The Linkielist

Linking ideas with the world

The Linkielist

Daily Archives: July 5, 2020

Research Libraries Tell Publishers To Drop Their Awful Lawsuit Against The Internet Archive

Posted on by

I’ve seen a lot of people — including those who are supporting the publishers’ legal attack on the Internet Archive — insist that they “support libraries,” but that the Internet Archive’s Open Library and National Emergency Library are “not libraries.” First off, they’re wrong. But, more importantly, it’s good to see actual librarians now coming out in support of the Internet Archive as well. The Association of Research Libraries has put out a statement asking publishers to drop this counter productive lawsuit, especially since the Internet Archive has shut down the National Emergency Library.

The Association of Research Libraries (ARL) urges an end to the lawsuit against the Internet Archive filed early this month by four major publishers in the United States District Court Southern District of New York, especially now that the National Emergency Library (NEL) has closed two weeks earlier than originally planned.

As the ARL points out, the Internet Archive has been an astounding “force for good” for the dissemination of knowledge and culture — and that includes introducing people to more books.

For nearly 25 years, the Internet Archive (IA) has been a force for good by capturing the world’s knowledge and providing barrier-free access for everyone, contributing services to higher education and the public, including the Wayback Machine that archives the World Wide Web, as well as a host of other services preserving software, audio files, special collections, and more. Over the past four weeks, IA’s Open Library has circulated more than 400,000 digital books without any user cost—including out-of-copyright works, university press titles, and recent works of academic interest—using controlled digital lending (CDL). CDL is a practice whereby libraries lend temporary digital copies of print books they own in a one-to-one ratio of “loaned to owned,” and where the print copy is removed from circulation while the digital copy is in use. CDL is a practice rooted in the fair use right of the US Copyright Act and recent judicial interpretations of that right. During the COVID-19 pandemic, many academic and research libraries have relied on CDL (including IA’s Open Library) to ensure academic and research continuity at a time when many physical collections have been inaccessible.

As ARL and our partner library associations acknowledge, many publishers (including some involved in the lawsuit) are contributing to academic continuity by opening more content during this crisis. As universities and libraries work to ensure scholars and students have the information they need, ARL looks forward to working with publishers to ensure open and equitable access to information. Continuing the litigation against IA for the purpose of recovering statutory damages and shuttering the Open Library would interfere with this shared mutual objective.

It would be nice if the publishers recognized this, but as we’ve said over and over again, these publishers would sue any library if libraries didn’t already exist. The fact that the Open Library looks just marginally different from a traditional library, means they’re unlikely to let go of this stupid, counterproductive lawsuit.

Source: Research Libraries Tell Publishers To Drop Their Awful Lawsuit Against The Internet Archive | Techdirt

European police hacked encrypted phones used by thousands of criminals

Posted on by

In one of the largest law enforcement busts ever, European police and crime agencies hacked an encrypted communications platform used by thousands of criminals and drug traffickers. By infiltrating the platform, Encrochat, police across Europe gained access to a hundred million encrypted messages. In the UK, those messages helped officials arrest 746 suspects, seize £54 million (about $67 million) and confiscate 77 firearms and two tonnes of Class A and B drugs, the National Crime Agency (NCA) reported. According to Vice, police also made arrests in France, the Netherlands, Norway and Sweden.

Encrochat promised highly secure phones that, as Vice explains, were essentially modified Android devices. The company installed its own encrypted messaging platform, removed the GPS, camera and microphone functions and offered features like the ability to wipe the device with a PIN. The phones could make VOIP calls and send texts, but they did little else. They ran two operating systems, one of which appeared normal to evade suspicion. Encrochat used a subscription model, which cost thousands of dollars per year, and users seemed to think that it was foolproof.

Law enforcement agencies began collecting data from Encrochat on April 1st. According to the BBC, the encryption code was likely cracked in early March. It’s not clear exactly how officials hacked the platform, which is now shut down.

