After decades of unbridled enthusiasm — bordering on addiction — about all things digital, the public may be losing trust in technologyOnline information isn’t reliable, whether it appears in the form of news, search results or user reviews. Social media, in particular, is vulnerable to manipulation by hackers or foreign powers. Personal data isn’t necessarily private. And people are increasingly worried about automation and artificial intelligence taking humans’ jobs.

Yet, around the world, people are both increasingly dependent on, and distrustful of, digital technology. They don’t behave as if they mistrust technology. Instead, people are using technological tools more intensively in all aspects of daily life. In recent research on digital trust in 42 countries (a collaboration between Tufts University’s Fletcher School of Law and Diplomacy, where I work, and Mastercard), my colleagues and I found that this paradox is a global phenomenon.


If today’s technology giants don’t do anything to address this unease in an environment of growing dependence, people might start looking for more trustworthy companies and systems to use. Then Silicon Valley’s powerhouses could see their business boom go bust.

Economic power

Some of the concerns have to do with how big a role the technology companies and their products play in people’s lives. U.S. residents already spend 10 hours a day in front of a screen of some kind. One in 5 Americans says they are online “almost constantly.” The tech companies have enormous reach and power. More than 2 billion people use Facebook every month.

Ninety percent of search queries worldwide go through Google. Chinese e-retailer, Alibaba, organizes the biggest shopping event worldwide every year on Nov. 11, which this year brought in US$25.3 billion in revenue, more than twice what U.S. retailers sold between Thanksgiving and Cyber Monday last year.

This results in enormous wealth. All six companies in the world worth more than $500 billion are tech firms. The top six most sought-after companies to work for are also in tech. Tech stocks are booming, in ways reminiscent of the giddy days of the dot-com bubble of 1997 to 2001. With emerging technologies, including the “internet of things,” self-driving carsblockchain systems and artificial intelligence, tempting investors and entrepreneurs, the reach and power of the industry is only likely to grow.

This is particularly true because half the world’s population is still not online. But networking giant Cisco projects that 58 percent of the world will be online by 2021, and the volume of internet traffic per month per user will grow 150 percent from 2016 to 2021.

All these users will be deciding on how much to trust digital technologies.

Data, democracy, and the day job

Even now, the reasons for collective unease about technology are piling up. Consumers are learning to be worried about the security of their personal information: News about a data breach involving 57 million Uber accounts follows on top of reports of a breach of the 145.5 million consumer data records on Equifax and every Yahoo account — 3 billion in all.

Russia was able to meddle with Facebook, Google, and Twitter during the 2016 election campaign. That has raised concerns about whether the openness and reach of digital media is a threat to the functioning of democracies.

Another technological threat to society comes from workplace automation. The management consulting firm, McKinsey, estimates that it could displace one-third of the U.S. workforce by 2030, even if a different set of technologies create new “gig” opportunities.

The challenge for tech companies is that they operate in global markets and the extent to which these concerns affect behaviors online varies significantly around the world.

Mature markets differ from emerging ones

Our research uncovers some interesting differences in behaviors across geographies. In areas of the world with smaller digital economies and where technology use is still growing rapidly, users tend to exhibit more trusting behaviors online. These users are more likely to stick with a website even if it loads slowly, is hard to use or requires many steps for making an online purchase. This could be because the experience is still novel and there are fewer convenient alternatives either online or offline.

In the mature digital markets of Western Europe, North America, Japan and South Korea, however, people have been using the internet, mobile phones, social media and smartphone apps for many years. Users in those locations are less trusting, prone to switching away from sites that don’t load rapidly or are hard to use, and abandoning online shopping carts if the purchase process is too complex.


Because people in more mature markets have less trust, I would expect tech companies to invest in trust-building in more mature digital markets. For instance, they might speed up and streamline the processing of e-commerce transactions and payments, or more clearly label the sources of information presented on social media sites, as the Trust Project is doing, helping to identify authenticated and reliable news sources.

Consider Facebook’s situation. In response to criticism for allowing fake Russian accounts to distribute fake news on its site, CEO Mark Zuckerberg boldly declared that “Protecting our community is more important than maximizing our profits.” However, according to the company’s chief financial officer, Facebook’s 2018 operating expenses could increase by 45 to 60 percent if it were to invest significantly in building trust, such as hiring more humans to review posts and developing artificial intelligence systems to help them. Those costs would lower Facebook’s profits.

To strike a balance between profitability and trustworthiness, Facebook will have to set priorities and deploy advanced trust-building technologies (e.g. vetting locally generated news and ads) in only some geographic markets.

The future of digital distrust

As the boundaries of the digital world expand, and more people become familiar with internet technologies and systems, their distrust will grow. As a result, companies seeking to enjoy consumer trust will need to invest in becoming more trustworthy more widely around the globe. Those that do will likely see a competitive advantage, winning more loyalty from customers.

This risks creating a new type of digital divide. Even as one global inequality disappears — more people have an opportunity to go online — some countries or regions may have significantly more trustworthy online communities than others. Especially in the less-trustworthy regions, users will need governments to enact strong digital policies to protect people from fake news and fraudulent scams, as well as regulatory oversight to protect consumers’ data privacy and human rights.

All consumers will need to remain on guard against overreach by heavy-handed authorities or autocratic governments, particularly in parts of the world where consumers are new to using technology and, therefore, more trusting. And they’ll need to keep an eye on companies, to make sure they invest in trust-building more evenly around the world, even in less mature markets. Fortunately, digital technology makes watchdogs’ work easier, and also can serve as a megaphone — such as on social media — to issue alerts, warnings or praise.

