A federal judge in Texas has ordered the company to pay Voxer, the developer of app called Walkie Talkie, nearly $175 million as an ongoing royalty. Voxer accused Meta of infringing its patents and incorporating that tech in Instagram Live and Facebook Live.
In 2006, Tom Katis, the founder of Voxer, started working on a way to resolve communications problems he faced while serving in the US Army in Afghanistan, as TechCrunch notes. Katis and his team developed tech that allows for live voice and video transmissions, which led to Voxer debuting the Walkie Talkie app in 2011.
According to the lawsuit, soon after Voxer released the app, Meta (then known as Facebook) approached the company about a collaboration. Voxer is said to have revealed its proprietary technology as well as its patent portfolio to Meta, but the two sides didn’t reach an agreement. Voxer claims that even though Meta didn’t have live video or voice services back then, it identified the Walkie Talkie developer as a competitor and shut down access to Facebook features such as the “Find Friends” tool.
Meta debuted Facebook Live in 2015. Katis claims to have had a chance meeting with a Facebook Live product manager in early 2016 to discuss the alleged infringements of Voxer’s patents in that product, but Meta declined to reach a deal with the company. The latter released Instagram Live later that year. “Both products incorporate Voxer’s technologies and infringe its patents,” Voxer claimed in the lawsuit.
[…] In June, more than 3,300 employees across the United Kingdom began participating in a six-month experiment to test the efficacy of a four-day work week, which was organized by the nonprofit 4 Day Global. The pilot program has now reached its halfway point, and 4 Day Global is reporting overwhelmingly positive results. More specifically, 88% of surveyed participants said that the four-day work week is working well for their business.
[…]
Results also include 86% of survey respondents indicating that they would be likely or extremely likely to retain the four-day work week, while a total of 46% of respondents reported some increase in productivity. Businesses also reported a relatively smooth transition from the traditional five-day work week. On a scale of 1 being “extremely challenging” to 5 being “extremely smooth,” 4 Day Week Global found that 98% of respondents rated the transition to the four-day work week a 3 or higher.
Prior to the start of the experiment, 4 Day Week Global said that this is the biggest pilot program of its kind, where, as long as workers maintain 100% of their productivity, they will also maintain 100% of their salary while working 80% of the traditional work week. The nonprofit has been collaborating on the pilot program with labor think tank Autonomy as well as researchers from Cambridge University, Boston College, and Oxford University. Companies taking part in the experiment range from fish and chips shops, to PR firms, to tech companies.
[…]
“We are learning that for many it is a fairly smooth transition and for some there are some understandable hurdles – especially among those which have comparatively fixed or inflexible practices, systems, or cultures which date back well into the last century,” O’Connor said.
[…]
Microsoft flirted with a four-day work week in Japan and saw higher sales figures and levels of happiness in employees. The big hurdle moving forward will be getting buy in from enough companies and executives to make the four-day work week a permanent fixture in the world’s labor market—but results from large projects such as the one from 4 Day Week Global are only getting us closer to that end goal.
[…] Spawning AI creates image-generation tools for artists, and the company just launched Have I Been Trained? which you can use to search a set of 5.8 billion images that have been used to train popular AI art models. When you search the site, you can search through the images that are the closest match, based on the LAION-5B training data, which is widely used for training AI search terms.
It’s a fun tool to play with, and may help give a glimpse into the data that the AI is using as the basis for its own. The photo at the top of this post is a screenshot of the search term “couple”. Try putting your own name in, and see what happens… I also tried a search for “Obama,” which I will not be sharing a screenshot of here, but suffice it to say that these training sets can be… Problematic.
An Ars Technica report this week reveals that private medical records — as many as thousands — are among the many photos hidden within LAION-5B with questionable ethical and legal statuses. Removing these records is exceptionally difficult, as LAION isn’t a collection of files itself but merely a set of URLs pointing to images on the web.
In response, technologists like Mat Dryhurst and Holly Herndon are spearheading efforts such as Source+, a standard aiming to allow people to disallow their work or likeness to be used for AI training purposes. But these standards are — and will likely remain — voluntary, limiting their potential impact.
The listing allegedly includes 350 million Ask.FM user records, with the threat actor also offering 607 repositories plus their Gitlab, Jira, and Confluence databases. Ask.FM is a question and answer network launched in June 2010, with over 215 million registered users.
“I’m selling the users database of Ask.fm and ask.com. For connoisseurs, you can also get 607 repositories plus their Gitlab, Jira, Confluence databases.”
The posting also includes a list of repositories, sample git, and sample user data, as well as mentions of the fields in the database: user_id, username, mail, hash, salt, fbid, twitterid, vkid, fbuid, iguid. It appears that Ask.FM is using the weak hashing algorithm SHA1 for passwords, putting them at risk of being cracked and exposed to threat actors.
[…]
In response to DataBreaches, the user who posted the database – Data – explained that initial access was gained via a vulnerability in Safety Center. The server was first accessed in 2019, and the database was obtained on 2020-03-14.
Data also suggested that Ask.FM knew about the breach as early as back in 2020.
