Search providers compaining that EU Google antitrust measures didn’t achieve anything

Posted on by

Four search providers – DuckDuckGo, Ecosia, Qwant, and Lilo – have penned an open letter to the European Commission claiming that Google is suppressing search engine competition.

The EU has made a number of efforts to counter Google’s search monopoly, including a July 2018 fine and ruling that the company engaged in “illegal tying of Google’s search and browser apps” and “illegal payments conditional on exclusive pre-installation of Google Search.”

Google responded with some licensing changes. In August 2019, it agreed with the EU to provide an Android Choice screen, which included selling spots on the new menu via auction – leading to participants like privacy-centric DuckDuckGo complaining that they were priced out.

Google's new Android Choice screen

Google’s new Android Choice screen

The Android Choice screen has since been revised by further agreement with the European Commission, and now features more options and free participation. The new choice screen includes up to 12 search services, with the five most popular search engines in the local country listed first, as recorded by StatCounter, and is free for search providers.

Third-party search providers are not happy. Today’s open letter [PDF] states that “despite recent changes, we do not believe it will move market share significantly.” The providers say that the new Android Choice menu is “only shown once, in a Google-designed, Google-owned onboarding process. If [users] later decide to switch defaults, they must labour through 15+ clicks or factory-reset their phone.” They also complain that Chrome desktop and other operating systems are not included, and worry that “it doesn’t apply to all search aspects points in Android.”

[…]

“In the meantime, at least one search company went bankrupt. A German company called Cliqz invested €100m into building their own search algorithm and they went bankrupt. Google playing on time is a big problem.”

Cliqz said in its farewell post last year: “We failed to convince the political stakeholders, that Europe desperately needs an own independent digital infrastructure. Here we can only hope that someone else picks up the ball… the world needs a private search engine that is not just using Bing or Google in the backend.”

In Russia, Kroll said: “Yandex went down to a 20 per cent market share. Then they had a real choice screen on a fixed date and it went back to 60 per cent. I’m not saying we should do everything like Russia does, but it shows that it can have an effect.”

[…]

Source: Existence of Bing ‘essential’ to non-Google search engines • The Register

The entirety of Twitch has reportedly been leaked – change your password!

Posted on by

An anonymous hacker claims to have leaked the entirety of Twitch, including its source code and user payout information.

The user posted a 125GB torrent link to 4chan on Wednesday, stating that the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.

VGC can verify that the files mentioned on 4chan are publicly available to download as described by the anonymous hacker.

One anonymous company source told VGC that the leaked data is legitimate, including the source code for the Amazon-owned streaming platform.

Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday. We’ve requested comment from Twitch and will update this story when it replies.

[UPDATE: Twitch has confirmed the leak is authentic: “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”]

he leaked Twitch data reportedly includes:

  • The entirety of Twitch’s source code with commit history “going back to its early beginnings”
  • Creator payout reports from 2019
  • Mobile, desktop and console Twitch clients
  • Proprietary SDKs and internal AWS services used by Twitch
  • “Every other property that Twitch owns” including IGDB and CurseForge
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

Some Twitter users have started making their way through the 125GB of information that has leaked, with one claiming that the torrent also includes encrypted passwords, and recommending that users enable two-factor authentication to be safe.

If you have a Twitch account, it’s recommended that you also turn on two-factor authentication, which ensures that even if your password is compromised, you still need your phone to prove your identity using either SMS or an authenticator app.

To turn on two-factor identification:

  • Log on to Twitch, click your avatar and choose Settings
  • Go to Security and Privacy, then scroll down to the Security setting
  • Choose Edit Two-Factor Authentication to see if it’s already activated. If not, follow the instructions to turn it on (you’ll need your phone)

Source: The entirety of Twitch has reportedly been leaked | VGC

BMW’s New Factory Robots Can Paint Complex Designs on Cars

Posted on by

[…]

BMW is taking the next step with customization with a newly developed robot that can quickly paint vehicles with complex designs like a giant inkjet printer.

[…]

BMW worked with another German company, Duerr, to create a new factory robot that can paint two-tone finishes, or create elaborate designs on a vehicle, without any in-between masking required. The robot’s called the EcoPaintJet Pro and instead of a traditional paint sprayer on the business end, it uses a contraption that’s not unlike the print head on your inkjet printer. Jets of ink, as small as half a millimeter in thickness, are sprayed through an orifice plate which creates defined edges as it hits the vehicle. When combined with the precision movements of the EcoPaintJet Pro’s robotic arm, intricate designs can be created with transitions between colors that look as crisp as if masking techniques, such as tape or stencils, had been used.