Bhaskar Chakravorti, Senior Associate Dean, International Business & Finance, Tufts University

Source: This article was published salon.com By BHASKAR CHAKRAVORTI,

Categorized in Online Research

In a move that goes beyond ordinary ad blockers, Google announced Chrome will begin blocking a large variety of advertisements. Because Chrome is the number one browser, this change will have a dramatic impact on how websites do business. While there is no cause for worry, you should still be concerned. In the long run, this may actually benefit the Internet.

Why Will Google Chrome Block Ads?

Google earns a significant amount of income from displaying ads on websites. However third party ad blockers currently block a significant amount of Google ads, even though Google’s advertising conforms to the standards created by Coalition for Better ads. This move will likely undercut third-party ad blockers that currently block Google’s own ads.


Chrome Ad Blocker may be a life saver for publishers who rely on standards compliant advertising.

Will Google’s Ad Blocker be Bad for Publishers?

The short answer is no. In the long run, Google’s ad blocker may be good for web publishers who rely on advertising revenue.

Google’s ad blocker will likely allow the display of Google’s own visitor-friendly advertising. In the long run, the use of third-party ad blockers may decline, resulting in more of Google’s own advertising being shown.

This is a win-win for any publisher who relies on Google’s advertising for earnings and for site visitors who are tired of intrusive advertising.

When Will Chrome Ad Blocker Affect You?

Chrome’s ad blocker begins blocking ads on February 15th, 2018. Google has provided a tool that will allow you to troubleshoot your site to make sure it will conform to the Better Ads standards.

What Kind of Advertising Will be Blocked?

In general, anything that blocks a significant amount of content and prevents users from comfortably reading content is subject to being blocked. Fortunately, there are standards that can be consulted to know exactly which ads will be blocked.


Here is a list of the kinds of advertising that will be blocked:

Desktop Ads that Chrome will be blocked:

  1. Pop-up ads
  2. Auto-playing video ads with sound
  3. Prestitial Ads with Countdown
  4. Large Sticky Ads

Mobile Ads that Chrome Will Block:

  1. Pop-ups
  2. Prestitial ads w/without countdown (blocks entire content)
  3. Ad density greater than 30% of content vertically. This can be 15% top and bottom blocked.
  4. 50% single-column ad density
  5. 35% single-column ad density
  6. 30% single-column ad density
  7. Flashing Animated Ads
  8. Auto-play video ads with sound
  9. Positial ads with a countdown (that cannot be dismissed) – These are ads that spawn after a link is clicked, that prevents a user from reaching another web page.
  10. Full-screen Scroll over ads. These are ads that force a user to scroll past it to get to the content. They usually block about 30% of the browser viewport.
  11. Large sticky ads – These are ads that take up more than 30% of a screen and is persistent. It does not go away no matter what direction a user scrolls, obscuring the content and resulting in a poor user experience.

The complete official standards are available as a PDF download here.

Will Chrome’s Ad Blocker Affect Affiliate Advertisers?

It’s difficult to say with certainty. But it may be safe to say that if your affiliate ads and links are standards compliant, then there’s a good chance this will not affect your earnings. Google has created a tool to take the guesswork out of this question.

How to Know if Your Ads Will be Blocked?

It’s a simple matter to test if your ads will be blocked. Google is providing a tool that will scan your site and issue a report of any pages that are in violation. If any page is in violation you will be able to fix it then resubmit those pages for approval.

Visit this page for your Ad Experience Report: https://www.google.com/webmasters/tools/ad-experience-unverified

Chrome is currently the most popular browser in the world. This move will change how users experience the web. There’s no incentive for publishers to stop using intrusive advertising. Chrome will simply block them. Consumers on other browsers may continue seeing those intrusive ads. This may be a win-win for the Chrome browser and those who use it. But this may also be a win-win-win if you include web publishers who rely on advertising income.

Source: This article was published searchenginejournal.com By Roger Montti

Categorized in How to

Using the internet makes people happier, especially seniors and those with health problems that limit their ability to fully take part in social life, says a study in Computers in Human Behavior.

The issue: A generation after the internet began appearing widely in homes and offices, it is not unusual to hear people ask if near-constant access to the web has made us happier. Research on the association between internet use and happiness have been ambiguous. Some have found that the connectivity empowers people. A 2014  study published in the journal Computers in Human Behavior notes that excessive time spent online can leave people socially isolated. Compulsive online behavior can have a negative impacton mental health.

A new paper examines if quality of life in the golden years is impacted by the ubiquitous internet.


An academic study worth reading: “Life Satisfaction in the Internet Age – Changes in the Past Decade,”published in Computers in Human Behavior, 2016.

Study summary: Sabina Lissitsa and Svetlana Chachashvili-Bolotin, two researchers in Israel, investigate how internet adoption impacts life satisfaction among Israelis over age 65, compared with working-age adults (aged 20-64). They use annual, repeated cross-sectional survey data collected by Israel’s statistics agency from 2003 to 2012 – totaling 75,523 respondents.

They define life satisfaction broadly — on perceptions of one’s health, job, education, empowerment, relationships and place in society — and asked respondents to rate their satisfaction on a four-point scale. They also measured specific types of internet use, for example email, social media and shopping.

Finally, Lissitsa and Chachashvili-Bolotin also analyzed demographic data, information on respondents’ health, the amount they interact with friends and how often, if at all, they feel lonely.


