33 stories

From temptation to sextortion: Inside the fake Facebook profile industry

1 Share

Wednesday, Sept. 6, 2017, around 3 p.m. (France local time).

I’ve just uncovered the most important element of the entire investigation. It’s a photo of a group of friends on Facebook, really nothing special. However, this photo, and the comments under it, allow me to finally confirm the identity of one of the men behind the network.

Then, like in a movie, a few seconds after having taken a few screengrabs, everything disappears. A dozen of the most popular fake accounts in the network go offline.

It’s a total blackout, as if someone knows I’m getting closer to the truth.

Let’s call him “Mehdi.” His name has been popping up in my notes for months. He’s the moderator of a private Facebook group that has more than 600,000 members, and which is often used by the network’s fake profiles to drive traffic. The other moderators of the group are all fake profiles. Everything points to Mehdi.

Then, one day, I find this picture from September 2016, where he made a serious mistake.

One of Mehdi’s friends publishes a group photo and tags her friends, including Mehdi. I recognize him in the picture. But when I put my mouse cursor on Mehdi’s face, I see that he’s not tagged using his name. His face is tagged to Amandine Ponticaud, one of the biggest fake profiles in the network.

A photo published on Facebook. We see 10 young people, 5 women and 5 men. Their faces are blurred. On the right, we see Pablo and Mehdi, two of the administrators of the network.

In the comments, a guy started making fun of Mehdi. Mehdi answered back. But he did so with Amandine’s profile, not his own.

What follows is a flurry of insults between the guy and Mehdi. Mehdi finds a picture of the guy’s mother on his Facebook profile and says he’s going to use it “in his next porno post.” Remember that bait accounts use fake porno links to trap its victims.

Tired of the abuse, the guy blocks Amandine’s profile. But then Mehdi jumps back into the fray, this time under the name Léa Pierné – another fake account in the network. The guy blocks this account, and Mehdi comes back again with yet another of the network’s fake profiles, Isabelle Bekaert.

It’s clear, then, that Mehdi had, in September 2016 at least, access to these three fake profiles, which are some of the keystones of the network. He even admits to publishing “porno links.”

In fact, in the comment section of a July 2017 post by the network, these three same fake profiles were used to give the illusion that people had watched a supposed porno video.

A conversation that took place in the comments section underneath one of the network's posts. Four of the network's fake profiles write that they downloaded the alleged pornographic video linked to by the post.

The Marseille gang

Where things become interesting is when we search for Mehdi’s name on Google. Because, you see, he seems to have been doing this for quite some time. His name pops up on video game forums in France.

Since 2012, forum users have wanted to get him kicked off Facebook. Why? They said he shares “fake accounts” that publish “pictures stolen from chicks’ accounts.” In July 2012, some users banded together in a systematic campaign to flag Mehdi’s Facebook profile.

In these old forum posts, another man is also named, purported to be Mehdi’s partner. We’ll call him “Pablo.” He does seem to be Facebook friends with other people involved in the network. Mehdi and Pablo seem to come from southern France, around the city of Marseille.

By snooping a bit, I found two ads – one published by Pablo, the other by Mehdi – published on the listings website Webfrance in April 2015. In both ads, Mehdi and Pablo try to sell the same Facebook page, now defunct, which had, at the time, 280,000 subscribers. A person writes in the comments that they were scammed “three times” by Pablo, who had tried to sell him “fake accounts.”

In another ad, Pablo says he wants to “quit social media to concentrate on real life.” He says he’s selling three Facebook pages, with 280,000, 129,000 and 70,000 active subscribers. He uses an email address that includes Mehdi’s name in his ad.

Caught red-handed

Here’s where the story takes an unexpected turn. By searching for Pablo’s name on Facebook, I stumble upon a very strange page. It’s in Pablo’s name and uses his face as a profile picture.

On July 10, 2013, the page simultaneously published 373 pictures in the same public album, accessible to all. These images seem to be screengrabs from computers and mobile phones. In these screengrabs, we can see the inner workings of a sextortion ring of fake accounts.

In this album, we can see pictures of young women, some more explicit than others; anything one would need to, say, create a fake profile to scam men.

We can also see statistics of the engagement created by several Facebook pages supposedly belonging to pretty young girls.

