The Linkielist

Linking ideas with the world

The Linkielist

Monthly Archives: November 2020

Poland’s Bid To Get Upload Filters Taken Out Of The EU Copyright Directive Suddenly Looks Much More Hopeful

Posted on by

one of the biggest defeats for users of the Internet — and for online freedom of expression — was the passage of the EU Copyright Directive last year. The law was passed using a fundamentally dishonest argument that it did not require upload filters, because they weren’t explicitly mentioned in the text. As a result, supporters of the legislation claimed, platforms would be free to use other technologies that did not threaten freedom of speech in the way that automated upload filters would do. However, as soon as the law was passed, countries like France said that the only way to implement Article 17 (originally Article 13) was through upload filters, and copyright companies started pushing for legal memes to be blocked because they now admitted that upload filters were “practically unworkable“.

This dishonesty may come back to bite supporters of the law. Techdirt reported last August that Poland submitted a formal request for upload filters to be removed from the final text. The EU’s top court, the Court of Justice of the European Union (CJEU) has just held a public hearing on this case, and as the detailed report by Paul Keller makes abundantly clear, there are lots of reason to be hopeful that Article 17’s upload filters are in trouble from a legal point of view.

The hearing was structured around four questions. Principally, the CJEU wanted to know whether Article 17 meant that upload filters were mandatory. This is a crucial question because the court has found in the past that a general obligation to monitor all user uploads for illegal activities violates the fundamental rights of Internet users and platform operators. This is why proponents of the law insisted that upload filters were not mandatory, but simply one technology that could be applied

[…]

Poland also correctly pointed out that the alternatives presented by the European institutions, such as fingerprinting, hashing, watermarking, Artificial Intelligence or keyword search, all constitute alternative methods of filtering, but not alternatives to filtering.

This is the point that every expert has been making for years: there are no viable alternatives to upload filters, which means that Article 17 necessarily imposes a general monitoring requirement, something that is not permitted under current EU law. The fact that the Advocate General Øe, who will release his own recommendations on the case early next year, made his comment about the lack of any practical alternative to upload filters is highly significant. During the hearing, representatives of the French and Spanish governments claimed that this doesn’t matter, for the following remarkable reason:

The right to intellectual property should be prioritized over freedom of expression in cases of uncertainty over the legality of user uploads, because the economic damage to copyright-holders from leaving infringements online even for a short period of time would outweigh the damage to freedom of expression of users whose legal uploads may get blocked.

The argument here seems to be that as soon as even a single illegal copy is placed online, it will be copied rapidly and spread around the Internet. But this line of reasoning undermines itself. If placing a single illegal copy online for even a short time really is enough for it to be shared widely, then it only requires a copy to be placed on a site outside the EU’s reach for copies to spread around the entire Internet anyway — because copying is so easy — which makes the speed of the takedown within the EU irrelevant.

[…]

In other words, what seemed at the time like a desperate last attempt by Poland to stop the awful upload filters, with little hope of succeeding, now looks to have a decent chance because of the important general issues it raises — something explored at greater length in a new study written by Reda and others (pdf). That’s not to say that Article 17’s upload filters are dead, but it seems like the underhand methods used to force this legislation through could turn out to be their downfall.

Source: Poland’s Bid To Get Upload Filters Taken Out Of The EU Copyright Directive Suddenly Looks Much More Hopeful | Techdirt

Privacy campaigner flags concerns about Microsoft’s creepy Productivity Score now in 365

Posted on by

Microsoft’s Productivity Score has put in a public appearance in Microsoft 365 and attracted the ire of privacy campaigners and activists.

The Register had already noted the vaguely creepy-sounding technology back in May. The goal of it is to use telemetry captured by the Windows behemoth to track the productivity of an organisation through metrics such as a corporate obsession with interminable meetings or just how collaborative employees are being.

The whole thing sounds vaguely disturbing in spite of Microsoft’s insistence that it was for users’ own good.

As more details have emerged, so have concerns over just how granular the level of data capture is.

Vienna-based researcher (and co-creator of Data Dealer) Wolfie Christl suggested that the new features “turns Microsoft 365 into an full-fledged workplace surveillance tool.”

Christl went on to claim that the software allows employers to dig into employee activities, checking the usage of email versus Teams and looking into email threads with @mentions. “This is so problematic at many levels,” he noted, adding: “Managers evaluating individual-level employee data is a no go,” and that there was the danger that evaluating “productivity” data can shift power from employees to organisations.

Earlier this year we put it to Microsoft corporate vice president Brad Anderson that employees might find themselves under the gimlet gaze of HR thanks to this data.

He told us: “There is no PII [personally identifiable information] data in there… it’s a valid concern, and so we’ve been very careful that as we bring that telemetry back, you know, we bring back what we need, but we stay out of the PII world.”

Microsoft did concede that there could be granularity down to the individual level although exceptions could be configured. Melissa Grant, director of product marketing for Microsoft 365, told us that Microsoft had been asked if it was possible to use the tool to check, for example, that everyone was online and working by 8 but added: “We’re not in the business of monitoring employees.”

Christl’s concerns are not limited to the Productivity Score dashboard itself, but also regarding what is going on behind the scenes in the form of the Microsoft Graph. The People API, for example, is a handy jumping off point into all manner of employee data.

For its part, Microsoft has continued to insist that Productivity Score is not a stick with which to bash employees. In a recent blog on the matter, the company stated:

To be clear, Productivity Score is not designed as a tool for monitoring employee work output and activities. In fact, we safeguard against this type of use by not providing specific information on individualized actions, and instead only analyze user-level data aggregated over a 28-day period, so you can’t see what a specific employee is working on at a given time. Productivity Score was built to help you understand how people are using productivity tools and how well the underlying technology supports them in this.

In an email to The Register, Christl retorted: “The system *does* clearly monitor employee activities. And they call it ‘Productivity Score’, which is perhaps misleading, but will make managers use it in a way managers usually use tools that claim to measure ‘productivity’.”

He added that Microsoft’s own promotional video for the technology showed a list of clearly identifiable users, which corporate veep Jared Spataro said enabled companies to “find your top communicators across activities for the last four weeks.”

We put Christl’s concerns to Microsoft and asked the company if its good intentions extended to the APIs exposed by the Microsoft Graph.

While it has yet to respond to worries about the APIs, it reiterated that the tool was compliant with privacy laws and regulations, telling us: “Productivity Score is an opt-in experience that gives IT administrators insights about technology and infrastructure usage.

