×
Social Networks

Facebook Now Faces a Massive Backlash. But Will Anything Change? (fortune.com) 175

Slate argues that Facebook "is a normal sleazy company now," saying the company "obscured its problems and fought dirty against its critics" -- but that now its failings are being publicly aired. And Reason provides yet another example: The Times also reveals that Facebook chose to support FOSTA (and its Senate counterpart, SESTA) -- legislation that guts a fundamental protection for digital publishers and platforms, and makes prostitution advertising a federal crime -- not as a matter of principle but as a political tactic to tar opponents and cozy up to Congressional critics.
Even Steve Wozniak has joined the critics, saying this week that Facebook should "stop putting money before morals," adding later that "I haven't seen them do one real thing." Woz also suggested that Facebook should allow users to export their data so they could upload it onto competing social networks.

Now long-time Slashdot reader pcjunky reports that the same scammy ad has been running on Facebook for a full two months after it was reported. But maybe they're just understaffed? Engadget reports that over the last six months Facebook has discoverd and eliminated 1.5 billion different fake accounts -- which is 200 million more than the 1.3 billion accounts it removed in the previous six months. On the Blind app, one Facebook employee reportedly asked the ultimate question: "Why does our company suck at having a moral compass?"

So where will it all lead? According to Fortune, Senators Chris Coons and Bob Corker "warned Friday that Congress would impose new regulations to rein in Facebook unless the social-media company addresses concerns about privacy and the spread of misinformation on its platform."

But will anything change?
United States

Trump Signs Bill That Creates the Cybersecurity and Infrastructure Security Agency (zdnet.com) 72

An anonymous reader quotes a report from ZDNet: U.S. President Donald Trump signed today a bill into law, approving the creation of the Cybersecurity and Infrastructure Security Agency (CISA). The bill, known as the CISA Act, reorganizes and rebrands the National Protection and Programs Directorate (NPPD), a program inside the Department of Homeland Security (DHS), as CISA, a standalone federal agency in charge of overseeing civilian and federal cybersecurity programs. The NPPD, which was first established in 2007, has already been handling almost all of the DHS' cyber-related issues and projects.

As part of the DHS, the NPPD was the government entity in charge of physical and cyber-security of federal networks and critical infrastructure, and oversaw the Federal Protective Service (FPS), the Office of Biometric Identity Management (OBIM), the Office of Cyber and Infrastructure Analysis (OCIA), the Office of Cybersecurity & Communications (OC&C), and the Office of Infrastructure Protection (OIP). As CISA, the agency's prerogatives will remain the same, and nothing is expected to change in day-to-day operations, but as a federal agency, CISA will now benefit from an increased budget and more authority in imposing its directives.
"Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation's critical infrastructure and cyber platforms," said NPPD Under Secretary Christopher Krebs. "The changes will also improve the Department's ability to engage with industry and government stakeholders and recruit top cybersecurity talent."
Wireless Networking

Senators Ask Four Major Carriers About Video Slowdowns (arstechnica.com) 108

An anonymous reader quotes a report from Ars Technica: Three U.S. Senate Democrats today asked the four major wireless carriers about allegations they've been throttling video services and -- in the case of Sprint -- the senators asked about alleged throttling of Skype video calls. Sens. Edward Markey (D-Mass.), Richard Blumenthal (D-Conn.), and Ron Wyden (D-Ore.) sent the letters to AT&T, Verizon, Sprint, and T-Mobile, noting that recent research using the Wehe testing platform found indications of throttling by all four carriers.

"All online traffic should be treated equally, and Internet service providers should not discriminate against particular content or applications for competitive advantage purposes or otherwise," the senators wrote. Specifically, the Wehe tests "indicated throttling on AT&T for YouTube, Netflix, and NBC Sports... throttling on Verizon for Amazon Prime, YouTube, and Netflix... throttling on Sprint for YouTube, Netflix, Amazon Prime, and Skype Video calls... [and] delayed throttling, or boosting, on T-Mobile for Netflix, NBC Sports, and Amazon Prime by providing un-throttled streaming at the beginning of the connection, and then subsequently throttling the connection," the senators' letters said.

