Daily Archives: March 12, 2024

Vehicle Cloning — Another Reason Not To Use Automated License Plate Readers

Posted on by

Over the last decade, increasing numbers of automated license plate readers (ALPR) have been installed on roads, bringing with them a variety of privacy problems, as Techdirt has reported. It’s easy to see why ALPR is popular with the authorities: license plate readers seem a simple way to monitor driving behavior and to catch people breaking traffic laws, by speeding, for example.

Since the whole process can be automated, from reading the license plates to sending out fines, it looks like an efficient, low-cost alternative to placing large numbers of police officers around the road network. There’s just one problem: the whole system is based on the assumption that the license plate on the car is genuine, and can be used to identify the person responsible for the vehicle. As an article on “car cloning” in the Guardian reports, drivers in the UK are discovering that this assumption no longer holds.

The problem is that people are making copies of other drivers’ license plates, and using them on similar-looking vehicles — generally the same model and same color — to break the law with impunity. When the ALPR cameras catch the cloners speeding, or failing to pay fees for entering special zones like London’s Ultra Low Emission Zone (ULEZ), the fines are sent to the actual owner of the license plate, not the perpetrator. The result is misery for those unlucky enough to have their license plates cloned, since it is hard to convince the authorities that automated license plate readers have made a mistake when there is apparent photographic evidence they haven’t. The experience of one driver interviewed by the Guardian is typical:

The most recent incident happened in July 2021, when he received two penalty charge notices from different London councils — one for driving in a bus lane and the other for an illegal left turn. Both notices included photos purporting to show his five-door Audi A3 car.

Despite him providing extensive evidence that at the time of one of the offences his vehicle was in a car park, and demonstrating that the one in the photo appeared to be a three-door Audi A1, the council concerned rejected his appeal.

Only when he sent in photos of his vehicle type and the one in the CCTV image where he had “circled all the differences” was the matter dropped.

Even when no fines are involved, vehicle cloning can cause financial problems for innocent drivers, as another case mentioned by the Guardian shows:

Late last year, the Guardian was contacted by another driver who had fallen victim to car cloning. The 88-year-old’s insurance doubled at renewal to £1,259 [about $1600] and she was told this was because her Ford Fiesta had been involved in an accident on the M25 [London’s main ring road] .

Despite her pointing out that she had not driven on the M25 for more than a decade, and that she had been either at church or at home at the time of the accident — and the fact that she had reported that her car had been cloned to Hertfordshire police — her insurer, Zurich, refused to take the claim off her file. Only after the Guardian intervened did the firm restore her no-claims bonus and reduce her premium accordingly.

The more automated license plate readers are installed in order to stop people breaking traffic laws, the greater the incentive for criminals and the unscrupulous to use cloned plates to break those laws without any consequences. What may once have seemed the system’s great strength — the fact that it provides photographic evidence of law breaking — turns out to be a huge weakness that can be turned against it.

Source: Vehicle Cloning — Another Reason Not To Use Automated License Plate Readers | Techdirt

Makers of Switch emulator Yuzu crushed quickly by Nintendo

Posted on by

Tropic Haze, the popular Yuzu Nintendo Switch emulator developer, appears to have agreed to settle Nintendo’s lawsuit against it. Less than a week after Nintendo filed the legal action, accusing the emulator’s creators of “piracy at a colossal scale,” a joint final judgment and permanent injunction filed Tuesday says Tropic Haze has agreed to pay the Mario maker $2.4 million, along with a long list of concessions.

Nintendo’s lawsuit claimed Tropic Haze violated the anti-circumvention and anti-trafficking provisions of the Digital Millennium Copyright Act (DMCA). “Without Yuzu’s decryption of Nintendo’s encryption, unauthorized copies of games could not be played on PCs or Android devices,” the company wrote in its complaint. It described Yuzu as “software primarily designed to circumvent technological measures.”

Yuzu launched in 2018 as free, open-source software for Windows, Linux and Android. It could run countless copyrighted Switch games — including console sellers like The Legend of Zelda: Breath of the Wild and Tears of the Kingdom, Super Mario Odyssey and Super Mario Wonder. Reddit threads comparing Switch emulators praised Yuzu’s performance compared to rivals like Ryujinx. Yuzu introduces various bugs across different titles, but it can typically handle games at higher resolutions than the Switch, often with better frame rates, so long as your hardware is powerful enough.

