The Linkielist

Linking ideas with the world

The Linkielist

Category Archives: Global Domination

Cory Doctorow Crowdfunds His New Audiobook to Protest Amazon/Audible DRM

Posted on by

Science fiction writer Cory Doctorow (also a former EFF staffer and activist) explains why he’s crowdfunding his new audiobook online. Despite the large publishers for his print editions, “I can’t get anyone to do my audiobooks. Amazon and its subsidiary Audible, which controls 90% of the audiobook sales, won’t carry any of my audiobooks because I won’t let them put any of their digital rights management on it.

“I don’t want you locked in with their DRM as a condition of experiencing my work,” he explains in a video on Kickstarter. “And so I have to do it myself.”

He’s promising to sell the completed book through all the usual platforms “except Audible,” because “I want to send a message. If we get a lot of pre-orders for this, it’s going to tell something to Amazon and Audible about how people prioritize the stories they love over the technology they hate, and why technological freedom matters to people.

“It’s also going to help my publisher and other major publishers understand that there is an opportunity here to work with crowdfunding platforms in concert with the major publishers’ platforms to sell a lot of books in ways that side-step the monopolists, and that connect artists and audiences directly.”

it’s the third book in a series which began with the dystopian thriller Little Brother (recommended by Neil Gaiman) and continued with a sequel named Homeland. (“You may have seen Edward Snowden grab it off his bedstand and put it in his go bag and go into permanent exile in Hong Kong” in the documentary Citizen 4,” Doctorow says in his fundraising video.) The newest book, Attack Surface, finds a “technologist from the other side” — a surveillance contractor — now reckoning with their conscience while being hunted with the very cyber-weapons they’d helped to build. “There are a lot of technologists who are reckoning with the moral consequences of their actions these days,” Doctorow says, adding “that’s part of what inspired me to write this…

“Anyone who’s been paying attention knows that there’s been a collision between our freedom and our technology brewing for a long time.”

Just three days after launching the Kickstarter campaign, Doctorow had already raised over $120,000 over his original goal of $7,000 — with 26 days left to go. And he also promises that the top pledge premium is for real….

$10,000 You and Cory together come up with the premise for his next story in the “Little Brother” universe.
$75 or more All three novels as both audiobooks and ebooks
$40 or more All three novels as audiobooks
$35 or more All three novels as ebooks
$25 or more The audiobook and the ebook of Cory’s new novel, Attack Surface
$15 or more The audiobook for Attack Surface
$14 or more The new book Attack Surface in ebook format as a .mobi/.epub file
$11 or more The second book in the series, Homeland, in ebook format as a .mobi/.epub file
$10 or more The first novel in the series in ebook format as a .mobi/.epub file
$1 or more Cory will email you the complete text of “Little Brother,” the first book in the series, cryptographically signed with his private key

Source: Cory Doctorow Crowdfunds His New Audiobook to Protest Amazon/Audible DRM – Slashdot

It’s good to see that there are ways around the duopolies / monopolies that have taken control of so many facets of our lives. The books are available for free but paying helps break the system.

Apple sues Epic for destroying the App store and won’t let their users log in using Apple log in (whatever that is)

Posted on by

So, Apple is trying to frame it’s strong arming of companies into paying 30% protection money… uh… app store fees – well… unless you have an agreement to pay less, but only one or two have that… as being in the interest of the people who’s arms they are ripping out. Because we believe the scary man in the suit who has been ripping off customers and consumers left and right over the man who is saying he’s had enough.

Apple has filed a countersuit against Epic Games as the two companies continue their battle over App Store royalties.

The Cupertino giant is seeking a declaratory judgement [PDF] for breach of contract as it claims Epic has broken their agreement to distribute software and in-app purchases though the App Store. The filing is part formal response to the original Epic suit and part Apple making legal allegations of its own.

“Although Epic portrays itself as a modern corporate Robin Hood, in reality it is a multi-billion dollar enterprise that simply wants to pay nothing for the tremendous value it derives from the App Store,” Apple claims.

“Epic’s demands for special treatment and cries of ‘retaliation’ cannot be reconciled with its flagrant breach of contract and its own business practices, as it rakes in billions by taking commissions on game developers’ sales and charging consumers up to $99.99 for bundles of V-Bucks.”

Source: Apple to Epic: Sue me? No, sue you, pal! • The Register

“Epic’s actions have caused Apple to suffer reputational harm and loss of goodwill with consumers who rely on Apple to offer the apps they want to download, like Fortnite, with all of the safety, security, and privacy protections that they expect from Apple,” Apple said in its filing. “Left unchecked, Epic’s conduct threatens the very existence of the iOS ecosystem and its tremendous value to consumers.”

Apple claimed that Epic purposefully sent a “Trojan horse” to the App Store, hiding a line of code in a Fortnite hotfix that allowed the gaming company to “bypass Apple’s app review process” so it could trigger the option for users to pay Epic directly for V-Bucks, the game’s currency. Epic has denied that it hid anything from Apple.

Apple said this hotfix amounted to “little more than theft,” claiming that Epic purposefully tried to find a way to “enjoy all of the benefits of Apple’s iOS platform and related services” without paying Apple what it was contractually owed.

Source: Apple Says ‘Epic’s Conduct Threatens the Very Existence of the iOS Ecosystem’ in Countersuit

As of September 11th, Apple will no longer allow users to sign into Epic Games accounts using “Sign in with Apple.” If you’re using the Apple sign-in feature, make sure to update your Epic Games account email and password before Friday.

This change is the latest petty move in the Apple versus Epic battle.

Source: Apple will stop letting Epic Games use ‘Sign in with Apple’ on September 11th

Italy is investigating Apple, Google and Dropbox cloud storage services

Posted on by

Italy’s competition watchdog is investing Apple, Google and Dropbox, TechCrunch reports. In a press release, the AGCM announced that it opened six investigations into the companies’ cloud storage services: Google Drive, iCloud and Dropbox.

The authority is concerned that the services fail to adequately explain how user data will be collected and used for commercial purposes. It’s also investigating unfair clauses in the services’ contracts, terms that exempt the services from some liability and the prevalence of English versions of contracts over Italian versions.

In July, Italy launched an antitrust investigation into Amazon and Apple over Beats headphones. Authorities want to know whether the two companies agreed to prevent retailers outside of Apple’s official program from selling Beats and other Apple products.

Big tech companies are facing increased pressure from antitrust regulators in the US and Europe. The US Department of Justice may present its case against Google later this month. Apple is in a battle with Epic over its App Store rules, and the antitrust case against Amazon keeps getting stronger. It’s hard to say how effective any of these investigations will be at changing the industry’s behavior.

Source: Italy is investigating Apple, Google and Dropbox cloud storage services | Engadget

This is why monopolies are bad

Australia starts second fight with Google and Apple, this time over whether app stores leak data, gouge devs, steal ideas and warp markets

Posted on by

Australia, already embroiled in a nasty fight with Google and Facebook over its plan to make them pay for news links, has opened an inquiry into whether Apple and Google’s app stores offer transparent pricing and see consumers’ data used in worrying ways.

The issues paper [PDF] outlining the scope of the inquiry names only Apple and Google as of interest. The paper also mentions the recent Apple/Epic spat over developer fees to access the app store and proposes to ponder sideloading as a means of bypassing curated stores.

