Marcus Hutchins, the British security researcher who shot to fame after successfully halting the Wannacry ransomware epidemic, has pleaded guilty to crafting online bank-account-raiding malware.
For nearly two years now, Hutchins, 24, has been under house arrest in the US after being collared at Las Vegas airport by FBI agents acting on a tip-off. The Brit, who was at the time trying to fly back home to Blighty after attending the Black Hat and DEF CON security conferences, was accused of creating and selling the Kronos banking trojan, and denied any wrongdoing.
The US government subsequently piled on charges, and it now appears that the pressure has been too much: on Friday this week, Hutchins accepted a plea deal [PDF], and admitted two charges of malware development.
“I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security,” he said in a statement.
“I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”
Each of the two counts carries a maximum penalty of five years behind bars, a $250,000 fine, and a year of probation. As with most plea deals, he’s likely to get less than that, though he may still spend some time in an American cooler.
While being held in jail after his arrest, Hutchins apparently admitted creating the software nasty. According to the Feds, the Brit at one point told an unnamed associate over a recorded telephone line: “I used to write malware, they picked me up on some old shit,” later adding: “I wrote code for a guy a while back who then incorporated it into a banking malware.”
Now the FBI have their guilty plea, and Hutchins – a professional malware reverse-engineer these days – is facing an uncertain future. But you have to wonder if it was all really worth it for the US authorities. After all, plenty of today’s cyber-security engineers and researchers have toyed with writing malware, even for research purposes. Thus, a stretch behind bars would be a very hard sentence for an offense committed when he was a teen.
The discovery of a new, sophisticated team of hackers spying on dozens of government targets is never good news. But one team of cyberspies has pulled off that scale of espionage with a rare and troubling trick, exploiting a weak link in the internet’s cybersecurity that experts have warned about for years: DNS hijacking, a technique that meddles with the fundamental address book of the internet. Researchers at Cisco’s Talos security division on Wednesday revealed that a hacker group it’s calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organtaizations.
In the process, they went so far as to compromise multiple country-code top-level domains — the suffixes like .co.uk, or .ru, that end a foreign web address — putting all the traffic of every domain in multiple countries at risk. The hackers’ victims include telecoms, internet service providers, and domain registrars responsible for implementing the domain name system. But the majority of the victims and the ultimate targets, Cisco believes, were a collection of mostly governmental organizations including ministries of foreign affairs, intelligence agencies, military targets, and energy-related groups, all based in the Middle East and North Africa. By corrupting the internet’s directory system, hackers were able to silently use “man-in-the-middle” attacks to intercept all internet data from email to web traffic sent to those victim organizations.
[…] Cisco Talos said it couldn’t determine the nationality of the Sea Turtle hackers, and declined to name the specific targets of their spying operations. But it did provide a list of the countries where victims were located: Albania, Armenia, Cypress, Egypt, Iraq, Jordan, Lebanon, Libya, Syria, Turkey, and the United Arab Emirates. Cisco’s Craig Williams confirmed that Armenia’s .am top-level domain was one ‘of the “handful” that were compromised, but wouldn’t say which of the other countries’ top-level domains were similarly hijacked.
On Thursday, at just about the same time as the most highly anticipated government document of the decade was released in Washington D.C., Facebook updated a month-old blog post to note that actually a security incident impacted “millions” of Instagram users and not “tens of thousands” as they said at first.
Last month, Facebook announced that hundreds of millions of Facebook and Facebook Lite account passwords were stored in plaintext in a database exposed to over 20,000 employees.
On Thursday, at just about the same time as the most highly anticipated government document of the decade was released in Washington D.C., Facebook updated a month-old blog post to note that actually a security incident impacted “millions” of Instagram users and not “tens of thousands” as they said at first.
Last month, Facebook announced that hundreds of millions of Facebook and Facebook Lite account passwords were stored in plaintext in a database exposed to over 20,000 employees.
The process of printing the heart involved a biopsy of the fatty tissue that surrounds abdominal organs. Researchers separated the cells in the tissue from the rest of the contents, namely the extracellular matrix linking the cells. The cells were reprogrammed to become stem cells with the ability to differentiate into heart cells; the matrix was processed into a personalized hydrogel that served as the printing “ink.”
The cells and hydrogel were first used to create heart patches with blood vessels and, from there, an entire heart.
“At this stage, our 3D heart is small, the size of a rabbit’s heart,” Dvir said. “But larger human hearts require the same technology.”
Microsoft says miscreants accessed some of its customers’ webmail inboxes and account data after a support rep’s administrative account was hijacked.
The Redmond software giant has sent Hotmail, MSN, and Outlook cloud users notifications that the unnamed customer support rep’s account was compromised by hackers who would have subsequently gained “limited access” to certain parts of some customer email accounts, including the ability to read messages in particular cases.
