GDPR is already making an example of Google: they've been fined 50 million euros over ads.
French data regulator CNIL said it had levied the record fine for "lack of transparency, inadequate information and lack of valid consent regarding ads personalisation".
The regulator said it judged that people were "not sufficiently informed" about how Google collected data to personalise advertising.
The first complaint under the EU's new General Data Protection Regulation (GDPR) was filed against Google on May 25 of last year, the very day the legislation took effect.
The two groups filing the claim said that Google did not have a valid legal basis to process user data for ad personalisation, as mandated by the GDPR.
Although Google's European headquarters is in Ireland, it was decided among the authorities that the case would be handled by the French data regulator, since the Irish watchdog did not have "decision-making power" over its Android operating system and its services.
In a statement, Google said it was "studying the decision" to determine its next steps.
Sent to us by: Roy W. Nash
A massive list of compromised accounts has been leaked -- to the tune of 773 MILLION accounts -- and the Have I Been Pwned service got their hands on it.
Have I Been Pwned, the breach notification service that serves as a bellwether for the security of login credentials, has just gotten its hands on its biggest data haul ever—a list that includes almost 773 million unique email addresses and 21 million unique passwords that were used to log in to third-party sites.
According to the service's founder Troy Hunt, the monster list is a compilation of many smaller lists taken from past breaches, and it has been in wide circulation over the past couple weeks. It was also posted to the MEGA file sharing site.
At least one of the included breaches dated back to 2015. Dubbed "Collection #1," the aggregated data was likely scraped together to serve as a master list that hackers could use in credential stuffing attacks. These attacks use automated scripts to inject credentials from one breached website into a different website in hopes the holders reused the same passwords.
The list—contained in 12,000 separate files that take up more than 87 gigabytes of disk space—has 2.69 billion rows, many of which contain duplicate entries that Hunt had to clean up.
About 663 million of the addresses have been listed in previous Have I Been Pwned notifications, meaning 140 million of the addresses have never been seen by the service before. Hunt said that some of his own credentials were included in Wednesday’s notification, although none were currently in use.
Have I Been Pwned has now begun the task of emailing more than 768,000 individuals who signed up for notifications and nearly 40,000 people who monitor domains.
Anyone who hasn’t signed up can still check the status of an email address at https://haveibeenpwned.com/
Sent to us by: Roy W. Nash
Google Hangouts begins wind-down this year, but service will live on in Chat and Meet spinoffs
In March 2017, Google announced that Hangouts would split into Meet and Chat apps, kicking off what has been a long, slow road to shut down the original version of the platform. Almost two years later, we now have an official timetable for the winding-down of the well-used service as Google attempts to wrestle a bigger share of the team communication market away from competitors like Slack.
The timeline begins with the transition of G Suite users from classic Hangouts to Chat and Meet this year, followed by a consumer transition, which will likely begin late in 2020.
The plan begins on April 16, when Google will start pushing G Suite administrators and users towards adopting the Meet and Chat platforms - with an emphasis on Chat, the Slack-like messaging platform. Mainly, these are admin-facing changes.
Beginning on that date, administrators will be able to disable classic Hangouts user interfaces at the time of their choosing, and will also be able to control both classic Hangouts and Chat/Meet in their respective settings.
Google Vault customers will have to make a few decisions about Mail retention rules between March 16 and April 16.
Next, features from classic Hangouts will come to Chat. Over the summer, Google plans to add features like integration with Gmail, chatting with external users, improved video calling, and the ability to make calls with Google Voice. Then, in October, Google will start retiring classic Hangouts for G Suite customers. All remaining users will be transitioned to Chat.
As it stands now, Chat and classic Hangouts are fairly interoperable, but group conversations are separate between the two products. The two will continue to be interoperable until October.
As for protecting any data you might have in classic Hangouts, it seems the transition will carry along your past message histories into Chat, but that is yet to be confirmed. Additionally, there's always Google Takeout if you want more peace of mind. Other than that, it seems all that's left to say is: rest in peace Google Hangouts, you served us well.
Sent to us by: Robbie Ferguson
Microsoft has begun beta testing Windows 10 patches with actual beta testers.
Microsoft releases “C” and “D” updates to people who click “Check for Updates” in Windows Update. Those people become unwitting beta testers. January 2019’s C update has a rare distinction: Microsoft tested it with Windows Insiders first.
C and D updates are released in the third and fourth week of most months. They include non-security fixes and are only installed for people who click the “Check for Updates” button in Windows Update. These people essentially beta test the updates before the fixes form part of next month’s stable Patch Tuesday updates. Those Patch Tuesday updates are named “B” updates, as Patch Tuesday is in the second week of each month.
These C and D updates have caused problems before. For example, a “D” update recently caused blue screens on Microsoft’s own Surface Book 2 hardware. Only people who clicked the “Check for Updates” button would have installed it and encountered the problem. Microsoft calls these people “seekers” and thinks they’re looking for more updates, but we think most people clicking that button have no clue they’re opting into unstable updates.
There’s finally some good news, though! This month’s C update, KB4476976, has actually gone through thorough testing in the Windows Insider Release Preview ring earlier this month.
This is still a C update and it’s still only installed if you click “Check for Updates,” but “seekers” who do click that button will be getting a patch that’s already gone through a round of testing with people who know what they’re getting into. Windows Insiders are, of course, people who’ve chosen to be beta testers.
Microsoft first pushed a test version of a cumulative update to the Release Preview ring back in November, 2018. But, this time, Microsoft put two builds through the testing cycle, using Insiders to actually find problems before the stable release.
That’s just a month after the release of the initial release of the disastrous October 2018 Update, which deleted some people’s files. Microsoft was so confident in this big update that the company didn’t even bother putting it through Release Preview testing before unleashing it on those unfortunate “seekers” who clicked “Check for Updates”.
Now, Microsoft has been chastened, and it’s even putting smaller patches through real testing before rolling them out. That’s progress!
We just wish Microsoft would stop its shenanigans with the “Check for Updates” button. That button should never opt users into additional, less-tested patches without warning. But at least those patches are getting more testing first.
Sent to us by: Robbie Ferguson