Jump to content

Search the Community

Showing results for tags 'facebook'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. Windows TubeMate is a smart application that lets you snag any clip you want from the main video hosting sites and convert them while downloading or after that. If you need a simple and efficient video downloading tool, you can give it a try. Features: Online video downloader TubeMate can download videos from YouTube, Facebook, Instagram, Dailymotion, and thousands of other video sites. HD video downloader TubeMate can download UHD 8K, 5K, 4K, QHD 2K, HD 1080p and 720p videos from YouTube. YouTube to MP3 converter TubeMate allows you to download only audio stream from YouTube, and save it as MP3. You don't need to download the entire video file. Playlist downloader TubeMate enables you to download an entire or part of a playlist with just a few clicks. Download accelerator TubeMate features a multi-thread download acceleration engine that increases your download speeds by up to 500% or even more. Download multiple videos at a time TubeMate supports simultaneous downloads. It allows you to download more than one video at the same time. Pause and resume downloads You can pause and resume your downloads at any time. Support drag-and-drop You may directly drag and drop the video link from your browser to the dropbox or app window to start a download. You don't even need to copy and paste the video URL. Preview video/audio while downloading While downloading, you can click the 'Preview' button to view incomplete files and make sure of the content is you want. Video and audio converter TubeMate can convert your disk video/audio files between MP4, FLV, AVI, WMV, MOV, MP3, AAC, and any other formats for any device. Video optimizer TubeMate automatically optimizes downloaded videos for popular mobile devices, so you can watch downloaded videos smoothly on your iPhone, iPad, Android phone, and other devices. Video to MP3 converter TubeMate allows you to extract audio stream from video and save it as MP3, WAV, AC3, or another audio format. Ready-made presets TubeMate provides ready-made presets for all video and audio formats. You can also customize your own video/audio formats. iTunes compatible Optionally, TubeMate can add downloaded video/music to your iTunes library automatically, so you can easily synchronize your videos and music to your iPhone, iPad, iPod. Media player TubeMate contains an easy-to-use media player for playing files that Windows Media Player cannot play. Technical Details and System Requirements Supported OS: Windows 7/8/10 Processor: Pentium IV or higher RAM: 1 GB RAM (2 GB recommended) Free Hard Disk Space: 1 GB or more screenshot install note 1. Install app (Don't run the app) 2. Copy the crack files to the installation folder Virus Report VirusTotal Download home page https://home.camerabits.com/ Site: https://www.mediafire.com Sharecode [?]: /file/25bcp6hbz4nwbup/TubeMate_Downloader_3.22.10.zip/file File size: 47.26MB
  2. In 2014, with much controversy, Facebook spun out Messenger as its own app. Now 7 years later, the company is reversing that action, in part. In an interview with Bloomberg, the company revealed that they planned to integrate voice and video calling back into Facebook proper, with the aim of “reduce the need to jump back and forth between Facebook’s main app and Messenger.” Interestingly however text chatting will remain in the Messenger app, with Facebook saying “Messenger is seen as a connective tissue for people to be together when apart, regardless of which service they’re choosing to use.” Facebook said it’s “starting to think of Messenger as a service” rather than as an app, with Facebook presumably picking and choosing which bits to implement where. Facebook has already integrated messenger into Instagram DMs, with many thinking the company is weaving their messaging app throughout their services to prevent anti-trust legislators from asking the company to spin it off, much like Microsoft integrated Internet Explorer into Windows. Current plans are to only test the changes with a small number of users in “several countries, including the US.” Do our readers wish Facebook used the same messaging backend for all their apps? Let us know below. via Pocketnow. Facebook is integrating Messenger back into Facebook, but with a twist
  3. A new report published by the Digital Citizens Alliance suggests that pirates sites earn more than a billion dollars in revenue per year, while pirate apps are good for another quarter. Part of the money comes from big brands such as Amazon, Facebook and Google. While Amazon appears to take the problem seriously, the report sees plenty of room for improvement at Google's end. Most pirate sites and apps won’t survive without advertising revenue. This is why the advertising industry is seen as an important partner to combat piracy. Major copyright holder groups hope to convince major players to stay clear from anything piracy-related to drain infringing sites of their income. Several voluntary initiatives have been set up to facilitate this process. This includes the Trustworthy Accountability Group (TAG), an anti-piracy certification program steered by giants including Amazon, Facebook, Google, Facebook, Disney and Warner Bros. Despite the involvement of these major players, the problem persists. A few days ago the Digital Citizens Alliance published the results of a study titled “Breaking (B)ads”, which takes a detailed look at the advertising ecosystem surrounding pirate sites and apps. $1 Billion+ Ad Revenue for Pirate Sites and Apps The overall conclusion is that there’s still plenty of advertising revenue going around in pirate circles. Based on data from 6,194 piracy websites and 884 piracy apps, the research estimates that pirate sites generated over $1.08 billion in ad revenue and apps added more than $259 million. The bulk of the money is made by a small group of pirates. The five most popular sites have an average estimated advertising income of $18.3 million. For apps, this number comes in even higher, at $27.6 million. The accuracy of these types of estimates can be debated, but it’s clear that pirate sites and apps can be very profitable. This income isn’t just coming from shady businesses either, major brands are involved as well. Major Brands Fund Pirates Fortune 500 companies, defined as ‘major brands’ in the research, paid the operators of pirate operators $100 million over the past year. On pirate sites, major brands fund 4% of all ads and for apps this percentage goes up to 24%. Thus far most initiatives have focused on stopping major brands from advertising on pirate sites. That seems to work, but the problem is still prevalent in the app ecosystem. “One in four ads on piracy apps are from well-known companies. This shift to apps comes after a concerted effort over the last eight years by these brands to stop their ads from showing up on illicit websites. The emergence of piracy apps threatens to undermine this progress” Digital Citizens Alliance, which is partly funded by the entertainment industries, commonly uses this type of research to demand tougher anti-piracy action. In the current report, it calls out several companies directly. Amazon, Facebook and Google The findings show that major tech companies such as Amazon, Facebook, and Google make up nearly three-quarters of all Fortune 500 company ads on pirate apps. As such, they are seen as major funders of the piracy ecosystem. “That means these three companies are supporting these piracy operators with potentially tens of millions of dollars in advertising on piracy apps alone,” the report highlights. Interestingly, these three companies are all part of and ‘certified’ by TAG, which strives to prevent just this. The report stresses that, through TAG, Amazon took swift action to reduce ads on pirate sites earlier this year. Google, however, presents a different story. Research Singles Out Google While Amazon and Facebook spend more on ‘pirate’ ads, the research report singles out Google and dedicates a separate section to the company. “Despite having a sophisticated and dedicated program to protect advertisers and block ads to illegal publishers, Google is a significant contributor to the piracy ecosystem,” the research notes. “Google paid pirate operators millions of dollars to place its own ads on their illicit piracy apps. Given the company’s boasts about its analytical prowess and data expertise, it seems far-fetched that Google doesn’t know how it’s spending millions of dollars” In addition to advertising on pirate sites and apps, Google is also called out for its role as an advertising platform. Through its ad platforms, the company facilitates ad placement for third-party brands as well. As shown above, Google’s tech role is particularly dominant on piracy apps, where Google CDN and Google Ad Tech serve more than 50% of all advertisements. Moving Forward This isn’t the first time that the Digital Citizens Alliance has researched the money flow to pirate services. An earlier study concluded that the pirate IPTV market generates a billion dollars a year in the United States alone. These types of studies are meant to provide insight into the scope of the piracy issue. They are regularly cited by copyright holders in legislative discussions, and also help to put pressure on the names companies directly. That pressure is also apparent from the closing lines on the report, which end with a Hobson’s choice. “Ultimately, it’s up to the advertising ecosystem to determine whether it wants to allow Ad Tech companies to serve both the reputable brands and publishers and the pirate operators, or instead to demand the entities choose whether to be exclusively on the legitimate or illegitimate side of the fence. “But after this report, turning a blind eye to the entities that facilitate funneling $1.34 billion to pirates can no longer be an option,” the report concludes. — A copy of the “Breaking (B)ads” report, which was prepared by Digital Citizens Alliance and piracy and advertising specialists White Bullet, is available here (pdf) Amazon, Facebook and Google Paid Millions to Pirates, Study Finds
  4. A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies. FlyTrap campaigns rely on simple social engineering tactics to trick victims into using their Facebook credentials to log into malicious apps that collected data associated with the social media session. Researchers at mobile security company Zimperium detected the new piece of malware and found that the stolen information was accessible to anyone who discovered FlyTrap’s command and control (C2) server. Luring with high-quality apps FlyTrap campaigns have been running since at least March. The threat actor used malicious applications with high-quality design, distributed through Google Play and third-party Android stores. The lure consisted of offers for free coupon codes (for Netflix, Google AdWords) and voting for the favorite soccer team or player, in tune with the delayed UEFA Euro 2020 competition. Getting the promised reward required logging into the app using Facebook credentials, authentication occurring on the legitimate social media domain. Since the malicious apps use the real Facebook single sign-on (SSO) service, they can’t collect users’ credentials. Instead, FlyTrap relies on JavaScript injection to harvest other sensitive data. “Using this technique, the application opens the legit URL inside a WebView configured with the ability to inject JavaScript code and extracts all the necessary information such as cookies, user account details, location, and IP address by injecting malicious JS code” All the information collected this way goes to FlyTrap’s C2 server. More than 10,000 Android users in 144 countries fell victim to this social engineering. The numbers come straight from the command and control server, which the researchers were able to access because the database with the stolen Facebook session cookies was exposed to anyone on the internet. Zimperium’s Aazim Yaswant says in a blog post today that FlyTrap’s C2 server had multiple security vulnerabilities that facilitated access to the stored information. The researcher notes that accounts on social media platforms are a common target for threat actors, who can use them for fraudulent purposes like artificially boosting the popularity of pages, sites, products, misinformation, or a political message. He highlights the fact that phishing pages that steal credentials are not the only way to log into the account of an online service. Logging onto the legitimate domain can also come with risks. “Just like any user manipulation, the high-quality graphics and official-looking login screens are common tactics to have users take action that could reveal sensitive information. In this case, while the user is logging into their official account, the FlyTrap Trojan is hijacking the session information for malicious intent” - Aazim Yaswant, Android malware researcher, Zimperium Despite not using a new technique, FlyTrap managed to hijack a significant number of Facebook accounts. With a few modifications, it could turn into a more dangerous threat for mobile devices, the researcher says. FlyTrap malware hijacks thousands of Facebook accounts
  5. Every other year, Facebook announces that it has changed the settings of its web version and/or applications. This month's change is rolling out to all users of Facebook's mobile application, and its main purpose is to streamline the layout, make things easier to find, but without removing any of the previous settings. Facebook's privacy settings were changed in 2018 the last time. Back then, the company claimed that the new design would make "things easier to find", because settings were now found in a single place. Today's update changes Facebook's setting page significantly. The company reduced the number off categories and decided to rename these to "more closely match people's mental models". Facebook notes its new system takes into account user expectations, so that specific settings are easier to find in the application. The six categories that Facebook's settings page is divided into are Account, Preferences, Audience and Visibility, Permissions, Your Information, and Community Standards and Legal Policies. And Privacy? The privacy settings have been moved to the relevant categories, to meet user expectation, according to Facebook. Facebook's research suggest that "privacy settings can be easier to find when they're presented in short, well-organized menus, and that "grouping settings based on users' mental modes about which privacy topic(s) the settings address can be even more helpful". Our research shows that using more specific and descriptive names makes settings easier to find. That’s why we’ve unbundled the Privacy Settings category and moved the settings previously contained within it into other categories. Finally, to more easily guide you through important privacy and security settings on Facebook, we’ve added another shortcut to Privacy Checkup, right at the top of the Settings landing page. As a user of Facebook's mobile application, you will find location privacy settings under permission, post visibility settings under audience and visibility, and the activity log under your information. Users may also use the search tool to find specific settings, and there is the privacy checkup tool to make some privacy-related changes using the tool. Closing Words Many existing users will have difficulties finding specific settings that they accessed in previous versions of Facebook's mobile apps. Critics might argue that the redesigned settings make it more difficult for users to find and change privacy settings; tighter privacy settings may provide Facebook and third-parties with less data, and that may affect the company's bottom line. Ultimate, users need to go through all the settings one-by-one to make sure that they don't miss an important setting. Facebook scatters privacy settings all over the place on mobile