What’s more, we see a screengrab of a Facebook chat window, where Mehdi asks a friend to make him administrator of a page. “I’m gonna scam a dude and I just told him that I was admin,” he writes. Mehdi gloats a few minutes later that the scam worked.

There’s also a screengrab of a PayPal transfer worth 500 euros ($740 CDN).

Then come a series of four incriminating screengrabs where we see – beyond doubt – a person carrying out a sextortion scam.

It’s the classic setup: make a man believe that he’s talking to a woman so that he gets naked in front of the camera, then take screengrabs of the exchange to blackmail him.

n the image, we see a Skype video conversation. The owner of the computer is chatting with a man. This man is naked and masturbating. In the small window which usually shows a Skype user what his chat partner is seeing, we see a nude woman masturbating on a bed.

However, behind the Skype window, we can also see that this user is using a computer program to display pornographic videos on Skype, to give his victim the illusion that he is interacting with a woman. In the background, we can see that this user has at least two videos of the same nude woman, which he can display in his Skype window.

I can’t be absolutely certain where these screengrabs come from. It would be very unlikely that someone could manage to fake 373 images to try and make Pablo look bad. Were these screengrabs obtained through a hack? Were they uploaded by mistake by someone working for the network? It’s impossible to know.

Still, it would be a curiously improbable coincidence that screengrabs showing the inner workings of a sextortion ring would be published to a Facebook page bearing Pablo’s name, when he seems to be at the center of a network which does exactly that type of activity.

Pablo and Mehdi both ignored multiple attempts to contact them. However, my colleague Marie-Eve talked to two (real) young women who had participated in the network’s activities by sharing posts from fake profiles. Both confirmed that the network is used to make money. One of them said that she made 10,000 euros ($14,800 CDN) in a single month by “sharing links on Facebook.” She also claimed that the network was based in France, Spain and Italy. Both women abruptly ended all communication with us after initially agreeing to an interview.

Shortly after this, the fake profiles started disappearing. It’s probably no coincidence that the profiles to which Mehdi had access in 2016 disappeared as well.

To me, it’s clear that Pablo and Mehdi are not running this network by themselves. What we’re seeing is most likely several different interconnected networks that co-operate to attract a mutually beneficial audience. Another part of the network, based in northern France and Belgium, seems to run a slightly different scheme, using fake profiles to attract men towards Snapchat accounts. These accounts seem to be running a cyberprostitution ring. But that’s a story for another day.

With regards to the network run by Pablo and Mehdi, its disappearance – which is probably only temporary – allowed me to better understand its scope. The profiles seem to have been deactivated rather than deleted outright. What’s more, Snapchat accounts related to some of the fake Facebook profiles run by the network have continued sharing fake pornography links, using the same tactic as on Facebook.

A young woman in underwear lying on her stomach on a bed. We do not see her face.
« I was alone at home, I made a hot video... Who wants to see it? Slide the screen up. »

- Émilie Hébert

After having analyzed the HTML code of the webpages from which these links stem, I was able to determine that the network uses a CPA (Cost Per Action) marketing service. By entering a script on a webpage, the network automatically redirects its victims towards fraudulent dating sites, where they’re asked to enter their personal details, including their credit card numbers.

From what I’ve been able to see on the CPA company’s webpage, the network can make up to 28 euros every time someone they sent to the dating site signs up. When we know some of these links can generate thousands of likes and comments on Facebook and that their potential audience can be in the tens or even hundreds of thousands of people, the money that can be made this way is substantial. If we believe what we see on his Snapchat and Instagram accounts, Mehdi seems to be living the life of a globetrotter these days – an expensive hobby.

Are Mehdi and Pablo behind everything that goes on in the network, from A to Z? It would be impossible to tell. Perhaps the network “rents” its audience to fraudsters in exchange for a cut of the profits. Or maybe fraudsters have found out that the network’s posts are perfect hunting grounds. What we know, though, is that the entire process is in place, and it seems to be working well.

And what about Béatrice in all of this?

She seems well, but I never managed to find out who’s behind her profile. She recently stopped sharing sexy pictures.

She started her old scheme again, sharing pictures of sick or handicapped people.

Let's block ads! (Why?)

Read the whole story
32 days ago
Share this story

An anti-aging strategy that works in mice is about to be tested in humans


Jan van Deursen was baffled by the decrepit-looking transgenic mice he created in 2000. Instead of developing tumours as expected, the mice experienced a stranger malady. By the time they were three months old, their fur had grown thin and their eyes were glazed with cataracts. It took him years to work out why: the mice were ageing rapidly, their bodies clogged with a strange type of cell that did not divide, but that wouldn't die.

