The Linkielist

Linking ideas with the world

The Linkielist

Daily Archives: October 16, 2021

WhatsApp begins rolling out end-to-end encryption for chat backups

Posted on by

The wait is over. It’s now possible to encrypt your WhatsApp chat history on both Android and iOS, Facebook CEO Mark Zuckerberg announced on Thursday. The company plans to roll out the feature slowly to ensure it can deliver a consistent and reliable experience to all users.

However, once you can access the feature, it will allow you to secure your backups before they hit iCloud or Google Drive. At that point, neither WhatsApp nor your cloud service provider will be able to access the files. It’s also worth mentioning you won’t be able to recover your backups if you ever lose the 64-digit encryption key that secures your chat logs. That said, it’s also possible to secure your backups behind a password, in which case you can recover that if you ever lose it.

While WhatsApp has allowed users to securely message each other since 2016, it only started testing encrypted backups earlier this year. With today’s announcement, the company said it has taken the final step toward providing a full end-to-end encrypted messaging experience.

It’s worth pointing out that end-to-end encryption doesn’t guarantee your privacy will be fully protected. According to a report The Information published in August, Facebook was looking into an AI that could analyze encrypted data without having to decrypt it so that it could serve ads based on that information. The head of WhatsApp denied the report, but it’s a reminder that there’s more to privacy than merely the existence of end-to-end encryption.

Source: WhatsApp begins rolling out end-to-end encryption for chat backups | Engadget

Moscow metro launches facial recognition payment system despite privacy concerns

Posted on by

More than 240 metro stations across Moscow now allow passengers to pay for a ride by looking at a camera. The Moscow metro has launched what authorities say is the first mass-scale deployment of a facial recognition payment system. According to The Guardian, passengers can access the payment option called FacePay by linking their photo, bank card and metro card to the system via the Mosmetro app. “Now all passengers will be able to pay for travel without taking out their phone, Troika or bank card,” Moscow mayor Sergey Sobyanin tweeted.

In the official Moscow website’s announcement, the country’s Department of Transport said all Face Pay information will be encrypted. The cameras at the designated turnstyles will read a passenger’s biometric key only, and authorities said information collected for the system will be stored in data centers that can only be accessed by interior ministry staff. Moscow’s Department of Information Technology has also assured users that photographs submitted to the system won’t be handed over to the cops.

Still, privacy advocates are concerned over the growing use of facial recognition in the city. Back in 2017, officials added facial recognition tech to the city’s 170,000 security cameras as part of its efforts to ID criminals on the street. Activists filed a case against Moscow’s Department of Technology a few years later in hopes of convincing the courts to ban the use of the technology. However, a court in Moscow sided with the city, deciding that its use of facial recognition does not violate the privacy of citizens. Reuters reported earlier this year, though, that those cameras were also used to identify protesters who attended rallies.

Stanislav Shakirov, the founder of Roskomsvoboda, a group that aims to protect Russians’ digital rights, said in a statement:

“We are moving closer to authoritarian countries like China that have mastered facial technology. The Moscow metro is a government institution and all the data can end up in the hands of the security services.”

Meanwhile, the European Parliament called on lawmakers in the EU earlier this month to ban automated facial recognition in public spaces. It cited evidence that facial recognition AI can still misidentify PoCs, members of the LGBTI+ community, seniors and women at higher rates. In the US, local governments are banning the use of the technology in public spaces, including statewide bans by Massachusetts and Maine. Four Democratic lawmakers also proposed a bill to ban the federal government from using facial recognition.

Source: Moscow metro launches facial recognition payment system despite privacy concerns | Engadget

Of course one of the huge problems with biometrics is that you can’t change them. Once you are compromised, you can’t go and change the password.

New crew docks at China’s first permanent space station

Posted on by

Chinese astronauts began Saturday their six-month mission on China’s first permanent space station, after successfully docking aboard their spacecraft.

The astronauts, two men and a woman, were seen floating around the module before speaking via a live-streamed video.