  6. Facebook advertisers are panicking after iOS cuts off key tracking data Facebook’s ads aren’t as effective after iOS privacy changes, advertisers say. Facebook’s ability to track users and show them certain ads appears to be tanking thanks to Apple’s “ask not to track” feature, according to some advertisers. Apple rolled out the privacy prompt in late April with iOS 14.5. Since then, nearly half of all iOS devices worldwide have at least version 14.5 installed, according to Statcounter, and a vast majority of these devices' users have chosen to deny Facebook and other apps the ability to track them. Nearly three months after the feature's launch, just 17 percent of users worldwide have opted in, according to analytics company Flurry. The changes could have a significant effect on Facebook’s bottom line. Eric Seufert, an analyst who writes Mobile Dev Memo, forecasts that if only 20 percent of users consent to tracking, Facebook’s revenue could drop 7 percent in the first full quarter that the opt-in prompt is active (the forthcoming third quarter). The company warned back in February that the iOS changes would curtail its ability to track users across the Internet. “It’s been pretty devastating for, I would say, the majority of advertisers,” Seufert told Bloomberg. “The big question is: Are we seeing just short-term volatility where we can expect a move back to the mean, or is this a new normal?” Enlarge / The Settings menu for managing tracking on a per-app basis in iOS. Samuel Axon It may be some time before advertisers have an answer to that question. Facebook initially appeared to be taking the low opt-in rate in stride, with media buyers not noticing significant changes. But that has apparently changed in recent weeks, with some buyers reporting that ad effectiveness began dropping this month. Some advertisers, like e-commerce sites, appear to be hit particularly hard. Many retailers run software like Shopify, which shares customer data, including details about purchases that customers make on the site, with Facebook. That allows Facebook to refine its “lookalike” audiences, which advertisers buy access to so they can target other people who may be interested in buying the same thing. One way Facebook could deepen its data pipeline would be to deepen its integration in retailer's online stores, which it appears to be doing with the rollout of Facebook Pay for e-commerce platforms like Shopify. Before the new iOS feature was rolled out, media buyers reported that Facebook could capture as much as 95 percent of sales made on their clients’ sites. Now, many media buyers are reporting that Facebook is capturing only 50 percent of sales. One buyer reports that, with one client, just 3 percent of sales are showing up in Facebook’s ad manager. Other people visit e-commerce sites without purchasing anything, and to close the deal, retailers will “retarget” those users, showing them ads on Facebook for an item they viewed but didn’t buy. Those ads aren’t possible when “ask not to track” is enabled. "We believe that personalized ads and user privacy can coexist, without the collateral damage caused by App Tracking Transparency," a Facebook spokesperson told Ars. "We're also working on our own solutions to help businesses and investing in privacy-enhancing technologies designed to minimize the data we process, while still allowing us to show relevant ads and measure ad effectiveness." As users have asked Facebook not to track them, the company’s feedback loop has broken for a portion of its audience, costing it a key source of data. Though iOS doesn’t run on a majority of mobile devices, it does have a significant footprint in some of the world’s largest advertising markets, including the US. The US market is so important to advertisers that Flurry breaks out the country’s iOS tracking opt-in rate separately. Just 10 percent of US users opt in to tracking, compared with 17 percent worldwide. By opting out at such high rates, US iOS users could have a particularly significant impact on Facebook’s revenue. In the US and Canada last year, the company made five times more advertising revenue per user than its worldwide average. What happens to that number in the third quarter will reveal the extent to which tracking opt-out threatens the company’s earnings. Facebook advertisers are panicking after iOS cuts off key tracking data
  7. Facebook Catches Iranian Spies Catfishing US Military Targets The hackers posed as recruiters, journalists, and hospitality workers to lure their victims. If you're a member of the US military who's gotten friendly Facebook messages from private-sector recruiters for months on end, suggesting a lucrative future in the aerospace or defense contractor industry, Facebook may have some bad news. On Thursday, the social media giant revealed that it has tracked and at least partially disrupted a long-running Iranian hacking campaign that used Facebook accounts to pose as recruiters, reeling in US targets with convincing social engineering schemes before sending them malware-infected files or tricking them into submitting sensitive credentials to phishing sites. Facebook says that the hackers also pretended to work in the hospitality or medical industries, in journalism, or at NGOs or airlines, sometimes engaging their targets for months with profiles across several different social media platforms. And unlike some previous cases of Iranian state-sponsored social media catfishing that have focused on Iran's neighbors, this latest campaign appears to have largely targeted Americans, and to a lesser extent UK and European victims. Facebook says it has removed "fewer than 200" fake profiles from its platforms as a result of the investigation and notified roughly the same number of Facebook users that hackers had targeted them. "Our investigation found that Facebook was a portion of a much broader espionage operation that targeted people with phishing, social engineering, spoofed websites, and malicious domains across multiple social media platforms, email, and collaboration sites," David Agranovich, Facebook's director for threat disruption, said Thursday in a call with press. Facebook has identified the hackers behind the social engineering campaign as the group known as Tortoiseshell, believed to work on behalf of the Iranian government. The group, which has some loose ties and similarities to other better-known Iranian groups known by the names APT34 or Helix Kitten and APT35 or Charming Kitten, first came to light in 2019. At that time, security firm Symantec spotted the hackers breaching Saudi Arabian IT providers in an apparent supply chain attack designed to infect the company's customers with a piece of malware known as Syskit. Facebook has spotted that same malware used in this latest hacking campaign, but with a far broader set of infection techniques and with targets in the US and other Western countries instead of the Middle East. Tortoiseshell also seems to have opted from the start for social engineering over a supply-chain attack, starting its social media catfishing as early as 2018, according to security firm Mandiant. That includes far more than just Facebook, says Mandiant vice president of threat intelligence John Hultquist. "From some of the very earliest operations, they compensate for really simplistic technical approaches with really complex social media schemes, which is an area where Iran is really adept," Hultquist says. In 2019, Cisco's Talos security division spotted Tortoiseshell running a fake veterans' site called Hire Military Heroes, designed to trick victims into installing a desktop app on their PC that contained malware. Craig Williams, a director of Talos’ intelligence group, says that fake site and the larger campaign Facebook has identified both show how military personnel trying to find private-sector jobs pose a ripe target for spies. “The problem we have is that veterans transitioning over to the commercial world is a huge industry,” says Williams. “Bad guys can find people who will make mistakes, who will click on things they shouldn’t, who are attracted to certain propositions.” Facebook warns that the group also spoofed a US Department of Labor site; the company provided a list of the group's fake domains that impersonated news media sites, versions of YouTube and LiveLeak, and many different variations on Trump family and Trump organization–related URLs. Facebook says that it has tied the group's malware samples to a specific Tehran-based IT contractor called Mahak Rayan Afraz, which has previously provided malware to the Iranian Revolutionary Guard Corps, or IRGC—the first tenuous link between the Tortoiseshell group and a government. Symantec noted back in 2019 that the group had also used some software tools also spotted in use by Iran's APT34 hacking group, which has used social media lures across sites like Facebook and LinkedIn for years. Mandiant's Hultquist says it roughly shares some characteristics with the Iranian group known as APT35, too, which is believed to work in the service of the IRGC. APT35's history includes using an American defector, military intelligence defense contractor Monica Witt, to gain information about her former colleagues that could be used to target them with social engineering and phishing campaigns. The threat of Iran-based hacking operations—and particularly, the threat of disruptive cyberattacks from the country—may have appeared to subside as the Biden Administration has reversed course from the Trump administration's confrontational approach. The 2020 assassination of Iranian military leader Qassem Soleimani in particular led to an uptick in Iranian intrusions that many feared were a precursor to retaliatory cyberattacks that never materialized. President Biden has, by contrast, signaled that he hopes to revive the Obama-era deal that suspended Iran's nuclear ambitions and eased tensions with the country—a rapprochement that has been rattled by news that Iranian intelligence agents plotted to kidnap an Iranian-American journalist. But the Facebook campaign shows that Iranian espionage will continue to target the US and its allies, even as the broader political relations improve. "The IRGC are clearly conducting their espionage in the United States," says Mandiant's Hultquist. "They're still up to no good, and they need to be carefully watched." Facebook Catches Iranian Spies Catfishing US Military Targets
  8. Three big questions about Facebook’s new VR ads Lots of people saw this coming, but what will it look like? Yesterday, Facebook took a leap many people have been predicting for years: it started putting ads inside virtual reality. The company launched a limited test of advertisements inside three Oculus Quest apps, saying it would expand the system based on user feedback. The move is a turning point for Oculus, bringing one of Facebook’s most controversial features into a medium that inspires both idealism and alarm. And it raises three big questions about Facebook’s future and immersive computing. The first question is how deeply Facebook will end up linking advertising with hardware sensor data. Even more than smartphones, Oculus Quest headsets are a gold mine of information about you. They capture precise head and hand motion, pictures of your surroundings through tracking cameras, and microphone audio for Facebook’s voice command system. Future headsets will likely include even more intimate features like eye tracking, which would offer incredibly precise metrics on what captures your attention in VR. Right now, Facebook says much of this data either never leaves your headset or is completely segmented from its advertising system, and it says it has “no plans” to do things like target ads based on movement data. But as Facebook moves deeper into virtual and augmented reality, using its hardware’s special features for advertising will become an increasingly attractive prospect. Facebook is reportedly working on a fitness tracker and has discussed building AR glasses that you’ll use to interact with the world. These products are custom-built to produce quantifiable insights about your body and surroundings, and it’s hard to believe Facebook doesn’t have plans to monetize that — even if Facebook Reality Labs head Andrew Bosworth has said the company is “not really focused on business model” questions for experimental hardware. Oculus is Facebook’s first big test case for advertising on its own computing device, and as it expands ads on VR and other hardware, we’ll see how it handles the wealth of new data types it’s collecting. The second question is how ads will affect VR development. Several of the bestselling VR titles right now feel like substantive console or PC games and sell at a similar price. By contrast, it’s not yet clear which app genres work well with an ad-based model. (Blaston, the first game we know includes ads, is a multiplayer dueling game that you play in short competitive bouts.) Whatever those genres are, Facebook just created an incentive to make a lot more of them, since developers get a cut of the revenue involved. It’s easy to imagine dystopian scenarios like a huge library of attention-grabbing but low-quality games and social apps plastered with pop-ups, or the seizure-inducing corporate hellscape from Ready Player One. It doesn’t help that Facebook’s first tests look like flat banner ads from a website or freeware game. That said, Facebook is notoriously picky about what goes into the Quest library and there’s no indication that will change soon. We also don’t know VR advertising’s final form. Facebook says it’s currently exploring “new ad formats that are unique to VR.” It didn’t specify what that looked like, but for one nontraditional ad platform, we could look at Fortnite — a popular virtual world from a studio with an impeccable gaming pedigree, and one of the most effective ad delivery systems in the modern cultural landscape. (A system where players pay to promote the intellectual property of multinational media conglomerates is possibly also dystopian, but in a way most people seem okay with.) Modern consumer VR headsets have been full of ads since practically the beginning, thanks to promotional tie-ins and sponsorships. Yesterday’s news was just the latest iteration of a long-running trend. This iteration, though, has a big Facebook-shaped wrinkle. The Quest ads are served based on data from your Facebook profile, and Facebook’s hyper-personalization is one of its most controversial features — criticized in general as a tool for social division and more specifically for enabling discrimination. Beyond any larger social effects, if you’re sharing a headset with friends and family, it could feel simply invasive to have them see what Facebook thinks you’re into. You can add multiple accounts to a Quest headset, but the feature is experimental and it’s not clear how many users know about it. And that raises the third question: how will Facebook and its critics address general concerns about “Big Tech” in the realm of VR? Should Facebook, for example, ban specific kinds of ads — or methods of ad delivery — from appearing in headsets? And should consumer protection watchdogs look specifically at how ads work inside the Oculus platform, which they’ve largely ignored when scrutinizing Facebook? It wasn’t hard to see these debates coming. Facebook has wanted to own the next computing platform for years, and its vision of computing relies a lot on advertising. Oculus founder Palmer Luckey once promised that Oculus wouldn’t “flash ads at you” inside VR, but he (along with Oculus’ other early executives) left the company years ago. Bosworth said in 2015 that the Oculus experience “should include ads, because life includes ads.” But Facebook says it’s not just barreling ahead with a long-held master plan — instead, it promises it’s looking at feedback as it moves forward with VR advertising. As VR gets closer to Facebook’s core business, Quest users and developers will get to see if the company keeps that promise. Three big questions about Facebook’s new VR ads