Source: European police hacked encrypted phones used by thousands of criminals | Engadget

Uncovered: 1,000 phrases that incorrectly trigger Alexa, Siri, and Google Assistant

Posted on by

As Alexa, Google Home, Siri, and other voice assistants have become fixtures in millions of homes, privacy advocates have grown concerned that their near-constant listening to nearby conversations could pose more risk than benefit to users. New research suggests the privacy threat may be greater than previously thought.

The findings demonstrate how common it is for dialog in TV shows and other sources to produce false triggers that cause the devices to turn on, sometimes sending nearby sounds to Amazon, Apple, Google, or other manufacturers. In all, researchers uncovered more than 1,000 word sequences—including those from Game of Thrones, Modern Family, House of Cards, and news broadcasts—that incorrectly trigger the devices.

“The devices are intentionally programmed in a somewhat forgiving manner, because they are supposed to be able to understand their humans,” one of the researchers, Dorothea Kolossa, said. “Therefore, they are more likely to start up once too often rather than not at all.”

That which must not be said

Examples of words or word sequences that provide false triggers include

  • Alexa: “unacceptable,” “election,” and “a letter”
  • Google Home: “OK, cool,” and “Okay, who is reading”
  • Siri: “a city” and “hey jerry”
  • Microsoft Cortana: “Montana”

The two videos below show a GoT character saying “a letter” and Modern Family character uttering “hey Jerry” and activating Alexa and Siri, respectively.

Accidental Trigger #1 – Alexa – Cloud
Accidental Trigger #3 – Hey Siri – Cloud

In both cases, the phrases activate the device locally, where algorithms analyze the phrases; after mistakenly concluding that these are likely a wake word, the devices then send the audio to remote servers where more robust checking mechanisms also mistake the words for wake terms. In other cases, the words or phrases trick only the local wake word detection but not algorithms in the cloud.

Unacceptable privacy intrusion

When devices wake, the researchers said, they record a portion of what’s said and transmit it to the manufacturer. The audio may then be transcribed and checked by employees in an attempt to improve word recognition. The result: fragments of potentially private conversations can end up in the company logs.

The risk to privacy isn’t solely theoretical. In 2016, law enforcement authorities investigating a murder subpoenaed Amazon for Alexa data transmitted in the moments leading up to the crime. Last year, The Guardian reported that Apple employees sometimes transcribe sensitive conversations overheard by Siri. They include private discussions between doctors and patients, business deals, seemingly criminal dealings, and sexual encounters.

The research paper, titled “Unacceptable, where is my privacy?,” is the product of Lea Schönherr, Maximilian Golla, Jan Wiele, Thorsten Eisenhofer, Dorothea Kolossa, and Thorsten Holz of Ruhr University Bochum and Max Planck Institute for Security and Privacy. In a brief write-up of the findings, they wrote:

Our setup was able to identify more than 1,000 sequences that incorrectly trigger smart speakers. For example, we found that depending on the pronunciation, «Alexa» reacts to the words “unacceptable” and “election,” while «Google» often triggers to “OK, cool.” «Siri» can be fooled by “a city,” «Cortana» by “Montana,” «Computer» by “Peter,” «Amazon» by “and the zone,” and «Echo» by “tobacco.” See videos with examples of such accidental triggers here.

In our paper, we analyze a diverse set of audio sources, explore gender and language biases, and measure the reproducibility of the identified triggers. To better understand accidental triggers, we describe a method to craft them artificially. By reverse-engineering the communication channel of an Amazon Echo, we are able to provide novel insights on how commercial companies deal with such problematic triggers in practice. Finally, we analyze the privacy implications of accidental triggers and discuss potential mechanisms to improve the privacy of smart speakers.

The researchers analyzed voice assistants from Amazon, Apple, Google, Microsoft, and Deutsche Telekom, as well as three Chinese models by Xiaomi, Baidu, and Tencent. Results published on Tuesday focused on the first four. Representatives from Apple, Google, and Microsoft didn’t immediately respond to a request for comment.

