The Linkielist

Linking ideas with the world

The Linkielist

Daily Archives: September 24, 2021

Apple Confirms Fortnite Won’t Come Back to iPhones Anytime Soon

Posted on by

Today, Tim Sweeney confirmed on Twitter just how massive of an “L” Epic took in its recent trial against Apple. Apple has effectively “blacklisted” Fortnite from all Apple products until the legal clash between the two massive corporations reaches its conclusion, which could take as long as five years. (It’s even longer in Peely years.)

In the tweet, Sweeney posted a letter Epic had received from Apple confirming that Epic’s Apple developer account will not be reinstated, and that Epic cannot even request reinstatement until “the court’s judgement becomes final and unappealable.” That can take up to five years, according to Sweeney, who also claims that this is a renege on Apple’s previous position expressed to both the court and the press. However, given that Epic is currently trying to appeal the decision, I’d argue that Apple’s reticence to let it return to the platform makes perfect sense.

This letter reinforces the reality of this trial, that both Epic and Apple resoundingly lost. There was no court order to get Fortnite back on the store, and Apple lost its ability to refuse payments outside of its ecosystem. Both massive corporations lost, and all other developers will reap the rewards of Epic’s hubris.

[…]

 

Source: Apple Confirms Fortnite Won’t Come Back to iPhones Anytime Soon

I’m not sure Epic minds so much, considering Apples are only used by parents, but it sure shows how childish Apple is.

Lithuania tells citizens to throw Xiaomi mobiles away for censoring functionality

Posted on by

In an audit it published yesterday [PDF] the agency called out Xiaomi’s Mi 10T 5G phone handset firmware for being able to censor terms such as “Free Tibet”, “Long live Taiwan independence” or “democracy movement”.

Defence Deputy Minister Margiris Abukevicius told reporters at the audit’s release: “Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible.”

Although the censorship setting was disabled for phones sold into the manufacturer’s “European region”, the Lithuanian NCSC said (page 22):

It has been established that during the initialisation of the system applications factory-installed on a Xiaomi Mi 10T device, these applications contact a server in Singapore at the address globalapi.ad.xiaomi.com (IP address 47.241.69.153) and download the JSON file MiAdBlacklistConfig, and save this file in the metadata catalogues of the applications.

That file contained a list of more than 400 terms, including “free Tibet”, “89 Democracy Movement” (a reference to Tiananmen Square) and “long live Taiwan’s independence”.

The local security agency’s 32-page report, titled “Assessment of cybersecurity of mobile devices supporting 5G technology sold in Lithuania”, focused on devices from Xiaomi, Huawei and OnePlus.

“It is believed that this functionality allows a Xiaomi device to perform an analysis of the target multimedia content entering the phone; to search for keywords based on the MiAdBlacklist list received from the server,” said the Lithuanian report.

“Once the device determines that the content contains certain keywords, the device performs filtering of this content and the user cannot see it. The principle of data analysis allows analysis not only of words written in letters; the list that is regularly downloaded from the server can be formed in any language.”

The agency said the censorship could be remotely re-enabled at any time by Xiaomi.

Source: Lithuania tells citizens to throw Xiaomi mobiles away • The Register

Ministry of Defence: Another huge Afghanistan email blunder

Posted on by

A second leak of personal data was reportedly committed by the Ministry of Defence, raising further questions about the ministry’s commitment to the safety of people in Afghanistan, some of whom are its own former employees.

The BBC reported overnight that the details of a further 55 Afghans  – claimed to be candidates for potential relocation – had been leaked through the classic cc-instead-of-bcc email blunder, echoing the previously reported breach of 250 Afghan interpreters’ data through a similar failure.

An MoD spokeswoman said in a statement: “We have been made aware of a data breach that occurred earlier this month by the Afghan Relocation and Assistance Policy (Arap) team. This week, the defence secretary instigated an investigation into data-handling within that team.”

A defence official has reportedly been suspended from duty, following demands from defence secretary Ben Wallace for an immediate enquiry into how the blunder happened.

After the US-led military coalition left Afghanistan, a number of local civilians employed as translators were left behind as the Taliban re-established control over the country. Some of those civilians have since been murdered for their perceived support of the Western militaries.

