Meta settles Cambridge Analytica class-action lawsuit for $725 million

Fallout from Facebook’s Cambridge Analytica privacy scandal continues over four years after it was first exposed. Parent company Meta has agreed to pay $725 million to settle a long-running class-action lawsuit accusing Facebook of allowing Cambridge Analytica and other third parties to access users’ private information, Reuters reports. 

The settlement resolves user claims that Facebook violated federal and state laws by allowing the company’s preferred vendors and partners to harvest their personal data without consent. It’s reportedly the largest ever in a US data privacy class action and the most Meta has ever paid to resolve a class-action lawsuit. 

“This historic settlement will provide meaningful relief to the class in this complex and novel privacy case,” the lead lawyers for the plaintiffs said in a statement. 

Meta admitted no wrongdoing as part of the settlement, which is still subject to approval by a federal judge. “Over the last three years we revamped our approach to privacy and implemented a comprehensive privacy program,” Meta said in a statement, adding that the settlement “was in the best interest of our community and shareholders.” 

Cambridge Analytica, now defunct, worked for Ted Cruz and Donald Trump’s 2016 presidential campaigns. It accessed the personal data of up to 87 million people by an app (thisisyourdigitallife) and used the information gathered to target individuals with personally tailored messages. The scandal was exposed by The New York Times and The Guardian in 2018, thanks in large part to whistleblower Christopher Wylie.

In 2019, Facebook agreed to pay a $5 billion fine following a Federal Trade Commission investigation and $100 million to settle US Securities and Exchange Commission claims. It also paid £500,000 (about $644,000) in fines to the UK, a pittance compared to what it would have paid had the GDPR been in place when the scandal occurred. 

Facebook hasn’t put Cambridge Analytica behind it yet, either. The company is still fighting a lawsuit by the Washington DC attorney general, as well as a number of state attorneys general. 

Tesla thinks I will drop $300 on this wireless phone charger

This is a wireless phone charger that holds not one, not two, but three entire phones! And charges them wirelessly! Tesla makes it! For just $300! Shut up and take my money! Are you kidding me?! This is phenomenal! 

Janet! Hey Janet, get my wallet! It’s on the nightstand!

Oooo, it’s “inspired by the angular design and metallic styling of Cybertruck,” and delivers 15W of power. That sounds like a lot. (Ed note: It’s not. It’s standard fast charging.) I should see what my normal charger does, bet it’s not half as much as this thing. Stupid normal charger, not even modeled after a truck that’s not even in production yet

And look at this build quality. It’s got everything: aluminum housing, an Alcantara surface (who doesn’t love the feel of a suede-like microfiber?) and a detachable magnetic stand that both lays flat and sits at an angle. This way I can never not be looking at my three phones, even when they’re charging. This is going to be so awesome. Best three hundred dollars plus tax I’ll probably ever spend. 

Janet, where are we with that wallet?!?

Hell yeah, it uses FreePower technology, that means I’ll be able to just throw a few grand worth of Qi-compatible earbuds, mobile devices, smart watches and accessories on this thing all willy-nilly. Won’t have to line them up or anything because that’s how I do it. I’m the type who moves fast and breaks things.

Aw, whaddya mean it’s not coming out until February? In Tesla time that could be decades from now!

Janet! Ix-nay on the allet-way!

The Lastpass hack was worse than the company first reported

After being hacked for the second time in as many years this August, password manager app Lastpass announced on Thursday the most recent intrusion was much more damaging than initially reported with the attackers having made off with users’ password vaults in some cases. That means the thieves have people’s entire collections of encrypted personal data, if not the immediate method to unlock them.

“No customer data was accessed during the August 2022 incident,” LastPass CEO Karim Toubba, explained. However, some of the app’s source code was lifted and then used to spearphish a Lastpass employee into giving up their access credentials, then used those keys to decrypt and copy off, “some storage volumes within the cloud-based storage service.”

Among the encrypted data obtained by the hackers included basic customer account information like company names, billing, email and IP addresses; and telephone numbers, Toubba continued. “These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” Toubba said. “As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.” 

Still, you’re going to take the company’s word for it? I’m not. It’ll be a pain but swapping out all of your various existing site passwords for new ones — as well as picking a new master password — might ultimately prove necessary to regain your online security. Or you could just tell Lastpass to go kick rocks and switch over to 1Password or Bitwarden.

ByteDance fired four employees who accessed US journalists’ TikTok data

ByteDance says it has fired four employees who accessed the data of several TikTok users located in the US, including journalists. According to The New York Times, an investigation conducted by an outside law firm found that the employees were trying to locate the sources of leaks to reporters. Two of the employees were in the US and two were in China, where ByteDance is based.

