The Linkielist

Linking ideas with the world

The Linkielist

Monthly Archives: July 2020

Libraries lend books, and must continue to lend books: Internet Archive responds to greedy publishers’ lawsuit

Posted on by

Yesterday, the Internet Archive filed our response to the lawsuit brought by four commercial publishers to end the practice of Controlled Digital Lending (CDL), the digital equivalent of traditional library lending. CDL is a respectful and secure way to bring the breadth of our library collections to digital learners. Commercial ebooks, while useful, only cover a small fraction of the books in our libraries. As we launch into a fall semester that is largely remote, we must offer our students the best information to learn from—collections that were purchased over centuries and are now being digitized. What is at stake with this lawsuit? Every digital learner’s access to library books. That is why the Internet Archive is standing up to defend the rights of  hundreds of libraries that are using Controlled Digital Lending.

The publishers’ lawsuit aims to stop the longstanding and widespread library practice of Controlled Digital Lending, and stop the hundreds of libraries using this system from providing their patrons with digital books. Through CDL, libraries lend a digitized version of the physical books they have acquired as long as the physical copy doesn’t circulate and the digital files are protected from redistribution. This is how Internet Archive’s lending library works, and has for more than nine years. Publishers are seeking to shut this library down, claiming copyright law does not allow it. Our response is simple: Copyright law does not stand in the way of libraries’ rights to own books, to digitize their books, and to lend those books to patrons in a controlled way.

“The Authors Alliance has several thousand members around the world and we have endorsed the Controlled Digital Lending as a fair use,” stated Pamela Samuelson, Authors Alliance founder and Richard M. Sherman Distinguished Professor of Law at Berkeley Law. “It’s really tragic that at this time of pandemic that the publishers would try to basically cut off even access to a digital public library like the Internet Archive…I think that the idea that lending a book is illegal is just wrong.”

These publishers clearly intend this lawsuit to have a chilling effect on Controlled Digital Lending at a moment in time when it can benefit digital learners the most. For students and educators, the 2020 fall semester will be unlike any other in recent history. From K-12 schools to universities, many institutions have already announced they will keep campuses closed or severely limit access to communal spaces and materials such as books because of public health concerns. The conversation we must be having is: how will those students, instructors and researchers access information — from textbooks to primary sources? Unfortunately, four of the world’s largest book publishers seem intent on undermining both libraries’ missions and our attempts to keep educational systems operational during a global health crisis.

The publishers’ lawsuit does not stop at seeking to end the practice of Controlled Digital Lending. These publishers call for the destruction of the 1.5 million digital books that Internet Archive makes available to our patrons. This form of digital book burning is unprecedented and unfairly disadvantages people with print disabilities. For the blind, ebooks are a lifeline, yet less than one in ten exists in accessible formats. Since 2010, Internet Archive has made our lending library available to the blind and print disabled community, in addition to sighted users. If the publishers are successful with their lawsuit, more than a million of those books would be deleted from the Internet’s digital shelves forever.

I call on the executives at Hachette, HarperCollins, Wiley, and Penguin Random House to come together with us to help solve the pressing challenges to access to knowledge during this pandemic. Please drop this needless lawsuit.

Source: Libraries lend books, and must continue to lend books: Internet Archive responds to publishers’ lawsuit – Internet Archive Blogs

Telegram hits out at Apple’s app store ‘tax’ in latest EU antitrust complaint

Posted on by

Apple has another antitrust charge on its plate. Messaging app Telegram has joined Spotify in filing a formal complaint against the iOS App Store in Europe — adding its voice to a growing number of developers willing to publicly rail against what they decry as Apple’s app “tax”.

A spokesperson for Telegram confirmed the complaint to TechCrunch, pointing us to this public Telegram post where founder, Pavel Durov, sets out seven reasons why he thinks iPhone users should be concerned about the company’s behavior.

These range from the contention that Apple’s 30% fee on app developers leads to higher prices for iPhone users; to censorship concerns, given Apple controls what’s allowed (and not allowed) on its store; to criticism of delays to app updates that flow from Apple’s app review process; to the claim that the app store structure is inherently hostile to user privacy, given that Apple gets full visibility of which apps users are downloading and engaging with.

This week Durov also published a blog post in which he takes aim at a number of “myths” he says Apple uses to try to justify the 30% app fee — such as a claim that iOS faces plenty of competition for developers; or that developers can choose not to develop for iOS and instead only publish apps for Android.

“Try to imagine Telegram or TikTok as Android -only apps and you will quickly understand why avoiding Apple is impossible,” he writes. “You can’t just exclude iPhone users. As for the iPhone users, the costs for consumers to switch from an iPhone to an Android is so high that it qualifies as a monopolistic lock-in” — citing a study done by Yale University to bolster that claim.

“Now that anti-monopoly investigations against Apple have started in the EU and the US, I expect Apple to double down on spreading such myths,” Durov adds. “We shouldn’t sit idly and let Apple’s lobbyists and PR agents do their thing. At the end of the day, it is up to us – consumers and creators – to defend our rights and to stop monopolists from stealing our money. They may think they have tricked us into a deadlock, because we’ve already bought a critical mass of their devices and created a critical mass of apps for them. But we shouldn’t be giving them a free ride any longer.”

Source: Telegram hits out at Apple’s app store ‘tax’ in latest EU antitrust complaint | TechCrunch

Top antitrust Democrat: There’s a case to break up Facebook – The guys were rambling, the women clear. Apple dodges most bullets, CEOs acting like confused guilty schoolboys

Posted on by

Rep. David Cicilline (D-R.I.), who ended Wednesday’s hearing by saying some Big Tech companies need to be broken up, told Axios that Facebook in particular lacks significant competitors and should not have been allowed to buy Instagram and WhatsApp.