It added: “Insights are intended to help organizations make the most of their technology investments by addressing common pain points like long boot times, inefficient document collaboration, or poor network connectivity. Insights are shown in aggregate over a 28-day period and are provided at the user level so that an IT admin can provide technical support and guidance.”

Source: Privacy campaigner flags concerns about Microsoft’s creepy Productivity Score • The Register

Prolonged AWS outage takes down a big chunk of the internet

Posted on by

Amazon Web Services (AWS), Amazon’s internet infrastructure service that is the backbone of many websites and apps, experienced a multi-hour outage on Wednesday that affected a large portion of the internet. The service has been nearly fully restored as of 4:18AM ET on Thursday morning, according to Amazon.

Source: Prolonged AWS outage takes down a big chunk of the internet – The Verge

IRS contracted to Search Warrantless Location Database Over 10,000 Times

Posted on by

The IRS was able to query a database of location data quietly harvested from ordinary smartphone apps over 10,000 times, according to a copy of the contract between IRS and the data provider obtained by Motherboard.

The document provides more insight into what exactly the IRS wanted to do with a tool purchased from Venntel, a government contractor that sells clients access to a database of smartphone movements. The Inspector General is currently investigating the IRS for using the data without a warrant to try to track the location of Americans.

“This contract makes clear that the IRS intended to use Venntel’s spying tool to identify specific smartphone users using data collected by apps and sold onwards to shady data brokers. The IRS would have needed a warrant to obtain this kind of sensitive information from AT&T or Google,” Senator Ron Wyden told Motherboard in a statement after reviewing the contract.

[…]

Venntel sources its location data from gaming, weather, and other innocuous looking apps. An aide for the office of Senator Ron Wyden, whose office has been investigating the location data industry, previously told Motherboard that officials from Customs and Border Protection (CBP), which has also purchased Venntel products, said they believe Venntel also obtains location information from the real-time bidding that occurs when advertisers push their adverts into users’ browsing sessions.

One of the new documents says Venntel sources the location information from its “advertising analytics network and other sources.” Venntel is a subsidiary of advertising firm Gravy Analytics.

The data is “global,” according to a document obtained from CBP.

[…]

Source: IRS Could Search Warrantless Location Database Over 10,000 Times

GM launches OnStar Insurance Services – uses your driving data to calculate insurance rate

Posted on by

Andrew Rose, president of OnStar Insurance Services commented: “OnStar Insurance will promote safety, security and peace of mind. We aim to be an industry leader, offering insurance in an innovative way.

“GM customers who have subscribed to OnStar and connected services will be eligible to receive discounts, while also receiving fully-integrated services from OnStar Insurance Services.”

The service has been developed to improve the experience for policyholders who have an OnStar Safety & Security plan, as Automatic Crash Response has been designed to notify an OnStar Emergency-certified Advisor who can send for help.

The service is currently working with its insurance carrier partners to remove biased insurance plans by focusing on factors within the customer’s control, which includes individual vehicle usage and rewarding smart driving habits that benefit road safety.

OnStar Insurance Services plans to provide customers with personalised vehicle care and promote safer driving habits, along with a data-backed analysis of driving behaviour.

Source: General Motors launches OnStar Insurance Services – Reinsurance News

What it doesn’t say is whether it could raise insurances or deny them entirely, how transparent the reward system will be or what else they will be doing with your data.

Struggling electric jet startup Zunum sues Boeing for fraud, misuse of trade secrets, poaching talent

Posted on by

In 2017, Zunum Aero was flying high. The Kirkland, Washington-based aviation startup came out of stealth mode with bold plans to build a fleet of 12-seat hybrid electric jets for short, regional hops between cities. The company, which had received millions of dollars from the venture arms of Boeing and JetBlue, said it would be ready to fly by 2022.

Not long after, those dreams came crashing down to earth. In 2018, Zunum ran out of cash, forcing it to lay off nearly all of its employees and vacate its headquarters. It struggled to raise additional funds that it needed to get its plans back in motion. And now, Zunum is striking back at one of its former investors. The company filed a lawsuit in Washington Superior Court this week accusing aerospace giant Boeing of fraud, technology theft, breach of contract, and misappropriation of trade secrets.

Zunum said that Boeing “colluded with other key aerospace manufacturers and funders” to sabotage its efforts to raise additional cash and tried to poach Zunum’s engineers during the process. The startup claims that Boeing saw its superior technology and potential to disrupt air travel as a threat to its own dominance in the aviation world and sought to undermine it. Using its due diligence as an investor as subtext, Zunum said Boeing gained access to its business plan and proprietary technology, and “exploited” Zunum for its own benefit.

“Boeing saw an innovative venture, with a dramatically improved path to the future, and presented itself as interested in investing and partnering with Zunum,” the company claims in court filings. “But instead, Boeing stole Zunum’s technology and intentionally hobbled the upstart entrant in order to maintain its dominant position in commercial aviation by stifling competition.”

It’s rare that a startup would sue one of its investors after failing to deliver on its promises. But Zunum said its setbacks weren’t because of bad technology or a faulty business plan. Rather, the company claims it was sabotaged by Boeing, which misused its position as an investor to pillage its talent and patents before eventually scuttling the company’s ability to continue to raise money.

Zunum also names HorizonX, Boeing’s venture capital arm, and French engine supplier Safran as co-defendants. The company is seeking compensatory and punitive damages. A spokesperson for Boeing said the lawsuit was without merit and that the company would “vigorously” contest it in court.

[…]

Zunum puts the blame on Boeing. The Chicago-based company repeatedly reneged on promises for additional funds and dissuaded other investors from putting money in, the lawsuit alleges.

“Boeing also kept Zunum beholden to it for much-needed capital and market validation, stringing Zunum along with the prospects of an anchor investment and providing leadership on further fundraising,” the lawsuit says. “Although Zunum also sought investments elsewhere, Boeing actively interfered with and undermined those business relationships while inducing Zunum to continue its reliance on Boeing by holding out the prospect of a strategic partnership or merger.”

[…]

“Zunum discovered that Boeing was secretly developing a replica prototype of Zunum’s flagship aircraft design, staffed by the very same engineers and other professionals whom Boeing had assigned to conduct extensive due diligence on Zunum, under non-disclosure and non-use obligations,” the lawsuit reads.