In the alert, Microsoft warns its punters that, between January 1 and March 28 of this year, the attacker, or attackers, would have had the ability to extract certain information from their inboxes, including the subject names of messages, folder names, contact lists, and user email address. The intrusion was limited to consumer (read: free) Microsoft email accounts.
While the aforementioned leaked notification claims the hackers would not have been able to read the content of messages, Microsoft would later admit – after media reports over the weekend – that the intruders could have accessed the contents of messages belonging to a subset of those impacted by the admin account hijacking.
Finally stopped using Internet Explorer? Good! But, now it’s time to completely delete it from your computer, too.
Security researcher John Page has discovered a new security flaw that allows hackers to steal Windows users’ data thanks to Internet Explorer. The craziest part: Windows users don’t ever even have to open the now-obsolete web browser for malicious actors to use the exploit. It just needs to exist on their computer.
“Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally,” writes Page. “This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.”
Basically, what this means is that hackers are taking advantage of a vulnerability using .MHT files, which is the file format used by Internet Explorer for its web archives. Current web browsers do not use the .MHT format, so when a PC user attempts to access this file Windows opens IE by default.
To initiate the exploit, a user simply needs to open an attachment received by email, messenger, or other file transfer service.
Android TV is an operating system designed specifically for SmartTV
purposes and is developed by Google. Android TV is basically a smart
entertainment platform that comes built into a number of TVs (primarily
from Sony, Panasonic, Sharp, etc..) but also in a number of streaming
video players like Android TV Boxes and the most popular one, the Nvidia
Shield.
To that end, Android TV is considerably similar to iOS or
Android. It’s basically an operating system for a TV. It’s capable of
supporting various apps, games, and TV shows that you normally navigate
with a remote on your TV.
Why did the frog cross the road? Well, a new artificial intelligent (AI) agent that can play the classic arcade game Frogger not only can tell you why it crossed the road, but it can justify its every move in everyday language.
Developed by Georgia Tech, in collaboration with Cornell and the University of Kentucky, the work enables an AI agent to provide a rationale for a mistake or errant behavior, and to explain it in a way that is easy for non-experts to understand.
This, the researchers say, may help robots and other types of AI agents seem more relatable and trustworthy to humans. They also say their findings are an important step toward a more transparent, human-centered AI design that understands people’s preferences and prioritizes people’s needs.
“If the power of AI is to be democratized, it needs to be accessible to anyone regardless of their technical abilities,” said Upol Ehsan, Ph.D. student in the School of Interactive Computing at Georgia Tech and lead researcher.
“As AI pervades all aspects of our lives, there is a distinct need for human-centered AI design that makes black-boxed AI systems explainable to everyday users. Our work takes a formative step toward understanding the role of language-based explanations and how humans perceive them.”
The study was supported by the Office of Naval Research (ONR).
Researchers developed a participant study to determine if their AI agent could offer rationales that mimicked human responses. Spectators watched the AI agent play the videogame Frogger and then ranked three on-screen rationales in order of how well each described the AI’s game move.
Of the three anonymized justifications for each move – a human-generated response, the AI-agent response, and a randomly generated response – the participants preferred the human-generated rationales first, but the AI-generated responses were a close second.
Frogger offered the researchers the chance to train an AI in a “sequential decision-making environment,” which is a significant research challenge because decisions that the agent has already made influence future decisions. Therefore, explaining the chain of reasoning to experts is difficult, and even more so when communicating with non-experts, according to researchers.
[…]
By a 3-to-1 margin, participants favored answers that were classified in the “complete picture” category. Responses showed that people appreciated the AI thinking about future steps rather than just what was in the moment, which might make them more prone to making another mistake. People also wanted to know more so that they might directly help the AI fix the errant behavior.
[…]
The research was presented in March at the Association for Computing Machinery’s Intelligent User Interfaces 2019 Conference. The paper is titled Automated Rationale Generation: A Technique for Explainable AI and its Effects on Human Perceptions. Ehsan will present a position paper highlighting the design and evaluation challenges of human-centered Explainable AI systems at the upcoming Emerging Perspectives in Human-Centered Machine Learning workshop at the ACM CHI 2019 conference, May 4-9, in Glasgow, Scotland.
The Information Commissioner’s Office has fined commercial pregnancy and parenting club Bounty some £400,000 for illegally sharing personal details of more than 14 million people.
The organisation, which dishes out advice to expectant and inexperienced parents, has faced criticism over the tactics it uses to sign up new members and was the subject of a campaign to boot its reps from maternity wards.