The full paper hasn’t yet been published, and the researchers declined to provide a copy ahead of schedule. The general findings, however, already provide further evidence that voice assistants can intrude on users’ privacy even when people don’t think their devices are listening. For those concerned about the issue, it may make sense to keep voice assistants unplugged, turned off, or blocked from listening except when needed—or to forgo using them at all.

Source: Uncovered: 1,000 phrases that incorrectly trigger Alexa, Siri, and Google Assistant | Ars Technica

Ads are taking over Samsung’s Galaxy smartphones — and it needs to stop

Posted on by

I’ve used a Samsung Galaxy smartphone almost every day for nearly 4 years. I used them because Samsung had fantastic hardware that was matched by (usually) excellent software. But in 2020, a Samsung phone is no longer my daily driver, and there’s one simple reason that’s the case: Ads.

Ads Everywhere

Ads in Samsung phones never really bothered me, at least not until the past few months. It started with the Galaxy Z Flip. A tweet from Todd Haselton of CNBC, embedded below, is what really caught my eye. Samsung had put an ad from DirectTV in the stock dialer app. This is really something I never would have expected from any smartphone company, let alone Samsung.

It showed up in the “Places” tab in the dialer app, which is in partnership with Yelp and lets you search for different businesses directly from the dialer app so you don’t need to Google somewhere to find the address or phone number. I looked into it, to see if this was maybe a mistake on Yelp’s part, accidentally displaying an ad where it shouldn’t have, but nope. The ad was placed by Samsung, in an area where it could blend in so they could make money.

Similar ads exist throughout a bunch of Samsung apps. Samsung Music has ads that look like another track in your library. Samsung Health and Samsung Pay have banners for promotional ads. The stock weather app has ads that look like they could be news. There is also more often very blatant advertising in most of these apps as well.

Samsung Music will give you a popup ad for Sirius XM, even though Spotify is built into the Samsung Music app. You can hide the SiriusXM popup, but only for 7 days at a time. A week later, it will be right back there waiting for you. Samsung will also give you push notification ads for new products from Bixby, Samsung Pay, and Samsung Push Service.

If you’re wondering which Samsung apps have ads, I’ve listed all the ones I’ve seen ads in and ad-less alternatives to them below.

Why are there even ads in the first place?

To really understand Samsung’s absurd and terrible advertising on its smartphones, you have to understand why big companies advertise. Google advertises because its “free services” still cost money to provide. The ads they serve you in Google services help cover the cost of that 15GB of storage, Google Voice phone number, unlimited Google Photos storage, and whatnot. That’s all to say there is a reason for it, you are getting something in return for those ads.

Websites and YouTube channels serve ads because the content they are providing to you for free is not free for them to make. They need to be compensated for what they are providing to you for free. Again, you are getting something for free, and serving you an ad acts as a form of payment. There was no purchase of a product, hardware or software, for you to have access to their content and services.

Even Samsung’s top-tier foldables come packed with ads.

Where it differs with Samsung is you are paying — for their hardware. My $1,980 Galaxy Fold is getting ads while using the phone as anyone normally would. While Samsung doesn’t tell us the profit margins on their products, it would not strain anybody’s imagination to suggest that these margins should be able to cover the cost of the services, tenfold. I could maybe understand having ads on the sub-$300 phones where margins are likely much lower, but I think we can all agree that a phone which costs anywhere near $1,000 (or in my case, far more) should not be riddled with advertisements. Margins should be high enough to cover these services, and if they don’t, Samsung is running a bad business.

These ads are showing up on my $1,980 Galaxy Fold, $1,380 Z Flip, $1,400 S20 Ultra, $1,200 S20+, $1,100 Note 10+, $1,000 S10+, and $750 S10e along with the $100 A10e. I can understand it on a $100 phone, but it is inexcusable to have them on a $750 phone, let alone a $1980 phone.

Every other major phone manufacturer provides basically the same services without requiring ads in their stock apps to subsidize them. OnePlus, OPPO, Huawei, and LG all have stock weather apps, payment apps, phone apps, and even health apps that don’t show ads. Sure, some of these OEMs include pre-installed bloatware, like Facebook, Spotify, and Netflix, but these can generally be disabled or uninstalled. Samsung’s ads can not (at least not fully).

