Good Monday morning. It’s August 27th. Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey will appear before the Senate Select Committee on Intelligence one week from Wednesday. Google is still negotiating with the SSCI after Senator Richard Burr rejected Google SVP Kent Walker as a witness. The move comes after all three platforms announced that they had found evidence of disinformation campaigns in the upcoming midterm elections by Russian, Iranian, and other foreign entities.

Today’s Spotlight takes about 4 minutes to read.

Highlights

• • There was lots of commentary about net neutrality after Verizon shut data access to firefighters in California. The company is in a no-win situation and quickly ensured that first responders in Hawaii were not subject to data caps as they deal with catastrophic flooding.

• • Security and privacy is also making big news at Facebook and government offices.

• • The Australian government is banning Huawei from working on its 5G network. The U.S. government continues to warn consumer about Huawei and ZTE equipment and Kaspersky antivirus protection.

Questions or comments as you read this week’s Spotlight? 
Click the green button below & write George.

Stormy Times for Security & Privacy

The week was marked by a flurry of announcements related to consumer privacy and security. The biggest announcements came from Facebook. The company announced that it was suspending more than 400 applications. The reasons for the suspensions were only given as concerns about the people who created them or the information that they shared.

One app, called myPersonality, was banned for refusing to comply with a Facebook audit and because Facebook says “it is clear that they shared information with researchers as well as companies with only limited protections in place.” As many as four million people worldwide shared information with the app.

Facebook seems to be working hard on third party acquisition and use of consumer data. We know that the company is eliminating more than 5,000 targeting methods for advertisers because we continue to receive multiple messages about those changes. You may have even heard about this on the news.

What you probably don’t know yet is that Facebook is not disclosing what targeting methods are being discontinued unless you are an advertiser currently using one of them. We’ve seen correspondence from Facebook ad reps who say that they don’t have a list of the categories to share. And they seem frustrated by that as well.

Remember that advertisers can be adept at approximating behaviors they are targeting. Someone who posts about Passover, for example, is significantly more likely to be Jewish. Someone who posts about multiple Jewish, Christian, or other holidays is likely to be a member of the religion or culture that celebrates those holidays. Remember that these also help you ensure that see ads that are at least somewhat relevant to you. And yes, they can be used by advertisers to break discrimination and other regulations and laws.

One of the steps Facebook is taking in its quest to rid the site of disinformation is assigning a secret rating of each user’s trustworthiness according to a Washington Post report. There are few details about the program, which is said to monitor whether someone often shares information from non-credible sources.

This will potentially limit the exposure of that one person we all know who is a source for those “Bill Gates is giving everyone in America $500” stories (He’s not)

Other Privacy News

Password is not a good word to use as your password. Neither is 123456.

What about combining then?

A security audit by the Western Australian Auditor General examined about a quarter-million passwords and found 26% of Australian government accounts had weak passwords.

The combo Password123 we described above was found on 1,464 active government accounts. Other favorites were Project10 and October2017. There were even 47 accounts using variants of good ole’ qwerty.

Of the weak passwords, 21% had variants of a date or season name and another 11% used a variant of 123. Pro tip: Using the string 321 instead of 123 doesn’t even secure your password from your kid.

You can read the report in PDF here. The bottom line is that hackers don’t want your password fo find your credit card or other personal info. If you’re a target because you work in a government office, they want access to the network using your password. And you don’t want your name on their attack.

If you’re a target because you are known to do sensitive work, there is little you can personally do beyond following the security protocols you’re given. Even those aren’t enough. Researchers last week presented findings that show ultrasonic sounds generated by your computer monitor can be used to determine what’s on your screen even when the screen isn’t visible or if you’re on a video call.

An amazing quote from the story in Wired, “One day I happened to be browsing a particularly boring legal agreement with many lines of proverbial small print,” [security researcher Eran] Tromer says. “It was too small, so I zoomed in, and then I realized that something in the ambient noise in the room changed. So I zoomed back out and the sound changed back. After awhile I realized that something about the periodicity of the image was affecting the periodicity of the signal.”

Spotlighted

Add Target to the list of retailers coming for Amazon. The chain announced last week that same-day delivery is now available at 1,100 stores and drive-up pickups are available at another 1,000.

We told you several months ago about a new service called NewsGuard. A free Google Chrome browser extension is their first consumer product. The company will show a red or green symbol for thousands of different information sites regarding their trustworthiness. You can download the extension at Google’s Chrome Web Store.

We’re off next week for Labor Day. Spotlight returns Monday, September 10th. Have a wonderful holiday weekend, and keep writing. Your comments and feedback make this a great experience.