Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday April 16 2018, @02:50AM   Printer-friendly
from the toolboxes-exposed dept.

From Engadget:

Throughout discussions about Cambridge Analytica, parent company Strategic Communication Laboratories (SCL) and how they came to obtain information on some 87 million Facebook users, you've probably also heard the name AggregateIQ. The Canada-based data firm has now been connected to Cambridge Analytica operations as well as US election campaigns and the Brexit referendum. Now, cybersecurity firm UpGuard has discovered a large code repository that AggregateIQ left exposed online, and through that we're getting a better look at the company, what it does and how it does it.

From the first of Upguard's multipart series:

On the night of March 20th, 2018, UpGuard Director of Cyber Risk Research Chris Vickery discovered a large data warehouse hosted on a subdomain of AIQ and using a custom version of popular code repository Gitlab, located at the web address gitlab.aggregateiq.com. Entering the URL, Gitlab prompts the user to register to see the contents - a free process which simply requires supplying an email address. Once registered, contents of the dozens of separate code repositories operated on the AggregateIQ Gitlab subdomain are entirely downloadable. Within these repositories appear to be nothing less than mechanisms capable of organizing vast quantities of data about individuals, measuring how they are being influenced or reached by advertising, and even tracking their internet browsing behavior.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Interesting) by Fluffeh on Monday April 16 2018, @03:14AM (6 children)

    by Fluffeh (954) Subscriber Badge on Monday April 16 2018, @03:14AM (#667478) Journal

    The problem here is that the poeple who SHOULD be getting angry about this, the normal day to day users - they won't get angry because they don't understand what all this "targeted ad stuff does" and what it means to them. The ones that ARE getting outraged every time something like this makes the news - well, they were already angry about privacy to start off with, so nothing new there.

    The outcomes that can be done by careful influencing and the like, swaying voters, pushing referendums across the line or just stopping people being outraged by something - they are insidious in their outcomes, but by that time, it's almost impossible to prove that they did the influencing - especially when a person has chosen a particular opinion for their own.

    • (Score: 3, Insightful) by Anonymous Coward on Monday April 16 2018, @03:32AM (4 children)

      by Anonymous Coward on Monday April 16 2018, @03:32AM (#667484)

      What gets me is the DNC utter refusal to admit they bungled the hell out of the 2016 election. When you have Bill Maher looking into the camera putting his head in his hands and going 'oh god its that bad' you know they screwed up. They honestly thought barking like a dog at half their potential audience was a good idea. They honestly thought calling half the nation 'deplorable' was a good idea. I watched the whole train wreck in awe of how spectacularly bad she was at it. Of course Trump beat her. He played the correct game and knew what game to play. She played the insult everyone you do not like and try to make your core audience feel smug game. Hillary did not convince people to vote for her. She convinced people to NOT vote for her. Maybe if they come up with more insulting terms to subdivide people maybe that group will vote for them.

      These stat gathering clearinghouses are nothing new. Our whole premise of not paying for internet items is built upon the back of it. The FANG group is the masters of the universe at it. They are literally how we get things for free on the internet. The DNC has decided to throw one of them under the bus to try to deflect away from them how bad they tracking actual humans.

      My prediction is we get a do nothing law out of it. The FANG companies keep doing what they do. What we really need is TITLE III for internet companies and ISPs. It can even be 1 page long. You do not get to spy on your users, you do not get to prioritize packets, at all. Just like the phone companies needed the same curb stomping when TITLE I came out. These companies literally turned themselves into spy agencies. Then act all shocked when called out on it. Because suddenly they decided 'dont be evil' means 'censor the shit out of everyone'.

      • (Score: 4, Interesting) by Nutria on Monday April 16 2018, @04:55AM (3 children)

        by Nutria (6911) on Monday April 16 2018, @04:55AM (#667513)

        She played the insult everyone you do not like and try to make your core audience feel smug game.

        Isn't that what Trump did (with the possible exception of "and try to make your core audience feel angry" instead of smug, which is a lot more motivating)?

        • (Score: 5, Insightful) by Runaway1956 on Monday April 16 2018, @06:12AM (2 children)

          by Runaway1956 (2926) Subscriber Badge on Monday April 16 2018, @06:12AM (#667528) Journal

          Which part of MAGA did you not understand? So very many of you are contemptuous of nationality and nationalism. That is why you can't understand how and why Trump won.