Why it matters: Cicilline chairs the antitrust subcommittee, which has been looking into competition issues in the digital space.

“Mr. Zuckerberg acknowledged in this hearing that his acquisition of WhatsApp and Instagram were part of a plan to both buy a competitor and also maintain his money, power, or his dominance. That’s classic monopoly behavior.”

— Cicilline said on the “Axios Re:Cap” podcastCicilline’s criticisms weren’t limited to Facebook, pointing to the power Google and Amazon also hold in their respective markets.

  • “I think what we saw today was confirmation that these large technology platforms have enduring monopoly power,” he said in the interview with Axios’ Dan Primack.

The big picture: A key issue remains whether existing antitrust law is broad enough to address the modern tech industry, especially companies that provide their products at no direct charge to consumers.

  • “Congress is going to have to ‘think outside the box’ in a comprehensive way about what antitrust laws should look like in the 21st century,” Neguse told Axios’ Ashley Gold after the hearing.

What’s next: The committee plans to develop a set of recommendations and issue them in a final report as soon as late August, according to Cicilline.

You can listen to the podcast here.

Source: Top antitrust Democrat: There’s a case to break up Facebook – Axios

The antitrust session was quite bizarre – the CEOs were running with canned lines which made no sense in their context, they were stumbling, they refused to answer questions, even those which were favorible to their cause. Only one senator was clearly in the pocket of the big tech, the rest were firmly against. One male senator thought Google was targetting him personally and one male couldn’t understand why fake news sites didn’t get high search rankings and were banned by Facebook. It was a laugh if these companies didn’t wield such power. They raised almost all the points I raised in my talk last year.

NASA sends Perseverance Rover to Mars – with a little helicopter on it!

Posted on by

The Mars 2020 mission with its Perseverance rover is part of NASA’s Mars Exploration Program, a long-term effort of robotic exploration of the Red Planet. The Mars 2020 mission addresses high-priority science goals for Mars exploration, including key Astrobiology questions about the potential for life on Mars. The mission takes the next step by not only seeking signs of habitable conditions on Mars in the ancient past, but also searching for signs of past microbial life itself. The Perseverance rover introduces a drill that can collect core samples of the most promising rocks and soils and set them aside in a “cache” on the surface of Mars. A future mission could potentially return these samples  to Earth.  That would help scientists study the samples in laboratories with special room-sized equipment that would be too large to take to Mars. The mission also provides opportunities to gather knowledge and demonstrate technologies that address the challenges of future human expeditions to Mars. These include testing a method for producing oxygen from the Martian atmosphere, identifying other resources (such as subsurface water), improving landing techniques, and characterizing weather, dust, and other potential environmental conditions that could affect future astronauts living and working on Mars.

Source: Overview – NASA Mars

Quick Facts

  • Mission Name: Mars 2020
  • Rover Name: Perseverance
  • Main Job: The Perseverance rover will seek signs of ancient life and collect rock and soil samples for possible return to Earth.
  • Launched: July 30, 2020 4:50 a.m. PDT / 7:50 a.m. EDT
  • Launch Location: Cape Canaveral Air Force Station, Florida
  • Landing: Feb. 18, 2021
  • Landing Site: Jezero Crater, Mars
  • Mission Duration: At least one Mars year (about 687 Earth days)
  • Tech Demo: The Mars Helicopter is a technology demonstration, hitching a ride on the Perseverance rover.
  • Fact Sheet
  • Launch Press Kit

secret police Federal officer louts to pull out of Portland in a major reversal for Trump administration

Posted on by

The Trump administration is to pull federal paramilitaries out of Portland starting on Thursday in a major reversal after weeks of escalating protests and violence.

Oregon’s governor, Kate Brown, said she agreed to the pullout in talks with Vice-President Mike Pence.

Brown said state and city police officers will replace Department of Homeland Security agents in guarding the federal courthouse that has become the flashpoint for the protests.

“These federal officers have acted as an occupying force, refused accountability, and brought violence and strife to our community,” the governor said. The head of the US homeland security department said agents would stay near the courthouse until they were sure the plan was working.

Donald Trump said the pullout will not begin until the courthouse is protected. “We’re not leaving until they secure their city. We told the governor, we told the mayor: secure your city,” said the president.

But the announcement is a significant retreat by the administration after Trump sent federal forces to Portland at the beginning of July to end months of Black Lives Matter protests he described as having dragged the city into anarchy.

Instead of quelling the unrest, the arrival of paramilitaries fuelled some of the biggest demonstrations since daily protests following the killing of George Floyd, a Black American, by a white police officer in Minneapolis in May.

The situation escalated particularly after agents in camouflage were filmed snatching protesters from the streets in unmarked vans.

1:57
Portland protests: why Trump has sent in federal agents – video report

Far from imposing order, the federal force, drawn from the border patrol, immigration service and US Marshals, was largely trapped inside the federal courthouse they were ostensibly there to protect, emerging each night to fire waves of teargas, baton rounds and stun grenades in street battles with the protesters. But the demonstrators retained ultimate control of the streets.

Anger at the presence of the paramilitaries brought thousands of people out each night and acted as a lightning rod for broader discontent with Trump, including over his chaotic and divisive handling of the coronavirus epidemic which has killed nearly 150,000 Americans and shows no signs of abating.

Source: Federal officers to pull out of Portland in a major reversal for Trump administration | US news | The Guardian

Australian government sues Google for misleading consumers in Doubleclick data collection

Posted on by

The Australian government has filed its second lawsuit against Google in less than a year over privacy concerns, this time alleging the tech giant misled Australian consumers in an attempt to gather information for targeted ads. The Australian Competition and Consumers Commission (ACCC), the country’s consumer watchdog, says Google didn’t obtain explicit consent from consumers to collect personal data, according to a statement.