Screenshot from the Yuzu emulator website showing a still from Zelda: Breath of the Wild with a blueprint-style sketch of the Nintendo Switch framing it. Dark gray background.
A screenshot from Yuzu’s website, showing The Legend of Zelda: Breath of the Wild (Tropic Haze / Nintendo)

As part of an Exhibit A attached to the proposed joint settlement, Tropic Haze agreed to a series of accommodations. In addition to paying Nintendo $2.4 million, it must permanently refrain from “engaging in activities related to offering, marketing, distributing, or trafficking in Yuzu emulator or any similar software that circumvents Nintendo’s technical protection measures.”

Tropic Haze must also delete all circumvention devices, tools and Nintendo cryptographic keys used in the emulator and turn over all circumvention devices and modified Nintendo hardware. It even has to surrender the emulator’s web domain (including any variants or successors) to Nintendo. (The website is still live now, perhaps waiting for the judgment’s final a-okay.) Not abiding by the settlement’s agreements could land Tropic Haze in contempt of court, including punitive, coercive and monetary actions.

Although piracy is the top motive for many emulator users, the software can double as crucial tools for video game preservation — making rapid legal surrenders like Tropic Haze’s potentially problematic. Without emulators, Nintendo and other copyright holders could make games obsolete for future generations as older hardware eventually becomes more difficult to find.

Nintendo’s legal team is, of course, no stranger to aggressively enforcing copyrighted material. In recent years, the company went after Switch piracy websites, sued ROM-sharing website RomUniverse for $2 million and helped send hacker Gary Bowser to prison. Although it was Valve’s doing, Nintendo’s reputation indirectly got the Dolphin Wii and GameCube emulator blocked from Steam. It’s safe to say the Mario maker doesn’t share preservationists’ views on the crucial historical role emulators can play.

Despite the settlement, it appears unlikely the open-source Yuzu will disappear entirely. The emulator is still available on GitHub, where its entire codebase can be found.

Source: Makers of Switch emulator Yuzu quickly settle with Nintendo for $2.4 million

Yup, the big money of Nintendo is excellent at destroying small guys. A really good reason to hate lawyers, but also see how broken the law is. For more, see: Nintendo files lawsuit against creators of Yuzu emulator

Apple stamps feet but now to let EU developers distribute apps from the web

Posted on by

Apple’s compliance measures with the EU’s Digital Markets Act haven’t exactly been universally well received, so the iMaker is making a few tweaks to appease the software-developing masses.

In a post to its developer site today, Apple said it is modifying not only how developers can distribute apps, but also changing the structure of alternative app marketplaces and linking out for purchases that are made away from the official iOS App Store.

Let’s get the quick news out of the way first, starting with changes to alternative app marketplaces. Whereas previously alternative app marketplaces in the EU had to allow apps from other devs, Apple now says that marketplaces “can choose to offer a catalog of apps solely from the developer of the marketplace.”

Think a Meta market that contains just Facebook, Instagram, WhatsApp and the like – but not an Epic Games store, as developers still need to be part of the Apple Developer Program.

European Commission on Apple’s announcement:

“Gatekeepers are required to demonstrate and ensure effective compliance with the relevant obligations. The designated gatekeepers have submitted and published a compliance report explaining their proposals to comply with the relevant obligations.”We will now carefully analyse the compliance reports and assess whether the implemented measures are effective in achieving the objectives of the relevant obligations and DMA in general.”

The Commish added that “if needed,” it would “not hesitate to take formal enforcement action, using the entire toolbox, to fully enforce the DMA. The Commission can open proceedings against such gatekeeper for non-compliance, prescribe specific compliance solutions and impose fines.”

Apple also loosened its link-out rules, and will now allow developers pushing users outside the App Store for purchases to display their offers however they want. Up until now, developers had to use Apple-provided design templates to “optimize for key purchase and promotion use cases,” Cupertino said. Those templates are now optional.