[…]
the business had also worked as a data brokering service until April last year, distributing data to third parties to then pester unsuspecting folk with electronic direct marketing. By sharing this information and not being transparent about its uses while it was extracting the stuff, Bounty broke the Data Protection Act 1998.
Bounty shared roughly 34.4 million records from June 2017 to April 2018 with credit reference and marketing agencies. Acxiom, Equifax, Indicia and Sky were the four biggest of the 39 companies that Bounty told the ICO it sold stuff to.
This data included details of new mother and mothers-to-be but also of very young children’s birth dates and their gender.
China’s largest stock photo flinger has been forced to backtrack after it tried to put its own price tags on images of the first black hole and the Chinese flag.
Visual China Group reportedly tried to hawk out the first-ever image of a supermassive black hole and its shadow, which was the painstaking work of boffins running the Event Horizon Telescope.
The website is reported to have tried to suck users into payment, describing the picture, on which it affixed its logo, as an “editorial image” and directed users to dial a customer rep to discuss commercial use.
The pic pushers were also said to have drawn criticism for asking for payment for images such as China’s flag and logos of companies including Baidu.
After the Tianjin city branch of China’s internet overseer stepped in, Visual China apologised and said that it would “learn from these lessons” and “seriously rectify” the problem.
A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.
The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.
The hackers then put the data up for download on their own website, which we’re also not naming nor linking to given the sensitivity of the data.
The spreadsheets contained about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses. The FBINAA could not be reached for comment outside of business hours. If we hear back, we’ll update.
TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday.
“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.
The hacker claimed to have “over a million data” [sic] on employees across several U.S. federal agencies and public service organizations.
It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dark web, but the hackers said they would offer the data for free to show that they had something “interesting.”
[…]
The hacker — one of more than ten, they said — used public exploits, indicating that many of the websites they hit weren’t up-to-date and had outdated plugins.
[…]
Their end goal: “Experience and money,” the hacker said.
Electronic health records store valuable information about hospital patients, but they’re often sparse and unstructured, making them difficult for potentially labor- and time-saving AI systems to parse. Fortunately, researchers at New York University and Princeton have developed a framework that evaluates clinical notes (i.e., descriptions of symptoms, reasons for diagnoses, and radiology results) and autonomously assigns a risk score indicating whether patients will be readmitted within 30 days. They claim that the code and model parameters, which are publicly available on Github, handily outperform baselines.
“Accurately predicting readmission has clinical significance both in terms of efficiency and reducing the burden on intensive care unit doctors,” the paper’s authors wrote. “One estimate puts the financial burden of readmission at $17.9 billion dollars and the fraction of avoidable admissions at 76 percent.”
Sonos stands accused of seeking to obtain “excessive” amounts of personal data without valid consent in a complaint filed with the UK’s data watchdog.
The complaint, lodged by tech lawyer George Gardiner in a personal capacity, challenges the Sonos privacy policy’s compliance with the General Data Protection Regulation and the UK’s implementation of that law.
It argues that Sonos had not obtained valid consent from users who were asked to agree to a new privacy policy and had failed to meet privacy-by-design requirements.
The company changed its terms in summer 2017 to allow it to collect more data from its users – ostensibly because it was launching voice services. Sonos said that anyone who didn’t accept the fresh Ts&Cs would no longer be able to download future software updates.
Sonos denied at the time that this was effectively bricking the system, but whichever way you cut it, the move would deprecate the kit of users that didn’t accept the terms. The app controlling the system would also eventually become non-functional.
Gardiner pointed out, however, that security risks and an interest in properly maintaining an expensive system meant there was little practical alternative other than to update the software.
This resulted in a mandatory acceptance of the terms of the privacy policy, rendering any semblance of consent void.
“I have no option but to consent to its privacy policy otherwise I will have over £3,000 worth of useless devices,” he said in a complaint sent to the ICO and shared with The Register.
Users setting up accounts are told: “By clicking on ‘Submit’ you agree to Sonos’ Terms and Conditions and Privacy Policy.” This all-or-nothing approach is contrary to data protection law, he argued.
Sonos collects personal data in the form of name, email address, IP addresses and “information provided by cookies or similar technology”.
The system also collects data on room names assigned by users, the controller device, the operating system of the device a person uses and content source.
Sonos said that collecting and processing this data – a slurp that users cannot opt out of – is necessary for the “ongoing functionality and performance of the product and its ability to interact with various services”.
But Gardiner questioned whether it was really necessary for Sonos to collect this much data, noting that his system worked without it prior to August 2017. He added that he does not own a product that requires voice recognition.
I am in the exact same position – suddenly I had to accept an invasive change of privacy policy and earlier in March I also had to log in with a Sonos account in order to get the kit working (it wouldn’t update without logging in and the app only showed the login and update page). This is not what I signed up for when I bought the (expensive!) products.