          It's telling that a relatively dull man, one with poor morals and ethics, a man who isn't even part of the working class, and fails to really relate to the working class - a man with all of these disadvantages - can understand nationalism, and how to make it work for him.

          It is also telling that you are so very out of touch, that you can't see that.

          Hillary is not one of ours. She couldn't even win the women's vote, as hard as the DNC hammered on the feminism drum toward the end of the campaign.

          Trump didn't divide the nation - Hillary did, and now you are doing the same.

          Go back to square one, and try to find a candidate to rally behind, who has some chance of beating Trump in the next election. But, if you choose another divisive bitch, don't expect to win with her. Or, if you choose an emasculated weenie - same. People demand someone with balls to follow. Someone like a Margaret Thatcher, who had far more balls than many of our male candidates.

          MAGA. Try that out. Don't mock it because Trump said it first. Roll it around on your lips. Make America Great Again. It's pretty damned appealing.

          As much as I disagree with the government attacking Syria (again) you'll have to admit that Trump is a bit more careful about choosing his fights than Bush was. Trump established some limited objectives, and it appears that he reached those objectives. He didn't over reach, like Bush. That's the kind of thing that can make a nation feel good.

          MAGA. Practice it. It feels good to be American. Try being American, and forget about all the divisive bullshit the DNC has been feeding you for the past couple decades. Because, THAT is why Trump won the election.

          • (Score: 0) by Anonymous Coward on Monday April 16 2018, @01:41PM (1 child)

            by Anonymous Coward on Monday April 16 2018, @01:41PM (#667617)

            Can MAGA stop both Republican AND Democratic business owners from routinely outsourcing to companies like HCL? That's a problem. A problem that coal mining and steel mills won't solve.

            I keep waiting for the IT industry that America made to become great again. We don't even have to build new factories; there are unemployed and underemployed people available to turn such a "bring the jobs back and prevent them from leaving" to shovel-ready projects.

            • (Score: 3, Insightful) by Runaway1956 on Monday April 16 2018, @02:01PM

              by Runaway1956 (2926) Subscriber Badge on Monday April 16 2018, @02:01PM (#667627) Journal

              Tough question. Can it stop outsourcing and imports? Yeeeessss, I suppose it could. But, I don't see it happening. As with so many other issues (illegal alien invasions, for instance) the most vital ingredient is willpower. I'm not sure that America has the will, nor am I sure that Trump has the ability to impart such a will.

              America can do damned near anything that it decides to do. We achieved the almost-impossible when we put people on the moon. Just about anything that the public takes a strong interest in can be done. But, we need someone like JFK to make the speeches that fire us up.

              I don't really think that Trump can be that charismatic mouthpiece that fires up the public. Then again - maybe he can be. The squirelly bastard proved all of mainstream media wrong by getting elected. He's got something, even if I can't identify with it.

    • (Score: 4, Interesting) by Ethanol-fueled on Monday April 16 2018, @03:35AM

      by Ethanol-fueled (2792) on Monday April 16 2018, @03:35AM (#667487) Homepage

      I will tell you all a dirty little secret: for two weeks I worked as Tier-1 tech support for a large financial firm.

      Tech support scum get to see the details -- "Please give me a second while I bring up the information, sir," -- that they know about their customers. Along with the details were the customer's age, and if not known, the approximate age. Now, some of you would consider that highly unethical, but tech support scum need all information possible to deliver the optimal customer service experience. As it turns out, when you have a person of 80 years of age and with a lot of big accounts, then that sets the stage for you being a lot more patient with them even before they know it, even if they are shitting their pants on an hourly basis.

      People like those are in congress and with even more technical naiveté. They are the people making national security decisions and rubber-stamping war decisions. It seems that some of our congresscritters have finally learned for some reason about "cookies" and maybe even a layman's description of Google and Facebook's tracking mechanisms. I guess that's a step in the right direction.

  • (Score: 1, Interesting) by Anonymous Coward on Monday April 16 2018, @03:17AM

    by Anonymous Coward on Monday April 16 2018, @03:17AM (#667480)

    Doesn't matter what trinkets they like, doesn't matter what their political affiliation or goals are, as long as people are properly categorized into neat little boxes, they will be more effectively marketed too, BIG DATA HO!

    Alt right? Alt left? Tankie? That's right, be good little consumers, get into your skinner boxes and be sure to support your pet cause by buying our trinkets.

