Connect with us


Venmo voyeurs: why do we let friends see our financial transactions online? | Life and style

Voice Of EU



Would you ever want your friends to see how many taxi rides you share on a wild weekend out? Who you had Thai noodles with on any given day? With whom you split rent and living expenses?

If the answer is yes, you are part of a cohort of Venmo users who use public transactions, which according to a 2018 study accounted for about 18 million people.

I am, willingly, one of them. Ever since I joined the payment service app, I’ve voluntarily displayed my financial transactions in my public feed. Between office lunches and happy hours, I’ve welcomed the ease of digitally settling a tab while attempting to garner a few laughs with my try-hard descriptions, like “adult diaper” (I don’t remember what this was for); “My fat ass” (probably food) and “Boulder holster” (yes, I paid a friend back for a bra).

I hoped my transactions would capture the attention of voyeuristic Venmo users who would be forced to think about whom I was paying and for what purpose. However cringey in hindsight, a part of me wants my friends to see a Venmo transaction for “So some improv comedians walk into a bar” and believe I might actually be a funny person, instead of a writer who took an improv class.

Before you ask, yes, every digital tool poses personal security risks – and yet it is not enough to make my transactions and friend list private. This is a bet Venmo co-founder Iqram Magdon-Ismail made early on: in 2012, he said “one of the reasons people prefer us and will prefer us in the future is just the fact that we are social. You get more value out of sharing with friends.” In short, openly and ostentatiously swapping funds is fun.

When Scottie Irbin, a 30-year-old bartender in Buffalo, New York first joined the app, he decided to lean into the feature, drafting outlandish descriptions he hoped would garner attention. On one occasion, he paid a friend on Venmo, writing “Sorry that I returned your butt plug late”, Irbin said. The next day, when his mom opened the app to Venmo him money for dog food, she saw the transaction and asked him about it. “My mom was very uncomfortable when she saw me the next day,” Irbin said. “I find it hilarious. That’s at my expense, I’m not making fun of anyone but me.”

For others, public transactions are a way to remind friends of your interests. Michelle Palmer, an orchestra manager from Pineville, Louisiana, most frequently pays independent artisans for jewelry and skin products on Venmo. She hopes her public transactions inspire friends to seek out those makers, too, acting as a de facto grassroots influencer on Venmo. The 35-year-old also enjoys reading through her friends’ public transactions, which motivates her to write cute descriptions herself.

Humans are by nature voyeuristic, said Harris Stratyner, a psychologist and clinical associate professor at Icahn School of Medicine at Mount Sinai. This theoretically explains why others would find perusing public Venmo payments amusing. But for those who purposely keep their payments exposed, there is an element of exhibitionism, Stratyner said: “It gives people the option to surreptitiously show off.”

Critics are quick to call those with non-private Venmos psychopaths and exhibitionists, but public payers said they have nothing important to hide. Tyler Mulvey, a 29-year-old senior account executive from West Milford, New Jersey, said he regularly uses Venmo, from splitting groceries with his fiancee to divvying up a bar tab. He used to put lyrics to entire songs or recipes for banana bread in the transaction description until the app limited their character limit to 280.

After his fiancee’s colleague mentioned she saw one of Mulvey’s Venmos to his fiancee, she went private. He not only remained public, but began writing “raunchy” descriptions to catch the colleague’s attention. “I don’t think it’s psycho to keep your Venmo public,” Mulvey said. “I think it’s psycho to look – which I know makes me hypocritical – because if you think it’s psycho if somebody looks, then make it private. I don’t think the onus is on me to make it private, I think the onus is on you to not be a weirdo.”

Private citizens aren’t the only ones guilty of public Venmoing – but some public figures live to regret it. This spring, Representative Matt Gaetz’s 2018 public Venmo transactions to an accused sex trafficker were unearthed. Shortly after, BuzzFeed News purportedly discovered Joe Biden’s Venmo account via public friend lists on the app, sparking a debate surrounding Venmo’s public-by-default transactions and perpetually visible friend lists. As a result, Venmo announced users could make their friend lists private.