That gave van Deursen and his colleagues at Mayo Clinic in Rochester, Minnesota, an idea: could killing off these 'zombie' cells in the mice delay their premature descent into old age? The answer was yes. In a 2011 study, the team found that eliminating these 'senescent' cells forestalled many of the ravages of age. The discovery set off a spate of similar findings. In the seven years since, dozens of experiments have confirmed that senescent cells accumulate in ageing organs, and that eliminating them can alleviate, or even prevent, certain illnesses (see 'Becoming undead'). This year alone, clearing the cells in mice has been shown to restore fitness, fur density and kidney function. It has also improved lung disease and even mended damaged cartilage. And in a 2016 study, it seemed to extend the lifespan of normally ageing mice.

“Just by removing senescent cells, you could stimulate new tissue production,” says Jennifer Elisseeff, senior author of the cartilage paper and a biomedical engineer at Johns Hopkins University in Baltimore, Maryland. It jump-starts some of the tissue's natural repair mechanisms, she says.

This anti-ageing phenomenon has been an unexpected twist in the study of senescent cells, a common, non-dividing cell type first described more than five decades ago. When a cell enters senescence—and almost all cells have the potential to do so—it stops producing copies of itself, begins to belch out hundreds of proteins, and cranks up anti-death pathways full blast. A senescent cell is in its twilight: not quite dead, but not dividing as it did at its peak.

Now biotechnology and pharmaceutical companies are keen to test drugs—known as senolytics—that kill senescent cells in the hope of rolling back, or at least forestalling, the ravages of age. Unity Biotechnology in San Francisco, California, co-founded by van Deursen, plans to conduct multiple clinical trials over the next two-and-a-half years, treating people with osteoarthritis, eye diseases and pulmonary diseases. At Mayo, gerontologist James Kirkland, who took part in the 2011 study, is cautiously beginning a handful of small, proof-of-concept trials that pit senolytic drugs against a range of age-related ailments. “I lose sleep at night because these things always look good in mice or rats, but when you get to people you hit a brick wall,” says Kirkland.

No other anti-ageing elixir has yet cleared that wall, and for a few good reasons. It's next to impossible to get funding for clinical trials that measure an increase in healthy lifespan. And even as a concept, ageing is slippery. The US Food and Drug Administration has not labelled it a condition in need of treatment.

Still, if any of the trials offer “a whiff of human efficacy”, says Unity's president, Ned David, there will be a massive push to develop treatments and to better understand the fundamental process of ageing. Other researchers who study the process are watching closely. Senolytics are “absolutely ready” for clinical trials, says Nir Barzilai, director of the Institute for Aging Research at the Albert Einstein College of Medicine in New York City. “I think senolytics are drugs that could come soon and be effective in the elderly now, even in the next few years.”

Credit: Nature, October 24, 2017, doi:10.1038/550448a

The dark side

When microbiologists Leonard Hayflick and Paul Moorhead coined the term senescence in 1961, they suggested that it represented ageing on a cellular level. But very little research was done on ageing at the time, and Hayflick recalls people calling him an idiot for making the observation. The idea was ignored for decades.

Although many cells do die on their own, all somatic cells (those other than reproductive ones) that divide have the ability to undergo senescence. But, for a long time, these twilight cells were simply a curiosity, says Manuel Serrano of the Institute for Research in Biomedicine in Barcelona, Spain, who has studied senescence for more than 25 years. “We were not sure if they were doing something important.” Despite self-disabling the ability to replicate, senescent cells stay metabolically active, often continuing to perform basic cellular functions.

By the mid-2000s, senescence was chiefly understood as a way of arresting the growth of damaged cells to suppress tumours. Today, researchers continue to study how senescence arises in development and disease. They know that when a cell becomes mutated or injured, it often stops dividing—to avoid passing that damage to daughter cells. Senescent cells have also been identified in the placenta and embryo, where they seem to guide the formation of temporary structures before being cleared out by other cells.