  • (Score: 3, Interesting) by bmimatt on Monday April 16 2018, @03:19AM

    by bmimatt (5050) on Monday April 16 2018, @03:19AM (#667481)

    Is there a repo where we can read through the code? Seems like that could be somewhat interesting.

  • (Score: 4, Interesting) by MichaelDavidCrawford on Monday April 16 2018, @03:31AM (6 children)

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Monday April 16 2018, @03:31AM (#667483) Homepage Journal

    I wanna do something like:

    127.0.0.1 aggregateiq.com

    But it's likely their analytics servers use a different domain, as is the case with Google Analytics.

    If you can be bothered to download the whole source base, try this:

      $ cd $BASE_OF_SOURCE_TREE
      $ find . -type f -exec grep -i \.gif {} \; -print

    Then give me the filenames it prints.

    I Am Eternally In Your Debt.

    --
    Yes I Have No Bananas. [gofundme.com]
    • (Score: 0) by Anonymous Coward on Monday April 16 2018, @03:36AM (3 children)

      by Anonymous Coward on Monday April 16 2018, @03:36AM (#667488)

      MDC you should know better with hosts files.

      Use a proper bind server or squid server and do it right. https://is.gd/huRIkY [is.gd]

      Hosts files only work for fully qualified domains. *.xyz.net does not work.

      • (Score: 2) by MichaelDavidCrawford on Monday April 16 2018, @04:08AM

        by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Monday April 16 2018, @04:08AM (#667500) Homepage Journal

        I've been thinking about patching DJBDNS to permit pre-loading blackholed IP addresses from a text file.

        I've never used bind because of all the security holes I keep hearing about, but I expect it should be good enough for my purposes.

        Thanks for the tip!

        --
        Yes I Have No Bananas. [gofundme.com]
      • (Score: 0) by Anonymous Coward on Monday April 16 2018, @04:11AM (1 child)

        by Anonymous Coward on Monday April 16 2018, @04:11AM (#667502)

        Why play whack-a-mole with long, probably out-of-date blacklists? Better to use a custom personal whitelist as that will get 100% of the buggers. (This implementation is browser only and of course having a custom list will add to your fingerprint if some serious player wants to track you...)

        https://addons.mozilla.org/en-US/firefox/addon/requestpolicy-legacy/ [mozilla.org]

        • (Score: 4, Informative) by Runaway1956 on Monday April 16 2018, @04:45AM

          by Runaway1956 (2926) Subscriber Badge on Monday April 16 2018, @04:45AM (#667508) Journal

          probably out-of-date blacklists?

          The hosts lists are constantly being updated, true. Sites do come and go. But, when you consider the number of sites included in the old respected hosts files, then realize how many of them have remained from day one - the files are worth the effort of installing. Especially considering that there are scripts to do the updating, with no further input from the user.

          I recommend hosts file, they really help. What I do NOT recommend, is reliance on the hosts file alone!

    • (Score: 3, Informative) by WizardFusion on Monday April 16 2018, @09:35AM

      by WizardFusion (498) Subscriber Badge on Monday April 16 2018, @09:35AM (#667558) Journal

      Use https://pi-hole.net/ [pi-hole.net] , it's a much better method

    • (Score: 2) by Snotnose on Monday April 16 2018, @01:45PM

      by Snotnose (1623) on Monday April 16 2018, @01:45PM (#667619)

      $ find . -type f -exec grep -i \.gif {} \; -print

      find . -iname \*.gif -print

      Find is a wonderful tool with a crappy manual.

      --
      Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
  • (Score: 0) by Anonymous Coward on Monday April 16 2018, @03:57AM (2 children)

    by Anonymous Coward on Monday April 16 2018, @03:57AM (#667496)

    Vague, overarching assertions, lots of innuendo, zero concrete content.

    IT security dorks are called clowns for good reasons.

    • (Score: 0) by Anonymous Coward on Monday April 16 2018, @11:18AM (1 child)

      by Anonymous Coward on Monday April 16 2018, @11:18AM (#667576)

      Vague, overarching assertions, lots of innuendo, zero concrete content.

      IT security dorks are called clowns for good reasons.

      Vague, overarching assertions, lots of innuendo, zero concrete content.

      Anonymous cowards are called clowns for good reasons.

      • (Score: 0) by Anonymous Coward on Monday April 16 2018, @01:33PM

        by Anonymous Coward on Monday April 16 2018, @01:33PM (#667615)

        You mean it's not my red nose and floppy shoes?

(1)