Monthly Archives: January 2022

EXCLUSIVE Dutch watchdog finds Apple app store payment rules anti-competitive – sources

Posted on by

The Dutch antitrust authority has found that Apple’s rules requiring software developers to use its in-app payment system are anti-competitive and ordered it to make changes, four people familiar with the matter said, in the latest regulatory setback for the iPhone maker.

Apple’s app-store payment policies, in particular its requirement that app developers exclusively use its payment system where commissions range between 15% and 30%, have long drawn complaints from developers.

[…]

The Netherlands’ Authority for Consumers and Markets (ACM) last month informed the U.S. technology giant of its decision, making it the first antitrust regulator to make a finding the company has abused market power in the app store, though Apple is facing challenges in multiple countries.

ACM has not levied a fine against Apple, but demanded changes to the in-app payment system, the people said. The decision has not been seen by Reuters.

An ACM spokesperson declined to comment, saying that the matter is currently under legal review. The regulator has previously said it expects to publish its decision this year.

[…]

Source: EXCLUSIVE Dutch watchdog finds Apple app store payment rules anti-competitive – sources | Reuters

LG’s Next-Gen OLED EX Tech Promises Major Improvements

Posted on by

[…]

OLED EX (the EX stands for Evolution and eXperience, unfortunately) promises to boost maximum brightness, enhance picture quality, and allow for smaller display bezels. The underlying technology—millions of individual self-lit pixels—hasn’t changed, but the use of an isotope called deuterium combined with algorithmic image processing can increase brightness by up to 30% over conventional OLED displays, LG claims.

As boring as that may sound, the science behind it is actually pretty fascinating. LG found a way to extract deuterium, a rather scarce isotope (there is one deuterium atom in 6,000 hydrogen atoms) that’s twice as heavy as hydrogen from water, then applied it to its TV’s OLED elements. LG says stabilized deuterium compounds let the display emit brighter light while improving efficiency over time.

Moving to the second change, LG is using a “personalized” machine learning algorithm that predicts the usage of each light-emitting diode (on up to 8K TVs) based on your viewing habits, then “precisely controls the display’s energy input to more accurately express the details and colors of the video content being played.”

Source: LG’s Next-Gen OLED Tech Promises Major Improvements

T-Mobile Has Suffered Yet Another Data Breach

Posted on by

The news comes via internal documents shared with The T-Mo Report, embedded below. They state that there was “unauthorized activity” on some customer accounts. That activity was either the viewing of customer proprietary network information (CPNI), an active SIM swap by a malicious actor, or both.

This comes just on the heels of a previous breach back in August. This time around, though, the damage appears to be much less severe. It seems only a small subset of customers are affected. There is no further detail about what exactly happened, with the documents simply saying that some info was leaked.

Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI. This information may include the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info. That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers.

The second category an affected customer might fall into is having their SIM swapped. This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.

The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped.

[…]

Source: [Update: T-Mobile Statement] Exclusive: T-Mobile Has Suffered Yet Another Data Breach

Airbnb Hides Guest First Names in Oregon to Stop Discrimination

Posted on by

[…] Beginning on Jan. 31, hosts will only see the initials of guests’ first names until they confirm a booking request, Airbnb announced in a December news announcement spotted by the Verge. After a host confirms the booking, the guest’s full name will appear. The change to how names are displaced will be in place for at least two years.

“While we have made progress, we have much more to do and continue working with our Hosts and guests, and with civil rights leaders to make our community more inclusive,” Airbnb said.

In its announcement, the company said the update is consistent with the voluntary settlement agreement it reached with individuals in Oregon in 2019 “who raised concerns regarding the way guests’ names are displayed when they seek to book a listing.”

According to the Oregonian, in 2017 Portland resident Patricia Harrington filed a lawsuit against Airbnb. She claimed that because Airbnb requires guests to disclose their full name and include a photo, which hosts’ review before they accept a booking, the company was allowing hosts to discriminate against Black guests. This constituted a violation of Oregon’s public accommodation laws, she alleged.

Airbnb settled the lawsuit, which included two more Black women in Oregon, in 2019. By that time, Harrington had died.