[…]

Source: Ministry of Defence: Another huge Afghanistan email blunder • The Register

A Stalkerware Firm Is Leaking Real-Time Screenshots of People’s Phones Online

Posted on by

A stalkerware company that’s designed to let customers spy on their spouses’s, children’s, or employees’ devices is exposing victims’ data, allowing anyone on the internet to see screenshots of phones simply by visiting a specific URL.

The news highlights the continuing lax security practices that many stalkerware companies use; not only do these companies sometimes market their tools specifically for illegal surveillance, but the targets are re-victimized by these breaches.

[…]

The stalkerware company, called pcTattleTale, offers the malware for Windows computers and Android phones.

[…]

Security researcher Jo Coscia showed Motherboard that pcTattleTale uploads victim data to an AWS server that requires no authentication to view specific images. Coscia said they found this by using a trial version of the stalkerware. Motherboard also downloaded a copy of the trial version of pcTattleTale and verified Coscia’s findings.

The URL for images that pcTattleTale captures is constructed with the device ID—a code given by pcTattleTale to the infected device that appears to be sequentially generated—the date, and a timestamp. Theoretically, an attacker may be able to churn through different URL combinations to discover images uploaded by other infected devices

[…]

Coscia said they used the free trial version of pcTattleTale when discovering the issue. In promotional emails, pcTattleTale said it would delete users’ data after the free trial expired. But Coscia found the screenshots were still accessible after their free trial period ended.

[…]

In one video online, Fleming said he built the code for pcTattleTale in 2003 over the better part of a year before launching it. Then he rewrote the code base when he bought out his business partner in 2012, he added. At one point Fleming complains about his server crashing because more and more people are using the service. Later on he says that pcTattleTale receives about 40,000 unique visitors a month.

“The market’s good, you know,” he said.

“To catch a cheating spouse using an android phone you will need to know their pass-code and have access to the phone for about 5 minutes. The best time to do this is when they are sleeping,” one guide on the company’s website reads. Another separate post from the company tells users how to trick their spouse into handing over their iCloud password.

[…]

 

Source: A Stalkerware Firm Is Leaking Real-Time Screenshots of People’s Phones Online

Apple miffed by EU’s ‘strict’ one-size-fits-all charger plan

Posted on by

Smartphones, tablets, and cameras sold within the European Union could be forced to adopt a single standard charging port by the middle of the decade if the latest plans from the European Commission get the go-ahead.

The proposals for a revised Radio Equipment Directive would mean that charging port and fast-charging technology would be “harmonised” across the EU with USB-C becoming the standard for all tech. Quite where this leaves Apple is open to some debate.

Plans to standardise chargers were hatched all the way back in 2011 and by 2014 MicroUSB was the connector design chosen. Vendors signed an MoU but Cupertino went its own way.

Under the EU’s latest effort, the proposal will be legally binding. A bloc-wide common charging standard was put to MEPs in January 2020 and the measure passed by 582 votes to 40, with 37 abstentions.

Today’s announcement also means that chargers would no longer be sold with gadgets and gizmos. The EU calculated seven years ago that 51,000 metric tons of electronics waste across the nation states was attributed annually to old chargers, although that number seems to have fallen dramatically since.

[…]

The direction of travel, however, has flagged concerns for Apple – not for the first time – which appears displeased at being steamrolled into making changes. El Reg understands the tech giant is concerned about the impact this would have on Apple’s bottom line the industry and create waste (in the short term at least).

Indeed, there are also concerns that if the rules are introduced too quickly it could mean that perfectly good tech with plenty of shelf life gets dumped prematurely.

In a statement, a spokesperson for Apple told The Reg – you heard that right – that while it “shares the European Commission’s commitment to protecting the environment,” it remains “concerned that strict regulation mandating just one type of connector stifles innovation rather than encouraging it, which in turn will harm consumers in Europe and around the world.”

Nevertheless, the EU is prepared to plough on.

[…]

Source: Apple miffed by EU’s ‘strict’ one-size-fits-all charger plan • The Register

Hackers leak LinkedIn 700 million June data scrape

Posted on by

A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June.

The collection, obtained by The Record from a source, is currently being shared in private Telegram channels in the form of a torrent file containing approximately 187 GB of archived data.

LinkedIn-scrape-torrent
Image: The Record

The Record analyzed files from this collection and found the data to be authentic, with data points such as:

  • LinkedIn profile names
  • LinkedIn ID
  • LinkedIn profile URL
  • Location information (town, city, country)
  • Email addresses
LinkedIn-scrape-details
Image: The Record

While the vast majority of the data points contained in the leak are already public information and pose no threat to LinkedIn users, the leak also contains email addresses that are not normally viewable to the public on the official LinkedIn site.

