The Linkielist

Linking ideas with the world

The Linkielist

Monthly Archives: September 2019

The world’s most-surveilled cities – China, US, UK, UAE, Australia and India: you are being spied on!

Posted on by

Cities in China are under the heaviest CCTV surveillance in the world, according to a new analysis by Comparitech. However, some residents living in cities across the US, UK, UAE, Australia, and India will also find themselves surrounded by a large number of watchful eyes, as our look at the number of public CCTV cameras in 120 cities worldwide found.

[…]

Depending on whom you ask, the increased prevalence and capabilities of CCTV surveillance could make society safer and more efficient, could trample on our rights to privacy and freedom of movement, or both. No matter which side you argue, the fact is that live video surveillance is ramping up worldwide.

Comparitech researchers collated a number of data resources and reports, including government reports, police websites, and news articles, to get some idea of the number of CCTV cameras in use in 120 major cities across the globe. We focused primarily on public CCTV—cameras used by government entities such as law enforcement.

Here are our key findings:

  • Eight out of the top 10 most-surveilled cities are in China
  • London and Atlanta were the only cities outside of China to make the top 10
  • By 2022, China is projected to have one public CCTV camera for every two people
  • We found little correlation between the number of public CCTV cameras and crime or safety

The 20 most-surveilled cities in the world

Based on the number of cameras per 1,000 people, these cities are the top 20 most surveilled in the world:

  1. Chongqing, China – 2,579,890 cameras for 15,354,067 people = 168.03 cameras per 1,000 people
  2. Shenzhen, China – 1,929,600 cameras for 12,128,721 people = 159.09 cameras per 1,000 people
  3. Shanghai, China – 2,985,984 cameras for 26,317,104 people = 113.46 cameras per 1,000 people
  4. Tianjin, China – 1,244,160 cameras for 13,396,402 people = 92.87 cameras per 1,000 people
  5. Ji’nan, China – 540,463 cameras for 7,321,200 people = 73.82 cameras per 1,000 people
  6. London, England (UK) – 627,707 cameras for 9,176,530 people = 68.40 cameras per 1,000 people
  7. Wuhan, China – 500,000 cameras for 8,266,273 people = 60.49 cameras per 1,000 people
  8. Guangzhou, China – 684,000 cameras for 12,967,862 people = 52.75 cameras per 1,000 people
  9. Beijing, China – 800,000 cameras for 20,035,455 people = 39.93 cameras per 1,000 people
  10. Atlanta, Georgia (US) – 7,800 cameras for 501,178 people = 15.56 cameras per 1,000 people
  11. Singapore – 86,000 cameras for 5,638,676 people = 15.25 cameras per 1,000 people
  12. Abu Dhabi, UAE – 20,000 cameras for 1,452,057 people = 13.77 cameras per 1,000 people
  13. Chicago, Illinois (US) – 35,000 cameras for 2,679,044 people = 13.06 cameras per 1,000 people
  14. Urumqi, China – 43,394 cameras for 3,500,000 people = 12.40 cameras per 1,000 people
  15. Sydney, Australia – 60,000 cameras for 4,859,432 people = 12.35 cameras per 1,000 people
  16. Baghdad, Iraq – 120,000 cameras for 9,760,000 people = 12.30 cameras per 1,000 people
  17. Dubai, UAE – 35,000 cameras for 2,883,079 people = 12.14 cameras per 1,000 people
  18. Moscow, Russia – 146,000 cameras for 12,476,171 people = 11.70 cameras per 1,000 people
  19. Berlin, Germany – 39,765 cameras for 3,556,792 people = 11.18 cameras per 1,000 people
  20. New Delhi, India – 179,000 cameras for 18,600,000 people = 9.62 cameras per 1,000 people

Source: The world’s most-surveilled cities – Comparitech

Smart TVs, smart-home devices found to be leaking sensitive user data to all kinds of companies

Posted on by

Smart-home devices, such as televisions and streaming boxes, are collecting reams of data — including sensitive information such as device locations — that is then being sent to third parties like advertisers and major tech companies, researchers said Tuesday.

As the findings show, even as privacy concerns have become a part of the discussion around consumer technology, new devices are adding to the hidden and often convoluted industry around data collection and monetization.

A team of researchers from Northeastern University and the Imperial College of London found that a variety of internet-connected devices collected and distributed data to outside companies, including smart TV and TV streaming devices from Roku and Amazon — even if a consumer did not interact with those companies.

“Nearly all TV devices in our testbeds contacts Netflix even though we never configured any TV with a Netflix account,” the Northeastern and Imperial College researchers wrote.

The researchers tested a total of 81 devices in the U.S. and U.K. in an effort to gain a broad idea of how much data is collected by smart-home devices, and where that data goes.

The research was first reported by The Financial Times.

The researchers found data sent to a variety of companies, some known to consumers including Google, Facebook and Amazon, as well as companies that operate out of the public eye such as Mixpanel.com, a company that tracks users to help companies improve their products.

Source: Smart TVs, smart-home devices found to be leaking sensitive user data, researchers find

A Moon Space Elevator Is Actually Feasible and Inexpensive: Study

Posted on by

In a paper published on the online research archive arXiv in August, Columbia astronomy students Zephyr Penoyre and Emily Sandford proposed the idea of a “lunar space elevator,” which is exactly what it sounds like—a very long elevator connecting the moon and our planet.

The concept of a moon elevator isn’t new. In the 1970s, similar ideas were floated in science fiction (Arthur C. Clarke’s The Fountains of Paradise, for example) and by academics like Jerome Pearson and Yuri Artsutanov.

But the Columbia study differs from previous proposal in an important way: instead of building the elevator from the Earth’s surface (which is impossible with today’s technology), it would be anchored on the moon and stretch some 200,000 miles toward Earth until hitting the geostationary orbit height (about 22,236 miles above sea level), at which objects move around Earth in lockstep with the planet’s own rotation.