The lawsuit’s claims weren’t wrong. Black guests have been sounding the alarm about discrimination on the platform for years and even created a hashtag: #AirbnbWhileBlack. In 2016, a Harvard Business School study even found that requests from guests with African American names were roughly 16% less likely to be accepted by hosts than identical guests with distinctively white names.

[…]

“Given that the impact of this change is unknown, the implementation will be limited,” Airbnb spokesperson Liz DeBold Fusco said in an email. “We will evaluate the impact of this change to understand if there are learnings from this work that can inform future efforts to fight bias.”

[…]

Source: Airbnb Hides Guest First Names in Oregon to Stop Discrimination

Roblox and many other huge tech businesses Save Millions Taking Advantage Of A Massive Tax Dodge

Posted on by

Game-making platform and fledgling metaverse Roblox made the news yesterday as the focus of a New York Times report about a ‘90s era tax cut that’s spun out of control. Originally created to foster investment in small businesses, the Qualified Small Business Stock, or Q.S.B.S., exemption has transformed into a way for ultra-wealthy businesses to avoid paying taxes on huge amounts of profits.

I’d say it seemed like a good idea at the time, but it really wasn’t. Launched in 1993, the Qualified Small Business Stock exemption was presented as a means to get more people investing in start-ups by shielding some of a company’s profits from taxation. Originally the exemption meant an investor would be shielded from paying taxes on half of profits up to 10 million dollars, but that was eventually changed to exempt the entire 10 million

[…]

the U.S. tax system for voting into being a loophole-laden exemption that would eventually be so abused that participating in it would be considered a right-of-passage for Silicon Valley’s ultra-wealthy. The problem with the Q.S.B.S. exemption is that it can be cloned. All it takes is gifting stock to friends and family. Though they haven’t invested in the company, they nevertheless still qualify for the exemption, so you can ensure that large chunks of money stay within close orbit of your control without needing to pay taxes on said cash.

According to financial reports and the New York Times’ sources, Roblox founder David Baszucki has been able to multiply the exemption 12 times over, gifting stock to his wife, his four children, and various other relatives. In the fall of 2020, months before Roblox went public, Baszucki’s mother-in-law started giving away shares to relatives. Since they were gifted, those shares also qualified for the exemption. In March of 2021, Roblox went public, valued at 45 billion.

While this all sounds horrible and super-cheaty, there’s nothing at all illegal about this practice. It has a name, stacking, but is also known as peanut-buttering

[…]

 

Source: Roblox Saves Millions Taking Advantage Of A Shocking Tax Dodge

UK National Crime Agency finds 225 million previously unexposed passwords

Posted on by

The United Kingdom’s National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords.

We know this because Troy Hunt, of Have I Been Pwned (HIBP) fame, yesterday announced the agency has handed them over to his service, which lets anyone conduct a secure search of stolen passwords to check if their credentials have been exposed.

The NCA shared 585,570,857 with HIBP, and Hunt said 225,665,425 were passwords that he hasn’t seen before in the 613 million credentials HIBP already stored before the NCA handed over this new batch.

The NCA sent Hunt a statement explaining how it found the passwords:

During recent NCA operational activity, the NCCU’s Mitigation@Scale team were able to identify a huge amount of potentially compromised credentials (emails and associated passwords) in a compromised cloud storage facility. Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown.

The fact that they had been placed on a UK business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain and could be accessed by other 3rd parties to commit further fraud or cyber offences.

The NCA’s statement to Hunt did not reveal the source of the password trove, or how it was discovered. Hunt did reveal the following were found among the newly compromised passwords.

  • flamingo228
  • Alexei2005
  • 91177700
  • 123Tests
  • aganesq

Today’s release brings the total Pwned Passwords count to 847,223,402, a 38 percent increase over the last release. 5,579,399,834 occurrences of a compromised password are represented across HIBP.

[…]

Source: UK National Crime Agency finds 225 million previously unexposed passwords • The Register

Yes, Norton 360 has a built in cryptominer. Deletion is not easy.

Posted on by

Norton antivirus’s inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall.

The addition of Ncrypt.exe, Norton 360’s signed cryptocurrency-mining binary, to installations of Norton antivirus isn’t new – but it seems to have taken the non-techie world a few months to realise what’s going on.

Back in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock’s pitch, as we reported, was that people dabbling in cryptocurrency mining probably weren’t paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand?