  • Internet users report higher levels of life satisfaction than non-users. This finding:
    • Is higher among people with health problems.
    • Decreases over time (possibly because internet saturation is spreading, making it harder to compare those with and those without internet access).
    • Decreases as incomes rise.
  • Internet access among seniors rose from 8 to 34 percent between 2003 and 2012; among the younger group, access increased from 44 to 78 percent. Therefore, the digital divide grew during the study period.
  • Seniors who use the internet report higher levels of life satisfaction than seniors who do not.
  • “Internet adoption promotes life satisfaction in weaker social groups and can serve as a channel for increasing life satisfaction.”
  • Using email and shopping online are associated with an increase in life satisfaction.
  • Using social media and playing games have no association with life satisfaction. The authors speculate that this is because some people grow addicted and abuse these internet applications.
  • The ability to use the internet to seek information has an insignificant impact on happiness for the total sample. But it has a positive association for users with health problems — possibly because the internet increases their ability to interact with others.
  • The findings can be broadly generalized to other developed countries.


Helpful resources:

The Organization for Economic Development and Cooperation (OECD) publishes key data on the global internet economy.

The United Nations publishes the ICT Development Index to compare countries’ adoption of internet and communications technologies.

The Digital Economy and Society Index measures European Union members’ progress toward closing the digital divides in their societies.

Other research:

2015 article by the same authors examines rates of internet adoption by senior citizens.

2014 study looks at how compulsive online behavior is negatively associated with life satisfaction. Similarly, this 2014 article specifically focuses on the compulsive use of Facebook.

2014 study tests the association between happiness and online connections.

Journalist’s Resource has examined the cost of aging populations on national budgets around the world.

Categorized in Online Research
  • Bitcoin's rise could help lead to the creation of a so-called "decentralized internet," according to a venture capitalist
  • Decentralized internet is the idea that the web is run across a number of machines that are owned by regular users rather than owned in a central place like a server
  • This could ultimately reduced the power of tech giants, the VC said

Bitcoin's rise could help lead to the creation of a so-called "decentralized internet" that could take power away from large technology firms, two venture capitalists told CNBC on Thursday.

The internet works thanks to large centralized services such as server owners, cloud providers, search engines and social media. As a result, many internet giants are dominant in their respective area of the internet.


A decentralized internet promises to spread the running of these services across users. So, a number of independent machines would power services across the web.

The money pouring into cryptocurrencies like bitcoin is helping to bring resources to developing a decentralized internet, according to Hemant Taneja, managing director at U.S. venture capital firm General Catalyst.

"The underlying reason for cyrptocurrencies is about building a decentralized internet. And I think that's a profound reason," Taneja told CNBC in an interview at the Slush technology conference in Helsinki, Finland.

"So, when you think about all these large platform companies that have become so powerful… wouldn't it be nice if we could get the benefit of what these companies provide but without these centralized authorities that have so much control."


Taneja said that the industry is "nowhere near" having the technology ready for such a project, but the cryptocurrency bubble is helping to bring capital and talent to the development of a decentralized internet.

"The more smart money that starts believing there are benefits around decentralized internet the better it is for us," Taneja said.

Albert Wenger, another venture capitalist at Union Square Ventures, echoed the sentiment, but admitted that reducing the power of internet giants is a long way off.

"In the long run, I think that's the goal we are shooting for. I don't think they (tech giants) have to tremble in their boots any time soon," Wenger told CNBC in an interview on Thursday.

Source: This article was published cnbc.com By Arjun Kharpal

Categorized in Internet Privacy

I’ve been hearing a lot these days from friends who are finding it more difficult to find pertinent information from their Google searches? There are many reasons for this, one is the way the search is written. I’m a big advocate of Search Strings, and have a comprehensive list in my full Internet Research workshop. There is a lot more information in the Deep Web if you know how to find it.

These databases and search engines offer a “deep dive” into the Internet and will help you get closer to the specific types of information you are looking. Be aware these don’t respond to typical Google type searches. They will ask you for more information and you will need to spend more time creating your search. However, the result will be more specific than a typical Web search.


  1. SurfWax. This search engine works very well for reaching deep into the web for information.
  2. Academic Index. Created by the former chair of Texas Association of School Librarians, this meta-search engine only pulls from databases and resources that are approved by librarians and educators.
  3. Dogpile. Dogpile searches rely on several top search engines for the results then remove duplicates and strives to present only relevant results.
  4. Yippy. Save yourself the work by using this search engine that looks among major search engines, social networks, flickrfor photos, Wikipedia, and many more sites.
  5. Clusty. Clusty searches through top search engines, and then clusters the results so that information that may have been hidden deep in the search results is now readily available.
  6. Mamma. Click on the Power Search option to customize your search experience with this meta-search engine.
  7. World Curry Guide. This meta-search tool with a strong European influence has been around since 1997 and is still growing strong.
  8. Fazzle.com. Give this meta-search engine a try. It accesses a large number of databases and claims to have more access to information than Google.
  9. Meltwater. Search blogs as well as the general Internet, the news, and more to receive results by posting date.
  10. iZito. Get results from a variety of major search engines that come to you clustered in groups. You can also receive only US website results or receive results with a more international perspective.
  11. pipl. Specifically designed for searching the deep web for people, this search engine claims to be the most powerful for finding someone.
  12. Mensur. Metrics from Scholarly Usage of Resources. The project’s major objective is enriching the toolkit used for the assessment of the impact of scholarly communication.

I hope these additional tools will help you with your search process.

Source: This article was published huffingtonpost.com By Geri Spieler

Categorized in Deep Web

GOOGLE CHROME users will soon be getting a new update to download that could change the way they browser the internet forever.

Google Chrome fans will be able to download a new ad blocker update that lets them mute entire websites.