Although Venmo couldn’t be considered a social platform, some users don’t see the harm in keeping their transactions visible since they already divulge so much of their lives on other social networks. Caitlin Elliott, 31, a Lynchburg, Virginia-based student, is one of those people. “The privacy ship has sailed a long time ago,” she said. “I wear a watch with a GPS on it when I go running every single day. That’s got me down to the step on the sidewalk. Clearly I’ve made some concessions in my life.”

When Lauren Calise, who lives in Havertown, Pennsylvania, thinks about the fact that all of her social media profiles are private except for Venmo, she questions herself. The 21-year-old therapist frequently uses Venmo for paying rent, splitting groceries and meals with friends; regardless of the transaction, she’ll use a smiley face emoji as the description. But because she personally doesn’t use the app as a social platform, she assumes others won’t scrutinize her transactions, though she knows it isn’t out of the realm of possibility: her clients frequently discuss their Venmo behaviors, like monitoring the transactions of exes.

Still, she remains public. For now. “You’ve really got me thinking. If the other ones are private, maybe this one should be.”

Soon that choice will be taken away from her. Late last month, the company said it would go one step further: it would soon eliminate the global feed – a running collection of complete strangers’ transactions – in the new redesign.

While users will still be able to see their friends’ transactions (if their profiles are public), the days of snooping on strangers are over.

In a press release, Venmo said the change “allows customers to connect and share meaningful moments and experiences with the people who matter most”. Which, I’d argue, are the people who know me least.

Source link


Nvidia’s Arm deal faces another blow, this time from the US FTC

Voice Of EU



The US Federal Trade Commission wants to block Nvidia’s Arm takeover as it believes the combined company will stifle competition.

Nvidia’s contentious acquisition of UK chip designer Arm continues to face roadblocks as the US Federal Trade Commission’s (FTC) is suing Nvidia to block the deal.

The acquisition, which is now valued at $54bn, has been fighting an uphill battle since it was first announced more than a year ago, first from the UK’s competition watchdog in January 2021 and then from the EU.

Now, the FTC wants to block the acquisition. In a statement, the FTC said Arm’s technology is a critical input that enables competition between Nvidia and its competitors in several markets.

Therefore, it believes the proposed merger would give Nvidia the ability and incentive to use its control of this technology to undermine its competitors, reducing competition and ultimately resulting in reduced product quality, reduced innovation, higher prices and less choice.

The FTC’s bureau of competition director, Holly Vedova, said the proposed deal would allow the combined company to stifle the innovation pipeline for next-generation technologies.

“Tomorrow’s technologies depend on preserving today’s competitive, cutting-edge chip markets. This proposed deal would distort Arm’s incentives in chip markets and allow the combined firm to unfairly undermine Nvidia’s rivals,” she said.

“The FTC’s lawsuit should send a strong signal that we will act aggressively to protect our critical infrastructure markets from illegal vertical mergers that have far-reaching and damaging effects on future innovations.”

Opposition from all sides

The Competition and Markets Authority (CMA) in the UK raised similar concerns in August when it said the deal would require an in-depth investigation.

“We’re concerned that Nvidia controlling Arm could create real problems for Nvidia’s rivals by limiting their access to key technologies, and ultimately stifling innovation across a number of important and growing markets,” said Andrea Coscelli, chief executive of the CMA.

In October, Nvidia’s planned purchase hit another roadblock from the European Commission launching an in-depth antitrust investigation into the deal at the end of October, with a decision expected by 15 March 2022.

“While Arm and Nvidia do not directly compete, Arm’s IP is an important input in products competing with those of Nvidia, for example in data centres, automotive and internet of things,” said executive vice-president Margrethe Vestager, who is responsible for competition policy.

“Our analysis shows that the acquisition of Arm by Nvidia could lead to restricted or degraded access to Arm’s IP, with distortive effects in many markets where semiconductors are used.”

Despite opposition from several watchdogs, Nvidia has been confident the deal will go through.