The Australian Competition and Consumer Commission, which will conduct the inquiry, has set out the following matters it wishes to probe:

  1. The ability and incentive for Apple and Google to link or bundle their other goods and services with their app marketplaces, and any effect this has on consumers and businesses.
  2. How Apple and Google’s various roles as the key suppliers of app marketplaces, but also as app developers, operators of the mobile licensing operating system and device manufacturers affect the ability of third party app providers to compete, including the impact of app marketplace fee structures on rivals’ costs.
  3. Terms, conditions and fees (including in-app purchases) imposed on businesses to place apps on app marketplaces.
  4. The effect of app marketplace fee structures on innovation.
  5. How app marketplaces determine whether an app is allowed on their marketplace, and the effect of this on app providers, developers and consumers;
  6. How where an app is ranked in an app marketplace is determined.
  7. The collection and use of consumer data by app marketplaces, and whether consumers are sufficiently informed about and have control over the extent of data that is collected.
  8. Whether processes put in place by app marketplaces to protect consumers from harmful apps are working.The document also reveals an intention to probe whether app store operators “identify which product development ideas are successful and emulate these ideas in their own apps” and seeks “views on the data sharing arrangements between apps and app marketplaces, and any views on the potential for app marketplaces to use data to identify, and respond to, potential competitors to the marketplace’s own apps.”

The Commission has created a survey for consumers and another for developers . The latter asks for comment on “adequacy of communications from the app store during the review process” and the experience of appealing decisions. Which should make for some tasty reading once the inquiry reports in March 2021.

The ACCC lists “legislative reform to address systemic issues” as one possible outcome from the inquiry. Which would be tastier still, given the furor over Australia’s current proposed laws.

Source: Australia starts second fight with Google, this time over whether app stores leak data, gouge devs, steal ideas and warp markets • The Register

I spoke of this in Zagreb at Dors/Cluc 2019 – it’s interesting to see how this is being picked up all over the world

Dutch minister of Justice holds coronaparty, changes law to escape consequences, appears to DMCA to delete from internet, better than Cummings!

Posted on by

The man who told all of the Netherlands to keep to 1.5m distance and to stay away from older people (Grapperhaus) was photographed hugging his mother in law and repeatedly breaking the distance at his wedding. This is the man who fines people EUR 400,- for this and then gives them a permanent record.

He wasn’t fined – although he did donate some money to the red cross and it didn’t go onto his permanent record. He expressed some sorrow that he was caught when cross examined and then changed the law so that there would be no more permanent crime record. In this way he could remain in parliament, because ciminals have no place there. He also instantly destroyed any credibility he had as well as any ability to enforce any laws. Silmoutaneously the Netherlands was turned into a banana republic.

His party, the CDA (Christian Democrats) decided not to ask Grapperhaus to do the honorable thing and step down and accept his punishment, so the Dutch coalition had no choice but to stand by him or face a parliamentary crisis.

Of course this might remind you of Dominic Cummings, who drove all across the UK to visit his mother during lockdown.

Now searching for images a few days after the fact reveals that a lot of the pictures seem to be unfindable, don’t link properly and are just plain gone, which is usually the right of throwing DMCA and right to be forgotten lawyers at things.

Oud-president Hoge Raad: ‘Minister Grapperhaus moet aftreden’

Zeg eens ‘eh’ met Ferdinand Grapperhaus

Frits Wester: ‘Waarom doet Grapperhaus zichzelf dit aan?’

Nieuwe foto’s van Grapperhaus die de coronaregels overtreedt

Waarom Grapperhaus nog steeds minister van Justitie is

7 years later, US court deems NSA bulk phone-call snooping illegal, possibly unconstitutional, and probably pointless anyway

Posted on by

The United States Court of Appeals for the Ninth Circuit has ruled [PDF] that the National Security Agency’s phone-call slurping was indeed naughty, seven years after former contractor Edward Snowden blew the whistle on the tawdry affair.

It’s been a long time coming, and while some might view the decision as a slap for officials that defended the practice, the three-judge panel said the part played by the NSA programme wasn’t sufficient to undermine the convictions of four individuals for conspiring to send funds to Somalia in support of a terrorist group.

Snowden made public the existence of the NSA data collection programmes in June 2013, and by June 2015 US Congress had passed the USA FREEDOM Act, “which effectively ended the NSA’s bulk telephony metadata collection program,” according to the panel.

The panel took a long, hard look at the metadata collection programme, which slurped the telephony of millions of Americans (as well as at least one of the defendants) and concluded that not only had the Fourth Amendment of the constitution likely been violated, it certainly flouted section 1861 of the Foreign Intelligence Surveillance Act (FISA), which deals with access to business records in foreign intelligence and international terrorism investigations.

“On the merits,” the ruling said, “the panel held that the metadata collection exceeded the scope of Congress’s authorization in 50 U.S.C. § 1861, which required the government to make a showing of relevance to a particular authorized investigation before collecting the records, and that the program therefore violated that section of FISA.”

So, both illegal and quite possibly unconstitutional.

It isn’t a good look for the intelligence services. The panel was able to study the classified records and noted that “the metadata did not and was not necessary to support the requisite probable cause showing for the FISA Subchapter I warrant application in this case.”

The panel went on to administer a light slapping to those insisting that the metadata programme was an essential element in the case. The evidence, such as it was, “did not taint the evidence introduced by the government at trial,” the panel observed before going on to say: “To the extent the public statements of government officials created a contrary impression, that impression is inconsistent with the contents of the classified record.”

Thus not only illegal, possibly unconstitutional but also not particularly helpful in this instance, no matter what officials might have insisted.

While the American Civil Liberties Union (ACLU) declared the ruling “a victory for our privacy rights”, the process could have a while to run yet, including a trip to America’s Supreme Court

Source: US court deems NSA bulk phone-call snooping illegal, possibly unconstitutional, and probably pointless anyway • The Register

Bill Barr to destroy antitrust case vs Google by forcing DoJ complaint filed before case is ready but before Trump re-election voting

Posted on by

Several interested parties in the U.S. government have been looking to put Google’s head on a spike, and while undoubtedly there’s been some degree of jockeying between them for which will ultimately get the credit, they’ve been proceeding with care and caution in the interest of building an ironclad case against a particularly canny opponent. Leave it to Bill Barr—who in a better world would instead star in a live-action remake of Droopy Dog— to take all that hard work and piss it away.

Per reporting in the New York Times, “Justice Department officials told lawyers involved in the antitrust inquiry into Alphabet […] to wrap up their work by the end of September.” These lawyers apparently viewed the new, abrupt deadline—against an enormously powerful company with nearly unlimited resources to throw at a comprehensive legal defense—as “arbitrary.”

In all likeliness it’s anything but arbitrary. As we near the general election in November, the Trump camp is looking for a win to hang its hat on. We’ve already seen the president decide—seemingly mid-interview with Axios’s Jonathan Swan—to cut the number of troops deployed in Afghanistan by half, and likewise claim during his keynote speech at the RNC that he will release a covid-19 vaccine. Not coincidentally, both of these miraculous claims are projected (by Trump and seemingly only Trump) to come to fruition around November. Breaking up Google, which is increasingly a source of ire for Republicans and Democrats (albeit for wildly different reasons) appears to be a gambit by Barr to find that win—or at least the appearance of one.