Dangling the space elevator at this height would eliminate the need to place a large counterweight near Earth’s orbit to balance out the planet’s massive gravitational pull if the elevator were to be built from ground up. This method would also prevent any relative motion between Earth’s surface and space below the geostationary orbit area from bending or twisting the elevator.

These won’t be problems for the moon because the lunar gravitational pull is significantly smaller and the moon’s orbit is tidally locked, meaning that the moon keeps the same face turned toward Earth during its orbit, therefore no relative motion of the anchor point.

After doing the math, the researchers estimated that the simplest version of the lunar elevator would be a cable thinner than a pencil and weigh about 88,000 pounds, which is within the payload capacity of the next-generation NASA or SpaceX rocket.

The whole project may cost a few billion dollars, which is “within the whim of one particularly motivated billionaire,” said Penoyre.

Future moon travelers will still have to ride a rocket, though, to fly up to the elevator’s dangling point, and then transfer to a robotic vehicle, which would climb up the cable all the way up to the moon.

Source: A Moon Space Elevator Is Actually Feasible and Inexpensive: Study | Observer

Scotiabank slammed for ‘muppet-grade security’ after internal source code and credentials spill onto open internet

Posted on by

Scotiabank leaked online a trove of its internal source code, as well as some of its private login keys to backend systems, The Register can reveal.

Over the past 24 hours, the Canadian financial giant has torn down GitHub repositories, inadvertently left open to the public, that contained this sensitive information, after The Register raised the alarm. These repositories featured, among other things, software blueprints and access keys for a foreign exchange rate system, mobile application code, and login credentials for services and database instances: a potential gold mine of vulnerabilities for criminals and hackers to exploit.

We were tipped off to the security blunder by Jason Coulls, an IT pro based in the Great White North, who discovered the data sitting out in the open, some of which was exposed for months, we’re told. As well as Scotiabank, GitHub, and payment and card processors integrated with the bank, were also alerted prior to publication.

[…]

According to Coulls, this latest gaffe isn’t the first time Scotiabank has spilled its internal secrets online.

“In my experience, this muppet-grade security is perfectly normal for Scotiabank, as they usually leak information once every three weeks on average,” Coulls mused.

“Scotiabank had [IBM] AS/400 and DB2 instances where the credentials and connection information is public. They regularly leak source code for everything, from customer-facing mobile apps to server-side REST APIs. They also leak customer data. If they ever claimed that security is a top priority, I would dread to see how they handle low priority things.”

Source: Scotiabank slammed for ‘muppet-grade security’ after internal source code and credentials spill onto open internet • The Register

Spotify wants to know where you are and will be checking in

Posted on by

Spotify knows a lot about its users — their musical tastes, their most listened-to artists and their summer anthems. Spotify will also want to know where you live or to obtain your location data. It’s part of an effort to detect fraud and abuse of its Premium Family program.

Premium Family is a $15-a-month plan for up to six people. The only condition is that they all live at the same address. But the streaming music giant is concerned about people abusing that plan to pay as little as $2.50 for its services. So in August, the company updated its terms and conditions for Premium Family subscribers, requiring that they provide location data “from time to time” to ensure that customers are actually all in the same family.

You have 30 days to cancel after the new terms went into effect, which depends on where you are. The family plan terms rolled out first on Aug. 19 in Ireland and on Sept. 5 in the US.

The company tested this last year and asked for exact GPS coordinates but ended the pilot program after customers balked, according to TechCrunch. Now it intends on rolling the location data requests out fully, reigniting privacy concerns and raising the question of how much is too much when it comes to your personal information.

“The changes to the policy allow Spotify to arbitrarily use the location of an individual to ascertain if they continue to reside at the same address when using a family account, and it’s unclear how often Spotify will query users’ devices for this information,” said Christopher Weatherhead, technology lead for UK watchdog group Privacy International, adding that there are “worrying privacy implications.”

Source: Spotify wants to know where you live and will be checking in – CNET

Windows 7’s July 2019 Security Patch Includes Telemetry – but you can disable it in task scheduler

Posted on by

To the surprise of Windows watchers, the latest Windows 7 “security-only” update includes telemetry. The telemetry in question is Microsoft’s “Compatibility Appraiser,” which checks PCs for problems that could prevent upgrading to Windows 10.

As Woody Leonhard points out on Computerworld, this is pretty odd on Microsoft’s part—the telemetry code was previously available and is probably installed on your system already if you use Windows 7. But, it was restricted to the normal “cumulative” update rollups. As Ed Bott explains on ZDNet:

What was surprising about this month’s Security-only update, formally titled the “July 9, 2019—KB4507456 (Security-only update),” is that it bundled the Compatibility Appraiser, KB2952664, which is designed to identify issues that could prevent a Windows 7 PC from updating to Windows 10.

It’s hard to say exactly why Microsoft is trying to install the telemetry on all Windows 7 PCs now, but extended support for Windows 7 expires on January 14, 2020. Windows 7 users don’t have much time left before they should upgrade—just six months. Windows 7 is already nagging users about updates. Microsoft may want to understand how many Windows 7 machines are left in the wild and whether they have compatibility problems with new software.

When Ed Bott asked Microsoft why it added the telemetry code to this update, he received a “no comment.” As usual, Microsoft is making itself look bad by refusing to be transparent and explain what it’s doing. The security update doesn’t seem to bundle any code for upgrading to Windows 10.