“ByteDance condemns this misguided plan that seriously violated the company’s Code of Conduct,” a ByteDance spokesperson told Engadget. “We have taken disciplinary measures and none of the individuals found to have directly participated in or overseen the misguided plan remain employed at ByteDance.”

The company reportedly determined that members of a team responsible for monitoring employee conduct accessed the IP addresses and other data linked to the TikTok accounts of a reporter from BuzzFeed News and Cristina Criddle of the Financial Times. The employees are also said to have accessed the data of several people with ties to the journalists. Forbes claims that ByteDance tracked three of its reporters who previously worked for BuzzFeed News. All three of those publications have published reports on TikTok, including on its alleged ties to the Chinese government. 

“The misconduct of those individuals, who are no longer employed at ByteDance, was an egregious misuse of their authority to obtain access to user data. This misbehavior is unacceptable, and not in line with our efforts across TikTok to earn the trust of our users,” ByteDance said in a statement to Variety. “We take data security incredibly seriously, and we will continue to enhance our access protocols, which have already been significantly improved and hardened since this incident took place.”

In October, Forbes reported that members of ByteDance’s Internal Audit and Risk Control department planned to use TikTok to track the locations of specific US citizens. ByteDance refuted those claims, but the report tracks with the results of the internal investigation. The company told the Times it has restructured that department and prevented it from accessing any US data.

“No matter what the cause or the outcome was, [the employees’] misguided investigation seriously violated the company’s Code of Conduct and is condemned by the company,” ByteDance CEO Rubo Liang reportedly told employees in a memo. “We simply cannot take integrity risks that damage the trust of our users, employees, and stakeholders. We must exercise sound judgment in the choices we make and be sure they represent the principles we stand behind as a company.”

Word of the investigation and employees’ dismissal comes amid various attempts to ban TikTok in the US. More than a dozen states, including Georgia and Texas, have blocked the app on government-owned devices. Earlier this month, a bipartisan bill sought to effectively ban TikTok from US consumer devices, along with other social apps that have ties to China, Russia, Cuba, Iran, North Korea and Venezuela.

Meanwhile, the Senate has passed a $1.7 trillion spending bill, which includes a measure that would ban TikTok on most devices issued by the federal government. There will be some exceptions for elected officials, congressional staff and law enforcement. The House is yet to vote on the omnibus bill but is expected to pass it on Thursday evening. 

According to the Times, ByteDance said the fired employees accessed historical data that it plans to delete from its own data servers in the US and Singapore. The company said in June that all of TikTok’s TikTok user traffic is being routed to Oracle’s servers. That’s now the “default storage location of US user data,” but at the time ByteDance continued to back up the data on its own servers.

Update 12/23 12:03PM ET: Added a statement from ByteDance.

YouTube will be the home of NFL Sunday Ticket starting in 2023

YouTube is ready for some more football. The streaming service has snagged the rights to the NFL Sunday Ticket package, which offers access to out-of-market games that air on FOX and CBS each Sunday. DirecTV, the current home of Sunday Ticket, has held…

Google is making its internal video-blurring privacy tool open source

Google has announced that two of its latest privacy-enhancing technologies (PETs), including one that blurs objects in a video, will be provided to anyone for free via open source. The new tools are part of Google’s Protected Computing initiative designed to transform “how, when and where data is processed to technically ensure its privacy and safety,” the company said.

The first is an internal project called Magritte, now out on Github, which uses machine learning to detect objects and apply a blur as soon as they appear on screen. It can disguise arbitrary objects like license plates, tattoos and more. “This code is especially useful for video journalists who want to provide increased privacy assurances,” Google wrote in the blog. “By using this open-source code, videographers can save time in blurring objects from a video, while knowing that the underlying ML algorithm can perform detection across a video with high-accuracy.”

The other with the unwieldy name “Fully Homomorphic Encryption (FHE) Transpiler, allows developers to perform computations on encrypted data without being able to access personally identifiable information. Google says it can help industries like financial services, healthcare and government, “where a robust security guarantee around the processing of sensitive data is of highest importance.”

Google notes that PETs are starting to enter the mainstream after being mostly an academic exercise. The White House recently touted the technology, saying “it will allow researchers, physicians, and others permitted access to gain insights from sensitive data without ever having access to the data itself.” Google noted that both the US and UK governments are held a contest this year to develop PET solutions around financial crime and public health emergencies.

How to permanently delete all your Facebook and Meta-owned accounts

It’s never exactly easy to pull the plug on a social media account you’ve had for years. For many of us, our accounts are filled with years of photos, memories and memes that aren’t easy to part with ,even if we are ready to stop the daily scrolling ha…

The best shows to binge watch over the holidays in 2022

This year was a bit of a reset for the entertainment industry, with more people returning to theaters and more must-watch TV shows hitting streaming networks. That’s a fairly major change from 2021, when many movies hit services like HBO Max on the sam…