Four-day week: ‘major breakthrough’ as most UK firms in trial extend changes

The vast majority of companies taking part in the world’s largest trial of a four-day week have opted to continue with the new working pattern, in a result hailed as evidence that it could work across the UK economy.

Of the 61 companies that entered the six-month trial, 56 have extended the four-day week, including 18 who have made it permanent.

The findings will be presented to MPs on Tuesday as part of a push urging politicians to give all workers in Britain a 32-hour week.

[…]

The UK pilot, which kicked off last June, has been promoted by 4 Day Week Global, a not-for-profit organisation founded in New Zealand, and overseen by the thinktank Autonomy and a team of academics.

Companies taking part were offered workshops and mentoring to help them rethink working practices. Staff were given the opportunity to remain on their existing salary, working across four days instead of five.

[…]

In total, about 2,900 employees across the UK have taken part in the pilot. Surveys of staff taken before and after found that 39% said they were less stressed, 40% were sleeping better and 54% said it was easier to balance work and home responsibilities.

The number of sick days taken during the trial fell by about two-thirds and 57% fewer staff left the firms taking part compared with the same period a year earlier.

[…]

Ryle, of the campaign, said: “The economy doesn’t need us to be working five days a week any more. It was 100 years ago, the shift to a five-day week, and the economy’s transformed since then.”

Source: Four-day week: ‘major breakthrough’ as most UK firms in trial extend changes | Work-life balance | The Guardian

MetaGuard: Going Incognito in the Metaverse

[…]

with numerous recent studies showing the ease at which VR users can be profiled, deanonymized, and data harvested, metaverse platforms carry all the privacy risks of the current internet and more while at present having none of the defensive privacy tools we are accustomed to using on the web. To remedy this, we present the first known method of implementing an “incognito mode” for VR. Our technique leverages local ε-differential privacy to quantifiably obscure sensitive user data attributes, with a focus on intelligently adding noise when and where it is needed most to maximize privacy while minimizing usability impact. Moreover, our system is capable of flexibly adapting to the unique needs of each metaverse application to further optimize this trade-off. We implement our solution as a universal Unity (C#) plugin that we then evaluate using several popular VR applications. Upon faithfully replicating the most well known VR privacy attack studies, we show a significant degradation of attacker capabilities when using our proposed solution.

[…]

Source: MetaGuard: Going Incognito in the Metaverse | Berkeley RDI

3 motion points allow you to be identified within seconds in VR

[..]

In a paper provided to The Register in advance of its publication on ArXiv, academics Vivek Nair, Wenbo Guo, Justus Mattern, Rui Wang, James O’Brien, Louis Rosenberg, and Dawn Song set out to test the extent to which individuals in VR environments can be identified by body movement data.

The boffins gathered telemetry data from more than 55,000 people who played Beat Saber, a VR rhythm game in which players wave hand controllers to music. Then they digested 3.96TB of data, from game leaderboard BeatLeader, consisting of 2,669,886 game replays from 55,541 users during 713,013 separate play sessions.

These Beat Saber Open Replay (BSOR) files contained metadata (devices and game settings), telemetry (measurements of the position and orientation of players’ hands, head, and so on), context info (type, location, and timing of in-game stimuli), and performance stats (responses to in-game stimuli).

From this, the researchers focused on the data derived from the head and hand movements of Beat Saber players. Just five minutes of those three data points proved enough to train a classification model that, given 100 minutes of motion data from the game, could uniquely identify the player 94 percent of the time. And with just 10 seconds of motion data, the classification model managed accuracy of 73 percent.

“The study demonstrates that over 55k ‘anonymous’ VR users can be de-anonymized back to the exact individual just by watching their head and hand movements for a few seconds,” said Vivek Nair, a UC Berkeley doctoral student and one of the authors of the paper, in an email to The Register.

“We have known for a long time that motion reveals information about people, but what this study newly shows is that movement patterns are so unique to an individual that they could serve as an identifying biometric, on par with facial or fingerprint recognition. This really changes how we think about the notion of ‘privacy’ in the metaverse, as just by moving around in VR, you might as well be broadcasting your face or fingerprints at all times!”

[…]

“There have been papers as early as the 1970s which showed that individuals can identify the motion of their friends,” said Nair. “A 2000 paper from Berkeley even showed that with motion capture data, you can recreate a model of a person’s entire skeleton.”