We still always recommend installing security patches for your PC. After installation, you can stop the telemetry from running, if you like. As abbodi86 advises on the Ask Woody forums:

Disabling (or deleting) these scheduled tasks after installation (before reboot) should be enough to turn off the appraiser

\Microsoft\Windows\Application Experience\ProgramDataUpdater
\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
\Microsoft\Windows\Application Experience\AitAgent

If you don’t want this code running. head to the Task Scheduler and disable these scheduled tasks. If you disable them before a reboot after running the update, they won’t even run once.

Source: Windows 7’s July 2019 Security Patch Includes Telemetry

Congress Is Investigating Apple’s Repair Monopoly

Posted on by

The United States House of Representatives’ Judiciary Committee is launching an antitrust investigation into Apple and its anti-competitive behavior.

Part of the investigation will focus on Apple’s repair monopoly, which for years has given the company control over the useful life of its products. In a letter to Apple, the committee asked Apple to turn over all internal communications from 14 top executives at the company—including CEO Tim Cook—relating to “Apple’s restrictions on third-party repairs,” among dozens of other topics.

In particular, the committee wants information about:

  • “Apple’s restrictions on third-party repairs, including but not limited to any rules with which Apple Authorized Service Providers (AASPs) must comply, such as rules restricting or prohibiting AASPs from making any specific repairs.”
  • “Apple’s decision in December 2017 to offer iPhone battery replacements at a discounted price, or the actual or projected effects of this decision, including but not limited to, effects on iPhone sales.”
  • “Apple’s decision to introduce the ‘Independent Repair Provider Program,’ including but not limited to, decisions covering which specific repair parts Apple will make available through the program and at what price.”
  • “Apple’s decision in 2018 to enter into an agreement with Amazon to sell Apple products on Amazon and to limit the resellers that can sell Apple products on Amazon.”

This is huge news for the independent repair community (and nice for me; the committee cited two Motherboard articles I wrote about Apple’s repair restrictions.)

For years, the independent repair community has said that Apple has engaged in anticompetitive behavior by refusing to sell parts to repair shops who are not “authorized” by the company. The company has also lobbied heavily against so called right-to-repair legislation, which would require it and other electronics companies to sell parts and tools to the general public. It has sued independent repair companies for using aftermarket and refurbished parts and worked with the Department of Homeland Security to seize unauthorized repair parts from small businesses both at customs and from individual shops. And, as the committee’s letter notes, Apple cut a deal with Amazon that restricted who is allowed to sell refurbished Apple devices on Amazon.

Source: Congress Is Investigating Apple’s Repair Monopoly – VICE

Since I gave my talk on breaking up monopolies earlier this year, a whole spate of these investigations are starting!

Millions of Americans’ medical images and data are available on the Internet

Posted on by

Medical images and health data belonging to millions of Americans, including X-rays, MRIs, and CT scans, are sitting unprotected on the Internet and available to anyone with basic computer expertise.

The records cover more than 5 million patients in the United States and millions more around the world. In some cases, a snoop could use free software programs—or just a typical Web browser—to view the images and private data, an investigation by ProPublica and the German broadcaster Bayerischer Rundfunk found.

We identified 187 servers—computers that are used to store and retrieve medical data—in the US that were unprotected by passwords or basic security precautions. The computer systems, from Florida to California, are used in doctors’ offices, medical-imaging centers, and mobile X-ray services.

The insecure servers we uncovered add to a growing list of medical records systems that have been compromised in recent years. Unlike some of the more infamous recent security breaches, in which hackers circumvented a company’s cyber defenses, these records were often stored on servers that lacked the security precautions that long ago became standard for businesses and government agencies.

“It’s not even hacking. It’s walking into an open door,” said Jackie Singh, a cybersecurity researcher and chief executive of the consulting firm Spyglass Security. Some medical providers started locking down their systems after we told them of what we had found.

Our review found that the extent of the exposure varies, depending on the health provider and what software they use. For instance, the server of US company MobilexUSA displayed the names of more than a million patients—all by typing in a simple data query. Their dates of birth, doctors, and procedures were also included.

[…]

All told, medical data from more than 16 million scans worldwide was available online, including names, birthdates, and, in some cases, Social Security numbers.

[…]

The issue should not be a surprise to medical providers. For years, one expert has tried to warn about the casual handling of personal health data. Oleg Pianykh, the director of medical analytics at Massachusetts General Hospital’s radiology department, said medical imaging software has traditionally been written with the assumption that patients’ data would be secured by the customers’ computer security systems.

But as those networks at hospitals and medical centers became more complex and connected to the Internet, the responsibility for security shifted to network administrators who assumed safeguards were in place. “Suddenly, medical security has become a do-it-yourself project,” Pianykh wrote in a 2016 research paper he published in a medical journal.

ProPublica’s investigation built upon findings from Greenbone Networks, a security firm based in Germany that identified problems in at least 52 countries on every inhabited continent. Greenbone’s Dirk Schrader first shared his research with Bayerischer Rundfunk after discovering some patients’ health records were at risk. The German journalists then approached ProPublica to explore the extent of the exposure in the United States.

Source: Millions of Americans’ medical images and data are available on the Internet | Ars Technica

Logging into NL gov costs in incredible 14 cents per time!

Posted on by

Logius is absolutely minting it, considering that almost every interaction with the government, locality, insurance company is done through DigiID. Unbelievably, this price is down from EUR 3,50 in 2006, but up from last years’ 12 cents per login.

So now we know why government IT projects cost such an inane amount of money – if they can ask this amount for just a login server, even after having been paid to develop the system! Which idiot at government level negotiated this contract?

Source: Gebruik DigiID iets duurder – Emerce

Period Tracker Apps: Maya And MIA Fem Are telling Facebook when you last had sex and more

Posted on by

Period tracker apps are sending deeply personal information about women’s health and sexual practices to Facebook, new research has found.

