Tag Archive for Google

| October 1, 2010
2 comments

Banks & Bosses Use Social Media to Assess Risk

Updated 10-22-10 – GigaOm has a post about Rapleaf here.

If you’re among the 67% of the global online population which Nielsen Online says uses social media networks to stay in touch with friends, grow their business, or just have fun then your information is for sale to banks, insurance companies, employers, and the government. Some banks are turning to social media analytics firms to enhance their credit-check procedures.

Banks are now looking at an applicant’s social media profile, behavior, and associations on sites like Facebook (FB), Twitter, and MySpace according to a recent article on the banking industry site CreditCards.com. The banker’s theory is that people run with folks who share their values and behavior. If your Facebook friends are deadbeats, the banks theorize you are a deadbeat also. These assumptions may make it harder to get a credit card or mortgage, according to CreditCards.com.

Many banks are now outsourcing their social network data mining operations to firms such as Rapleaf. Rapleaf, is a San Francisco, CA-based company that specializes in social media monitoring. According to CreditCard.com, Rapleaf compiles everything you and your network do – including status updates, “tweets,” joining online clubs, linking a Web site or posting a comment on a blog or news Web site. These firms turn the conversations into consumer profiles called social graphs. Social graphs give companies insight into behavior patterns: what you like and dislike, want and don’t want, do well and do poorly.

Banks & Bosses Use Social Media to Assess RiskIn the article, Rapleaf characterizes its social network data mining operations as “a unique way to improve customer experience by whitelisting customers based on their social circles and friend relationships.”  Since the firm uses data to “whitelist” people, it may also very easily be used to “blacklist” people and deny them a credit card or a job. “Who you hang around with has empirical implications with how you behave,” Joel Jewitt, Rapleaf’s vice president of business development told FastCompany.

“It’s a marketing trend as opposed to a credit score trend,” says Jewitt.  Despite his assurances, Rapleaf’s Web site suggests that clients “use friend networks to enhance … credit scoring” according to FastCompany. Jesse Torres, president, and CEO of Pan American Bank in Los Angeles told CreditCards.com that online information aggregators fill a need within the banking community. “They’re able to scour the social media universe. They are constantly listening and reporting back.”

The bankers are protecting their bottom line, “credit card companies have been stung very hard during this downturn, and they’re going to work that much harder to avoid extending credit…,” Ken Clark, author of The Complete Idiot’s Guide to Boosting Your Financial IQ told CreditCards.com. Rob Garcia, senior director of product strategy at The Lending Club, a peer-to-peer lender, says his firm uses multiple sources of “social information collateral” for its decision-making processes “It’s a wealth of information about a person,” says Garcia.

Not everyone in the industry is data mining social networks. “It’s difficult to make a judgment about an individual’s credit based on the people around them,” says Gregory Meyer, community relations manager for Meriwest Credit Union in San José, CA.  Meriwest only assesses credit reports and application data to make lending decisions. “[Social media] is a great way to keep up with what my 10-year-old nephew is up to, but it doesn’t have a place in the credit process.”

What you divulge can have an unintended impact. “We’ve seen this with applicants not getting jobs and employees getting fired for their Facebook and Twitter-based escapades,” financial personality Clark told CreditCards.com, “so we shouldn’t imagine this to be any different.” There are steps to take to guard your privacy. “I think it is crucial that everyone visit the privacy notices for the sites they use, read them, and change their settings to limit who can see their information,” says Clark. “For example, on Facebook, you can change your privacy settings so that only your acknowledged friends can see the majority of your information.” You can also enable “private filtering” on your browser. Do so and your activity will be entirely out of the Web profiling system.

Scott Stevenson, president, and CEO of EliminateIDTheft.com told CreditCards.com people should:

  1. Don’t accept invitations until you check the profile out first.
  2. Be acutely aware of what you write. Don’t make public anything you don’t want public.
  3. Take an annual inventory of all your social networking sites and delete people and information that can potentially damage you in the eyes of a creditor or employer.