We’ve reached out to Google and the Department of Justice for comment and will update if we hear back.

As mentioned, the DOJ isn’t the only game in town where fining, regulating, or otherwise frustrating Google’s market dominance is concerned. A coalition of 50 state attorneys general is also probing the company, while the FTC, the House’s Antitrust Subcommittee, and the Senate Antitrust Subcommittee have ongoing investigations more broadly into the practices of big tech. All have been gathering evidence for a year or more, which is what makes Barr’s hastiness particularly egregious. Per the Times:

Some lawyers in the department worry that Mr. Barr’s determination to bring a complaint this month could weaken their case and ultimately strengthen Google’s hand, according to interviews with 15 lawyers who worked on the case or were briefed on the department’s strategy […] Many career staff members in the antitrust division, including more than a dozen who were hired during the Trump administration, considered the evidence solid that Google’s search and advertising businesses violated antitrust law. But some told associates that Mr. Barr was forcing them to come up with “half-baked” cases so he could unveil a complaint by Sept. 30.

As is the case with most would-be totalitarians, the appearance of strength for Trump is often pursued at the expense of actually wielding power effectively. If true, Barr’s reported plan to jump the gun on a Google antitrust case is a prime example. By looking the part and going after Google now, he would be likely to undermine the other existing cases against the company. If, say, Google manages to dodge claims by the DOJ of a monopoly on web search advertising (of which it controls more than 90% of the market), that becomes precedent the FTC or House needs to overcome to prove said monopoly exists.

Regulating big tech—and regulating it in a smart and comprehensive way—would be a steep uphill climb in the best of political climates. Leave it to Trump and his lackeys to carve that hill into a sheer cliff face and slather it in grease. Maybe someone else will clean it up.

Source: Report: DOJ Puts to File Google Antitrust Case in September

After Facebook Balks, Apple Delays “Privacy” (ie only Apple spies on you) Feature

Posted on by

In June, Apple unveiled plans for an iOS 14 privacy update that forces developers to gather users’ consent before tracking their activities across third-party apps and websites. Needless to say, giving users more control over how their information is gathered and trafficked is expected to bruise advertisers—especially Facebook, which uses that information to narrow its targeting functions.

As the initial autumn deadline closed in, Facebook protested last week that the change could render Facebook’s Audience Network—its ad service offered to third-party apps—“so ineffective on iOS 14 that it may not make sense to offer it on iOS 14 in the future.” The company claimed that blocking personalization is expected to cut Audience Network revenue by half or more, and that the move would hurt the over 19,000 developers who work with Facebook, many of which are “small businesses that depend on ads to support their livelihood.”

Apple’s messaging to users, as illustrated in the latest promo images for iOS 14, doesn’t give surveillance a nice ring. It will tell you bluntly that such-and-such app “would like permission to track you across apps and websites owned by other companies.” Apple pointed out to Gizmodo that it still embraces in-app advertising and does not prohibit tracking. In fact, Facebook can still gather that data (using Apple’s advertiser ID), if it’s willing to ask iOS users to agree to be tracked (using that scary messaging.) But both Apple and Facebook know that the data collection business operates more smoothly when begging for forgiveness later rather than asking permission now. If not, companies wouldn’t have mastered the art of doublespeak and constructed labyrinthine settings menus.

Apple, on the other hand, will still be able to benefit from gathering your information in various ways without asking permission because Apple doesn’t necessarily need to share or gather your information with data brokers and outside companies—your data is already growing organically within Apple’s walled garden. For example, Apple might show you an ad for a weight loss app in the App Store based on the fact that you read an article from a lifestyle publication in the Apple News app—a function which is automatically enabled, and can be toggled off, under “Apple Advertising.” Similarly, Apple says that developers can use data gained from activity within their own apps through Apple’s vendor-specific identifier. (Apple says that the “tracking” prompt would still show up if Apple-created apps intend to share information beyond Apple.)

But it’s hard to imagine a competing vendor that would have access to such a sprawling network of native data, aside from Google, which has its own devices and browser and advertiser ID. And sticking the notification on Facebook polishes Apple’s self-fashioned reputation a big tech company which values privacy. (It is not.)

[…]

Apple says that now apps won’t need to ask users permission to be tracked until 2021, “to give developers time to make necessary changes.” Apple will also require developers to submit details on the data their apps collect—including “sensitive information” such as race, sexual orientation, disability, and political affiliation—which will be published in the App Store later this year.

Source: After Facebook Balks, Apple Delays Privacy Feature

Private Intel Firm Buys Location Data to Track People to their ‘Doorstep’ sourced from innocuous seeming apps

Posted on by

A threat intelligence firm called HYAS, a private company that tries to prevent or investigates hacks against its clients, is buying location data harvested from ordinary apps installed on peoples’ phones around the world, and using it to unmask hackers. The company is a business, not a law enforcement agency, and claims to be able to track people to their “doorstep.”

The news highlights the complex supply chain and sale of location data, traveling from apps whose users are in some cases unaware that the software is selling their location, through to data brokers, and finally to end clients who use the data itself. The news also shows that while some location firms repeatedly reassure the public that their data is focused on the high level, aggregated, pseudonymous tracking of groups of people, some companies do buy and use location data from a largely unregulated market explicitly for the purpose of identifying specific individuals.

HYAS’ location data comes from X-Mode, a company that started with an app named “Drunk Mode,” designed to prevent college students from making drunk phone calls and has since pivoted to selling user data from a wide swath of apps. Apps that mention X-Mode in their privacy policies include Perfect365, a beauty app, and other innocuous looking apps such as an MP3 file converter.

“As a TI [threat intelligence] tool it’s incredible, but ethically it stinks,” a source in the threat intelligence industry who received a demo of HYAS’ product told Motherboard. Motherboard granted the source anonymity as they weren’t authorized by their company to speak to the press.

[…]

HYAS differs in that it provides a concrete example of a company deliberately sourcing mobile phone location data with the intention of identifying and pinpointing particular people and providing that service to its own clients. Independently of Motherboard, the office of Senator Ron Wyden, which has been investigating the location data market, also discovered HYAS was using mobile location data. A Wyden aide said they had spoken with HYAS about the use of the data. HYAS said the mobile location data is used to unmask people who may be using a Virtual Private Network (VPN) to hide their identity, according to the Wyden aide.

In a webinar uploaded to HYAS’ website, Todd Thiemann, VP of marketing at the company, describes how HYAS used location data to track a suspected hacker.

“We found out it was the city of Abuja, and on a city block in an apartment building that you can see down there below,” he says during the webinar. “We found the command and control domain used for the compromised employees, and used this threat actor’s login into the registrar, along with our geolocation granular mobile data to confirm right down to his house. We also got his first and last name, and verified his cellphone with a Nigerian mobile operator.”

hyas-webinar.png

A screenshot of a webinar given by HYAS, in which the company explains how it has used mobile application location data.

On its website, HYAS claims to have some Fortune 25 companies, large tech firms, as well as law enforcement and intelligence agencies as clients.

[…]

Customers can include banks who want to get a heads-up on whether a freshly dumped cache of stolen credit card data belongs to them; a retailer trying to protect themselves from hackers; or a business checking if any of their employees’ login details are being traded by cybercriminals.