UK-based advocacy group Privacy International, sharing its findings exclusively with BuzzFeed News, discovered period-tracking apps including MIA Fem and Maya sent women’s use of contraception, the timings of their monthly periods, symptoms like swelling and cramps, and more, directly to Facebook.

Women use such apps for a range of purposes, from tracking their period cycles to maximizing their chances of conceiving a child. On the Google Play store, Maya, owned by India-based Plackal Tech, has more than 5 million downloads. Period Tracker MIA Fem: Ovulation Calculator, owned by Cyprus-based Mobapp Development Limited, says it has more than 2 million users around the world. They are also available on the App Store.

The data sharing with Facebook happens via Facebook’s Software Development Kit (SDK), which helps app developers incorporate particular features and collect user data so Facebook can show them targeted ads, among other functions. When a user puts personal information into an app, that information may also be sent by the SDK to Facebook.

Asked about the report, Facebook told BuzzFeed News it had gotten in touch with the apps Privacy International identified to discuss possible violations of its terms of service, including sending prohibited types of sensitive information.

Maya informs Facebook whenever you open the app and starts sharing some data with Facebook even before the user agrees to the app’s privacy policy, Privacy International found.

“When Maya asks you to enter how you feel and offers suggestions of symptoms you might have — suggestions like blood pressure, swelling or acne — one would hope this data would be treated with extra care,” the report said. “But no, that information is shared with Facebook.”

The app also shares data users enter about their use of contraception, the analysis found, as well as their moods. It also asks users to enter information about when they’ve had sex and what kind of contraception they used, and also includes a diarylike section for users to write their own notes. That information is also shared with Facebook.

Source: Period Tracker Apps: Maya And MIA Fem Are Sharing Deeply Personal Data With Facebook

New prosthetic legs let amputees feel their foot and knee in real-time

Posted on by

There’s been a lot of research into how to give robots and prosthesis wearers a sense of touch, but it has focused largely on the hands. Now, researchers led by ETH Zurich want to restore sensory feedback for leg amputees, too. In a paper published in Nature Medicine today, the team describes how they modified an off-the-shelf prosthetic leg with sensors and electrodes to give wearers a sense of knee movement and feedback from the sole of the foot on the ground. While their initial sample size was small — just two users — the results are promising.

The researchers worked with two patients with above-the-knee, or transfemoral, amputations. They used an Össur prosthetic leg, which comes with a microprocessor and an angle sensor in the knee joint, IEEE Spectrum explains. The team then added an insole with seven sensors to the foot. Those sensors transmit signals in real-time, via Bluetooth to a controller strapped to the user’s ankle. An algorithm in the controller encodes the feedback into neural signals and delivers that to a small implant in the patient’s tibial nerve, at the back of the thigh. The brain can then interpret those signals as feedback from the knee and foot.

The modified prosthetic helped the users walk faster, feel more confident and consume less oxygen — an indication that it was less strenuous than traditional prosthesis. The team also tested activating the tibial nerve implant to relieve phantom limb pain. Both patients saw a significant reduction in pain after a few minutes of electrical stimulation, but they had to be connected to a device in a lab to receive the treatment. With more testing, the researchers hope they might be able to bring these technologies to more amputees and make both available outside of the lab.

Source: New prosthetic legs let amputees feel their foot and knee in real-time

UK Government Plans to Collect ‘Targeted and Personalized’ Data on Internet Users to Prepare For Brexit: Report

Posted on by

The UK government is planning to collect “targeted and personalized information,” on anyone who visits the government’s various websites, according to a new report from BuzzFeed News. Politicians in the UK are being told that it’s a “top priority” and that the information is needed to prepare for Brexit, the UK’s departure from the European Union, which is still scheduled for October 31.

BuzzFeed obtained two top secret government directives from August directed at members of Prime Minister Boris Johnson’s cabinet about an “accelerated implementation plan” for tracking “digital identity.” A UK government spokesperson in contact with Buzzfeed denied that it was collecting personal data and insisted that “all activity is fully compliant with our legal and ethical obligations.”

The government’s main web portal, Gov.UK, is used for a wide range of online services from health care to passports to taxes, and also includes services that would typically be handled by individual states in the U.S., including renewing your driver’s license. Thus, any attempt to politicize the kind of information collected is highly controversial in the UK.

From BuzzFeed:

At present, usage of GOV.UK is tracked by individual departments, not collected centrally. According to the documents seen by BuzzFeed News, the Cabinet Office’s digital unit, the government digital service (GDS), will add an additional layer of tracking that “will enable GDS to have data for the entire journey of a user as they land on GOV.UK from a Google advert or an email link, read content on GOV.UK, click on a link taking them from GOV.UK to a service and then onwards through the service journey to completion”.

One of the memos was from Prime Minister Johnson himself telling staff that the information would “support key decision making” for Brexit, though it’s not clear what that means in practice.

British citizens are rightly skeptical of any massive digital data collection programs, especially as we learn more about how Big Data was used to manipulate the British people before the public referendum in 2016 on whether or not to leave the EU. The campaigners who wanted people to vote “Leave” used the disgraced political data firm Cambridge Analytica, best known in the U.S. for misusing Facebook data in an effort to get Donald Trump elected.

The UK is currently in the middle of a self-imposed crisis as the deadline for Brexit is less than two months away. And while no one knows for sure what Boris Johnson and his government will do with a new centralized data collection plan, you can see why people would think that’s a bad idea.

But much like President Trump’s attitude in the U.S., it may not matter what the people think—Johnson suspended parliament last night, sending politicians home until October 14, and he’s going to do whatever he feels he needs to do to make Brexit happen.

Source: UK Government Plans to Collect ‘Targeted and Personalized’ Data on Internet Users to Prepare For Brexit: Report

Facebook: Remember how we promised we weren’t tracking your location? Psych! Can’t believe you fell for that

Posted on by

For years the antisocial media giant has claimed it doesn’t track your location, insisting to suspicious reporters and privacy advocates that its addicts “have full control over their data,” and that it does not gather or sell that data unless those users agree to it.