Within a few clicks, Google Chrome users will be able to mute adverts that automatically plays video or audio thanks to a brand new incoming feature.

Google’s Francois Beaufort took to Google+ to reveal the brand new feature that the Google Chrome team is working on.

In a screenshot he shared, you can see that you’ll be able to click ‘Info’ or ‘Secure’ label on the left of the URL you’re visiting to access the feature.

This will open a pop-up menu and in it will be a new Sound option that lets you mute any and all sounds from the particular website.

The feature, which was reported by 9to5Google, will be useful when visiting websites that automatically play videos.


Also this summer Google announced they would be launching the Google Chrome ad-blocking features in early 2018.

The upcoming Google Chrome feature won’t block every advert, but will block ones that are deemed unacceptable.

The group that decides this is known as the Coalition for Better Ads, which includes Google, Facebook, News Corp, and The Washington Post.

This includes things such as pop-up adverts and ads that expand on their own.

Describing the upcoming feature, Google said: “Chrome has always focused on giving you the best possible experience browsing the web. 

“For example, it prevents pop-ups in new tabs based on the fact that they are annoying. 

“In dialogue with the Coalition and other industry groups, we plan to have Chrome stop showing ads (including those owned or served by Google) on websites that are not compliant with the Better Ads Standards starting in early 2018.”

Google is also set to introduce an option for website visitors to pay websites directly – in compensation for the adverts they're blocking.

Dubbed Funding Choices, Google has been testing a similar feature for some time, but it hopes a next-generation of the model will be ready to roll-out alongside its blanket ban on adverts.

One set of websites that have been left fearing for their future in light of the upcoming Google Chrome ad-blocker is torrent sites.

Chrome is the world’s most popular browser, and the leading browser for many torrent websites.

The upcoming ad blocker is expected to have a big effect on torrent sites and the revenue they bring in.

The owner of one torrent site, who did not want to be named, told TorrentFreak that the Google Chrome ad blocker could signal the end of torrents.

They said: “The torrent site economy is in a bad state. Profits are very low. Profits are f***** compared to previous years.

“Chrome’s ad-blocker will kill torrent sites. If they don’t at least cover their costs, no one is going to use money out of his pocket to keep them alive.

“I won’t be able to do so at least.”

Source: This article was published express.co.uk By DION DASSANAYAKE

Categorized in Search Engine

A new form of malware hit the internet Tuesday, shutting down systems across Europe and impacting companies from the U.S. to Russia. Unfortunately, the attack, which early reports indicate seems to have hurt Ukrainian organizations and agencies more in particular, is still largely a mystery for security researchers.

A form of ransomware, the malware encrypts a victim’s PC and demands that they pay $300 in exchange for the keys to unlock their computer or lose all of their data. The attack even managed to affect radiation monitoring equipment at the exclusion zone around the Chernobyl nuclear disaster site, forcing workers to rely on manual checks instead.


Cybersecurity firms originally believed the malware to be a perviously known form of ransomware called Petya, but Kaspersky Lab says it’s actually a different, unknown version kind of ransomware, causing the cybersecurity company to dub it NotPetya.

Interestingly, the Petya/NotPetya software uses a Microsoft (MSFT) Windows vulnerability similar to the one exploited by the WannaCry 2.0 ransomware which hit the web a few weeks ago. But it looks like that exploit, which was originally used by the NSA and called EternalBlue, is just one of three attack points this ransomware takes advantage of.

If your computer is infected with malware, your best bet is to simply erase the entire system. Ransomware programs sometimes require you to pay in Bitcoin, an anonymous currency that can’t be tracked.

However, criminals have increasingly begun demanding payment in the form of iTunes or Amazon gift cards, since the average person doesn’t know how to use Bitcoin, according to McAfee’s Gary Davis.

The amount you have to pay to unlock your computer can vary, with some experts saying criminals will ask for up to $500.

To be clear, ransomware doesn’t just target Windows PCs. The malware has been known to impact systems ranging from Android phones and tablets to Linux-based computers and Macs.

Where it comes from

According to Davis, ransomware was actually popular among cybercriminals over a decade ago. But it was far easier to catch the perpetrators back then since anonymous currency like Bitcoin didn’t exist yet. Bitcoin helped changed all that by making it nearly impossible to track criminals based on how victims pay them.

There are multiple types of ransomware out there, according to Chester Wisniewski, a senior security advisor with the computer security company Sophos. Each variation is tied to seven or eight criminal organizations.

Those groups build the software and then sell it on the black market, where other criminals purchase it and then begin using it for their own gains.

How they get you

Ransomware doesn’t just pop up on your computer by magic. You actually have to download it. And while you could swear up and down that you’d never be tricked into downloading malware, cybercriminals get plenty of people to do just that.

Here’s the thing: That email you opened to get ransomware on your computer in the first place was specifically written to get you to believe it was real. That’s because criminals use social engineering to craft their messages.

For example, hackers can determine your location and send emails that look like they’re from companies based in your country.

“Criminals are looking are looking up information about where you live, so you’ll click (emails),” Wisniewski explained to Yahoo Finance. “So if you’re in America, you’ll see something from Citi Bank, rather than Deutsche Bank, which is in Germany.”


Cybercriminals can also target ransomware messages to the time of year. So if it’s the holiday shopping season, criminals might send out messages supposedly from companies like the US Postal Service, FedEx or DHL. If it’s tax time, you could receive a message that says it’s from the IRS.

Other ransomware messages might claim the FBI has targeted you for using illegal software or viewing child pornography on your computer. Then, the message will tell you to click a link to a site to pay a fine — only to lock up your computer after you click.