Source: Struggling electric jet startup Zunum sues Boeing for fraud and misuse of trade secrets – The Verge

Australia’s spy agencies caught collecting COVID-19 app data

Posted on by

Australia’s intelligence agencies have been caught “incidentally” collecting data from the country’s COVIDSafe contact-tracing app during the first six months of its launch, a government watchdog has found.

The report, published Monday by the Australian government’s inspector general for the intelligence community, which oversees the government’s spy and eavesdropping agencies, said the app data was scooped up “in the course of the lawful collection of other data.”

But the watchdog said that there was “no evidence” that any agency “decrypted, accessed or used any COVID app data.”

Incidental collection is a common term used by spies to describe the data that was not deliberately targeted but collected as part of a wider collection effort. This kind of collection isn’t accidental, but more of a consequence of when spy agencies tap into fiber optic cables, for example, which carries an enormous firehose of data. An Australian government spokesperson told one outlet, which first reported the news, that incidental collection can also happen as a result of the “execution of warrants.”

The report did not say when the incidental collection stopped, but noted that the agencies were “taking active steps to ensure compliance” with the law, and that the data would be “deleted as soon as practicable,” without setting a firm date.

For some, fears that a government spy agency could access COVID-19 contact-tracing data was the worst possible outcome.

[…]

Source: Australia’s spy agencies caught collecting COVID-19 app data | TechCrunch

Amazon’s ad-hoc Ring, Echo mesh network can mooch off your neighbors’ Wi-Fi if needed – and it’s opt-out

Posted on by

Amazon is close to launching Sidewalk – its ad-hoc wireless network for smart-home devices that taps into people’s Wi-Fi – and it is pretty much an opt-out affair.

The gist of Sidewalk is this: nearby Amazon gadgets, regardless of who owns them, can automatically organize themselves into their own private wireless network mesh, communicating primarily using Bluetooth Low Energy over short distances, and 900MHz LoRa over longer ranges.

At least one device in a mesh will likely be connected to the internet via someone’s Wi-Fi, and so, every gadget in the mesh can reach the ‘net via that bridging device. This means all the gadgets within a mesh can be remotely controlled via an app or digital assistant, either through their owners’ internet-connected Wi-Fi or by going through a suitable bridge in the mesh. If your internet goes down, your Amazon home security gizmo should still be reachable, and send out alerts, via the mesh.

It also means if your neighbor loses broadband connectivity, their devices in the Sidewalk mesh can still work over the ‘net by routing through your Sidewalk bridging device and using your home ISP connection.

[…]

Amazon Echoes, Ring Floodlight Cams, and Ring Spotlight Cams will be the first Sidewalk bridging devices as well as Sidewalk endpoints. The internet giant hopes to encourage third-party manufacturers to produce equipment that is also Sidewalk compatible, extending meshes everywhere.

Crucially, it appears Sidewalk is opt-out for those who already have the hardware, and will be opt-in for those buying new gear.

[…]

if you already have, say, an Amazon Ring, it will soon get a software update that will automatically enable Sidewalk connectivity, and you’ll get an email explaining how to switch that off. When powering up a new gizmo, you’ll at least get the chance to opt in or out.

[…]

We’re told Sidewalk will only sip your internet connection rather than hog it, limiting itself to half a gigabyte a month. This policy appears to live in hope that people aren’t on stingy monthly data caps.

[…]

Just don’t forget that Ring and the police, in the US at least, have a rather cosy relationship. While Amazon stresses that Ring owners are in control of the footage recorded by their camera-fitted doorbells, homeowners are often pressured into turning their equipment into surveillance systems for the cops.

Source: Amazon’s ad-hoc Ring, Echo mesh network can mooch off your neighbors’ Wi-Fi if needed – and it’s opt-out • The Register

Disney (Disney!) Accused Of Trying To Lawyer Its Way Out Of Paying Royalties To Alan Dean Foster, Star Wars and Alien book writer

Posted on by

Disney, of course, has quite the reputation as a copyright maximalist. It has been accused of being the leading company in always pushing for more draconian copyright laws. And then, of course, there’s the infamous Mickey Mouse curve, first designated a decade ago by Tom Bell, highlighting how copyright term extensions seemed to always happen just as Mickey Mouse was set to go into the public domain (though, hopefully that’s about to end):

Whether accurate or not, Disney is synonymous with maximizing copyright law, which the company and its lobbyists always justify with bullshit claims of how they do it “for the artist.”

Except that it appears that Disney is not paying artists. While the details are a bit fuzzy, yesterday the Science Fiction & Fantasy Writers of America (SFWA) and famed author Alan Dean Foster announced that Disney was no longer paying him royalties for the various Star Wars books he wrote (including the novelization of the very first film back in 1976), along with his novelizations of the Aliens movies. He claims he’d always received royalties before, but they suddenly disappeared.

Foster wrote a letter (amusingly addressed to “Mickey”) in which he lays out his side of the argument, more or less saying that as Disney has gobbled up various other companies and rights, it just stopped paying royalties:

When you purchased Lucasfilm you acquired the rights to some books I wrote. STAR WARS, the novelization of the very first film. SPLINTER OF THE MIND’S EYE, the first sequel novel. You owe me royalties on these books. You stopped paying them.

When you purchased 20th Century Fox, you eventually acquired the rights to other books I had written. The novelizations of ALIEN, ALIENS, and ALIEN 3. You’ve never paid royalties on any of these, or even issued royalty statements for them.

All these books are all still very much in print. They still earn money. For you. When one company buys another, they acquire its liabilities as well as its assets. You’re certainly reaping the benefits of the assets. I’d very much like my miniscule (though it’s not small to me) share.

[…]

In a video press conference, Foster and SFWA […] said that Disney is claiming that it purchased “the rights but not the obligations” to these works.

Source: Disney (Disney!) Accused Of Trying To Lawyer Its Way Out Of Paying Royalties To Alan Dean Foster | Techdirt

Scientists Produce Rare Diamonds In Minutes At Room Temperature

Posted on by

While traditional diamonds are formed over billions of years deep in the Earth where extreme pressures and temperatures provide just the right conditions to crystalize carbon, scientists are working on more expedient ways of forging the precious stones. An international team of researchers has succeeded in whittling this process down to mere minutes, demonstrating a new technique where they not only form quickly, but do so at room temperature.