Two out of three hotel websites inadvertently leak guests’ booking details and personal data to third-party sites, including advertisers and analytics companies, according to research released by Symantec Corp on Wednesday.
The study, which looked at more than 1,500 hotel websites in 54 countries that ranged from two-star to five-star properties, comes several months after Marriott International disclosed one of the worst data breaches in history.
Symantec said Marriott was not included in the study.
Compromised personal information includes full names, email addresses, credit card details and passport numbers of guests that could be used by cybercriminals who are increasingly interested in the movements of influential business professionals and government employees, Symantec said.
“While it’s no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether,” said Candid Wueest, the primary researcher on the study.
The research showed compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information. The reference code attached to the link could be shared with more than 30 different service providers, including social networks, search engines and advertising and analytics services.
You might not even know what options you can tweak (or turn off) in your operating system, which is where the cleverly named O&O ShutUp10application comes in to play. It’s a simple application that makes it incredibly easy to tweak various aspects of Windows 10 that are normally buried or otherwise inaccessible to regular people. More importantly, the app comes with some helpful warnings so you don’t accidentally disable something you shouldn’t (like automatic updates)
To get started, all you have to do is download the app and run it. That’s it. There’s no installation to speak of, which already makes me thrilled. When the app loads, it’ll look like this:
You’ll see a bunch of different options you can turn on and off—some might already be enabled—as well as a handy “recommend” column that gives you a little more advice as to whether you should really mess with that setting or not. What I love about O&O ShutUp10, though, is that you can get even more information about what each setting means by simply hovering your mouse over each line and clicking, like so:
Screenshot: David Murphy
While you probably shouldn’t just go through and enable everything that’s recommended en masse, I would use that little green checkmark as a guide while you explore the app. Enable any related setting and you’re probably fine. Once you start getting into the yellow “limited” category, however, it gets a bit dicier. You might not want to, for example, disable all apps from accessing your microphone or camera—or maybe you do. Just remember you toggled that setting the next time you’re about to hop on a video conference.
Charges announced by the Justice Department on Thursday against WikiLeaks founder Julian Assange provide fresh insight into why federal prosecutors sought to question whistleblower Chelsea Manning last month before a federal grand jury in the Eastern District of Virginia.
Manning, convicted in 2013 of leaking classified U.S. government documents to WikiLeaks, was jailed in early March as a recalcitrant witness after refusing to answer the grand jury’s questions. After her arrest, she was held in solitary confinement in a Virginia jail for nearly a month before being moved into its general population—all in an attempt to coerce her into answering questions about conversations she allegedly had with Assange at the time of her illegal disclosures, according to court filings.
Though Manning confessed to leaking more than 725,000 classified documents to WikiLeaks following her deployment to Iraq in 2009—including battlefield reports and five Guantanamo Bay detainee profiles—she was charged with leaking portions of only a couple hundred documents, including dozens of diplomatic cables that have since been declassified.
British authorities on Thursday removed Assange from the Ecuadorian embassy in London, his home for nearly seven years, following Ecuador’s decision to rescind his asylum. The U.S. government has requested that he be extradited to the United States to face a federal charge of conspiracy to commit computer crimes.
We’ve been trying to explain for the past few months just how absolutely insane the new EU Terrorist Content Regulation will be for the internet. Among many other bad provisions, the big one is that it would require content removal within one hour as long as any “competent authority” within the EU sends a notice of content being designated as “terrorist” content. The law is set for a vote in the EU Parliament just next week.
And as if they were attempting to show just how absolutely insane the law would be for the internet, multiple European agencies (we can debate if they’re “competent”) decided to send over 500 totally bogus takedown demands to the Internet Archive last week, claiming it was hosting terrorist propaganda content.
In the past week, the Internet Archive has received a series of email notices from Europol’s European Union Internet Referral Unit (EU IRU) falsely identifying hundreds of URLs on archive.org as “terrorist propaganda”. At least one of these mistaken URLs was also identified as terrorist content in a separate take down notice from the French government’s L’Office Central de Lutte contre la Criminalité liée aux Technologies de l’Information et de la Communication (OCLCTIC).
And, as the Archive explains, there’s simply no way that (1) the site could have complied with the Terrorist Content Regulation had it been law last week when they received the notices, and (2) that they should have blocked all that obviously non-terrorist content.
The Internet Archive has a few staff members that process takedown notices from law enforcement who operate in the Pacific time zone. Most of the falsely identified URLs mentioned here (including the report from the French government) were sent to us in the middle of the night – between midnight and 3am Pacific – and all of the reports were sent outside of the business hours of the Internet Archive.