Some threat intelligence companies also sell services to government agencies, including the FBI, DHS, and Secret Service. The Department of Justice oftens acknowledges the work of particular threat intelligence companies in the department’s announcement of charges or indictments against hackers and other types of criminals.

But some other members of the threat intelligence industry criticized HYAS’ use of mobile app location data. The CEO of another threat intelligence firm told Motherboard that their company does not use the same sort of information that HYAS does.

The threat intelligence source who originally alerted Motherboard to HYAS recalled “being super shook at how they collected it,” referring to the location data.

A senior employee of a third threat intelligence firm said that location data is not hard to buy.

[…]

Motherboard found several location data companies that list HYAS in their privacy policies. One of those is X-Mode, a company that plants its own code into ordinary smartphone apps to then harvest location information. An X-Mode spokesperson told Motherboard in an email that the company’s data collecting code, or software development kit (SDK), is in over 400 apps and gathers information on 60 million global monthly users on average. X-Mode also develops some of its own apps which use location data, including parental monitoring app PlanC and fitness tracker Burn App.

“Whatever your need, the XDK Visualizer is here to show you that our signature SDK is too legit to quit (literally, it’s always on),” the description for another of X-Code’s own apps, which visualizes the company’s data collection to attract clients, reads.

“They’re like many location trackers but seem more aggressive to be honest,” Will Strafach, founder of the app Guardian, which alerts users to other apps accessing their location data, told Motherboard in an online chat. In January, X-Mode acquired the assets of Location Sciences, another location firm, expanding X-Mode’s dataset.

[…]

Motherboard then identified a number of apps whose own privacy policies mention X-Mode. They included Perfect365, a beauty-focused app that people can use to virtually try on different types of makeup with their device’s camera.

[…]

Various government agencies have bought access to location data from other companies. Last month, Motherboard found that U.S. Customs and Border Protection (CBP) paid $476,000 to a firm that sells phone location data. CBP has used the data to scan parts of the U.S. border, and the Internal Revenue Service (IRS) tried to use the same data to track criminal suspects but was unsuccessful.

Source: Private Intel Firm Buys Location Data to Track People to their ‘Doorstep’

COVID-19 tracing without an app? Google and Apple will ram it down your throat

Posted on by

Google and Apple have updated their COVID-19 contact-tracing tool to make it possible to notify users of potential exposures to the novel coronavirus without an app.

The new Exposure Notifications Express spec is baked into iOS 13.7, which emerged this week and will appear in an Android update due later this month.

This is not, repeat not, pervasive Bluetooth surveillance. The tool requires users to opt in, although public health authorities can use the tool to send notifications suggesting that residents do so.

Those who choose to participate agree to have their device use Bluetooth to search for other nearby opted-in devices, with an exchange of anonymised identifiers used to track encounters. If a user tests positive, and agrees to notify authorities, other users will be told that they are at risk and should act accordingly.

The update is designed to let health authorities use Bluetooth-powered contact-tracing without having to build their own apps. It’s still non-trivial to play, as the system requires one server to verify test results and another to run both contact-tracing apps and the app-free service.

Apple has published a succinct explainer here and Google has offered up code for notifications server on GitHub.

A couple of dozen US states have signed up for the new tool but other jurisdictions – among them India, Singapore and Australia – are persisting with their own approaches on the basis that the Apple/Google tech makes it harder for their manual contact-tracers to access information.

Source: COVID-19 tracing without an app? There’s an iOS and Android update for that • The Register

Considering the work both companies do with China and other friendly states, it would not surprise me that the “user opt in” feature becomes an “all users opt in without their knowing because the state is the people and the state knows best” feature in some places.

This Guy is Suing the Patent Office for Deciding an AI Can’t Invent Things

Posted on by

A computer scientist who created an artificial intelligence system capable of generating original inventions is suing the US Patent and Trademark Office (USPTO) over its decision earlier this year to reject two patent applications which list the algorithmic system, known as DABUS, as the inventor.

The lawsuit is the latest step in an effort by Stephen Thaler and an international group of lawyers and academics to win inventorship rights for non-human AI systems, a prospect that raises fundamental questions about what it means to be creative and also carries potentially paradigm-shifting implications for certain industries.

In July 2019, Thaler filed two patent applications in the US—one for an adjustable food container, the other for an emergency beacon—and listed the inventor as DABUS. He describes DABUS as a “creativity engine” composed of neural networks trained on a broad swath of data, and not designed to solve any particular problem. The USPTO rejected the applications, citing court decisions ruling that corporations, as opposed to individuals within corporations, cannot be legal inventors, and asserting that “conception—the touchstone of inventorship—must be performed by a natural person.”

British, German, and European Union patent regulators have also rejected Thaler’s applications, decisions he has appealed. Petitions for DABUS-invented patents are still pending in China, Japan, India, and several other countries.

“What we want is to have innovation. AI has been used to help generate innovation for decades and AI is getting better and better at doing these things, and people aren’t.” Ryan Abbott, a professor at the University of Surrey School of Law, who is representing Thaler in the suit, told Motherboard. “The law is not clear on whether you can have a patent if the AI does that sort of work, but if you can’t protect inventions coming out of AI, you’re going to under-produce them.”

[…]

Source: This Guy is Suing the Patent Office for Deciding an AI Can’t Invent Things

Apple Has Finally Gotten Too Big for Its Britches – and even Kinja group is pissed off now

Posted on by

What started out as a battle between Apple and Epic over direct in-app purchases in Fortnite has evolved into an ill-advised, petty revenge scheme. On Sunday, Epic filed a new motion to bar Apple from revoking iOS and macOS support for its Unreal Engine while its other beef is ongoing.

To back up a bit, Apple and Epic have been sniping at each other since August 13, when Epic launched its own in-app direct payments system that skirted Apple’s famous 30% fee. Apple then struck back by removing Fortnite from the App Store. Epic countered with a spicy video and an anti-trust lawsuit—a timely barb given heightened scrutiny around Apple being a control freak over its App Store. Apple then responded saying Epic had been trying to get preferential treatment via a special deal—a claim Epic CEO publicly refuted. In the midst of this legal spat, Apple decided that this coming Friday, it would delete all of Epic’s developer accounts and cut off access to the Apple SDK, effectively shutting down third-party access to Epic’s Unreal Engine.

Epic’s latest filing is aimed at temporarily halting Apple from screwing over developers while they duke it out in court. Its argument is that not only is axing the developer accounts unnecessarily harsh, but pulling SDK support also hurts third-parties who have built on the Unreal Engine and have no skin in the legal games Apple and Epic are playing. (And, honestly, Epic doesn’t want to lose out on that money stream.)

Adding to the dogpile, Microsoft also filed a statement supporting Epic in which it echoed those sentiments. Microsoft’s Kevin Gammill, general manager of gaming developer experiences, writes, “Epic Games’ Unreal Engine is critical technology for numerous game creators, including Microsoft.” He goes on to explain that while some larger game companies might have the means to create their own proprietary game engines, most don’t and for them, licensing third-party engines is how they do their thing. “As a result,” Gammill writes, “Epic’s Unreal Engine is one of the most popular third-party engines available to game creators, and in Microsoft’s view there are very few other options available for creators to license with as many features and as much functionality as Unreal Engine across multiple platforms, including iOS.”