This latest breakthrough was led by scientists at the Australian National University (ANU) and RMIT University, who used what’s known as a diamond anvil cell, which is a device used by researchers to generate the extreme pressures needed to create ultra-hard materials. The team applied pressure equal to 640 African elephants on the tip of a ballet shoe, doing so in a way that caused an unexpected reaction among the the carbon atoms in the device. “The twist in the story is how we apply the pressure,” says ANU Professor Jodie Bradby. “As well as very high pressures, we allow the carbon to also experience something called ‘shear’ — which is like a twisting or sliding force. We think this allows the carbon atoms to move into place and form Lonsdaleite and regular diamond.”

These regular diamonds are the type you might find in an engagement ring, while Lonsdaleite diamonds are rarer and found at meteorite impact sites. Using advanced electron microscopy, the team was able to examine the samples in detail, and found that the materials were formed within bands they liken to “rivers” of diamond. The team hopes the technique can enable them to produce meaningful quantities of these artificial diamonds, particularly Lonsdaleite, which is predicted to be 58 percent harder than regular diamonds. “Lonsdaleite has the potential to be used for cutting through ultra-solid materials on mining sites,” Bradby says. The research was published in the journal Small, while you can hear from the researchers in this video.

Source: Scientists Produce Rare Diamonds In Minutes At Room Temperature – Slashdot

Split-Second ‘Phantom’ Images Can Fool Tesla’s Autopilot

Posted on by

one group of researchers has been focused on what autonomous driving systems might see that a human driver doesn’t—including “phantom” objects and signs that aren’t really there, which could wreak havoc on the road.

Researchers at Israel’s Ben Gurion University of the Negev have spent the last two years experimenting with those “phantom” images to trick semi-autonomous driving systems. They previously revealed that they could use split-second light projections on roads to successfully trick Tesla’s driver-assistance systems into automatically stopping without warning when its camera sees spoofed images of road signs or pedestrians. In new research, they’ve found they can pull off the same trick with just a few frames of a road sign injected on a billboard’s video

[…]

“The driver won’t even notice at all. So somebody’s car will just react, and they won’t understand why.”

In their first round of research, published earlier this year, the team projected images of human figures onto a road, as well as road signs onto trees and other surfaces. They found that at night, when the projections were visible, they could fool both a Tesla Model X running the HW2.5 Autopilot driver-assistance system—the most recent version available at the time, now the second-most-recent —and a Mobileye 630 device. They managed to make a Tesla stop for a phantom pedestrian that appeared for a fraction of a second, and tricked the Mobileye device into communicating the incorrect speed limit to the driver with a projected road sign.

In this latest set of experiments, the researchers injected frames of a phantom stop sign on digital billboards, simulating what they describe as a scenario in which someone hacked into a roadside billboard to alter its video. They also upgraded to Tesla’s most recent version of Autopilot known as HW3.

[…]

an image that appeared for 0.42 seconds would reliably trick the Tesla, while one that appeared for just an eighth of a second would fool the Mobileye device. They also experimented with finding spots in a video frame that would attract the least notice from a human eye, going so far as to develop their own algorithm for identifying key blocks of pixels in an image so that a half-second phantom road sign could be slipped into the “uninteresting” portions.

[…]

Source: Split-Second ‘Phantom’ Images Can Fool Tesla’s Autopilot | WIRED

Nintendo Continues Cracking Down On People Selling Switch Hacks: jailbraking w RCM = piracy in their minds

Posted on by

Nintendo filed a lawsuit Wednesday against an Amazon Marketplace user who was allegedly selling devices called RCM loaders. Used to help people jailbreak their Switch, shutting these down is the latest in the company’s efforts to stop players from pirating its games.

As first reported by Polygon, the lawsuit against reseller Le Hoang Minh seeks “relief for unlawful trafficking in circumvention devices in violation of the Digital Millennium Copyright Act (DMCA).” In addition to having the Seattle District Court order Minh to stop selling the devices, Nintendo also wants $2,500 in damages for each one already sold.

“Piracy of video game software has become a serious, worsening international problem,” Nintendo’s lawyers write (without offering any further detail), arguing that the RCM loaders and other devices like them are are a big contributor to that. While jailbreaking a Switch isn’t necessarily itself against the law, pirating games is, and devices whose primary purpose is to facilitating that are also prohibited. The loaders aren’t hard to find on Amazon and other resellers, but it’s essentially the code the loaders are running to jailbreak the Switch that people buy them for and which Nintendo wants to stop the spread of.

According to the legal complaint Nintendo filed, the company originally sought to have Minh’s listings removed from Amazon by issuing DMCA-related takedowns, but Minh filed a counter-notification with Amazon to keep the listings up, forcing Nintendo to take the matter to court.

Source: Nintendo Continues Cracking Down On People Selling Switch Hacks

Just because a device can somehow be used for jailbraking doesn’t mean it always is. A bit like a phone can be used to plot a bank heist, but that isn’t the sole purpose of a phone.

Oppo’s X 2021 rollable concept phone expands in your hand

Posted on by

Today’s Inno Day 2020 event unveiled the Oppo X 2021 concept smartphone, which is all about its “continuously variable OLED display.” With a simple swipe on a button, the phone is able to transform between a regular 6.7-inch size and a tablet-like 7.4-inch size, and the software interface adapts accordingly for optimal experience — be it for single-hand usage or for multi-tasking.

Oppo X 2021 rollable concept phone demo.

Oppo

In a demo shown to Engadget, the prototype magically toggled between two screen sizes, with the video resizing itself on the fly to fill the screen. Similarly, the system menus and Twitter also switched between their phone interface and tablet interface to match the screen size. Oppo added that the user can freely customize the screen size, so you’re not just limited to either 6.7 inches or 7.4 inches. Hence the “continuously variable” label.

Oppo X 2021's Warp Track and 2-in-1 Plate.

Oppo

Oppo wasn’t afraid to explain the magic here. The phone is essentially a motorized scroll, with a large part of the OLED panel laminated onto a “Warp Track” for improved strength, as it goes around a “Roll Motor” (with a 6.8mm scroll diameter) on the left to tuck itself into a hidden compartment. The phone itself consists of a “2-in-1 Plate” body construction: these two parts roll out simultaneously and evenly for better structural support.

Oppo applied for 122 patents for this project, 12 of which were on the scroll mechanism alone. The company stopped short at providing further details — no word on the screen specs, the panel’s supplier nor durability figures. Levin Liu, OPPO Vice President and Head of OPPO Research Institute, stressed that the Oppo X 2021 is still in concept stage, but he hopes to bring this technology to consumers “at the right time.”

