Spy chiefs have ordered ministers to stop using their personal phones to conduct government business following a suspected Kremlin hack on Liz Truss’s mobile.
A Whitehall source said all ministers involved in national security would be expected to attend fresh training with the security services this week ‘to ensure everyone is aware how this material should be handled’.
Ministers will be warned they should never use their personal mobile phones to conduct Government business as they are likely to be the target of hostile states such as Russia, China, North Korea and Iran.
Pauline Neville-Jones, former chairman of Britain’s joint intelligence committee, yesterday said she was ‘not at all tolerant of the notion that it’s OK for ministers to use private mobile phones’.
The warnings follow astonishing revelations in yesterday’s Mail on Sunday that Miss Truss’s personal mobile was spied on by hackers thought to be working for Moscow while she was foreign secretary.
Spy chiefs have ordered ministers to stop using their personal phones to conduct government business following a suspected Kremlin hack on Liz Truss’s mobile
The hack was discovered during the Tory leadership contest in the summer, but a news blackout was ordered by Boris Johnson and Cabinet Secretary Simon Case. Even MPs and officials with top level security clearance were kept in the dark.
Miss Truss is said to have been so worried about the potential damage to her leadership bid that she ‘had trouble sleeping’ until the news was suppressed.
Messages dating back up to a year are thought to have been downloaded, including highly sensitive discussions with fellow foreign ministers about issues such as arms shipments to Ukraine.
Hacked messages are said to have included private criticisms of Mr Johnson by Miss Truss and Kwasi Kwarteng, potentially opening them up to blackmail attempts at a time when they were both senior ministers in his government.
Parliamentary sources yesterday said the shocking incident was now likely to be investigated by the Intelligence and Security Committee, which oversees the work of the security services.
It’s been nearly a decade since the Pebble smartwatch started shipping to backers of its wildly successful initial Kickstarter campaign, but there’s still life in the ol’ dog yet. The wearables are now compatible with Pixel 7 and Pixel 7 Pro, as well as 64-bit-only Android devices that will arrive later.
As noted by Ars Technica, Katharine Berry, who works on Wear OS and is a prominent member of the Rebble group that’s keeping the Pebble ecosystem alive, wrote that the latest Pebble update comes four years after the previous one. The last update allowed for many of the Pebble app’s functions to run on independent servers. Fitbit, which Google has since bought, shut down Pebble’s servers in 2018, two years after buying some of the smartwatch maker’s assets.
Along with Pixel 7 compatibility, the latest update also improves Caller ID reliability on recent versions of Android. While the app isn’t available on the Google Play Store, the APK is signed with official Pebble keys and retains Google Fit integration, Berry noted.
It’s amazing how amazed the writer of this article is that there are still updates for 10 year old hardware. Shouldn’t it be the norm that hardware is supported for as long as it works – and that should be in the 30/40 year range instead of the 2/3 year range?
The study, published today in Science, was led by Finland’s Aalto University and resulted in a powerful, ultra-tiny spectrometer that fits on a microchip and is operated using artificial intelligence.
The research involved a comparatively new class of super-thin materials known as two-dimensional semiconductors, and the upshot is a proof of concept for a spectrometer that could be readily incorporated into a variety of technologies—including quality inspection platforms, security sensors, biomedical analyzers and space telescopes.
[…]
Traditional spectrometers require bulky optical and mechanical components, whereas the new device could fit on the end of a human hair, Minot said. The new research suggests those components can be replaced with novel semiconductor materials and AI, allowing spectrometers to be dramatically scaled down in size from the current smallest ones, which are about the size of a grape.
[…]
The device is 100% electrically controllable regarding the colors of light it absorbs, which gives it massive potential for scalability and widespread usability
[…]
In medicine, for example, spectrometers are already being tested for their ability to identify subtle changes in human tissue such as the difference between tumors and healthy tissue.
For environmental monitoring, Minot added, spectrometers can detect exactly what kind of pollution is in the air, water or ground, and how much of it is there.
[…]
“If you’re into astronomy, you might be interested in measuring the spectrum of light that you collect with your telescope and having that information identify a star or planet,” he said. “If geology is your hobby, you could identify gemstones by measuring the spectrum of light they absorb.”
As furious anti-government protests swept Iran, the authorities retaliated with both brute force and digital repression. Iranian mobile and internet users reported rolling network blackouts, mobile app restrictions, and other disruptions. Many expressed fears that the government can track their activities through their indispensable and ubiquitous smartphones.
Iran’s tight grip on the country’s connection to the global internet has proven an effective tool for suppressing unrest. The lack of clarity about what technological powers are held by the Iranian government — one of the most opaque and isolated in the world — has engendered its own form of quiet terror for prospective dissidents. Protesters have often been left wondering how the government was able to track down their locations or gain access to their private communications — tactics that are frighteningly pervasive but whose mechanisms are virtually unknown.
While disconnecting broad swaths of the population from the web remains a favored blunt instrument of Iranian state censorship, the government has far more precise, sophisticated tools available as well. Part of Iran’s data clampdown may be explained through the use of a system called “SIAM,” a web program for remotely manipulating cellular connections made available to the Iranian Communications Regulatory Authority. The existence of SIAM and details of how the system works, reported here for the first time, are laid out in a series of internal documents from an Iranian cellular carrier that were obtained by The Intercept.
According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests — or those of tomorrow — an expert who reviewed the SIAM documents told The Intercept.
“SIAM can control if, where, when, and how users can communicate,” explained Gary Miller, a mobile security researcher and fellow at the University of Toronto’s Citizen Lab. “In this respect, this is not a surveillance system but rather a repression and control system to limit the capability of users to dissent or protest.”
[…]
Based on the manuals, SIAM offers an effortless way to throttle a phone’s data speeds, one of roughly 40 features included in the program. This ability to downgrade users’ speed and network quality is particularly pernicious because it can not only obstruct one’s ability to use their phone, but also make whatever communication is still possible vulnerable to interception.
Referred to within SIAM as “Force2GNumber,” the command allows a cellular carrier to kick a given phone off substantially faster, more secure 3G and 4G networks and onto an obsolete and extremely vulnerable 2G connection. Such a network downgrade would simultaneously render a modern smartphone largely useless and open its calls and texts to interception
[…]
downgrading users to a 2G connection could also expose perilously sensitive two-factor authentication codes delivered to users through SMS.
[…]
SIAM also provides a range of tools to track the physical locations of cell users, allowing authorities to both follow an individual’s movements and identify everyone present at a given spot. Using the “LocationCustomerList” command allows SIAM operators to see what phone numbers have connected to specified cell towers along with their corresponding IMEI number, a unique string of numbers assigned to every mobile phone in the world. “For example,” Miller said, “if there is a location where a protest is occurring, SIAM can provide all of the phone numbers currently at that location.”