Now Microsoft isn’t being purely altruistic in sticking up for the little guy here. It’s got a stake in gaming, as well as its own ax to grind with Apple over cloud gaming. But also, it has an extremely valid point about the damage Apple is potentially doing to users and developers just so it can clap back at Epic. If Apple succeeds in cutting support to the Apple SDK, it’s not just Epic that gets fucked. Any game developer who’s made significant progress in building their stuff out on Unreal Engine faces the conundrum of not only losing lots of time and effort, but they’d also have to calculate whether to start all over on a new engine, leave out iOS and macOS users entirely, or just throw in the towel. It also means games that have already been released on iOS and macOS won’t receive critical security updates or bug fixes.

Let’s be real. Apple has little justification for this other than flexing on Epic for daring to challenge the App Store status quo. Oh, you want to change how we do things around here? You want to call us out for our 30% commission rate? You don’t know who you’re fucking with because whoops, what if we just… cripple your ability to license Unreal Engine, a pretty big chunk of your revenue stream? Oh, you don’t want us to do that? How ‘bout you learn your place and back down?

It’s a game of legal chicken, but it’s also baffling on Apple’s part considering it’s under fire for its alleged anti-trust tendencies. Whatever you think about its ongoing spat with Epic, Unreal Engine is a different, unrelated thing. Epic’s decision to introduce direct in-app purchases in Fortnite arguably does flout Apple’s App Store guidelines. It might even have a point that Epic decided to say “fuck you” in the flashiest and most clearly orchestrated way possible. Both parties deserve their day in court over it. But I must have missed how an argument over direct payment system relates to critical developer tools used by third-parties? What was Unreal Engine’s sin, other than being owned by Epic Games?

In trying to punish Epic, Apple is dangerously close to showing its entire monopolistic ass. It’s reached too far and frankly, undermined its defense that it’s not an anti-competitive asshole. In its boilerplate statement when this all began, Apple said its guidelines “create a level playing field for all developers.” It’s not creating a level playing field if you use your vast power to screw third-party developers because you want to make a point about the company they license software from. It’s hard to interpret this particular action as anything other than bullying and retaliatory.

This behavior isn’t limited to Epic Games either. Last week, Apple was threatening to block updates to the WordPress iOS app until the company enabled in-app purchases through Apple’s payment system. You know, so it could get that sweet 30% fee. At the time, WordPress promoted paid subscriptions within the app, but didn’t provide a way for users to buy those subscriptions via the app itself. Sure, Apple backed down over the weekend and even said “sorry” to WordPress. But it was an empty apology. According to CNET, Apple withdrew because WordPress removed any references in the app to outside payment options. WordPress’s Matt Mullenweg also told CNET that it had promised to build in-app purchase support within the next 30 days and then tweeted a word of warning to other developers in similar situations to do the same.

So it’s not just adding a direct payment system that will get you in Apple’s crosshairs. Even referencing that you can pay for a service but not including a means to buy within the iOS app will incur Apple’s wrath. This is arguably no longer about people violating reasonable App Store guidelines for “safety” purposes. This is about Apple hamfistedly reminding everyone to play by its rules, however, it chooses to interpret them on a given day, and always in its own favor. Apple, so used to acting with impunity, has lost all pretense of believing in fair play. If there’s any justice in the world, that’s how it’ll get the reckoning it deserves.

Source: Apple Has Finally Gotten Too Big for Its Britches

Which is quite amazing, considering that all the Kinja group websites’ reporting on this Apple incident has been heavily anti Epic and pro Apple

US Border Patrol Says They Can Create Central Repository Of Traveler Emails, calendar, etc, Keep Them For 75 Years

Posted on by

The U.S. government has taken the opportunity during the global pandemic, when people aren’t traveling out of the country much, to roll out a new platform for storing information they believe they are entitled to take from people crossing the border. A new filing reveals how the U.S. Border Patrol will store data from traveler devices centrally, keeping it backed up and searchable for up to 75 years.

On July 30 the Department of Homeland Security published a privacy impact assessment detailing the electronic data that they may choose to collect from people crossing the border – and what happens to that data.

  • Border Patrol claims the right to search laptops, thumb drives, cell phones, and other
    devices capable of storing electronic information” and when they call it a ‘border search the can do this not just when you’re “crossing the U.S. border” in either direction (i.e. when you’re leaving, not just when you’re entering the country) but even “at the extended border” which generally means within 100 miles of the border, which encompasses where two-thirds of the U.S. population lives.
  • They needed an updated privacy impact assessment because of a new “enterprise-wide solution to manage and analyze certain types of information and metadata USBP collects from electronic devices” – and they they actually keep on file.

Border Patrol will “acquire a mirror copy of the data on the device” they take from a traveler and store it locally. Before uploading it to their network they check to make sure there’s no porn on it (so they search your devices to find porn first). Then once they’ve determined it’s “clean” they transfer the data first to an encrypted thumb drive and then to the Border Patrol-side system called PLX.

Examples of what they plan to keep from travelers’ devices include e-mails; videos and pictures; texts and chat messages; financial accounts and transactions; location history; web browser bookmarks; tasks list; calendar; call logs; contracts. Information is stored for 75 years although if it’s not related to any crime it may be deleted after 20 years.

The government emphasizes they’ve been collecting this information, what’s changed is simply that they’ll be storing it in a central system where everything “will now by accessible to a larger number of USBP agents with no nexus” to suspected illegal activity. They promise, though, to restrict access and train staff not to do anything they aren’t supposed to. And they don’t see risk to privacy because they’ve published a notice (that I’m now writing about) telling you how your privacy may be violated.

Electronic device searches have been on the rise. Between October 2008 and June 2010 6500 devices were searched. In 2016 there were 10,000 device searches, and 30,200 in 2017.

It’s not clear though that these searches are all actually legal. In November 2019 a federal judge in Boston ruled that forensic searches of cell phones require at least reasonable suspicion “that the devices contain contraband.”

Source: US Border Patrol Says They Can Create Central Repository Of Traveler Emails, Keep Them For 75 Years – View from the Wing

235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak

Posted on by

it was such an unsecured database that the Comparitech researchers, led by Bob Diachenko, discovered on August 1, leaving the personal profile data of nearly 235 million Instagram, TikTok and YouTube users up for grabs.

The data was spread across several datasets; the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram. The third-largest was a dataset of some 42 million TikTok users, followed by just under 4 million YouTube user profiles.

MORE FROM FORBESGot An Email From A Hacker With Your Password? Do These 3 ThingsBy Davey Winder

Comparitech says that, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, the following information:

  • Profile name
  • Full real name
  • Profile photo
  • Account description

Statistics about follower engagement, including:

  • Number of followers
  • Engagement rate
  • Follower growth rate
  • Audience gender
  • Audience age
  • Audience location
  • Likes
  • Last post timestamp
  • Age
  • Gender

“The information would probably be most valuable to spammers and cybercriminals running phishing campaigns,” Paul Bischoff, Comparitech editor, says. “Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation,” Bischoff adds. Indeed, Bischoff told me that it would be easy for a bot to use the database to post targeted spam comments on any Instagram profile matching criteria such as gender, age or number of followers.

Tracing the source of the leaked data

So, where did all this data originate? The researchers suggest that the evidence, including dataset names, pointed to a company called Deep Social. However, Deep Social was banned by both Facebook and Instagram in 2018 after scraping user profile data. The company was wound down sometime after this.