Source: Oppo’s X 2021 rollable concept phone expands in your hand | Engadget

YouTube will run ads on smaller creators’ videos without paying them

Posted on by

Don’t be surprised if you start seeing ads on videos made by smaller YouTube creators. The video-sharing website has updated its Terms of Service, and it includes a new section that gives it the right to monetize videos from channels not big enough to be part of its Partner Program. That doesn’t mean new creators can start earning from their videos right away, though — YouTube said in a forum post explaining the changes to its ToS that non-YPP members won’t be getting a cut from those ads.

To become eligible for the YouTube Partner Program, a creator has to be living in a country where it’s active, has to have 4,000 public watch hours in the last 12 months and has to have over 1,000 subscribers. YouTube only used to run ads on videos from channels that don’t meet those criteria under special circumstances, such as if the channel was previously a YPP member. Going forward, though, the website can monetize any video, so long as it meets its ad-friendly guidelines.

Source: YouTube will run ads on smaller creators’ videos without paying them | Engadget

After 12,523 replacements, Feds investigate Tesla Media Control Unit failures

Posted on by

Is one of Tesla’s infotainment systems defective by design? That’s a question the National Highway Traffic Safety Administration hopes to answer. It has started an engineering analysis after hundreds of customer complaints of bricked systems resulted in a preliminary investigation in June.

NHTSA thinks it knows what the problem is: an 8GB eMMC NAND flash memory chip with a finite number of write cycles, fitted to its Media Control Unit. The MCU regularly writes logs to this chip and, within three or four years, reaches the lifetime number of cycles. At this point the touchscreen dies, taking with it functions like the car’s backup camera, the ability to defog the windows, and also the audible alerts and chimes for the driver aids and turn signals.

After the regulator’s Office of Defects Investigation received 537 complaints, it asked Tesla if it knew of any more problems with the Nvidia Tegra 3-based system, which is fitted to approximately 158,000 Models S (2012-2018) and X (2016-2018). Tesla did, handing over 2,399 complaints and field reports, 7,777 warranty claims, and 4,746 non-warranty claims.

The finite—and short—lifespan of these infotainment systems is a relatively well-known problem within the Tesla community. A video on the popular YouTube channel Rich Rebuilds that delved into the problem in May 2019 has racked up more than 669,000 views:

The discussion of the infotainment system failures begins around 9 minutes in.

As that video notes, and as Tesla told NHTSA, the time to failure for an MCU depends on how much its car has been in operation. Daily drive time, daily charge time, and streaming music over the Internet are all factors, Tesla told the regulator.

This isn’t the first time that Tesla’s choice of consumer-grade electronics, as opposed to automotive-grade, has gotten it in trouble. A separate problem affects the 17-inch touchscreen, which can fail due to high temperature—the kind of temperature experienced inside a parked car during summer, as opposed to an air-conditioned office.

Source: After 12,523 replacements, Feds investigate Tesla Media Control Unit failures | Ars Technica

Well done cutting corners, Elon Musk

The ones who brought you Let’s Encrypt, bring you: Tools for gathering anonymized app usage metrics from netizens

Posted on by

The Internet Security Research Group (ISRG) has a plan to allow companies to collect information about how people are using their products while protecting the privacy of those generating the data.

Today, the California-based non-profit, which operates Let’s Encrypt, introduced Prio Services, a way to gather online product metrics without compromising the personal information of product users.

“Applications such as web browsers, mobile applications, and websites generate metrics,” said Josh Aas, founder and executive director of ISRG, and Tim Geoghegan, site reliability engineer, in an announcement. “Normally they would just send all of the metrics back to the application developer, but with Prio, applications split the metrics into two anonymized and encrypted shares and upload each share to different processors that do not share data with each other.”

Prio is described in a 2017 research paper [PDF] as “a privacy-preserving system for the collection of aggregate statistics.” The system was developed by Henry Corrigan-Gibbs, then a Stanford doctoral student and currently an MIT assistant professor, and Dan Boneh, a professor of computer science and electrical engineering at Stanford.

Prio implements a cryptographic approach called secret-shared non-interactive proofs (SNIPs). According to its creators, it handles data only 5.7x slower than systems with no privacy protection. That’s considerably better than the competition: client-generated non-interactive zero-knowledge proofs of correctness (NIZKs) are 267x slower than unprotected data processing and privacy methods based on succinct non-interactive arguments of knowledge (SNARKs) clock in at three orders of magnitude slower.

“With Prio, you can get both: the aggregate statistics needed to improve an application or service and maintain the privacy of the people who are providing that data,” said Boneh in a statement. “This system offers a robust solution to two growing demands in our tech-driven economy.”

In 2018 Mozilla began testing Prio to gather Firefox telemetry data and found the cryptographic scheme compelling enough to make it the basis of its Firefox Origin Telemetry service.

[…]

Source: The ones who brought you Let’s Encrypt, bring you: Tools for gathering anonymized app usage metrics from netizens • The Register

Apple’s ‘Batterygate’ Saga Wraps Up With $113 Million Settlement

Posted on by

Younger readers might not know, but there was once an annual tradition in which Apple would release a new iPhone, old iPhones would suddenly start performing poorly, and users would speculate about a conspiracy to get them to buy the shiny new thing. It turned out that a conspiracy, of sorts, did exist, and Apple has been trying to make the whole embarrassing saga go away for years. On Wednesday, the finish line came into view after Arizona Attorney General Mark Brnovich announced that an investigation involving 34 states is concluding with a settlement and no admission of guilt from Apple.

In 2017, Apple admitted that updates to iOS were throttling older iPhone models but framed it as a misunderstanding. Apple said that the software tweaks were intended to mitigate unwanted shutdowns in devices with aging batteries. It apologized and offered discounted battery replacements as a consolation prize. Many users felt that Apple’s secretive approach was deceptive and intended to lead them to believe they need a new phone when a fresh battery might keep the old one going for another cycle. The discounted battery offer wasn’t enough for some users, and this spring Apple agreed to settle a class-action suit for up to $500 million, doling out $25 per phone that filed a claim. Apple did not admit any wrongdoing.

Today’s announcement tentatively concludes a separate investigation launched by state attorneys general into the controversy. In a statement, Brnovich’s office said that the proposed settlement includes a $113 million fine to be distributed amongst the states involved as well as a requirement that “Apple also must provide truthful information to consumers about iPhone battery health, performance, and power management. Apple must provide this important information in various forms on its website, in update installation notes, and in the iPhone user interface itself.”