SIAM’s tracking of unique device identifiers means that swapping SIM cards, a common privacy-preserving tactic, may be ineffective in Iran since IMEI numbers persist even with a new SIM
[…]
user data accessible through SIAM includes the customer’s father’s name, birth certificate number, nationality, address, employer, billing information, and location history, including a record of Wi-Fi networks and IP addresses from which the user has connected to the internet.
[…]
SIAM allows its operators to learn a great deal not just about where a customer has been, but also what they’ve been up to, a bounty of personal data that, Miller said, “can enable CRA to create a social network/profile of the user based on his/her communication with other people.”
By entering a particular phone number and the command “GetCDR” into SIAM, a system user can generate a comprehensive Call Detail Record, including the date, time, duration, location, and recipients of a customer’s phone calls during a given time period. A similar rundown can be conducted for internet usage as well using the “GetIPDR” command, which prompts SIAM to list the websites and other IP addresses a customer has connected to, the time and date these connections took place, the customer’s location, and potentially the apps they opened. Such a detailed record of internet usage could also reveal users running virtual private networks, which are used to cover a person’s internet trail by routing their traffic through an encrypted connection to an outside server. VPNs — including some banned by the government — have become tremendously popular in Iran as a means of evading domestic web censorship.
Though significantly less subtle than being forced onto a 2G network, SIAM can also be used to entirely pull the plug on a customer’s device at will. Through the “ApplySuspIp” command, the system can entirely disconnect any mobile phone on the network from the internet for predetermined lengths of time or permanently. Similar commands would let SIAM block a user from placing or receiving calls.
Despite warnings of Chinese and Russian mischief and manipulation ahead of the US midterm elections, it seems American companies and citizens are perfectly capable of denting democracy on their own.
A Washington judge fined Meta $24.6 million this week after ruling that Facebook intentionally broke [PDF] the state’s campaign finance transparency laws 822 times. This fine was the maximum amount, we’re told, and represents the largest-ever penalty of its kind in the US.
To put the fine in perspective: it’s about half a day of Meta’s quarterly profits, which in these uncertain economic times dropped to $4.4 billion for Q3 this year.
In addition to paying the pocket change, Meta was ordered [PDF] by the judge to reimburse the Washington state attorney general’s costs, and noted these fees should be tripled “as punitive damages for Meta’s intentional violations of state law.”
While the exact amount hasn’t been determined, Attorney General Bob Ferguson said that legal bill totals $10.5 million for Facebook’s “arrogance.” Again, pocket change.
“It intentionally disregarded Washington’s election transparency laws. But that wasn’t enough,” Ferguson said. “Facebook argued in court that those laws should be declared unconstitutional. That’s breathtaking.”
The state requires internet outfits like Meta that display political ads on their websites and in their apps to keep records on these campaigns and make these details publicly available. This includes the cost of the advert and who paid for it along with information on which users were targeted and how far the ads reached.
Meta, which at the time was known as Facebook, repeatedly failed to do this, denying netizens details of who was pushing political ads on them. Specifically, the tech giant did not “maintain and make available for public inspection books of account and related materials” regarding the political ads, according to court documents [PDF] filed in 2020.
[…]
So-called “pink-slime newsrooms” — hyper-partisan publications that are dressed up as independent regional media — are spending millions of dollars on Facebook and Instagram ad campaigns in battleground states in the lead-up to America’s November midterm elections, a NewsGuard Misinformation Monitor found. These ads either push netizens to obviously left or right-leaning articles, or are snippets of articles contained within the ad.
Four of these outlets, some backed by Republican and others Democratic donors, have collectively spent $3.94 million on ad campaigns running simultaneously on Meta’s platforms so far in 2022, according to an investigation by the media trust org. The ad content or the articles they link to are at best highly partisan, and at worse play fast and loose with the truth to push a point. The goal, it seems, is to get people fired up enough to vote for one particular side, while appearing to be published by a normal media operation rather than a political campaign.
[…]
Their strategy seems to work, too. One of the publishers, Courier Newsroom, in an August 2022 case study, touted spending $49,000 on Facebook ads targeting 12 Iowa counties ahead of the state’s June 2022 primary election. The political spending resulted in 3,300 more votes, which NewsGuard suggested likely went to Democrats.
last December when the lander detected a massive quake on Mars.
Now, scientists know what caused the red planet to rumble. A meteoroid slammed into Mars 2,174 miles (3,500 kilometers) away from the lander and created a fresh impact crater on the Martian surface.
The ground literally moved beneath InSight on December 24, 2021, when the lander recorded a magnitude 4 marsquake. Before and after photos captured from above by the Mars Reconnaissance Orbiter, which has been circling Mars since 2006, spotted a new crater this past February.
Before and after photos taken by the Mars Reconnaissance Orbiter show where a meteoroid slammed into Mars on December 24, 2021.
NASA/JPL-Caltech/MSSS
When scientists connected the dots from both missions, they realized it was one of the largest meteoroid strikes on Mars since NASA began studying the red planet. Images from the orbiter’s two cameras showed the blast zone of the crater, which allowed scientists to compare it with the epicenter of the quake detected by InSight.
The journal Science published two new studies describing the impact and its effects on Thursday.
The space rock also revealed boulder-size ice chunks when it slammed into Mars. They were found buried closer to the warm Martian equator than any ice that has ever been detected on the planet.
Boulder-size ice chunks can be seen scattered around and outside the new crater’s rim.
NASA/JPL-Caltech/University of Arizona
“The image of the impact was unlike any I had seen before, with the massive crater, the exposed ice, and the dramatic blast zone preserved in the Martian dust,” said Liliya Posiolova, orbital science operations lead for the orbiter at Malin Space Science Systems in San Diego, in a statement.
[…]
When the meteoroid crashed into Mars, it created a crater in the planet’s Amazonis Planitia region spanning 492 feet (150 meters) across and 70 feet (21 meters) deep. Some of the material blasted out of the crater landed as far as 23 miles (37 kilometers) away. Teams at NASA also captured sound from the impact, so you can listen to what it sounds like when a space rock hits Mars.
The images captured by the orbiter, along with seismic data recorded by InSight, make the impact one of the largest craters in our solar system ever observed as it was created. Mars is littered with massive craters, but they’re much older than any mission to explore the red planet.
[…]
Ice beneath the Martian surface could be used for drinking water, rocket propellant and even growing crops and plants by future astronauts. And the fact that the ice was found so near the equator, the warmest region on Mars, might make it an ideal place to land crewed missions to the red planet.
[…]
Sadly, InSight’s mission is running out of time. Increasing amounts of dust have settled on the lander’s solar panels, only exacerbated by a continent-size dust storm detected on Mars in September, and its power levels keep dropping.
