's government, in a bid to stem the spread of the virus. Malaysia has reported 22 infections, and the Philippines has reported three confirmed cases including one death. MYEG Services Bhd said its system creates a health-risk profile using a person's historical geolocation information and other parameters. MYEG has partnered with Beijing-based travel agency Phoenix Travel Worldwide for the project. The fully-automated system analyses a "vast number of available data points, including visitors' previous known whereabouts as well as heart rate and blood pressure readings crossed-referenced against public transportation ridership and exposure to locations with incidences of infections," MYEG said in a statement to the stock exchange.