Entries Tagged "Twitter"

Page 4 of 7

Geolocating Twitter Users

Interesting research into figuring out where Twitter users are located, based on similar tweets from other users:

While geotags are the most definitive location information a tweet can have, tweets can also have plenty more salient information: hashtags, FourSquare check-ins, or text references to certain cities or states, to name a few. The authors of the paper created their algorithm by analyzing the content of tweets that did have geotags and then searching for similarities in content in tweets without geotags to assess where they might have originated from. Of a body of 1.5 million tweets, 90 percent were used to train the algorithm, and 10 percent were used to test it.

The paper.

Posted on March 26, 2014 at 1:10 PMView Comments

Building an Online Lie Detector

There’s an interesting project to detect false rumors on the Internet.

The EU-funded project aims to classify online rumours into four types: speculation—such as whether interest rates might rise; controversy—as over the MMR vaccine; misinformation, where something untrue is spread unwittingly; and disinformation, where it’s done with malicious intent.

The system will also automatically categorise sources to assess their authority, such as news outlets, individual journalists, experts, potential eye witnesses, members of the public or automated ‘bots’. It will also look for a history and background, to help spot where Twitter accounts have been created purely to spread false information.

It will search for sources that corroborate or deny the information, and plot how the conversations on social networks evolve, using all of this information to assess whether it is true or false. The results will be displayed to the user in a visual dashboard, to enable them to easily see whether a rumour is taking hold.

I have no idea how well it will work, or even whether it will work, but I like research in this direction. Of the three primary Internet mechanisms for social control, surveillance and censorship have received a lot more attention than propaganda. Anything that can potentially detect propaganda is a good thing.

Three news articles.

Posted on February 21, 2014 at 8:34 AMView Comments

Another Credit-Card-as-Authentication Hack

This is a pretty impressive social engineering story: an attacker compromised someone’s GoDaddy domain registration in order to change his e-mail address and steal his Twitter handle. It’s a complicated attack.

My claim was refused because I am not the “current registrant.” GoDaddy asked the attacker if it was ok to change account information, while they didn’t bother asking me if it was ok when the attacker did it.

[…]

It’s hard to decide what’s more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification.

The misuse of credit card numbers as authentication is also how Matt Honan got hacked.

Posted on January 31, 2014 at 6:16 AMView Comments

Twitter Users: Please Make Sure You're Following the Right Feed

I have an official Twitter feed of my blog; it’s @schneierblog. There’s also an unofficial feed at @Bruce_Schneier. I have nothing to do with that one.

I wouldn’t mind the unofficial feed—if people are reading my blog, who cares—except that it isn’t working right, and hasn’t been for some time. It publishes some posts weeks late and skips others entirely. I’m only hoping that this one will show up there.

It’s also kind of annoying that @Bruce_Schneier keeps following people, who think it’s me. It’s not; I never log in to Twitter and I don’t follow anyone there.

So if you want to read my blog on Twitter, please make sure you’re following @schneierblog. And if you are the person who runs the @Bruce_Schneier account—if anyone is even running it anymore—please e-mail me at the address on my Contact page. I’d rather see it fixed than shut down, but better for it to be shut down than continue in its broken state.

Posted on January 7, 2014 at 4:53 PMView Comments

US Government Monitoring Public Internet in Real Time

Here’s a demonstration of the US government’s capabilities to monitor the public Internet. Former CIA and NSA Director Michael Hayden was on the Acela train between New York and Washington DC, taking press interviews on the phone. Someone nearby overheard the conversation, and started tweeting about it. Within 15 or so minutes, someone somewhere noticed the tweets, and informed someone who knew Hayden. That person called Hayden on his cell phone and, presumably, told him to shut up.

Nothing covert here; the tweets were public. But still, wow.

EDITED TO ADD: To clarify, I don’t think this was a result of the NSA monitoring the Internet. I think this was some public relations office—probably the one that is helping General Alexander respond to all the Snowden stories—who is searching the public Twitter feed for, among other things, Hayden’s name.

Posted on October 26, 2013 at 5:43 PMView Comments

Twitter's Two-Factor Authentication System

Twitter just rolled out a pretty nice two-factor authentication system using your smart phone as the second factor:

The new two-factor system works like this. A user enrolls using the mobile app, which generates a 2048-bit RSA keypair. The private key lives on the phone itself, and the public key is uploaded to Twitter’s server.