The beige clouds are a continent-size dust storm imaged by the Mars Reconnaissance Orbiter on September 29. The locations of the Perseverance, Curiosity and InSight missions are also labeled.
NASA/JPL-Caltech/MSSS
Fortunately, the storm didn’t pass over InSight directly — otherwise, the darkness of the storm would have ended the mission. But the weather event has kicked a lot of dust up into the atmosphere, and it has cut down the amount of sunlight reaching InSight’s solar panels, said Bruce Banerdt, InSight principal investigator at NASA’s Jet Propulsion Laboratory in Pasadena, California.
InSight lander’s final selfie on Mars shows why its mission is ending
The mission scientists estimate InSight will likely shut down in the next six weeks, ending a promising mission to unlock the interior of Mars.
if you’ve been paying attention over the last couple of years, anti-cheat software is quickly becoming the new DRM. Access to root layers of the computer complaints, complaints about performance effects, complaints about how the software tracks customer behavior, and now finally we have the good old “software isn’t letting me play my game” type of complaint. This revolves around Kotaku’s Luke Plunkett, whose writing I’ve always found valuable, attempting to review EA’s latest FIFA game.
I have reviewed FIFA in some capacity on this website for well over a decade, but regular readers who are also football fans may have noticed I haven’t said a word about it this year. That’s because, over a month after the PC version’s release, I am still locked out of it thanks to a broken, over-zealous example of anti-cheat protection.
Publisher EA uses Easy Anti-Cheat, which has given me an error preventing me from even launching the game that every published workaround—from running the program as an administrator to disabling overlays (?) to editing my PC’s bios (??!!)—hasn’t solved. And so for one whole month, a game that I own and have never cheated at in my life, remains unplayable. I’ve never even made it to the main menu.
Well, gosh golly gee, that sure seems like a problem. And Plunkett isn’t your average FIFA customer. He’s a professional in the gaming journalism space and has reviewed a metric ton of games in the past. If he can’t get into the game due to this anti-cheat software, what hope does the average gamer have?
He goes on to note that FIFA isn’t the only game with this problem. EA also published Battlefield 2042, which Plunkett notes at least lets him boot into the game menu and allows him to play the game for a few minutes before it freezes up entirely. The same anti-cheat software appears to be the issue there as well.
Now, console gamers may chalk this all up to the perils of PC gaming. But that is, frankly, bullshit. This isn’t a hardware problem. It’s a publisher and software problem.
[…]
there’s certainly cheating going on in these games, but it seems like the anti-cheat software is the one cheating customers out of the games they bought.
New, highly detailed images of the artificial islands China has built in the South China Sea have emerged. They show the intricacies of the radar installations, airfields, and naval gun emplacements, among buildings and other structures, located there.
Captured by photographer Ezra Acayan flying in an aircraft near the man-made fortresses in the Spratly Islands, the images are some of the most detailed yet available of what China is up to there and they give a totally new perspective compared to the daily satellite images we see of these locations.
Close-ups of one island in Cuarteron Reef show naval gun emplacements on a series of towers of increasing height, backed by a radar gunnery director. Atop the battlement-like setup is a large radome. The radar’s elevated position would give it a better line of sight over the horizon. These types of weapons installation have been something of a staple at these island outposts. In this case, it looks to host Type 730/1130 close-in weapon system (CIWS) and a H/PJ76 76mm multi-purpose deck gun. These would provide highly-localized defense against low-flying air threats, like cruise missiles, aircraft, and drones, as well as protection against vessels near the island.
An artificial island built by China in Cuarteron Reef on October 25, 2022, in the Spratly Islands, South China Sea. Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
A similar setup is seen on another structure that does not feature the large dome on the other end of the small island.
Photo by Ezra Acayan/Getty Images
What could be a truck-mounted phased array radar is also visible, as are various objects covered with camouflage tarps. The main building is festooned with domes and antennae and also features deck-like extensions with some sort of systems mounted that are also covered. Tall antennas and lines connecting them dot the forested area.
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
A wider view shows all these features and a large helipad.
Photo by Ezra Acayan/Getty Images
China has been arming its manufactured islands with weapon systems since not long after they took shape. As we pointed out in this previous piece, these close-in defensive weapons are installed on roughly 30-foot-wide platforms set atop clusters of hexagonal concrete towers, in some cases built near, or as part of, a larger radar system. These images are the best look we have gotten of these structures yet.
Several photos show the finished airfield on the island built out of Fiery Cross Reef. As seen in the image below, the runway is flanked by hangars and a large tower topped with a radome. Nearby is a field of what appear to be communications antennas and another assortment of domes. Across a harbor, another series of domed towers and a four-door garage-like structure on a concrete pad are seen. The exact use of these garages is unclear, but, as we have speculated before, they could be used to house, service, and rapidly deploy transporter-erector-launchers (TELs) used to fire surface-to-air, anti-ship, and/or surface-to-surface missiles.
Another angle on the same island gives a closer look and the relative size and arrangement of additional domes. Various trucks and other systems are also seen.
Photo by Ezra Acayan/Getty Images
Two photos show one of the most built-up areas on Fiery Cross Reef. In them, a KJ-500 airborne early warning and control (AEW&C) aircraft is visible on the taxiway. These and other intelligence-gathering and submarine-hunting airframes frequently operate from the airfield there. You can also see examples of the much larger, multi-story hangars on the island. Along with residential and administrative buildings, Fiery Cross Island also includes a sports track and field, among other living quarters, recreational facilities, and administrative buildings. There is also a red-and-white lighthouse.
Ezra Acayan/Getty Images
Ezra Acayan/Getty Images
A closer look at the same facility shows the smaller hangars and what appears to be a medical landing pad, painted with a red cross. The smaller, more fighter-sized hangars can be seen here too, as well as the terminal building.
Photo by Ezra Acayan/Getty Images
Another full-size runway and airfield are seen in great detail in the photo below of the artificial island on Mischief Reef. An aircraft can be seen inside the open hangar at the top of the image, but it is difficult to identify what type it may be. Something like a Y-9 or another four-engine turboprop aircraft is most likely what is in there. As with most of the photographs, there is little sign of activity on the ground at any of the installations. The images also give a good idea of just how large the airfield is. During a contingency operation, it could be loaded up with dozens of combat aircraft, from fighters to bombers.
Ezra Acayan/Getty Images
Ezra Acayan/Getty Images
A wider-angle view of the same island shows a collection of building at the near end and another array of radome-topped towers at the far end. A large low-slung structure that is covered in grass is also seen in the distance. It is not clear what this would be used for, but weapons storage is one possibility. Beyond the towers, four aids to navigation mark the visibly deeper channel between the island and another section of the reef.
Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
The harbor and part of the living and admin section of Mischief Reef. Notice it is a bit less congested than some of China’s other man-made island layouts. Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
The picture of Mischief Reef above notably shows a pair of Type 022 Houbei class catamaran fast attack missile craft, readily recognizable by their distinct camouflage scheme. The first reports that the People’s Liberation Army Navy had deployed Type 022s to this outpost emerged last year. These boats are relatively small, but can carry up to eight YJ-83 subsonic anti-ship missiles, along with their bow-mounted 30mm H/PJ-13 Gatling-type guns.
A closer look at the two Type 022 Houbei class missile boats seen moored at Mischief Reef. Photo by Ezra Acayan/Getty Images
The image below shows a relatively small artificial island on Hughes Reef, also in the Spratly Islands, with a large tower at one end, a narrow road and what appears to be a helicopter pad in the middle, and a multi-story building at the other end, complete with what looks like a large swimming pool. The main structure is very similar to the one on Cuarteron Reef with similar decks and roof elements. The large square pylons are of interest, although it is not clear what their purpose is or was.
Photo by Ezra Acayan/Getty Images
Another of the smaller man-made islands is on Gaven Reef. It features a very similar central structure, but it also has gun platforms extending from it sporting 76mm deck guns. A harbor area and a handful of large domes are also visible.
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Port facilities are visible in the below photo of an artificial island built on Subi Reef. Much undeveloped ground and planted areas are among a large cluster of buildings. The island also features a tall, slender lighthouse at one end, another of the four-door garage-like facilities, and at least one radar dome similar to those seen on other islands.
The artificial island built by China in Subi Reef. Ezra Acayan/Getty Images
Another angle of Subi Reef’s airfield shows the large number of hangars packed into the space, with the same smaller, fighter-sized ones set closer to the runway and the much larger, multi-story hangars set back. Also, note the vehicles seemingly blocking the runway. This could be a normal precaution when planes are nearby, in this case, the camera ship.
Photo by Ezra Acayan/Getty Images
Photo by Ezra Acayan/Getty Images
Another angle shows the extent of the support buildings and antennas farms.
Photo by Ezra Acayan/Getty Images
A wider angle of the island. Photo by Ezra Acayan/Getty Images
Beijing has aggressively asserted its claim to these and other disputed shoals in the South China Sea. By artificially expanding some existing islands, building new ones, and establishing a permanent military presence, China seeks to solidify these claims, regardless of what the international community or its neighbors think of them.
The reefs are strategically located between countries that contest China’s claim to the region and stake their own assertions on defensive and economic access. Malaysia, the Philippines, and Vietnam all have territorial claims to the areas in which China has built islands and planted its flag.
A map showing Chinese military outposts in the Spratly Islands at the southern end of the South China Sea, including those seen in the pictures in this story, as well as other non-Chinese facilities in the hotly contested region. DOD
China has long sought to create a near-seamless anti-access/area-denial bubble covering almost the entire South China Sea. Building such extensive infrastructure on these manufactured spits of land is a key part of that plan. Aside from short-range weapons like the naval guns visible in these photos, China has deployed longer-range systems to some of these islands. Clearly, their infrastructure was designed to help conceal these mobile systems when not in use or not on high alert and they could pour in additional capabilities with little notice.
As outlined in the newly published National Defense Strategy, the U.S. military considers China the pacing threat as it contemplates potential future conflict. Each U.S. military service is preparing to operate across the vast distances of the Pacific as it challenges Chinese expansionism in the region. The U.S. Navy also takes responsibility for maintaining freedom of navigation through the contested South China Sea, often steaming carrier strike groups and other ships, along with those of allies and partner nations, through the area and within sight of Chinese naval vessels. This has led to some very tense maritime encounters.
With the complex installations seen on its archipelagos of artificial islands, China presents a solid deterrent to challengers of its claims and could rapidly shut down, or at least directly challenge, any movements through the region under threat of activating all its capabilities that can be deployed on and around its island outposts.
“On October 8th, PayPal updated its terms of service agreement to include a clause enabling it to withdraw $2,500 from users’ bank accounts simply for posting anything the company deems as misinformation or offensive,” reports Grit Daily. “Unsurprisingly, the backlash was instant and massive,” causing the company to backtrack on the policy and claim the update was sent out “in error.” Now, after the criticism on social media died down, severalmediaoutlets are reporting that the company quietly reinstated the questionable misinformation fine — even though that itself may be a bit of misinformation. From a report: Apparently, they believed that everyone would just accept their claim and immediately forget about the incident. So the clause that was a mistake and was never intended to be included in PayPal’s terms of service magically ended up back in there once the criticism died back down. That sounds plausible, right? And as for what constitutes a “violation” of the company’s terms of service, the language is so vaguely worded that it could encompass literally anything.
The term “other forms of intolerance” is so broad that it legally gives the company grounds to claim that anyone not fully supporting any particular position is engaging in “intolerance” because the definition of the word is the unwillingness to accept views, beliefs, or behavior that differ from one’s own. So essentially, this clause gives PayPal the perceived right to withdraw $2,500 from users accounts for voicing opinions that PayPal disagrees with. As news of PayPal’s most recent revision spreads, I anticipate that the company’s PR disaster will grow, and with numerous competing payment platforms available today, this could deliver a devastating and well deserved blow to the company. UPDATE: According to The Deep Dive, citing Twitter user Kelley K, PayPal “never removed the $2,500 fine. It’s been there for over a year. All they removed earlier this month was a new section that mentioned misinformation.”
She goes on to highlight the following:
1.) [T]he $2,500 fine has been there since September 2021.
2.) PayPal did remove what was originally item number 5 of the Prohibited Activities annex, the portion that contained the questionable “promoting misinformation” clause that the company claims was an “error.”
3.) [T]he other portion, item 2.f. which includes “other forms of intolerance that is discriminatory,” which some have pointed out may also be dangerous as the language is vague, has always been there since the policy was updated, and not recently added.
NASA’s Lucy spacecraft captured this image (which has been cropped) of the Earth on Oct 15, 2022, as a part of an instrument calibration sequence at a distance of 380,000 miles (620,000 km). The upper left of the image includes a view of Hadar, Ethiopia, home to the 3.2 million-year-old human ancestor fossil for which the spacecraft was named.
Lucy is the first mission to explore the Jupiter Trojan asteroids, an ancient population of asteroid “fossils” that orbit around the Sun at the same distance as Jupiter. To reach these distant asteroids, the Lucy spacecraft’s trajectory includes three Earth gravity assists to boost it on its journey to these enigmatic asteroids.
The image was taken with Lucy’s Terminal Tracking Camera (T2CAM) system, a pair of identical cameras that are responsible for tracking the asteroids during Lucy’s high-speed encounters. The T2CAM system was designed, built and tested by Malin Space Science Systems; Lockheed Martin Integrated the T2CAMs onto the Lucy spacecraft and operates them.