The one-hour requirement essentially means that we would need to take reported URLs down automatically and do our best to review them after the fact.
It would be bad enough if the mistaken URLs in these examples were for a set of relatively obscure items on our site, but the EU IRU’s lists include some of the most visited pages on archive.org and materials that obviously have high scholarly and research value.
Those are the requests from Europol, who unfortunately likely qualify as a “competent” authority under the law. The Archive also points out the request from both Europol and the French computer crimes unit targeting a page providing commentary on the Quran as being terrorist content. The French agency told the Archive it needed to take down that content within 24 hours or the Archive may get blocked in France.
because WPA2 is more than 14 years old, the Wi-Fi Alliance recently announced the new and more secure WPA3 protocol. One of the main advantages of WPA3 is that, thanks to its underlying Dragonfly handshake, it’s near impossible to crack the password of a network. Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the network. This allows the adversary to steal sensitive information such as credit cards, password, emails, and so on, when the victim uses no extra layer of protection such as HTTPS. Fortunately, we expect that our work and coordination with the Wi-Fi Alliance will allow vendors to mitigate our attacks before WPA3 becomes widespread.
The Dragonfly handshake, which forms the core of WPA3, is also used on certain Wi-Fi networks that require a username and password for access control. That is, Dragonfly is also used in the EAP-pwd protocol. Unfortunately, our attacks against WPA3 also work against EAP-pwd, meaning an adversary can even recover a user’s password when EAP-pwd is used. We also discovered serious bugs in most products that implement EAP-pwd. These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password. Although we believe that EAP-pwd is used fairly infrequently, this still poses serious risks for many users, and illustrates the risks of incorrectly implementing Dragonfly.
The technical details behind our attacks against WPA3 can be found in our detailed research paper titled Dragonblood: A Security Analysis of WPA3’s SAE Handshake. The details of our EAP-pwd attacks are explained on this website.
[…]
The discovered flaws can be abused to recover the password of the Wi-Fi network, launch resource consumption attacks, and force devices into using weaker security groups. All attacks are against home networks (i.e. WPA3-Personal), where one password is shared among all users. Summarized, we found the following vulnerabilities in WPA3:
CERT ID #VU871675: Downgrade attack against WPA3-Transtition mode leading to dictionary attacks.
CERT ID #VU871675: Security group downgrade attack against WPA3’s Dragonfly handshake.
CVE-2019-9494: Timing-based side-channel attack against WPA3’s Dragonfly handshake.
CVE-2019-9494: Cache-based side-channel attack against WPA3’s Dragonfly handshake.
CERT ID #VU871675: Resource consumption attack (i.e. denial of service) against WPA3’s Dragonfly handshake.
[…]
We have made scripts to test for certain vulnerabilities:
Dragonslayer: implements attacks against EAP-pwd (to be released shortly).
Dragondrain: this tool can be used to test to which extend an Access Point is vulnerable to denial-of-service attacks against WPA3’s SAE handshake.
Dragontime: this is an experimental tool to perform timing attacks against the SAE handshake if MODP group 22, 23, or 24 is used. Note that most WPA3 implementations by default do not enable these groups.
Dragonforce: this is an experimental tool which takes the information recover from our timing or cache-based attacks, and performs a password partitioning attack. This is similar to a dictionary attack.
Seven people, described as having worked in Amazon’s voice review program, told Bloomberg that they sometimes listen to as many as 1,000 recordings per shift, and that the recordings are associated with the customer’s first name, their device’s serial number, and an account number. Among other clips, these employees and contractors said they’ve reviewed recordings of what seemed to be a woman singing in the shower, a child screaming, and a sexual assault. Sometimes, when recordings were difficult to understand — or when they were amusing — team members shared them in an internal chat room, according to Bloomberg.
In an emailed statement to BuzzFeed News, an Amazon spokesperson wrote that “an extremely small sample of Alexa voice recordings” is annotated, and reviewing the audio “helps us train our speech recognition and natural language understanding systems, so Alexa can better understand your requests, and ensure the service works well for everyone.”
[…]
Amazon’s privacy policy says that Alexa’s software provides a variety of data to the company (including your use of Alexa, your Alexa Interactions, and other Alexa-enabled products), but doesn’t explicitly state how employees themselves interact with the data.
Apple and Google, which make two other popular voice-enabled assistants, also employ humans who review audio commands spoken to their devices; both companies say that they anonymize the recordings and don’t associate them with customers’ accounts. Apple’s Siri sends a limited subset of encrypted, anonymous recordings to graders, who label the quality of Siri’s responses. The process is outlined on page 69 of the company’s security white paper. Google also saves and reviews anonymized audio snippets captured by Google Home or Assistant, and distorts the audio.
