Month: April 2021

Enlarge (credit: Getty Images)

Still smarting from last month's dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale, links the Facebook accounts associated with email addresses, even when users choose settings to keep them from being public.

A video circulating on Tuesday showed a researcher demonstrating a tool named Facebook Email Search v1.0, which he said could link Facebook accounts to as many as 5 million email addresses per day. The researcher—who said he went public after Facebook said it didn't think the weakness he found was "important" enough to be fixed—fed the tool a list of 65,000 email addresses and watched what happened next.

"As you can see from the output log here, I'm getting a significant amount of results from them," the researcher said as the video showed the tool crunching the address list. "I've spent maybe $10 to buy 200-odd Facebook accounts. And within three minutes, I have managed to do this for 6,000 [email] accounts."

Enlarge / LEIDEN, NETHERLANDS - APRIL 15: General exterior view of the head office of Janssen pharmaceutical company on April 15, 2021 in Leiden, Netherlands. (credit: Getty | BSR Agency)

About 88 percent of Americans support the pause of Johnson & Johnson’s COVID-19 vaccine, and the pause did not increase vaccine hesitancy, according to fresh data from the Axios-Ipsos Coronavirus poll.

The finding is likely to hearten public health experts, who have faced criticism and concern that the pause could erode confidence in vaccine safety and fortify already high-levels of vaccine hesitancy in the country.

The Centers for Disease Control and Prevention, along with the Food and Drug Administration, recommended a pause in the use of the Johnson & Johnson vaccine on April 13 after linking the one-dose vaccine to six cases of a rare blood-clotting condition, one of which was fatal. The six cases occurred among more than 6.8 million people given the vaccine, suggesting that if the blood clots are, in fact, a side effect of the vaccine, they are an extremely rare side effect.

Enlarge / Vivaldi's graphic on FLoC. (credit: Vivaldi)

Google wants to kill third-party tracking cookies used for ads in Chrome with the "Chrome Privacy Sandbox." Since Google is also the world's largest ad company, though, it's not killing tracking cookies without putting something else in its place. Google's replacement plan is to have Chrome locally build an ad interest profile for you, via a system called "FLoC" (Federated Learning of Cohorts). Rather than having advertisers collect your browsing history to build an individual profile of you on their servers, Google wants to keep that data local, and have the browser to serve a list of your interests to advertisers whenever they ask via an API, so that you'll still get relevant ads. Google argues that conscripting the browser for ad interest tracking is a win for privacy, since it keeps your exact browsing history local and only serves up anonymized interest lists. Google does not have many other companies in its corner, though.

One of the first to come out against Google's plan was the EFF, which in March wrote a blog post called, "Google's FLoC is a Terrible Idea." The EFF seems to be against user tracking for ads entirely, saying Google's framing of the issue "is based on a false premise that we have to choose between "old tracking" and "new tracking."

"It's not either-or," the EFF writes. "Instead of re-inventing the tracking wheel, we should imagine a better world without the myriad problems of targeted ads." The EFF worries that FLoC won't stop advertisers from personally identifying people and that the API will serve up full profile data on first contact with a site, saving tracking companies from having to do the work of building a profile themselves over time. It also argues that "the machinery of targeted advertising has frequently been used for exploitation, discrimination, and harm."

Enlarge (credit: Ars Technica)

Today's Dealmaster is headlined by a nice discount on Anker's Soundcore Life Q30: the wireless noise-canceling headphones are currently down to $68 at Amazon. That's $12 off the pair's usual going rate online and less than $5 above the lowest price we've tracked to date.

We highlighted a similar deal earlier in the year and continue to find the Soundcore Life Q30 to be an impressive value. While the Q30 can't match the build quality or raw noise-canceling strength of a more expensive pair from Sony or Bose, the Q30 provides a cushy and comfortable design, excellent battery life at around 40 hours, USB-C charging, multidevice connectivity, and physical controls. Its sound is deeply heavy on the bass by default and absolutely not for audio purists, but the signature can be tweaked and customized through its companion app. And while its active noise cancellation is far from the strongest we've seen, it's still capable enough for tuning out everyday sounds, especially given its price.

If you're not in need of a new pair of headphones, though, our deals roundup also has offers on Fitbit activity trackers, indoor security cameras, the latest Call of Duty game, top-notch wireless mice for both gaming and office work, and much more. You can have a look at the full list below.

Enlarge (credit: CHUYN / Getty Images)

Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said.

At least one of the security flaws is a zeroday, meaning it was unknown to Pulse Secure developers and most of the research world when hackers began actively exploiting it, security firm Mandiant said in a blog post published Tuesday. Besides CVE-2021-22893, as the zeroday is tracked, multiple hacking groups—at least one that likely works on behalf of the Chinese government—are also exploiting several Pulse Secure vulnerabilities fixed in 2019 and 2020.

Under siege

“Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices,” researchers Dan Perez, Sarah Jones, Greg Wood, and Stephen Eckels wrote. “These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations. It is likely that multiple actors are responsible for the creation and deployment of these various code families.”