But it wasn't long before researchers discovered what molecular biologist Judith Campisi calls the “dark side” of senescence. In 2008, three research groups, including Campisi's at the Buck Institute for Research on Aging in Novato, California, revealed that senescent cells excrete a glut of molecules—including cytokines, growth factors and proteases—that affect the function of nearby cells and incite local inflammation. Campisi's group described this activity as the cell's senescence-associated secretory phenotype, or SASP. In recent unpublished work, her team identified hundreds of proteins involved in SASPs.

In young, healthy tissue, says Serrano, these secretions are probably part of a restorative process, by which damaged cells stimulate repair in nearby tissues and emit a distress signal prompting the immune system to eliminate them. Yet at some point, senescent cells begin to accumulate—a process linked to problems such as osteoarthritis, a chronic inflammation of the joints, and atherosclerosis, a hardening of the arteries. No one is quite sure when or why that happens. It has been suggested that, over time, the immune system stops responding to the cells.

Surprisingly, senescent cells turn out to be slightly different in each tissue. They secrete different cytokines, express different extracellular proteins and use different tactics to avoid death. That incredible variety has made it a challenge for labs to detect and visualize senescent cells. “There is nothing definitive about a senescent cell. Nothing. Period,” says Campisi.

In fact, even the defining feature of a senescent cell—that it does not divide—is not written in stone. After chemotherapy, for example, cells take up to two weeks to become senescent, before reverting at some later point to a proliferating, cancerous state, says Hayley McDaid, a pharmacologist at Albert Einstein College of Medicine. In support of that idea, a large collaboration of researchers found this year that removing senescent cells right after chemotherapy, in mouse models for skin and breast cancer, makes the cancer less likely to spread.

The lack of universal features makes it hard to take inventory of senescent cells. Researchers have to use a large panel of markers to search for them in tissue, making the work laborious and expensive, says van Deursen. A universal marker for senescence would make the job much easier—but researchers know of no specific protein to label, or process to identify. “My money would be on us never finding a senescent-specific marker,” Campisi adds. “I would bet a good bottle of wine on that.”

Earlier this year, however, one group did develop a way to count these cells in tissue. Valery Krizhanovsky and his colleagues at the Weizmann Institute of Science in Rehovot, Israel, stained tissues for molecular markers of senescence and imaged them to analyse the number of senescent cells in tumours and aged tissues from mice. “There were quite a few more cells than I actually thought that we would find,” says Krizhanovsky. In young mice, no more than 1% of cells in any given organ were senescent. In two-year-old mice, however, up to 20% of cells were senescent in some organs.

But there's a silver lining to these elusive twilight cells: they might be hard to find, but they're easy to kill.

Out with the old

In November 2011, while on a three-hour flight, David read van Deursen and Kirkland's just-published paper about eliminating zombie cells. Then he read it again, and then a third time. The idea “was so simple and beautiful”, recalls David. “It was almost poetic.” When the flight landed, David, a serial biotech entrepreneur, immediately rang van Deursen, and within 72 hours had convinced him to meet to discuss forming an anti-ageing company.

Kirkland, together with collaborators at the Sanford Burnham Medical Research Institute in La Jolla, California, initially attempted a high-throughput screen to quickly identify a compound that would kill senescent cells. But they found it to be “a monumental task” to tell whether a drug was affecting dividing or non-dividing cells, Kirkland recalls. After several failed attempts, he took another tack.

Senescent cells depend on protective mechanisms to survive in their 'undead' state, so Kirkland, in collaboration with Laura Niedernhofer and others from the Scripps Research Institute in Jupiter, Florida, began seeking out those mechanisms. They identified six signalling pathways that prevent cell death, which senescent cells activate to survive.

Then it was just a matter of finding compounds that would disrupt those pathways. In early 2015, the team identified the first senolytics: an FDA-approved chemotherapy drug, dasatinib, which eliminates human fat-cell progenitors that have turned senescent; and a plant-derived health-food supplement, quercetin, which targets senescent human endothelial cells, among other cell types. The combination of the two—which work better together than apart—alleviates a range of age-related disorders in mice.

Ten months later, Daohong Zhou at the University of Arkansas for Medical Sciences in Little Rock and his colleagues identified a senolytic compound now known as navitoclax, which inhibits two proteins in the BCL-2 family that usually help the cells to survive. Similar findings were reported within weeks by Kirkland's lab and Krizhanovsky's lab.

