Have Gmail? You Also Have Google Purchase Tracking.
News

Good Monday morning. It’s May 20th. Memorial Day is next Monday. The next issue of Spotlight will be in two weeks on Monday, June 3rd. 

Today’s Spotlight takes about 3 minutes to read.

1. News to Know Now

  • Breaking news on Sunday that Google has cut ties with Huawei according to Reuters. That means existing Huawei devices lose access to updates of Google applications and new devices cannot use officially licensed versions of Android. The move was reportedly made after the Trump administration added Huawei to a technology blacklist.
     
  • Intuit continues reeling from the fallout over claims that it redirected taxpayers earning less than $66,000 a year away from the free service it partners with the IRS to provide. At least one class-action lawsuit has been filed.
     
  • Google, Facebook, and Twitter have signed on to The Christchurch Call to Action. Nine countries have also adopted the document, although the United States is not one. You can read more about the initiative designed to curtail extreme online posting at The New Zealand Herald.

2.  Big Security Issues Looming

Microsoft released a patch for Windows XP last week. But wait, I can hear you thinking. Microsoft stopped supporting XP back in 2014. It’s 18 years old! And yes, you’re correct, which should suggest how bad an unpatched system can get hammered by this ransomware virus. If you don’t have IT specialists, get some. If you simply can’t, make sure that any systems that are running old legacy software aren’t also running Windows XP or Windows 7. If they are, you need to patch them. Windows 8.x and 10.x are not affected. Crazy stat of the day: 1.5% of PCs still run Windows XP according to StatCounter. Others suggest more. That’s millions of computers, folks. 

Google’s Titan physical security key also was found to have an exploitable flaw. The problem stems from its connection to a system via Bluetooth instead of being inserted into a USB port. Google says that someone within 30 feet of the security key can communicate with the key itself or the device that it’s protecting. That limits attacks to close physical proximity but still. Google is replacing the keys for free. If you bought one, head to this replacement page.

Google’s more surprising news was that any receipts emailed to your Gmail-based account have been used to create a page on your Google account that lists all of the details for everything you’ve bought online.

I spent some time last week reviewing seven years of my purchases and twelve years of travel information–everything from pizza toppings and the time the pie was ordered to my family’s groceries, our clothing (complete with colors and sizes) to over-the-counter medicines and books about health conditions or other things that I normally wouldn’t want gathered in one place. This was all courtesy of Google purchase tracking–a program that creates a page based on data extracted from any receipt that arrives via Gmail. Conservatively, there are around 400 orders with several thousand items.

Click this link to view your purchase history tied to your Google account.

The data even populates if you forward multiple emails into one big email account. The only time that I found it didn’t populate is if an order was placed on my work email, which is commercial-grade Gmail and probably blocked from overtly gathering that data.

The only way to delete the information is to delete the receipts in your email. Then you can go to your account preferences (click here) and under “Private Results” select the option that reads “Do not use private results”. Even if you delete the data from your account, you must understand that you likely won’t remove Google’s access to that data which is undoubtedly stored on their systems.

Before you do all that, have a look at Google using your private search data with these search query commands. Simply log into Google’s main search page at Google.com, make sure you’re signed in to your account, and type one of these commands.

  • my packages
  • my reservations
  • my events
  • my flights
  • my photos
  • oh yes, and my bills

3. Also In the Spotlight

  • Amazon started selling tiny homes–little $7K sheds with a bedroom (no bath) and outside area for your backyard. Then they sold out.  (Real Deal Real Estate News)
     
  • Quora, the annoying question-and-answer bazaar, is closing a $60 million round that values the company at $2 billion, and I just can’t anymore. (Vox)
     
  • MailChimp finally unveiled their integrated marketing platform that includes a lot of what has been offered piecemeal: landing pages, Facebook advertising, postcards, etc. Existing customer pricing stays intact (thanks!). Their revenue projection is $700 million from 11 million active customers. (TechCrunch)

4. Protip: Google Sheets New Features

Google Sheets, their Suites spreadsheet entrant, has two nifty new functions:  remove duplicates and trim white space.  Both put Sheets’ usability back into rough parity with Excel. 

Find them in the menu bar under “Data” and just below the always-helpful “Split Text into Columns”.

5. Great Data

Netflix data viz engineer Susie Lu has updated the humble grocery store receipt.  Fast Company covered how she used a mix of bar graphs and bubbles to create better visualizations of what you spent $213 on after running in to the store for bread and two cans of dog food. 

You know this is hardcore when you read, “… the printer could not draw horizontal lines, which meant she had to use various visual tricks at the pixel level to create her bar charts, along with the tiny icons of bread, dairy, and meat that she designed, too.” 