When you consider that Samsung not only sells among the most expensive smartphones money can buy, but that it’s blatantly using them as an ad revenue platform, you’re left with one obvious conclusion: Samsung is getting greedy. Samsung is just being greedy. They hope most Samsung customers aren’t going to switch to other phones and will just ignore and deal with the ads. While that’s a very greedy and honestly just bad tactic, it was largely working until they started pushing it with more ads in more apps.

You can’t disable them

If you’re a Samsung user who’s read through all of this, you might be wondering “how do I shut off the ads?” The answer is, unfortunately, you (mostly) can’t.

You can disable Samsung Push Services, which is sometimes used to feed you notifications from Samsung apps. So disabling Push Services means no more push notification ads, but also no more push notifications at all in some Samsung apps.

Source: Ads are taking over Samsung’s Galaxy smartphones — and it needs to stop

The Cheap Solution for Pantone Color Picking

Posted on by

Designers often rely on their smartphones for snapping a quick photo of something that inspires them, but Pantone has found a way to turn their smartphone into a genuine design tool. As part of a new online service, it’s created a small card that can be used to accurately sample real world colors by simply holding the card against an object and taking a photo.

[…]

There are existing solutions to this problem. Even Pantone itself sells handheld devices that use highly-calibrated sensors and controlled lighting to sample a real-life color when placed directly on an object. After sampling, the device lets you know how to recreate it in your design software. The problem is they can set you back well north of $700 if the design work you’re doing is especially color critical and accuracy is paramount.

Illustration for article titled This $15 Rainbow Card Turns Your Smartphone Into a Highly Accurate Color Picker
Photo: Pantone (Other)

At $15, the Pantone Color Match Card is a much cheaper solution, and it’s one that can be carried in your wallet. When you find a color you want to sample in the real world, you place the card atop it, with the hole in the middle revealing that color, and then take a photo using the Pantone Connect app available for iOS and Android devices.

The app knows the precise color measurements of all the colored squares printed on the rest of the card, which it uses as a reference to accurately calibrate and measure the color you’re sampling. It then attempts to closely match the selection to a shade indexed in the Pantone color archive. The results can be shared to design apps like Adobe Photoshop and Adobe Illustrator using Pantone’s other software tools, and while you can use the app and the Color Match Card with a free Pantone Connect account, a paid account is needed for some of the more advanced interoperability functionality.

Source: The Cheap Solution for Pantone Color Picking

Zoom misses its own deadline to publish its first transparency report

Posted on by

How many government demands for user data has Zoom received? We won’t know until “later this year,” an updated Zoom blog post now says.

The video conferencing giant previously said it would release the number of government demands it has received by June 30. But the company said it’s missed that target and has given no firm new date for releasing the figures.

It comes amid heightened scrutiny of the service after a number of security issues and privacy concerns came to light following a massive spike in its user base, thanks to millions working from home because of the coronavirus pandemic.

In a blog post today reflecting on the company’s turnaround efforts, chief executive Eric Yuan said the company has “made significant progress defining the framework and approach for a transparency report that details information related to requests Zoom receives for data, records or content.”

“We look forward to providing the fiscal [second quarter] data in our first report later this year,” he said.

Transparency reports offer rare insights into the number of demands or requests a company gets from the government for user data. These reports are not mandatory, but are important to understand the scale and scope of government surveillance.

Zoom said last month it would launch its first transparency report after the company admitted it briefly suspended the Zoom accounts of two U.S.-based accounts and one Hong Kong activist at the request of the Chinese government. The users, who were not based in China, held a Zoom call commemorating the anniversary of the Tiananmen Square massacre, an event that’s cloaked in secrecy and censorship in mainland China.

Source: Zoom misses its own deadline to publish its first transparency report | TechCrunch

Consumer orgs ask world’s competition watchdogs: Are you really going to let Google walk off with all Fitbit’s data?