It’s not just email, though. An attack known as a drive-by can get you if you simply visit certain websites. That’s because criminals have the ability to inject their malware into ads or links on poorly secured sites. When you go to such a site, you’ll download the ransomware. Just like that, you’re locked out of your computer.

How to protect yourself

Ransomware attacks vulnerabilities in outdated versions of software. So, believe it or not, the best way to protect yourself is to constantly update your operating system’s software and apps like Adobe Reader. That means you should always click that little “update” notification on your desktop, phone, or tablet. Don’t put it off.

Beyond that, you should always remember to back up your files. You can either do that by backing them up to a cloud service like Amazon (AMZN) Cloud, Google (GOOG,GOOGL) Drive or Apple’s (AAPL) iCloud, or by backing up to an external drive.

That said, you’ll want to be careful with how you back up your content. That’s because, according to Kaspersky Lab’s Ryan Naraine, some ransomware can infect your backups.

A ransomware attack screen designed to look like an official message from the F.B.I

Naraine warns against staying logged into your cloud service all the time, as some forms of malware can lock you out of even them. What’s more, if you’re backing up to an external hard drive, you’ll want to disconnect it from your PC when you’re finished, or the ransomware could lock that, as well.

Naraine also says you should disconnect your computer from the internet if you see your system being actively encrypted. Doing so, he explains, could prevent all of your files that have yet to be encrypted from being locked.


Above all, every expert I spoke with recommended installing some form of anti-virus software and some kind of web browser filtering. With both types of software installed, your system up to date, and a backup available, you should be well-protected.

Oh, and for the love of god, avoid downloading any suspicious files or visiting sketchy websites.

What to do if you’re infected

Even if you follow all of the above steps, ransomware could still infect your computer or mobile device. If that’s the case, you have only a few options.

The first and easiest choice is to delete your computer or mobile device and reinstall your operating system. You’ll lose everything, but you won’t have to pay some criminal who’s holding your files hostage.

Some security software makers also sell programs that can decrypt your files. That said, by purchasing one, you’re betting that it will work on the ransomware on your computer, which isn’t always the case. On top of that, ransomware makers can update their malware to beat security software makers’ offerings.

All of the experts agree that the average person should never pay the ransom — even if it means losing their files. Doing so, they say, helps perpetuate a criminal act and emboldens ransomware makers.

Even if you do pay up, the ransomware could have left some other form of malware on your computer that you might not see.

In other words: Tell the criminals to take a hike.

Source: This article was published Yahoo Finance By Daniel Howley

Categorized in Internet Privacy

Answer: a whole lot of things. But prospects for the IoT are not all bleak. We talk to the man behind the Internet of Shit Twitter account and others for their insight.

If the Internet of Things (IoT) industry is the Jedi order, with Philips Hue lightsabers and "smart" cloud-based Force powers, then popular Twitter account Internet of Shit is a Sith Lord. At a time when the technology industry seems eager to put a chip in everything, consequences be damned, Internet of Shit puts a name to the problem of new, useless electronics and highlights that some of these products may not be as benign as we think.


I spoke with the account's operator under the condition of anonymity, a courtesy PCMag extends when we feel the public good outweighs all other considerations. I will refer to this person as IOS. I would love to say that I met IOS in a darkened parking garage, but our conversation took place over Twitter direct message and email. Ho-hum.

The Internet of Shit's Twitter account focuses on the niche and the popular. In the case of, say, paying for a meal using a smart water bottle, it rightly questions the utility. It highlights the absurdity of having to wait for fundamental necessities, like light and heat, that are unavailable after "smart" products receive firmware updates.


As you might imagine, the Internet of Shit is able to eviscerate the industry it mocks so effectively because that industry is close to its heart. "It happened so naturally," IOS said. "I used to spend a lot of time on Kickstarter and saw the rise of the Internet of Things there. It seemed like every other day some mundane object was having a chip shoved into it, but nobody—even in the media—was being that critical about it. [Websites] would just say things like, 'Wow, we can finally get the internet in an umbrella.'"

IOS sees himself as something of a devil's advocate or collective conscience for consumer culture. In his eyes, the Twitter account is a much-needed sanity check on Silicon Valley's faux-optimism run amok. "When we go too far, the important question technology people tend to forget is: Who actually needs this? An oven that can't cook properly without the internet? Why aren't people designing these things better?"

But more than poor design and specious claims of utility, IOS's primary concern is one of privacy and, ultimately, personal security: "I do see IoT as inherently risky, though. I don't trust these companies not to leak my data or not to be severely hacked in the future."

In a Medium post written early in the Twitter account's life, IOS said he was worried that companies would begin looking for ways to monetize data gathered from people's homes. From that story: "If Nest wanted to increase profits it could sell your home's environment data to advertisers. Too cold? Amazon ads for blankets. Too hot? A banner ad for an air conditioner. Too humid? Dehumidifiers up in your Facebook." 


IOS still stands by these concerns. "The reason the IoT is so compelling to manufacturers isn't that they're adding smart features to your life—that's just a byproduct," he wrote me. "It's more that by doing so, they get unprecedented insight into how those devices are being used, such as how often, what features you use the most, and all the data that comes with that."

IOS says that IoT companies need to be much more upfront about their data-gathering policies, and who can access information that may be gathered by these devices. "The question we all need to decide is what level of access we're willing to give these companies in exchange for the data they get—and who we trust with that is key."