A Facebook company spokesperson told me that “scraping people’s information from Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection.”

Once the researchers found the database and the clues to its origin, “we sent an alert to Deep Social, assuming the data belonged to them,” Bischoff says. The administrators of Deep Social then forwarded the disclosure to a Hong Kong-registered social media influencer data-marketing company called Social Data. “Social Data shut down the database about three hours after our initial email,” Bischoff says.

[…]

Source: 235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak

A Facebook Account Will Be Mandatory for Oculus Devices

Posted on by

It’s official. Starting this October, a Facebook account will be mandatory for all future Oculus headsets. While there’ll be a grace period for anyone with a separate Oculus account, Facebook will end support for those on January 1, 2023.

The decision was announced today on both Oculus’s Twitter and in a press release. The gist of it is anyone who is new to an Oculus device after October must log in with a Facebook account. At that time, existing Oculus users will have the option of merging their Facebook and Oculus accounts. Anyone who doesn’t merge will have two years before their Oculus accounts are kaput. The devices will technically still work, but “full functionality will require a Facebook account.”

Notably, all future, unreleased Oculus devices will also require a Facebook account, regardless of whether you already have an Oculus account. This is perhaps a reference to the rumored successor to the Oculus Quest, which leaks suggest may launch as early as September 15.

What about things you already purchased on your Oculus account? Well, Facebook says it will “take steps” to allow folks to keep the things they’ve already bought but it “expect[s] some games and apps may no longer work,” hinting that developers may decide to include features that require a Facebook account or just stop supporting the app or game in question.

As you might imagine, the replies to Oculus’s announcement on Twitter are less than kind. In a few instances, users cried foul, pointing to a promise from founder Palmer Luckey when Facebook acquired Oculus that people wouldn’t need to log into Facebook when they wanted to use the Oculus Rift. While the move is painted as a means of streamlining the VR experience by “giving people a single way to log in,” it’s also a blatant attempt at forcing people onto Facebook’s platform so it can get your sweet, sweet data.

This has been coming for some time. Last year, the Oculus platform got a boatload of social features that no one asked for. It required a Facebook login to work and introduced an element of data harvesting for targeted ads.

[…]

Source: A Facebook Account Will Be Mandatory for Future Oculus Devices

Securus sued for ‘recording attorney-client jail calls, handing them to cops’ – months after settling similar lawsuit and charging more than 100x normal price for the calls. Hey, monopolies!

Posted on by

Jail phone telco Securus provided recordings of protected attorney-client conversations to cops and prosecutors, it is claimed, just three months after it settled a near-identical lawsuit.

The corporate giant controls all telecommunications between the outside world and prisoners in American jails that contract with it. It charges far above market rate, often more than 100 times, while doing so.

It has now been sued by three defense lawyers in Maine, who accuse the corporation of recording hundreds of conversations between them and their clients – something that is illegal in the US state. It then supplied those recordings to jail administrators and officers of the law, the attorneys allege.

Though police officers can request copies of convicts’ calls to investigate crimes, the cops aren’t supposed to get attorney-client-privileged conversations. In fact, these chats shouldn’t be recorded in the first place. Yet, it is claimed, Securus not only made and retained copies of these sensitive calls, it handed them to investigators and prosecutors.

“Securus failed to screen out attorney-client privileged calls, and then illegally intercepted these calls and distributed them to jail administrators who are often law enforcers,” the lawsuit [PDF] alleged. “In some cases the recordings have been shared with district attorneys.”

The lawsuit claims that over 800 calls covering 150 inmates and 30 law firms have been illegally recorded in the past 12 months, and it provides a (redacted) spreadsheet of all relevant calls.

[…]

Amazingly, this is not the first time Securus has been accused of this same sort of behavior. Just three months ago, in May this year, the company settled a similar class-action lawsuit this time covering jails in California.

That time, two former prisoners and a criminal defense attorney sued Securus after it recorded more than 14,000 legally protected conversations between inmates and their legal eagles. Those recordings only came to light after someone hacked the corp’s network and found some 70 million stored conversations, which were subsequently leaked to journalists.

[…]

Securus has repeatedly come under fire for similar complaints of ethical and technological failings. It was at the center of a huge row over location data after it was revealed it was selling location data on people’s phones to the police through a web portal.

The telecoms giant was also criticized for charging huge rates for video calls, between $5.95 and $7.99 for a 20-minute call, at a jail where the warden banned in-person visits but still required relatives to travel to the jail and sit in a trailer in the prison’s parking lot to talk to their loved ones through a screen.

Securus is privately held so it doesn’t make its financial figures public. A leak in 2014 revealed that it made a $115m profit on $405m in revenue for that year.

Source: Securus sued for ‘recording attorney-client jail calls, handing them to cops’ – months after settling similar lawsuit • The Register

Android 11 is taking away the camera picker, forcing people to only use the built-in camera

Posted on by

Android may have started with the mantra that developers are allowed to do anything as long as they can code it, but things have changed over the years as security and privacy became higher priorities. Every major update over the last decade has shuttered features or added restrictions in the name of protecting users, but some sacrifices may not have been entirely necessary. Another Android 11 trade-off has emerged, this time taking away the ability for users to select third-party camera apps to take pictures or videos on behalf of other apps, forcing users to rely only on the built-in camera app.

At the heart of this change is one of the defining traits of Android: the Intent system. Let’s say you need to take a picture of a novelty coffee mug to sell through an auction app. Since the auction app wasn’t built for photography, the developer chose to leave that up to a proper camera app. This where the Intent system comes into play. Developers simply create a request with a few criteria and Android will prompt users to pick from a list of installed apps to do the job.

Camera picker on Android 10.

However, things are going to change with Android 11 for apps that ask for photos or videos. Three specific intents will cease to work like they used to, including: VIDEO_CAPTURE, IMAGE_CAPTURE, and IMAGE_CAPTURE_SECURE. Android 11 will now automatically provide the pre-installed camera app to perform these actions without ever searching for other apps to fill the role.

Starting in Android 11, only pre-installed system camera apps can respond to the following intent actions:

If more than one pre-installed system camera app is available, the system presents a dialog for the user to select an app. If you want your app to use a specific third-party camera app to capture images or videos on its behalf, you can make these intents explicit by setting a package name or component for the intent.

Google describes the change in a list of new behaviors in Android 11, and further confirmed it in the Issue Tracker. Privacy and security are cited as the reason, but there’s no discussion about what exactly made those intents dangerous. Perhaps some users were tricked into setting a malicious camera app as the default and then using it to capture things that should have remained private.

“… we believe it’s the right trade-off to protect the privacy and security of our users.” — Google Issue Tracker.

Not only does Android 11 take the liberty of automatically launching the pre-installed camera app when requested, it also prevents app developers from conveniently providing their own interface to simulate the same functionality. I ran a test with some simple code to query for the camera apps on a phone, then ran it on devices running Android 10 and 11 with the same set of camera apps installed. Android 10 gave back a full set of apps, but Android 11 reported nothing, not even Google’s own pre-installed Camera app.

Above: Debugger view on Android 10. Below: Same view on Android 11.

