Skip to content

Monthly Archives: January 2019

The Unfinished Business of the Equifax Hack

Congress needs to address the failures of credit reporting.They also need to put teeth into privacy laws and enact stiff fines for breaches.

Quote

Remember the Equifax breach? In late 2017, the credit-reporting company revealed that hackers had stolen the personal data of more than 145 million people — including Social Security numbers, addresses, and in some cases even credit-card details. The incident was remarkable not only in scale, but also for the scant regard the company apparently showed for the individuals whose sensitive information it was supposed to manage.

Almost a year and a half later, almost nothing has changed. Authorities have neither sanctioned Equifax nor addressed the deeper industry-wide flaws that the incident exposed. It’s an omission that Congress must correct.

Equifax and its two main competitors, Experian and TransUnion, provide a valuable service. Their databases grease the wheels of commerce, allowing banks, employers and government agencies to quickly and easily check almost anyone’s identity and credit history. Yet their interests don’t always align with the public good. The people whose information they maintain are not their primary customers, so the firms lack an adequate incentive to ensure privacy and security, and to fix errors that can severely complicate lives. Breaches and bad data can even benefit them, helping sell products such as credit monitoring to frightened consumers.

 

Here’s what Congress can do:

  • Require the companies to meet more ambitious benchmarks for data privacy, security and accuracy. In security, for example, government and nonprofit organizations have created guidelines that supervisors could use to set standards and assess compliance.
  • Place the burden of proof on companies in consumer disputes. If they can’t demonstrate that the information in question is correct, they should remove it.
  • Make security freezes the default option, by requiring the companies to release personal information only with a consumer’s express consent.
  • Give the CFPB responsibility for overseeing all aspects of credit reporting. Overlap with the FTC on data security, for example, has bred confusion and threatens to render the agencies collectively ineffective.
  • Give consumers the power to sue for injunctive relief. This would allow courts to compel the credit-reporting companies — and those that provide them with data — to fix practices that harm consumers, as opposed to merely paying damages.


 

Over the years, authorities have tried to adjust the incentives. The Fair Credit Reporting Act requires “reasonable” efforts to keep information accurate and prevent it from falling into the wrong hands — and empowers consumers to sue for damages. The 2010 Dodd-Frank Act gave the Consumer Financial Protection Bureau broad powers to supervise the largest credit-reporting companies. A 2015 settlement with state attorneys general requires the companies to deal with disputed information more effectively, and aims to curb the common practice of hard-selling paid services to people seeking to correct their credit reports.

Yet there’s been little real progress. In the last three months of 2018, consumers submitted almost 27,000 credit-reporting complaints to the CFPB, up from fewer than 11,000 two years earlier, before the Equifax hack. Granted, this is only a small fraction of the more than 200 million people with credit reports, and various factors — such as greater awareness — could contribute to the increase. But it certainly doesn’t suggest things are improving.

The Equifax case is especially discouraging. After its security failures exposed millions to identity theft, the company responded with a glitchy website and an offer of “free” credit monitoring — a service of dubious value, given that it alerts consumers only after their identity has been stolen. It fell to Congress to demand a basic concession from the industry: free security “freezes,” which allow consumers to prevent new accounts from being opened in their name. The Trump administration has shown little interest in further action. A joint investigation by the CFPB and the Federal Trade Commission has yet to yield results.

Consumers deserve better. Here’s what Congress can do:

Require the companies to meet more ambitious benchmarks for data privacy, security and accuracy. In security, for example, government and nonprofit organizations have created guidelines that supervisors could use to set standards and assess compliance.
Place the burden of proof on companies in consumer disputes. If they can’t demonstrate that the information in question is correct, they should remove it.
Make security freezes the default option, by requiring the companies to release personal information only with a consumer’s express consent.
Give the CFPB responsibility for overseeing all aspects of credit reporting. Overlap with the FTC on data security, for example, has bred confusion and threatens to render the agencies collectively ineffective.
Give consumers the power to sue for injunctive relief. This would allow courts to compel the credit-reporting companies — and those that provide them with data — to fix practices that harm consumers, as opposed to merely paying damages.

Democratic legislators — including Senator Jack Reed and Representative Maxine Waters, the new head of the House Financial Services Committee — have introduced bills that would make many of these changes. All that remains is to get them to the president’s desk.