No one believed it. So, when it (and Google) were hit with lawsuits trying to get to the bottom of the issue, Facebook followed its well-worn path to avoiding scrutiny: it changed its settings and pushed out carefully worded explanations that sounded an awful lot like it wasn’t tracking you anymore. But it was. Because location data is valuable.

Then, late on Monday, Facebook emitted a blog post in which it kindly offered to help users “understand updates” to their “device’s location settings.”

It begins: “Facebook is better with location. It powers features like check-ins and makes planning events easier. It helps improve ads and keep you and the Facebook community safe. Features like Find Wi-Fi and Nearby Friends use precise location even when you’re not using the app to make sure that alerts and tools are accurate and personalized for you.”

You may have missed the critical part amid the glowing testimony so we’ll repeat it: “… use precise location even when you’re not using the app…”

Huh, fancy that. It sounds an awful lot like tracking. After all, why would you want Facebook to know your precise location at all times, even when you’re not using its app? And didn’t Facebook promise it wasn’t doing that?

Timing

Well, yes it did, and it was being economical with the truth. But perhaps the bigger question is: why now? Why has Facebook decided to come clean all of a sudden? Is it because of the newly announced antitrust and privacy investigations into tech giants? Well, yes, in a roundabout way.

Surprisingly, in a moment of almost honesty which must have felt quite strange for Facebook’s execs, the web giant actually explains why it has stopped pretending it doesn’t track users: because soon it won’t be able to keep up the pretense.

“Android and iOS have released new versions of their operating systems, which include updates to how you can view and manage your location,” the blog post reveals.

That’s right, under pressure from lawmakers and users, both Google and Apple have added new privacy features to their upcoming mobile operating systems – Android and iOS – that will make it impossible for Facebook to hide its tracking activity.

Source: Facebook: Remember how we promised we weren’t tracking your location? Psych! Can’t believe you fell for that • The Register

Objects can now change colors like a chameleon with spray on programmable ink

Posted on by

team from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) has brought us closer to this chameleon reality, by way of a new system that uses reprogrammable ink to let objects change colors when exposed to ultraviolet (UV) and visible light sources.

Dubbed “PhotoChromeleon,” the system uses a mix of photochromic dyes that can be sprayed or painted onto the surface of any object to change its color—a fully reversible process that can be repeated infinitely.

PhotoChromeleon can be used to customize anything from a phone case to a car, or shoes that need an update. The color remains, even when used in natural environments.

“This special type of dye could enable a whole myriad of customization options that could improve manufacturing efficiency and reduce overall waste,” says CSAIL postdoc Yuhua Jin, the lead author on a new paper about the project. “Users could personalize their belongings and appearance on a daily basis, without the need to buy the same object multiple times in different colors and styles.”

Credit: Massachusetts Institute of Technology

PhotoChromeleon builds off of the team’s previous system, “ColorMod,” which uses a 3-D printer to fabricate items that can change their color. Frustrated by some of the limitations of this project, such as small color scheme and low-resolution results, the team decided to investigate potential updates.

With ColorMod, each pixel on an object needed to be printed, so the resolution of each tiny little square was somewhat grainy. As far as colors, each pixel of the object could only have two states: transparent and its own color. So, a blue dye could only go from blue to transparent when activated, and a yellow dye could only show yellow.

But with PhotoChromeleon’s ink, you can create anything from a zebra pattern to a sweeping landscape to multicolored fire flames, with a larger host of colors.

The team created the ink by mixing cyan, magenta, and yellow (CMY) photochromic dyes into a single sprayable solution, eliminating the need to painstakingly 3-D print individual pixels. By understanding how each dye interacts with different wavelengths, the team was able to control each color channel through activating and deactivating with the corresponding light sources.

Specifically, they used three different lights with different wavelengths to eliminate each primary color separately. For example, if you use a blue light, it would mostly be absorbed by the yellow dye and be deactivated, and magenta and cyan would remain, resulting in blue. If you use a green light, magenta would mostly absorb it and be deactivated, and then both yellow and cyan would remain, resulting in green.

“By giving users the autonomy to individualize their items, countless resources could be preserved, and the opportunities to creatively change your favorite possessions are boundless,” says MIT Professor Stefanie Mueller. Credit: Massachusetts Institute of Technology

After coating an object using the solution, the user simply places the object inside a box with a projector and UV light. The UV light saturates the colors from transparent to full saturation, and the projector desaturates the colors as needed. Once the light has activated the colors, the new pattern appears. But if you aren’t satisfied with the design, all you have to do is use the UV light to erase it, and you can start over.

They also developed a to automatically process designs and patterns that go onto desired items. The user can load up their blueprint, and the program generates the mapping onto the object before the works its magic.

The team tested the system on a car model, a phone case, a shoe, and a little (toy) chameleon. Depending on the shape and orientation of the object, the process took anywhere from 15 to 40 minutes, and the patterns all had high resolutions and could be successfully erased when desired.

Source: Objects can now change colors like a chameleon

No Bones about It: People Recognize Objects by Visualizing Their “Skeletons”

Posted on by

Humans effortlessly know that a tree is a tree and a dog is a dog no matter the size, color or angle at which they’re viewed. In fact, identifying such visual elements is one of the earliest tasks children learn. But researchers have struggled to determine how the brain does this simple evaluation. As deep-learning systems have come to master this ability, scientists have started to ask whether computers analyze data—and particularly images—similarly to the human brain. “The way that the human mind, the human visual system, understands shape is a mystery that has baffled people for many generations, partly because it is so intuitive and yet it’s very difficult to program” says Jacob Feldman, a psychology professor at Rutgers University.