Japan

Minister in Charge of Japan's Cybersecurity Says He Has Never Used a Computer (nytimes.com) 199

Futurepower(R) shares a report: A lot of people don't use computers. Most of them aren't in charge of a nation's cybersecurity. But one is. Japanese lawmakers were aghast on Wednesday when Yoshitaka Sakurada, 68, the minister who heads the government's cybersecurity office, said during questioning in Parliament that he had no need for the devices, and appeared confused when asked basic technology questions. "I have been independently running my own business since I was 25 years old," he said. When computer use is necessary, he said, "I order my employees or secretaries" to do it. [Editor's note: the link may be paywalled; alternative source.] "I don't type on a computer," he added.

Asked by a lawmaker if nuclear power plants allowed the use of USB drives, a common technology widely considered to be a security risk, Mr. Sakurada did not seem to understand what they were. "I don't know details well," he said. "So how about having an expert answer your question if necessary, how's that?" The comments were immediately criticized. "I can't believe that a person who never used a computer is in charge of cybersecurity measures," said Masato Imai, an opposition lawmaker.

Facebook

The Real Reason Palmer Luckey Was Fired From Facebook (zdnet.com) 142

ZDNet's Steven J. Vaughan-Nichols argues that the founder of Oculus, Palmer Luckey, wasn't fired because of his political views, as a recently-published Wall Street Journal article suggests, but because the virtual-reality company lost a $500 million intellectual property theft case to game maker ZeniMax. An anonymous reader shares the report: According to The Wall Street Journal, Palmer Luckey, the founder of Oculus, a virtual reality company, was fired by Facebook because "he donated $10,000 to an anti-Hillary Clinton group" during the 2016 U.S. Presidential campaign. But the article fails to mention a simple little fact: On Feb. 1, 2017, Oculus lost an intellectual property (IP) theft case against game maker ZeniMax, to the tune of $500 million. So, if one of your employees just cost your company a cool half-billion bucks for doing wrong what would you do? Well, Facebook isn't saying, even now, but on March 30, 2017, it let Luckey go.

Yes, Luckey also lied about his political moves, which went well beyond donating to an anti-Hillary billboard campaign. But let's look at the record. Everyone knew he'd lied by Feb. 22, 2016. Was he fired then? No. Was he fired after being found guilty of stealing ZeniMax's trade secrets? Yes. Officially, Facebook stated: "All details associated with specific personnel matters are kept strictly confidential. This is our policy for all employees, no matter their seniority. But we can say unequivocally that Palmer's departure was not due to his political views." Let me spell it out for you: He made some political waves. Nothing happened. He cost Facebook $500 million. He was fired. Can anyone here seriously not draw the lines between the dots?

Facebook

Can Facebook Keep Large-Scale Misinformation From the Free World? (sfgate.com) 189

You can have a disaster-free Election Day in the social media age, writes New York Times columnist Kevin Roose, "but it turns out that it takes constant vigilance from law enforcement agencies, academic researchers and digital security experts for months on end." It takes an ad hoc "war room" at Facebook headquarters with dozens of staff members working round-the-clock shifts. It takes hordes of journalists and fact checkers willing to police the service for false news stories and hoaxes so that they can be contained before spreading to millions. And even if you avoid major problems from bad actors domestically, you might still need to disclose, as Facebook did late Tuesday night, that you kicked off yet another group of what appeared to be Kremlin-linked trolls...

Most days, digging up large-scale misinformation on Facebook was as easy as finding baby photos or birthday greetings... Facebook was generally responsive to these problems after they were publicly called out. But its scale means that even people who work there are often in the dark... Other days, combing through Facebook falsehoods has felt like watching a nation poison itself in slow motion. A recent study by the Oxford Internet Institute, a department at the University of Oxford, found that 25 percent of all election-related content shared on Facebook and Twitter during the midterm election season could be classified as "junk news"...

