Daily Archives: August 29, 2023

Europe’s new DSA and DMA rules for Big Tech in force

Posted on by

The Act (DSA) sets rules that the EU designed to make very large online platforms (VLOPs) “tackle the spread of illegal content, online disinformation and other societal risks” presented by online service providers.”

The DSA and the Digital Market Act (DMA) are a double act. Both were introduced in 2022 and will be implemented in phases through early 2024. While the DMA applies to companies who act as gatekeepers of online services and are designed to ensure equal access for some third-party software, the DSA is all about ensuring that activities which are illegal in the real world are enforceably illegal online, too.

Under the DSA digital service providers – including hosting services, online platforms, VLOPs and even intermediary service providers like ISPs – have obligations to ensure that products sold are safe and not counterfeit, and to eliminate advertising that targets minors or is served using sensitive data. Another requirement is to get rid of dark patterns in advertising. Clarity on how orgs moderate content and a requirement to present their algorithms for scrutiny is also required.

VLOPs, which the DSA defines as platforms large enough to reach 10 percent of the EU’s population, or around 45 million people, have even more rules to comply with.

The EU believes that VLOPs present the most risk to the public due to their wide reach. In addition to rules that other digital service providers have to follow, VLOPs also have to share data with “vetted” researchers and governments, allow users to opt out of profiling recommendations, submit to regular audits, and have risk management and a crisis response plans in place.

The EU made its initial declaration to cover 17 VLOPs and two very large online search engines (Bing and Google) on April 25. The DSA will apply to any and all digital service providers come February 2024. VLOPs were told they had four months from the day they were designated to achieve compliance.

Non-compliant VLOPs could face fines of up to six percent of global turnover, rather than the relatively small fines they usually face. The EC said it also has the power to require immediate platform changes and, in the case of continued noncompliance, has the right to suspend offenders from the trading bloc entirely.

[…]

Source: Europe’s new rules for Big Tech start today. Are they ready? • The Register

Zoom CEO Says It’s Hard to Build Trust Over Zoom

Posted on by

In the wake of the onslaught of the covid-19, employees across the world grew chummy with a perfectly appropriate remote work schedule that allows them to work from home. However, one of the companies that carried pandemic digital infrastructure on its back, Zoom, isn’t too keen on keeping remote workers away from the office since the video calling platform is making them too friendly, according to leaked audio of CEO Eric Yuan at an all-hands meeting at the company.

Insider first reported on the recording in which Yuan told employees within 50 miles of an office that they must report to the office a minimum of two days a week. The announcement came at a companywide meeting on August 3, during which Yuan said that it’s difficult for Zoomies—the pet name the company gives to employees—to build trust with each other on a computer screen. Yuan also reportedly added that it’s difficult to have innovative conversations and debates on the company’s own platform because it makes people too friendly.

“Over the past several years, we’ve hired so many new ‘Zoomies’ that it’s really hard to build trust,” Yuan said in the audio. “We cannot have a great conversation. We cannot debate each other well because everyone tends to be very friendly when you join a Zoom call.”

Zoom did not immediately return Gizmodo’s request for comment on the audio or when employees are expected to return to the office.

Yuan’s proposed hybrid schedule is not a huge ask as a lot of competently run companies are finding a happy medium between remote work and wholly in-office routine through hybrid arrangements. Yuan’s comments, however, point more toward the company’s beliefs in the ability of its platform—it makes you too friendly and is unable to help you build trust with the guests on your call or help you innovate.

While Yuan may have put his foot in his mouth, he is far from the first tech CEO to ask employees to return to office post-covid-19 lockdowns. Earlier this summer, Meta CEO Mark Zuckerberg mandated three days per week in the office for his employees, while Apple has reportedly begun taking attendance of those in the office. Some companies, however, have seen plenty of friction in mandating a return to in-office work, like Amazon, whose employees have staged a walkout in protest. During the height of the pandemic, a majority of big tech companies and their employees saw the promise in a completely remote schedule, which was touted as a massive perk during a hiring boom and helped these companies grow exponentially. Now that the likes of Zoom, Amazon, and Meta are scaling back on that perk, they may be facing increasing backlash from their workforce.

Source: Zoom CEO Says It’s Hard to Build Trust Over Zoom

DEA Falls for Crypto Airdrop Scam, Hands Fraudster $55,000 in Stolen Funds

Posted on by

The same federal agency that once helped bring down the biggest crypto-based dark web drug marketplace Silk Road got swindled by one of the oldest tricks in the crypto scammer playbook. The U.S. Drug Enforcement Administration reportedly handed a fraudster a little more than $55,000 in confiscated crypto funds after it was duped by a classic airdrop phishing scam.