Credits: NASA/Goddard/SwRI
On October 13, 2022, NASA’s Lucy spacecraft captured this image of the Earth and the Moon from a distance of 890,000 miles (1.4 million km). The image was taken as part of an instrument calibration sequence as the spacecraft approached Earth for its first of three Earth gravity assists. These Earth flybys provide Lucy with the speed required to reach the Trojan asteroids — small bodies that orbit the Sun at the same distance as Jupiter. On its 12 year journey, Lucy will fly by a record breaking number of asteroids and survey their diversity, looking for clues to better understand the formation of the solar system.
The image was taken with Lucy’s Terminal Tracking Camera (T2CAM) system, a pair of identical cameras that are responsible for tracking the asteroids during Lucy’s high speed encounters. The T2CAM system was designed, built and tested by Malin Space Science Systems; Lockheed Martin Integrated the T2CAMs onto the Lucy spacecraft and operates them.
A team of researchers from the National University of Singapore (NUS) have made a serendipitous scientific discovery that could potentially revolutionize the way water is broken down to release hydrogen gas—an element crucial to many industrial processes.
The team, led by Associate Professor Xue Jun Min, Dr. Wang Xiaopeng and Dr. Vincent Lee Wee Siang from the Department of Materials Science and Engineering under the NUS College of Design and Engineering (NUS CDE), found that light can trigger a new mechanism in a catalytic material used extensively in water electrolysis, where water is broken down into hydrogen and oxygen. The result is a more energy-efficient method of obtaining hydrogen.
[…]
“We discovered that the redox center for electro-catalytic reaction is switched between metal and oxygen, triggered by light,” said Assoc. Prof. Xue. “This largely improves the water electrolysis efficiency.”
[…]
an accidental power trip of the ceiling lights in his laboratory almost three years ago allowed them to observe something that the global scientific community has not yet managed to do.
Back then, the ceiling lights in Assoc. Prof. Xue’s research lab were usually turned on for 24 hours. One night in 2019, the lights went off due to a power trip. When the researchers returned the next day, they found that the performance of a nickel oxyhydroxide-based material in the water electrolysis experiment, which had continued in the dark, had fallen drastically.
“This drop in performance, nobody has ever noticed it before, because no one has ever done the experiment in the dark,” said Assoc. Prof. Xue. “Also, the literature says that such a material shouldn’t be sensitive to light; light should not have any effect on its properties.”
[…]
With their findings, the team is now working on designing a new way to improve industrial processes to generate hydrogen. Assoc. Prof. Xue is suggesting making the cells containing water to be transparent, so as to introduce light into the water splitting process.
“This should require less energy in the electrolysis process, and it should be much easier using natural light,” said Assoc. Prof. Xue. “More hydrogen can be produced in a shorter amount of time, with less energy consumed.”
[…]
More information: Xiaopeng Wang et al, Pivotal role of reversible NiO6 geometric conversion in oxygen evolution, Nature (2022). DOI: 10.1038/s41586-022-05296-7
The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for anyone to look at. One of the open instances, the 3TB public-facing ElasticSearch database, contains a trove of sensitive, up-to-date information from across the company’s platforms. The company recognized the issue and fixed it immediately.
Thomson Reuters provides customers with products such as the business-to-business media tool Reuters Connect, legal research service and database Westlaw, the tax automation system ONESOURCE, online research suite of editorial and source materials Checkpoint, and other tools.
The size of the open database the team discovered corresponds with the company using ElasticSearch, a data storage favored by enterprises dealing with extensive, constantly updated volumes of data.
Media giant with $6.35 billion in revenue left at least three of its databases open
At least 3TB of sensitive data exposed including Thomson Reuters plaintext passwords to third-party servers
The data company collects is a treasure trove for threat actors, likely worth millions of dollars on underground criminal forums
The company has immediately fixed the issue, and started notifying their customers
Thomson Reuters downplayed the issue, saying it affects only a “small subset of Thomson Reuters Global Trade customers”
The dataset was open for several days – malicious bots are capable of discovering instances within mere hours
Threat actors could use the leak for attacks, from social engineering attacks to ransomware
The naming of ElasticSearch indices inside the Thomson Reuters server suggests that the open instance was used as a logging server to collect vast amounts of data gathered through user-client interaction. In other words, the company collected and exposed thousands of gigabytes of data that Cybernews researchers believe would be worth millions of dollars on underground criminal forums because of the potential access it could give to other systems.
Meanwhile, Thomson Reuters claims that out of three misconfigured servers the team informed the company about, two were designed to be publicly accessible. The third server was a non-production server meant for “application logs from the pre-production/implementation environment.”
[…]
For example, the open dataset held access credentials to third-party servers. The details were held in plaintext format, visible to anyone crawling through the open instance.
[…]
The team also found the open instance to contain login and password reset logs. While these don’t expose either old or new passwords, the logs show the account holder’s email address, and the exact time the password change query was sent can be seen.
Another piece of sensitive information includes SQL (structured query language) logs that show what information Thomson Reuters clients were looking for. The records also include what information the query brought back.
That includes documents with corporate and legal information about specific businesses or individuals. For instance, an employee of a company based in the US was looking for information about an organization in Russia using Thomson Reuters services, only to find out that its board members were under US sanctions over their role in the invasion of Ukraine.
The team has also discovered that the open database included an internal screening of other platforms such as YouTube, Thomson Reuters clients’ access logs, and connection strings to other databases. The exposure of connection strings is particularly dangerous because the company’s internal network elements are exposed, enabling threat actors’ lateral movement and pivoting through Reuter Thomson’s internal systems.
[…]
The team contacted Thomson Reuters upon discovering the leaking database, and the company took down the open instance immediately.
“Upon notification we immediately investigated the findings provided by Cybernews regarding the three potentially misconfigured servers,” a Thomson Reuters representative told Cybernews.
Scientists with the University of Chicago have discovered a way to create a material that can be made like a plastic, but conducts electricity more like a metal.
The research, published Oct. 26 in Nature, shows how to make a kind of material in which the molecular fragments are jumbled and disordered, but can still conduct electricity extremely well.
[…]
fundamentally, both of these organic and traditional metallic conductors share a common characteristic. They are made up of straight, closely packed rows of atoms or molecules. This means that electrons can easily flow through the material, much like cars on a highway. In fact, scientists thought a material had to have these straight, orderly rows in order to conduct electricity efficiently.
Then Xie began experimenting with some materials discovered years ago, but largely ignored. He strung nickel atoms like pearls into a string of of molecular beads made of carbon and sulfur, and began testing.
To the scientists’ astonishment, the material easily and strongly conducted electricity. What’s more, it was very stable. “We heated it, chilled it, exposed it to air and humidity, and even dripped acid and base on it, and nothing happened,” said Xie. That is enormously helpful for a device that has to function in the real world.