[…]

Source: Hackers leak LinkedIn 700 million data scrape – The Record by Recorded Future

This Site Can Tell You If Anyone Else Has Taken Pictures With Your Camera

Posted on by

[…]

This website provides an avenue for investigation, and offers a sliver of hope. It’s a tiny sliver of hope to be sure, but it’s better than no hope at all.

It works like this: You upload a picture taken with the missing camera to stolencamerafinder.com, which then uses the camera’s serial number (saved in the photo’s EXIF data) to crawls the internet in search of other photos taken with that same camera. If it finds a match, you may have a lead on where your camera ended up.

From there, you can try to track down and contact the “new owner” via email to request your camera’s return, file a report with the authorities, or devote your life to hunting the thief yourself, John Wick style.

None of these options is likely to result in the return of your Nikon, but it has worked in the past, and maybe it will help you find closure. Maybe just knowing what the hell happened to your camera is the best you can hope for? And the site also provides a database of lost cameras all over the world, so you’ll at least know you’re not alone.

[…]

Source: This Site Can Tell You If Anyone Else Has Taken Pictures With Your Camera

UK appeals court rules AI cannot be listed as a patent inventor

Posted on by

Add the United Kingdom to the list of countries that says an artificial intelligence can’t be legally credited as an inventor. Per the BBC, the UK Court of Appeal recently ruled against Dr. Stephen Thaler in a case involving the country’s Intellectual Property Office. In 2018, Thaler filed two patent applications in which he didn’t list himself as the creator of the inventions mentioned in the documents. Instead, he put down his AI DABUS and said the patent should go to him “by ownership of the creativity machine.”

The Intellectual Property Office told Thaler he had to list a real person on the application. When he didn’t do that, the agency decided he had withdrawn from the process. Thaler took the case to the UK’s High Court. The body ruled against him, leading to the eventual appeal. “Only a person can have rights. A machine cannot,” Lady Justice Elisabeth Laing of the Appeal Court wrote in her judgment. “A patent is a statutory right and it can only be granted to a person.”

Thaler has filed similar legal challenges in other countries, and the results so far have been mixed. In August, a judge in Australia ruled inventions created by an AI can qualify for a patent. However, only earlier this month, US District Judge Leonie M Brinkema upheld a decision by the US Patent and Trademark Office that said “only natural persons may be named as an inventor in a patent application.” Judge Brinkema said there may eventually be a time when AI becomes sophisticated enough to satisfy the accepted definitions of inventorship, but noted, “that time has not yet arrived, and, if it does, it will be up to Congress to decide how, if at all, it wants to expand the scope of patent law.”

Source: UK appeals court rules AI cannot be listed as a patent inventor | Engadget

This is strange as Patents can be granted to companies – which are legally people, but not really, well, people

China says all cryptocurrency-related transactions are illegal and must be banned

Posted on by

China’s central bank said on Friday that all cryptocurrency-related transactions are illegal in the country and they must be banned, citing concerns around national security and “safety of people’s assets.” The world’s most populated nation also said that foreign exchanges are banned from providing services to users in the country.

In a joint statement, ten Chinese government agencies vowed to work closely to maintain a “high pressure” crackdown on trading of cryptocurrencies in the nation. The People’s Bank of China separately ordered internet, financial and payment companies from facilitating cryptocurrency trading on their platforms.

The central bank said cryptocurrencies, including Bitcoin and Tether, cannot be circulated in the market as they are not fiat currency. The surge in usage of cryptocurrencies has disrupted “economic and financial order,” and prompted a proliferation of “money laundering, illegal fund-raising, fraud, pyramid schemes and other illegal and criminal activities,” it said.

Offenders, the central bank warned, will be “investigated for criminal liability in accordance with the law.”

The Chinese government will “resolutely clamp down on virtual currency speculation, and related financial activities and misbehaviour in order to safeguard people’s properties and maintain economic, financial and social order,” the People’s Bank of China said in a statement.

The move has already started to cause panic among some crypto traders, sending the price of bitcoin and several other currencies down. Bitcoin was down 5.5% at the time of publication.

[…]

Source: China says all cryptocurrency-related transactions are illegal and must be banned