Facebook has framed its struggle as an "arms race" between itself and the bad actors trying to exploit its services. But that mischaracterizes the nature of the problem. This is not two sovereign countries locked in battle, or an intelligence agency trying to stop a nefarious foreign plot. This is a rich and successful corporation that built a giant machine to convert attention into advertising revenue, made billions of dollars by letting that machine run with limited oversight, and is now frantically trying to clean up the mess that has resulted... It's worth asking, over the long term, why a single American company is in the position of protecting free and fair elections all over the world.

Despite whatever progress has been made, the article complains that "It took sustained pressure from lawmakers, regulators, researchers, journalists, employees, investors and users to force the company to pay more attention to misinformation and threats of election interference. Facebook has shown, time and again, that it behaves responsibly only when placed under a well-lit microscope.

"So as our collective attention fades from the midterms, it seems certain that outsiders will need to continue to hold the company accountable, and push it to do more to safeguard its users -- in every country, during every election season -- from a flood of lies and manipulation."
China

China Violated Obama-Era Cybertheft Pact, U.S. Official Says (marketwatch.com) 74

China has violated an accord it signed with the U.S. three years ago pledging not to engage in hacking for the purpose of economic espionage, a senior U.S. intelligence official said this week. From a report: The 2015 bilateral agreement had significantly reduced the amount of Chinese cybertheft targeting American companies, but Beijing's commitment to the deal has eroded, said Rob Joyce, senior adviser for cybersecurity strategy at the National Security Agency. "It is clear they are well beyond the bounds of the agreement today that was forged between our two countries," Joyce said during a panel conversation at the Aspen Cyber Summit.

Joyce's comments were the latest sign of Washington's rising frustration over China's alleged violation of the pact signed between then-President Barack Obama and Chinese President Xi Jinping. Last week, then-Attorney General Jeff Sessions also said China wasn't adhering to the deal, in which the U.S. and China agreed not to conduct cyber operations against each other to steal intellectual property or other forms of economic intelligence.

Privacy

Georgia's Secretary of State Brian Kemp Doxes Thousands of Absentee Voters 452

An anonymous reader quotes a report from TechCrunch: Georgia's secretary of state and candidate for state governor in the midterm election, Brian Kemp, has taken the unusual, if not unprecedented step of posting the personal details of 291,164 absentee voters online for anyone to download. Kemp's office posted an Excel file on its website within hours of the results of the general election, exposing the names and addresses of state residents who mailed in an absentee ballot -- including their reason why, such as if a person is "disabled" or "elderly."

The file, according to the web page, allows Georgia residents to "check the status of your mail-in absentee ballot." Millions of Americans across the country mail in their completed ballots ahead of election day, particularly if getting to a polling place is difficult -- such as if a person is disabled, elderly or traveling. When reached, Georgia secretary of state's press secretary Candice Broce told TechCrunch that all of the data "is clearly designated as public information under state law," and denied that the data was "confidential or sensitive." "State law requires the public availability of voter lists, including names and address of registered voters," she said in an email.
"While the data may already be public, it is not publicly available in aggregate like this," said security expert Jake Williams, founder of Rendition Infosec, who lives in Georgia. Williams took issue with the reasons that the state gave for each absentee ballot, saying it "could be used by criminals to target currently unoccupied properties." "Releasing this data in aggregate could be seen as suppressing future absentee voters in Georgia who do not want their information released in this manner," he said.
Government

Blockchain-Based Elections Would Be a Disaster For Democracy (arstechnica.com) 168

An anonymous reader quotes a report from Ars Technica: If you talk to experts on election security (I studied with several of them in graduate school) they'll tell you that we're nowhere close to being ready for online voting. "Mobile voting is a horrific idea," said election security expert Joe Hall when I asked him about a West Virginia experiment with blockchain-based mobile voting back in August. But on Tuesday, The New York Times published an opinion piece claiming the opposite. "Building a workable, scalable, and inclusive online voting system is now possible, thanks to blockchain technologies," writes Alex Tapscott, whom the Times describes as co-founder of the Blockchain Research Institute. Tapscott is wrong -- and dangerously so. Online voting would be a huge threat to the integrity of our elections -- and to public faith in election outcomes.