[…]

The space travelers’ Shenzhou-13 spacecraft was launched by a Long March-2F rocket at 12:23 a.m. Saturday and docked with the Tianhe core module of the space station at 6:56 a.m.

The three astronauts entered the station’s core module at about 10 a.m., the China Manned Space Agency said.

They are the second crew to move into China’s Tiangong space station, which was launched last April. The first crew stayed three months.

[…]

The crew will do three spacewalks to install equipment in preparation for expanding the station, assess living conditions in the Tianhe module, and conduct experiments in space medicine and other fields.

China’s military-run plans to send multiple crews to the station over the next two years to make it fully functional.

When completed with the addition of two more sections—named Mengtian and Wentian—the station will weigh about 66 tons, much smaller than the International Space Station, which launched its first module in 1998 and weighs around 450 tons.

[…]

Source: New crew docks at China’s first permanent space station

Missouri governor demands prosecution for data breach report – in HTML source code of state website

Posted on by

A Missouri politician has been relentlessly mocked on Twitter after demanding the prosecution of a journalist who found and responsibly reported a vulnerability in a state website.

Mike Parson, governor of Missouri, described reporters for local newspaper the St Louis Post Dispatch (SLPD) as “hackers” after they discovered a web app for the state’s Department of Elementary and Secondary Education was leaking teachers’ private information.

Around 100,000 social security numbers were able to be exposed when the web app was loaded in a user’s browser. The public-facing app was intended to be used by local schools to check teachers’ professional registration status. So users could tell between different teachers of the same name, it would accept the last four digits of a teacher’s social security number as a valid search string.

It appears that in the background, the app was retrieving the entire social security number and exposing it to the end user.

The SLPD discovered this by viewing a search results page’s source code. “View source” has been a common feature of web browsers for years, typically available by right-clicking anywhere on a webpage and selecting it from a menu.

SLPD reporters told the Missouri Department of Education about the flaw and held off publicising it so officials could fix it – but that wasn’t good enough for the governor.

“The state is committed to bring to justice anyone who hacked our system and anyone who aided and abetted them to do so,” Parson said, according to the Missouri Independent news website. He justified his bizarre outburst by saying the SLPD was “attempting to embarrass the state and sell headlines for their news outlet.”

[…]

Source: Missouri governor demands prosecution for data breach report • The Register

Tesla’s Bringing Car Insurance to Texas W/ New ‘Safety Score’ by eating and selling your location data

Posted on by

After two years of offering car insurance to drivers across California, Tesla’s officially bringing a similar offering to clientele in its new home state of Texas. As Electrek first reported, the big difference between the two is how drivers’ premiums are calculated: in California, the prices were largely determined by statistical evaluations. In Texas, your insurance costs will be calculated in real-time, based on your driving behavior.

Tesla says it grades this behavior using the “Safety Score” feature—the in-house metric designed by the company in order to estimate a driver’s chance of future collision. These scores were recently rolled out in order to screen drivers that were interested in testing out Tesla’s “Full Self Driving” software, which, like the Safety Score itself, is currently in beta. And while the self-driving software release date is, um, kind of up in the air for now, Tesla drivers in the lone-star state can use their safety score to apply for quotes on Tesla’s website as of today.

As Tesla points out in its own documents, relying on a single score makes the company a bit of an outlier in the car insurance market. Most traditional insurers round up a driver’s costs based on a number of factors that are wholly unrelated to their actual driving: depending on the state, this can include age, gender, occupation, and credit score, all playing a part in defining how much a person’s insurance might cost.

Tesla, on the other hand, relies on a single score, which the company says get tallied up based on five different factors: the number of forward-collision warnings you get every 1,000 miles, the number of times you “hard brake,” how often you take too-fast turns, how closely you drive behind other drivers, and how often they take their hands off the wheel when Autopilot is engaged.

[…]

Source: Tesla’s Bringing Car Insurance to Texas W/ New ‘Safety Score’

The idea sounds reasonable – but giving Tesla my location data and allowing them to process and sell that doesn’t.