At the BMW Dingolfing plant in Munich, the new robot and paint technique is being piloted on 19 new BMW M4 Coupés that roll out of the factory with a special two-tone finish featuring M4 branding on the hood and tailgate

[…]

The precision of the applied paint means there’s no overspray—excess paint that ends up inside a painting room that has to be cleared away and disposed of, resulting in wasted materials and the use of harsh chemicals. BMW also believes the EcoPaintJet Pro will result in lower energy consumption as it will change how the sealed and highly ventilated painting rooms in its factories operate. “Since paint separation is no longer required, the amount of air needed is also lower. At around 7,000 operating hours, this results in energy savings of more than 6,000 megawatt-hours and reduces the carbon footprint by nearly 2,000 tonnes per year.”

Source: BMW’s New Factory Robots Can Paint Complex Designs on Cars

Telegraph newspaper exposes 10TB of server, user data online

Posted on by

The Telegraph newspaper managed to leak 10TB of subscriber data and server logs after leaving an Elasticsearch cluster unsecured for most of September, according to the researcher who found it online.

The blunder was uncovered by well-known security researcher Bob Diachenko, who said that the cluster had been freely accessible “without a password or any other authentication required to access it.”

After sampling the database to determine its owner, Diachenko saw the personal details of at least 1,200 Telegraph subscribers along with a substantial quantity of internal server logs, he told The Register.

“A significant portion of the records were unencrypted,” he said. Screenshots he provided showed information including the user-agent string and device type, while categories of personal data included subscribers’ first and last names, email addresses, subscriber status, IP addresses and device type and operating system.

Affected users “should be on the lookout for targeted phishing and scams,” Diachenko advised. “Names and emails in the database can be used to send readers targeted scam messages.”

Aside from potential scam emails, the risk from this breach is relatively low unless having your news-reading habits collated in one place might cause professional embarrassment: Diachenko highlighted that in the data sample he viewed were a handful of gov.uk email addresses.

[…]

Source: Telegraph newspaper exposes 10TB of server, user data online • The Register

Oculus Quest VR Goggles Becomes a Paperweight When Facebook Goes Down

Posted on by

When Facebook went down yesterday for nearly six hours, so did Oculus’ services. Since Facebook owns VR headset maker Oculus, and controversially requires Oculus Quest users to log in with a Facebook account, many Quest owners reported not being able to load their Oculus libraries. “[A]nd those who just took a Quest 2 out of the box have reported that they’re unable to complete the initial setup,” adds PCGamer. As VRFocus points out, “the issue has raised another important question relating to Oculus’ services being so closely linked with a Facebook account, your Oculus Quest/Quest 2 is essentially bricked until services resume.” From the report: This vividly highlights the problem with having to connect to Facebook’s services to gain access to apps — the WiFi connection was fine. Even all the ones downloaded and taking up actual storage space didn’t show up. It’s why some VR fans began boycotting the company when it made all mandatory that all Oculus Quest 2’s had to be affiliated with a Facebook account. If you want to unlink your Facebook account from Oculus Quest and don’t want to pay extra for that ability, you’re in luck thanks to a sideloadable tool called “Oculess.” From an UploadVR article published earlier today: You still need a Facebook account to set up the device in the first place and you need to give Facebook a phone number or card details to sideload, but after that you could use Oculess to forgo Facebook entirely — just remember to never factory reset. The catch is you’ll lose access to Oculus Store apps because the entitlement check used upon launching them will no longer function. System apps like Oculus TV and Browser will also no longer launch, and casting won’t work. You can still sideload hundreds of apps from SideQuest though, and if you want to keep browsing the web in VR you can sideload Firefox Reality. You can still use Oculus Link to play PC VR content, but only if you stay signed into Facebook on the Oculus PC app. Virtual Desktop won’t work because it’s a store app, but you can sideload free alternatives such as ALVR.

To use Oculess, just download it from GitHub and sideload it using SideQuest or Oculus Developer Hub, then launch it from inside VR. If your Quest isn’t already in developer mode or you don’t know how to sideload you can follow our guide here.

Source: Oculus Quest Becomes a Paperweight When Facebook Goes Down – Slashdot

Scientists Have Successfully Recorded Data to DNA in Minutes not hours

Posted on by

[…]

researchers at Northwestern University have devised a new method for recording information to DNA that takes minutes rather than hours or days.

The researchers utilized a novel enzymatic system to synthesize DNA that records rapidly changing environmental signals straight into its sequences, and this method could revolutionize how scientists examine and record neurons inside the brain.