  9. Facebook begins tying social media use to ads served inside its VR ecosystem Announcement doubles down on Facebook account requirement for Oculus hardware. Everything we've feared about the Facebookening of Oculus and its virtual reality ecosystem is starting to come true. A Wednesday blog post has confirmed that Oculus, the VR-specific arm of Facebook, is now displaying advertisements in select VR games and apps to their players. As Facebook has since emphasized in emails sent directly to the press, these ads will leverage "first-party info from Facebook to target these ads"—and FB has yet to announce any limitations for what Facebook account data may be leveraged. (Ars Technica was not briefed about this news ahead of the announcement, and we did not get the opportunity to request the comments that other members of the media received.) FB's additional clarifying statements about biometric and use data inside of VR are carefully worded to clarify that the company does examine specific use data as it sees fit, and for now, that data won't apply to its new advertising platform. Facebook says it processes and keeps track of the following data, uploaded by users while connected to any Oculus services: "Weight, height, or gender information that you choose to provide to Oculus Move [a pre-installed fitness suite]" "Movement data" that Facebook uses to "keep you safe from bumping into real-world objects"—in other words, every single way your head and hands move around within VR and relative spatial data about the rooms you play VR within, which researchers have concluded can be used to create a recognizable biometric profile after only minutes of training "The content of your conversations with people on apps like Messenger, Parties, and [Oculus] chats or your [Oculus] voice interactions" For now, Facebook continues to tell users that "data that are processed on the device" are not uploaded to Facebook servers, which include "raw images" from Oculus headset sensors and "images of your hands" in its hand-tracking interface. Meanwhile, if you'd like to know how much of your use data inside of Facebook (and Instagram and other FB-connected services) might be leveraged by its combined advertising network, clear the rest of your day's schedule and dive in. Today's announcement emphasizes that this advertising option is meant to generate "new ways for developers to generate revenue. The thing is, Facebook itself created a revenue blocker for VR game and app creators up until now, since its "app policies" agreement has always forbidden third-party advertising services inside of any products. Now that Facebook can operate the advertising platform and skim revenue off the top, things have changed. How rapidly will the downstream soon run? Facebook itself suggests that advertising is a key element in its VR business going forward: "This is a key part of ensuring we're creating a self-sustaining platform that can support a variety of business models." It also admits that product pricing can vary with advertising in the mix: "It helps us continue to make innovative AR [augmented reality]/VR hardware more accessible to more people." That news is unsurprising to anyone who follows Facebook's quarterly financial results, which revolve largely around its targeted advertising platforms that deftly move from app to app and from service to service. Meanwhile, rival VR hardware manufacturers like HTC have loudly shot back at Facebook's cheap-hardware sales approach. Recently, HTC Vive general manager Dan O'Brien said the following to Ars Technica: When pressed about Oculus as VR's top-selling consumer option, O'Brien was frank: HTC wants to make its VR money from upfront purchase revenue, not from "downstream" opportunities. He described at length the business model of "some brands" subsidizing expensive hardware at a lower MSRP "with the hope of monetizing downstream on shared services" and "maybe using data-mining tactics to understand user behavior and then run a program that also generates downstream income." But also: notice the official mention of augmented reality in Facebook's Wednesday pitch. The most recent Facebook Connect presentation revolved around Oculus research and hardware, included a wide-open pitch hosted by longtime Oculus lead Michael Abrash. He spoke of the company's ambitions for Google Glass-like hardware that people may one day wear in public, full of real-time virtual images embedded in your nearby surroundings and high-level processing of all nearby audio and conversations. While we aren't surprised that Facebook might want its eventual always-on-your-face device to tap into its advertising ecosystem, today's announcement is a clear warning: if such a product should reach the market, it, like the $299 Oculus Quest 2, could very well be priced to move—but at a cost outside of shoppers' dollars and cents. As a reminder, all new Oculus-branded hardware going forward requires a Facebook account to work. Meanwhile, hardware sold before that rules change went into effect will require a ToS agreement beginning January 1, 2023. And the company's combined ToS can penalize users for creating phantom or dummy Facebook accounts for the sole purpose of enabling connected Oculus VR features; by agreeing to that ToS, Facebook can void your account and its related purchases, should they be found in violation of its rules. And as Facebook continues acquiring VR-focused video game developers, particularly the makers of megahit Beat Saber, those fully owned development houses could reasonably become prime targets for Facebook's internal advertising tools. Big companies don't acquire successful, smaller ones for charity, after all. Facebook begins tying social media use to ads served inside its VR ecosystem
  10. Facebook’s Head of Oculus and VR Is Leaving the Company Facebook Hugo Barra, who has served as VP of Facebook Reality Labs for the past four years — overseeing the social giant’s Oculus team and its VR and augmented reality development projects — is exiting his post. Barra announced his departure in a Facebook post Monday, saying May 17 is his last day at the company. He said he plans to “explore the healthcare technology space” in his next venture: “I hope to be able to apply what I’ve learned from working in the consumer tech industry to help solve meaningful problems in the healthcare world.” Barra joined Facebook in 2017 from Chinese mobile phone upstart Xiaomi, where he was VP of global for a little over three years. Before that, Barra was VP of Android product management at Google, where he was one of the most prominent faces of the search giant’s mobile efforts. “When Mark Zuckerberg approached me 5 years ago to come to Facebook to lead the Oculus team and work on virtual reality, I knew I was jumping into an ambitious journey to help build the next computing platform but I couldn’t have imagined just how much this team would get done in just a few years,” Barra wrote. Zuckerberg, in a comment replying to Barra’s post, said, “Thanks for everything you’ve done to help build the next computing platform and the whole ecosystem around it. I’ve learned so much working with you, and I’m excited to see what you build next.” In his farewell Facebook post, Barra called out “what we accomplished together” with Oculus Go, Oculus Quest and Quest 2. Barra added that “I’m equally excited about what’s yet to come, starting this year with the launch of Facebook’s smart glasses in partnership with Ray-Ban, which will begin connecting the dots from today’s VR headsets to tomorrow’s AR glasses.” Recently, Facebook Reality Labs researchers released a first look at its latest prototype: a wrist-based controller that uses a combination of artificial intelligence and input from a wearer’s nervous system to interact with VR and AR environments. Source: Facebook’s Head of Oculus and VR Is Leaving the Company
  11. GDPR regulators are urged to enforce an Europe-wide ban Germany has banned Facebook to collect data on WhatsApp users within the country's borders. According to the Hamburg Data Protection and Freedom of Information Commission (HmbBfDI), the app's new data collection policies, as well as Facebook's aggressive efforts to persuade users to accept, tamper with the GDPR regulations. In a press release, HmbBfDI commissioner Johannes Caspar stated that Facebook has a history of user-privacy abuse, citing the Cambridge Analytica scandal and the recent leak of 500 million records as examples. The commissioner is particularly concerned that WhatsApp's less transparent advertising policies may have a role to play in the German elections coming up in September. Caspar stated that "In view of the nearly 60 million WhatsApp users with a view to the upcoming federal elections in Germany in September 2021, the risk is all the more concrete, as these will arouse desires after influencing the opinion-forming of Facebook's advertisers". WhatsApp’s Terms and Conditions violate GDPR WhatsApp's data collection has been allowed for three months by the HmbBfDI. In the meantime, the European Data Protection Committee (EDPC) was asked to decide the case on a European level. If the EDPC finds that WhatsApp is in violation of the GDPR, a more permanent ban will be implemented on all member states, including Germany, until WhatsApp changes its policies. Facebook has vehemently denied any wrongdoing. According to a spokesperson for Bloomberg, the commission's emergency order is based on a fundamental misunderstanding of WhatsApp's terms and conditions. Despite the ban, Facebook plans to roll out the new rules. Facebook threatened to delete users' accounts if they did not agree to the terms after attempting to downplay its data collection policy. However, following widespread criticism, the social media toned down the threat, opting instead to bombard users with nagging consent popups. If the reminders are ignored, the app will gradually lose key features until it will become useless. Users have until May 15 to accept the updated terms. Source
  12. Mark Zuckerberg on Facebook's VR future: New sensors on Quest Pro, fitness and a metaverse for work Exclusive: Facebook's CEO talks about what the next headset could bring, how fitness plays into the picture, and whether there will be kid accounts for VR anytime soon. Brett Pearce/CNET Five years after Facebook released its very first PC VR headset, and over a year into the pandemic, VR has been getting a closer look in a world where remote work has become standard and virtual life has become normal even without headsets. I met with Mark Zuckerberg in person a year and a half ago to talk about the next steps for VR and the possibilities of augmented reality, just a few months before much of the globe went into coronavirus lockdown mode. Now, as the world is figuring out how to slowly reopen for business, I spoke with Facebook's highest-profile VR advocate again -- this time remotely -- to talk about how his latest VR headset, the Oculus Quest 2, is doing. In a world of remote work where VR headsets still don't fit into the picture too much -- just 5.5 million headsets were estimated to be sold last year -- I wanted to hear what Facebook's CEO thinks will come next. Zuckerberg says that the Oculus Quest's greatest strength against its competition is its convenient wire-free experience, and that bringing the price down from the original $399 to $299 in October was a strategic move, intended to get more people to embrace VR. But Zuckerberg says he wants to upgrade the VR experience even more with the Quest Pro, a device that could include new sensors -- face and eye tracking or maybe even fitness -- in a higher-end self-contained system. The new sensors could add a greater sense of "presence" as part of Facebook's plan for social VR. It could also come at a higher price, as Zuckerberg says, "there's some ability for it to be a little more expensive." But the overall goal for Facebook right now, Zuckerberg told me, is to widen adoption so the world's largest social media network can create more social opportunities for engaging in a virtual world. And he's willing to lose money to win over people. "We're not approaching this from the perspective of, how do we charge people as much money as possible and make profit on the devices?" Zuckerberg said in our 30-minute conversation. "What we saw was virtual reality is really about this sense of presence and therefore, it's about social connection, more than it's about whatever the technology is." For Zuckerberg, this isn't about resolution or processor speed. It's about creating an immersive world to fall into. "We want to get as many people as possible to be able to experience virtual reality and be able to jump into the metaverse and … to have these social experiences within that," he adds. "That's really where our bread and butter as a company is in terms of building those experiences. That's also what our business is." Facebook is getting closer to launching this world in the form of a large-scale social metaverse called Facebook Horizon that, with creative tools and user-created worlds, looks reminiscent of apps like AltspaceVR, Rec Room, and maybe even Fortnite, Roblox and Minecraft. Zuckerberg calls Horizon a "very big priority" for Facebook, something that will "play a big role toward helping to build out this broader metaverse that will go across all of virtual and augmented reality." It's an approach that feels