As Mark Murphy of CommonsWare points out, Google does prescribe a workaround for developers, although it’s not very useful. The documentation advises explicitly checking for installed camera apps by their package names — meaning developers would have to pick preferred apps up front — and sending users to those apps directly. Of course, there are other ways to get options without identifying all package names, like getting a list of all apps and then manually searching for intent filters, but this seems like an over-complication.

Source: Android 11 is taking away the camera picker, forcing people to only use the built-in camera

Epic Games asks court to stop Apple pulling its developer tools next week, as Apple shows exactly how monopolies operate

Posted on by

Epic Games has filed yet another lawsuit against Apple. The Fortnite developer is now suing the Cupertino-based company for allegedly retaliating against it for its other lawsuit last week. Apple has not only removed the game from the App Store but has told Epic that it will “terminate” all its developer accounts and “cut Epic off from iOS and Mac development tools” on August 28th.

According to the filing, Epic claims that Fortnite’s removal from the App Store in conjunction with the termination of the developer accounts will likely result in “irreparable harm” to Epic. The company adds that cutting off access to development tools also affects software like Unreal Engine Epic, which it offers to third-party developers and which Apple itself has never claimed to have violated any policy. Without access to the tools, the company states that it can’t develop future versions of Unreal Engine for iOS or macOS.

“Not content simply to remove Fortnite from the App Store, Apple is attacking Epic’s entire business in unrelated areas,” the lawsuit states. “Left unchecked, Apple’s actions will irreparably damage Epic’s reputation among Fortnite users and be catastrophic for the future of the separate Unreal Engine business.”

The lawsuit mentions that Apple sent Epic a letter that threatened to stop “engineering efforts to improve hardware and software performance of Unreal Engine on Mac and iOS hardware […] and adoption and support of ARKit features and future VR features into Unreal Engine by their XR team.” The latter could be alluding to future Apple AR and VR projects.

Epic says that the preliminary injunctive relief is necessary to prevent its business from being crushed before the case even goes to judgement. The proposed preliminary injunction would restrain Apple from removing and de-listing Fortnite (which the company has already done) and would prevent it from taking actions against Epic’s other titles as well as Unreal Engine.

The conflict erupted last week when Epic began offering Fortnite discounts to users who bypassed Android and iOS app stores, thus working around the 30 percent cut. Apple then removed the game from its store for violating its policies, which then prompted Epic to file a lawsuit against it. The same thing occurred with Google — Android pulled the game from its app store and Epic filed suit against Google. Epic has also posted a parody of Apple’s 1984 ad which ends with a #FreeFortnite hashtag.

Source: Epic Games asks court to stop Apple pulling its developer tools next week | Engadget

US Secret Service Bought Access to Bable Street’s Locate X Spy Tool for warrantless surveillance

Posted on by

Babel Street is a shadowy organization that offers a product called Locate X that is reportedly used to gather anonymized location data from a host of popular apps that users have unwittingly installed on their phones. When we say “unwittingly,” we mean that not everyone is aware that random innocuous apps are often bundling and anonymizing their data to be sold off to the highest bidder.

Back in March, Protocol reported that U.S. Customs and Border Protection had a contract to use Locate X and that sources inside the secretive company described the system’s capabilities as allowing a user “to draw a digital fence around an address or area, pinpoint mobile devices that were within that area, and see where else those devices have traveled, going back months.”

Protocol’s sources also said that the Secret Service had used the Locate X system in the course of investing a large credit card skimming operation. On Monday, Motherboard confirmed the investigation when it published an internal Secret Service document it acquired through a Freedom of Information Act (FOIA) request. (You can view the full document here.)

The document covers a relationship between Secret Service and Babel Street from September 28, 2017, to September 27, 2018. In the past, the Secret Service has reportedly used a seperate social media surveillance product from Babel Street, and the newly-released document totals fees paid after the addition of the Locate X license as $1,999,394.

[…]

Based on Fourth Amendment protections, law enforcement typically has to get a warrant or court order to seek to obtain Americans’ location data. In 2018, the Supreme Court ruled that cops still need a warrant to gather cellphone location data from network providers. And while law enforcement can obtain a warrant for specific cases as it seeks to view location data from a specific region of interest at a specific time, the Locate X system saves government agencies the time of going through judicial review with a next-best-thing approach.

The data brokerage industry benefits from the confusion that the public has about what information is collected and shared by various private companies that are perfectly within their legal rights. You can debate whether it’s acceptable for private companies to sell this data to each other for the purpose of making profits. But when this kind of sale is made to the U.S. government, it’s hard to argue that these practices aren’t, at least, violating the spirit of our constitutional rights.

Source: Secret Service Bought Access to Bable Street’s Locate X Spy Tool

New Toyotas will upload data to AWS to help create custom insurance premiums based on driver behaviour, send your data to others too

Posted on by

Toyota already operates a “Mobility Services Platform” that it says helps it to “develop, deploy, and manage the next generation of data-driven mobility services for driver and passenger safety, security, comfort, and convenience”.

That data comes from a device called the “Data Communication Module” (DCM) that Toyota fits into many models in Japan, the USA and China.

Toyota reckons the data could turn into “new contextual services such as car share, rideshare, full-service lease, and new corporate and consumer services such as proactive vehicle maintenance notifications and driving behavior-based insurance.”

Toyota's connected car vision

Toyota’s connected car vision. Click to enlarge

The company has touted that vision since at least the year 2016, but precious little evidence of it turning into products is available.

Which may be why Toyota has signed with AWS for not just cloud tech but also professional services.

The two companies say their joint efforts “will help build a foundation for streamlined and secure data sharing throughout the company and accelerate its move toward CASE (Connected, Autonomous/Automated, Shared and Electric) mobility technologies.”

Neither party has specified just which bits of the AWS cloud Toyota will take for a spin but it seems sensible to suggest the auto-maker is going to need lots of storage and analytics capabilities, making AWS S3 and Kinesis likely candidates for a test drive.

Whatever Toyota uses, prepare for privacy ponderings because while cheaper car insurance sounds lovely, having an insurer source driving data from a manufacturer has plenty of potential pitfalls.

Source: Oh what a feeling: New Toyotas will upload data to AWS to help create custom insurance premiums based on driver behaviour • The Register

No, this isn’t a good thing and I hope there’s an opt out

Trump admits he’s blocking cash to postal services to stop mail-in votes

Posted on by

President Donald Trump frankly acknowledged Thursday that he’s starving the U.S. Postal Service of money in order to make it harder to process an expected surge of mail-in ballots, which he worries could cost him the election.In an interview on Fox Business Network, Trump explicitly noted two funding provisions that Democrats are seeking in a relief package that has stalled on Capitol Hill. Without the additional money, he said, the Postal Service won’t have the resources to handle a flood of ballots from voters who are seeking to avoid polling places during the coronavirus pandemic.“If we don’t make a deal, that means they don’t get the money,” Trump told host Maria Bartiromo. “That means they can’t have universal mail-in voting; they just can’t have it.”Trump’s statements, including the false claim that Democrats are seeking universal mail-in voting, come as he is searching for a strategy to gain an advantage in his November matchup against Joe Biden. He’s pairing the tough Postal Service stance in congressional negotiations with an increasingly robust mail-in -voting legal fight in states that could decide the election.

Source: Trump admits he’s blocking postal cash to stop mail-in votes

Privacy Shield no longer valid: Joint Press Statement from U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders

Posted on by

The U.S. Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16 judgment of the Court of Justice of the European Union in the Schrems II case. This judgment declared that this framework is no longer a valid mechanism to transfer personal data from the European Union to the United States.