Rapleaf offers a service to discover your online footprint and see what others might see on your social graph. Google (GOOG) offers a similar tool, the Google Privacy Dashboard. which presents an overview of the accounts and information you are connected with through Google. Take advantage of tools like these to check your own online reputation. What you don’t know can hurt you. Rapleaf’s Jewitt reminds users that, “The custodian of the information is you.”

rb-

There is nothing illegal about social network data mining banks and firms like Rapleaf do. Facebook and the other social networks are legal commercial enterprises that openly broker user data for exactly these kinds of purposes. People freely put information on Facebook with the full knowledge that it will become permanent parts of the public Internet record. Users need to know about this kind of data mining for two reasons. First, the stakes are high. It’s about getting access to credit that might be necessary for your family or business or even getting your next job.

Second, data mining gives the lenders insights into relationships that are unknown to and often completely out of the control of the applicant. Maybe being a Facebook fan of NASCAR says something in the sum about your socioeconomic status and your creditworthiness or employability, according to some second-order derivative analysis of millions of data records.

The asymmetry in the relationship between data-driven marketers and consumers is structural and permanent. Institutions like banks (and, potentially, insurance companies, employers, and the government) will use it to gain an advantage, because that’s what they do.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , , , , ,
| September 10, 2010
Comments Off on Microsoft Founder Sues GOOG, FB and AAPL

Microsoft Founder Sues GOOG, FB and AAPL

Microsoft Founder Sues GOOG, FB and AAPL– Updated 12-13-10 – Physorg is reporting that a U.S. district judge tossed out the patent infringement lawsuit filed by Interval Licensing owned by Microsoft co-founder Paul Allen. The judge ruled that the suit failed to specify devices or products violating patents at issue in the case. A spokesman for Allen dismissed the ruling as a procedural matter and said that an amended complaint will be filed addressing the judge’s concern.

– Updated – Google responded to the suit by stating in court documents  “Interval’s complaint is so devoid of any facts to support its infringement contentions that it is impossible for Google to reasonably prepare a defense.” According to VON | xchange Apple agreed and called on judges to “insist upon some specificity” before proceeding.

The UK’s Guardian is reporting that eleven major Internet companies including AOL, Apple, eBay, Facebook, Google, Netflix, Office Depot, OfficeMax, Staples, Yahoo, and YouTube are being sued by Interval Licensing. The firm, lead by ex-Microsoft founder Paul Allen is suing for alleged infringement of patents that relate to e-commerce and search. A copy of the complaint is available here (PDF). Notably absent from the list are Microsoft and Amazon.com. Amazon, the Seattle e-commerce giant just moved into a new headquarters campus developed by Allen’s Vulcan Inc. Interval is seeking damages and the end of the infringement. Among the patents being contested are:

  • 6,263,507: “Browser for use in navigating a body of information, with particular  application to browsing information represented by audio data.”
  • 6,034,652 & 6,788,314 (really the same patent, involving continuations): “Attention manager for occupying the peripheral attention of a person in the vicinity of a display device.”
  • 6,757,682: “Alerting users to items of current interest”
  • TechFlash has a deeper analysis of these patents.

Microsoft founder Paul AllenGoogle and Facebook told the Guardian they will fight the accusations by Interval. “This lawsuit against some of America’s most innovative companies reflects an unfortunate trend of people trying to compete in the courtroom instead of the marketplace,” a Google spokesperson said in an emailed statement to the Guardian. “Innovation – not litigation – is the way to bring to market the kinds of products and services that benefit  millions of people around the world.” Facebook spokesperson Andrew Noyes  said: “We believe this suit is completely without merit and we will fight it vigorously.”

The Guardian reports that these claims have led to accusations by some observers that Allen, who is worth a reported $13.5bn is acting as a “patent troll” – suing active companies via patents obtained by now-defunct or inactive companies which are not actively developing technology.  However, David Postman, an Interval official, defended the lawsuit as necessary to protect its investment in innovation.”We are not asserting patents that other companies have filed, nor are we buying patents originally assigned to someone else,” he told the Guardian. “These are patents developed by and for Interval.” Allen is not a named inventor on any of the patents according to Bloomberg.