The ACCC cites a 2016 change to Google’s policy in which the company began collecting data about Google account holders’ activity on non-Google sites. Previously, this data was collected by ad-serving technology company DoubleClick and was stored separately, not linked to users’ Google accounts. Google acquired DoubleClick in 2008, and the 2016 change to Google’s policy meant Google and DoubleClick’s data on consumers were combined. Google then used the beefed-up data to sell even more targeted advertising.

From June 2016 to December 2018, Google account holders were met with a pop-up that explained “optional features” to accounts regarding how the company collected their data. Consumers could click “I agree,” and Google would begin collecting a “wide range of personally identifiable information” from them, according to the ACCC. The lawsuit contends that the pop-up didn’t adequately explain what consumers were agreeing to.

“The ACCC considers that consumers effectively pay for Google’s services with their data, so this change introduced by Google increased the ‘price’ of Google’s services, without consumers’ knowledge,” said ACCC Chair Rod Sims. Had more consumers sufficiently understood Google’s change in policy, many may not have consented to it, according to the ACCC.

Google told the Associated Press it disagrees with the ACCC’s allegations, and says Google account holders had been asked to “consent via prominent and easy-to-understand notifications.” It’s unclear what penalty the ACCC is seeking with the lawsuit.

Last October, the ACCC sued Google claiming the company misled Android users about the ability to opt out of location tracking on phones and tablets. That case is headed to mediation next week, according to a February Computer World article.

Source: Australian government sues Google for misleading consumers in data collection | Engadget

Google offers refunds after North smart glasses stop working or why cloud sucks and you want things running locally

Posted on by

Smart glasses company North has told customers that their $600 (£460) purchases will stop working in a few days’ time.

The Canadian company, recently purchased by Google, says its Focals glasses will cease functioning on Friday.

From then, owners will not be able to use “any features” of the glasses, or connect to the companion app.

But the company has also said it will automatically refund all customers.

It promised to send the purchase price back to the original payment method, and to contact those customers whose refunds it could not process.

At the end of June, North announced it was being acquired by Google, and would not release a planned second-generation device.

It also said it would “wind down” its first generation smart glasses, released last year.

Customers found out that meant the smart glasses would be rendered “dumb” through a statement published on the company’s website and by email.

The Focals glasses, however, come with prescription lenses as an option, meaning they can function as everyday prescription eyewear. The bulky frames, housing a laser, battery, and other kit will no longer do anything that regular spectacles cannot do.

Ben Wood, chief analyst at CCS Insight, said the pulling of features from cloud-powered hardware is not uncommon – and something that has happened to him before.

“If you want to be an early adopter and have some fun new tech that an ambitious start-up has created, there’s always a risk that they won’t be able to make the business plan stack up,” he warned.

“That could either mean the service stops working or you end up finding you have to pay additional charges to maintain service continuity.”

Source: Google offers refunds after smart glasses stop working – BBC News

When a Customer Gets Refunded For a Paid App, Apple Doesn’t Refund the 30% Cut They Took From The Developer

Posted on by

When a customer gets refunded for an app they purchased, Apple doesn’t refund the 30% cut they took from the developer, says developer Simeon Saens of Two Lives Left. While [online] payment processors generally don’t refund fees on refunded payments, “the App Store doesn’t position itself as a payments processor the way Stripe does, so it sounds really weird that they would act like one,” writes HN user chadlavi. Epic Games CEO Tim Sweeney says in a tweet: This is a critical consideration in these 30% store fees. They come off the top, before funding any developer costs. As a result, Apple and Google make more profit from most developers’ games than the developers themselves. That is terribly unfair and exploitative. “If the app store took a 3% chunk and never refunded it regardless of the ongoing status of the transaction, that would put them right in line with other payment processors,” adds chadlavi. “It would also still net them billions of dollars, I think!”

Source: When a Customer Gets Refunded For a Paid App, Apple Doesn’t Refund the 30% Cut They Took From The Developer – Slashdot

Aside from that, 30% is an insane amount of cut to steal off someone with no other option but to use your marketplace.

Hackers Broke Into Real News Sites to Plant Fake Stories

Posted on by

On Wednesday, security firm FireEye released a report on a disinformation-focused group it’s calling Ghostwriter. The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they’ve posted fake content on everything from social media to pro-Russian news websites. In some cases, FireEye says, Ghostwriter has deployed a bolder tactic: hacking the content management systems of news websites to post their own stories. They then disseminate their literal fake news with spoofed emails, social media, and even op-eds the propagandists write on other sites that accept user-generated content.

That hacking campaign, targeting media sites from Poland to Lithuania, has spread false stories about US military aggression, NATO soldiers spreading coronavirus, NATO planning a full-on invasion of Belarus, and more. “They’re spreading these stories that NATO is a danger, that they resent the locals, that they’re infected, that they’re car thieves,” says John Hultquist, director of intelligence at FireEye. “And they’re pushing these stories out with a variety of means, the most interesting of which is hacking local media websites and planting them. These fictional stories are suddenly bona fide by the sites that they’re on, and then they go in and spread the link to the story.”

[…]

the company’s analysts have found that the news site compromises and the online accounts used to spread links to those fabricated stories, as well as the more traditional creation of fake news on social media, blogs, and websites with an anti-US and anti-NATO bent, all tie back to a distinct set of personas, indicating one unified disinformation effort. FireEye’s Hultquist points out that the campaign doesn’t seem financially motivated, indicating a political or state backer, and notes that the focus on driving a wedge between NATO and citizens of Eastern Europe hints at possible Russian involvement.

Nor would it be the first time that Russian hackers planted fake news stories; in 2017, US intelligence agencies concluded that Russian hackers breached Qatar’s state news agency and planted a fake news story designed to embarrass the country’s leader and cause a rift with the US, though US intelligence never confirmed the Kremlin’s involvement.