When Twitter receives a new login request with a username and password, the server sends a challenge based on a 190-bit, 32 character random nonce, to the mobile app—along with a notification that gives the user the time, location, and browser information associated with the login request. The user can then opt to approve or deny this login request. If approved, the app replies to a challenge with its private key, relays that information back to the server. The server compares that challenge with a request ID, and if it authenticates, the user is automatically logged in.

On the user end, this means there’s no string of numbers to enter, nor do you have to swap to a third party authentication app or carrier. You just use the Twitter client itself. It means that the system isn’t vulnerable to a compromised SMS delivery channel, and moreover, it’s easy.

Posted on August 8, 2013 at 12:20 PMView Comments

Changes to the Blog

I have made a few changes to my blog that I’d like to talk about.

The first is the various buttons associated with each post: a Facebook Like button, a Retweet button, and so on. These buttons are ubiquitous on the Internet now. We publishers like them because it makes it easier for our readers to share our content. I especially like them because I can obsessively watch the totals see how my writings are spreading out across the Internet.

The problem is that these buttons use images, scripts, and/or iframes hosted on the social media site’s own servers. This is partly for webmasters’ convenience; it makes adoption as easy as copy-and-pasting a few lines of code. But it also gives Facebook, Twitter, Google, and so on a way to track you—even if you don’t click on the button. Remember that: if you see sharing buttons on a webpage, that page is almost certainly being tracked by social media sites or a service like AddThis. Or both.

What I’m using instead is SocialSharePrivacy, which was created by the German website Heise Online and adapted by Mathias Panzenböck. The page shows a grayed-out mockup of a sharing button. You click once to activate it, then a second time to share the page. If you don’t click, nothing is loaded from the social media site, so it can’t track your visit. If you don’t care about the privacy issues, you can click on the Settings icon and enable the sharing buttons permanently.

It’s not a perfect solution—two clicks instead of one—but it’s much more privacy-friendly.

(If you’re thinking of doing something similar on your own site, another option to consider is shareNice. ShareNice can be copied to your own webserver; but if you prefer, you can use their hosted version, which makes it as easy to install as AddThis. The difference is that shareNice doesn’t set cookies or even log IP addresses—though you’ll have to trust them on the logging part. The problem is that it can’t display the aggregate totals.)

The second change is the search function. I changed the site’s search engine from Google to DuckDuckGo, which doesn’t even store IP addresses. Again, you have to trust them on that, but I’m inclined to.

The third change is to the feed. Starting now, if you click the feed icon in the right-hand column of my blog, you’ll be subscribing to a feed that’s hosted locally on schneier.com, instead of one produced by Google’s Feedburner service. Again, this reduces the amount of data Google collects about you. Over the next couple of days, I will transition existing subscribers off of Feedburner, but since some of you are subscribed directly to a Feedburner URL, I recommend resubscribing to the new link to be sure. And if by chance you have trouble with the new feed, this legacy link will always point to the Feedburner version.

Fighting against the massive amount of surveillance data collected about us as we surf the Internet is hard, and possibly even fruitless. But I think it’s important to try.

Posted on March 22, 2013 at 3:46 PMView Comments

Phishing via Twitter

Interesting firsthand phishing story:

A few nights ago, I got a Twitter direct message (DM) from a friend saying that someone was saying nasty things about me, with a link. The link was a shortened (t.co) link, so it was hard to see exactly what it pointed to. I followed the link on my cell phone, and got to a website that certainly looked legit, and I was foolish enough to login. Pwnd. A few minutes later, my Twitter account was spewing tweetspam about the latest pseudo-scientific weight loss fad.

Posted on December 24, 2012 at 6:31 AMView Comments

British Tourists Arrested in the U.S. for Tweeting

Does this story make sense to anyone?

The Department of Homeland Security flagged him as a potential threat when he posted an excited tweet to his pals about his forthcoming trip to Hollywood which read: ‘Free this week, for quick gossip/prep before I go and destroy America’.

After making their way through passport control at Los Angeles International Airport (LAX) last Monday afternoon the pair were detained by armed guards.

Despite telling officials the term ‘destroy’ was British slang for ‘party’, they were held on suspicion of planning to ‘commit crimes’ and had their passports confiscated.

There just as to be more than this story. The DHS isn’t monitoring the Tweets of random British tourists—they just can’t be.