“What hasn’t been shown, until now, is that the motion of just three tracked points in VR (head and hands) is enough to identify users on a huge (and maybe even global) scale. It’s likely true that you can identify and profile users with even greater accuracy outside of VR when more tracked objects are available, such as with full-body tracking that some 3D cameras are able to do.”

[…]

Nair said he remains optimistic about the potential of systems like MetaGuard – a VR incognito mode project he and colleagues have been working on – to address privacy threats by altering VR in a privacy-preserving way rather than trying to prevent data collection.

The paper suggests similar data defense tactics: “We hope to see future works which intelligently corrupt VR replays to obscure identifiable properties without impeding their original purpose (e.g., scoring or cheating detection).”

One reason to prefer data alteration over data denial is that there may be VR applications (e.g., motion-based medical diagnostics) that justify further investment in the technology, as opposed to propping up pretend worlds just for the sake of privacy pillaging.

[…]

Source: How virtual reality telemetry is the next threat to privacy • The Register

Google’s wants Go reporting telemetry data by default

Russ Cox, a Google software engineer steering the development of the open source Go programming language, has presented a possible plan to implement telemetry in the Go toolchain.

However many in the Go community object because the plan calls for telemetry by default.

These alarmed developers would prefer an opt-in rather than an opt-out regime, a position the Go team rejects because it would ensure low adoption and would reduce the amount of telemetry data received to the point it would be of little value.

Cox’s proposal summarized lengthier documentation in three blog posts.

Telemetry, as Cox describes it, involves software sending data from Go software to a server to provide information about which functions are being used and how the software is performing. He argues it is beneficial for open source projects to have that information to guide development.

“I believe that open-source software projects need to explore new telemetry designs that help developers get the information they need to work efficiently and effectively, without collecting invasive traces of detailed user activity,” he wrote.

[…]

Some people believe they have a right to privacy, to be left alone, and to demand that their rights are respected through opt-in consent.

As developer Louis Thibault put it, “The Go dev team seems not to have internalized the principle of affirmative consent in matters of data collection.”

Others, particularly in the ad industry, but in other endeavors as well, see opt-in as an existential threat. They believe that they have a right to gather data and that it’s better to seek forgiveness via opt-out than to ask for permission unlikely to be given via opt-in.

Source: Google’s Go may add telemetry reporting that’s on by default • The Register

Windows 11 Sends Tremendous Amount of User Data to Third Parties – pretty much spyware for loads of people!

Many programs collect user data and send it back to their developers to improve software or provide more targeted services. But according to the PC Security Channel (via Neowin (opens in new tab)) Microsoft’s Windows 11 sends data not only to the Redmond, Washington-based software giant, but also to multiple third parties.

To analyze DNS traffic generated by a freshly installed copy of Windows 11 on a brand-new notebook, the PC Security Channel used the Wireshark network protocol analyzer that reveals precisely what is happening on a network. The results were astounding enough for the YouTube channel to call Microsoft’s Windows 11 “spyware.”

As it turned out, an all-new Windows 11 PC that was never used to browse the Internet contacted not only Windows Update, MSN and Bing servers, but also Steam, McAfee, geo.prod.do, and Comscore ScorecardResearch.com. Apparently, the latest operating system from Microsoft collected and sent telemetry data to various market research companies, advertising services, and the like.

To prove the point, the PC Security Channel tried to find out what Windows XP contacted after a fresh install using the same tool and it turned out that the only things that the 20+ years old operating system contacted were Windows Update and Microsoft Update servers.

“As with any modern operating system, users can expect to see data flowing to help them remain secure, up to date, and keep the system working as anticipated,” a Microsoft spokesperson told Tom’s Hardware. “We are committed to transparency and regularly publish information about the data we collect to empower customers to be more informed about their privacy.”

Some of the claims may be, technically, overblown. Telemetry data is mentioned in Windows’ terms of service, which many people skip over to use the operating system. And you can choose not to enable at least some of this by turning off settings the first time to boot into the OS.

“By accepting this agreement and using the software you agree that Microsoft may collect, use, and disclose the information as described in the Microsoft Privacy Statement (aka.ms/privacy), and as may be described in the user interface associated with the software features,” the terms of service read (opens in new tab). It also points out that some data-sharing settings can be turned off.