On Christmas Day in 2016, IOS enabled his lights to blink whenever his handle was mentioned on Twitter. The results were intense, anticlimactic, and brief, illustrating perhaps all that IOS loathes about the Internet of Things.

Internet of Insecurity

Far worse than the effect useless IoT devices have on consumers' wallets, though, is the effect they have on personal security. IOS's fears of a marketplace for user data collected by IoT devices is not far-fetched (how do you think free apps and free internet news companies make money?), and there are already other, very real threats.


Attendees at the Black Hat 2016 conference were treated to footage from security researcher Eyal Ronen. Using his research, he was able to seize control of Philips Hue lights from a drone hovering outside an office building. The attack was notable not only for its dramatic results and for using a drone but also because the building was home to several well-known security companies.

Ronen explained to me that he was attempting to demonstrate that an attack against a top-tier line of IoT devices was possible. "There are a lot of IoT hacks aimed at low-end devices that have no real security. We wanted to test the security of a product that is supposed to be safe," he said. He was also keen to attack a well-known company and settled on Philips. Ronen said that it was harder to crack than he initially thought, but he and his team found and exploited a bug in the ZigBee Light Link software, a third-party communication protocol used by several IoT companies and regarded as a mature and secure system.

"It uses advanced cryptographic primitives, and it has strong security claims," said Ronen. "But at the end, in a relatively short time with very low-cost hardware worth around $1,000, we were able to break it," said Ronen.

Video of Ronen's attack (above) shows the lights of the building flashing in sequence, following his commands sent remotely via a hovering drone. If this were to happen to you, it would be annoying—perhaps no more annoying than any of the scenarios IOS highlights on his Twitter account. But security professionals maintain that there are far greater consequences for IoT security.


"In a previous work, we showed how to use lights to exfiltrate data from [an] air-gapped network and cause epileptic seizures, and in this work we show how we can use lights to attack the electric grid and jam Wi-Fi," Ronen told me. "IoT is getting into every part of our lives, and the security of it can affect everything from medical devices to cars and homes."

A Lack of Standards

Ronen's attack took advantage of proximity, but Chief Security Researcher Alexandru Balan at Bitdefender outlined many other security faults that come baked into some IoT devices. Hardcoded passwords, he said, are particularly problematic, as are devices that are configured to be accessible from the open internet.

It was this combination of internet accessibility and simple, default passwords that has caused havoc in October 2016 when the Mirai botnet took major services like Netflix and Hulu either offline or made them so slow as to be unusable. A few weeks later, a variant of Mirai throttled internet access in the entire nation of Liberia.

"The worst of them are devices that are directly exposed to the internet with default credentials," said Balan. "[These devices] can be found with IoT search engines like Shodan or by simply crawling the internet and accessing them with admin admin, admin 1234, and so forth," continued Balan, listing examples of overly simplistic and easily guessable passwords. Because these devices have minimal security and can be attacked from the internet, the process of infecting them can be automated, leading to thousands or millions of corrupted devices.

Not long after news of Mirai broke, I looked at this scenario and blamed the IoT industry for ignoring the warnings about poor authentication and unnecessary online accessibility. But Balan would not go so far as to call these flaws obvious. "[Attackers] need to do reverse engineering on the firmware to extract those credentials, but it's very often the case that they find hard-coded credentials in the devices. The reason for that is that in a lot of cases, there's no standards when it comes to IoT security."


Vulnerabilities like these arise, hypothesized Balan, because IoT companies operate on their own, without universally accepted standards or security expertise. "It's easier to build it like this. And you can say that they're cutting corners, but the main issue is that they're not looking into how to properly build it in a secure fashion. They're just trying to make it work properly."

Even when companies develop fixes for attacks like the one Ronen discovered, some IoT devices aren't able to apply automatic updates. This puts the onus on consumers to find and apply patches themselves, which can be particularly daunting on devices that aren't intended to be serviced.

But even with devices that can be easily updated, vulnerabilities still exist. Several researchers have shown that not all IoT developers sign their updates with a cryptographic signature. Signed software is encrypted with the private half of an asymmetric cryptographic key owned by the developer. The devices receiving the update have the public half of the key, which is used to decrypt the update. This ensures that the update is official and hasn't been tampered with, since signing a malicious update or modifying the software update would require the developer's secret key. "If they do not digitally sign their updates, they can be hijacked, they can be tampered with; code can be injected into those updates," said Balan.

Beyond simply flicking lights on and off, Balan said that infected IoT devices can be used as a part of botnet, as seen with Mirai, or for far more insidious purposes. "I can extract your Wi-Fi credentials, because you've obviously hooked it to your Wi-Fi network and being as [the IoT device] is a Linux box, I can can use it to pivot and start to launch attacks within your wireless network.

"Within the privacy of your own LAN network, authentication mechanisms are lax," continued Balan. "The problem with LAN is that once I am in your private network, I can have access to almost everything that's happening in there." In effect, corrupted IoT becomes a beachhead for attacks on more valuable devices on the same network, such as Network Attached Storage or personal computers.

Perhaps it's telling that the security industry has started looking closely at the IoT. Over the last few years, several products have entered the market claiming to protect IoT devices from attack. I have seen or read about several such products and reviewed Bitdefender's offering. Called the Bitdefender Box, the device attaches to your existing network and provides antivirus protection for every device on your network. It even probes your devices for potential weaknesses. Bitdefender will launch the second version of its Box device this year. Norton will enter its own offering (below), boasting deep-packet inspection, while F-Secure has also announced a hardware device.

As one of the first to market, Bitdefender is in the unique position of having a background in software security—and then designing consumer hardware that would, presumably, be impeccably secure. How was that experience? "It was very hard," answered Balan.