Forbes first reported on a warrant put out by the FBI investigating the scam. Those funds were stored in a Trezor crypto wallet, a more secure kind of crypto storage than an exchange-based wallet. The funds were further secured inside a “secure facility.” However, since all transactions are public on the blockchain, a scammer noticed when the DEA sent a test amount of $45.36 in Tether to a wallet owned by the U.S. Marshals.

The alleged scammer then performed what’s known as an airdrop scam. Essentially, the fraudster created a new address with the first five and last four digits of the Marshals’ account. Each crypto wallet has a unique address that’s about 30 characters long. Then, the fraudster sent, or “airdropped” some Tether into the DEA’s account, which shows up as looking like it came from the marshal’s address.

This works because the two accounts seem similar, so any layperson who only looks at the first few and last few characters to confirm will simply copy and paste the whole address rather than type it out. Trezor actively warns its users against airdrop scams, though in most cases, fraudsters want to access the wallet’s entire balance through a website link. These scams usually work against users investing in a new coin drop, but eagle-eyed fraudsters looking at crypto addresses might get lucky with a quick phishing attack, as they did here.

Amid the confusion, the DEA ended up sending funds to the fake marshal’s address, and by the time the two separate Department of Justice agencies realized what had happened, the funds had already been moved out of the scammer’s account.

[…]

Source: DEA Falls for Crypto Scam, Hands Fraudster $55,000 in Stolen Funds

What the article doesn’t explain is why the Feds were sending around these wallets at all, considering they were supposed to be impounded and evidence?

Companies are recording your conversations whilst you are on hold with them

Posted on by

Is Achmea or Bol.com customer service putting you on hold? Then everything you say can still be heard by some of their employees. This is evident from research by Radar.

When you call customer service, you often hear: “Please note: this conversation may be recorded for training purposes.” Nothing special. But if you call the insurer Zilveren Kruis, you will also hear: “Note: Even if you are on hold, our quality employees can hear what you are saying.”

Striking, because the Dutch Data Protection Authority states that recording customers ‘on hold’ is not allowed. Companies are allowed to record the conversation, for example to conclude a contract or to improve the service.

Both mortgage provider Woonfonds and insurers Zilveren Kruis, De Friesland and Interpolis confirm that the recording tape continues to run if you are on hold with them, while this violates privacy rules.

Bol.com also continues to eavesdrop on you while you are on hold, the webshop confirms. She also gives the same reason for this: “It is technically not possible to temporarily stop the recording and start it again when the conversation starts again.”KLM, Ziggo, Eneco, Vattenfall, T-Mobile, Nationale Nederlanden, ASR, ING and Rabobank say they don’t answer their customers while they are on hold.

Source: Diverse bedrijven waaronder bol.com nemen gesprekken ‘in de wacht’ op – Emerce

Crypto Infra Startup Bankrupt After Losing Password to $38.9 Million Physical Crypto Wallet

Posted on by

A buzzy startup offering financial infrastructure to crypto companies has found itself bankrupt primarily because it can’t gain access to a physical crypto wallet with $38.9 million in it. The company also did not write down recovery phrases, locking itself out of the wallet forever in something it has called “The Wallet Event” to a bankruptcy judge.

Prime Trust pitches itself as a crypto fintech company designed to help other startups offer crypto retirement plans, know-your-customer interfaces, ensure liquidity, and a host of other services. It says it can help companies build crypto exchanges, payment platforms, and create stablecoins for its clients. The company has not had a good few months. In June, the state of Nevada filed to seize control of the company because it was near insolvency. It was then ordered to cease all operations by a federal judge because it allegedly used customers’ money to cover withdrawal requests from other companies.

The company filed for bankruptcy, and, according to a filing by its interim CEO, which you really should read in full, the company offers an “all-in-one solution for customers that remains unmatched in the marketplace.” A large problem, among more run-of-the-mill crypto economy problems such as “lack of operational and spending oversight” and “regulatory issues,” is the fact that it lost access to a physical wallet it was keeping a tens of millions of dollars in, and cannot get back into it.

[…]

It called one of these wallets the “98f Wallet,” because its address ended in “98f.”

[…]

If a user loses both the hardware device and the seed phrases, it is virtually impossible for that user to regain access to the digital wallet.”

[…]

Prime Trust opted to laser etch them into a piece of steel called “Cryptosteel Hardware,” which are called “Wallet Access Devices” in the court filings, and which look like this:

Image: Court records

According to the filing, it lost these devices, which is why it can’t get back into the wallet.

[…]

For several years, the company then took customer deposits into this address, to the tune of tens of millions of dollars. In December, 2021, “when a customer requested a significant withdrawal of ETH that the company could not fulfill [from other wallets,]” it went to withdraw it from this hardware wallet. “It was around this time that they discovered that the Company did not have the Wallet Access Devices and thus, could not access the cryptocurrency stored in the 98f Wallet.”

[…]

Source: ‘The Wallet Event’: Crypto Startup Bankrupt After Losing Password to $38.9 Million Physical Crypto Wallet