A paper published in Scientific Reports in June comparing various object recognition models came to the conclusion that people do not evaluate an object like a computer processing pixels, but based on an imagined internal skeleton. In the study, researchers from Emory University, led by associate professor of psychology Stella Lourenco, wanted to know if people judged object similarity based on the objects’ skeletons—an invisible axis below the surface that runs through the middle of the object’s shape. The scientists generated 150 unique three-dimensional shapes built around 30 different skeletons and asked participants to determine whether or not two of the objects were the same. Sure enough, the more similar the skeletons were, the more likely participants were to label the objects as the same. The researchers also compared how well other models, such as neural networks (artificial intelligence–based systems) and pixel-based evaluations of the objects, predicted people’s decisions. While the other models matched performance on the task relatively well, the skeletal model always won.

“There’s a big emphasis on deep neural networks for solving these problems [of object recognition]. These are networks that require lots and lots of training to even learn a single object category, whereas the model that we investigated, a skeletal model, seems to be able to do this without this experience,” says Vladislav Ayzenberg, a doctoral student in Lourenco’s lab. “What our results show is that humans might be able to recognize objects by their internal skeletons, even when you compare skeletal models to these other well-established neural net models of object recognition.”

Next, the researchers pitted the skeletal model against other models of shape recognition, such as ones that focus on the outline. To do so, Ayzenberg and Lourenco manipulated the objects in certain ways, such as shifting the placement of an arm in relation to the rest of the body or changing how skinny, bulging, or wavy the outlines were. People once again judged the objects as being similar based on their skeletons, not their surface qualities.

Source: No Bones about It: People Recognize Objects by Visualizing Their “Skeletons” – Scientific American

Report: Massive Fraud Network Uncovered, Targeting Groupon & Online Ticket Vendors

Posted on by

vpnMentor’s research team, led by Noam Rotem and Ran Locar, recently exposed a massive criminal operation that has been defrauding Groupon and other major online ticket vendors at least since 2016.

As part of a larger web mapping research project, we discovered a cache of 17 million emails on an unsecured database. Our initial research suggested the data breach was the result of a vulnerability in a ticket processing platform used by Groupon and other online ticket vendors.

Upon further investigation, however, we began to suspect a wider criminal enterprise might be at play. We’ve worked on many similar database breaches, and certain aspects of this one didn’t add up. After contacting Groupon with our concerns, the full extent of what we’d uncovered was revealed.

The database belonged to a sophisticated criminal network. Since 2016, They have been using a combination of email, credit card, and ticket fraud against Groupon, Ticketmaster, and many other vendors.

Groupon has been trying to shut this operation down ever since it started, but it has proven resilient.

[…]

Finding any information on Neuroticket proved difficult. Considering it seemed a popular piece of software, it didn’t even have a website.

Meanwhile, we began to suspect many of the email addresses on the database were fake. To test this theory, we randomly selected 10 email address and contacted the apparent owners. Only one person replied to us.

[…]

At this point, Groupon’s security team linked this database to a criminal network they had been chasing since 2016.

That year, a criminal operation opened 2 million fraudulent accounts on Groupon. With stolen credit cards, they used the accounts to buy tickets on the site, and then resell them to innocent people online.

Groupon had been able to close most of the accounts, but not all of them. The operation has remained resilient, despite excellent work by the company. Groupon’s Chief Information Security Officer (CISO) estimates the number of fraudulent accounts in the network we helped uncover to be as high as 20,000.

Working together with our research team, Groupon has been able to analyze the data and finally zero in on the entire criminal network.

From the beginning of this process, Groupon’s CISO has been incredibly co-operative, proactive, and professional. However, at some point they stopped replying, and we were left without answers.

Source: Report: Massive Fraud Network Uncovered, Targeting Groupon & Online Ticket Vendors

Weakness in Intel chips DDIO lets researchers steal encrypted SSH keystrokes through side channel attacks

Posted on by

In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU’s last-level cache, rather than following the standard (and significantly longer) path through the server’s main memory. By avoiding system memory, Intel’s DDIO—short for Data-Direct I/O—increased input/output bandwidth and reduced latency and power consumption.

Now, researchers are warning that, in certain scenarios, attackers can abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers. The most serious form of attack can take place in data centers and cloud environments that have both DDIO and remote direct memory access enabled to allow servers to exchange data. A server leased by a malicious hacker could abuse the vulnerability to attack other customers. To prove their point, the researchers devised an attack that allows a server to steal keystrokes typed into the protected SSH (or secure shell session) established between another server and an application server.

The researchers have named their attack NetCAT, short for Network Cache ATtack. Their research is prompting an advisory for Intel that effectively recommends turning off either DDIO or RDMA in untrusted networks. The researchers say future attacks may be able to steal other types of data, possibly even when RDMA isn’t enabled. They are also advising hardware makers do a better job of securing microarchitectural enhancements before putting them into billions of real-world servers.

“While NetCAT is powerful even with only minimal assumptions, we believe that we have merely scratched the surface of possibilities for network-based cache attacks, and we expect similar attacks based on NetCAT in the future,” the researchers, from the Vrije Universiteit Amsterdam and ETH Zurich, wrote in a paper published on Tuesday. “We hope that our efforts caution processor vendors against exposing microarchitectural elements to peripherals without a thorough security design to prevent abuse.”

Source: Weakness in Intel chips lets researchers steal encrypted SSH keystrokes | Ars Technica

D-Link, Comba network gear leave passwords open for potentially whole world to see

Posted on by

DSL modems and Wi-Fi routers from D-Link and Comba have been found to be leaving owners’ passwords out in the open.

Simon Kenin, a security researcher with Trustwave SpiderLabs, took credit for the discovery of five bugs that leave user credentials accessible to attackers.