similar to Microsoft's. Zuckerberg plans for Facebook's employees, who will be able to work remotely in our new postpandemic, hybrid workplaces, to start testing Horizon. He says it's an important "dogfooding" step for developing the platform more as it nears public launch sometime in the as-yet-to-be-determined future. Tellingly, we didn't speak over VR or even over Zoom video, instead opting for a Zoom audio call. Zuckerberg says he doesn't find Zoom meetings memorable or compelling. "I find that when I'm on a bunch of video calls, they all kind of blend together and I have a hard time remembering exactly which call something was said on or it's just kind of harder to place it because there's no real sense of space," he notes. And though he admits that videoconferencing has its positives today -- including higher video quality than you get in VR right now -- he's also confident that people will see the benefits of VR. "There are a lot of advantages to the presence that you get in virtual reality compared to the other modes of communication that we have. If we're already there with the fidelity of experiences that are possible today, to me that just says, wow, in five years this is going to be clearly better on almost all of these fronts for a lot of the things that we do." That VR future, however, still isn't designed for kids, despite a growing number of children I know using the Oculus Quest at home. Zuckerberg doesn't see a kid mode for Oculus VR being in the works anytime soon, either, but admits a large interest in VR for education overall. Facebook is also working on more advanced AR glasses with wrist-worn neural interfaces, but that may still be many years away. Before that, an Oculus Quest Pro could bring more advanced sensors into Facebook's VR ecosystem first. We also talked about the possibilities for what a step-up Oculus Quest Pro could bring next and what VR apps Zuckerberg spends time with at home. Below is our conversation, lightly edited for clarity. Mark Zuckerberg using the Oculus Quest 2, Facebook's latest VR headset. Facebook It's been five years since the Oculus Rift came out. Where do you see VR and AR tech for you now versus what it was even in 2019? Are things significantly changed? Or are there things that you wish were here but still aren't? It's an incredibly exciting time for this. It's pretty amazing to see how a lot of the aspects of the original vision, and what we hoped would play out here, are starting to fall into place. You know, it's still a long-term journey. There's still a ton that needs to get done over the next five-plus years to really deliver all the experiences that we want. But there are a lot of awesome pieces that are coming into place. And I'm excited to get a chance to talk about those today. At the same time, you're right that with the pandemic and more people shifting toward being more remote more of the time, that's just put even more importance on building technologies that give us a sense of presence, and that help us feel like we're together and really get to connect naturally, whether that's socially or professionally or for entertainment and playing games. That's always been the promise of virtual and augmented reality. Unlike every other computing platform and type of screen that we've had to date, these platforms give you a sense of presence, like you're right there with another person or in another place. That's pretty magical. Every other communication tool that we've built up to this point is trying to approximate that, but virtual and augmented reality are the first ones that really deliver that sense of presence. And I know that is going to be increasingly important as the world, I imagine, will stay more remote as we come out of the pandemic. You mentioned presence, and I think a lot about social [uses]. At the same time, I talk to some people and they don't have any VR headsets. Other people I know are starting to actually buy them. I was curious where you see that right now. You don't specifically mention sales numbers, but you've mentioned sales coming along, but not necessarily being as big as the Nintendo Switch. Do you think VR has achieved that social level you wanted? We're in the second generation of Quest now, and what I can say is that Quest 2 is doing quite well. It's meaningfully outperforming even what we'd hoped for it. So that's great. The Quest was where we really cracked the form factor and got it to be a wireless device that can do high-quality experiences. When you're talking about virtual reality, in the sense of presence, there really is something that's incredibly important about it being wireless. If you [have a] wire that's wrapped around your neck or draped over your shoulder and it's touching you, it really just breaks the whole illusion and sense of presence. It's a big step forward in terms of quality of the experience, and it requires a lot of innovation to achieve that. What we've seen is that a lot of the other folks in the space haven't been able to deliver that wireless experience yet, and I think that will likely continue to hold back some of those products. But we had the first-generation Quest, we improved on it with Quest 2. That's going quite well. So what I look at is the trajectory of how these things are going, how is the next version after that going to go, and the next version after that. We have really exciting products in the road map for down the line that I just think are going to be really awesome. But you know, Quest 2 has been an inflection point for the adoption around this. You mentioned some of the road map. And recently I heard a chat mentioning the existence of a Quest Pro. Is that something that would be for business? Or do you imagine there being possibly different levels of interest at different tiers for what the Oculus Quest could be? This is certainly something that we're working on. Basically, having a higher-end virtual reality experience. Traditionally, if you wanted to get a virtual reality device that had more power, the thing that you did was you wired [it] into a PC or some other computer, that's one way to do it. But I think the trade-off on requiring the wire is too great in terms of the experience ... what you trade off on immersion and being able to walk around -- even if you're sitting at a desk and doing productivity work. I don't think you want that wire basically breaking the sense of presence. So even for Quest 2, we focused a lot on AirLink, which we just released. It's the ability to now stream games from your PC, so you can take advantage of the power of the PC and still have a wireless experience, which is really important. But there are other aspects that make virtual reality a higher-end experience as well, including putting more power in it in terms of different types of sensors and capabilities on the device. We do want to be able to support a wider range of use cases. I mean, it's one of the things that's been quite exciting with Quest 2 -- seeing it broadened out. It's still primarily gaming. But we're starting to see the top few apps are social apps where people hang out together. We're starting to see an increase in apps for creative production or productivity or people getting together to work. One of the things I've been pretty excited to see is this growth of fitness apps. So you see apps like FitXR and Supernatural, which are basically subscription services where you can take different classes doing boxing or dancing or different things. It's almost like Peloton. It's just kind of as easy to jump into, and you're paying a subscription. Now you can do your workouts that way. From my perspective, it's filling out the initial vision and hope that we had for VR about how there are going to be all these different use cases. It's amazing for gaming, but it's not only for gaming. Part of the question is if you were focused on building a higher-end device that could really max out further on some of those other use cases, in addition to doing the gaming pieces, there are some interesting questions about how you design. Now it's not coming out anytime soon, but that's certainly something that we're excited about and having different products that basically can serve different use cases really well. Mark Zuckerberg at Facebook's Redmond, Washington research lab in 2017, looking at prototype hardware. Facebook You mentioned fitness: It's an area I definitely want to talk to you about because I've been using my [Quest 2] more for that. I see that it's being positioned for that. I saw an ad in the New York Times talking about it as a fitness device, and I believe Facebook as a company is allowing expensing of it as a health and wellness device. Do you use it for fitness yourself? I use all these different apps. I love Beat Saber. That's one of my favorite things on Quest. I've certainly enjoyed FitXR as well. And I'm a big runner. So we don't quite have that in VR yet. I am also a surfer and a foiler. I really want us to get a good experience where you can basically do the pumping part in VR, but we don't quite have that yet. But I think in all these things, doing Beat Saber or FitXR or Supernatural, they're real workouts. If I'm in Beat Saber, especially if I'm competing with one of my friends for half an hour or an hour, you definitely work up a sweat. You get tired by the end of that. So it's pretty active. And I think it's pretty clear why people really like it. Do you set up a space in your home that's a dedicated VR zone where you do these things, and is there any time of day where you might do workouts with this? One of the things about Quest, and it being wireless and stand-alone, is it is really portable, to be able to do it anywhere. So I have [it] in our living room and in our basement. To be honest, sometimes I'll kind of go down there and there's sort of bigger open spaces. But I'll even just do it in our bedroom, where I probably have a more traditional, not particularly huge space to do it, but definitely enough. But again, I think this gets down to the form factor question. At the time we were getting into the experience, you had to be tethered to a desk or tethered to the same room as where your gaming PC was. [That] was just a bit more limiting for people and getting it to be more free-flowing is a very big advance in terms of letting people try it on in different places, making it easier to jump in. That's a big part of what we're seeing here, and why we're so dedicated to wireless as the form factor. All the things that we're going to focus on, including the future Quest Pro work that we're thinking about, that's just going to be a killer part of it. You also asked about routines. I have this one group of a bunch of my friends on a Messenger group thread. And it's like our metaverse thread. Every weekend or so, someone pings the thread and is like, 'Hey, do you want to play Onward?' Or, 'Do you want to play Population: One? Or do you want to play Arizona Sunshine?' Those are a bunch of my favorite multiplayer games. That's probably the closest thing that I have to a real ritual around this -- kind of getting together with friends and going to do this. Over the last year, especially during the pandemic, when I couldn't see a lot of these people in person, it was just really a neat thing to be able to do. [It] really drove home for me the value of being able to have those kinds of social and gaming experiences together. I'm sort of getting into the same when you mentioned fitness. You mentioned sensors... it raises the question for me, do you think that there's a chance of these fitness apps working more with watches and trackers? I know you're working on wrist tech for neural inputs and AR. Does that open doorways for VR? And are you looking at more of a wellness direction for what fitness can do? These are all really interesting questions. We are certainly working on the neural interfaces part and the wrist interface around that. Our hope is that eventually that works across virtual and augmented reality, and will be valuable across all these things. Getting back to your question around Quest Pro, there are a lot of sensors that would add different senses to the overall experience. We've talked a bit about things like eye tracking and face tracking, and you're talking now about things like different health sensors, whether that's heart rate monitoring or the different other kinds of fitness sensors that you might have on a fitness watch. The basic thing that these all have in common is that each of them takes additional compute power to power the thing. And the whole device needs to be tuned for that. So if you want to basically have a device over time that is just capable of all these things and is running an increasing number of sensors, you need to kind of get to higher- and higher-end devices. And then the question for us is going to be, well, how do we innovate on what that's going to look like and be able to deliver something that's a high-end product? And then also, how do we get it to be something that is really affordable for a very wide number of people, because our mission as a company is really to help connect everyone, right? Our approach to VR, is, rather than building a device and trying to sell it at a premium and make a bunch of money on the device, what we want to do is build a great experience and make it so that as many people as possible can experience this and can be part of this metaverse. And at the end of the day, we build experiences that are part of that and that will be the long-term business that we do. So I think the innovation on the sensor side, the compute side, to make sure that we can build devices that power these both at the high end, and devices that can be broadly available to everyone, that's a big part of what we're focused on over the next five years. It sounds like affordability is a big part of that too, when you mentioned not climbing too high in price. Already the Quest 2 is reduced in price (from $399 to $299 today) and it's gotten to a point where it's game console-level, which is not something that other companies have been able to hit yet. That's right. I mean, getting to $299 on Quest 2 was a really big deal. That's something we wanted to get to, the team worked really hard on that. I'm really proud of them. They did a lot of really hard work to be able to achieve that. And we wanted to see how that would affect accessibility for it. That's been pretty good in terms of the results that we've seen there. But as you mentioned, at this point, even game consoles are more expensive than that. So I think there's some ability for it to be a little more expensive. But our bottom line on this is: We're not approaching this from the perspective of, how do we charge people as much money as possible and make profit on the devices? We want to get as many people as possible to be able to experience virtual reality and be able to jump into the metaverse and then be able to have these social experiences within that. Then that's really where where our bread and butter as a company is in terms of building those experiences. That's also what our business is. Speaking of social, you just launched a revamped