“We can’t concretely tie it to Russia at this time, but it’s certainly in line with their interests,” Hultquist says of the Ghostwriter campaign. “It wouldn’t be a surprise to me if this is where the evidence leads us.”

Source: Hackers Broke Into Real News Sites to Plant Fake Stories | WIRED

If you own one of these 45 Netgear devices, replace it: Firm won’t patch vulnerable gear despite live proof-of-concept code

Posted on by

Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code.

The vuln was revealed publicly in June by Trend Micro’s Zero Day Initiative (ZDI) following six months spent chivvying Netgear behind the scenes to take it seriously.

Keen-eyed Reg readers, however, noticed that Netgear quietly declared 45 of the affected products as “outside the security support period” – meaning those items won’t be updated to protect them against the vuln.

America’s Carnegie-Mellon University summarised the vuln in a note from its Software Engineering Institute: “Multiple Netgear devices contain a stack buffer overflow in the httpd web server’s handling of upgrade_check.cgi, which may allow for unauthenticated remote code execution with root privileges.”

Stung by pressure from infosec researchers that came to a head in June when ZDI went public, Netgear began issuing patches. It had sorted out 28 of the 79 vulnerable product lines by the end of that month.

Infosec biz Grimm pitched in after independently discovering the vuln itself by publishing proof-of-concept exploits for the SOHO (Small Office/Home Office) devices.

With today’s revelation that 45 largely consumer and SME-grade items will never be patched, Netgear faces questions over its commitment to older product lines. Such questions have begun to be addressed in Britain by calls from government agencies for new laws forcing manufacturers to reveal devices’ design lifespans at the point of purchase.

[…]

Today Netgear’s advisory page for the patches shows 45 devices’ fix status as “none; outside security support period”. We have collected those devices’ model numbers in the list below:

  • AC1450
  • D6300
  • DGN2200v1
  • DGN2200M
  • DGND3700v1
  • LG2200D
  • MBM621
  • MBR1200
  • MBR1515
  • MBR1516
  • MBR624GU
  • MBRN3000
  • MVBR1210C
  • R4500
  • R6200
  • R6200v2
  • R6300v1
  • R7300DST
  • WGR614v10
  • WGR614v8
  • WGR614v9
  • WGT624v4
  • WN2500RP
  • WN2500RPv2
  • WN3000RP
  • WN3000RPv2
  • WN3000RPv3
  • WN3100RP
  • WN3100RPv2
  • WN3500RP
  • WNCE3001
  • WNCE3001v2
  • WNDR3300v1
  • WNDR3300v2
  • WNDR3400v1
  • WNDR3400v2
  • WNDR3400v3
  • WNDR3700v3
  • WNDR4000
  • WNDR4500
  • WNDR4500v2
  • WNR3500v1
  • WNR3500Lv1
  • WNR3500v2
  • WNR834Bv2

Source: If you own one of these 45 Netgear devices, replace it: Firm won’t patch vulnerable gear despite live proof-of-concept code • The Register

See When Other Apps Use Your Microphone or Camera With This Android App

Posted on by

you can get this functionality by downloading and installing a simple app from the Google Play Store: Access Dots. It’s free, it’s easy, and it helps you up your Android’s security game. I would almost call it a must-install for anyone, because it’s as unobtrusive as it is helpful.

Download and launch the app, and you’ll see one simple setting you have to enable. That’s all you have to do to fire up Access Dots’ basic functionality.

Illustration for article titled See When Other Apps Use Your Microphone or Camera With This Android App
Screenshot: David Murphy

Well, that and tapping on the new “Access Dots” listing in your Accessibility settings, and then enabling the service there, too.

Illustration for article titled See When Other Apps Use Your Microphone or Camera With This Android App
Screenshot: David Murphy

Head back to your Android’s Home screen and…you won’t see anything. Zilch. That’s the point. Pull up your Camera app, however, and you’ll see a big green icon appear in the upper-right corner of your device. Tap on your Google Assistant’s microphone icon, and you’ll see an orange dot; the same as what iOS 14 users see.

Illustration for article titled See When Other Apps Use Your Microphone or Camera With This Android App
Screenshot: David Murphy

If you don’t like these colors, you can change them to whatever you want in Access Dots’ settings. You can even change the location of said dot, as well as its size. Tap on the little “History” icon in Access Dots’ main UI—you can’t miss it—and you’ll even be able to browse a log of which apps requested camera of microphone access and for how long they used it:

Though I’m not a huge fan of how many ads litter the Access Dots app, I respect someone’s need to make a little cash. You only see them when you launch the app. Otherwise, all you’ll see on your phone are those dots. That’s not a terrible trade-off, I’d say, given how much this simple security app can do.

Source: See When Other Apps Use Your Microphone or Camera With This Android App

Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev – this is why you don’t give cloud access to your crown jewels

Posted on by

Waydev, a San Francisco-based company, runs a platform that can be used to track software engineers’ work output by analyzing Git-based codebases. To do this, Waydev runs a special app listed on the GitHub and GitLab app stores.

When users install the app, Waydev receives an OAuth token that it can use to access its customers’ GitHub or GitLab projects. Waydev stores this token in its database and uses it on a daily basis to generate analytical reports for its customers.

Waydev CEO and co-founder Alex Circei told ZDNet today in a phone call that hackers used a blind SQL injection vulnerability to gain access to its database, from where they stole GitHub and GitLab OAuth tokens.

The hackers then used some of these tokens to pivot to other companies’ codebases and gain access to their source code projects.

Source: Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev | ZDNet

GRUB2, you’re getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

Posted on by

An annoying vulnerability in the widely used GRUB2 bootloader can be potentially exploited by malware or a rogue insider already on a machine to thoroughly compromise the operating system or hypervisor while evading detection by users and security tools.

