View previous topic | View next topic

FaceApp Warning

Page 2 of 2
Goto page Previous  1, 2

dr.bob
1327177.  Mon Jul 22, 2019 5:29 am Reply with quote

I'm merely considering whether Willie thinks that the DSTL lacks expertise. As far as I can tell, the original post didn't come from the DSTL. Certainly, any message which starts with "Greetings Teammates" doesn't sound like an official release from a government body.

Maybe PDR can pop by at some point and explain where the message he quoted came from and what relation it has to the DSTL.

 
Willie
1327180.  Mon Jul 22, 2019 5:56 am Reply with quote

PDR wrote:
I think you misunderstand. This wasn't a "general" or "minor" warning. This was a formal security advisory issued to UK List-x companies. This particular one is not classified, although these are not usually put in the public domain. I passed this particular one on because I know there are a lot of social media users on this forum who might benefit from the information.

This isn't some trivial piece of net-gossip, but rather a piece of formal advice originating from the country's cyber-security specialists.

The childish blather deriding the expertise of these organisations is dangerously unhelpful (as well as amusingly inaccurate).

PDR


UK security agencies are regularly putting out advisory notices on issues to do with IT security, some are specific and others are of the think before ho use variety. The latter are mainly teased because the general IT using population of most workplaces get very complacent and tend to forget basic concepts very quickly.

As to being 'dangerously unhelpful', IT is what I do for a living and I am rather more qualified than most people, even on this site, on IT security what with having a degree in the subject.

I have nothing but respect for government IT security agencies, but they do not always give the whole story.


Last edited by Willie on Mon Jul 22, 2019 5:58 am; edited 1 time in total

 
PDR
1327181.  Mon Jul 22, 2019 5:56 am Reply with quote

Maybe PDR just ain't going to bother passing on IT security advisories in future.

PDR

 
Alexander Howard
1327187.  Mon Jul 22, 2019 8:25 am Reply with quote

I recall something similar many years ago when Microsoft of all people put into their terms something along the lines of "and we can use and republish anything you send through our systems". It was then pointed out that every professional user would have to dump Microsoft products in favour of platforms which might respect commercial or client confidentiality, copyright and little details like that. The terms were changed.

 
barbados
1327193.  Mon Jul 22, 2019 9:51 am Reply with quote

dr.bob wrote:
I'm merely considering whether Willie thinks that the DSTL lacks expertise. As far as I can tell, the original post didn't come from the DSTL. Certainly, any message which starts with "Greetings Teammates" doesn't sound like an official release from a government body.

The consideration would appear to me that the DSTL do have the expertise, but the message lacks authority because the warning didn't appear on the DSTL website.
Similarly, when you question the salutation on the email. These have no bearing on the authority of the email because what would have happened is the DSTL team would have emailed their mailing list about their concerns. PDR would not have been part of that list, but the person responsible for the IT security within his organisation would be. It would have been sent to him (other genders are available) for consideration. Then if the person responsible for IT security thought it was a concern worthy of sharing then it would have been distributed to the staff leadership, and then on to the minions at the coal face. That would be the reason for the "greetings teammates".

 
dr.bob
1327194.  Mon Jul 22, 2019 10:17 am Reply with quote

Alexander Howard wrote:
I recall something similar many years ago when Microsoft of all people put into their terms something along the lines of "and we can use and republish anything you send through our systems". It was then pointed out that every professional user would have to dump Microsoft products in favour of platforms which might respect commercial or client confidentiality, copyright and little details like that. The terms were changed.


It's good that Microsoft changed those terms but, as has been discussed upthread, it's not unusual for companies to put all sorts of crazy things in their T's & C's.

Here's a good article on Wired that talks about the current furore around FaceApp. Interestingly it points out that the app was actually launched back in 2017. Back then, security concerns were raised though nobody was massively worried about them. The main source of concern at that time was over FaceApp's "blackface filter" (perhaps unsurprisingly).

The article suggests that the current concern stems more from the app's connections with Russia than any particularly unusual security problems. To make its point it lists a bunch of other, US based, companies that do far worse things with your personal data than FaceApp do but which aren't currently the subject of a media witch-hunt.

 

Page 2 of 2
Goto page Previous  1, 2

All times are GMT - 5 Hours


Display posts from previous:   

Search Search Forums

Powered by phpBB © 2001, 2002 phpBB Group