On an FAQ page, Amazon states that Alexa is not recording all your conversations. Amazon’s Echo smart speakers and the dozens of other Alexa-enabled devices are designed to capture and process audio, but only when a “wake word” — such as “Alexa,” “Amazon,” “Computer,” or “Echo” — is uttered. However, Alexa devices do occasionally capture audio inadvertently and send that audio to Amazon servers or respond to it with triggered actions. In May 2018, an Echo unintentionally sent audio recordings of a woman’s private conversation to one of her husband’s employees.
While the ethics around data collection and consumer privacy have been questioned for years, it wasn’t until Facebook’s Cambridge Analytics scandal that people began to realize how frequently their personal data is shared, transferred, and monetized without their permission.
Cambridge Analytica was by no means an isolated case. Last summer, an AP investigation found that Google’s location tracking remains on even if you turn it off in Google Maps, Search, and other apps. Research from Vanderbilt professor Douglas Schmidt found that Google engages in “passive” data collection, often without the user’s knowledge. His research also showed that Google utilizes data collected from other sources to de-anonymize existing user data.
That’s why we at Digital Content Next, the trade association of online publishers I lead, wrote this Washington Post op-ed, “It isn’t just about Facebook, it’s about Google, too” when Facebook first faced Capitol Hill. It’s also why the descriptor surveillance advertising is increasingly being used to describe Google and Facebook’s advertising businesses, which use personal data to tailor and micro-target ads.
[…]
The results of the study are consistent with our Facebook study: People don’t want surveillance advertising. A majority of consumers indicated they don’t expect to be tracked across Google’s services, let alone be tracked across the web in order to make ads more targeted.
Do you expect Google to collect data about a person’s activities on Google platforms (e.g. Android and Chrome) and apps (e.g. Search, YouTube, Maps, Waze)?
Yes: 48%
No: 52%
Do you expect Google to track a person’s browsing across the web in order to make ads more targeted?
Yes: 43%
No: 57%
Nearly two out of three consumers don’t expect Google to track them across non-Google apps, offline activities from data brokers, or via their location history.
Do you expect Google to collect data about a person’s locations when a person is not using a Google platform or app?
Yes: 34%
No: 66%
Do you expect Google to track a person’s usage of non-Google apps in order to make ads more targeted?
Yes: 36%
No: 64%
Do you expect Google to buy personal information from data companies and merge it with a person’s online usage in order to make ads more targeted?
Yes: 33%
No: 67%
There was only one question where a small majority of respondents felt that Google was acting according to their expectations. That was about Google merging data from search queries with other data it collects on its own services. They also don’t expect Google to connect the data back to the user’s personal account, but only by a small majority. Google began doing both of these in 2016 after previously promising it wouldn’t.
Do you expect Google to collect and merge data about a person’s search activities with activities on its other applications?
Yes: 57%
No: 43%
Do you expect Google to connect a variety of user data from Google apps, non-Google apps, and across the web with that user’s personal Google account?
Yes: 48%
No: 52%
Google’s personal data collection practices affect the more than 2 billion people who use devices running their Android operating software and hundreds of millions more iPhone users who rely on Google for browsing, maps, or search. Most of them expect Google to collect some data about them in exchange for use of services. However, as our research shows, a significant majority of consumers do not expect Google to track their activities across their lives, their locations, on other sites, and on other platforms. And as the AP discovered, Google continues to do some of this even after consumers explicitly turn off tracking.
In February, the company announced its intention to move forward with the development of the Curie cable, a new undersea line stretching from California to Chile. It will be the first private intercontinental cable ever built by a major non-telecom company.
And if you step back and just look at intracontinental cables, Google has fully financed a number of those already; it was one of the first companies to build a fully private submarine line.
Google isn’t alone. Historically, cables have been owned by groups of private companies — mostly telecom providers — but 2016 saw the start of a massive submarine cable boom, and this time, the buyers are content providers. Corporations like Facebook, Microsoft, and Amazon all seem to share Google’s aspirations for bottom-of-the-ocean dominance.
I’ve been watching this trend develop, being in the broadband space myself, and the recent movements are certainly concerning. Big tech’s ownership of the internet backbone will have far-reaching, yet familiar, implications. It’s the same old consumer tradeoff; more convenience for less control — and less privacy.
We’re reaching the next stage of internet maturity; one where only large, incumbent players can truly win in media.
[…]
If you want to measure the internet in miles, fiber-optic submarine cables are the place to start. These unassuming cables crisscross the ocean floor worldwide, carrying 95-99 percent of international data over bundles of fiber-optic cable strands the diameter of a garden hose. All told, there are more than 700,000 miles of submarine cables in use today.
[…]
Google will own 10,433 miles of submarine cables internationally when the Curie cable is completed later this year.