Posted on by

Twenty consumer and citizen rights groups have published an open letter [PDF] urging regulators to pay closer attention to Google parent Alphabet’s planned acquisition of Fitbit.

The letter describes the pending purchase as a “game-changer” that will test regulators’ resolve to analyse how the vast quantities of health and location data slurped by Google would affect broader market competition.

“Google could exploit Fitbit’s exceptionally valuable health and location datasets, and data collection capabilities, to strengthen its already dominant position in digital markets such as online advertising,” the group warned.

Signatories to the letter include US-based Color of Change, Center for Digital Democracy and the Omidyar Network, the Australian Privacy Foundation, and BEUC – the European Consumer Organisation.

Google confirmed its intent to acquire Fitbit for $2.1bn in November. The deal is still pending, subject to regulator approval. Google has sought the green light from the European Commission, which is expected to publish its decision on 20 July.

The EU’s executive branch can either approve the buy (with or without additional conditions) or opt to start a four-month investigation.

The US Department of Justice has also started its own investigation, requesting documents from both parties. If the deal is stopped, Google will be forced to pay a $250m termination fee to Fitbit.

Separately, the Australian Competition and Consumer Choice Commission (ACCC) has voiced concerns that the Fitbit-Google deal could have a distorting effect on the advertising market.

“Buying Fitbit will allow Google to build an even more comprehensive set of user data, further cementing its position and raising barriers to entry for potential rivals,” said ACCC chairman Rod Sims last month.

“User data available to Google has made it so valuable to advertisers that it faces only limited competition.”

The Register has asked Google and Fitbit for comment. ®

Updated at 14:06 UTC 02/07/20 to add

A Google spokesperson told The Reg: “Throughout this process we have been clear about our commitment not to use Fitbit health and wellness data for Google ads and our responsibility to provide people with choice and control with their data.

“Similar to our other products, with wearables, we will be transparent about the data we collect and why. And we do not sell personal information to anyone.”

Source: Consumer orgs ask world’s competition watchdogs: Are you really going to let Google walk off with all Fitbit’s data? • The Register

Purism’s quest against Intel’s Management Engine black box CPU now comes in 14 inches

Posted on by

This latest device succeeds the previous Librem 13 laptop, which ran for four generations, and includes a slightly bigger display, a hexa-core Ice Lake Intel Core i7 processor, gigabit Ethernet, and USB-C. As the name implies, the Librem 14 packs a 14-inch, 1920×1080 IPS display. Purism said this comes without increasing the laptop’s dimensions thanks to smaller bezels. You can find the full specs here.

Librem 14

Crucially, it is loaded with the usual privacy features found in Purism’s kit such as hardware kill switches that disconnect the microphone and webcam from the laptop’s circuitry. It also comes with the firm’s PureBoot tech, which includes Purism’s in-house CoreBoot BIOS replacement, and a mostly excised Intel Management Engine (IME).

The IME is a hidden coprocessor included in most of Chipzilla’s chipsets since 2008. It allows system administrators to remotely manage devices using out-of-band communications. But it’s also controversial in the security community since it’s somewhat of a black box.

There is little by way of public documentation. Intel hasn’t released the source code. And, to add insult to injury, it’s also proven vulnerable to exploitation in the past.

Source: Purism’s quest against Intel’s Management Engine black box CPU now comes in 14 inches • The Register

Facebook says 5,000 app developers got user data after Cambridge Analytica scandal cutoff date

Posted on by

The company said that it continued sharing user data with approximately 5,000 developers even after their application’s access expired.

The incident is related to a security control that Facebook added to its systems following the Cambridge Analytica scandal of early 2018.

Responding to criticism that it allowed app developers too much access to user information, Facebook added at the time a new mechanism to its API that prevented apps from accessing a user’s data if the user did not use the app for more than 90 days.

However, Facebook said that it recently discovered that in some instances, this safety mechanism failed to activate and allowed some apps to continue accessing user information even past the 90-day cutoff date.