Bitdefender does have a bug bounty program (a monetary reward offered to programmers who uncover and provide a solution to a bug on a website or in an application), which Balan confirmed has helped the development of the Box. "No company should be arrogant enough to believe it can find all of the bugs on their own. This is why bug bounty programs exist, but the challenge with hardware is that there may be backdoors within the actual chips."

"We know what to look for and what to look at and we actually have a hardware team that can take apart and look into each one of the components on that board. Thankfully, that board is not that large."

It's Not All Shit

It is easy to discount an entire industry based on its worst actors, and the same is true for the Internet of Things. But George Yianni, the Head of Technology, Home Systems, Philips Lighting finds this view particularly frustrating.

"We took [security] very seriously from the beginning. This is a new category. We have to build trust, and these [attacks] actually damage trust. And that's also why I think the biggest shame of the products that have not done such a good job is that it erodes trust in the overall category. Any product can be made badly. It's not a criticism of the overall industry."


As is often the case for security, how a company responds to an attack is often more important than the effects of the attack itself. In the case of the drone attack on Philips devices, Yianni explained that Ronen submitted his findings through the company's existing responsible-disclosure program. These are procedures that are put in place to allow companies time to respond to a security researcher's discovery before it is made public. That way, consumers can be assured that they are safe and the researchers gets the glory.

Ronen had found a bug in a third-party software stack, said Yianni. Specifically, it was the part of the ZigBee standard that limits communication to devices within two meters. Ronen's work, as you will recall, was able to take control from a distance—40 meters away with a standard antenna and 100 meters with a boosted antenna. Thanks to the responsible disclosure program, Yianni said Philips was able to roll out a patch to the lights in the field before Ronen told the world about the attack. 

Having seen many companies grapple with a public security breach or the result of a security researcher's work, Yianni and Philips's response may sound like after-the-fact back-patting—but it really was a success. "All our products are software-updatable, so that things can be fixed," Yianni told me. "The other thing[s] we do [are] security risk assessment, security audits, penetration testing [hiring people to attack your product or organization, then using the info to keep bad guys from doing the same] on all of our products. But then we also run these responsible disclosure processes, so that if something does come through, we're able to find out in advance and fix it very quickly.


"We have an entire process where we can push software updates from our entire cloud down to the [Hue Hubs] and distribute it to all of the lights. That's super important, because the space is moving so fast and these are products that are going to last 15 years. And if we're going to make sure that they are still relevant in terms of functionality and to be sufficiently secure for the latest attacks, we need to have that."

In his correspondence with me, Ronen confirmed that Philips had indeed done an admirable job securing the Hue lighting system. "Philips [has] put a surprising amount of effort in securing the lights," Ronen told me. "But unfortunately, some of [its] basic security assumptions that relied on the underlying Atmel's chip security implementation were wrong." As Balan pointed out with Bitdefender's work on the Box, every aspect of the IoT device is subject to attack.

Philips also designed the central Hub—the device required for coordinating networks of Philips IoT products—to be inaccessible from the open internet. "All connections to the internet are initiated from the device. We never open ports on routers or make it so that a device on the internet can directly talk to the [Hue Hub]," explained Yianni. Instead, the Hub sends requests out to Philips's cloud infrastructure, which responds to the request instead of the other way around. This also allows Philips to add extra layers to protect consumers devices without having to reach into their home and make any changes. "It's not possible for the [devices] to be communicated with from outside the Hub unless you're routed through this cloud where we can build additional layers of security and monitoring."


Yianni explained that this was all part of a multilayered approach Philips took to securing the Hue lighting system. Since the system is composed of several different pieces—from the hardware inside the bulbs to the software and hardware on the Hue Hub to the app within users' phones—different measures had to be taken at all levels. "All of them need different security measures to keep them safe. They all have different levels of risk and vulnerability. So we do different measures for all of these different parts," said Yianni.

This included penetration testing but also a bottom-up design intended to thwart attackers. "There [are] no global passwords like what was used in this Mirai botnet," said Yianni. The Mirai malware had dozens of default passcodes that it would use in an attempt to take over IoT devices. "Every [Hue Hub] has unique, asymmetrically signed keys to verify firmware, all this stuff. One device having its hardware modified, there's no global risk from that," he explained.

This also applies to the value of IoT devices. "A lot of these products tend to be connectivity for the sake of connectivity," he said. "The need to automate everything inside your home is not a problem many consumers have, and that's very hard to get your head around. We think that products that do well are the ones which offer an easier-to-understand value toward consumers."

The Irresistible Internet of Things

Knowing the risks about IoT, and even acknowledging its frivolousness, certainly hasn't stopped people from buying smart lighting such as Philips Hue, always-listening home assistants such as Google Home$129.00 at Best Buy or the Amazon Echo$179.99 at Amazon, and yes, smart water bottles. Even the operator of Internet of Shit is a huge IoT fan.


"The real irony behind the Internet of Shit is that I'm a sucker for these devices," said IOS. "I'm an early adopter and work in technology, so a lot of the time I can't resist these things." IOS lists Philips connected lights, the Tado thermostat, the Sense sleep tracker, smart speakers, the Canary camera$159.99 at Amazon, and Wi-Fi-connected plugs among his futuristic home amenities.

"I'm aware that the account got accidentally far bigger than I ever imagined, and I don't ever want to discourage people from going into technology—I think that experimenting with dumb ideas is how great ideas can be born, which is something that Simone Giertz taught me a little bit," said IOS.