The total shoots up to 63,605 miles when you include cables it owns in consortium with Facebook, Microsoft, and Amazon
The pledge by one of the world’s biggest automakers to share its closely guarded patents, the second time it has opened up a technology, is aimed at driving industry uptake of hybrids and fending off the challenge of all-battery electric vehicles(EVs).
Toyota said it would grant licenses on nearly 24,000 patents on technologies used in its Prius, the world’s first mass-produced “green” car, and offer to supply competitors with components including motors, power converters and batteries used in its lower-emissions vehicles.
“We want to look beyond producing finished vehicles,” Toyota Executive Vice President Shigeki Terashi told reporters.
“We want to contribute to an increase in take up (of electric cars) by offering not just our technology but our existing parts and systems to other vehicle makers.”
The Nikkei Asian Review first reported Toyota’s plans to give royalty-free access to hybrid-vehicle patents.
Terashi said that the access excluded patents on its lithium-ion battery technology.
[…]
Toyota is also betting on hydrogen fuel cell vehicles (FCVs) as the ultimate zero-emissions vehicle, and as a result, has lagged many of its rivals in marketing all-battery EVs.
In 2015, it said it would allow access to its FCV-related patents through 2020.
On the afternoon of December 3rd, 2018, a SpaceX Falcon 9 rocket took off from the southern coast of California, lofting the largest haul of individual satellites the vehicle had ever transported. At the time, it seemed like the mission was a slam dunk, with all 64 satellites deploying into space as designed.
But nearly four months later, more than a dozen satellites from the launch have yet to be identified in space. We know that they’re up there, and where they are, but it’s unclear which satellites belong to which satellite operator on the ground.
They are, truly, unidentified flying objects.
The launch, called the SSO-A SmallSat Express, sent those small satellites into orbit for various countries, commercial companies, schools, and research organizations. Currently, all of the satellites are being tracked by the US Air Force’s Space Surveillance Network — an array of telescopes and radars throughout the globe responsible for keeping tabs on as many objects in orbit as possible. Yet 19 of those satellites are still unidentified in the Air Force’s orbital catalog. Many of the satellite operators do not know which of these 19 probes are theirs exactly, and the Air Force can’t figure it out either.
[…]
Not knowing the exact location of a spacecraft is a major problem for operators. If they can’t communicate with their satellite, the company’s orbiting hardware becomes, essentially, space junk. It brings up liability and transparency concerns, too. If an unidentified satellite runs into something else in space, it’s hard to know who is to blame, making space less safe — and less understood — for everyone. That’s why analysts and space trackers say both technical and regulatory changes need to be made to our current tracking system so that we know who owns every satellite that’s speeding around the Earth. “The whole way we do things is just no longer up to the task,” Jonathan McDowell, an astrophysicist at Harvard and spaceflight tracker, tells The Verge.
How to identify a satellite
Up until recently, figuring out a satellite’s identity has been relatively straightforward. The Air Force has satellites high above the Earth that detect the heat of rocket engines igniting on the ground, indicating when a vehicle has taken off. It’s a system that was originally put in place to locate the launch of a potential missile, but it’s also worked well for spotting rockets launching to orbit. And for most of spaceflight history, usually just one large satellite or spacecraft has gone up on a launch — simplifying the identification process.
“For more traditional launches, where there are fewer objects, it’s fairly simple to do,” Diana McKissock, the lead for space situational awareness sharing and spaceflight safety at the Air Force’s 18th Space Control Squadron, tells The Verge. As a result, the Air Force has maintained a robust catalog of more than 20,000 space objects in orbit, many of which have been identified.
But as rocket ride-shares have grown in popularity, the Air Force’s surveillance capabilities have sometimes struggled to identify every satellite that is deployed during a launch. One problem is that most of the spacecraft on board all look the same. Nearly 50 satellites on the SSO-A launch were modified CubeSats — a type of standardized satellite that’s roughly the size of a cereal box. That means they are all about the same size and have the same general boxy shape. Plus, these tiny satellites are often deployed relatively close together on ride-share launches, one right after the other. The result is a big swarm of nearly identical spacecraft that are difficult to tell apart from the ground below.
Operators often rely on tracking data from the Air Force to find their satellites, so if the military cannot tell a significant fraction of these CubeSats apart, the operators don’t know where to point their ground communication equipment to get in contact with their spacecraft.
It’s a bit of a Catch-22, though. The Air Force also relies on satellite operators to help identify their spacecraft. Before a launch, the Air Force collects information from satellite operators about the design of the spacecraft and where it’s going to go. The operators are also responsible for making sure that they have the proper equipment (in space and on the ground) to communicate with the satellite. “It’s really a cooperative, ongoing process that involves the satellite operators as much as it involves us here at the 18th, processing the data,” says McKissock.