Allen co-founded Interval Research in 1992 to develop communications and computer technology. The firm was reportedly designed to be a pure research institute “done right” which would replicate Xerox PARC, but that it would actually commercialize the amazing ideas. At its largest, it employed more than 110 scientists and engineers, and filed patents covering internet search and display innovations, according to the lawsuit. Interval Research officially closed in April 2000 when its 300+ patents were taken over by Interval Licensing.

Apparently, Allen has support from another tech founder. TechDirt reports that Apple co-founder Steve Wozniak comes out in favor of “patent trolls” and patent holders suing companies who actually innovate. Woz told Bloomberg TV that patents somehow help out the small guy (Paul Allen, the 37th-richest person in the world?):

I think this lawsuit represents the idea that hey, patents, individual inventors, they don’t have the funds to go up against big companies. So he’s sorta representing some original investors. And I’m not at all against the idea of patent trolls.

The Bloomberg interviewer points out that Paul Allen is not the inventor and there’s no sign that the inventors on these patents would actually get any of the money should Allen succeed. Woz says that Allen “represents inventors.” According to TechDirt Woz seems uninformed about the patent world today. For example, the interviewer notes that dealing with patents has become a “cost of doing business” and Woz seems to think that’s a good thing:

Every tech company is very aware that patents are really the heart of our innovation and invention system and (a) that you have to have your own patent position and you gotta be aware that there might be others. And, yes, you might be infringing. It’s very awkward, because some patents are so general. It’s hard to say how they’ll be interpreted. There’s a lot of ambiguity in the system.

Apple co-founder Steve WozniakTechDirt notes the irony that in Woz’s autobiography iWoz, he talked about how much of a success Apple was without relying on patents at the beginning.

Patents on software and business processes have become a lightning rod issue for web companies. They claim that patents act as a financial drag on innovation and that the US Patent Office (USPTO) is especially poor at examining patent claims for “prior art” which would disqualify them, or that it awards patents on needlessly wide claims which mean that it is almost impossible for companies to use accepted web technologies without accidentally infringing on them.

One of the most notable was Amazon’s 1997 patent for its “1-Click” shopping system, which was, accepted and then rejected and finally passed by the USPTO in March 2010. Amazon has licensed the technology to Apple, among others. Other infamous software patent abuses include:

  • British Telecom attempted to claim a patent on the hyperlink; its claim collapsed in 2002 on the basis that the patent referred to a “central computer” – which the internet does not have.
  • SCO sued IBM, Red Hat, Novell. AutoZone and DaimlerChrysler for claimed patents rights that would cover significant parts of the free Linux operating system.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , ,
| August 31, 2010
Comments Off on CAPTCHAs Broken

CAPTCHAs Broken

CAPTCHAs BrokenMims Bits on MIT‘s Technology Review reports that researchers at UC San Diego have figured out how spammers use low-cost workers in Russia, Southeast Asia, and China to solve millions of CAPTCHAs in near real-time. A CAPTCHA is that bit of distorted text you have to type back at a webpage when you’re trying to sign up for a new email account or leave a blog comment.

CAPTCHAIn order to prevent spammers from flooding the web with their malware researchers developed CAPTCHAs. CAPTCHAs are designed to be easy for humans to solve but challenging enough for computers to get right that automated systems would not be effective.

In what Mims calls an epic new analysis by the UC San Diego researchers, they uncovered the “seedy underbelly” of a sophisticated, highly automated, worldwide network of services that help spammers get past the CAPTCHAs. The article says that the inventors of CAPTCHA probably didn’t expect thousands of laborers working for less than $50 a month would be recruited by spammers to solve an endless stream of CAPTCHAs. Automated middlemen deliver the  CAPTCHAs to the workers and then sell the results to spammers in real-time so that their spambots can use those solutions to post to blogs and set up fraudulent email accounts according to a paper (PDF) delivered at the USENIX Security 10 Symposium.

The UC San Diego researchers analyzed where the workers involved in this scheme were located and found that they are based in India, Russia, Southeast Asia, and China. The system is so efficient at delivering CAPTCHAs to workers in these remote locales that the average time for delivery of a solution hovers around 20 seconds. ImageToText, one of the CAPTCHA services the researchers experimented with was able to deliver correct results in “a remarkable range of languages,” including Dutch, Korean, Vietnamese, Greek, and Arabic.