By now, 14 senolytics have been described in the literature, including small molecules, antibodies and, in March this year, a peptide that activates a cell-death pathway and can restore lustrous hair and physical fitness to ageing mice.

So far, each senolytic kills a particular flavour of senescent cell. Targeting the different diseases of ageing, therefore, will require multiple types of senolytics. “That's what's going to make this difficult: each senescent cell might have a different way to protect itself, so we'll have to find combinations of drugs to wipe them all out,” says Niedernhofer. Unity maintains a large atlas documenting which senescent cells are associated with which disease; any weaknesses unique to given kinds of cell, and how to exploit those flaws; and the chemistry required to build the right drug for a particular tissue. There is no doubt that for different indications, different types of drug will need to be developed, says David. “In a perfect world, you wouldn't have to. But sadly, biology did not get that memo.”

For all the challenges, senolytic drugs have several attractive qualities. Senescent cells will probably need to be cleared only periodically—say, once a year—to prevent or delay disease. So the drug is around for only a short time. This type of 'hit and run' delivery could reduce the chance of side effects, and people could take the drugs during periods of good health. Unity plans to inject the compounds directly into diseased tissue, such as a knee joint in the case of osteoarthritis, or the back of the eye for someone with age-related macular degeneration.

And unlike cancer, in which a single remaining cell can spark a new tumour, there's no need to kill every senescent cell in a tissue: mouse studies suggest that dispatching most of them is enough to make a difference. Finally, senolytic drugs will clear only senescent cells that are already present—they won't prevent the formation of such cells in the future, which means that senescence can continue to perform its original tumour-suppressing role in the body.

Those perks haven't convinced everybody of the power of senolytics. Almost 60 years after his initial discovery, Hayflick now believes that ageing is an inexorable biophysical process that cannot be altered by eliminating senescent cells. “Efforts to interfere with the ageing process have been going on since recorded human history,” says Hayflick. “And we know of nothing—nothing—that has demonstrated to interfere with the ageing process.”

Fans of senolytics are much more optimistic, emboldened by recent results. Last year, van Deursen's lab went beyond its tests on super-aged mice and showed that killing off senescent cells in normally ageing mice delayed the deterioration of organs associated with ageing, including the kidney and heart. And—to the joy of anti-ageing enthusiasts everywhere—it extended the animals' median lifespan by about 25%.

Successful results from mouse studies have already lured seven or eight companies into the field, Kirkland estimates. At Mayo, one clinical trial has opened, pitting dasatinib and quercetin in combination against chronic kidney disease. Kirkland plans to try other senolytics against different age-related diseases. “We want to use more than one set of agents across the trials and look at more than one condition,” he says.

If eliminating senescent cells in humans does improve age-related illnesses, researchers will aim to create broader anti-ageing therapies, says David. In the meantime, researchers in the field insist that no one should take these drugs until proper safety tests in humans are complete. In rodents, senolytic compounds have been shown to delay wound healing, and there could be additional side effects. “It's just too dangerous,” says Kirkland.

Van Deursen says that continuing to answer basic biological questions is the field's best shot at success. “Only then will we be able to understand what ageing really is, and how we can, in an intelligent way, interfere with it.”

This article is reproduced with permission and wasfirst publishedon October 24, 2017.

Let's block ads! (Why?)

Read the whole story
47 days ago
48 days ago
Share this story

Congress votes to disallow consumers from suing Equifax

1 Share

The Senate voted late Wednesday night to strike a federal rule that would have allowed consumers affected by the Equifax hack to sue the company. Without it, the millions affected by the historic security breach may be disallowed from related joining class action lawsuits. This specific rule, and only this rule, would be nullified if the joint resolution is signed by the President.

The vote was 50/50, with the tie-breaking aye cast by Vice President Pence.

The rule in question was entered into the Federal Register by the Bureau of Consumer Financial Protection in July; it prevents financial companies that bind their users by arbitration agreements from prohibiting those same users from suing as a class.

The final rule prohibits covered providers of certain consumer financial products and services from using an agreement with a consumer that provides for arbitration of any future dispute between the parties to bar the consumer from filing or participating in a class action concerning the covered consumer financial product or service.

That’s exactly like what the terms of Equifax’s services included when users went to the company’s site to see if they were affected by the hack. Although the site in question appears to have been essentially useless, it shunted users into an Equifax-provided service with terms that bound disputes to be resolved via arbitration.