[…]

Designated CVE-2020-10713, the vulnerability allows a miscreant to achieve code execution within the open-source bootloader, and effectively control the device at a level above the firmware and below any system software. Bug hunters at Eclypsium, who found the flaw and dubbed it BootHole, said patching the programming blunder will be a priority and a headache for admins.

To be clear, malware or a rogue user must already have administrator privileges on the device to exploit the flaw, which for the vast majority of victims is a game-over situation anyway. You’ve likely lost all your data and network integrity at that point. What this bootloader bug opens up is the ability for a determined miscreant to burrow deeper, run code at a low level below other defenses, and compromise the foundation of a system to the point where they cannot be easily detected by administrators nor antivirus.

Source: GRUB2, you’re getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system • The Register

Origins of the sarsen megaliths at Stonehenge

Posted on by

The sources of the stone used to construct Stonehenge around 2500 BCE have been debated for over four centuries. The smaller “bluestones” near the center of the monument have been traced to Wales, but the origins of the sarsen (silcrete) megaliths that form the primary architecture of Stonehenge remain unknown. Here, we use geochemical data to show that 50 of the 52 sarsens at the monument share a consistent chemistry and, by inference, originated from a common source area. We then compare the geochemical signature of a core extracted from Stone 58 at Stonehenge with equivalent data for sarsens from across southern Britain. From this, we identify West Woods, Wiltshire, 25 km north of Stonehenge, as the most probable source area for the majority of sarsens at the monument.

Source: Origins of the sarsen megaliths at Stonehenge | Science Advances

We’re suing Google for harvesting our personal info even though we opted out of Chrome sync – netizens

Posted on by

A handful of Chrome users have sued Google, accusing the browser maker of collecting personal information despite their decision not to sync data stored in Chrome with a Google Account.

The lawsuit [PDF], filed on Monday in a US federal district court in San Jose, California, claimed Google promises not to collect personal information from Chrome users who choose not to sync their browser data with a Google Account but does so anyway.

“Google intentionally and unlawfully causes Chrome to record and send users’ personal information to Google regardless of whether a user elects to Sync or even has a Google account,” the complaint stated.

Filed on behalf of “unsynced” plaintiffs Patrick Calhoun, Elaine Crespo, Hadiyah Jackson and Claudia Kindler – all said to have stopped using Chrome and to wish to return to it, rather than use a different browser, once Google stops tracking unsynced users – the lawsuit cited the Chrome Privacy Notice.

Since 2016, that notice has promised, “You don’t need to provide any personal information to use Chrome.” And since 2019, it has said, “the personal information that Chrome stores won’t be sent to Google unless you choose to store that data in your Google Account by turning on sync,” with earlier versions offering variants on that wording.

Nonetheless, whether or not account synchronization has been enabled, it’s claimed, Google uses Chrome to collect IP addresses linked to user agent data, identifying cookies, unique browser identifiers called X-Client Data Headers, and browsing history. And it does so supposedly in violation of federal wiretap laws and state statutes.

Google then links that information with individuals and their devices, it’s claimed, through practices like cookie syncing, where cookies set in a third-party context get associated with cookies set in a first-party context.

“Cookie synching allows cooperating websites to learn each other’s cookie identification numbers for the same user,” the complaint says. “Once the cookie synching operation is complete, the two websites exchange information that they have collected and hold about a user, further making these cookies ‘Personal Information.'”

The litigants pointed to Google’s plan to phase out third-party cookies, and noted Google doesn’t need cookies due to the ability of its X-Client-Data Header to uniquely identify people.

Source: We’re suing Google for harvesting our personal info even though we opted out of Chrome sync – netizens • The Register

Scientists are 3-D printing miniature human organs to test coronavirus drugs

Posted on by

Whether the goal is to find a treatment for COVID-19 or another disease, scientists often have to conduct preliminary tests on animals to determine whether the drug is safe or effective in people. It’s not always a one-for-one comparison, but The New York Times reports there may be a new way around that step going forward: 3-D printing.

For example, Anthony Atala, the director of the Wake Forest Institute for Regenerative Medicine, and his team are using 3-D printers to create tiny replicas of human organs, including miniature lungs and colons, which are particularly affected by the coronavirus. They send them overnight for testing at a biosafety lab at George Mason University.

The idea predated the coronavirus — Atala said he never thought “we’d be considering this for a pandemic” — but it could come in handy and help expedite the experimental drug process, especially since Atala said his Winston-Salem, North Carolina-based lab can churn out thousands of printed organs per hour. “The 3-D models can circumvent animal testing and make the pathway stronger from the lab to the clinic,” said Akhilesh Gaharwar, who directs a lab in the biomedical engineering at Texas A&M University. Read more at The New York Times. Tim O’Donnell

Source: Scientists are 3-D printing miniature human organs to test coronavirus drugs

Twitter Contractors Abused Access to Beyoncé’s Account: Report

Posted on by

Twitter contractors with high-level administrative access to accounts regularly abused their privileges to spy on celebrities including Beyoncé, including approximating their movements via internet protocol addresses, according to a report by Bloomberg.

Over 1,500 workers and contractors at Twitter who handle internal support requests and manage user accounts have high-level privileges that enable them to override user security settings and reset their accounts via Twitter’s backend, as well as view certain details of accounts like IP addresses, phone numbers, and email addresses.

[…]

Two of the former Twitter employees told Bloomberg that projects such as enhancing security of “the system that houses Twitter’s backup files or enhancing oversight of the system used to monitor contractor activity were, at times, shelved for engineering products designed to enhance revenue.” In the meantime, some of those with access (some of whom were contractors with Cognizant at up to six separate work sites) abused it to view details including IP addresses of users. Executives didn’t prioritize policing the internal support team, two of the former employees told Bloomberg, and at times Twitter security allegedly had trouble tracking misconduct due to sheer volume.