In return for you installing their cryptominer on your home PC, NortonLifeLock skims off a mere 15 per cent of whatever digital currency you generate. While this compares well to the 100 per cent takings that criminals covertly deploying cryptominers help themselves to, some might say it’s a bit excessive for minimal effort on Norton’s part.

[…]

“If you have turned on Norton Crypto, but you no longer want to use the feature, you can disable it through your Norton Crypto dashboard,” says the FAQ on Norton’s website.

Uninstalling it altogether takes a bit more persistence, it appears, with users needing to disable Norton Product Tamper Protection (intended to protect the antivirus product from being disabled or deleted by malware) before going through the usual Windows uninstallation steps.

Norton isn’t alone: last year a maker of Wi-Fi routers offered to mine cryptocurrency on users’ devices if they supplied connectivity to the general public.

[…]

Source: Yes, Norton 360 has a built in cryptominer. Deletion is easy • The Register

CyberPowerPC case uses Kinetic Architecture to adjust airflow in real-time

Posted on by

[…]

Kinetic Architecture is a concept on which buildings are designed to allow parts of the structure to move. CyberPowerPC took this idea and created a KINETIC chassis with 18 individually controlled articulating vents that open and close automatically, all based on the computer’s current internal ambient temperatures.

“We are entering 2022 with some of our most sophisticated and elegant designs ever. For discriminating gamers our PC Master Builders are ready to hand-build and test new gaming PCs that are ultra-clean, streamlined, and deliver maximum performance for those who want something truly unique.”

Eric Cheung, CyberPowerPC CEO

The vents aren’t a simple case of opening and closing either and adjust based on every degree of internal temperature by opening to varying degrees. Users can customize and adjust the temperature ranges as well, and a quick button will allow you to fully open or close the vents instantly. The KINETIC chassis supports full ATX size motherboards, up to seven 120mm or five 140mm fans, and most extended length graphics cards.

Key features of the CyberPowerPC KINETIC chassis include:

  • CyberPowerPC exclusive patent pending kinetic design.
  • 18 Individually actuating vents that adjust in real time to ambient case temperatures.
  • Maximizes airflow and cooling case temps are high.
  • Reduces noise and dust when case temps are low.
  • Temperature sensor ranges can be adjusted to fit your needs.
  • Available in both black and white mid-tower options.

The CyberPowerPC KINETIC Series PC case will ship in Q3 2022 from CyberPowerPC.com and CyberPowerPC’s network of authorized retailers and distributors. The chassis is backed by a one-year warranty and lifetime technical support. The suggested MSRP is US$249.

[…]

Source: [CES 2022] CyberPowerPC case uses Kinetic Architecture to adjust airflow in real-time

France fines Meta, Google: Cookies must be as easy to reject as to accept

Posted on by

Google and Facebook have come a little unstuck in the cookie department as French watchdog Commission Nationale de l’Informatique et des Libertés (CNIL) slapped the pair with a €150m and €60m fine respectively.

The CNIL kicked off its investigations after receiving complaints regarding the way cookies can be refused on facebook.com, youtube.com and google.fr. The crux of the matter is that while there is a button to permit immediate acceptance of cookies, there is not the equivalent to refuse them as easily. “Several clicks are required to refuse all cookies, against a single one to accept them,” explained the CNIL.

“The restricted committee,” it went on, “considered that this process affects the freedom of consent: since, on the internet, the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favor of consent. This constitutes an infringement of Article 82 of the French Data Protection Act.”

[…]

Source: France fines Meta, Google: Cookies must be easier to reject • The Register

Scientists Figured Out Which Animals Were in a Zoo Just by Taking DNA From the Air

Posted on by

Researchers were able to identify 74 species of animals by looking for DNA in air samples collected at two zoos. The experiment shows that free-floating DNA could be used to track wild animals, including endangered or invasive species, without needing to observe them directly.

Environmental DNA (eDNA) has shaken up how animal populations can be monitored, managed, and conserved. Instead of having to find physical evidence of animals—scales, fur, feces, or sightings—researchers can rely on the microscopic bits of genetic material that fall off creatures as they move around their environment. Merely taking a soil or water sample can give researchers a sense of an entire ecosystem.