Equifax later modified some of its terms to remove the arbitration clause, and also indicated in its TrustedID service FAQ that the clause “applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

Nevertheless, it’s very unclear just what users may or may not have signed up for, and to what degree Equifax is protected by these terms. Arbitration agreements have been effective before in preventing class action lawsuits. The BCFP rule was made to prevent major incidents like this one from having their legal repercussions partly nullified;

H.J. Res. 111 was introduced on July 20, the day after the rule above was instituted. Its entire purpose is to disapprove of that specific rule.

It passed the House on July 25 231-190, split right down party lines except for one defecting Republican who voted nay with the Democrats. In the Senate, it was split 50/50, with two Republicans — Louisiana’s John Neely Kennedy and South Carolina’s Lindsay Graham — joining the Democrats with nays. The VP broke the tie and the Joint Resolution passed shortly before 10PM Eastern time. The Monopoly Man was not present.

It’s not entirely clear what effect, if any, this would have on the Equifax situation specifically, since the company has voluntarily limited the scope of its arbitration terms, although clearly it is a serious blow to consumer protections at large.

Let's block ads! (Why?)

Read the whole story
52 days ago
Share this story

Why ProtonMail is more secure than Gmail

1 Share

ProtonMail is an encrypted email service that takes a radically different approach to email security. Find out how ProtonMail compares to Gmail.

In 2014, ProtonMail became the world’s first email service to protect data with end-to-end encryption, and today is the world’s most popular secure email service with millions of users worldwide. ProtonMail’s technology is often misunderstood by tech writers (and sometimes incorrectly represented in the press), so this article aims to provide a clear description of how ProtonMail’s technology is different from Gmail, and what makes ProtonMail more secure.

Only you can read your emails

ProtonMail’s encryption means that nobody but you can read the messages in your mailbox. In fact, not even ProtonMail has the ability to read your messages. We believe that your private communications should be exactly that: private. On the other hand, Gmail can and does read every single one of your emails. If you are not comfortable giving Google unlimited access to all of your intimate communications, then ProtonMail’s approach to data privacy provides more security.

Improved security in the event of a data breach

ProtonMail uses Zero Knowledge Encryption, which means it is technically impossible for us to decrypt user messages. Zero Knowledge Encryption applies to all messages in your mailbox, even messages which did not come from other ProtonMail users.

This provides stronger security compared to Gmail because even if ProtonMail were somehow breached, user messages remain secure because ProtonMail only stores encrypted messages. In other words, if an attacker steals emails from ProtonMail, the attacker would not have the ability to decrypt them, as even ProtonMail cannot decrypt them. The use of Zero Knowledge Encryption therefore adds a strong layer of resiliency against catastrophic data breaches.

No tracking and logging

Google records literally every action done by its users. This includes your IP address, every search that you do, which emails you open, which websites you visit, and much more. ProtonMail takes the opposite approach and by default, does not monitor or record user activity, not even IP addresses.

Encryption for messages in transit

In addition to the security of emails at rest, one also needs to consider the security of emails in transit. Both ProtonMail and Gmail provide extra protection by using TLS encryption whenever possible when communicating with external email providers. However, ProtonMail goes one step further by also supporting end-to-end encryption.

In simple terms, end-to-end encryption means that messages are encrypted on the sender’s device (before it even leaves their computer or mobile phone), and can only be decrypted by the recipient on their device. This means that no third party which transmits or intercepts the email between the sender and recipient (i.e. internet service providers, the NSA, or even ProtonMail as the mail server operator) can decrypt and view the message.

This powerful protection is possible because ProtonMail has PGP email encryption built-in. End-to-end encryption is done automatically without user interaction whenever messages are exchanged between ProtonMail users. For an enterprise using ProtonMail for their email hosting, this means all communications between employees are automatically protected with end-to-end encryption. ProtonMail can also support sending/receiving end-to-end encrypted messages with recipients who are not using ProtonMail. The use of end-to-end encryption makes ProtonMail a better choice for security conscious individuals and organizations.

Smaller attack surface

ProtonMail only provides email and VPN services, so your Proton account is not connected to hundreds of other services. Compared to Google, ProtonMail is a much smaller target, and there is less risk that a vulnerability in another service breaches your email account.