A faster and higher resolution recording

To record intracellular molecular and digital data to DNA, scientists currently rely on multipart processes that combine new information with existing DNA sequences. This means that, for an accurate recording, they must stimulate and repress the expression of specific proteins, which can take over 10 hours to complete.

The new study’s researchers hypothesized they could make this process faster by utilizing a new method they call “Time-sensitive Untemplated Recording using Tdt for Local Environmental Signals”, or TURTLES. This way, they would synthesize completely new DNA rather than copying a template of it. The method enabled the data to be recorded into the genetic code in a matter of minutes.

[…]

Source: Scientists Have Successfully Recorded Data to DNA in a Few Short Minutes

Millions of AMD PCs affected by new CPU driver flaw need to be patched ASAP

Posted on by

After finding several security flaws in Intel’s System Guard Extensions (SGX), security researchers have now revealed a flaw in AMD’s Platform Security Processor (PSP) chipset driver that makes it easy for attackers to steal sensitive data from Ryzen-powered systems. On the upside, there’s already patches available from both Microsoft and AMD to shut the exploit.

Recently, AMD disclosed a vulnerability in the AMD Platform Security Processor (PSP) chipset driver that allows malicious actors to dump memory pages and exact sensitive information such as passwords and storage decryption keys.

The flaw is tracked under CVE-2021-26333 and is considered medium severity. It affects a wide range of AMD-powered systems, with all Ryzen desktop, mobile, and workstation CPUs being affected. Additionally, PCs equipped with a 6th and 7th generation AMD A-series APU or modern Athlon processors are vulnerable to the same attack.

Security researcher Kyriakos Economou over at ZeroPeril discovered the flaw back in April. His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges. At the same time, this attack method can bypass exploitation mitigations like kernel address space layout randomization (KASLR).

The good news is there are patches available for this flaw. One way to ensure you get them is to download the latest AMD chipset drivers from TechSpot Drivers page or AMD’s own website. The driver was released a month ago, but at the time AMD chose not to fully disclose the security fixes contained in the release.

[…]

Source: Millions of AMD PCs affected by new CPU driver flaw need to be patched ASAP | TechSpot

Pandora Papers: World leaders deny wrongdoing after leaks

Posted on by

Several world leaders have denied wrongdoing after featuring in a huge leak of financial documents from offshore companies.

Dubbed the Pandora Papers, the 12 million files constitute the biggest such leak in history.

Russian President Vladimir Putin and Jordan’s King Abdullah II bin Al-Hussein are among some 35 current and former leaders linked to the files.

Both have issued statements saying they have done nothing wrong.

Jordan’s royal palace said it was “not unusual nor improper” that King Abdullah owned property abroad.

Leaked documents show the leader secretly spent more than £70m ($100m) on a property empire in the UK and US since taking power in 1999.

Kremlin spokesman Dmitry Peskov meanwhile questioned the reliability of the “unsubstantiated” information, after it detailed hidden wealth linked to President Putin and members of his inner circle.

[…]

The data was obtained by the International Consortium of Investigative Journalists (ICIJ) in Washington DC, which has been working with more than 140 media organisations on its biggest ever global investigation.

BBC Panorama and the Guardian have led the investigation in the UK.

Other leaders linked to the leak include:

  • Czech Prime Minister Andrej Babis, who allegedly failed to declare an offshore investment company used to purchase two villas for £12m in the south of France
  • Kenyan President Uhuru Kenyatta, who – along with six members of his family – has been linked to 13 offshore companies
  • Chile’s President Sebastián Piñera, a billionaire businessman, who is accused of selling a copper and iron mine in an environmentally sensitive area to a childhood friend, as detailed in Spain’s El Pais newspaper
  • And Azerbaijan’s President Ilham Aliyev, whose family and close associates have allegedly been secretly involved in property deals in the UK worth more than £400m

[…]

Source: Pandora Papers: World leaders deny wrongdoing after leaks – BBC News

There’s a Murky Multibillion-Dollar Market for Your Phone’s Location Data

Posted on by

Companies that you likely have never heard of are hawking access to the location history on your mobile phone. An estimated $12 billion market, the location data industry has many players: collectors, aggregators, marketplaces, and location intelligence firms, all of which boast about the scale and precision of the data that they’ve amassed.

Location firm Near describes itself as “The World’s Largest Dataset of People’s Behavior in the Real-World,” with data representing “1.6B people across 44 countries.” Mobilewalla boasts “40+ Countries, 1.9B+ Devices, 50B Mobile Signals Daily, 5+ Years of Data.” X-Mode’s website claims its data covers “25%+ of the Adult U.S. population monthly.”