For D-Link gear, two bugs were discovered in the firmware for the DSL-2875AL and DSL-2877AL wireless ADSL modem/router. The first bug describes a configuration file in the DSL-2875AL that contains the user password, and does not require any authentication to view: you just have to be able to reach the web-based admin console, either on the local network or across the internet, depending the device’s configuration.

“This file is available to anyone with access to the web-based management IP address and does not require any authentication,” Trustwave’s Karl Sigler said on Tuesday. “The path to the file is https://[router ip address]/romfile.cfg and the password is stored in clear text there.”

The second flaw is present in both the 2857AL and 2877AL models. It is less a “flaw” than a glaring security oversight: the source code for the router log-in page (again, accessible to anyone that can reach its built-in web UI server) contains the ISP username and password of the user in plain text. This can be pulled up simply by choosing the “view source” option in a browser window.

Fixes have been released for both models. Those with the 2877AL modem will want to get Firmware 1.00.20AU 20180327, while owners of the 2875AL should update to at least version 1.00.08AU 20161011.

The Register tried to get in touch with D-Link for comment on the matter, but was unable to get a response. Trustwave didn’t fare much better, saying that the bugs were only listed as patched after the researchers told D-Link they were going public with the findings, after waiting months for the router biz to get its act together.

Source: D-Link, Comba network gear leave passwords open for potentially whole world to see • The Register

Combating prison recidivism with plants

Posted on by

A study out of Texas State University attempted to determine the number of available horticultural community service opportunities for individuals completing community service hours per their probation or parole requirements, and whether that brand of community service generates a calculable offset against the common nature of repeat offenses for an inmate population once released.

[…]

The United States currently incarcerates the greatest percentage of its population compared with any other nation in the world. Although the world average rate of incarceration is 166 individuals per 100,000, the US average is 750 per 100,000. And recidivism is a predictable factor of our criminal justice system.

Recidivism is the repetition of criminal behavior and reimprisonment of an offender and is one of the reasons for large inmate populations in the United States. Research tracked a total of 404,638 prisoners across 30 states for a span of 5 years and found 67.8% of prisoners released reoffended within 3 years and a total of 76.6% reoffended within 5 years of being released. One third of those offenders were arrested within the first 6 months of being released.

Holmes added, “Further researching the role plants play on positively impacting an individual’s life or decision to productively redirect their behavior has the potential to greatly benefit our society as a whole, long-term.”

Past studies have shown that certain educational and rehabilitation efforts have helped to reduce a return to a life of crime. As a means of education and vocational rehabilitation, horticultural programs have been introduced into detention facilities across the United States. Many prisoners have participated in horticultural activities such as harvesting and maintaining their own vegetable gardens as a means of providing food for the institution, which can also serve as skill development for a means of earning income once released back into society.

[…]

In investigating the different types of community service opportunities available to offenders, Holmes and Waliczek found there were 52 different agencies available as options for community service during the time of the study. Of the 52 community service agencies, 25 of them provided horticultural work options.

The results and information gathered support the notion that horticultural activities can play an important role in influencing an offender’s successful reentry into society. The researchers found that individuals who engaged in horticultural programs demonstrated the lowest rate of recidivism over all other categories of released inmates.

Holmes interjected, “It was indeed notable the study found that those individuals who completed their community service requirements in a horticultural setting were less likely to recidivate when compared to those who completed their community service in a non-horticultural setting.”

She further added, “I plan on continuing this research and studying the overall benefits of horticulture on the well-being and recidivism rates of both incarcerated juvenile and adult offenders on a larger scale.”

Source: Combating prison recidivism with plants

Marine plastic pollution hides a neurological toxin in our food

Posted on by

In the mid-1950s, domesticated cats in Minamata, Japan mysteriously began to convulse and fall into the bay. The people of Minamata took on similar symptoms shortly after, losing their ability to speak, move, and think.

Chisso Corp., a Japanese chemical company, had dumped more than 600 tons of into the bay between 1932 and 1968 via the company’s wastewater. 1,784 people were slowly killed over the years while doctors scrambled to find the cause of the deaths that shared uncanny symptoms.

The Minamata Bay disease is a neurological illness where methylmercury poisoning causes long-term impairment of the central nervous system. The Minamata Convention on Mercury emerged in early 2013 as an international environmental treaty aiming to limit global mercury pollution, with 112 countries as current parties. Although the Environmental Protection Agency and other government organizations worldwide have since limited mercury that enters from power utilities and other corporations, this toxin has a new and powerful avenue to the human brain: .

“The concentration of mercury in the surface level of the ocean is probably three or four times higher today than it was 500 years ago,” said Dr. Carl Lamborg, an associate professor from the ocean sciences department at the University of California Santa Cruz.

Methylmercury makes its journey to our dinner plate up the food chain from the marine ecosystem’s smallest organisms—phytoplankton and zooplankton—to fish and humans.

Dr. Katlin Bowman, a postdoctoral research scholar at UCSC, is researching how mercury enters the food chain. Through methylation, mercury in the ocean becomes methylmercury, an organic form of the element. It is far more dangerous because it easily concentrates while traveling up the . Heavy metal toxins naturally adhere to plastics in the water, contributing to the mercury pollution issue by creating extremely concentrated “fish food” bombs of dangerous chemicals, she said.

“Plastic has a negative charge, mercury has a positive charge. Opposites attract so the mercury sticks,” Bowman said.

Microplastics are more concentrated in methylmercury as a result of their greater surface area, trapping toxic particles in the many folds and tight spaces.

“Microplastics are defined as a piece of plastic that’s less than five millimeters in size,” said Abigail Barrows, a marine research scientist from College of the Atlantic. “They cover a whole suite of things.” These include microbeads in personal care products and microfibers that break off of clothing. As , bottles, and utensils degrade over time, they become microplastics.

