Daily Archives: March 22, 2019

Wikipedia and Reddit Stage Eleventh-Hour Protest Against Alarming EU Copyright Plan

Posted on by

The European Union has been reconsidering its copyright laws for several years, and for months we’ve been trudging towards a final vote. Well, that vote is scheduled for Tuesday, and if approved it could mean the end of the open internet as we know it.

Specifically, there are two troubling provisions in the EU’s new Copyright Directive: Articles 11 and 13. The former would impose a “link tax” on websites linking to external content they don’t own—which, on its face, is a solution to social giants freeloading on the work of news organizations without paying out any derived ad revenue. Article 13 would impose a content ID system on nearly all platforms to prevent the unauthorized uploading of copyrighted material.

In a perfect world, both of those ideas work to establish a fairer internet. But in the real world, it’s thought the link tax would be a slap on the wrist for major players and a death sentence for the small fry. A near-universal content ID system would also open up a raft of sites to the endless abuses of copyright trolls. My colleague Rhett Jones has a more expansive explanation of these Articles here.

To protest against the impending possibility of a stricter internet, a variety of major sites have engaged in blackouts or popover campaigns today, including Reddit, several EU-area Wikipedias, Twitch, and Pornhub. “Even though Reddit is an American company, we’d be highly impacted by changes to the law, as would our European users,” Reddit wrote in an announcement post today. “It could even impact the availability of services we provide to non-EU users.”

Internet pioneers Tim Berners-Lee and Vint Cerf have also come out in opposition to the EU Copyright Directive’s potential chilling effects on information freedom, as has the Electronic Frontier Foundation, and the United Nations’s special rapporteur on freedom of opinion and expression.

Protest banners and blackouts have become an increasingly common tactic for sites and platforms to push against sweeping legislation, and many of the aforementioned companies engaged in similar actions to preserve net neutrality and rebuke SOPA/PIPA. Given the glacial pace the EU Copyright Directive has been moving at, YouTube and Wikipedia Italy have previously protested the possible law change, while back in January Google threatened to kill its News service in Europe if the legislation goes through.

Source: Wikipedia and Reddit Stage Eleventh-Hour Protest Against Alarming EU Copyright Plan

Man Pleads Guilty in $100 Million Scam of Facebook and Google – colleagues not yet found

Posted on by

A Lithuanian man admitted he helped trick Facebook Inc. and Alphabet Inc.’s Google into sending more than $100 million through a phishing scheme.

Evaldas Rimasauskas, 50, pleaded guilty to one count of wire fraud before U.S. District Judge George Daniels on Wednesday under an agreement with prosecutors and will forfeit $49.7 million. Rimasauskas was extradited to New York in August 2017. He faces as many as 30 years in prison when he is sentenced July 24.

Prosecutors alleged that Rimasauskas, along with some unidentified co-conspirators, helped orchestrate a scheme in which fake emails were sent to employees and agents of the two tech giants. The thieves pretended to represent Taiwanese hardware maker Quanta Computer. They told Facebook and Google workers that the companies owed Quanta money, and then directed payments be sent to bank accounts controlled by the scammers.

[…]

Daniels asked Rimasauskas why the victims wired the money and whether they were promised anything in return.

“I’m not sure 100 percent because I was asked to open bank accounts,” Rimasauskas said. “After that I did not do anything with these accounts.”

Assistant U.S. Attorney Eun Young Choi told the judge that prosecutors don’t allege that Rimasauskas was the one who directly induced the companies to send the money.

“He created the infrastructure to further the fraudulent transfers,” Choi said.

The scheme netted about $23 million from Google in 2013 and about $98 million from Facebook in 2015, according to a person familiar with the case, who asked not to be named because the companies haven’t been publicly identified by prosecutors as the victims.

Source: Man Pleads Guilty in $100 Million Scam of Facebook and Google – Bloomberg

Researchers Create Fake Profiles on 24 Health Apps and Learn Most Are Sharing Your Data

Posted on by

Researchers in Canada, the U.S., and Australia teamed up for the study, published Wednesday in the BMJ. They tested 24 popular health-related apps used by patients and doctors in those three countries on an Android smartphone (the Google Pixel 1). Among the more popular apps were medical reference site Medscape, symptom-checker Ada, and the drug guide Drugs.com. Some of the apps reminded users when to take their prescriptions, while others provided information on drugs or symptoms of illness.

They then created four fake profiles that used each of the apps as intended. To establish a baseline of where network traffic related to user data was relayed during the use of the app, they used each app 14 times with the same profile information. Then, prior to the 15th use, they made a subtle change to this user information. On this final use, they looked for differences in network traffic, which would indicate that user data obtained by the app was being shared with third parties, and where exactly it was going to.