The SSO-A launch isn’t the only example of mistaken satellite identity. Five satellites are still unidentified from an Electron launch that took place in December last year, which sent up 13 objects, according to McDowell. And in 2017, a Russian Soyuz rocket deployed a total of 72 satellites, but eight are still unknown, says McDowell. The SSO-A launch is perhaps the most egregious example of this ride-share problem, as nearly a third of the satellites are still missing in the Air Force’s catalog.
The Air Force says the launch posed a unique challenge. One difficulty had to do with the way the satellites were deployed, according to McKissock, who says it was hard to predict before the launch where each satellite was going to be. The SSO-A launch was organized by a company called Spaceflight Industries, which acts as a broker for operators — finding room for their satellites on upcoming rocket launches. Spaceflight bought this entire Falcon 9 rocket for the SSO-A launch, and created the device that deployed all of these satellites into orbit. One satellite tracker, T.S. Kelso, who operates a tracking site called CelesTrak, agreed with the Air Force, saying that Spaceflight’s deployment platform made it hard to predict each satellite’s exact position. “[Spaceflight] had no way to provide the type of data needed,” Kelso writes in an email to The Verge.
[…]
The Air Force’s 18th Space Control Squadron has other priorities to consider, too. While identifying spacecraft is something the team always hopes to accomplish on every flight, the main function of the 18th is to track as many objects as possible and then provide information on the possibility of spacecraft running into each other in orbit. The identification of satellites is secondary to that safety concern. “I wouldn’t say it’s not a priority, but we certainly have other mission requirements to consider,” says McKissock.
A technology that removes carbon dioxide from the air has received significant backing from major fossil fuel companies.British Columbia-based Carbon Engineering has shown that it can extract CO2 in a cost-effective way.It has now been boosted by $68m in new investment from Chevron, Occidental and coal giant BHP.
[…]
The quest for technology for carbon dioxide removal (CDR) from the air received significant scientific endorsement last year with the publication of the IPCC report on keeping the rise in global temperatures to 1.5C this century.
In their “summary for policymakers”, the scientists stated that: “All pathways that limit global warming to 1.5C with limited or no overshoot project the use of CDR …over the 21st century.”
Around the world, a number of companies are racing to develop the technology that can draw down carbon. Swiss company Climeworks is already capturing CO2 and using it to boost vegetable production.
Carbon Engineering says that its direct air capture (DAC) process is now able to capture the gas for under $100 a tonne.
With its new funding, the company plans to build its first commercial facilities. These industrial-scale DAC plants could capture up to one million tonnes of CO2 from the air each year.
So how does this system work?
CO2 is a powerful warming gas but there’s not a lot of it in the atmosphere – for every million molecules of air, there are 410 of CO2.
While the CO2 is helping to drive temperatures up around the world, the comparatively low concentrations make it difficult to design efficient machines to remove the gas.
Carbon Engineering’s process is all about sucking in air and exposing it to a chemical solution that concentrates the CO2. Further refinements mean the gas can be purified into a form that can be stored or utilised as a liquid fuel.
[…]
The captured CO2 is mixed with hydrogen that’s made from water and green electricity. It’s then passed over a catalyst at 900C to form carbon monoxide. Adding in more hydrogen to the carbon monoxide turns it into what’s called synthesis gas.
Finally a Fischer-Tropsch process turns this gas into a synthetic crude oil. Carbon Engineering says the liquid can be used in a variety of engines without modification.
“The fuel that we make has no sulphur in it, it has these nice linear chains which means it burns cleaner than traditional fuel,” said Dr McCahill.
“It’s nice and clear and ready to be used in a truck, car or jet.”
[…]
CO2 can also be used to flush out the last remaining deposits of oil in wells that are past their prime. The oil industry in the US has been using the gas in this way for decades.
It’s estimated that using CO2 can deliver an extra 30% of crude from oilfields with the added benefit that the gas is then sequestered permanently in the ground.
“Carbon Engineering’s direct air capture technology has the unique capability to capture and provide large volumes of atmospheric CO2,” said Occidental Petroleum’s Senior Vice President, Richard Jackson, in a statement.
“This capability complements Occidental’s enhanced oil recovery business and provides further synergies by enabling large-scale CO2 utilisation and sequestration.”
One of the other investors in Carbon Engineering is BHP, best known for its coal mining interests.
“The reality is that fossil fuels will be around for several decades whether in industrial processes or in transportation,” said Dr Fiona Wild, BHP’s head of sustainability and climate change.
“What we need to do is invest in those low-emission technologies that can significantly reduce the emissions from these processes, and that’s why we are focusing on carbon capture and storage.”