Source: Apple’s ‘Batterygate’ Saga Wraps Up With $113 Million Settlement

Scientists Discover Outer Space has as much light between galaxies as inside galaxies – it’s not black after all

Posted on by

Look up at the night sky and, if you’re away from city lights, you’ll see stars. The space between those bright points of light is, of course, filled with inky blackness.

Some astronomers have wondered about that all that dark space–about how dark it really is.

“Is space truly black?” says Tod Lauer, an astronomer with the National Optical Astronomy Observatory in Arizona. He says if you could look at the night sky without stars, galaxies, and everything else known to give off visible light, “does the universe itself put out a glow?”

It’s a tough question that astronomers have tried to answer for decades. Now, Lauer and other researchers with NASA’s New Horizons space mission say they’ve finally been able to do it, using a spacecraft that’s travelling far beyond the dwarf planet Pluto. The group has posted their work online, and it will soon appear in the Astrophysical Journal.

New Horizons was originally designed to explore Pluto, but after whizzing past the dwarf planet in 2015, the intrepid spacecraft just kept going. It’s now more than four billion miles from home—nearly 50 times farther away from the Sun than the Earth is.

That’s important because it means the spacecraft is far from major sources of light contamination that make it impossible to detect any tiny light signal from the universe itself. Around Earth and the inner solar system, for example, space is filled with dust particles that get lit up by the Sun, creating a diffuse glow over the entire sky. But that dust isn’t a problem out where New Horizons is. Plus, out there, the sunlight is much weaker.

To try to detect the faint glow of the universe, researchers went through images taken by the spacecraft’s simple telescope and camera and looked for ones that were incredibly boring.

“The images were all of what you just simply call blank sky. There’s a sprinkling of faint stars, there’s a sprinkling of faint galaxies, but it looks random,” says Lauer. “What you want is a place that doesn’t have many bright stars in the images or bright stars even outside the field that can scatter light back into the camera.”

Then they processed these images to remove all known sources of visible light. Once they’d subtracted out the light from stars, plus scattered light from the Milky Way and any stray light that might be a result of camera quirks, they were left with light coming in from beyond our own galaxy.

They then went a step further still, subtracting out light that they could attribute to all the galaxies thought to be out there. And it turns out, once that was done, there was still plenty of unexplained light.

In fact, the amount of light coming from mysterious sources was about equal to all the light coming in from the known galaxies, says Marc Postman, an astronomer with the Space Telescope Science Institute in Baltimore, Maryland. So maybe there are unrecognized galaxies out there, he says, “or some other source of light that we don’t yet know what it is.”

The new findings are sure to get astronomers talking.

“They’re saying that there’s as much light outside of galaxies as there is inside of galaxies, which is a pretty tough pill to swallow, frankly,” notes Michael Zemcov, an astrophysicist at Rochester Institute of Technology, who was not part of the research team.

A few years ago, Zemcov and some colleagues analyzed New Horizons data in a similar way. Using fewer images, they made a less precise measurement, but it was still compatible with the current results.

He says for 400 years, astronomers have been studying visible light and the sky in a serious way and yet somehow apparently “missed half the light in the universe.”

Source: Scientists Discover Outer Space Isn’t Pitch Black After All

Cerebras’ wafer-size chip is 10,000 times faster than a GPU

Posted on by

Cerebras Systems and the federal Department of Energy’s National Energy Technology Laboratory today announced that the company’s CS-1 system is more than 10,000 times faster than a graphics processing unit (GPU).

On a practical level, this means AI neural networks that previously took months to train can now train in minutes on the Cerebras system.

Cerebras makes the world’s largest computer chip, the WSE. Chipmakers normally slice a wafer from a 12-inch-diameter ingot of silicon to process in a chip factory. Once processed, the wafer is sliced into hundreds of separate chips that can be used in electronic hardware.

But Cerebras, started by SeaMicro founder Andrew Feldman, takes that wafer and makes a single, massive chip out of it. Each piece of the chip, dubbed a core, is interconnected in a sophisticated way to other cores. The interconnections are designed to keep all the cores functioning at high speeds so the transistors can work together as one.

Cerebras’s CS-1 system uses the WSE wafer-size chip, which has 1.2 trillion transistors, the basic on-off electronic switches that are the building blocks of silicon chips. Intel’s first 4004 processor in 1971 had 2,300 transistors, and the Nvidia A100 80GB chip, announced yesterday, has 54 billion transistors.

Feldman said in an interview with VentureBeat that the CS-1 was also 200 times faster than the Joule Supercomputer, which is No. 82 on a list of the top 500 supercomputers in the world.

“It shows record-shattering performance,” Feldman said. “It also shows that wafer scale technology has applications beyond AI.”

Above: The Cerebras WSE has 1.2 trillion transistors compared to Nvidia’s largest GPU, the A100 at 54.2 billion transistors.

These are fruits of the radical approach Los Altos, California-based Cerebras has taken, creating a silicon wafer with 400,000 AI cores on it instead of slicing that wafer into individual chips. The unusual design makes it a lot easier to accomplish tasks because the processor and memory are closer to each other and have lots of bandwidth to connect them, Feldman said. The question of how widely applicable the approach is to different computing tasks remains.

A paper based on the results of Cerebras’ work with the federal lab said the CS-1 can deliver performance that is unattainable with any number of central processing units (CPUs) and GPUs, which are both commonly used in supercomputers. (Nvidia’s GPUs are used in 70% of the top supercomputers now). Feldman added that this is true “no matter how large that supercomputer is.”

Source: Cerebras’ wafer-size chip is 10,000 times faster than a GPU | VentureBeat

Google Will Make It a bit Easier to Turn Off Smart Features which track you, Slightly Harder for Regulators to Break Up Google

Posted on by

Soon, Google will present you with a clear choice to disable smart features, like Google assistant reminders to pay your bills and predictive text in Gmail. Whether you like the Gmail mindreader function that autofills “all the best” and “reaching out,” or have long dreaded the arrival of the machine staring back from the void,: it’s your world, Google’s just living in it. According to Google.

We’ve always been able to disable these functions if we bothered hunting through account settings. But “in the coming weeks” Google will show a new blanket setting to “turn off smart features” which will disable features like Smart Compose, Smart Reply, in apps like Gmail; the second half of the same prompt will disable whether additional Google products—like Maps or Assistant, for example—are allowed to be personalized based on data from Gmail, Meet, and Chat.