Obviously, a lot has changed in 20 years and we now use more online services than back in the early 2000s. As a result, various telemetry data has to be sent online to keep certain features running. But at the very least, Microsoft should do a better job of expressly asking for consent and stating what will be sent and where, because you can’t opt out of all of the data-sharing “features.” The PC Security Channel warns that even when telemetry tracking is disabled by third-party utilities, Windows 11 still sends certain data.

Source: Windows 11 Sends Tremendous Amount of User Data to Third Parties, YouTuber Claims (Update) | Tom’s Hardware

Just when you thought Microsoft was the good guys again and it was all Google, Apple, Amazon, Meta/Facebook being evil they are back at it to prove they still have it!

Amazon Is Pocketing Half of Retailers’ Sales

Merchants on Amazon Marketplace are paying the company a commission fee of more than 50% of each sale. A new report by Marketplace Pulse revealed Amazon raised the total cost sellers are required to pay out toward storage fees at company warehouses, packaging and delivery, and advertising on the site.

The commission fee has gradually risen since 2016 according to the report, but sellers were not heavily impacted because of an influx of customers and a substantial increase in sales during the covid-19 pandemic. But the report said that sales plummeted when the lockdowns lifted and buyers turned to things like travel and dining out rather than online shopping. The residual effects meant that Amazon suffered its slowest sales growth since its inception.

Marketplace Pulse reported that Amazon receives a 15% transaction, or referral fee, from the sellers who also pay between 25% and 35% in Fulfillment fees and 15% toward advertising and promoting on the site.

The average fees Amazon collected last year rose to 51.8% from 35.2% in 2016

[…]

Source: Amazon Is Pocketing Half of Retailers’ Sales

Core-js maintainer complains open source is broken

Denis Pushkarev, maintainer of the core-js library used by millions of websites, says he’s ready to give up open source development because so few people pay for the software upon which they depend.

“Free open source software is fundamentally broken,” he wrote in a note on the core-js repository. “I could stop working on this silently, but I want to give open source one last chance.”

The issue of who pays for open source software, often created or managed by unpaid volunteers, continues to be a source of friction and discontent in the coding community.

Feross Aboukhadijeh, an open source developer and CEO of security biz Socket, had a lot to say on the subject in an email to The Register:

Maintainers are the unsung heroes of the software world, pouring their hearts into creating vast amounts of value that often goes unappreciated. These unsung heroes perform critical work that enables all of modern technology to function – this is not an exaggeration. These tireless individuals dedicate themselves to writing new features, fixing bugs, answering user inquiries, improving documentation, and developing innovative new software, yet they receive almost no recognition for their efforts.

It is imperative for the commercial industry and open source community to come together and find a way to acknowledge and reward maintainers for their invaluable contributions. As long as significant personal sacrifice is a prerequisite for open source participation, we’ll continue to exclude a lot of smart and talented folks. This isn’t good for anyone.

Maintainers of packages that are not installed directly, such as core-js, which often comes along for the ride when installing other packages, have it especially hard. Reliable, error-free transitive dependencies are invisible. Therefore, the maintainers are invisible, too. Perversely, the better these maintainers do their job, the more invisible they are. No one ever visits a GitHub repository for a transitive dependency that works perfectly – there’s no reason to do so. But a developer investigating an error stack trace might visit the repository if for no other reason than to file an issue. This is the exact problem that the core-js maintainer faced.

For the large companies that get more from the free labor in open source code than they pay out in donations – if indeed they pay out – the status quo looks like a pretty good deal.

For individual developers, however, code creation and maintenance without compensation has a cost – measurable not just in financial terms, but also in social and political capital.

For Pushkarev, known as zloirock on GitHub, the situation is that core-js is a JavaScript library that’s been downloaded billions of times and used on more than half of the top 10,000 websites – but the income he receives from donations has fallen dramatically. When he started maintaining core-js full time he could count on about $2,500 per month, and that’s down to about $400 per month at present.

[…]

 

Source: Core-js maintainer complains open source is broken

The post then goes on to politicise the guy who is complaining and mention some other stuff from the past – but that does not invalidate the point that many FOSS developers are creating software that businesses profit hugely off and they themselves don’t see a thing for – except random hate.