[…]

“From the last several months of data we have available, we currently estimate this issue enabled approximately 5,000 developers to continue receiving [user] information,” Papamiltiadis said.

The company didn’t clarify how many users were impacted, and had their data made available to app developers even after they stopped using the app.

Source: Facebook says 5,000 app developers got user data after cutoff date | ZDNet

Microsoft is forcing Edge on Windows users with a malware-like install

Posted on by

If I told you that my entire computer screen just got taken over by a new app that I’d never installed or asked for — it just magically appeared on my desktop, my taskbar, and preempted my next website launch — you’d probably tell me to run a virus scanner and stay away from shady websites, no?

But the insanely intrusive app I’m talking about isn’t a piece of ransomware. It’s Microsoft’s new Chromium Edge browser, which the company is now force-feeding users via an automatic update to Windows.

Seriously, when I restarted my Windows 10 desktop this week, an app I’d never asked for:

  1. Immediately launched itself
  2. Tried to convince me to migrate away from Chrome, giving me no discernible way to click away or say no
  3. Pinned itself to my desktop and taskbar
  4. Ignored my previous browser preference by asking me — the next time I launched a website — whether I was sure I wanted to use Chrome instead of Microsoft’s oh-so-humble recommendation.

Did I mention that, as of this update, you can’t uninstall Edge anymore?

It all immediately made me think: what would the antitrust enforcers of the ‘90s, who punished Microsoft for bundling Internet Explorer with Windows, think about this modern abuse of Microsoft’s platform?

But mostly, I’m surprised Microsoft would shoot itself in the foot by stooping so low, using tactics I’ve only ever seen from purveyors of adware, spyware, and ransomware. I installed this copy of Windows with a disk I purchased, by the way. Maybe I’m old-fashioned, but I like to think I still own my desktop and get to decide what I put there.

That’s especially true of owners of Windows 7 and Windows 8, I imagine, who are also receiving unwanted gift copies of the new Edge right now:

Source: Microsoft is forcing Edge on Windows users with a spyware-like install – The Verge

After a second stage failure, Rocket Lab loses seven satellites

Posted on by

On Sunday morning, local time in New Zealand, Rocket Lab launched its 13th mission. The booster’s first stage performed normally, but just as the second stage neared an altitude of 200km, something went wrong and the vehicle was lost.

In the immediate aftermath of the failure, the company did not provide any additional information about the problem that occurred with the second stage.

“We lost the flight late into the mission,” said Peter Beck, the company’s founder and chief executive, on Twitter. “I am incredibly sorry that we failed to deliver our customers satellites today. Rest assured we will find the issue, correct it and be back on the pad soon.”

The mission, dubbed “Pics Or It Didn’t Happen,” carried 5 SuperDove satellites for the imaging company Planet, as well as commercial payloads both for Canon Electronics and In-Space Missions.

“The In-Space team is absolutely gutted by this news,” the company said after the loss. Its Faraday-1 spacecraft hosted multiple experiments within a 6U CubeSat. “Two years of hard work from an incredibly committed group of brilliant engineers up in smoke. It really was a very cool little spacecraft.”

Before this weekend’s failure, Rocket Lab had enjoyed an excellent run of success. The company’s first test flight, in May 2017, was lost at an altitude of 224km due to a ground software issue. But beginning with its next flight, in January, 2018, through June, 2020, the company had rattled off a string of 11 successful missions and emerged as a major player in the small satellite launch industry. It has built two additional launch pads, one in New Zealand and another in Virginia, U.S., and taken steps toward reusing its first stage booster.

It seems likely that Rocket Lab will make good on Beck’s promise to address this failure and return to flight soon. His was the first commercial company in a new generation of small satellite rocket developers to reach orbit, and even now remains the only one to do so. Other competitors, including Virgin Orbit, Astra, and Firefly may reach orbit later this year. But Rocket Lab has plenty of experience to draw upon as it works to identify the underlying problem with its second stage, and fix it. There can be little doubt they will.

Source: After a second stage failure, Rocket Lab loses seven satellites