Google writes in its blog post about the new-ish settings that humans are not looking at your emails to enable smart features, and Google ads are “not based on your personal data in Gmail,” something CEO Sundar Pichai has likewise said time and again. Google claims to have stopped that practice in 2017, although the following year the Wall Street Journal reported that third-party app developers had freely perused inboxes with little oversight. (When asked whether this is still a problem, the spokesperson pointed us to Google’s 2018 effort to tighten security.)

A Google spokesperson emphasized that the company only uses email contents for security purposes like filtering spam and phishing attempts.

These personalization changes aren’t so much about tightening security as they are another informed consent defense which Google can use to repel the current regulatory siege being waged against it by lawmakers. It has expanded incognito mode for maps and auto-deleting data in location history or web and app activity and on YouTube (though after a period of a few months).

Inquiries in the U.S. and EU have found that Google’s privacy settings have historically presented the appearance of privacy, rather than privacy itself. After a 2018 AP article exposed the extent of Google’s location data harvesting, an investigation found that turning location off in Android was no guarantee that Google wouldn’t collect location data (though Google has denied this.) Plaintiffs in a $5 billion class-action lawsuit filed this summer alleged that “incognito mode” in Chrome didn’t prevent Google from capturing and sharing their browsing history. And last year, French regulators fined Google nearly $57 million for violating the General Data Protection Regulation (GDPR) by allegedly burying privacy controls beneath five or six layers of settings. (When asked, the spokesperson said Google has no additional comment on these cases.)

So this is nice, and also Google’s announcement reads as a letter to regulators. “This new setting is designed to reduce the work of understanding and managing [a choice over how data is processed], in view of what we’ve learned from user experience research and regulators’ emphasis on comprehensible, actionable user choices over data.”

Source: Google Will Make It Easier to Turn Off Smart Features

Apple hits back at European activist lawsuit against unauthorised tracking installs – says it doesn’t use it… but 3rd parties do

Posted on by

The group, led by campaigner Max Schrems, filed complaints with data protection watchdogs in Germany and Spain alleging that the tracking tool illegally enabled the $2 trillion U.S. tech giant to store users’ data without their consent.

Apple directly rebutted the claims filed by Noyb, the digital rights group founded by Schrems, saying they were “factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint”.

Schrems is a prominent figure in Europe’s digital rights movement that has resisted intrusive data-gathering by Silicon Valley’s tech platforms. He has fought two cases against Facebook, winning landmark judgments that forced the social network to change how it handles user data.

Noyb’s complaints were brought against Apple’s use of a tracking code, known as the Identifier for Advertisers (IDFA), that is automatically generated on every iPhone when it is set up.

The code, stored on the device, makes it possible to track a user’s online behaviour and consumption preferences – vital in allowing companies to send targeted adverts.

“Apple places codes that are comparable to a cookie in its phones without any consent by the user. This is a clear breach of European Union privacy laws,” Noyb lawyer Stefano Rossetti said.

Rossetti referred to the EU’s e-Privacy Directive, which requires a user’s consent before installation and using such information.

Apple said in response that it “does not access or use the IDFA on a user’s device for any purpose”.

It said its aim was to protect the privacy of its users and that the latest release of its iOS 14 operating system gave users greater control over whether apps could link with third parties for the purposes of targeted advertising.

Source: Apple hits back at European activist complaints against tracking tool | Reuters

The complaint against Apple is that the IDFA is set at all without consent from the user. And it’s not the point that Apple accesses it or not, the point is that unspecified 3rd parties (advertisers, hackers, government, etc) can.

How the U.S. Military Buys Location Data from Ordinary Apps

Posted on by

The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a “level” app that can be used to help, for example, install shelves in a bedroom.

Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.

The news highlights the opaque location data industry and the fact that the U.S. military, which has infamously used other location data to target drone strikes, is purchasing access to sensitive data. Many of the users of apps involved in the data supply chain are Muslim, which is notable considering that the United States has waged a decades-long war on predominantly Muslim terror groups in the Middle East, and has killed hundreds of thousands of civilians during its military operations in Pakistan, Afghanistan, and Iraq. Motherboard does not know of any specific operations in which this type of app-based location data has been used by the U.S. military.

[…]

In March, tech publication Protocol first reported that U.S. law enforcement agencies such as Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) were using Locate X. Motherboard then obtained an internal Secret Service document confirming the agency’s use of the technology. Some government agencies, including CBP and the Internal Revenue Service (IRS), have also purchased access to location data from another vendor called Venntel.

“In my opinion, it is practically certain that foreign entities will try to leverage (and are almost certainly actively exploiting) similar sources of private platform user data. I think it would be naïve to assume otherwise,” Mark Tallman, assistant professor at the Department of Emergency Management and Homeland Security at the Massachusetts Maritime Academy, told Motherboard in an email.

THE SUPPLY CHAIN

Some companies obtain app location data through bidstream data, which is information gathered from the real-time bidding that occurs when advertisers pay to insert their adverts into peoples’ browsing sessions. Firms also often acquire the data from software development kits (SDKs).

[…]

In a recent interview with CNN, X-Mode CEO Joshua Anton said the company tracks 25 million devices inside the United States every month, and 40 million elsewhere, including in the European Union, Latin America, and the Asia-Pacific region. X-Mode previously told Motherboard that its SDK is embedded in around 400 apps.

In October the Australian Competition & Consumer Commission published a report about data transfers by smartphone apps. A section of that report included the endpoint—the URL some apps use—to send location data back to X-Mode. Developers of the Guardian app, which is designed to protect users from the transfer of location data, also published the endpoint. Motherboard then used that endpoint to discover which specific apps were sending location data to the broker.

Motherboard used network analysis software to observe both the Android and iOS versions of the Muslim Pro app sending granular location data to the X-Mode endpoint multiple times. Will Strafach, an iOS researcher and founder of Guardian, said he also saw the iOS version of Muslim Pro sending location data to X-Mode.

The data transfer also included the name of the wifi network the phone was currently collected to, a timestamp, and information about the phone such as its model, according to Motherboard’s tests.

[…]

 

Source: How the U.S. Military Buys Location Data from Ordinary Apps

Bumble Left Daters’ Location Data Up For Grabs For Over Six Months

Posted on by

Bumble, the dating app behemoth that’s allegedly headed to a major IPO as soon as next year, apparently took over half a year to deal with major security flaws that left sensitive information its millions of users vulnerable.