A system was in place to create access logs, but it could be fooled by simply creating bullshit support tickets that made the spying appear legitimate; two of the former employees told Bloomberg that from 2017 to 2018 members of the internal support team “made a kind of game out of” the workaround. The security risks inherent to granting access to so many people were reportedly brought up to the company’s board repeatedly from 2015-2019, but little changed.

This had consequences beyond the most recent hack. Last year, the Department of Justice announced charges against two former employees (a U.S. national and a Saudi citizen) that it accused of espionage on behalf of an individual close to Saudi Crown Prince Mohammed bin Salman. The DOJ alleged that the intent of the operation was to gain access to private information on political dissidents.

Source: Twitter Contractors Abused Access to Beyoncé’s Account: Report

Microsoft raised Apple’s app store with US house antitrust group

Posted on by

A US House antitrust committee is getting set to grill tech’s biggest CEOs, but Microsoft wants them to focus on one in particular: Apple’s Tim Cook. Microsoft President Brad Smith met with the committee several weeks ago and relayed concerns about how Apple manages its App Store, according to the The Information (via Bloomberg).

Smith complained specifically about Apple’s arbitrary App Store approval policy which recently caused a ruckus over the rejection of Basecamp’s Hey email app. He also railed against Apple’s payment requirement that allows it to take as much as a 30 percent cut of developers’ revenue. That policy is currently the subject of an EU antitrust investigation launched at the behest of Spotify.

The antitrust committee originally called Smith to get Microsoft’s take on the current antitrust climate, given that the company was the subject of US investigations in the 2000s. Smith said that Apple’s App Store rules impede competition to a much higher degree than Microsoft did with Windows when it was found guilty of antitrust violations two decades ago. Smith didn’t criticize other tech companies during the interview.

Apple has largely avoided the privacy-related investigations faced by Google and Facebook, but now finds itself in the middle of antitrust probes on both sides of the Atlantic. With its old frenemy Microsoft adding to the complaints, Apple could face a lot of heat when the House Judiciary Antitrust hearings kick off next Monday on July 27th.

Source: Microsoft raised Apple’s app store with US house antitrust group | Engadget

After talking about this since early 2019 it’s nice to see stuff actually happening

Epic Games CEO speaks out against Apple, Google app store monopoly

Posted on by

Tim Sweeney, CEO of Fortnite developer Epic Games, criticized Apple and Google for having an “absolute monopoly” on app stores in a Friday interview with CNBC. There aren’t many viable options for distributing mobile software outside the Apple App Store and the Google Play Store, and Sweeney chides both for taking a 30 percent fee from in-app purchases.

Epic Games launched the Epic Games Store in late 2018 for Windows and Mac computers, and only charges other publishers a 12 percent fee on in-app purchases. The Epic Games Store hasn’t made it to the App Store because of Apple’s strict guidelines against competing software stores.

“They [Apple] are preventing an entire category of businesses and applications from being engulfed in their ecosystem by virtue of excluding competitors from each aspect of their business that they’re protecting,” Sweeney said.

Epic previously made Fortnite available to Android devices not by offering it on the Google Play Store, but instead through a launcher on the Fortnite website that downloaded the game. This allowed Epic to sidestep the 30 percent fee from Google. But the download process was too involved for many users, so Fortnite eventually launched on Google Play earlier this year. Sweeney said the company still plans to bring the Epic Games Store to Android. “Google essentially intentionally stifles competing stores by having user interface barriers and obstruction,” Sweeney said.

Epic isn’t the first company to speak out against Apple and Google’s 30 percent fee. In March of last year, Spotify CEO Daniel Ek filed an unfair competition complaint against Apple with the European Commission, citing the fee as forcing them to artificially inflate the price of its Spotify Premium membership. Last July, Tinder introduced a default payment process into its Android app meant to bypass the Google Play Store fee.

Source: Epic Games CEO speaks out against Apple, Google app store ‘monopoly’ | Engadget

I have been talking about the growing monopoly of the tech giants since beginning of 2019

Will Garmin Pay $10 Million Ransom To End Two-Day Outage?

Posted on by

Garmin is reportedly being asked to pay a $10 million ransom to free its systems from a cyberattack that has taken down many of its services for two days.

The navigation company was hit by a ransomware attack on Thursday, leaving customers unable to log fitness sessions in Garmin apps and pilots unable to download flight plans for aircraft navigation systems, among other problems. The company’s communication systems have also been taken offline, leaving it unable to respond to disgruntled customers.

Garmin employees have told BleepingComputer that the company was struck down by the WastedLocker ransomware. Screenshots sent to BleepingComputer show long lists of the company’s files encrypted by the malware, with a ransom note attached to each file.

MORE FROM FORBESSpotify Security Hole Lets Strangers Into Your Family AccountBy Barry Collins

The ransom note tells the recipient to email one of two email addresses to “get a price for your data”. That price, Garmin’s sources have told BleepingComputer, is $10 million.

Crippled Garmin

The ransomware attack has crippled many of the company’s systems. Reports claim that Garmin’s IT department shut down all of the company’s computers, including those of employees working from home who were connected by VPN, to halt the spread of the ransomware across its network.

Garmin’s Taiwan factories have reportedly closed production lines yesterday and today while the company attempts to unpick the ransomware.

The shutdown is having a big effect on Garmin’s customers. DownDetector reveals a huge spike today in people having trouble accessing Garmin Connect, the app that logs fitness routines for the company’s devices. More people are likely to be using such devices at the weekend.

The problem is even more serious for Garmin’s aviation device customers. Pilots have told ZDNet that they are unable to download a version of Garmin’s aviation database onto their airplane navigation systems, which is an FAA requirement.