But researchers have wondered whether air could provide the same level of information as soil and water. Last year, a UK-based team detected naked mole rat DNA by sampling air from the rodents’ burrows in a lab setting. (They also detected human DNA, presumably from the researchers who worked in the lab.) But proving the method’s success in open air was a different beast. To test the technique further, two research teams used a setting that included unmistakeable subjects: zoos in England and Denmark. Their two papers are published today in Current Biology.

[…]

To run their experiment, the scientists used a fan with a filter, drawing in air from within and around the zoo. The team then used polymerase chain reaction (PCR)—the same tech used in many covid-19 tests—to amplify the genetic information on the filter, essentially creating many copies of the genetic material they found. They were able to identify 25 species in the UK and 49 species in Denmark. In the UK study, eight of the identified species were animals native to the area rather than zoo inhabitants, while six non-zoo animals were detected in the Denmark study.

Elizabeth Clare, a scientist, kneels while holding a filter for sampling air for environmental DNA.
Elizabeth Clare, author of one of the studies, samples air for environmental DNA.Photo: Elizabeth Clare
[…]

The closer to extinction a species creeps, the harder it is for it to be monitored. eDNA methods make that conservation work easier. It means keeping track of the last vaquitas and perhaps settling the debate over the fate of the ivory-billed woodpecker.

Airborne DNA still requires more research, but Clare noted how quickly waterborne DNA became a widely used method in conservation. Perhaps the latest innovation in DNA surveys will happen sooner than we think.

Source: Scientists Figured Out Which Animals Were in a Zoo Just by Taking DNA From the Air

Snap suing to trademark the word “spectacles” for its smart glasses that no one has ever used or knows much about

Posted on by

Snap is suing the US Patent and Trademark Office (USPTO) for rejecting its application to trademark the word “spectacles” for its digital eyewear camera device. But the USPTO has maintained that “spectacles” is a generic term for smart glasses and that Snap’s version “has not acquired distinctiveness,” as required for a trademark.

In its complaint filed Wednesday in US District Court in California, Snap claims that the Spectacles name “evokes an incongruity between an 18th century term for corrective eyewear and Snap’s high-tech 21st century smart glasses. SPECTACLES also is suggestive of the camera’s purpose, to capture and share unusual, notable, or entertaining scenes (i.e., “spectacles”) and while also encouraging users to make ‘spectacles’ of themselves.”

Snap first introduced its camera-equipped Spectacles in 2016 (“a wearable digital video camera housed in a pair of fashionable sunglasses,” according to its complaint), which can take photos and videos while the user wears them and connects with the Snap smartphone app. Despite selling them both online and in pop-up vending machines around the world, the first iteration of Spectacles mostly flopped with consumers. In its 2017 third-quarter earnings report, Snap said it had lost nearly $40 million on some 300,000 unsold Spectacles.

In May 2021, Snap CEO Evan Spiegel showed off an augmented reality version of the Spectacles, which so far are available only to a small group of creators and reviewers chosen by the company. The AR Spectacles aren’t yet available for purchase by the general public.

Snap’s new complaint posits that there’s been enough media coverage of Spectacles, bolstered by some industry awards and its own marketing including social media, to support its claim that consumers associate the word “spectacles” with the Snap brand. Snap first filed a trademark application for Spectacles in September 2016, “for use in connection with wearable computer hardware” and other related uses “among consumer electronics devices and displays.”

During several rounds of back-and-forth with the company since then, the USPTO has maintained that the word “spectacles” appeared to be “generic in connection with the identified goods,” i.e. the camera glasses. Snap continued to appeal the agency’s decision.

In a November 2021 opinion, the USPTO’s Trademark Trial and Appeal Board (pdf) upheld the decision, reiterating that the word “spectacles” was a generic term that applied to all smart glasses, not just Snap’s version. Despite the publicity Snap claimed its Spectacles had received from its marketing and social media, the board noted in its opinion that Spectacles’ “social media accounts have an underwhelming number of followers, and the number of followers is surprisingly small,” which didn’t support the company’s argument that there had been a high enough level of consumer exposure to Snap’s Spectacles to claim that consumers associated the word with Snap’s brand.

[…]

Source: Snap suing to trademark the word “spectacles” for its smart glasses