But to the scientists, the most striking thing was that the molecular structure of the material was disordered. “From a fundamental picture, that should not be able to be a metal,” said Anderson. “There isn’t a solid theory to explain this.”
Xie, Anderson, and their lab worked with other scientists around the university to try to understand how the material can conduct electricity. After tests, simulations, and theoretical work, they think that the material forms layers, like sheets in a lasagna. Even if the sheets rotate sideways, no longer forming a neat lasagna stack, electrons can still move horizontally or vertically—as long as the pieces touch.
The end result is unprecedented for a conductive material. “It’s almost like conductive Play-Doh—you can smush it into place and it conducts electricity,” Anderson said.
The scientists are excited because the discovery suggests a fundamentally new design principle for electronics technology. Conductors are so important that virtually any new development opens up new lines for technology, they explained.
One of the material’s attractive characteristics is new options for processing. For example, metals usually have to be melted in order to be made into the right shape for a chip or device, which limits what you can make with them, since other components of the device have to be able to withstand the heat needed to process these materials.
The new material has no such restriction because it can be made at room temperatures. It can also be used where the need for a device or pieces of the device to withstand heat, acid or alkalinity, or humidity has previously limited engineers’ options to develop new technology.
Medibank Private Ltd (MPL.AX), Australia’s biggest health insurer, said on Wednesday a cyber hack had compromised data of all of its of its nearly 4 million customers, as it warned of a A$25 million to A$35 million ($16 million to $22.3 million) hit to first-half earnings.
It said on Wednesday that all personal and significant amounts of health claims data of all its customers were compromised in the breach reported this month, a day after it warned the number of customers affected would grow. read more
Shares in the company fell more than 14%, its biggest one-day slide since listing in 2014.
Medibank, which covers one-sixth of Australians, said the estimated cost did not include further potential remediation or regulatory expenses.
“Our investigation has now established that this criminal has accessed all our private health insurance customers’ personal data and significant amounts of their health claims data,” chief executive David Koczkar said in a statement. “I apologise unreservedly to our customers. This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community.”
The company reiterated that its IT systems had not been encrypted by ransomware to date and that it would continue to monitor for any further suspicious activity.
“Everywhere we have identified a breach, it is now closed,” John Goodall, Medibank’s top technology executive, told an analyst call on Wednesday.
The finding, which researchers made by measuring the electrical fields around honeybee (apis mellifera) hives, reveals that bees can produce as much atmospheric electricity as a thunderstorm. This can play an important role in steering dust to shape unpredictable weather patterns; and their impact may even need to be included in future climate models.
Insects’ tiny bodies can pick up positive charge while they forage — either from the friction of air molecules against their rapidly beating wings (honeybees can flap their wings more than 230 times a second) or from landing onto electrically charged surfaces. But the effects of these tiny charges were previously assumed to be on a small scale. Now, a new study, published Oct. 24 in the journal iScience, shows that insects can generate a shocking amount of electricity.
[…]
To test whether honeybees produce sizable changes in the electric field of our atmosphere, the researchers placed an electric field monitor and a camera near the site of several honeybee colonies. In the 3 minutes that the insects flooded into the air, the researchers found that the potential gradient above the hives increased to 100 volts per meter. In other swarming events, the scientists measured the effect as high as 1,000 volts per meter, making the charge density of a large honeybee swarm roughly six times greater than electrified dust storms and eight times greater than a stormcloud.
The scientists also found that denser insect clouds meant bigger electrical fields — an observation that enabled them to model other swarming insects such as locusts and butterflies.
Locusts often swarm to “biblical scales,” the scientists said, creating thick clouds 460 square miles (1,191 square kilometers) in size and packing up to 80 million locusts into less than half a square mile (1.3 square km). The researchers’ model predicted that swarming locusts’ effect on the atmospheric electric field was staggering, generating densities of electric charge similar to those made by thunderstorms.
The researchers say it’s unlikely the insects are producing storms themselves, but even when potential gradients don’t meet the conditions to make lightning, they can still have other effects on the weather. Electric fields in the atmosphere can ionize particles of dust and pollutants, changing their movement in unpredictable ways. As dust can scatter sunlight, knowing how it moves and where it settles is important to understanding a region’s climate.
The San Diego County Water Authority has an unusual plan to use the city’s scenic San Vicente Reservoir to store solar power so it’s available after sunset. The project, and others like it, could help unlock America’s clean energy future.
Perhaps a decade from now, if all goes smoothly, large underground pipes will connect this lake to a new reservoir, a much smaller one, built in a nearby canyon about 1100 feet higher in elevation. When the sun is high in the sky, California’s abundant solar power will pump water into that upper reservoir.
It’s a way to store the electricity. When the sun goes down and solar power disappears, operators would open a valve and the force of 8 million tons of water, falling back downhill through those same pipes, would drive turbines capable of generating 500 megawatts of electricity for up to eight hours. That’s enough to power 130,000 typical homes.
Neena Kuzmich, deputy director of engineering for the San Diego County Water Authority, has been working on plans for pumped energy storage at the San Vicente reservoir.
Dan Charles for NPR
“It’s a water battery!” says Neena Kuzmich, Deputy Director of Engineering for the water authority. She says energy storage facilities like these will be increasingly vital as California starts to rely more on energy from wind and solar, which produce electricity on their own schedules, unbothered by the demands of consumers.
Cybercriminals have used two strains of point-of-sale (POS) malware to steal the details of more than 167,000 credit cards from payment terminals.
The backend command-and-control (C2) server that operates the MajikPOS and Treasure Hunter malware remains active, according to Group-IB’s Nikolay Shelekhov and Said Khamchiev, and “the number of victims keeps growing,” they said this week.
[…]
The MajikPOS and Treasure Hunter malware infect Windows POS terminals and scan the devices to exploit the moments when card data is read and stored in plain text in memory. Treasure Hunter in particular performs this so-called RAM scraping: it pores over the memory of processes running on the register for magnetic-stripe data freshly swiped from a shopper’s bank card during payment. MajikPOS also scans infected PCs for card data. This info is then beamed back to the malware operators’ C2 server.
MajikPOS and Treasure Hunter
Of the two POS malware strains used in this campaign, MajikPOS is the newest, first seen targeting POS devices in 2017. The malware operators likely started with Treasure Hunter, and then paired it with the newer MajikPOS due to the latter’s more advanced features.
This includes “a more visually appealing control panel, an encrypted communication channel with C2, [and] more structured logs,” compared to Treasure Hunter, according to Group-IB. “MajikPOS database tables contain information about the infected device’s geolocation, operation system name, and hardware identification number.”
[…]
Treasure Hunter first appeared in 2014 before the source code was leaked on a Russian-speaking forum. Its primary use is RAM scraping, and is likely installed the same way as MajikPOS.