Garmin has issued very little public comment about the problem. On Thursday, the company issued a tweet saying “we are currently experiencing an outage that affects Garmin Connect,” adding that the outage “also affects our call centers and we are currently unable to receive any calls, emails or online chats”.

Garmin has been approached for comment, but as you can appreciate from the statement above, that’s somewhat complicated…

Source: Will Garmin Pay $10 Million Ransom To End Two-Day Outage?

Cognitive Radios Will Go Where No Deep-Space Mission Has Gone Before

Posted on by

Space seems empty and therefore the perfect environment for radio communications. Don’t let that fool you: There’s still plenty that can disrupt radio communications. Earth’s fluctuating ionosphere can impair a link between a satellite and a ground station. The materials of the antenna can be distorted as it heats and cools. And the near-vacuum of space is filled with low-level ambient radio emanations, known as cosmic noise, which come from distant quasars, the sun, and the center of our Milky Way galaxy. This noise also includes the cosmic microwave background radiation, a ghost of the big bang. Although faint, these cosmic sources can overwhelm a wireless signal over interplanetary distances.

Depending on a spacecraft’s mission, or even the particular phase of the mission, different link qualities may be desirable, such as maximizing data throughput, minimizing power usage, or ensuring that certain critical data gets through. To maintain connectivity, the communications system constantly needs to tailor its operations to the surrounding environment.

Imagine a group of astronauts on Mars. To connect to a ground station on Earth, they’ll rely on a relay satellite orbiting Mars. As the space environment changes and the planets move relative to one another, the radio settings on the ground station, the satellite orbiting Mars, and the Martian lander will need continual adjustments. The astronauts could wait 8 to 40 minutes—the duration of a round trip—for instructions from mission control on how to adjust the settings. A better alternative is to have the radios use neural networks to adjust their settings in real time. Neural networks maintain and optimize a radio’s ability to keep in contact, even under extreme conditions such as Martian orbit. Rather than waiting for a human on Earth to tell the radio how to adapt its systems—during which the commands may have already become outdated—a radio with a neural network can do it on the fly.

Such a device is called a cognitive radio. Its neural network autonomously senses the changes in its environment, adjusts its settings accordingly—and then, most important of all, learns from the experience. That means a cognitive radio can try out new configurations in new situations, which makes it more robust in unknown environments than a traditional radio would be. Cognitive radios are thus ideal for space communications, especially far beyond Earth orbit, where the environments are relatively unknown, human intervention is impossible, and maintaining connectivity is vital.

Worcester Polytechnic Institute and Penn State University, in cooperation with NASA, recently tested the first cognitive radios designed to operate in space and keep missions in contact with Earth. In our tests, even the most basic cognitive radios maintained a clear signal between the International Space Station (ISS) and the ground. We believe that with further research, more advanced, more capable cognitive radios can play an integral part in successful deep-space missions in the future, where there will be no margin for error.

Future crews to the moon and Mars will have more than enough to do collecting field samples, performing scientific experiments, conducting land surveys, and keeping their equipment in working order. Cognitive radios will free those crews from the onus of maintaining the communications link. Even more important is that cognitive radios will help ensure that an unexpected occurrence in deep space doesn’t sever the link, cutting the crew’s last tether to Earth, millions of kilometers away.

Cognitive radio as an idea was first proposed by Joseph Mitola III at the KTH Royal Institute of Technology, in Stockholm, in 1998. Since then, many cognitive radio projects have been undertaken, but most were limited in scope or tested just a part of a system. The most robust cognitive radios tested to date have been built by the U.S. Department of Defense.

When designing a traditional wireless communications system, engineers generally use mathematical models to represent the radio and the environment in which it will operate. The models try to describe how signals might reflect off buildings or propagate in humid air. But not even the best models can capture the complexity of a real environment.

A cognitive radio—and the neural network that makes it work—learns from the environment itself, rather than from a mathematical model. A neural network takes in data about the environment, such as what signal modulations are working best or what frequencies are propagating farthest, and processes that data to determine what the radio’s settings should be for an optimal link. The key feature of a neural network is that it can, over time, optimize the relationships between the inputs and the result. This process is known as training.

[…]

Source: Cognitive Radios Will Go Where No Deep-Space Mission Has Gone Before – IEEE Spectrum

EU demands strange concessions from Google over Fitbit deal – wants to share movement data to third parties

Posted on by

The EU has demanded that Google make major concessions relating to its $2.1 billion acquisition of fitness-tracking company Fitbit if the deal is to be allowed to proceed imminently, according to people with direct knowledge of the discussions.

Since it was announced last November, the acquisition has faced steep opposition from consumer groups and regulators, who have raised concerns over the effect of Google’s access to Fitbit’s health data on competition.

EU regulators now want the company to pledge that it will not use that information to “further enhance its search advantage” and that it will grant third parties equal access to it, these people said.

The move comes days after the EU regulators suffered a major blow in Luxembourg, losing a landmark case that would have forced Apple to pay back €14.3 billion in taxes to Ireland.

Brussels insiders said that a refusal by Google to comply with the new demands would probably result in a protracted investigation, adding that such a scenario could ultimately leave the EU at a disadvantage.

“It is like a poker game,” said a person following the case closely. “In a lengthy probe, the commission risks having fewer or no pledges and still having to clear the deal.”

They added that the discussions over the acquisition were “intense,” and there was no guarantee that any agreement between Brussels and Google would be reached.

Google had previously promised it would not use Fitbit’s health data to improve its own advertising, but according to Brussels insiders, the commitment was not sufficient to assuage the EU’s concerns nor those of US regulators also examining the deal.

Source: EU demands major concessions from Google over Fitbit deal | Ars Technica

Uhmmm so they want everybody to have access to this extremely private data?