version of social avatars. [Facebook] Horizon, which seems like Facebook's metaverse, keeps approaching. Have you been spending time inside [Horizon]? I've had two demos in Horizon over the past couple of years. But I was curious if you're spending time in there and whether that might be heading toward a launch? Yeah, this is a big project for us because there needs to be a social fabric that goes across all of the different layers of virtual reality. That's what we hope to do with Horizon. So part of it is we're building this environment where individual creators can create worlds and you can hang out with your friends. Part of it is, we're building out this avatar system that is going to get increasingly expressive on the one hand, and then if you want, also increasingly realistic. Although I think not everyone wants to be exactly realistic all the time, so you want to kind of offer both expressive and realistic. There are all these different services in this. But basically, that's a big part of what we want to do around Horizon. And it also spans not just social use cases, it's not just gaming. I think it's also going to be work and collaboration and productivity, and that's a big thing that we focused on. There are some interesting experiences in virtual reality now. I have to say, one of the things that I've been excited about as we start thinking about what the policies are going to be around how employees start returning to the offices, and after the pandemic clears up, one of the things that I hope is that, going forward at Facebook, in addition to doing videoconferences and stuff like that, I want to basically have our culture be that a lot of our employees are holding meetings in VR, in something like Horizon. So that way, every employee of the company is kind of contributing to giving feedback, helping to tune and make those experiences better and better so that they can serve all these different use cases. In the beginning, when we got started working on virtual reality, what we saw was virtual reality is really about this sense of presence, and therefore, it's about social connection more than it's about whatever the technology is. I would expect that as these things get built out more, whether it's just use cases for hanging out and chatting, or playing different things together, or working together and collaborating, I would bet that those will be a lot of the biggest uses of this over the long term. We're very focused on just giving creators and developers the tools to build that with Horizon. It's a very big priority for us. We're not building it as just a single app or experience. We're building it out as more of a platform that will enable people to build a lot of these different things over time. That's why we're building it methodically, and step by step. Maybe it's taken a little longer than we would have thought to kind of have its first major, completely open release. But it's a very important part of what we're doing and the whole vision here. And I think it will play a big role toward helping to build out this broader metaverse that will go across all of virtual and augmented reality. Do you see Horizon as a chance to rethink what the idea of what social media is for Facebook? Or do you also see ... there are more Facebook elements coming into VR. Do you see that continuing? It's an interesting question. I certainly think that this is going to rethink what our perception of social experiences are. You asked about social media specifically, but I think social media is one category of social experiences, right? I don't know if you'd consider, for example, WhatsApp to be social media in the same sense that you would say that Facebook or Twitter or YouTube are. And so, similarly, I think that what you're going to see with the metaverse and people interacting in virtual and augmented reality is it's probably at least as different if not more from all these 2D-type interfaces, even though there will be some similarities. It is sort of an environment, an opportunity to kind of imagine what these social experiences can be in a completely different environment. This is a lot of what gets me really excited about this, is that I literally remember when I was a kid, in middle school, sitting in my math class, basically sketching in my notebook every day. I just kind of dreamed, while the teacher was going on and lecturing about something, about what I wanted to go home and build and code that night. And the tools didn't exist yet to do this, but the ultimate thing that I really hoped to do one day was build out this kind of 3D immersive world where people can build different things. I feel like now that's starting to become possible with all this technology. And I think that's super exciting. So now, we're literally able to start building and imagining some of these experiences that are like the holy grail of social experiences, because you're going to be able to -- with AR glasses in the future, when we're having this conversation -- you'll be a hologram sitting on my couch next to me, rather than doing this over video or doing this over audio. Or in virtual reality, we can go into the same space. In a lot of ways meetings in VR today, or kind of hanging out, already feel more present and realistic than being on videoconference with someone because of the spatial audio. If someone's to your right, you hear it coming from the right, you have a shared sense of the space, which you don't when you're on, say, a Zoom call for example, where everyone's grid is a little bit different and all your meetings kind of look the same. I do think the social experiences here are going to be different, but pretty awesome. And I think getting a chance to build that from the ground up, not within sort of a box or platform that's defined by other companies, who have their own sense of what a computer or a phone or something are, but really getting to design that whole experience from first principles around how people should be able to be present and connected with each other, is a lot of the most exciting work that we're doing. I think about that excitement -- you bring up dreaming this as a kid, and we talked about using VR in the here and now, and what it's becoming for people. I see a lot of people -- I wanted to bring this up because my nephew wanted me to ask this too -- I know a lot of people who are getting an Oculus Quest, and their kids are playing games in it. And it's interesting, because I know there's no Facebook account setup for under 13. Parents are doing stuff with them with it. But also I wonder how you feel about that, and if you see more of a role for it with kids or a kid mode. My 13-year-old nephew was asking me to ask you about if you're going to be adding more things like that. Or a kid's version of the headset at some point? It's a good question. And I imagine that is part of the full vision over time, we'll have to address that more. But as you know, in order to use this, you sign in with your Facebook account. That way you can have all your friends there and have the kind of social experience that we're trying to build. But you can't have a Facebook account if you're under 13. So I think it's probably quite a ways off that we'd really build something like this. And there are also some pretty fundamental physical challenges with it. The device is designed for people who have a certain IPD (interpupillary distance) range, how far apart your eyes [are]. And different things like the weighting of the device are designed for people who have a certain amount of neck strength, for example. So not small kids, but at least people in their teens and adults. Those are things that I think will have to be overcome before you design even just hardware that I think really makes sense for younger kids to be wearing for an extended period of time. But it is certainly interesting. I think over the long term, education is certainly going to be one of the really promising verticals here. We already see and I hear these stories all the time in higher ed. There was actually an experiment that was run, comparing heart surgeons with training in 3D, so that they can see the heart and see some of the things that they were doing, compared to people who had just been in lectures and experienced it in a more theoretical way. And my understanding is that the people who had the VR training generally performed better, which intuitively makes a lot of sense. So giving people the ability to do things hands-on and to experience them I think is going to beat being lectured to or just reading a book a lot of times in the future. There are opportunities to build those kinds of educational experiences. Not just for the youngest kids, but even today, teens can use this, and people who are doing higher education can do this. There are even opportunities to do this in ways that are not traditionally what you'd think about as education. One view on communication technology is that they're basically technologies around sharing a perspective. Some people describe books that way. Basically, books are a technology for sharing a perspective and trying to internalize someone else's perspective. And there's certainly film, and other things try to do that well. But in a lot of ways, I think virtual reality is the ultimate, because it literally lets you embody someone and walk in their shoes, and experience some of what they're actually seeing and feeling around them. So I think that's going to be pretty powerful for not just school-type learning, but culture and sharing each other's experiences, and getting more empathy for what other people are experiencing around the world as well. My kids are 12 and 8, and your kids are much younger. I don't use VR that much with them at all. But I was curious if you ever thought of a moment when you might use VR with your kids? I haven't done that yet. Max is five now, and she sees me doing it and thinks that looks like I'm having a lot of fun. She has certainly asked if she can jump in. I told her when she's older. But it's an interesting question on all this stuff. The only other thing that I'd add, on top of all the challenges that we've talked about so far, is that part of the work that we do with younger kids -- we work on Messenger Kids, for example, making it an experience that parents can really control -- we do a lot to consult with experts to make sure that we're doing this in a good way. I don't think this is ever going to be something that we here at Facebook just decide, here's how it should be for younger kids and therefore we're going to go do it. This will be something that -- this is not the top priority or near priority anytime soon, there's a lot of other challenges that I think we need to solve to help expand virtual reality and help more people experience this -- but I do think you're highlighting what I think, you know, in kind of a 10- to 20-year future, I think people are going to want to use this in this way. I think we'll approach that by being more open with the community of educators and experts, and really taking their lead on what the right way is to approach this. When you mention work in VR and aiming to get Facebook employees to work in VR, is that happening now? Do you find that you're doing certain types of work in VR or are you setting up a sort of a routine for that with people right now? Over the next several months, some more people are going to start going back into the offices, especially as vaccines ramp up. We're trying to figure out what the new rhythm is going to be. That's part of what I'm trying to figure out, exactly, how that's going to all fit together. But for example, you can conceivably have a meeting that's hosted in virtual reality, where some people who aren't in virtual reality can videoconference in and be a part of the meeting, just like if you were in a physical meeting; you can have a screen, and people could be on that screen. I think being able to make it so as many people who are not together can feel like they're present -- and I think virtual reality can be a big part of that -- that to me seems like a good direction for us to go in. And then given that this is such a big focus for our company, I really believe in dogfooding your own products. Which is I guess our technical term for eating your own dog food, which is basically saying if you're in the middle of building out a product, what the best practice is is to use your product all the time. If we want to get better and better, then I do think we will be well served by having a lot of people inside the company, and outside, use it. Some of the meetings that I've had in virtual reality so far are... it's pretty good. It's interesting and it's different from video chat calls. Just to start off and be fair on some of the places where it's not as good right now are, obviously if you're on a video call, you can get a little higher resolution on the person's face. We don't quite have perfectly realistic avatars yet in VR in the way that we do if you're on a Zoom call, for example. But there's technology that we're working on that will hopefully get there over the coming years. But then I think that there are all these things that are actually quite a lot better about meeting or being present in VR than even Zoom calls today. I mentioned this before, but a lot of how we as people process, even remember things, is through a shared sense of space. So if you're sitting in a room with someone, if you're on on my right, and we're sitting on a couch, we have a shared memory where it's like, all right, I remember that you were kind of sitting next to me, you're on my right on the couch, and if you're on my right, that means I'm on your left, so we kind of have a shared sense of what's going on in the space, and all of our different memories -- my visual memories of thinking of turning to my right and seeing you, my audio memory as I'm hearing the audio coming from the right -- that stuff all ends up being pretty important in terms of imprinting memories, and feeling like this is a real experience where you're present in a space together. And you don't get that on video calls today. I find that when I'm on a bunch of video calls, they all kind of blend together and I have a hard time remembering exactly which call something was said on, or it's just kind of harder to place it because there's no real sense of space. There's certainly no shared sense of space. If you're saying something and it's not coming from my right or my left, and if you're kind of in the upper right-hand corner on my Zoom screen, that doesn't mean that I'm in any particular place on yours -- there's no shared sense of that at all. Even though the avatars aren't quite fully defined yet -- although we did just roll out a new avatar system, which is pretty good, and is certainly a big step in this direction -- even without that piece kind of fully being in its final state yet, I still think there are a lot of advantages to the presence that you get in virtual reality compared to the other modes of communication that we have. If we're already there with the fidelity of experiences that are possible today, to me that just says, wow, in five years this is going to be clearly better on almost all of these fronts for a lot of the things that we do. Source: Mark Zuckerberg on Facebook's VR future: New sensors on Quest Pro, fitness and a metaverse for work