Overall, they found 79 percent of apps, including the three listed above, shared at least some user data outside of the app itself. While some of the unique entities that had access to the data used it to improve the app’s functions, like maintaining the cloud where data could be uploaded by users or handling error reports, others were likely using it to create tailored advertisements for other companies. When looking at these third parties, the researchers also found that many marketed their ability to bundle together user data and share it with fourth-party companies even further removed from the health industry, such as credit reporting agencies. And while this data is said to be made completely anonymous and de-identified, the authors found that certain companies were given enough data to easily piece together the identity of users if they wanted to.

Source: Researchers Create Fake Profiles on 24 Health Apps and Learn Most Are Sharing Your Data

Boeing to make safety feature standard on troubled Max jets

Posted on by

Boeing will make standard on its troubled new airliner a safety feature that might have helped the crew of a jet that crashed shortly after takeoff last year in Indonesia, killing everyone on board.

The equipment, which had been offered as an option, alerts pilots of faulty information from key sensors. It will now be included on every 737 Max as part of changes that Boeing is rushing to complete on the jets by early next week, according to two people familiar with the changes.

[…]

The sensors measure whether the plane is pointed up, down or level in relation to the direction of onrushing air. Software on the Max can push the plane’s nose down if data from one of the sensors indicates the plane is tilted up so sharply that it could stall and fall from the sky.

In the Lion Air case, the sensors malfunctioned and gave wildly conflicting information, and the plane crashed minutes after takeoff. A preliminary report described a grim fight by the pilots to control the plane as it pitched downward more than two dozen times.

It is not known whether the same flight-control system played a role in the March 10 crash of the Ethiopian Airlines jet shortly after takeoff from Addis Ababa, but regulators say both planes had similar erratic flight paths, an important part of their decision to ground the roughly 370 Max planes around the world.

The Lion Air plane also lacked another optional feature: gauges or displays that would let pilots see at a glance the up-or-down direction of the plane’s nose. It was unclear whether such “angle of attack” or AOA gauges will also become standard equipment on the Max.

Boeing declined to say why the options were not standard equipment sooner.

[…]

Max jets flown by Lion Air and Ethiopian Airlines lacked both the sensor-disagreement warning and AOA gauges, according to the New York Times, which first reported Boeing’s decision to make the warning standard. Boeing declined to comment on details of customer orders.

The average list price for a 737 Max 8 is $121.6 million, according the company’s website, although airlines routinely receive deep discounts. Boeing charges extra for additional features but won’t discuss those numbers, calling it valuable proprietary information.

Low-cost carriers such as Indonesia’s Lion Air may be more likely than the larger airlines to turn down options to save money.

Source: Boeing to make safety feature standard on troubled Max jets

Nokia phones caught spewing device IDs to China, software blunder blamed

Posted on by

An undisclosed number of Nokia 7 Plus smartphones have been caught sending their identification numbers to a domain owned by a Chinese telecom firm.

The handsets spaffed the data in clear text over the internet to a server behind the domain vnet.cn, which appears to be owned by China Telecom. The HTTP POST requests from the devices included IMEI numbers, SIM numbers, and MAC identifiers, which can be potentially used to identify and track the cellphones.

According to HMD Global, which bought the Nokia phone business from Microsoft in 2016, a limited number of Nokia devices have been communicating by mistake to “a third party server.”

“We have analyzed the case at hand and have found that our device activation client meant for another country was mistakenly included in the software package of a single batch of Nokia 7 Plus,” an HMD Global spokesperson explained to The Register in an email. “Due to this mistake, these devices were erroneously trying to send device activation data to a third party server.”

The company’s spokesperson did not respond to requests to say how many phones are in “a small batch” or to confirm the software was intended for phone activation in China.

Source: Hey, what’s Mandarin for ‘WTF is going on?’ Nokia phones caught spewing device IDs to China, software blunder blamed • The Register

Microsoft just booted up the first “DNA drive” for storing data

Posted on by

Microsoft has helped build the first device that automatically encodes digital information into DNA and back to bits again.

DNA storage: Microsoft has been working toward a photocopier-size device that would replace data centers by storing files, movies, and documents in DNA strands, which can pack in information at mind-boggling density.

According to Microsoft, all the information stored in a warehouse-size data center would fit into a set of Yahztee dice, were it written in DNA.

Demo device: So far, DNA data storage has been carried out by hand in the lab. But now researchers at the University of Washington who are working with the software giant say they created a machine that converts electronic bits to DNA and back without a person involved.

The gadget, made from about $10,000 in parts, uses glass bottles of chemicals to build DNA strands, and a tiny sequencing machine from Oxford Nanopore to read them out again.

Still limited: According to a publication on March 21 in the journal Nature Scientific Reports, the team was able to store and retrieve just a single word—“hello”—or five bytes of data. What’s more, the process took 21 hours, mostly because of the slow chemical reactions involved in writing DNA.

While the team considered that a success for their prototype, a commercially useful DNA storage system would have to store data millions of times faster.

Why now? It’s a good time for companies involved in DNA storage to show off their stuff. The National Intelligence Agency’s IARPA program is getting ready to hand out tens of millions toward radical new molecular information storage schemes.

Source: Microsoft just booted up the first “DNA drive” for storing data – MIT Technology Review