The European Union and the United States recognize the vital importance of data protection and the significance of cross-border data transfers to our citizens and economies. We share a commitment to privacy and the rule of law, and to further deepening our economic relationship, and have collaborated on these matters for several decades.

Source: Joint Press Statement from U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders | U.S. Department of Commerce

Trump says TikTok will be banned if not sold by Sept. 15, demands cut of sale fee because he made the deal possible. Extortion much?

Posted on by

President Trump said Monday that TikTok will be shut down in the U.S. if it hasn’t been bought by Microsoft or another company by Sept. 15, and argued — without elaborating — that the U.S. Treasury should get “a very substantial portion” of the sale fee.

Why it matters: Trump appears to have backed off his threat to immediately ban TikTok after speaking with Microsoft CEO Satya Nadella, who said Sunday that the company will pursue discussions with TikTok’s Chinese parent company ByteDance to purchase the app in the U.S.

The big picture: TikTok has come under intense scrutiny in the U.S. due to concerns that the vast amounts of data it collects could be accessed by the Chinese government, potentially posing a national security threat.

  • Negotiations between TikTok and Microsoft will be overseen by a special government panel called the Committee on Foreign Investment in the United States (CFIUS), Reuters reports.

What he’s saying: Trump appeared to suggest on Monday that Microsoft would have to pay the U.S. government in order to complete the deal, but did not explain the precedent for such an action. He also argued that Microsoft should buy all of TikTok, not just 30% of the company.

  • “I don’t mind if, whether it’s Microsoft or somebody else, a big company, a secure company, a very American company, buy it. It’s probably easier to buy the whole thing than to buy 30% of it. How do you do 30%? Who’s going to get the name? The name is hot, the brand is hot,” Trump said.
  • “A very substantial portion of that price is going to have to come into the Treasury of the United States. Because we’re making it possible for this deal to happen. Right now they don’t have any rights, unless we give it to them. So if we’re going to give them the rights, it has to come into this country. It’s a little bit like the landlord/tenant,” he added.

Our thought bubble, via Axios’ Dan Primack: Trump’s inexplicable claim that part of Microsoft’s purchase price would have to go to the Treasury is skating very close to announcing extortion.

Source: Trump says TikTok will be banned if not sold by Sept. 15, demands cut of sale fee – Axios

Windows 10: HOSTS file blocking telemetry is now flagged as a risk

Posted on by

Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a ‘Severe’ security risk.

The HOSTS file is a text file located at C:\Windows\system32\driver\etc\HOSTS and can only be edited by a program with Administrator privileges.

[…]

Microsoft now detects HOSTS files that block Windows telemetry

Since the end of July, Windows 10 users began reporting that Windows Defender had started detecting modified HOSTS files as a ‘SettingsModifier:Win32/HostsFileHijack’ threat.

When detected, if a user clicks on the ‘See details’ option, they will simply be shown that they are affected by a ‘Settings Modifier’ threat and has ‘potentially unwanted behavior,’ as shown below.

SettingsModifier:Win32/HostsFileHijack detection
SettingsModifier:Win32/HostsFileHijack detection

BleepingComputer first learned about this issue from BornCity, and while Microsoft Defender detecting HOSTS hijacks is not new, it was strange to see so many people suddenly reporting the detection [1, 2, 3, 4, 5].

While a widespread infection hitting many consumers simultaneously in the past is not unheard of, it is quite unusual with the security built into Windows 10 today.

[…]

Microsoft had recently updated their Microsoft Defender definitions to detect when their servers were added to the HOSTS file.

Users who utilize HOSTS files to block Windows 10 telemetry suddenly caused them to see the HOSTS file hijack detection.

In our tests, some of the Microsoft hosts detected in the Windows 10 HOSTS file include the following:

www.microsoft.com
microsoft.com
telemetry.microsoft.com
wns.notify.windows.com.akadns.net
v10-win.vortex.data.microsoft.com.akadns.net
us.vortex-win.data.microsoft.com
us-v10.events.data.microsoft.com
urs.microsoft.com.nsatc.net
watson.telemetry.microsoft.com
watson.ppe.telemetry.microsoft.com
vsgallery.com
watson.live.com
watson.microsoft.com
telemetry.remoteapp.windowsazure.com
telemetry.urs.microsoft.com

If you decide to clean this threat, Microsoft will restore the HOSTS file back to its default contents.

Default Windows 10 HOSTS file
Default Windows 10 HOSTS file

Users who intentionally modify their HOSTS file can allow this ‘threat,’ but it may enable all HOSTS modifications, even malicious ones, going forward.

So only allow the threat if you 100% understand the risks involved in doing so.

BleepingComputer has reached out to Microsoft with questions regarding this new detection.

Source: Windows 10: HOSTS file blocking telemetry is now flagged as a risk

Yup, I ran into this a few weeks ago. It’s highly annoying.

Lawmakers Ask California DMV How It Makes $50 Million a Year Selling Drivers’ Data

Posted on by

A group of nearly a dozen lawmakers led by member of Congress Anna Eshoo wrote to the California Department of Motor Vehicles (DMV) on Wednesday looking for answers on how and why the organization sells the personal data of residents. The letter comes after Motherboard revealed last year that the DMV was making $50 million annually from selling drivers’ information.

The news highlights how selling personal data is not limited to private companies, but some government entities follow similar practices too.

“What information is being sold, to whom it is sold, and what guardrails are associated with the sale remain unclear,” the letter, signed by congress members including Ted Lieu, Barbara Lee, and Mike Thompson, as well as California Assembly members Kevin Mullin and Mark Stone, reads.

Specifically, the letter asks what types of organizations has the DMV disclosed drivers’ data to in the past three years. Motherboard has previously reported on how other DMVs around the country sold such information to private investigators, including those hired to spy on suspected cheating spouses. In an earlier email to Motherboard, the California DMV said data requesters may include insurance companies, vehicle manufacturers, and prospective employers.

The information sold in general by DMVs includes names, physical addresses, and car registration information. Multiple other DMVs previously confirmed they have cut-off access to some clients after they abused the data.

On Wednesday, the California DMV said in an emailed statement, “The DMV does not sell driver information for marketing purposes or to generate revenue outside of the cost of administering its requester program—which only provides certain driver and vehicle related information as statutorily required.”

“The DMV takes its obligation to protect personal information very seriously. Information is only released according to California law, and the DMV continues to review its release practices to ensure information is only released to authorized persons/entities and only for authorized purposes. For example, if a car manufacturer is required to send a recall notice to thousands of owners of a particular model of car, the DMV may provide the car manufacturer with information on California owners of this particular model through this program,” the statement added.

After Motherboard’s earlier investigation into the sale of DMV data to private investigators, senators criticized the practice. Bernie Sanders more specifically said that DMVs should not profit from selling such data.

“In today’s ever-increasing digital world, our private information is too often stolen, abused, used for profit or grossly mishandled,” the new letter from lawmakers reads. “It’s critical that the custodians of the personal information of Americans—from corporations to government agencies—be held to high standards of data protection in order to restore the right of privacy in our country.”

Source: Lawmakers Ask California DMV How It Makes $50 Million a Year Selling Drivers’ Data