Today both MajikPOS and Treasure Hunter can be bought and sold on nefarious marketplaces.
In a months-long investigation, Group-IB analyzed about 77,400 card dumps from the MajikPOS panel and another 90,000 from the Treasure Hunter panel, the researchers wrote. Almost all — 97 percent or 75,455 — of the cards compromised by MajikPOS were issued by US banks with the remaining 3 percent distributed around the world.
The Treasure Hunter panel told a similar story with 96 percent (86,411) issued in the US.
Lenovo has staged its annual Tech World gabfest and teased devices with rollable OLED screens that shrink or expand as applications demand.
The company emitted the video below to show off its rollables. We’ve embedded and set the vid to start at the moment the rollable phone is demoed. The rollable laptop demo starts at the 53 second mark.
Lenovo has offered no explanation of how the rollables work, and the video above does not show the rear of the prototype rollable smartphone and laptop.
[…] It used to be that the only way to prevent Google from using your data for targeted ads was turning off personalized ads across your whole account, or disabling specific kinds of data using a couple of settings, including Web & App Activity and YouTube History. Those two settings control whether Google collects certain details about what you do on its platform (you can see some of that data here). Turning off the controls meant Google wouldn’t use the data for ads, but it disabled some of the most useful features on services such as Maps, Search, and Google Assistant.
Thanks to a new set of controls, that’s no longer true. You can now leave Web & App Activity and YouTube History on, but drill into to adjust more specific settings to tell Google you don’t want the related data used for targeted ads.
The detail is tucked into an announcement about the rollout of a new hub for Google’s advertising settings called My Ad Center. “You can decide what types of your Google activity are used to show you ads, without impacting your experience with the utility of the product,” Jerry Dischler, vice president of ads at Google, wrote in a blog post.
That’s a major step in the direction of what experts call “usable privacy,” or data protection that’s easy to manage without breaking other parts of the internet.
[…]
You’ll find the new controls in My Ad Center, which starts rolling out to users this week. It primarily serves as a hub for Google’s existing ad controls, but you’ll find some expanded options, new tools, and a number of other updates.
When you open My Ad Center, you’ll be able to fine tune whether you see ads related to certain subjects or advertisers. […] You’ll also be able to view ads and advertisers that you’ve seen recently, and see all the ads that specific advertisers have run over the last thirty days.
Google also includes a way to toggle off ads on sensitive subjects such as alcohol, parenting, and weight loss. Unlike similar settings on Facebook and Instagram, though, you can’t tell Google you don’t want to see ads about politics.
So you probably need to spend quite some time configuring this – we will see, but most importantly you are now directly telling Google what you do and don’t like (and what you don’t like tells them about what you do like) without them having to feed your search behaviour through an algorithm and making them guess at how to best /– mind control –/ sell ads to you
Texas has filed a lawsuit against Alphabet’s (GOOGL.O) Google for allegedly collecting biometric data of millions of Texans without obtaining proper consent, the attorney general’s office said in a statement on Thursday.
The complaint says that companies operating in Texas have been barred for more than a decade from collecting people’s faces, voices or other biometric data without advanced, informed consent.
“In blatant defiance of that law, Google has, since at least 2015, collected biometric data from innumerable Texans and used their faces and their voices to serve Google’s commercial ends,” the complaint said. “Indeed, all across the state, everyday Texans have become unwitting cash cows being milked by Google for profits.”
The collection occurred through products like Google Photos, Google Assistant, and Nest Hub Max, the statement said.
A hospital network in Wisconsin and Illinois fears visitor tracking code on its websites may have transmitted personal information on as many as 3 million patients to Meta, Google, and other third parties.
Advocate Aurora Health (AAH) reported the potential breach to the US government’s Health and Human Services. As well as millions of patients, AAH has 27 hospitals and 32,000 doctors and nurses on its books.
[…]
Essentially, AAH is saying that it placed analytics code on its online portals to get an idea of how many people visit and login to their accounts, what they use, and so on. It’s now determined that code – known also as trackers or pixels because they may be loaded onto pages as invisible single pixels – may have sent personal info from the pages patients had open to those providing the trackers, such as Facebook or Google.
You might imagine these trackers simply transmit a unique identifier and IP address for the visitor and some details about their actions on the site for subsequent analysis and record keeping. But it turns out these pixels can send back all sorts of things like search terms, your doctor’s name, and the illnesses you’re suffering from.
[…]
The data that may have been sent, though, is extensive: IP addresses, appointment information including scheduling and type, proximity to an AAH facility, provider information, digital messages, first and last name, insurance data, and MyChart account information may all have been exposed. AAH said financial and Social Security information was not compromised.
[…]
Earlier this year, it was shown that Meta’s pixels could collect a lot more than basic usage metrics, transmitting personal data to Zuckercorp even for people who didn’t have Facebook accounts. The same is true of other trackers, such as TikTok’s, which can gather personal data regardless of whether a website’s visitor has ever set a digital foot on the China-owned social network.
Generally speaking, site and app owners have control over how much or how little is collected by the trackers they place on their pages. You can configure which activities trigger a ping back to the pixel provider, such as Meta, which you can then review from a backend dashboard.
While the info exposed by AAH was not grabbed by hackers, it is now in the hands of Big Tech, which is a privacy concern no matter what those technology companies say.
AAH said it – like so many other organizations, government and private – was using the trackers to aggregate user data for analysis, and it only seems to have just occurred to the nonprofit that this data is private health information and shouldn’t really be fed into Meta or Google.
India’s Competition Commission has announced it will fine Google ₹1,337.76 crore (₹13,377,600,000 or $161.5 million) for abusing its dominant position in multiple markets in the Android Mobile device ecosystem and ordered the company to open the Android ecosystem to competition
[…]
The Commission found Google was dominant in all five markets and worked to preserve that position with instruments such as the Mobile Application Distribution Agreement (MADA) that required Android licensees to include Google’s apps.
“MADA assured that the most prominent search entry points – i.e., search app, widget and Chrome browser – are pre-installed on Android devices, which accorded significant competitive edge to Google’s search services over its competitors,” the CIC found. Google’s policies also gave the company “significant competitive edge over its competitors” for its own apps such as YouTube on Android devices.
The CIC offered the following assessment of how Google’s actions impacted the market:
The competitors of these services could never avail the same level of market access which Google secured and embedded for itself through MADA. Network effects, coupled with status quo bias, create significant entry barriers for competitors of Google to enter or operate in the concerned markets.
[…]
For those and many other reasons, the CIC decided Google was on the wrong side of India’s Competition Act. In addition to the abovementioned fine, it imposed a cease and desist order on Google that requires it to change some of its business practices to do things such as:
Allowing third—party app stores to be sold on Google Play;
Allowing side-loading of apps;
Giving users choice of default search engine other than Google when setting up a device;
Ceasing payments to handset makers to secure search exclusivity;
Not denying access to Android APIs to developers who build apps that run on Android forks.