“Although some Arm licensees have expressed concerns or objected to the transaction, and discussions with regulators are taking longer than initially thought, we are confident in the deal and that regulators should recognise the benefits of the acquisition to Arm, its licensees and the industry,” Nvidia CFO Colette Kress said earlier this year.

And in a letter to the Financial Times a month after the deal was first announced, Nvidia founder and CEO Jensen Huang said the company will maintain Arm’s open licensing model. “We have no intention to ‘throttle’ or ‘deny’ Arm’s supply to any customer.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading


UK government’s risk planning is weak and secretive, says Lords report | Politics

Voice Of EU



Assessment and planning by the government relating to risks facing the UK are deficient and “veiled in secrecy”, a report has found.

The 129-page report, entitled Preparing for Extreme Risks: Building a Resilient Society, was produced by the House of Lords select committee on risk assessment and risk planning – a group appointed in October 2020.

James Arbuthnot, chair of the committee, said that while the UK’s risk assessment processes had been praised across the world before the pandemic, the impact of Covid suggested there may be problems.

“It had been advised that if there were to be a coronavirus pandemic, as a country we would suffer up to 100 deaths,” he said. “Over 140,000 deaths later, we realised that we could perhaps have been doing rather better in our assessment and our planning.”

The report – which draws on sources including oral evidence from 85 witnesses, including from the chief scientific adviser, Sir Patrick Vallance, during 29 sessions – looked at the country’s approach to assessing and preparing for a wide range of risks, from chemical warfare to the climate crisis and severe space weather.

“If you ask, what keeps me awake at nights, it is the growing possibility of major disruption due to more and more frequent cyber-attacks,” said Lord Rees, a committee member. “And even more, I worry on a timescale of tens of years about bioterrorism, bioengineered viruses and all that, which are going to be feasible.”

The report’s conclusions point to a number of shortcomings. Among them the committee highlighted a tendency for the government to focus on immediate problems rather than preparing for the long term.

“The likelihood of major risks actually occurring during the term of the government is low,” said committee member Lord Mair, noting as a result there is no incentive to prepare for them.

The committee also flagged concerns over the National Risk Register and the National Security Risk Assessment (NSRA), and called for better processes to categorise risks, including looking at how vulnerable the country would be to certain threats, and better modelling of how risks can cascade – with Arbuthnot noting as an example the impact of Covid on school exams.

Among other issues the report criticised a lack of transparency by the government. “The current risk management system is veiled in an unacceptable and unnecessary level of secrecy,” the report noted, adding that in turn has hampered the country’s preparedness, with frontline responders including local government and volunteer groups struggling to access the information they need.

It is not the first time the government has been accused of secrecy over risk assessment and planning: a report on Exercise Cygnus, the 2016 government simulation of how the country would handle a fictitious “swan flu”pandemic was only made public after a copy was leaked to the Guardian.

Among other actions, the latest report recommends:

  • The establishment of an Office for Preparedness and Resilience by the government, headed by a newly created post of government chief risk officer.

  • A presumption of publication by the government, and the publication of the content of the Official-Sensitive National Security Risk Assessment except where there is a direct national security risk.

  • The publication, every two years, by the government of a brochure on risk preparedness to inform the public on topics including what to do in an emergency.

“[It’s] much better to face some of these issues, having prepared for, and practised for, and exercised for them in advance rather than doing them first in the heat of battle,” said Arbuthnot

Arbuthnot added the Covid pandemic had offered the chance to “address a public that is ready to be addressed. And people have proved that they’re up to it.”

Prof David Spiegelhalter, chair of the Winton Centre for Risk and Evidence Communication at Cambridge University, and who contributed evidence to the report, welcomed its publication.

“It’s extraordinary that the National Risk Register does not get any public promotion or media coverage, and I welcome the committee’s recommendation to radically improve the communication with the public about the risks they face,” he said. “These vital issues deserve to be widely known and discussed.”