Multiple branches of the U.S. military have bought access to a powerful internet monitoring tool that claims to cover over 90 percent of the world’s internet traffic, and which in some cases provides access to people’s email data, browsing history, and other information such as their sensitive internet cookies, according to contracting data and other documents reviewed by Motherboard.
Additionally, Sen. Ron Wyden says that a whistleblower has contacted his office concerning the alleged warrantless use and purchase of this data by NCIS, a civilian law enforcement agency that’s part of the Navy, after filing a complaint through the official reporting process with the Department of Defense, according to a copy of the letter shared by Wyden’s office with Motherboard.
The material reveals the sale and use of a previously little known monitoring capability that is powered by data purchases from the private sector. The tool, called Augury, is developed by cybersecurity firm Team Cymru and bundles a massive amount of data together and makes it available to government and corporate customers as a paid service. In the private industry, cybersecurity analysts use it for following hackers’ activity or attributing cyberattacks. In the government world, analysts can do the same, but agencies that deal with criminal investigations have also purchased the capability. The military agencies did not describe their use cases for the tool. However, the sale of the tool still highlights how Team Cymru obtains this controversial data and then sells it as a business, something that has alarmed multiple sources in the cybersecurity industry.
“The network data includes data from over 550 collection points worldwide, to include collection points in Europe, the Middle East, North/South America, Africa and Asia, and is updated with at least 100 billion new records each day,” a description of the Augury platform in a U.S. government procurement record reviewed by Motherboard reads. It adds that Augury provides access to “petabytes” of current and historical data.
Motherboard has found that the U.S. Navy, Army, Cyber Command, and the Defense Counterintelligence and Security Agency have collectively paid at least $3.5 million to access Augury. This allows the military to track internet usage using an incredible amount of sensitive information. Motherboard has extensively covered how U.S. agencies gain access to data that in some cases would require a warrant or other legal mechanism by simply purchasing data that is available commercially from private companies. Most often, the sales center around location data harvested from smartphones. The Augury purchases show that this approach of buying access to data also extends to information more directly related to internet usage.
[…]
The Augury platform makes a wide array of different types of internet data available to its users, according to online procurement records. These types of data include packet capture data (PCAP) related to email, remote desktop, and file sharing protocols. PCAP generally refers to a full capture of data, and encompasses very detailed information about network activity. PCAP data includes the request sent from one server to another, and the response from that server too.
[…]
Augury also contains so-called netflow data, which creates a picture of traffic flow and volume across a network. That can include which server communicated with another, which is information that may ordinarily only be available to the server owner themselves or to the internet service provider that is carrying the traffic. That netflow data can be used for following traffic through virtual private networks, and show the server they are ultimately connecting from.
[…]
Team Cymru obtains this netflow data from ISPs; in return, Team Cymru provides the ISPs with threat intelligence. That transfer of data is likely happening without the informed consent of the ISPs’ users. A source familiar with the netflow data previously told Motherboard that “the users almost certainly don’t [know]” their data is being provided to Team Cymru, who then sells access to it.
It is not clear where exactly Team Cymru obtains the PCAP and other more sensitive information, whether that’s from ISPs or another method.
[…]
Beyond his day job as CEO of Team Cymru, Rabbi Rob Thomas also sits on the board of the Tor Project, a privacy focused non-profit that maintains the Tor software. That software is what underpins the Tor anonymity network, a collection of thousands of volunteer-run servers that allow anyone to anonymously browse the internet.
“Just like Tor users, the developers, researchers, and founders who’ve made Tor possible are a diverse group of people. But all of the people who have been involved in Tor are united by a common belief: internet users should have private access to an uncensored web,” the Tor Project’s website reads.
Just a few weeks after Hook Up: The Game released on Android, developer Sophie Artemigi was surprised to see the visual novel flagged for inappropriate sexual content.
By the game’s own description, you play as Alex, “a sex positive twenty-something” who matches with her old high school bully on a dating app, so of course, sexual themes are part of the package. But inappropriate? That was unexpected.
Google Play does warn developers that content designed to be “sexually gratifying” is not allowed on the platform, but it can be tricky to know how exactly that’s being enforced. Take 7 Sexy Sins, for example, a game which has the player removing the armor from anime demon girls, only to “snap some pictures… for personal uses”. It’s got an age rating of 12+ and has been downloaded more than 10,000 times without being pulled from the platform.
By contrast, Hook Up: The Game is a narrative game about dating, relationships and learning to deal with past trauma.
Artemigi appealed the decision to find out exactly what had crossed the line in this case.
In response she was told that Google “don’t allow apps that contain or promote sexual content or profanity”, or “appear to promote a sexual act in exchange for compensation”.
“For example”, the response continued, “your app screenshots currently contain an image that depicts sexually suggestive poses and sexual nudity”.
The following image was included as proof, with red rectangles drawn over the offending content.
Image: Sophie Artemigi
You’ll note that the character’s breasts have been highlighted, but so has her belly button, which is just totally bizarre. Accordingly, Artemigi emailed back with her counterarguments.
First of all, Hook Up has nothing to do with sexual acts being performed in “exchange for compensation”, she explained. In an email shown to Kotaku, Artemigi asked why Google was conflating provocatively dressed women with sex workers?