It’s unacceptable for credit-reporting companies to pose a threat, or even merely be a nuisance, to millions of people who never chose to do business with them. They must show that they can take responsibility for personal data, rather than leaving the task to consumers or charging for the service. They seem to need a firmer nudge, and Congress should provide it.

Avast Highlights the Threat Landscape for 2019

Heads up, it will not get easier.

Quote
The Dawn of Adversarial AI

We foresee the emergence of a class of attacks known as ‘DeepAttacks’, which use AI-generated content to evade AI security controls. In 2018, the team observed many examples where researchers used adversarial AI algorithms to fool humans. Examples include the fake Obama video created by Buzzfeed where President Obama is seen delivering fake sentences, in a convincing fashion.

We have also seen examples of adversarial AI deliberately confounding the smartest object detection algorithms, such as fooling an algorithm into thinking that a stop sign was a 45-mph speed limit sign.

In 2019, we expect to see DeepAttacks deployed more commonly in an attempt to evade both human detection and smart defenses.

IoT Threats Will Become More Sophisticated

The trend toward smart devices will be so pronounced in the coming years that it will become difficult to buy appliances or home electronics that are not connected to the internet.

Avast research has shown that security is often an afterthought in the manufacturing of these devices. While the big name smart devices often do come with embedded security options, some producers skimp on security either to keep costs low for consumers or because they are not experts in security. Considering a smart home is only as secure as its weakest link, this is a mistake. History tends to repeat itself, so we can expect to see IoT malware evolve and become more sophisticated and dangerous, similar to how PC and mobile malware developed.

Router Attacks Will Advance

Routers have proven to be a simple and fertile target for a growing wave of attacks. Not only have we seen an increase in router-based malware in 2018, but also changes in the characteristics of those attacks.

In 2019, we expect to see the increased hijacking of routers used to steal banking credentials, for example, where an infected router injects a malicious HTML frame to specific web pages when displayed on mobile. This new element could ask mobile users to install a new banking app, for instance, and this malicious app will then capture authentication messages. Routers will continue to be used as targets of an attack, not just to run malicious scripts or spy on users, but also as an intermediate link in chain attacks.

The Evolution of Mobile Threats

In 2019, well known tactics such as advertising, phishing and fake apps will continue to dominate the mobile threat landscape. In 2018, we tracked and flagged countless fake apps using our apklab.io platform. Some were even found on the Google Play Store. Fake apps are the zombies in mobile security, becoming so ubiquitous that they barely even make the headlines as new fake apps pop up to take the place of the ones already flagged for removal. They will continue to persist as a trend in 2019, exacerbated by fake versions of popular app brands doing their rounds on the Google Play Store.

In 2018, the return of banking Trojans was also particularly pronounced on the mobile side, growing 150 percent year-on-year, from three percent to over seven percent of all detections we see worldwide. While perhaps not a big shift in terms of the overall volume, we believe that cybercriminals are finding banking to be a more reliable way to make money than cryptomining.

“This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.

“PC viruses, while still a global threat, have been joined by a multitude of malware categories that deliver more attacks. People are acquiring more and varied types of connected devices, meaning every aspect of our lives could be compromised by an attack. Looking ahead to 2019, these trends point to a magnification of threats through these expanding threat surfaces.”

These trends form part of Avast’s annual Threat Report. To download the full report please click here.

VPNfilter – Re-post

I am re-posting info on the VPNfilter. In 2018 security researchers around the globe sounded the alarm about the Russian hacker group APT28 (AKA Fancy Bear – the same ones who most likely hacked the 2016 U.S. presidential election.) This group is purportedly responsible for a global attack called VPNFilter. This attack use a global botnet of over more than half a million routers and storage devices ((and growing).

Sadly and as has been the norm, businesses and especially small business and home networks, fail to head the warning and take action.

Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding “VPNFilter.” In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints. Talos recently published a blog about a broad campaign that delivered VPNFilter to small home-office network devices, as well as network-attached storage devices. As we stated in that post, our research into this threat was, and is, ongoing. In the wake of that post, we have had a number of partners step forward with additional information that has assisted us in our work. This post is an update of our findings over the past week.