Giertz, an absurdist roboticist and YouTuber, is the mind behind Shitty Robots. Her creations include a drone that gives haircuts—or, rather, fails to—and a massive hat that places sunglasses dramatically on her face. Think of it as Rube Goldberg with a healthy dose of Silicon Valley cynicism.

The person behind IOS does report that he is trying to rein in his early-adopter instincts these days. "I think the moment I had to update my lightbulbs' firmware to turn them on was a bit of a realization for me..."

Bitdefender's Balan said he uses light bulbs that double as Wi-Fi repeaters. These devices extend both light and Wi-Fi to every corner of his home. But they are also loaded with many of the vulnerabilities he derided, including weak default passwords. When it comes to the IoT, though, he remains undaunted.


"It's like sex," he told me. "You wouldn't do it without a condom. We like sex, sex is awesome, we're not gonna give up sex just because it's dangerous. But we're gonna use protection when we're doing it." Instead of lapsing into paranoia, he believes consumers should rely on security companies and educated friends who can identify the companies that take security seriously with bug bounties and secure, frequent update tools.

And does the drone-piloting hacker Ronen use IoT? "Currently, no," he said. "I am afraid about the effect is has on my privacy and security. And the benefits are not high enough for my needs."

Even your humble author, who has resisted the siren song of talking smoke detectors and color-changing lights for years, has started to crumble. Recently, in an effort to spruce up the office for the holidays, I found myself setting up three separate smart lights. The result, was horrifyingly, compellingly beautiful.


Meanwhile, a brand-new Philips Hue light is sitting in my Amazon shopping basket. Someday soon, I'll press the Buy Now button.

Source: This article was published on pcmag.com by MAX EDDY

Categorized in Science & Tech

Following Mirai, the Persirai botnet is the latest to take over connected devices and use them to launch denial-of-service attacks

Researchers have uncovered a new botnet that takes over Internet-connected cameras in order to launch denial-of-service attacks, following in the footsteps of the notorious Mirai botnet.

The new malware, called Persirai, appears to be controlled by Iranian nationals, since the addresses of its command servers use the controlled .ir domain and special Persian characters were used in its code, according to Trend Micro.

120,000 vulnerable devices

Persirai targets more than 1,000 models of IP cameras and Trend found more than 120,000 vulnerable devices listed on the Shodan Internet of Things (IoT) search engine.


“Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet,” Trend said in an advisory. “This makes it significantly easier for the perpetrators behind the malware to gain access to the IP Camera web interface via TCP Port 81.”ENISA botnet report, Mirai

The IP cameras use a connection standard called Universal Plug and Play (UPnP), which allows them to open a port on the network’s router and connect to the external Internet as a server without any action on the user’s part, making them vulnerable to malware.

Persirai attacks cameras using a security bug made public several months ago, and installs code that causes the device to automatically begin attacking other cameras using the same vulnerability.

While running the malware code blocks other attacks that make use of the same bug.Since it runs in memory only, the malware is disabled when the device is rebooted – but the device then also becomes vulnerable to attacks once again.

Infected cameras receive commands from the attacker’s servers that can direct distributed denial-of-service (DDoS) attacks against other systems, Trend said.

The company said the manufacturer of the device it tested said it had released a firmware update fixing the vulnerability used by Persirai, but Trend wasn’t able to find a more recent firmware version.

Botnet disruption

The security firm advised users to change the default passwords on their Internet-connected devices, if they haven’t already done so.


“Users should also disable UPnP on their routers to prevent devices within the network from opening ports to the external Internet without any warning,” Trend advised.

HSBC, security

DDoS attacks by Mirai and other IoT botnets prompted a similar warning from the US Department of Homeland Security (DHS) in October of last year.

In March, researchers said a Mirai variant had been used to carry out a 54-hour-long attack on a US college, and in April IBM uncovered another variant that used devices’ processing power to mine Bitcoins.

Mirai uses open source code that has been released to the public, making it simpler for attackers to create their own customised versions.

Last month the developer of BrickerBot, which aims to render vulnerable gadgets inoperable so that they can’t be used by botnets, said the tool had disabled two million devices to date.

Source: This article was published on silicon.co.uk by Matthew Broersma

Categorized in Science & Tech

Kiev - Ukraine's security service on Monday searched offices of Russian internet giant Yandex as part of a treason probe after Kiev banned its popular search engine earlier in May.

"Employees of the Security Service of Ukraine (SBU) conducted sanctioned searches in the offices of the subsidiary of the Russian company Yandex in Kiev and Odessa," the SBU said in a statement.

The security agency said the searches were part of a treason probe and accused Yandex of passing on the personal details of Ukrainian citizens, including military personnel, to authorities in Russia.


"The information was handed over to the Russian intelligence services for the purposes of planning, organising and carrying out espionage, sabotage and subversive operations in our country," it said.

Yandex confirmed the searches at its offices but said it had no "information" about the activities of the Ukrainian security agency.

"Yandex is ready to provide all information regarding its operations in Ukraine, according and limited by Ukrainian legal procedures," said company spokesperson Ksenia Korneyeva.

The latest move comes after Ukraine blocked Russia's most popular social media networks and the Yandex search engine earlier in May in response to the Kremlin's alleged backing of a three-year separatist war in the east.

Moscow and Kiev have been locked in a bitter feud since the Kremlin seized Crimea the Crimea peninsula in 2014.

The Kremlin described Ukrainian President Petro Poroshenko's decision to ban its sites as "another manifestation of unfriendly, short-sighted policy toward Russia".

The ban remains in effect for three years.

Source: This article was news24.com

Categorized in Search Engine

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media