Check the tale of the tape here.

6. Coffee Break

That’s a picture of Sean Tighe, Bernie Waldron, and John Devanney from Bellyhaunis in County Mayo. They were in Times Square recently and asked a lass to take a picture for them. “We’ll find it someday,” they told her.

And so they did after she posted this image on Twitter. Read CNN’s fun story on how it took Irish Twitter all of an hour to identify the men and link them with the person who did a good deed in taking their picture.

California Cracks Down, France Wants Tax Revenue – Spotlight #285
News

Good Monday morning. It’s March 11th. The Youth Climate Strike is this Friday. Expect tens of thousands of young adults and children marching to call attention to climate change.  Read their platform.

 

News You Need To Know Now

 

  • Senator Elizabeth Warren is now the most prominent politician to call for breaking up Big Tech companies, including Facebook, Google, and Amazon, after a policy announcement Friday.

 

  • The California Consumer Privacy Act may be getting even tougher. State leaders have introduced an amendment to include protections for biometric and passport data. The bill takes effect January 1.

 

  • France takes another turn at revenue generation via tech with a bill that will tax 3% of revenue created by the 30 largest companies that do not sell products online. This includes Facebook and Google.

 

  • Mark Zuckerberg’s announcement that Facebook would change to temporary, private messages was met with resounding yawns in the digital marketing industry. No one we’ve spoken with knows how or when such an initiative would take place. Our take is that things could change tomorrow and not dissuade Senator Warren or the French government.

 

Hidden Nest Surprise


Rumors about your devices listening to you may not be as far-fetched as you think. Google now admits that its Nest Secure home security device includes a microphone that wasn’t previously disclosed.

Google says that the plan had always been to enable Nest Secure to work with voice commands via Google Assistant. They just didn’t disclose that future plan and built the mic in. My thermostat says that’s pretty standard.

iPhone apps also had a nasty surprise for users, who learned last month that their screens were being recorded without their knowledge.  Apple demanded that app developers remove or disclose the functionality or be removed from the App Store.

Facebook’s security teams got a lot of attention this week for their cool-sounding executive security work that includes rumors of a “panic chute” to get Mark Zuckerberg out of the building in an emergency, but the company’s use of a Be On the Lookout (BOLO) list of security threats worries some privacy advocates. CNBC reporting tells of a global list that can include people who simply send an irate email with threats or expletives to Facebook.

The people on that list can be tracked if Facebook is on their mobile device OR if they are using an app that reports data to Facebook. We told you about those apps–some of the world’s biggest–weeks ago.

  • There are undoubtedly credible threats to the only organization we know with nearly 3 billion accounts. But the ability to create a quasi-law enforcement agency with undisclosed surveillance capabilities is something that lawmakers will have to wrestle with in the coming months.

Also In The Spotlight

 

Worth your time this week:

  • “Verified Licenses” on Yelp are a new paid service, writes local expert Greg Sterling at Search Engine Land. They’re available for state-issued licenses in Arizona, California, Florida, Georgia, New York, Texas, and Washington.
    • Google announced local changes that highlight budget options on its map display.  That’s just in time for spring vacations. Read the announcement.

 

  • Which TeleTubby are you? Facebook filed suit against two Ukrainian men who created quizzes that injected malware on user computers. The quizzes went by the names “SuperTest” and “Megatest” although not the one I’m most familiar with: Stop Sending Me This Garbage, Uncle Ralph!
    • Bottom line: if you take a quiz or survey and need to allow the system to access your Facebook account, your most recent info is almost certainly harvested.

 

  • Another 150 Facebook accounts were deleted last week for “coordinated inauthentic behavior” coming from Romania and the UK. That follows a suit Facebook announced that it  filed the previous week against companies “selling fake accounts, likes, and followers“.
    • But if you remember that a committee in the UK’s Parliament has a trove of Facebook documents, you’ll be interested in learning that Facebook “promised politicians investments and incentives while seeking to pressure them into lobbying on Facebook’s behalf against data privacy legislation.”
Artificial Intelligence Concerns Tech Execs
News

Good Monday morning. It’s February 25th. Meteorological spring begins Friday.

Thank you, George Mason University’s Marketing 491 class and Professor Shaun Dakin, for allowing me to talk with them Thursday at the Fairfax campus. I always learn a lot from these sessions, and last week was no exception. Here’s an overview of what we discussed.

Today’s Spotlight takes about 5 minutes to read.

News to Know Now

 

  • The Open AI initiative announced it would not release its recent text generator project because “it looked pretty darn real.”  We unpack the important story below.

 

  • Facebook is in new hot water over apps that report user health information to the company. It’s a day that’s name ends with the letter “y” – you expected good Facebook news?