First, we have determined that additional devices are being targeted by this actor, including some from vendors that are new to the target list. These new vendors are ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. New devices were also discovered from Linksys, MikroTik, Netgear, and TP-Link. Our research currently shows that no Cisco network devices are affected. We’ve provided an updated device list below.

We have also discovered a new stage 3 module that injects malicious content into web traffic as it passes through a network device. At the time of our initial posting, we did not have all of the information regarding the suspected stage 3 modules. The new module allows the actor to deliver exploits to endpoints via a man-in-the-middle capability (e.g. they can intercept network traffic and inject malicious code into it without the user’s knowledge). With this new finding, we can confirm that the threat goes beyond what the actor could do on the network device itself, and extends the threat into the networks that a compromised network device supports. We provide technical details on this module, named “ssler” below.

Additionally, we’ve discovered an additional stage 3 module that provides any stage 2 module that lacks the kill command the capability to disable the device. When executed, this module specifically removes traces of the VPNFilter malware from the device and then renders the device unusable. Analysis of this module, called “dstr,” is also provided below.

Finally, we’ve conducted further research into the stage 3 packet sniffer, including in-depth analysis of how it looks for Modbus traffic.

If you want an idea of how VPNfilter works, here is a great article on the details
VPNfilerdetails

Here is a list of known vulnerable routers.

List of known Routers with VPNFilter Vulnerbilities

Asus Devices:D-Link Devices:Huawei Devices:Linksys Devices:
RT-AC66U DES-1210-08P HG8245 E1200
RT-N10 DIR-300 E2500
RT-N10E DIR-300A E3000
RT-N10U DSR-250N E3200
RT-N56U DSR-500N E4200
RT-N66U DSR-1000 RV082
DSR-1000N WRVS4400N
Mikrotik Devices:Netgear Devices:QNAP Devices:TP-Link Devices:
CCR1009 DG834 TS251R600VPN
CCR1016DGN1000 TS439 ProTL-WR741ND
CCR1036DGN2200Other QNAP NAS devices running QTS softwareTL-WR841N
CCR1072DGN3500
CRS109 FVS318N Ubiquiti Devices:Upvel Devices:
CRS112 MBRN3000 NSM2 Unknown Models*
CRS125 R6400PBE M5
RB411 R7000
RB450 R8000ZTE Devices:
RB750 WNR1000ZXHN H108N
RB911 WNR2000
RB921 WNR2200
RB941 WNR4000
RB951 WNDR3700
RB952 WNDR4000
RB960 WNDR4300
RB962 WNDR4300-TN
RB1100 UTM50
RB1200
RB2011
RB3011
RB Groove
RB Omnitik
STX5

AT&T, Sprint, Verizon, T-Mobile US pledge, again, to not sell your location to shady geezers. Sorry, we don’t believe them

…and neither should you!

QUOTE

US cellphone networks have promised – again – that they will stop selling records of their subscribers’ whereabouts to anyone willing to cough up cash.

In a statement on Thursday, AT&T said: “In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services – even those with clear consumer benefits,” adding: “We are immediately eliminating the remaining services and will be done in March.”

That same March deadline was referenced by T-Mobile US’s CEO John Legere who had promised last June to end the sale of subscribers’ private location data. Legere tweeted this week: “T-Mobile is completely ending location aggregator work. We’re doing it the right way to avoid impacting consumers who use these types of services for things like emergency assistance. It will end in March, as planned and promised.”

While there is money to be made and no law preventing it, it is a virtual certainty that AT&T and others will figure out a way to profit from selling their customers’ private data. Last time around, FCC boss Ajit Pai refused to investigate the matter, and while there has been no response from Pai on the renewed calls for an investigation thanks to the partial US government shutdown, it is a virtual certainly that he will continue his pro-telco agenda and stay away from the issue.

Meanwhile, pressure grows in Congress to introduce a privacy law – an American version of Europe’s GDPR – especially in the light of abuses by Facebook and others. But that process is very far from certain given that many of the companies that benefit most from selling user data are also some of the most powerful and generous lobbyists in Washington DC.

Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted

Just maybe, I am not saying for sure, but just maybe, that reason for such stupidity is the companies like Marriot are hiring too many newbies to save money and ignoring the more senior members of the IT community. Or maybe that there is no real hard financial penalties for breaches. Maybe both.