Some of the above are measures that other competition regulators around the world have contemplated, but not implemented.
So while India’s fine is a quarter of a day worth of Google’s $256 billion annual revenue and therefore a pin-prick, the tiny wound could become infected if other regulators decide to poke around.
Networked doorbell surveillance cameras like Amazon’s Ring are everywhere, and have changed the nature of delivery work by letting customers take on the role of bosses to monitor, control, and discipline workers, according to a recent report (PDF) by the Data & Society tech research institute. “The growing popularity of Ring and other networked doorbell cameras has normalized home and neighborhood surveillance in the name of safety and security,” Data & Society’s Labor Futures program director Aiha Nguyen and research analyst Eve Zelickson write. “But for delivery drivers, this has meant their work is increasingly surveilled by the doorbell cameras and supervised by customers. The result is a collision between the American ideas of private property and the business imperatives of doing a job.”
Thanks to interviews with surveillance camera users and delivery drivers, the researchers are able to dive into a few major developments interacting here to bring this to a head. Obviously, the first one is the widespread adoption of doorbell surveillance cameras like Ring. Just as important as the adoption of these cameras, however, is the rise of delivery work and its transformation into gig labor. […] As the report lays out, Ring cameras allow customers to surveil delivery workers and discipline their labor by, for example, sharing shaming footage online. This dovetails with the “gigification” of Amazon’s delivery workers in two ways: labor dynamics and customer behavior.
“Gig workers, including Flex drivers, are sold on the promise of flexibility, independence and freedom. Amazon tells Flex drivers that they have complete control over their schedule, and can work on their terms and in their space,” Nguyen and Zelickson write. “Through interviews with Flex drivers, it became apparent that these marketed perks have hidden costs: drivers often have to compete for shifts, spend hours trying to get reimbursed for lost wages, pay for wear and tear on their vehicle, and have no control over where they work.” That competition between workers manifests in other ways too, namely acquiescing to and complying with customer demands when delivering purchases to their homes. Even without cameras, customers have made onerous demands of Flex drivers even as the drivers are pressed to meet unrealistic and dangerous routes alongside unsafe and demanding productivity quotas. The introduction of surveillance cameras at the delivery destination, however, adds another level of surveillance to the gigification. […] The report’s conclusion is clear: Amazon has deputized its customers and made them partners in a scheme that encourages antagonistic social relations, undermines labor rights, and provides cover for a march towards increasingly ambitious monopolistic exploits. As Nguyen and Zelickson point out, it is ingenious how Amazon has “managed to transform what was once a labor cost (i.e., supervising work and asset protection) into a revenue stream through the sale of doorbell cameras and subscription services to residents who then perform the labor of securing their own doorstep.”
The team behind the monitoring project — ByteDance’s Internal Audit and Risk Control department — is led by Beijing-based executive Song Ye, who reports to ByteDance cofounder and CEO Rubo Liang.
The team primarily conducts investigations into potential misconduct by current and former ByteDance employees. But in at least two cases, the Internal Audit team also planned to collect TikTok data about the location of a U.S. citizen who had never had an employment relationship with the company, the materials show. It is unclear from the materials whether data about these Americans was actually collected; however, the plan was for a Beijing-based ByteDance team to obtain location data from U.S. users’ devices.
[…]
material reviewed by Forbes indicates that ByteDance’s Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources.
[…]
The Internal Audit and Risk Control team runs regular audits and investigations of TikTok and ByteDance employees, for infractions like conflicts of interest and misuse of company resources, and also for leaks of confidential information. Internal materials reviewed by Forbes show that senior executives, including TikTok CEO Shou Zi Chew, have ordered the team to investigate individual employees, and that it has investigated employees even after they left the company.
[…]
ByteDance is not the first tech giant to have considered using an app to monitor specific U.S. users. In 2017, the New York Times reported that Uber had identified various local politicians and regulators and served them a separate, misleading version of the Uber app to avoid regulatory penalties. At the time, Uber acknowledged that it had run the program, called “greyball,” but said it was used to deny ride requests to “opponents who collude with officials on secret ‘stings’ meant to entrap drivers,” among other groups.
[…]
Both Uber and Facebook also reportedly tracked the location of journalists reporting on their apps. A 2015 investigation by the Electronic Privacy Information Center found that Uber had monitored the location of journalists covering the company. Uber did not specifically respond to this claim. The 2021 book An Ugly Truth alleges that Facebook did the same thing, in an effort to identify the journalists’ sources. Facebook did not respond directly to the assertions in the book, but a spokesperson told the San Jose Mercury News in 2018 that, like other companies, Facebook “routinely use[s] business records in workplace investigations.”
So a bit of anti China stirring, although it’s pretty sad that nowadays this kind of surveillance by tech companies has been normalised by the us govt refusing to punish it
AmiMoJo shares a report from MacRumors: iOS 16 continues to leak data outside an active VPN tunnel, even when Lockdown mode is enabled, security researchers have discovered. Speaking to MacRumors, security researchers Tommy Mysk and Talal Haj Bakry explained that iOS 16’s approach to VPN traffic is the same whether Lockdown mode is enabled or not. The news is significant since iOS has a persistent, unresolved issue with leaking data outside an active VPN tunnel.
According to a report from privacy company Proton, an iOS VPN bypass vulnerability had been identified in iOS 13.3.1, which persisted through three subsequent updates. Apple indicated it would add Kill Switch functionality in a future software update that would allow developers to block all existing connections if a VPN tunnel is lost, but this functionality does not appear to prevent data leaks as of iOS 15 and iOS 16. Mysk and Bakry have now discovered that iOS 16 communicates with select Apple services outside an active VPN tunnel and leaks DNS requests without the user’s knowledge.
Mysk and Bakry also investigated whether iOS 16’s Lockdown mode takes the necessary steps to fix this issue and funnel all traffic through a VPN when one is enabled, and it appears that the exact same issue persists whether Lockdown mode is enabled or not, particularly with push notifications. This means that the minority of users who are vulnerable to a cyberattack and need to enable Lockdown mode are equally at risk of data leaks outside their active VPN tunnel. […] Due to the fact that iOS 16 leaks data outside the VPN tunnel even where Lockdown mode is enabled, internet service providers, governments, and other organizations may be able to identify users who have a large amount of traffic, potentially highlighting influential individuals. It is possible that Apple does not want a potentially malicious VPN app to collect some kinds of traffic, but seeing as ISPs and governments are then able to do this, even if that is what the user is specifically trying to avoid, it seems likely that this is part of the same VPN problem that affects iOS 16 as a whole