  13. Facebook Acquires ‘Onward’ Developer Downpour Interactive in Fourth VR Studio Acquisition Facebook today announced its fourth VR studio acquisition. This time it’s Downpour Interactive, the studio behind the popular VR shooter Onward which has been continuously developed since its Early Access launch on PC back in 2016. More recently the game launched on Oculus Quest where it has become one of the headset’s most popular titles. Facebook announced the acquisition today on the Oculus blog, saying that it is “eager to support Dante [CEO] and Downpour Interactive in growing Onward as one of the foremost multiplayer VR games […].” The company also promises that “Onward will continue to be supported on all its current platforms,” including Steam. The company says that the entire Downpour Interactive team will join Facebook “in some capacity,” and that the team has “exciting plans for future Onward updates and future projects.” Downpour Interactive had been working with Coatsink as a publisher, though it isn’t clear if the company was involved in the deal; the terms of the acquisition were not announced. Downpour Interactive CEO Dante Buckley shared a message about the acquisition on the official Onward website: Today is a very exciting day for Onward and the Downpour team, we are joining Oculus Studios at Facebook! I remember when I wrote the first line of code for Onward and walked around “Cargo,” one of the first maps in game. Putting on a VR headset and building this dream game was a magical experience every day. From those early days to now, Onward and Downpour have grown and made huge strides in the VR industry. I can’t thank my team enough for their hard work and dedication, as well our passionate and dedicated player community. With us joining Oculus Studios at Facebook, we can now realize Onward’s full vision with tremendous support and resources. This means a better game for all our players on all platforms. There are no changes in hierarchy or in vision, everyone at Downpour is still working hard to deliver you the best game possible. Thank you all for your continued support, and stay tuned for future updates and content. Today’s acquisition marks the fourth VR studio that Facebook has bought, seemingly in an effort to have greater control over the destiny of killer VR apps and the talent behind them. Facebook has also acquired Beat Games (Beat Saber), Sanzaru Games (Asgard’s Wrath and others), Ready at Dawn (Lone Echo and others), and now Downpour Interactive, all within the last year and a half. While Facebook and Downpour Interactive have promised to continue to support Onward on Oculus and non-Oculus platforms alike, it seems likely that future titles from the studio will be exclusive to Oculus. Source: https://www.roadtovr.com/facebook-acquires-downpour-interactive-onward/
  14. A New Facebook Bug Exposes Millions of Email Addresses A recently discovered vulnerability discloses user email addresses even when they’re set to private. PHOTOGRAPH: MIRAGEC/GETTY IMAGES STILL SMARTING FROM last month's dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a massive scale, links Facebook accounts with their associated email addresses, even when users choose settings to keep them from being public. A video circulating on Tuesday showed a researcher demonstrating a tool named Facebook Email Search v1.0, which he said could link Facebook accounts to as many as 5 million email addresses per day. The researcher—who said he went public after Facebook said it didn't think the weakness he found was "important" enough to be fixed—fed the tool a list of 65,000 email addresses and watched what happened next. "As you can see from the output log here, I'm getting a significant amount of results from them," the researcher said as the video showed the tool crunching the address list. "I've spent maybe $10 to buy 200-odd Facebook accounts. And within three minutes, I have managed to do this for 6,000 [email] accounts." Ars obtained the video on condition the video not be shared. A full audio transcript appears at the end of this post. In a statement, Facebook said: "It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings." A Facebook representative didn't respond to a question asking if the company told the researcher it didn't consider the vulnerability important enough to warrant a fix. The representative said Facebook engineers believe they have mitigated the leak by disabling the technique shown in the video. The researcher, whom Ars agreed not to identify, said that Facebook Email Search exploited a front-end vulnerability that he reported to Facebook recently but that "they [Facebook] do not consider to be important enough to be patched." Earlier this year, Facebook had a similar vulnerability that was ultimately fixed. "This is essentially the exact same vulnerability," the researcher says. "And for some reason, despite me demonstrating this to Facebook and making them aware of it, they have told me directly that they will not be taking action against it." Facebook has been under fire not just for providing the means for these massive collections of data, but also for actively promoting the idea that they pose minimal risk to Facebook users. An email that the company inadvertently sent to a reporter at the Dutch publication DataNews instructed public relations people to "frame this as a broad industry issue and normalize the fact that this activity happens regularly." Facebook has also made the distinction between scraping and hacks or breaches. It's not clear if anyone actively exploited this bug to build a massive database, but it certainly wouldn't be surprising. "I believe this to be quite a dangerous vulnerability, and I would like help in getting this stopped," the researcher said. Here's the written transcript of the video: So, what I would like to demonstrate here is an active vulnerability within Facebook, which allows malicious users to query email addresses within Facebook, and have Facebook return any matching users. This works with a front-end vulnerability with Facebook, which I've reported to them, made them aware of, um, that they do not consider to be important enough to be patched—which I would consider to be quite a significant privacy violation and a big problem. This method is currently being used by software which is available right now within the hacking community. Currently it's being used to compromise Facebook accounts for the purpose of taking over Pages groups and, uh, Facebook advertising accounts for obviously monetary gain. I've set up this visual example within no JS. What I've done here is I've taken 250 Facebook accounts, newly registered Facebook accounts, which I've purchased online for about $10. I have queried or I'm querying 65,000 email addresses. And as you can see from the output log here, I'm getting a significant amount of results from them. If I have a look at the output file, you can see I have a user ID name and the email address matching the input email addresses, which I have used. Now I have, as I say, I've spent maybe $10 to buy 200-odd Facebook accounts. And within three minutes, I have managed to do this for 6,000 accounts. I have tested this at a larger scale, and it is possible to use this to extract feasibly up to 5 million email addresses per day. Now there was an existing vulnerability with Facebook earlier this year, which was patched. This is essentially the exact same vulnerability. And for some reason, despite me demonstrating this to Facebook and making them aware of it, they have told me directly that they will not be taking action against it. So I am reaching out to people such as yourselves, in hope that you can use your influence or contacts to get this stopped, because I am very, very confident this is not only a huge privacy breach, but this will result in a new, another large data dump, including emails, which is going to allow undesirable parties, not only to have these email-to-user ID matches, but to append the email address to phone numbers, which have been available in previous breaches. I'm quite happy to demonstrate the front-end vulnerability so you can see how this works. I'm not going to show it in this video, simply because I don't want the video to be, um, I don't want the method to be exploited. But I would be quite happy to demonstrate it if that is necessary. But as you can see, it continues to output more and more and more. I believe this to be quite a dangerous vulnerability, and I would like help in getting this stopped. Source: A New Facebook Bug Exposes Millions of Email Addresses
  15. A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook Confusion Over Hacking, Scraping and Amassing Highlights Data Lockdown Imperative Post to cybercrime forum describes Clubhouse user data being offered for sale Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible. That's a takeaway experts offer after large tranches of data recently became available for sale or for free. The data allegedly was obtained from three social networks: Clubhouse, LinkedIn and Facebook. Scammers can use such data to target individuals via social engineering attacks, and phishers can use it to craft lures, among other potential threats. Clubhouse - a startup social media network accessed via an app - and LinkedIn have both confirmed that large amounts of their user data has appeared online. But both services say the data, which is being offered for sale on darknet forums, was scraped from public-facing pages. So what buyers would be paying for is getting access to all of this public information at once. The story is different, however, with the latest Facebook data breach to come to light. Earlier this month, 533 million users' details - including phone numbers that were set to not display on their profiles - were being offered for free online after having been available for purchase. In response, Facebook said attackers had obtained the data "not through hacking our systems but by scraping it from our platform," apparently by abusing an API that Facebook built to allow users to find each other. "If you provide an API … work on the assumption of it being abused." —Troy Hunt Experts say the resulting records, linking people's names, email addresses, phone numbers and more, are a potential gold mine for fraudsters and phishers (see: Facebook Tries to 'Scrape' Its Way Through Another Breach). Ireland's Data Protection Commission is probing the breach, in line with its authority to enforce the EU's General Data Protection Regulation. Facebook says it's attempting to trace the posted information back, and it has suggested that the data dump may include information amassed from multiple sources, not all of them involving private information held by the social network and its ancillary services. LinkedIn: 'Not a Data Breach' While a Facebook feature appears to have exposed private data for more than a half-billion users, the story looks different for LinkedIn and Clubhouse. Last week, a cybercrime forum seller began advertising 500 million LinkedIn records, offering 2 million of the records as a sampler for $2 in forum credits and access to all records for a four-figure sum, CyberNews first reported. The seller said the profiles included "emails, phone and other details." In a statement released on Thursday, LinkedIn said the data involves only information that is already publicly accessible via its site and may have been combined with information from other sites. "We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies," LinkedIn says. "It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we've been able to review." In other words, while seeing so much user data get amassed in one place might be concerning - and of use to social engineers and others - this information was already in circulation. Clubhouse Data Also Scraped The same also appears to be true for Clubhouse, which saw information from about 1.3 million user profiles get posted on a cybercrime forum on or around Saturday. The poster said that the data had been scraped from Clubhouse using one of its APIs. Clubhouse is an iOS-based app that enables users to set up virtual audio chat rooms, to which most participants will then be listening in. The service, which launched early last year, is still invite-only, but the Guardian reports that buzz over Clubhouse has been building, especially after Tesla founder Elon Musk used it in February to host a popular chat. The scraped Clubhouse data includes name and username, user ID, profile photo, number of followers, number of other Clubhouse users followed, an account creation date, who invited the user to the platform and sometimes Instagram and Twitter handles. The data does not include personally identifiable information, such as phone numbers, email addresses or other sensitive information. In a statement posted to Twitter on Sunday, Clubhouse denied that it had been breached or hacked after reports emerged that user data had appeared on the cybercrime forum. This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API. https://t.co/I1OfPyc0Bo— Clubhouse (@joinClubhouse) April 11, 2021 Clubhouse officials didn't immediately respond to a request for further comment. Expert View: The API Challenge The posted Clubhouse data poses no risk to users, says Jane Manchun Wong, a Hong Kong-based software engineer and security researcher who often blogs about unreleased features in popular applications. "The kind of data gathered here is no different than going to someone's Clubhouse profile and taking a screenshot," Wong says. The data was likely scraped using one of Clubhouse's "private" APIs or one that is used by its app to retrieve data, Wong says. Whoever downloaded the data may have simply cycled through user IDs sequentially, she says. Not seeing any private info in this "leaked data" of Clubhouse The user IDs are numerical. So it just seems like someone scraped the data by hitting Clubhouse's private API, iterating from user ID 1 to beyond https://t.co/MBWG46JmCB— Jane Manchun Wong (@wongmjane) April 11, 2021 Services generally use rate-limiting and other defensive measures to ensure their APIs aren't abused. Wong says that if the data was obtained by iterating through numerical user IDs, Clubhouse should have enabled rate limiting on its private API if it does not already do that, because its users have an expectation of privacy. But even with rate limiting, amassing all of this information would still be possible. "It'll only be slower, but it can still be done," Wong says. Troy Hunt, creator of the free Have I Been Pwned data breach notification service, says APIs pose this paradox: If developers want to make users discoverable to other users, it's difficult to ensure that the underlying API will only be used for that purpose - in other words, by only the right users and for the right reasons. "If you provide an API, regardless what you protect with rate limiting," expect that whatever data it touches "will be aggregated," Hunt says. "You work on the assumption of it being abused." Source: A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook
  16. Personal data for 533 million Facebook users leaks on the web It had been circulating privately since January. Tim Bennett on Unsplash Hackers were reportedly sharing a massive amount of personal Facebook data in January, and now that data appears to have escaped into the wild. According to Business Insider, security researcher Alon Gal has discovered that a user on a hacking forum has made the entire dataset public, exposing details for about 533 million Facebook members. The data includes phone numbers, birth dates, email addresses and locations, among other revealing info. About 32 million of the users are in the US, while 11 million are from the UK and another 6 million come from India. Gal first spotted the data in January, when Telegram users could pay to search the database. The intruders reportedly took advantage of a flaw that Facebook fixed in August 2019 and reportedly includes information from before that fix. You might not be in trouble if you're a relative newcomer or have changed key details in the time since the fix, but the breach still leaves many people vulnerable. We've asked Facebook for comment. As Gal noted, Facebook can only do so much when the data is already in circulation and the related flaw is no longer an issue. The social network could notify affected users, though, and there's pressure on the company to alert affected users so they can watch for possible spam calls and fraud. All 533,000,000 Facebook records were just leaked for free. This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8 — Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021 Source: Personal data for 533 million Facebook users leaks on the web
  17. The UK Is Trying to Stop Facebook's End-to-End Encryption The government's latest attack is aimed at discouraging the company from following through with its planned rollout across platforms. Photograph: Dan Kenyon/Getty Images The UK is planning a new attack on end-to-end encryption, with the Home Office set to spearhead efforts designed to discourage Facebook from further rolling out the technology to its messaging apps. Home Secretary Priti Patel is planning to deliver a keynote speech at a child protection charity’s event focused on exposing the perceived ills of end-to-end encryption and asking for stricter regulation of the technology. At the same time a new report will say that technology companies need to do more to protect children online. Patel will headline an April 19 roundtable organized by the National Society for the Prevention of Cruelty to Children (NSPCC), according to a draft invitation seen by WIRED. The event is set to be deeply critical of the encryption standard, which makes it harder for investigators and technology companies to monitor communications between people and detect child grooming or illicit content, including terror or child abuse imagery. End-to-end encryption works by securing communications between those involved in them—only the sender and receiver of messages can see what they say and platforms providing the technology cannot access the content of messages. The tech has been increasingly made standard in recent years with WhatsApp and Signal using end-to-end encryption by default to protect people’s privacy. The Home Office's move comes as Facebook plans to roll out end-to-end encryption across all its messaging platforms—including Messenger and Instagram—which has sparked a fierce debate in the UK and elsewhere over the supposed risks the technology poses to children. During the event, the NSPCC will unveil a report on end-to-end encryption by PA Consulting, a UK firm that has advised the UK’s Department for Digital Culture Media and Sport (DCMS) on the forthcoming Online Safety regulation. An early draft of the report, seen by WIRED, says that increased usage of end-to-end encryption would protect adults’ privacy at the expense of children’s safety, and that any strategy adopted by technology companies to mitigate the effect of end-to-end encryption will “almost certainly be less effective than the current ability to scan for harmful content.” The report also suggests that the government devise regulation “expressly targeting encryption”, in order to prevent technology companies from “engineer[ing] away” their ability to police illegal communications. It recommends that the upcoming Online Safety Bill—which will impose a duty of care on online platforms—make it compulsory for tech companies to share data about online child abuse, as opposed to voluntary. The Online Safety Bill is expected to require companies whose services use end-to-end encryption to show how effectively they are tackling the spread of harmful content on their platforms—or risk being slapped with fines by communication authority Ofcom, which will be in charge of enforcing the rules. As a last resort, Ofcom could demand that a company use automated systems to winnow out illegal content from their services. The NSPCC says that this set-up does not go far enough in reining in encryption: in a statement released last week, the charity urged the digital secretary, Oliver Dowden, to strengthen the proposed regulation, preventing platforms from rolling out end-to-end encryption until they can demonstrate that they can safeguard children’s safety. Facebook currently tackles the circulation of child sex abuse content on WhatsApp by removing accounts displaying forbidden images in their profile pictures, or groups whose names suggest an illegal activity. WhatsApp says it bans more than 300,000 accounts per month that it suspects of sharing child sexual abuse material. “Ofcom will have to meet a series of tests before it could take action on a regulated platform,” says Andy Burrows, NSPCC’s head of child safety online policy. “That is about being able to require evidence of serious and sustained abuse, which is going to be practically very difficult to do because of end-to-end encryption will take away a significant amount of the reporting flow.” Burrows declined to comment directly about the event with the Home Secretary, and whether any policy announcement will be made then. In an email, a Home Office spokesperson wrote that “end-to-end encryption poses an unacceptable risk to user safety and society. It would prevent any access to messaging content and severely erode tech companies’ ability to tackle the most serious illegal content on their own platforms, including child abuse and terrorism.” “The Home Secretary has been clear that industry must step-up to meet the evolving threat,” the spokesperson says. Since Facebook’s announcement on the extension of end-to-end encryption in 2019, Patel has grown increasingly impatient and vocal about the dangers of the technology—publicly calling on Facebook to “halt plans for end-to-end encryption”, and bringing up the subject in meetings with her US counterparts and the Five Eyes intelligence alliance of English-speaking countries. While Dowden is working jointly with the Home Office—taking part in conversations with Facebook on the matter—in an online press conference on March 10 he said that end-to-end encryption will not be dealt with in the Online Safety Bill. The comment has caused concern among observers. According to a person familiar with policy discussions, technology companies are now increasingly worried that the Home Office could issue a Technical Capability Notice (TCN) against Facebook—that is: an injunction forbidding the company from switching to end-to-end encryption. A TCN would allow investigators with a warrant to keep obtaining decrypted conversations on Instagram and Facebook Messenger, the platforms of main concern because they potentially allow unsolicited messaging between adults and children. In December last year, Sky News reported, quoting Home Office policy advisers, that a TCN would have become an option if the Online Safety Bill did not demand that Facebook kept its ability to spot child abuse—a scenario that would arguably materialize if Facebook had its way with encryption. Jim Killock, executive director at digital rights organization Open Rights Group, says he is “worried that the Home Office will be considering using a secret order (TCN) to force Facebook to limit or circumvent their encryption.” “Facebook would be gagged from saying anything,” Killock adds. Although the action would be targeted to Facebook only, he thinks that such a move would set a precedent. One industry source who has spoken with government figures is skeptical that such a radical scenario will come to pass, pointing out that encryption has routinely been in the Home Office’s crosshairs since Theresa May’s tenure as home secretary started in 2010, but that the technical difficulty—and the unpopularity—of outlawing encryption eventually always prevailed over the rhetorical posturing. In a statement, a Facebook company spokesperson said that end-to-end encryption is “already the leading security technology used by many services to keep people safe from having their private information hacked and stolen.” Company executives have previously admitted that the increased rollout of end-to-end encryption will reduce the amount of child abuse reports it makes to industry monitoring groups. “Its full rollout on our messaging services is a long-term project and we are building strong safety measures into our plans,” the spokesperson added. This story originally appeared on WIRED UK. The UK Is Trying to Stop Facebook's End-to-End Encryption
  18. Supreme Court rules Facebook text alerts not akin to robocalls © Getty Images The Supreme Court on Thursday sided unanimously with Facebook, ruling that a notification system the social media giant employs to alert users to suspicious logins does not run afoul of a federal law aimed at curbing robocalls and automated text messages. The decision derailed a proposed class-action lawsuit that sought to hold Facebook liable under a 1991 law that imposed a general ban on automated calls. The justices found that Facebook’s opt-in security notification feature fell outside the law, even though the program was found to have transmitted unwanted text messages. The court rejected an argument from a recipient of unwanted Facebook texts, who claimed that the company’s messaging program amounted to an “autodialer,” which generally involves the use of a random or sequential number generator. “Expanding the definition of an autodialer to encompass any equipment that merely stores and dials telephone numbers would take a chainsaw to these nuanced problems when Congress meant to use a scalpel,” Justice Sonia Sotomayor wrote for the court. The class-action suit was brought by Noah Duguid, a man who received repeated Facebook text notifications alerting him to unusual login attempts, despite the fact that Duguid says he has never had a Facebook account. Facebook said it was possible Duguid’s phone number was linked to Facebook alerts by the phone number’s previous owner. A trial court agreed with Facebook’s request to toss the case, but a San Francisco-based federal appeal court reversed, prompting Facebook’s appeal to the Supreme Court. Updated at 1:05 p.m. Source: Supreme Court rules Facebook text alerts not akin to robocalls
  19. Facebook disables cyber espionage operation from Chinese group against Uyghur activists Facebook regularly discloses methodologies that it is utilizing to secure its platform from cyberattacks and other malicious activities. Now, the company has announced that its security teams have disabled operations against Uyghur activists. These were being carried out by a group in China known as "Evil Eye" or "Earth Empusa". According to Facebook, these attacks were being predominantly carried out against journalists and activists from the Uyghurs of Xinjiang in China, who are currently living abroad in countries such as the United States, Australia, and Turkey. The cyber espionage model primarily revolved around infecting target devices with malware so they could then be utilized for surveillance. Facebook noted that this was accomplished by distributing links to targets on Facebook. These links would either direct users to lookalike domains for known Uyghur news outlets or to actual websites infected with malicious JavaScript code, which would then infect iOS devices. The company notes that this was a highly targeted activity which only infected devices after they had passed certain checks for IP addresses and browser settings, among other things. In terms of who actually distributed these problematic URLs, Facebook says that malicious actors would pose as Uyghur activists, establish trust with their targets, and then share the links. They also targeted Android users by setting up third-party app stores containing malware-infected apps for Uyghur-themed keyboards, prayers, and the Holy Quran. Facebook went on to say that: We’ve observed this group use several distinct Android malware families. Specifically, our investigation and malware analysis found that Beijing Best United Technology Co., Ltd. (Best Lh) and Dalian 9Rush Technology Co., Ltd. (9Rush), two Chinese companies, are the developers behind some of the Android tooling deployed by this group. Our assessment of one of them benefited from research by FireEye, a cybersecurity company. These China-based firms are likely part of a sprawling network of vendors, with varying degrees of operational security. [...] Our industry peers have been tracking parts of this activity as being driven by a single threat actor broadly known as Earth Empusa, or Evil Eye, or PoisonCarp. Our investigation confirmed that the activity we are disrupting today closely aligns with the first two — Earth Empusa or Evil Eye. While PoisonCarp shares some TTPs including targeting and use of some of the same vendor-developed malware, our on-platform analysis suggests that it is a separate cluster of activity. Actions that Facebook has taken to disable this operation include blocking malicious domains from being shared on its platform, informing affected users, and sharing threat indicators such as hashes and domain names publicly. Source: Facebook disables cyber espionage operation from Chinese group against Uyghur activists