But the real story here is not only Marriot, but the continued onslaught from China. No surprise.

Quote

WASHINGTON — Marriott International said on Friday that the biggest hacking of personal information in history was not quite as big as first feared, but for the first time conceded that its Starwood hotel unit did not encrypt the passport numbers for roughly five million guests. Those passport numbers were lost in an attack that many outside experts believe was carried out by Chinese intelligence agencies.

What made the Starwood attack different was the presence of passport numbers, which could make it far easier for an intelligence service to track people who cross borders. That is particularly important in this case: In December, The New York Times reported that the attack was part of a Chinese intelligence gathering effort that, reaching back to 2014, also hacked American health insurers and the Office of Personnel Management, which keeps security clearance files on millions of Americans.

Taken together, the attack appeared to be part of a broader effort by China’s Ministry of State Security to compile a huge database of Americans and others with sensitive government or industry positions — including where they worked, the names of their colleagues, foreign contacts and friends, and where they travel.

“Big data is the new wave for counterintelligence,” James A. Lewis, a cybersecurity expert who runs the technology policy program at the Center for Strategic and International Studies in Washington, said last month.

One top official of the Chinese Ministry of State Security was arrested in Belgium late last year and extradited to the United States on charges of playing a central role in the hacking of American defense-related firms, and others were identified in a Justice Department indictment in December. But those cases were unrelated to the Marriott attack, which the F.B.I. is still investigating.

China has denied any knowledge of the Marriott attack. In December, Geng Shuang, a spokesman for its Ministry of Foreign Affairs, said, “China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law.”

Do make me laugh

The Marriott investigation has revealed a new vulnerability in hotel systems: What happens to passport data when a customer makes a reservation or checks into a hotel, usually abroad, and hands over a passport to the desk clerk. Marriott said for the first time that 5.25 million passport numbers were kept in the Starwood system in plain, unencrypted data files — meaning they were easily read by anyone inside the reservation system. An additional 20.3 million passport numbers were kept in encrypted files, which would require a master encryption key to read. It is unclear how many of those involved American passports, and how many come from other countries.

Yes you read that correctly. Morons asleep at the switch

Marriott said for the first time that 5.25 million passport numbers were kept in the Starwood system in plain, unencrypted data files — meaning they were easily read by anyone inside the reservation system.

It was not immediately clear why some numbers were encrypted and others were not — other than that hotels in each country, and sometimes each property, had different protocols for handling the passport information. Intelligence experts note that American intelligence agencies often seek the passport numbers of foreigners they are tracking outside the United States, which may explain why the United States government has not insisted on stronger encryption of passport data worldwide.

Asked how Marriott was handling the information now that it has merged Starwood’s data into the Marriott reservations system — a merger that was just completed at the end of 2018 — Connie Kim, a company spokeswoman, said: “We are looking into our ability to move to universal encryption of passport numbers and will be working with our systems vendors to better understand their capabilities, as well as reviewing applicable national and local regulations.”


“We are looking into our ability to move to universal encryption of passport numbers and will be working with our systems vendors to better understand their capabilities, as well as reviewing applicable national and local regulations.”

 

Which means 1) they are still NOT encrypted and 2) They need to fire the person(s) managing the vendors and the vendors themselves (assuming vendors haven’t been screaming at Marriot to do something which may indeed be plausible.)

The State Department issued a statement last month telling passport holders not to panic, because the number alone would not enable someone to create a fake passport. Marriott has said it would pay for a new passport for anyone whose passport information, hacked from their systems, was found to be involved in a fraud. But that was something of a corporate sleight of hand, since it provided no coverage for guests who wanted a new passport simply because their data had been taken by foreign spies.

So far the company has ducked addressing that issue by saying it has no evidence about who the attackers were, and the United States has not formally accused China in the case. But private cyberintelligence groups that have looked at the breach have seen strong parallels with the other, Chinese-related attacks underway at the time. The company’s president and chief executive, Arne Sorenson, has not answered questions about the hacking in public, and Marriott said he was traveling and declined a request from The Times to talk about hacking.

The company also said that about 8.6 million credit and debit cards were “involved” in the incident, but those are all encrypted — and all but 354,000 cards had expired by September 2018, when the hacking, which went on for years, was discovered.