Tapscott focuses on the idea that blockchain technology would allow people to vote anonymously while still being able to verify that their vote was included in the final total. Even assuming this is mathematically possible -- and I think it probably is -- this idea ignores the many, many ways that foreign governments could compromise an online vote without breaking the core cryptographic algorithms. For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials -- or simply trick them into thinking they've cast a vote when they haven't.

United States

Did You Vote? Now Your Friends May Know (nytimes.com) 344

A look at VoteWithMe and OutVote, two new political apps that are trying to use peer pressure to get people to vote. From a story: The apps are to elections what Zillow is to real estate -- services that pull public information from government records, repackage it for consumer viewing and make it available at the touch of a smartphone button. But instead of giving you a peek at house prices, VoteWithMe and OutVote let you snoop on which of your friends voted in past elections and their party affiliations -- and then prod them to go to the polls by sending them scripted messages like "You gonna vote?" "I don't want this to come off like we're shaming our friends into voting," said Naseem Makiya, the chief executive of OutVote, a start-up in Boston. But, he said, "I think a lot of people might vote just because they're frankly worried that their friends will find out if they didn't."

Whom Americans vote for is private. But other information in their state voter files is public information; depending on the state, it can include details like their name, address, phone number and party affiliation and when they voted. The apps try to match the people in a smartphone's contacts to their voter files, then display some of those details. The data's increasing availability may surprise people receiving messages nudging them to vote -- or even trouble them, by exposing personal politics they might have preferred to keep to themselves. Political campaigns have for years purchased voter files from states or bought national voter databases from data brokers, but the information has otherwise had little public exposure outside of campaign use. Now any app user can easily harness such data to make inferences about, and try to influence, their contacts' voting behavior.

United States

In These Eight Midterms Races, Health and Medicine Are Front and Center (statnews.com) 230

An anonymous reader shares a report: In Idaho, Nebraska, and Utah, voters will directly decide whether their states should expand their Medicaid programs. In Wisconsin, they could elect a candidate for governor who has pledged to sharply curtail drug prices. And across the country, Democratic congressional candidates are running on platforms highlighting their support for protecting insurance coverage for those with pre-existing conditions and lowering drug prices. Health care is on the ballot across the country, with issues ranging from medical marijuana to abortion rights to insurance coverage dominating the conversation.
Security

Voting Machine Manual Instructed Election Officials To Use Weak Passwords (vice.com) 197

An anonymous reader quotes a report from Motherboard: An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor's name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases -- alternating between two of them -- and in other cases to simply change a number appended to the end of some passwords to change them.

The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.

Security

File-Sharing Software On State Election Servers Could Expose Them To Intruders (propublica.org) 125

An anonymous reader quotes a report from ProPublica: As recently as Monday, computer servers that powered Kentucky's online voter registration and Wisconsin's reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky's was accessible from other Eastern European countries.

The service, known as FTP, provides public access to files -- sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server's operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives. Officials in both states said that voter-registration data has not been compromised and that their states' infrastructure was protected against infiltration. Still, Wisconsin said it turned off its FTP service following ProPublica's inquiries. Kentucky left its password-free service running and said ProPublica didn't understand its approach to security.
"FTP is a 40-year-old protocol that is insecure and not being retired quickly enough," said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology in Washington, D.C., and an advocate for better voting security. "Every communication sent via FTP is not secure, meaning anyone in the hotel, airport or coffee shop on the same public Wi-Fi network that you are on can see everything sent and received. And malicious attackers can change the contents of a transmission without either side detecting the change."
Twitter

Twitter Deletes Over 10,000 Bots That Discouraged US Midterm Voting (cnn.com) 177

Twitter has deleted over 10,000 disinformation bots discouraging Americans from voting in Tuesday's midterm elections.

