Monthly Archives: May 2014

Twitter Is Getting a Mute Button?

You all know that person that you follow on Twitter that you want to unfollow, but for various reasons, you can’t. Well, Twitter will be introducing a solution to that problem- the mute button. According to The Verge, some users are noticing this new feature on both iOS and Android version of the apps, giving you a way to (finally) silence the accounts of users you follow but don’t want to see in your Timeline. In using this feature, the account you mute will never know of the action (unless they ask if you saw their tweet and catch you in it).

This idea of muting isn’t new, as third-party clients TweetDeck and Tweetbot offer ways to mute accounts as well. However, this will be the first time the feature is included in Twitter’s native app. I personally like the feature, as I don’t want to unfollow a few people for the fear of the “Hey, why did you unfollow me?” conversation thanks to apps that tell you when people unfollow you. On the flip side, I’m sure a few people will use this feature on me during football season.

YouTube Creators Can Now Add a 3-Second Intro to All Their Videos

Finally, YouTube makes a change that is for the better. “YouTubers” can now create and add a 3 second long intro to all of their videos. From Mashable’s article about the news-

To set it up, you need to upload the 3-second introductory video as an unlisted video, and then select “add a channel branding intro” on your channel’s InVideo Programming page. Then you can choose which videos the intro will appear on.

This is a handy feature that saves the extra time of editing an intro into each uploaded video. These intros will start automatically before every video uploaded on that account. YouTube does specify that “the intros may not be used as ads, sponsorships, or product placements — they’re mainly a tool to help you promote your brand.” While I am not much of a YouTube uploader, I appreciate YouTube making a positive change for once. I was getting tired of changes that broke functions of YouTube and having Google+ rammed down my throat.

Snapchat Rolls Out a Major Update

Snapchat, an app that was previously only for photo and video sharing, is now striving to actually implement the “chat” part of its name. In its latest update released on May 1st, Snapchat has added video chat and instant messaging features- as if we didn’t have enough ways to contact each other on our smartphones.

That’s right, you can now text message on Snapchat. Swipe right on one of your friend’s names, and you’ll be presented with a messaging screen that allows you to text that person. These messages will disappear after exiting the messaging screen, however they can be saved by tapping on whatever messages you want to keep.

To use the new video chat feature, when on the messaging screen, if the other person is currently viewing the messaging screen as well, the yellow circle to send a snap picture will change to blue, indicating that you can video chat with the other person. Press and hold this circle, and a circle will appear over your finger showing either the front camera or rear camera, depending on whether your finger is on the top or bottom half of the screen. The other person, if doing the same thing, will appear on the screen.

I tested out the new update earlier today, and I think that it does make Snapchat a more robust app than simply sending snaps and stories. Sending messages and only keeping what you want is very interesting. However I don’t quite understand the video chat feature, why it was created? Isn’t that what FaceTime and/or Skype is for? Not only this, but I attempted to use the new feature with my girlfriend and despite the circle being blue, we only got the video chat to actually work a couple of times from at least 10 attempts. Give your thoughts on the update in the comments.

Facebook’s ‘Anonymous Login’ is Evil Genius

One of the things I took away from my social media class this semester is that by using social media platforms such as Facebook, Twitter, Instagram, and so on, you’re building up data that companies want for various purposes, with advertising being the main intention. Facebook has been the king of this, especially with all of the third-party apps that have grown increasingly in number the past few years. Mark Zuckerberg, realizing that Facebook has gotten the reputation of a personal information vacuum, announced yesterday at f8 that Facebook will be including an “anonymous login” option.

This term has been put in quotes, because it’s not truly anonymous. How could a login be completely anonymous anyway? That’s a contradictory statement, but I digress.  This new feature allows the user to choose the “anonymous login” option instead of the regular “login with Facebook” button present on all kinds of websites and third-party apps. By using this option, the app or service will not receive any information about the user. However, Facebook still verifies it’s the user, gets the basics of what it that’s being done, what app is being logged into this time, and how often that app has been logged into, which it gets to combine with all the other data it has on that user.

This is a good move by Zuckerberg and Facebook because it helps to change the image that Facebook is all about getting your personal data. (Even though in reality, despite this new login option, it still is) Along with this, it removes the headache of deciding what apps to give your information to, or accidentally clicking “okay” instead of “skip” when it comes to allow an app to post for you. Lastly, Facebook now has even more information to itself to sell to developers and advertisers, instead of the apps getting it directly. These reasons thus make Zuckerberg an evil genius because no less information is being hidden in the grand scheme of things, and Facebook will make more money while simultaneously making its users happier.

Another Security Flaw Gets the Heartbleed Treatment, But Don’t Believe the Hype

Another week, and seemingly another new internet security flaw has been reported. Well, I guess we all need to change our passwords again because of this newest flaw, “Covert Redirect,” right? However, unlike the Heartbleed bug, this one isn’t actually much of a problem. (Don’t actually go change your passwords)

Wang Jing, a Ph.D student from Nanyang Technological University in Singapore is credited with “discovering” Covert Redirect, along with creating its website and logo. He found a vulnerability in the OAuth framework that powers the identity logins for services such as Facebook, Microsoft, Google and LinkedIn. This vulnerability lies in the way that Facebook, or YouTube, for example, has implemented this framework to their own needs. (It isn’t clear yet who’s implementation either does or doesn’t contain this vulnerability) In this flaw, it is possible to hijack login credentials by redirecting the credentials from the intended target, such as Facebook, to the malicious site. However, (using the known example of Facebook) this is only possible after a user clicks on a link or visits a malicious website, and then, not only does the user have to click on a malicious link, they have to then click on a Facebook login button and agree to authorize the login and release of information. Essentially, you have to be completely unaware that you’re on a bad site, which you should always be aware of, but not only this, you have to authorize the release of info in the pop up box as well. Therefore, this vulnerability is nowhere near the same level as Heartbleed and should not be recognized as such.

Really, what this comes down to is someone attempting to profit and make a name for themselves off of a minor vulnerability by giving it a fancy name, website, and logo like Heartbleed did. Despite what major news outlets such as cnet are reporting, the problem does not lie in the OpenID and OAuth frameworks. It lies in the implementation that services such as Facebook created, and therefore is not as big of an issue. Don’t get me wrong, this is still an issue that needs fixing ASAP, but this is not the next Heartbleed.

This type of flaw is not new, there have been other ways in the past for malicious links and sites to redirect login information away from the intended sites. The best way to protect yourself is just to be aware of where you are on the internet at all times, be careful of what you click on, and ALWAYS pay attention to login pages and confirmations. Despite this being being a minor flaw, I hope that internet security flaws will stop becoming weekly news.