One might argue that Gmail is more secure because it is a gigantic company with more engineers. However, there is ample evidence that demonstrates that security is not correlated to company size. In fact, large companies often are the most vulnerable due to larger attack surfaces, Yahoo and Equifax being two recent examples. There is no such thing as 100% security and history has shown that any system can be breached. ProtonMail’s unique ability to protect user data even in the event of a breach is a valuable benefit.

Strong authentication

ProtonMail uses Secure Remote Password in order to protect user credentials. This makes it difficult to conduct a brute force attack to obtain user credentials, even if the attacker has control over the victim’s network. Both Gmail and ProtonMail support two factor authentication (2FA), which provides an additional layer of security by requiring that an unique code be entered on each login (the code is usually generated on a separate hardware device). However, ProtonMail goes a step further by only using strong 2FA methods, and disallowing weaker methods such as 2FA over SMS.

Protected by Swiss and European privacy laws

ProtonMail stores user data exclusively in European countries with strong privacy protections such as Switzerland. This means that unlike Gmail, ProtonMail does not fall under the jurisdiction of intrusive US laws (such as the Foreign Intelligence Surveillance Act), and cannot be coerced into working for the NSA. With ProtonMail, you can be certain that your data always remains in Europe, in full compliance with EU privacy regulations.ProtonMail’s approach makes us compliant with Article 25 of the EU General Data Protection Regulation (GDPR) which mandates that services adhere to the principle of Privacy by Design.

Zero knowledge encryption means that even if a complaint is brought in a Swiss court that meet the high requirements for data disclosure, only encrypted emails could be handed over. As a Swiss company, ProtonMail cannot be forced to hand over data in cases of US or EU civil litigation. Thus, even if you don’t care about privacy, ProtonMail is still the ideal choice for businesses, journalists, activists, and individuals who are worried about the overreach of US government agencies or courts.

No conflict of interest

In addition to the technological and legal differences, ProtonMail and Gmail also have very different business practices. Whereas Gmail was created to lock users into the world’s largest and most invasive advertising platform, ProtonMail was created with the goal of protecting privacy rights and democracy in the digital age.

Google makes money by providing Gmail and other services for free in order to acquire personal data, which it then sells to advertisers. On the other hand, ProtonMail first priority is always user privacy, because our only customers are our users – not advertisers. Thus, choosing between Gmail and ProtonMail is also a personal choice: Do you want to sacrifice your privacy or instead use a service that respects privacy?


Both Gmail and ProtonMail provide email accounts, but that’s where the similarities end. In terms of technology, legal protection, and position on privacy rights, the two services diverge widely.If you just want an email account, either service will meet your needs. If email security, and in particular privacy is important to you, then you should consider ProtonMail as a Gmail alternative.

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

Let's block ads! (Why?)

Read the whole story
54 days ago
Share this story

Gluon – Deep Learning API from AWS and Microsoft

1 Share

Post by Dr. Matt Wood

Today, AWS and Microsoft announced Gluon, a new open source deep learning interface which allows developers to more easily and quickly build machine learning models, without compromising performance.

Gluon Logo

Gluon provides a clear, concise API for defining machine learning models using a collection of pre-built, optimized neural network components. Developers who are new to machine learning will find this interface more familiar to traditional code, since machine learning models can be defined and manipulated just like any other data structure. More seasoned data scientists and researchers will value the ability to build prototypes quickly and utilize dynamic neural network graphs for entirely new model architectures, all without sacrificing training speed.

Gluon is available in Apache MXNet today, a forthcoming Microsoft Cognitive Toolkit release, and in more frameworks over time.

Neural Networks vs Developers
Machine learning with neural networks (including ‘deep learning’) has three main components: data for training; a neural network model, and an algorithm which trains the neural network. You can think of the neural network in a similar way to a directed graph; it has a series of inputs (which represent the data), which connect to a series of outputs (the prediction), through a series of connected layers and weights. During training, the algorithm adjusts the weights in the network based on the error in the network output. This is the process by which the network learns; it is a memory and compute intensive process which can take days.

Deep learning frameworks such as Caffe2, Cognitive Toolkit, TensorFlow, and Apache MXNet are, in part, an answer to the question ‘how can we speed this process up? Just like query optimizers in databases, the more a training engine knows about the network and the algorithm, the more optimizations it can make to the training process (for example, it can infer what needs to be re-computed on the graph based on what else has changed, and skip the unaffected weights to speed things up). These frameworks also provide parallelization to distribute the computation process, and reduce the overall training time.