Source link

Continue Reading


Ubiquiti dev charged with data-breaching own employer • The Register

Voice Of EU



A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm’s share price – including allegedly planting fake press stories about the breaches.

US federal prosecutors claimed that 36-year-old Nickolas Sharp had used his “access as a trusted insider” to steal data from his employer’s AWS and GitHub instances before “posing as an anonymous hacker” to send a ransom demand of 50 Bitcoins.

The DoJ statement does not mention Sharp’s employer by name, but a Linkedin account in Sharp’s name says he worked for Ubiquiti as a cloud lead between August 2018 and March 2021, having previously worked for Amazon as a software development engineer.

In an eyebrow-raising indictment [PDF, 19 pages, non-searchable] prosecutors claim Sharp not only pwned his employer’s business from the inside but joined internal damage control efforts, and allegedly posed as a concerned whistleblower to make false claims about the company wrongly downplaying the attack’s severity, wiping $4bn off its market capitalisation.

Criminal charges were filed overnight in an American federal court against Sharp, of Portland, Oregon. The indictment valued the 50 Bitcoins at $1.9m “based on the prevailing exchange rate at the time.”

US attorney Damian Williams said in a US Justice Department statement: “As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistle-blower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company’s computer systems.”

Sharp is alleged to have downloaded an admin key which gave him “access to other credentials within Company-1’s infrastructure” from Ubiquiti’s AWS servers at 03:16 local time on 10 December 2020, using his home internet connection. Two minutes later, that same key was used to make the AWS API call GetCallerIdentity from an IP address linked to VPN provider Surfshark – to which Sharp was a subscriber, prosecutors claimed.

Later that month, according to the prosecution, he is alleged to have set AWS logs to a one-day retention policy, effectively masking his presence.

Eleven days after the AWS naughtiness, the indictment claims, he used his own connection to log into Ubiquiti’s GitHub infrastructure. “Approximately one minute later,” alleged the indictment, Sharp used Surfshark to ssh into GitHub and clone around 155 Ubiquiti repos to his home computer.

“In one fleeting instance during the exfiltration of data,” said the indictment, “the Sharp IP address was logged making an SSH connection to use GitHub Account-1 to clone a repository.”

For the rest of that night, prosecutors said, logs showed Sharp’s personal IP alternating with a Surfshark exit node while making clone calls. Although it was not spelled out in the court filing, prosecutors appeared to be suggesting that Surfshark VPN was dropping out and revealing “the attacker’s” true IP.

Ubiquiti discovered what was happening on 28 December. Prosecutors claimed Sharp then joined the company’s internal response to the breaches.

In January 2021 Ubiquiti received a ransom note sent from a Surfshark VPN IP address demanding 25 Bitcoins. If it paid an extra 25 Bitcoins on top of that, said the note, its anonymous author would reveal a backdoor in the company’s infrastructure. This appears to be what prompted Ubiquiti to write to its customers that month alerting them to a data breach. Ubiquiti did not pay the ransom, said the indictment.

Shortly after Federal Bureau of Investigation workers raided Sharp’s home, prosecutors claim he “caused false or misleading news stories to be published about the Incident and Company-1’s disclosures and response to the Incident. Sharp identified himself as an anonymous source within Company-1 who had worked on remediating the Incident. In particular, Sharp pretended that Company-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator access [to] Company-1’s AWS accounts.”

This appears to be referencing an article by infosec blogger Brian Krebs that was published that day, on 30 March 2021. He spoke “on condition of anonymity for fear of retribution by Ubiquiti”, and El Reg (among many other outlets) followed up Krebs’ reporting in good faith. In that article, the “whistleblower” said he had reported Ubiquiti in to the EU Data Protection Supervisor, the political bloc’s in-house data protection body.

We have asked Krebs for comment.

Sharp is innocent unless proven guilty. He is formally charged with breaches of the Computer Fraud and Abuse Act, transmitting interstate threats, wire fraud and making false statements to the FBI. If found guilty on all counts and handed maximum, consecutive sentences on each, he faces 37 years in prison. ®

Source link

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!