Screw app marketplaces – let’s distribute on the web

The biggest announcement Apple made was the one that didn’t go live today: Allowing developers to distribute apps directly from their websites. Dubbed “Web Distribution,” Apple said the feature will be available following a software update later in the spring.

The new function will provide APIs “that facilitate the distribution of developers’ apps from the web, integrate with system functionality, back up and restore users’ apps, and more,” Apple explained on a new developer support page.

“Using App Store Connect, developers can easily download signed binary assets and host them on their website for distribution,” the company added. Users will have to give the OK for a developer to install apps on their device and this will require users to be presented with an App Store-esque system sheet that includes information about the app submitted to Apple.

Of course, not everyone will qualify for Web Distribution, which is limited to companies enrolled in the Apple Dev Program with a registration location based in an EU nation, and in good standing (that includes Epic again… for now). Developers distributing apps on the web also can’t offer anyone else’s software, have to publish transparent data collection policies, “be responsive to communications from Apple,” and have to handle their own taxes.

And let’s not forget Apple always ensures it gets a slice of the pie. Like Apple’s previously announced DMA provisions, devs distributing apps via the web will still be subject to a Core Technology Fee that will force them to pay €0.50 for each first annual install over one million in the past 12 months. That could add up quickly for big-name devs, though waivers are available for nonprofits, educational institutions and government entities.

Source: Apple to let EU developers distribute apps from the web • The Register

To read more about Apples greed tantrums and screaming like a little baby at the EU, click here

Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies

Posted on by
car with eye in sky

Kenn Dahl says he has always been a careful driver. The owner of a software company near Seattle, he drives a leased Chevrolet Bolt. He’s never been responsible for an accident. So Mr. Dahl, 65, was surprised in 2022 when the cost of his car insurance jumped by 21 percent. Quotes from other insurance companies were also high. One insurance agent told him his LexisNexis report was a factor. LexisNexis is a New York-based global data broker with a “Risk Solutions” division that caters to the auto insurance industry and has traditionally kept tabs on car accidents and tickets. Upon Mr. Dahl’s request, LexisNexis sent him a 258-page “consumer disclosure report,” which it must provide per the Fair Credit Reporting Act. What it contained stunned him: more than 130 pages detailing each time he or his wife had driven the Bolt over the previous six months. It included the dates of 640 trips, their start and end times, the distance driven and an accounting of any speeding, hard braking or sharp accelerations. The only thing it didn’t have is where they had driven the car. On a Thursday morning in June for example, the car had been driven 7.33 miles in 18 minutes; there had been two rapid accelerations and two incidents of hard braking.

According to the report, the trip details had been provided by General Motors — the manufacturer of the Chevy Bolt. LexisNexis analyzed that driving data to create a risk score “for insurers to use as one factor of many to create more personalized insurance coverage,” according to a LexisNexis spokesman, Dean Carney. Eight insurance companies had requested information about Mr. Dahl from LexisNexis over the previous month. “It felt like a betrayal,” Mr. Dahl said. “They’re taking information that I didn’t realize was going to be shared and screwing with our insurance.” In recent years, insurance companies have offered incentives to people who install dongles in their cars or download smartphone apps that monitor their driving, including how much they drive, how fast they take corners, how hard they hit the brakes and whether they speed. But “drivers are historically reluctant to participate in these programs,” as Ford Motor put it in apatent application (PDF) that describes what is happening instead: Car companies are collecting information directly from internet-connected vehicles for use by the insurance industry.

Sometimes this is happening with a driver’s awareness and consent. Car companies have established relationships with insurance companies, so that if drivers want to sign up for what’s called usage-based insurance — where rates are set based on monitoring of their driving habits — it’s easy to collect that data wirelessly from their cars. But in other instances, something much sneakier has happened. Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving. Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis. Automakers and data brokers that have partnered to collect detailed driving data from millions of Americans say they have drivers’ permission to do so. But the existence of these partnerships is nearly invisible to drivers, whose consent is obtained in fine print and murky privacy policies that few read. Especially troubling is that some drivers with vehicles made by G.M. say they were tracked even when they did not turn on the feature — called OnStar Smart Driver — and that their insurance rates went up as a result.