An anonymous reader quotes CNN: Twitter said that the Democratic Congressional Campaign Committee had brought the accounts to their attention. "For the election this year we have established open lines of communication and direct, easy escalation paths for state election officials, DHS, and campaign organizations from both major parties," the spokesperson said. The company said it believes the network of accounts was run from the United States.
The 10,000 accounts were deleted in late September and early October, Reuters reports: The number is modest, considering that Twitter has previously deleted millions of accounts it determined were responsible for spreading misinformation in the 2016 U.S. presidential election. Yet the removals represent an early win for a fledgling effort... The DCCC launched the effort this year in response to the party's inability to respond to millions of accounts on Twitter and other social media platforms that spread negative and false information about Democratic presidential candidate Hillary Clinton and other party candidates in 2016, three people familiar with the operation told Reuters... The DCCC developed its own system for identifying and reporting malicious automated accounts on social media, according to the three party sources.
Facebook

Apple, Amazon, Google and More Than 50 Other Companies Sign Letter Against Trump Administration's Proposed Gender Definition Changes (cnbc.com) 769

Apple, Amazon, Facebook and Google, and dozens of other tech companies have come together to condemn discrimination against transgender people in the face of actions President Donald Trump is reportedly considering to reduce their legal protections. From a report: The move is a response to an Oct. 21 New York Times report that the Trump administration is considering limiting the definition of gender to birth genitalia. "Sex means a person's status as male or female based on immutable biological traits identifiable by or before birth," the Department of Health and Human Services proposed in a memo obtained by the Times. If legislation were to move forward, it would jeopardize legal protections for an estimated 1.4 million Americans who identify as a gender other than the one they were assigned at birth, the Times said.

The statement from the companies, which have nearly 4.8 million employees, said diversity and inclusion are good for business. "Transgender people are our beloved family members and friends, and our valued team members," the statement said. "What harms transgender people harms our companies."

Facebook

Reporter Posed as Cambridge Analytica To Run Political Ads on Facebook. Facebook, To No One's Surprise, Failed To Catch That They Were Frauds. (businessinsider.com) 81

From a report: Facebook's new political ad transparency tools allowed Business Insider to run adverts as being "paid for" by Cambridge Analytica, the political consultancy that dragged Facebook into a major data scandal this year. The investigation demonstrates that political advertising on Facebook is still open to manipulation by bad actors, even with greater efforts at transparency. This is despite commitments from chief executive Mark Zuckerberg to solve the company's misinformation problem. Vice first reported last week that the Facebook political ads tool could be manipulated, with the publication securing approval to buy fake Facebook ads on behalf of US Vice President Mike Pence, terrorist group ISIS, and 100 US senators. Business Insider carried out a similar test, setting up false political ads that were captioned as being "paid for by Cambridge Analytica," the defunct political advertising firm which harvested Facebook data and weaponized it during the 2016 US election. Cambridge Analytica is banned from Facebook and has gone into administration.
Facebook

Reporters Posed as 100 Senators To Run Ads on Facebook. Facebook Approved All of Them. (vice.com) 83

William Turton, reporting for Vice News: One of Facebook's major efforts to add transparency to political advertisements is a required "Paid for by" disclosure at the top of each ad supposedly telling users who is paying for political ads that show up in their news feeds. But on the eve of the 2018 midterm elections, a VICE News investigation found the "Paid for by" feature is easily manipulated and appears to allow anyone to lie about who is paying for a political ad, or to pose as someone paying for the ad. To test it, VICE News applied to buy fake ads on behalf of all 100 sitting U.S. senators, including ads "Paid for by" by Mitch McConnell and Chuck Schumer. Facebook's approvals were bipartisan: All 100 sailed through the system, indicating that just about anyone can buy an ad identified as "Paid for by" by a major U.S. politician. What's more, all of these approvals were granted to be shared from pages for fake political groups such as "Cookies for Political Transparency" and "Ninja Turtles PAC." VICE News did not buy any Facebook ads as part of the test; rather, we received approval to include "Paid for by" disclosures for potential ads.
Twitter