  20. Facebook finally explains its mysterious new wrist wearable Will we be able to trust it with a new form of personal data? (Probably not.) Enlarge / Facebook is developing a wrist-worn wearable that senses nerve activity that controls your hands and fingers. The design could enable new types of human-computer interactions. Facebook It first appeared on March 9 as a tweet on Andrew Bosworth’s timeline, the tiny corner of the Internet that offers a rare glimpse into the mind of a Facebook executive these days. Bosworth, who leads Facebook’s augmented and virtual reality research labs, had just shared a blog post outlining the company’s 10-year vision for the future of human-computer interaction. Then, in a follow-up tweet, he shared a photo of an as yet unseen wearable device. Facebook’s vision for the future of interacting with computers apparently would involve strapping something that looks like an iPod Mini to your wrist. Facebook already owns our social experience and some of the world’s most popular messaging apps—for better or notably worse. Anytime the company dips into hardware, then, whether that’s a very good VR headset or a video chatting device that follows your every move, it gets noticed. And it not only sparks intrigue, but questions too: why does Facebook want to own this new computing paradigm? In this case, the unanswered questions are less about the hardware itself and more about the research behind it—and whether the new interactions Facebook envisions will only deepen our ties to Facebook. (Answer: probably.) In a media briefing earlier this week, Facebook executives and researchers offered an overview of this tech. In simplest terms, Facebook has been testing new computing inputs using a sensor-filled wrist wearable. It’s an electromyography device, which means it translates electrical motor nerve signals into digital commands. When it’s on your wrist, you can just flick your fingers in space to control virtual inputs, whether you’re wearing a VR headset or interacting with the real world. You can also “train” it to sense the intention of your fingers, so that actions happen even when your hands are totally still. Enlarge / Facebook’s vision for its wrist-worn device includes being able to type on a virtual desktop keyboard. Facebook This wrist wearable doesn’t have a name. It’s just a concept, and there are different versions of it, some of which include haptic feedback. Bosworth says it could be five to 10 years before the technology becomes widely available. All of this is tied to Facebook’s plans for virtual and augmented reality, technologies that can sometimes leave the user feeling a distinct lack of agency when it comes to their hands. Slip on a VR headset and your hands disappear completely. By picking up a pair of hand controllers, you can play games or grasp virtual objects, but then you lose the ability to take notes or draw with precision. Some AR or “mixed reality” headsets like Microsoft’s HoloLens have cameras that track spatial gestures, so you can use certain hand signals and the headset will interpret those signals … which sometimes works. So Facebook has been using this EMG wearable in its virtual reality lab to see if such a device might enable more precise hand-computer interactions. But Facebook has visions for this wrist tech beyond AR and VR, Bosworth says. “If you really had access to an interface that allowed you to type or use a mouse—without having to physically type or use a mouse, you could use this all over the place.” The keyboard is a prime example, he says; this wrist computer is just another means of intentional input, except you can carry it with you everywhere. Bosworth also suggested the kitchen microwave as a use case—while clarifying that Facebook is not, in fact, building a microwave. Home appliance interfaces are all different, so why not program a device like this to understand, simply, when you want to cook something for 10 minutes on medium power? In the virtual demo Facebook gave earlier this week, a gamer was shown wearing the wrist device and controlling a character in a rudimentary video game on a flat screen, all without having to move his fingers at all. These kinds of demos tend to (pardon the pun) gesture toward mind-reading technology, which Bosworth insisted this is not. In this case, he said, the mind is generating signals identical to the ones that would make the thumb move, but the thumb isn’t moving. The device is recording an expressed intention to move the thumb. “We don’t know what’s happening in the brain, which is full of thoughts, ideas, and notions. We don’t know what happens until someone sends a signal down the wire.” Bosworth also emphasized that this wrist wearable is different from the invasive implants that were used in a 2019 brain-computer interface study that Facebook worked on with the University of California at San Francisco; and it’s different from Elon Musk’s Neuralink, a wireless implant that could theoretically allow people to send neuroelectrical signals from their brains directly to digital devices. In other words, Facebook isn’t reading our minds, even if it already knows a heck of a lot about what’s going on in our heads. Researchers say there’s still a lot of work to be done in the area of using EMG sensors as virtual input devices. Precision is a big challenge. Chris Harrison, the director of the Future Interfaces Group in the Human-Computer Interaction Lab at Carnegie Mellon University, points out that each individual human’s nerves are a little bit different, as are the shapes of our arms and wrists. “There’s always a calibration process that has to happen with any muscle-sensing system or BCI system. It really depends on where the computing intelligence is,” Harrison says. Enlarge / A closer look at the prototype wearable. Facebook And even with haptic feedback built into these devices, as Facebook is doing with some of its prototypes, there’s the risk of visuo-haptic mismatches, where the user’s visual experience—whether in AR, VR, or real space—does not correlate to the haptic response. These points of friction can make these human-computer interactions all feel frustratingly unreal. Even if Facebook can overcome these obstacles in its research labs, there’s still the question of why Facebook—largely a software company—wants to own this new computing paradigm. And should we trust it? This hugely powerful tech company that has a track record of sharing user data in “exchange for other equally or more valuable things,” as WIRED’s Fred Vogelstein wrote in 2018? A more recent report in MIT Technology Review highlights how a team at Facebook assembled to tackle “responsible AI” was undermined by leadership’s relentless quest for growth. Facebook executives said this week that these new human-computer interaction devices will perform as much computing as possible “on device,” which means the information isn’t shared to the cloud; but Bosworth won’t commit to how much data ultimately might be shared to Facebook or how that data will be used. The whole thing is a prototype, so there’s nothing substantive to tease apart yet, he says. “Sometimes these companies have cash piles large enough to basically invest in these huge R&D projects, and they’ll take a loss on such things if it means they can be front-runners in the future,” says Michelle Richardson, director of the Data and Privacy Project at the nonprofit Center for Democracy and Technology. “But with companies of any size, any product, once it’s built, it’s so difficult to overhaul it. So anything that can start the conversation on this before the devices are built is a good thing.” Bosworth says Facebook wants to lead this next paradigm shift in computing because the company sees tech like this as fundamental to connecting people. If anything, this past year has shown us the importance of connecting—of feeling like you’re in person, Bosworth says. He also seems to believe he can earn the required trust by not “surprising” customers. “You say what you do, you set expectations, and you deliver on those expectations over time” he says. “Trust arrives on foot and leaves on horseback.” Rose-colored AR glasses, activated. This story originally appeared on wired.com. Facebook finally explains its mysterious new wrist wearable
  21. Facebook Paid Out $50K for Vulnerabilities Allowing Access to Internal Systems A researcher says he has earned more than $50,000 from Facebook after discovering vulnerabilities that could have been exploited to gain access to some of the social media giant’s internal systems. Cybersecurity engineer and bug bounty hunter Alaa Abdulridha revealed in December 2020 that he had earned $7,500 from Facebook for discovering a vulnerability in a service apparently used by the company’s legal department. The researcher said the security hole could have been exploited to reset the password of any account for a web application used internally by Facebook employees. In a blog post published on Thursday, the researcher said he continued analyzing the same application and once again managed to gain access to it. From there he claimed he was able to launch a server-side request forgery (SSRF) attack and gain access to Facebook’s internal network. Facebook described this as an attacker being able to send HTTP requests to internal systems and read their responses. “I was able to scan the ports of the local servers and browse the local applications/web apps that the company uses in their infrastructure,” the researcher told SecurityWeek. “I'm sure such a vulnerability in the wrong hands could be escalated to RCE and can pose a huge risk for the company and its customers.” The social media giant awarded him nearly $50,000 for this second exploit chain. Abdulridha also claimed the account takeover attack may have allowed a hacker to access accounts for other internal Facebook applications as well, but Facebook told SecurityWeek it had not found any evidence to suggest that the flaw could be escalated to access other internal accounts. Facebook has clarified that the vulnerabilities reported by Abdulridha actually affected a third-party service designed for signing documents and they impacted anyone using this service, not just Facebook. The company said it worked with the third-party vendor to quickly get the flaws fixed and said it had found no evidence of malicious exploitation, noting that exploiting the weaknesses was a complex task. The company also pointed out that the first vulnerability only allowed access to accounts within the third-party document signing app, but did not grant access to any employee accounts used for other internal applications. While the researcher claimed that it took Facebook nearly 6 months to patch the second round of vulnerabilities, the company told SecurityWeek that while the report was only closed in February, the bugs were actually completely fixed — by both Facebook and the third-party vendor — within a few days. Facebook also said that while it paid out a bug bounty based on the maximum possible impact it could determine, it did not agree with the researcher’s belief that the SSRF vulnerabilities could have been escalated to remote code execution. Source: Facebook Paid Out $50K for Vulnerabilities Allowing Access to Internal Systems
  22. Facebook enables the use of hardware security keys on mobile devices Facebook is expanding support for physical security keys to mobile devices in order to help users secure their accounts. The site already offers multi-factor authentication via SMS or authenticator apps, but adding support for hardware keys offers users another means of supplementing their passwords and keeping their accounts more secure. Security keys are the strongest authentication method available. Even if someone does get hold of a Facebook password, they won't be able to pass the authentication challenge unless they have the person's security key. The feature will be available to both iOS and Android users. In a statement announcing the move Facebook says, "Since 2017, we've encouraged people that are at high risk of being targeted by malicious hackers: politicians, public figures, journalists and human rights defenders. We strongly recommend that everyone considers using physical security keys to increase the security of their accounts, no matter what device they use." You can set up your security key on Facebook by going to the Security and Login section of your account settings. Photo credit: tulpahn / Shutterstock Source: Facebook enables the use of hardware security keys on mobile devices
  23. A federal judge on Friday approved a $650 million settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users. U.S. District Judge James Donato approved the deal in a class-action lawsuit that was filed in Illinois in 2015. Nearly 1.6 million Facebook users in Illinois who submitted claims will be affected. Donato called it one of the largest settlements ever for a privacy violation. “It will put at least $345 into the hands of every class member interested in being compensated,” he wrote, calling it “a major win for consumers in the hotly contested area of digital privacy.” Jay Edelson, a Chicago attorney who filed the lawsuit, told the Chicago Tribune that the checks could be in the mail within two months unless the ruling is appealed. “We are pleased to have reached a settlement so we can move past this matter, which is in the best interest of our community and our shareholders,” Facebook, which is headquartered in the San Francisco Bay Area, said in a statement. The lawsuit accused the social media giant of violating an Illinois privacy law by failing to get consent before using facial-recognition technology to scan photos uploaded by users to create and store faces digitally. The state's Biometric Information Privacy Act allowed consumers to sue companies that didn't get permission before harvesting data such as faces and fingerprints. The case eventually wound up as a class-action lawsuit in California. Facebook has since changed its photo-tagging system. SOURCE
  24. MassFaces Free is a powerful and innovative Facebook application never seen before, which allows you to download and recover to your PC a single video or entire video album in FLV and MP4 formats and Standard and High definition (Plus edition only) resolutions from your Facebook account, from Facebook friends, from Facebook public profiles/pages and more. Also, you can perform Facebook video search through Google engine to get new video content from the social network (Plus edition only). Screenshot: Download installer (clean / ads free installer edition): http://www.mediafire.com/?4gqjmm7kn93zbe5 http://www.datafilehost.com/d/9939715a Homepage: http://www.havysoft.cl/ Requirements: - Windows XP Service Pack 2 with Internet Explorer 7 or higher; Windows Vista; Windows 7, Windows 8/8.1/8.1.1 - Internet connection. - Facebook account. - Facebook single video links; Facebook video album links; Facebook user profiles links. Changelog:
  25. MassFaces 3.0 Beta 2 Leaked Thanks to the app author to allows test the next version of this wonderful app for Facebook!. With new features of MassFaces v3.0 Beta 2 you can: 1. Recover videos from public Facebook links. 2. Recover all your videos of Videos album from your personal Facebook account. 3. Recover all public videos of Videos album from your Facebook friend, profiles and Facebook sites. 4. Search public video links on the Web. 5. More... much more! Description: MassFaces is an intuitive application that comes in handy when you want to effortlessly grab Facebook videos from your own timeline or your contacts'. You simply need to paste the video URL, scan it, then choose the format you prefer and start downloading it to the location you previously chose. Requirements: - Windows XP/Vista/7/8. - Facebook account. - Internet connection. Homepage: Site: http://www.havysoft.clDownload installer (this Beta version is not available in the homepage yet. Only available for private Beta testers, now leaked):http://www.mediafire.com/?kg7833arapb3qnq `
  • Create New...