“If microplastics increase the rate of methylmercury production, then microplastics in the environment could indirectly be increasing the amount of mercury that accumulates in fish,” Bowman said.

Two key concepts worsen methylmercury’s impact: bioaccumulation and biomagnification.

With bioaccumulation, methylmercury never leaves the body, instead building up over time.

“The longer the fish lives, it just keeps eating mercury in its diet, and it doesn’t lose it, so it ends up concentrating very high levels of mercury in its tissues,” said Dr. Nicholas Fisher, distinguished professor at State University of New York Stony Brook. “The methylmercury also biomagnifies, which means that the concentration is higher in the predator than it is in the prey.”

According to the European Commission’s Mercury Issue Briefing of 2012, top-level predators have more than 100,000 times more methylmercury stored in their system compared to their surrounding waters.

However, our focus should be on the plastic pollution issue rather than mercury discharge.

“The mercury bounces back and forth between the air and the ocean very easily,” Lamborg said. While this toxin cycles through the environment in regular cycles, plastics serve as a magnet for mercury, prolonging its lifetime in the ocean and funneling it into the mouths of plankton and fish. When people eat affected seafood, they eat the concentrated methylmercury as well.

The Minamata Bay Disaster has already spelled out the horrific effects of mercury poisoning in all of its nitty-gritty glory. The EPA and other international agencies have passed regulations since the 1970s, such as the Clean Water Act and the Safe Water Drinking Act, that have significantly driven surface water mercury emissions downward. However, according to a report published by Science in 2015, the eight million metric tons of plastic that enter the ocean each year ensure that the problem will only swell.

“The plastic produced is on trend to double in the next 20 years,” Barrows said. “So, I think that’s where we need to focus on in terms of worrying about our environment.”

Source: Marine plastic pollution hides a neurological toxin in our food

The Windows 10 Privacy Settings You Should Check Right Now

Posted on by

If you’re at all concerned about the privacy of your data, you don’t want to leave the default settings in place on your devices—and that includes anything that runs Windows 10.

Microsoft’s operating system comes with a variety of controls and options you can modify to lock down the use of your data, from the information you share with Microsoft to the access that individual apps have to your location, camera, and microphone. Check these privacy-related settings as soon as you’ve got your Windows 10 computer set up—or now, in case you’re a longtime user who hasn’t gotten around to it yet.

Source: The Windows 10 Privacy Settings You Should Check Right Now | WIRED

New York attorney general launches a multistate antitrust probe into Facebook

Posted on by

New York State Attorney General Letitia James announced Friday she is launching a multistate investigation into Facebook for possible antitrust violations.

Facebook shares were down about 0.5% in Friday’s premarket, but did not seem to react to James’ announcement.

Attorneys general of Colorado, Florida, Iowa, Nebraska, North Carolina, Ohio, Tennessee and the District of Columbia will join the probe, according to the announcement. It will focus “on Facebook’s dominance in the industry and the potential anticompetitive conduct stemming from that dominance,” according to the release.

“Even the largest social media platform in the world must follow the law and respect consumers,” James said in a statement. “I am proud to be leading a bipartisan coalition of attorneys general in investigating whether Facebook has stifled competition and put users at risk. We will use every investigative tool at our disposal to determine whether Facebook’s actions may have endangered consumer data, reduced the quality of consumers’ choices, or increased the price of advertising.”

Facebook is already facing a separate investigation by the Federal Trade Commission over antitrust concerns, the company confirmed in its quarterly report in July. That announcement came on the same day that the FTC announced its $5 billion settlement with Facebook over its privacy policies.

Source: New York attorney general launches an antitrust probe into Facebook

New Data Science Cheat Sheet, by Maverick Lin

Posted on by

Below is an extract of a 10-page cheat sheet about data science, compiled by Maverick Lin. This cheatsheet is currently a reference in data science that covers basic concepts in probability, statistics, statistical learning, machine learning, deep learning, big data frameworks and SQL. The cheatsheet is loosely based off of The Data Science Design Manual by Steven S. Skiena and An Introduction to Statistical Learning by Gareth James, Daniela Witten, Trevor Hastie and Robert Tibshirani. Inspired by William Chen’s The Only Probability Cheatsheet You’ll Ever Need, located here.

Full cheat sheet available here as a PDF document. Originally posted here. The screenshot below is an extract.

For related cheat cheats (machine learning, deep learning and so on) follow this link.

Source: New Data Science Cheat Sheet, by Maverick Lin – Data Science Central

Cops did hand over photos for King’s Cross facial-recog CCTV to 3rd parties after all – a property developer, between 2016-2018

Posted on by

London cops have admitted they gave photos of people to a property developer to use in a facial-recognition system in the heart of the UK capital.

Back in July, Siân Berry, co-leader of the Green Party of England and Wales, asked London Mayor Sadiq Khan whether the Met Police had collaborated with any retailers or other private companies in the operation of facial-recognition systems. A month later, Khan replied that the police force had not worked with any organisations on face-scanning tech in the capital beyond its own experiments.

However, that turned out to be incorrect. On Wednesday this week, the mayor revealed the cops had in actual fact handed over snaps of people to the private landlord for most of the busy King’s Cross area – which, it emerged last month, had set up facial-recognition cameras to snoop on thousands of Brits going about their day.

“The MPS [Metropolitan Police Service] has just now brought it to my attention that the original information they provided … was incorrect and they have in fact shared images related to facial recognition with King’s Cross Central Limited Partnership,” Khan said in an update, adding that this handover of photos ended sometime in 2018.

Source: Oops, wait, yeah, we did hand over photos for King’s Cross facial-recog CCTV, cops admit • The Register