President Trump Accuses Twitter of Political Bias (bloomberg.com) 468

President Donald Trump has accused Twitter of targeting his followers for removal from the social media platform, amid complaints by conservatives that social media companies have been discriminating against right-wing voices. From a report: "Twitter has removed many people from my account and, more importantly, they have seemingly done something that makes it much harder to join -- they have stifled growth to a point where it is obvious to all," Trump said in a tweet Friday. "A few weeks ago it was a Rocket Ship, now it is a Blimp! Total Bias?" Trump and some other Republicans have complained that Facebook, Alphabet's Google and Twitter have censored or suppressed conservative voices. Democrats have called that a diversion from concern over Russia's use of social-media platforms to influence the 2016 presidential election and over the proliferation of offensive content. In his opening remarks during a meeting with state attorneys general in September, Attorney General Jeff Sessions raised concerns that social media companies have a political agenda and have the power to manipulate public opinion, according to Maryland Attorney General Brian Frosh.
Government

White House Wants To Borrow Tech Workers From Google and Amazon, Says Report (cnet.com) 208

"According to CNET, TechCrunch and others, the Trump administration reportedly wants tech giants to make it easy for workers to take leaves of absence to help the government modernize," writes Slashdot reader kimanaw. From a report: White House officials on Monday planned to meet with tech giants including Google, Microsoft, Amazon and IBM, to discuss ways to make it easier for employees to take leaves of absence to help with government projects, according to The Washington Post. The administration reportedly hopes tech industry workers will be able to help modernize state and federal agencies and tackle challenges such as upgrading the veterans' health care system. Attracting tech talent may prove difficult for the Trump administration, which hasn't always seen eye to eye with Silicon Valley on issues such as the president's ban on travel from predominantly Muslim countries. However, White House officials believe tech workers are willing to "put politics aside." "This event on Monday is not just about our efforts, it's about our successor, and their successor after that," said one unnamed official, according to the Post. The White House didn't respond to a request for comment.
Social Networks

Trolls Are Still Actively Trying to Influence Brexit and US Elections (go.com) 470

TechCrunch reports: A major new campaign of disinformation around Brexit, designed to stir up U.K. 'Leave' voters, and distributed via Facebook, may have reached over 10 million people in the U.K., according to new research. The source of the campaign is so far unknown, and will be embarrassing to Facebook, which only this week claimed it was clamping down on "dark" political advertising on its platform. Researchers for the U.K.-based digital agency 89up allege that Mainstream Network -- which looks and reads like a "mainstream" news site but which has no contact details or reporter bylines -- is serving hyper-targeted Facebook advertisements aimed at exhorting people in Leave-voting U.K. constituencies to tell their MP to "chuck Chequers." Chequers is the name given to the U.K. Prime Ministers's proposed deal with the EU regarding the U.K.'s departure from the EU next year.
ABC News reports: When the Justice Department unsealed criminal charges detailing a yearslong effort by a Russian troll farm to "sow division and discord in the U.S. political system," it was the first federal case alleging continued foreign interference in U.S. elections. Earlier Friday, American intelligence officials released a rare public statement asserting that Russia, China, Iran and other countries are engaged in ongoing efforts to influence U.S. policy and voters in future elections. The statement didn't provide details on those efforts. That stood in contrast with the criminal charges, which provided a detailed narrative of Russian activities...

The criminal complaint provided a clear picture that there is still a hidden but powerful Russian social media effort aimed at spreading distrust for American political candidates and causing divisions on social issues such as immigration and gun control.... Court papers describe how the operatives in Friday's case would analyze U.S. news articles and decide how they would draft social media messages about those stories. They also show that Russian trolls have stepped up their efforts with a better understanding the U.S. political climate and messages that are no longer riddled with misspellings.

CNN notes that one week before America's 2016 presidential election, "one of the Kremlin-backed accounts denied that Russian meddling, saying: 'Russia's Putin says Moscow not trying to influence U.S. election.'"

Slashdot Top Deals