EDITED TO ADD (1/30): According to DHS documents received by EPIC, the DHS monitors the Internet, including social media.

In February 2011, the Department of Homeland Security announced that the agency planned to implement a program that would monitor media content, including social media data. The proposed initiatives would gather information from “online forums, blogs, public websites, and messages boards” and disseminate information to “federal, state, local, and foreign government and private sector partners.” The program would be executed, in part, by individuals who established fictitious usernames and passwords to create covert social media profiles to spy on other users. The agency stated it would store personal information for up to five years.

[…]

The records reveal that the DHS is paying General Dynamics to monitor the news. The agency instructed the company to monitor for “[media] reports that reflect adversely on the U.S. Government, DHS, or prevent, protect, respond government activities.”

[…]

The DHS instructed the company to “Monitor public social communications on the Internet.” The records list the websites that will be monitored, including the comments sections of [The New York Times, The Los Angeles Times, the Huffington Post, the Drudge Report, Wired, and ABC News.]”

Still, I have trouble believing that this is what happened. For this to work General Dynamics would have had to monitor Twitter for key words. (“Destroy America” is certainly a good key word to search for.) Then, they would have to find out the real name associated with the Twitter account—unlike Facebook or Google+, Twitter doesn’t have real name information—so the TSA could cross-index that name with the airline’s passenger manifests. Then the TSA has to get all this information into the INS computers, so that the border control agent knows to detain him. Sure, it sounds straightforward, but getting all those computers to talk to each other that fast isn’t easy. There has to be more going on here.

EDITED TO ADD (1/30): One reader points out that this story is from the Daily Mail, and that it’s prudent to wait for some more reputable news source to report the story.

EDITED TO ADD (1/30): There’s another story from The Register, but they’re just using the Daily Mail.

EDITED TO ADD (1/30): The FBI is looking for someone to build them a system that can monitor social networks.

The information comes from a document released on 19 January looking for companies who might want to build a monitoring system for the FBI. It spells out what the bureau wants from such a system and invites potential contractors to reply by 10 February.

The bureau’s wish list calls for the system to be able to automatically search “publicly available” material from Facebook, Twitter and other social media sites for keywords relating to terrorism, surveillance operations, online crime and other FBI missions. Agents would be alerted if the searches produce evidence of “breaking events, incidents, and emerging threats.”

Agents will have the option of displaying the tweets and other material captured by the system on a map, to which they can add layers of other data, including the locations of US embassies and military installations, details of previous terrorist attacks and the output from local traffic cameras.

EDITED TO ADD (1/30): New reports are saying that customs was tipped off about the two people, and their detention was not a result of data mining:

“Based on information provided by the LAX Port Authority Infoline—a suspicious activity tipline—CBP conducted a secondary interview of two subjects presenting for entry into the United States,” says the spokesperson, who notes that the CBP “denies entry to thousands of individuals” each year. “Information gathered during this interview revealed that both individuals were inadmissible to the United States and were returned to their country of residence.”

This makes a lot more sense to me.

Posted on January 30, 2012 at 10:52 AMView Comments

The Effects of Social Media on Undercover Policing

Social networking sites make it very difficult, if not impossible, to have undercover police officers:

“The results found that 90 per cent of female officers were using social media compared with 81 per cent of males.”

The most popular site was Facebook, followed by Twitter. Forty seven per cent of those surveyed used social networking sites daily while another 24 per cent used them weekly. All respondents aged 26 years or younger had uploaded photos of themselves onto the internet.

“The thinking we had with this result means that the 16-year-olds of today who might become officers in the future have already been exposed.

“It’s too late [for them to take it down] because once it’s uploaded, it’s there forever.”

There’s another side to this issue as well. Social networking sites can help undercover officers with their backstory, by building a fictional history. Some of this might require help from the company that owns the social networking site, but that seems like a reasonable request by the police.

I am in the middle of reading Diego Gambetta’s book Codes of the Underworld: How Criminals Communicate. He talks about the lengthy vetting process organized crime uses to vet new members—often relying on people who knew the person since birth, or people who served time with him in jail—to protect against police informants. I agree that social networking sites can make undercover work even harder, but it’s gotten pretty hard even without that.

Posted on August 31, 2011 at 6:21 AMView Comments

1 2 3 4 5 6 7

Sidebar photo of Bruce Schneier by Joe MacInnis.