 

  • Those Amazon Scout delivery robots being tested near Seattle have some cousins in college. George Mason University now has a fleet of 25 delivery robots bringing food including pizza, doughnuts, and coffee to people on campus. DoorDash has also tested the Starship Tech robots. The rollout video from the Mason launch is below.

 

 

Artificial Intelligence News

 

An algorithm’s writing reached a level that caused scientists to block its release. The text generator was reviewed by journalists including reporters from Axios and Wired. Fake political stories quoting real people and even fake Amazon reviews were well within the program’s grasp.

An excerpt from a story Axios had the AI write,

China uses new and innovative methods to enable its advanced military technology to proliferate around the world, particularly to countries with which we have strategic partnerships,” the Pentagon said in its five-page strategy outline last week.The new U.S. strategy will be a major component of the White House’s first National Security Strategy, coming in two parts in September.”    (Axios, Wired)

Visual disinformation, often called “deep fakes”, are also making news after software engineer Philip Wang created a website called This Person Does Not Exist. The site creates an entirely new image of a person from an algorithm every time a browser refreshes the screen. The very real image is of a person that never existed. Wang said that he created the site to show people how A.I. has advanced and its possibilities in today’s world. (Inverse)

CAPTCHAs are the small programs websites use to separate human visitors from automated traffic. You’ve seen them before–click this box to prove you’re a human or maybe select the parts of a picture showing a street sign. But machine learning and artificial intelligence is solving each new type of puzzle faster than before. “Machine learning is now about as good as humans at basic text, image, and voice recognition tasks,” said scientist Jason Polakis. (The Verge)

 

Tech Privacy News

 

“What’s the big deal if consumer tech has privacy problems?” a GMU student asked me. “They’ll just use the info to market more appropriate things to me.”

And he’s right.

But as Professor Dakin and I explained, there are many abuses from redlining based on race or gender to employment and other discrimination. NATO researchers have another take.

They used publicly available data against the participants in a military exercise in an Allied country. Their goals were to get service personnel to leave position, not fulfill their duty, or other actions. They took three to four weeks of prep time, used only information that the public could retrieve, and quickly identified the individual soldiers involved. Then they lured soldiers into fake social media groups and conversations, gained the exact locations of battalions as well as dates and troop movement information.

One conclusion: “The privacy features and settings…cannot be trusted not to leak information.”  Our takeaway: people adept at pretexting and Internet research are not limited to NATO. Your organization can be targeted. Read the Stratcom report.

This wasn’t Facebook’s fault but the British government would like you to know that the company “intentionally and knowingly violated both data privacy and anti-competition laws” in their country. We’ve been telling you for months about the legal clashes between EU countries and Facebook, especially the United Kingdom and Germany. The report from Parliament is harsh and could have ramifications beyond that country’s nearly 40 million users. The U.S. government is also reportedly in talks with Facebook regarding a multi-billion dollar fine for the company’s data privacy practices.

Data privacy’s big news this week centered around an explosive WSJ expose that cites medical and other private data being sent to Facebook from mobile apps. The Journal has been following this story for months. This latest expose is going to spell trouble for the social media company for decades. WSJ and privacy researchers found:

  • Instant Heart Rate sends a user’s heart rate information to Facebook
  • Flo Period & Ovulation Tracker sends dates of a woman’s period or if she’s trying to get pregnant
  • Realtor.com sends locations and prices of homes users review
  • Better Me Weight Loss Workouts sends height and weight information.
  • Lose It also sent height and weight information along with exercise information, including sexual  activity that the user entered.
  • Glucose Buddy sent blood pressure information and meal detail from food tracking.
  • Trulia sends zip code and some neighborhood information about homes users check.
Here is the most important part about these apps: they were downloaded from Google’s Play Store and Apple’s iOS App Store. They were not Facebook apps, but Facebook had reached seemingly legal data agreements with them to purchase information. And in some cases, the user didn’t have a Facebook account.When apps specify that they are going to share user information only with its trusted partners, those partners are often trusted as the result of writing a check.

The original WSJ article is here but requires a subscription. A free CNBC article is here.

Also in the Spotlight

Worth your time this week:

  • Advertisers are leaving YouTube again over “soft core” child exploitation and porn videos and comments left on them. The company has been deleting users (including commenters) and videos. AT&T and Walt Disney are among the companies that are boycotting the company.
  • Pinterest has filed for an IPO according to multiple reports, but as a direct listing. That means much less fanfare. Slow, steady Pinterest is winning praise for solid growth and banning anti-vaccination and other health-related disinformation.
  • 40% of LinkedIn users check the site daily according to Search Engine Journal. The site now has 610 million members.