As for the image itself, Artemigi argued that it’s meant to be reflective of the kind of pictures you might find on a dating app, which typically do not allow for pictures that are too revealing. It’s worth clarifying that Alex is not nude in this screenshot, but even if she was, the Play Store’s own policy states that nudity “may be allowed if the primary purpose is educational, documentary, scientific or artistic, and is not gratuitous”.
The illustration, Artemigi pointed out, was a direct reference to the statue of Napoleon’s sister and imperial princess, Pauline Boneparte, which you can see for yourself in Rome’s Galleria Borghese. It’s also pictured at the top of this article.
“That pose was specifically based on classical statues because there’s a reference to Alex feeling like her bully was this Greek god,” said Artemigi. “It’s meant to be about objectifying yourself and finding beauty in one’s self.”
But hey, sex is complicated and so, perhaps, are belly buttons.
After receiving another short reply stating that the screenshot depicts a “sexually nude and gratifying pose of a woman presented in a non-artistic way”, Artemigi asked to escalate the issue to somebody higher up in the policy team in the hopes of speaking to somebody who might appreciate the nuance of the situation.
The final response from her official Google contact once again pointed out that Hook Up was in violation of the platform’s policy, but this time ended with the following sentence:
“Regarding your concern about escalation, I am the highest form of escalation. Next to me is God. Do you wanna see God?”
Yikes.
“It was almost nice though,” said Artemigi, “because it kind of confirmed the vibe I’d been getting. I felt very dismissed, talked down to. At least they were honest in that one email, I’ll give them that.”
When asked for comment, Google told Kotaku that the person who wrote this email has now been removed from the developer support team.
Hook Up: The Game is still available to purchase on the Play Store, although it seemingly remains in breach of the company’s policy, meaning that Artemigi hasn’t been able to publish updates as she usually would.
It’s unclear whether this will have also affected the game’s standing on the platform, but it’s worth noting that despite hundreds of downloads and almost 40 reviews, searching “Hook Up: The Game” on the Play Store doesn’t bring up the game in my search results. Like, at all.
In fact, the only way I was able to find it via search was to use the full name of the developer.
There’s been no such problems over on iOS, although different screenshots are being used to market the game for that platform.
Meta was sued on Wednesday for alleged undisclosed tracking and data collection in its Facebook and Instagram apps on Apple iPhones.
The lawsuit [PDF], filed in a US federal district court in San Francisco, claims that the two applications incorporate use their own browser known as a WKWebView that injects JavaScript code to gather data that would otherwise be unavailable if the apps opened links in the default standalone browser designated by iPhone users.
The claim is based on the findings of security researcher Felix Krause, who last month published an analysis of how WKWebView browsers embedded within native applications can be abused to track people and violate privacy expectations.
“When users click on a link within the Facebook app, Meta automatically directs them to the in-app browser it is monitoring instead of the smartphone’s default browser, without telling users that this is happening or they are being tracked,” the complaint says.
“The user information Meta intercepts, monitors and records includes personally identifiable information, private health details, text entries, and other sensitive confidential facts.”
[…]
However, Meta’s use of in-app browsers in its mobile apps predates Apple’s ATT initiative. Apple introduced WKWebView at its 2014 Worldwide Developer Conference as a replacement for its older UIWebView (UIKit) and WebView (AppKit) frameworks. That was in iOS 8. With the arrival of iOS 9, as described at WWDC 2015, there was another option, SFSafariViewController. Presently this is what’s recommended for displaying a website within an app.
And the company’s use of in-app browsers has elicited concern before.
“On top of limited features, WebViews can also be used for effectively conducting intended man-in-the-middle attacks, since the IAB [in-app browser] developer can arbitrarily inject JavaScript code and also intercept network traffic,” wrote Thomas Steiner, a Google developer relations engineer, in a blog post three years ago.
In his post, Steiner emphasizes that he didn’t see anything unusual like a “phoning home” function.
Krause has taken a similar line, noting only the potential for abuse. In a follow-up post, he identified additional data gathering code.
He wrote, “Instagram iOS subscribes to every tap on any button, link, image or other component on external websites rendered inside the Instagram app” and also “subscribes to every time the user selects a UI element (like a text field) on third party websites rendered inside the Instagram app.”
However, “subscribes” simply means that analytics data is accessible within the app, without offering any conclusion about what, if anything, is done with the data. Krause also points out that since 2020, Apple has offered a framework called WKContentWorld that isolates the web environment from scripts. Developers using an in-app browser can implement WKContentWorld in order to make scripts undetectable from the outside, he said.
Whatever Meta is doing internally with its in-app browser, and even given the company’s insistence its injected script validates ATT settings, the plaintiffs suing the company argue there was no disclosure of the process.
“Meta fails to disclose the consequences of browsing, navigating, and communicating with third-party websites from within Facebook’s in-app browser – namely, that doing so overrides their default browser’s privacy settings, which users rely on to block and prevent tracking,” the complaint says. “Similarly, Meta conceals the fact that it injects JavaScript that alters external third-party websites so that it can intercept, track, and record data that it otherwise could not access.”