That’s according to new research posted over the weekend by cybersecurity firm Independent Security Evaluators (ISE) detailing how a bad actor—even one that was banned from Bumble—could exploit a vulnerability in the app’s underlying code to pull the rough location data for any Bumbler within their city, as well as additional profile data like photos and religious views. Despite being informed about this vulnerability in mid-March, the company didn’t patch the issues until November 12—roughly six and a half months later.

Pre-patch, anyone with a Bumble account could query the app’s API in order to figure out roughly how many miles away any other user in their city happened to be. As the blog’s author, Sanjana Sarda, explained, if a certain creepy someone really wanted to figure out the location of a given Bumble user, it wouldn’t be too hard to set up a handful of accounts, figure out the user’s basic distance from each one, and use that collection of data to triangulate a Bumbler’s precise location.

Bumble isn’t the first company to accidentally leave this sort of data freely available. Last year, cybersecurity sleuths were able to create to glean precise locations of people using LGBT-centric dating apps like Grindr and Romeo and collate them into a user location map. And those location-data leaks are on top of the deliberate data sharing these sorts of dating apps typically already engage in with a bevy third-party partners. You would think that an app purporting to be a feminist haven like Bumble might extend its idea of user safety to its data practices.

While some of the issues described by Sarda have been resolved, the belated patch apparently didn’t tackle one of the other major API-based issues described in the blog, which allowed ISE to get unlimited swipes (or “votes” in Bumble parlance), along with access to other premium features like the ability to unswipe or to see who might have swiped right on them. Typically, accessing these features cost a given Bumbler roughly $10 dollars per week.

Source: Bumble Left Daters’ Location Data Up For Grabs For Over Six Months

GitHub Restores YouTube Downloader Following DMCA Takedown, starts to protect developers from DMCA misuse

Posted on by

Last month, GitHub removed a popular tool that is used to download videos from websites like YouTube after it received a DMCA takedown notice from the Recording Industry Association of America. For a moment, it seemed that GitHub might throw developers under the bus in the same fashion that Twitch has recently treated its streamers. But on Monday, GitHub went on the offense by reinstating the offending tool and saying it would take a more aggressive line on protecting developers’ projects.

Youtube-dl is a command-line program that could, hypothetically, be used to make unauthorized copies of copyrighted material. This potential for abuse prompted the RIAA to send GitHub a scary takedown notice because that’s what the RIAA does all day. The software development platform complied with the notice and unleashed a user outcry over the loss of one of the most popular repositories on the site. Many developers started re-uploading the code to GitHub in protest. After taking some time to review the case, GitHub now says that youtube-dl is all good.

In a statement, GitHub’s Director of Platform Policy Abby Vollmer wrote that there are two reasons that it was able to reverse the decision. The first reason is that the RIAA cited one repo that used the youtube-dl source code and contained references to a few copyrighted songs on YouTube. This was only part of a unit test that the code performs. It listens to a few seconds of the song to verify that everything is working properly but it doesn’t download or distribute any material. Regardless, GitHub worked with the developer to patch out the references and stay on the safe side.

As for the primary youtube-dl source code, lawyers at the Electronic Frontier Foundation decided to represent the developers and presented an argument that satisfied GitHub’s concerns that the code circumvents technical measures to protect copyrighted material in violation of Section 1201 of the Digital Millennium Copyright Act. The EFF explained that youtube-dl doesn’t decrypt anything or breakthrough any anti-copying measures. From a technical standpoint, it isn’t much different than a web browser receiving information as intended, and there are plenty of fair use applications for making a copy of materials.

Among the “many legitimate purposes” for using youtube-dl, GitHub listed: “changing playback speeds for accessibility, preserving evidence in the fight for human rights, aiding journalists in fact-checking, and downloading Creative Commons-licensed or public domain videos.” The EFF cited some of the same practical uses and had a few unique additions to its list of benefits, saying that it could be used by “educators to save videos for classroom use, by YouTubers to save backup copies of their own uploaded videos, and by users worldwide to watch videos on hardware that can’t run a standard web browser, or to watch videos in their full resolution over slow or unreliable Internet connections.”

It’s nice to see GitHub evaluating the argument and moving forward without waiting for a legal process to play out, but the company went further in announcing a new eight-step process for evaluating claims related to Section 1201 that will err on the side of developers. GitHub is also establishing a million-dollar legal fund to provide assistance to open source developers fighting off unwarranted takedown notices. Mea culpa, mea culpa!

Finally, the company said that it would work to improve the law around DMCA notices and it will be “advocating specifically on the anti-circumvention provisions of the DMCA to promote developers’ freedom to build socially beneficial tools like youtube-dl.”

Along with today’s announcement, GitHub CEO Nat Friedman tweeted, “Section 1201 of the DMCA is broken and needs to be fixed. Developers should have the freedom to tinker.”

Source: GitHub Restores YouTube Downloader Following DMCA Takedown

It’s nice to see a large company come down on the right side of copyright for a change.

Worn-out NAND flash blamed for Tesla vehicle gremlins, such as rearview cam failures and silenced audio alerts

Posted on by

Worn-out NAND memory chips can cause a whole host of problems with some Tesla cars, ranging from the failure of the rearview camera to an absence of turn signal chimes and other audio alerts, a watchdog warned this month.

Some 159,000 Tesla Model S and Model X vehicles built between 2012 and 2018 are at risk, we’re told. These all use an infotainment system powered by Nvidia’s Tegra 3 system-on-chips that include 8GB of eMMC NAND storage, which is typically found in phones and cheap laptops. The trouble is that these flash chips are wearing out, having hit their program-erase cycle limits, and are unable to reliably store data, causing glitches in operation. The storage controllers can no longer find good working NAND blocks to use, and thus fail.

According to a probe [PDF] by investigators for Uncle Sam’s National Highway Traffic Safety Administration (NHTSA), at least 30 per cent of the infotainment systems made in “certain build months” are failing due to the eMMC flash being worn out, typically after “three to four years in service.”

According to the safety administration, this storage breakdown can “result in loss of rearview/backup camera, loss of HVAC (defogging) setting controls (if the HVAC status was OFF status prior to failure.) There is also an impact on the advanced driver assistance support (ADAS), Autopilot system, and turn signal functionality due to the possible loss of audible chimes, driver sensing, and alerts associated with these vehicle functions.”

This is based on 16,000 complaints and infotainment hardware replacement requests submitted by Tesla owners to the automaker. T

[…]

Source: Worn-out NAND flash blamed for Tesla vehicle gremlins, such as rearview cam failures and silenced audio alerts • The Register

Nice one, Musk