So far, there are no known cases in which stolen passport or credit card information was found in fraudulent transactions. But to cyberattack investigators, that is just another sign that the hacking was conducted by intelligence agencies, not criminals. The agencies would want to use the data for their own purposes — building databases and tracking government or industrial surveillance targets — rather than exploiting the data for economic profit.

Idiots, And the U.S. and State Governments are just as culpable. We need very strong laws that mandate extremely stiff penalties for breaches.

Depression in girls linked to higher use of social media

Is anyone surprised?
Quote

Research suggests link between social media use and depressive symptoms was stronger for girls compared with boys

Girls’ much-higher rate of depression than boys is closely linked to the greater time they spend on social media, and online bullying and poor sleep are the main culprits for their low mood, new research reveals.


It found that many girls spend far more time using social media than boys, and also that they are much more likely to display signs of depression linked to their interaction on platforms such as Instagram, WhatsApp and Facebook.

As many as three-quarters of 14-year-old girls who suffer from depression also have low self-esteem, are unhappy with how they look and sleep for seven hours or less each night, the study found.

“Girls, it seems, are struggling with these aspects of their lives more than boys, in some cases considerably so,” said Prof Yvonne Kelly, from University College London, who led the team behind the findings.

The results prompted renewed concern about the rapidly accumulating evidence that many more girls and young women exhibit a range of mental health problems than boys and young men, and about the damage these can cause, including self-harm and suicidal thoughts.

The study is based on interviews with almost 11,000 14-year-olds who are taking part in the Millennium Cohort Study, a major research project into children’s lives.

It found that many girls spend far more time using social media than boys, and also that they are much more likely to display signs of depression linked to their interaction on platforms such as Instagram, WhatsApp and Facebook.

Google shifted $23bn to tax haven Bermuda in 2017, filing shows

“Do No Harm” …errh should be “behave like pigs”

Quote
Google’s owner, Alphabet, has seen an effective tax rate in the single digits on non-US profits for more than a decade.

Google moved €19.9bn ($22.7bn) through a Dutch shell company to Bermuda in 2017, as part of an arrangement that allows it to reduce its foreign tax bill, according to documents filed at the Dutch chamber of commerce.

The amount channelled through Google Netherlands Holdings BV was about €4bn more than in 2016, the documents, filed on 21 December, showed.

“We pay all of the taxes due and comply with the tax laws in every country we operate in around the world,” Google said in a statement.

“Google, like other multinational companies, pays the vast majority of its corporate income tax in its home country, and we have paid a global effective tax rate of 26% over the last 10 years.”

For more than a decade the arrangement has allowed Google’s owner, Alphabet, to enjoy an effective tax rate in the single digits on its non-US profits, about a quarter of the average tax rate in its overseas markets.

The subsidiary in the Netherlands is used to shift revenue from royalties earned outside the US to Google Ireland Holdings, an affiliate based in Bermuda, where companies pay no income tax.

The tax strategy, known as the “double Irish, Dutch sandwich”, is legal and allows Google to avoid triggering US income taxes or European withholding taxes on the funds, which represent the bulk of its overseas profits.

However, under pressure from the European Union and the United States, Ireland in 2014 decided to phase out the arrangement, ending Google’s tax advantages in 2020.

Google Netherlands Holdings BV paid €3.4m in taxes in the Netherlands in 2017, the documents showed, on a gross profit of €13.6m.

Asleep at the Switch

Quote

Facebook Data Scandals Stoke Criticism That a Privacy Watchdog Too Rarely Bites

Last spring, soon after Facebook acknowledged that the data of tens of millions of its users had improperly been obtained by the political consulting firm Cambridge Analytica, a top enforcement official at the Federal Trade Commission drafted a memo about the prospect of disciplining the social network.

Lawmakers, consumer advocates and even former commission officials were clamoring for tough action against Facebook, arguing that it had violated an earlier F.T.C. consent decree barring it from misleading users about how their information was shared.

But the enforcement official, James A. Kohm, took a different view. In a previously undisclosed memo in March, Mr. Kohm — echoing Facebook’s own argument — cautioned that Facebook was not responsible for the consulting firm’s reported abuses. The social network seemed to have taken reasonable steps to address the problem, he wrote, according to someone who read the memo, and most likely had not broken its promises to the F.T.C.