Klingon,Even setting the sample CAPTCHAs to Klingon, as a control in their experiment, could not stop ImageToText, according to Technology Review. The workers managed to solve a handful of the Klingon CAPTCHAs despite odds of less than one in one thousand of their randomly getting the right answer.

The results of this landmark study, says Mims, show that a number of sites, including those run by Microsoft (MSFT), AOLGoogle (GOOG), and the widely used reCAPTCHA, are regularly compromised by spammers employing these services. The researchers conclude that their investigation with an anonymous “Mr. E” who actually runs one of these services, proves that for advanced spammers, CAPTCHAs aren’t so much a barrier as a cost of doing business.

DarkReading has a report that independent security researcher Chad Houck recently demonstrated his work on solving Google’s reCAPTCHA. reCAPTCHA was designed to stop software bots attempts to create free accounts on the Google services for their malware ways.  Despite recent enhancements made by Google, DarkReading says Houck came up with algorithms that could beat reCAPTCHA 30 percent of the time.

Google logoA 30% success rate means that automated software using Mr. Houck’s algorithm will be able to create one Google account out of just three attempts. Multiply those odds by the endless attempts by tens of thousands of zombies in a typical botnet, reCAPTCHA is broken.

In the DarkReading article, Houck notes that “[ReCAPTCHA] has never been wholly secure. There are always ways to crack it.” The researcher has since published a white paper on it, and has also released his algorithms online. For now, at least, a Google spokesperson says there has not been any sign of this particular attack being actively used.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| June 25, 2010
One comment

Google Remotely Removes Apps

Google Remotely Removes Apps– Updated 03-19-2011 – After the recent discovery of some 50+ malicious applications on the official Android Marketplace, Google removed the malware as soon as they became aware of their existence. According to Help Net Security, this was four days too late to prevent the tainted applications from being downloaded over 50,000 times.

In response, Google remotely executed its Android kill switch to delete the apps in question. Google is pushing an update to close the software hole.

In an official confirmation of the incident, Rich Cannings, Android Security Lead says that Google will notify the owners of the affected devices after the malicious app(s) are deleted and the update is installed, “You are not required to take any action from there; the update will automatically undo the exploit,” he explained. </update>

Over at the Android Developers Blog, Rich Cannings, Android Security Lead details how Google (NASDAQ: GOOG) can remotely remove applications from an Android phone. The article explains how the Android Security team removed two applications that violated the Android Market Terms of Service.

The Google article says, “...we’ve also developed technologies and processes to remotely remove an installed application from devices.”  The article says that Google chose to remove the applications because they knew better, “ … we decided … to exercise our remote application removal feature…”. Google does try to minimize the impact of this ability in Chrome by stating,  While we hope to not have to use it, we know that we have the capability to take swift action …

I wrote about Google’s and Apple’s control of the OS in 2009. The master marketers at Google have spun this ability to delete any file to be a good thing. However, nowhere in the article does Google state that it will not remove files in an arbitrary fashion like Amazon’s 2009 big brother-like overnight removal of George Orwell’s 1984 and Animal Farm from Kindles.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| April 17, 2010
Comments Off on Google Aims For Driverless Printing

Google Aims For Driverless Printing

Google Aims For Driverless PrintingGoogle (GOOG) is looking to leverage its infrastructure to move printing to the cloud. Development is underway for a new feature in Chromium where Google will communicate directly with printers to generate the output. The Google Cloud Print project is a service that enables any application (web, desktop, or mobile) on any device to print to any printer.

HP 9000 printerGoogle says that it will work with direct (USB or parallel) and network-attached printers using a Google ‘print proxy’. The app would send the document and details of the printer into the Google Cloud Print (or another cloud) service which will then send back a correctly formatted print request to the printer using the PC operating system’s native print stack and sends job status back to the printer.

Google Cloud Print project infographic

rb-

As with most things Google, there is good and bad. The good is that printer management can now be off-loaded. The proposal can decrease the headache of print drivers for grandparents and network admins. Now even hand-held devices can print (think Android, Chrome, tablet, Chrome on a tablet) a document without having to worry about printer drivers or third-party applications.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries   Recent Entries »