More than 1,000 people at Twitter had ability to aid hack of accounts

Posted on by

Twitter said on Saturday that the perpetrators “manipulated a small number of employees and used their credentials” to log into tools and turn over access to 45 accounts. here On Wednesday, it said that the hackers could have read direct messages to and from 36 accounts but did not identify the affected users.

The former employees familiar with Twitter security practices said that too many people could have done the same thing, more than 1,000 as of earlier in 2020, including some at contractors like Cognizant.

Twitter declined to comment on that figure and would not say whether the number declined before the hack or since. The company was looking for a new security head, working to better secure its systems and training employees on resisting tricks from outsiders, Twitter said. Cognizant did not respond to a request for comment.

“That sounds like there are too many people with access,” said Edward Amoroso, former chief security officer at AT&T. Responsibilities among the staff should have been split up, with access rights limited to those responsibilities and more than one person required to agree to make the most sensitive account changes. “In order to do cyber security right, you can’t forget the boring stuff.”

Threats from insiders, especially lower-paid outside support staff, are a constant worry for companies serving large numbers of users, cyber security experts said. They said that the greater the number of people who can change key settings, the stronger oversight must be.

[…]

On a call to discuss company earnings on Thursday, Twitter Chief Executive Jack Dorsey acknowledged past missteps.

“We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools,” Dorsey told investors.

Source: Exclusive: More than 1,000 people at Twitter had ability to aid hack of accounts – Reuters

Giant waves of sand are moving on Mars

Posted on by

Researchers have spotted large waves of martian sand migrating for the first time. The discovery dispels the long-held belief that these “megaripples” haven’t moved since they formed hundreds of thousands of years ago. They’re also evidence of stronger-than-expected winds on the Red Planet.

It’s pretty staggering that humans can detect these changes on Mars, says Ralph Lorenz, a planetary scientist at the Johns Hopkins University Applied Physics Laboratory who was not involved in the research. “We can now measure processes on the surface of another planet that are just a couple times faster than our hair grows.”

Megaripples are found in deserts on Earth, often between dunes. Waves in the sand spaced up to tens of meters apart, they’re a larger version of ripples that undulate every 10 centimeters or so on many sand dunes.

But unlike dunes, megaripples are made up of two sizes of sand grains. Coarser, heavier grains cap the crests of megaripples, making it harder for wind to move these features around, says Simone Silvestro, a planetary scientist at Italy’s National Institute of Astrophysics in Naples.

Since the early 2000s, Mars rovers and orbiters have repeatedly spotted megaripples on the Red Planet. But they didn’t seem to change in any measurable way, which led some scientists to think they were relics from Mars’s past, when its thicker atmosphere permitted stronger winds.

Now, using images captured by NASA’s Mars Reconnaissance Orbiter, Silvestro and his colleagues have shown that some megaripples do creep along—just very slowly.

The researchers focused on two sites near the equator of Mars. They analyzed roughly 1100 megaripples in McLaughlin crater and 300 in the Nili Fossae region. They looked for signs of movement by comparing time-lapse images of each site—taken 7.6 and 9.4 years apart, respectively. Megaripples in both regions advanced by about 10 centimeters per year, the team reports in the Journal of Geophysical Research: Planets. That’s about how fast megaripples move in the Lut Desert of Iran.

It’s a surprise that megaripples move at all on Mars, says Jim Zimbelman, a planetary geologist at the Smithsonian Institution’s Air and Space Museum. Just a few decades ago, there was no evidence that sands on Mars were mobile, he says. “None of us thought that the winds were strong enough.”

[…]

Source: Giant waves of sand are moving on Mars | Science | AAAS

Ongoing Meow attack has nuked >4,000 MongoDB and Elastic databases with default settings left on

Posted on by

More than 1,000 unsecured databases so far have been permanently deleted in an ongoing attack that leaves the word “meow” as its only calling card, according to Internet searches over the past day.

The attack first came to the attention of researcher Bob Diachenko on Tuesday, when he discovered a database that stored user details of the UFO VPN had been destroyed. UFO VPN had already been in the news that day because the world-readable database exposed a wealth of sensitive user information, including:

  • Account passwords in plain text
  • VPN session secrets and tokens
  • IP addresses of both user devices and the VPN servers they connected to
  • Connection timestamps
  • Geo-tags
  • Device and OS characteristics
  • Apparent domains from which advertisements are injected into free users’ Web browsers

Besides amounting to a serious privacy breach, the database was at odds with the Hong Kong-based UFO’s promise to keep no logs. The VPN provider responded by moving the database to a different location but once again failed to secure it properly. Shortly after, the Meow attack wiped it out.

Representatives of UFO didn’t immediately respond to an email seeking comment.

Since then, Meow and a similar attack have destroyed more than 1,000 other databases. At the time this post went live, the Shodan computer search site showed that 987 ElasticSearch and 70 MongoDB instances had been nuked by Meow. A separate, less-malicious attack tagged an additional 616 ElasticSearch, MongoDB, and Cassandra files with the string “university_cybersec_experiment.” The attackers in this case seem to be demonstrating to the database maintainers that the files are vulnerable to being viewed or deleted.

Just for fun

It’s not the first time attackers have targeted unsecured databases, which have become increasingly common with the growing use of cloud computing services from Amazon, Microsoft, and other providers. In some cases, the motivation is to make money through ransomware rackets. In other cases—including the current Meow attacks—the data is simply wiped out with no ransomware note or any other explanation. The only thing left behind in the current attacks is the word “meow.”

One database affected by the Meow attack.
One database affected by the Meow attack.

“I think that in most [of the latter] cases, malicious actors behind the attacks do it just for fun, because they can, and because it is really simple to do,” Diachenko told me. “Thus, it is another wake-up call for the industry and companies which ignore cyber hygiene and lose their data and data of their customers in a blink of an eye.”

Source: Ongoing Meow attack has nuked >1,000 databases without telling anyone why | Ars Technica