“They have been asleep at the switch,” said Senator Richard Blumenthal, the Connecticut Democrat and ranking member of the subcommittee charged with overseeing the agency.

The Cambridge Analytica data leak set off a reckoning for Facebook and a far-reaching debate about the tech industry, which has collected more information about more people than almost any other in history. At the same time, the F.T.C., which is investigating Facebook, is under growing attack for what critics say is a systemic failure to police Silicon Valley’s giants and their enormous appetite for personal data.

Almost alone among industrialized nations, the United States has no basic consumer privacy law. The F.T.C. serves as the country’s de facto privacy regulator, relying on more limited rules against deceptive trade practices to investigate Google, Twitter and other tech firms accused of misleading people about how their information is used.

But many in Washington view the agency as a watchdog that too rarely bites. In more than 40 interviews, former and current F.T.C. officials, lawmakers, Capitol Hill staff members, and consumer advocates said that as evidence of abuses has piled up against tech companies, the F.T.C. has been too cautious. Now, as the Trump administration and Congress debate whether to expand the agency and its authority over privacy violations, the Facebook inquiry looms as a referendum on the F.T.C.’s future.

“They have been asleep at the switch,” said Senator Richard Blumenthal, the Connecticut Democrat and ranking member of the subcommittee charged with overseeing the agency. “It’s a lack of will even more than paucity of resources.”

Long Overdue: It is time for the US to develop strong data privacy along the lines of the EU GDPR ( General Data Protection Regulation). It is also time for US “Netizens” to demand strong data privacy protect laws with extremely stiff penalties for non compliance.

BOGUS SCIENCE: Facebook Takes On Tricky Public Health Role

Among the other 100s of reasons, it is time to stop using Facebook.

A police officer on the late shift in an Ohio town recently received an unusual call from Facebook.

Earlier that day, a local woman wrote a Facebook post saying she was walking home and intended to kill herself when she got there, according to a police report on the case. Facebook called to warn the Police Department about the suicide threat.

The officer who took the call quickly located the woman, but she denied having suicidal thoughts, the police report said. Even so, the officer believed she might harm herself and told the woman that she must go to a hospital — either voluntarily or in police custody. He ultimately drove her to a hospital for a mental health work-up, an evaluation prompted by Facebook’s intervention. (The New York Times withheld some details of the case for privacy reasons.)
….

Facebook has computer algorithms that scan the posts, comments and videos of users in the United States and other countries for indications of immediate suicide risk. When a post is flagged, by the technology or a concerned user, it moves to human reviewers at the company, who are empowered to call local law enforcement.

“In the last year, we’ve helped first responders quickly reach around 3,500 people globally who needed help,” Mr. Zuckerberg wrote in a November post about the efforts.

But other mental health experts said Facebook’s calls to the police could also cause harm — such as unintentionally precipitating suicide, compelling nonsuicidal people to undergo psychiatric evaluations, or prompting arrests or shootings.

And, they said, it is unclear whether the company’s approach is accurate, effective or safe. Facebook said that, for privacy reasons, it did not track the outcomes of its calls to the police. And it has not disclosed exactly how its reviewers decide whether to call emergency responders. Facebook, critics said, has assumed the authority of a public health agency while protecting its process as if it were a corporate secret.

Yes you read that right. “Facebook said that, for privacy reasons, it did not track the outcomes of its calls to the police.” B.S. — how about formal clinical trials like the rest of the medical world? Their algorithm should get FDA approval first at a minimum.

“It’s hard to know what Facebook is actually picking up on, what they are actually acting on, and are they giving the appropriate response to the appropriate risk,” said Dr. John Torous, director of the digital psychiatry division at Beth Israel Deaconess Medical Center in Boston. “It’s black box medicine.”


“In this climate in which trust in Facebook is really eroding, it concerns me that Facebook is just saying, ‘Trust us here,’” said Mr. Marks, a fellow at Yale Law School and New York University School of Law.

Right – Trust Facebook? Never. I submit the real reason that miscreant Zuckerberg is doing this is that it is now well known that a plausible link exists between increased social media use and depression and suicide. Just say no to Facebook.

2012 – Social Media and Suicide: A Public Health Perspective

2017 – The Risk Of Teen Depression And Suicide Is Linked To Smartphone Use