Researchers show Facebook’s ad tools can target a single specific user

Posted on by

A new research paper written by a team of academics and computer scientists from Spain and Austria has demonstrated that it’s possible to use Facebook’s targeting tools to deliver an ad exclusively to a single individual if you know enough about the interests Facebook’s platform assigns them.

The paper — entitled “Unique on Facebook: Formulation and Evidence of (Nano)targeting Individual Users with non-PII Data” — describes a “data-driven model” that defines a metric showing the probability a Facebook user can be uniquely identified based on interests attached to them by the ad platform.

The researchers demonstrate that they were able to use Facebook’s Ads manager tool to target a number of ads in such a way that each ad only reached a single, intended Facebook user.

[…]

Source: Researchers show Facebook’s ad tools can target a single user | TechCrunch

OAK-D Depth Sensing AI Camera Gets Smaller And Lighter

Posted on by

The OAK-D is an open-source, full-color depth sensing camera with embedded AI capabilities, and there is now a crowdfunding campaign for a newer, lighter version called the OAK-D Lite. The new model does everything the previous one could do, combining machine vision with stereo depth sensing and an ability to run highly complex image processing tasks all on-board, freeing the host from any of the overhead involved.

Animated face with small blue dots as 3D feature markers.
An example of real-time feature tracking, now in 3D thanks to integrated depth sensing.

The OAK-D Lite camera is actually several elements together in one package: a full-color 4K camera, two greyscale cameras for stereo depth sensing, and onboard AI machine vision processing with Intel’s Movidius Myriad X processor. Tying it all together is an open-source software platform called DepthAI that wraps the camera’s functions and capabilities together into a unified whole.

The goal is to give embedded systems access to human-like visual perception in real-time, which at its core means detecting things, and identifying where they are in physical space. It does this with a combination of traditional machine vision functions (like edge detection and perspective correction), depth sensing, and the ability to plug in pre-trained convolutional neural network (CNN) models for complex tasks like object classification, pose estimation, or hand tracking in real-time.

So how is it used? Practically speaking, the OAK-D Lite is a USB device intended to be plugged into a host (running any OS), and the team has put a lot of work into making it as easy as possible. With the help of a downloadable application, the hardware can be up and running with examples in about half a minute. Integrating the device into other projects or products can be done in Python with the help of the DepthAI SDK, which provides functionality with minimal coding and configuration (and for more advanced users, there is also a full API for low-level access). Since the vision processing is all done on-board, even a Raspberry Pi Zero can be used effectively as a host.

There’s one more thing that improves the ease-of-use situation, and that’s the fact that support for the OAK-D Lite (as well as the previous OAK-D) has been added to a software suite called the Cortic Edge Platform (CEP). CEP is a block-based visual coding system that runs on a Raspberry Pi, and is aimed at anyone who wants to rapidly prototype with AI tools in a primarily visual interface, providing yet another way to glue a project together.

Earlier this year we saw the OAK-D used in a system to visually identify weeds and estimate biomass in agriculture, and it’s exciting to see a new model being released. If you’re interested, the OAK-D Lite is available at a considerable discount during the Kickstarter campaign.

Source: OAK-D Depth Sensing AI Camera Gets Smaller And Lighter | Hackaday

Criminals use fake AI voice to swindle UAE bank out of $35m

Posted on by

Authorities in the United Arab Emirates have requested the US Department of Justice’s help in probing a case involving a bank manager who was swindled into transferring $35m to criminals by someone using a fake AI-generated voice.

The employee received a call to move the company-owned funds by someone purporting to be a director from the business. He also previously saw emails that showed the company was planning to use the money for an acquisition, and had hired a lawyer to coordinate the process. When the sham director instructed him to transfer the money, he did so thinking it was a legitimate request.

But it was all a scam, according to US court documents reported by Forbes. The criminals used “deep voice technology to simulate the voice of the director,” it said. Now officials from the UAE have asked the DoJ to hand over details of two US bank accounts, where over $400,000 from the stolen money were deposited.

Investigators believe there are at least 17 people involved in the heist.

Source: Criminals use fake AI voice to swindle UAE bank out of $35m