However, in order to achieve these optimizations, most frameworks require the developer to do some extra work: specifically, by providing a formal definition of the network graph, up-front, and then ‘freezing’ the graph, and just adjusting the weights.

The network definition, which can be large and complex with millions of connections, usually has to be constructed by hand. Not only are deep learning networks unwieldy, but they can be difficult to debug and it’s hard to re-use the code between projects.

The result of this complexity can be difficult for beginners and is a time-consuming task for more experienced researchers. At AWS, we’ve been experimenting with some ideas in MXNet around new, flexible, more approachable ways to define and train neural networks. Microsoft is also a contributor to the open source MXNet project, and were interested in some of these same ideas. Based on this, we got talking, and found we had a similar vision: to use these techniques to reduce the complexity of machine learning, making it accessible to more developers.

Enter Gluon: dynamic graphs, rapid iteration, scalable training
Gluon introduces four key innovations.

  1. Friendly API: Gluon networks can be defined using a simple, clear, concise code – this is easier for developers to learn, and much easier to understand than some of the more arcane and formal ways of defining networks and their associated weighted scoring functions.
  2. Dynamic networks: the network definition in Gluon is dynamic: it can bend and flex just like any other data structure. This is in contrast to the more common, formal, symbolic definition of a network which the deep learning framework has to effectively carve into stone in order to be able to effectively optimizing computation during training. Dynamic networks are easier to manage, and with Gluon, developers can easily ‘hybridize’ between these fast symbolic representations and the more friendly, dynamic ‘imperative’ definitions of the network and algorithms.
  3. The algorithm can define the network: the model and the training algorithm are brought much closer together. Instead of separate definitions, the algorithm can adjust the network dynamically during definition and training. Not only does this mean that developers can use standard programming loops, and conditionals to create these networks, but researchers can now define even more sophisticated algorithms and models which were not possible before. They are all easier to create, change, and debug.
  4. High performance operators for training: which makes it possible to have a friendly, concise API and dynamic graphs, without sacrificing training speed. This is a huge step forward in machine learning. Some frameworks bring a friendly API or dynamic graphs to deep learning, but these previous methods all incur a cost in terms of training speed. As with other areas of software, abstraction can slow down computation since it needs to be negotiated and interpreted at run time. Gluon can efficiently blend together a concise API with the formal definition under the hood, without the developer having to know about the specific details or to accommodate the compiler optimizations manually.

The team here at AWS, and our collaborators at Microsoft, couldn’t be more excited to bring these improvements to developers through Gluon. We’re already seeing quite a bit of excitement from developers and researchers alike.

Getting started with Gluon
Gluon is available today in Apache MXNet, with support coming for the Microsoft Cognitive Toolkit in a future release. We’re also publishing the front-end interface and the low-level API specifications so it can be included in other frameworks in the fullness of time.

You can get started with Gluon today. Fire up the AWS Deep Learning AMI with a single click and jump into one of 50 fully worked, notebook examples. If you’re a contributor to a machine learning framework, check out the interface specs on GitHub.

-Dr. Matt Wood

Let's block ads! (Why?)

Read the whole story
65 days ago
Share this story

Changes in Password Best Practices

2 Comments and 23 Shares

NIST recently published its four-volume SP800-63-3 Digital Identity Guidelines. Among other things, it makes three important suggestions when it comes to passwords:

  1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to use pass phrases.

  2. Stop it with password expiration. That was an old idea for an old way we used computers. Today, don't make people change their passwords unless there's indication of compromise.

  3. Let people use password managers. This is how we deal with all the passwords we need.

These password rules were failed attempts to fix the user. Better we fix the security systems.

Read the whole story
66 days ago
67 days ago
Share this story
2 public comments
67 days ago
A meeting recently:
Developer Team: Our passwords require special characters, and max out at 30 characters.
Me: Why on EARTH did you do any of that? Why do you have a max?
Devs: Because ... it's hard to remember something long? How long do you want it to be?
Me: ... Get rid of the max. Get rid of the special characters.
CIO: Wait. Why do we have passwords at all? Can we link to google/linkedin/facebook and make it their problem? We are not in the security business.
Devs: Yes!
67 days ago
I’ve been happy watching such sensible guidelines make it through the review process
Washington, DC
Next Page of Stories