In an effort to shed light on this little-monitored industry, The Markup has identified 47 companies that harvest, sell, or trade in mobile phone location data. While hardly comprehensive, the list begins to paint a picture of the interconnected players that do everything from providing code to app developers to monetize user data to offering analytics from “1.9 billion devices” and access to datasets on hundreds of millions of people. Six companies claimed more than a billion devices in their data, and at least four claimed their data was the “most accurate” in the industry.

The Location Data Industry: Collectors, Buyers, Sellers, and Aggregators

The Markup identified 47 players in the location data industry

The logo of 1010Data

1010Data
The logo of Acxiom

Acxiom
The logo of AdSquare

AdSquare
The logo of ADVAN

ADVAN
The logo of Airsage

Airsage
The logo of Amass Insights

Amass Insights
The logo of Alqami

Alqami
The logo of Amazon AWS Data Exchange

Amazon AWS Data Exchange
The logo of Anomaly 6

Anomaly 6
The logo of Babel Street

Babel Street
The logo of Blis

Blis
The logo of Complementics

Complementics
The logo of Cuebiq

Cuebiq
The logo of Datarade

Datarade
The logo of Foursquare

Foursquare
The logo of Gimbal

Gimbal
The logo of Gravy Analytics

Gravy Analytics
The logo of GroundTruth

GroundTruth
The logo of Huq Industries

Huq Industries
The logo of InMarket / NinthDecimal

InMarket / NinthDecimal
The logo of Irys

Irys
The logo of Kochava Collective

Kochava Collective
The logo of Lifesight

Lifesight
The logo of Mobilewalla

Mobilewalla

“40+ Countries, 1.9B+ Devices, 50B Mobile Signals Daily, 5+ Years of Data”

The logo of Narrative

Narrative
The logo of Near

Near

“The World’s Largest Dataset of People’s Behavior in the Real-World”

The logo of Onemata

Onemata
The logo of Oracle

Oracle
The logo of Phunware

Phunware
The logo of PlaceIQ

PlaceIQ
The logo of Placer.ai

Placer.ai
The logo of Predicio

Predicio
The logo of Predik Data-Driven

Predik Data-Driven
The logo of Quadrant

Quadrant
The logo of QueXopa

QueXopa
The logo of Reveal Mobile

Reveal Mobile
The logo of SafeGraph

SafeGraph
The logo of Snowflake

Snowflake
The logo of start.io

start.io
The logo of Stirista

Stirista
The logo of Tamoco

Tamoco
The logo of THASOS

THASOS
The logo of Unacast

Unacast
The logo of Venntel

Venntel
The logo of Venpath

Venpath
The logo of Veraset

Veraset
The logo of X-Mode (Outlogic)

X-Mode (Outlogic)
Created by Joel Eastwood and Gabe Hongsdusit. Source: The Markup. (See our data, including extended company responses, here.)

“There isn’t a lot of transparency and there is a really, really complex shadowy web of interactions between these companies that’s hard to untangle,” Justin Sherman, a cyber policy fellow at the Duke Tech Policy Lab, said. “They operate on the fact that the general public and people in Washington and other regulatory centers aren’t paying attention to what they’re doing.”

Occasionally, stories illuminate just how invasive this industry can be. In 2020, Motherboard reported that X-Mode, a company that collects location data through apps, was collecting data from Muslim prayer apps and selling it to military contractors. The Wall Street Journal also reported in 2020 that Venntel, a location data provider, was selling location data to federal agencies for immigration enforcement.

A Catholic news outlet also used location data from a data vendor to out a priest who had frequented gay bars, though it’s still unknown what company sold that information.

Many firms promise that privacy is at the center of their businesses and that they’re careful to never sell information that can be traced back to a person. But researchers studying anonymized location data have shown just how misleading that claim can be.

[…]

Most times, the location data pipeline starts off in your hands, when an app sends a notification asking for permission to access your location data.

Apps have all kinds of reasons for using your location. Map apps need to know where you are in order to give you directions to where you’re going. A weather, waves, or wind app checks your location to give you relevant meteorological information. A video streaming app checks where you are to ensure you’re in a country where it’s licensed to stream certain shows.

But unbeknownst to most users, some of those apps sell or share location data about their users with companies that analyze the data and sell their insights, like Advan Research. Other companies, like Adsquare, buy or obtain location data from apps for the purpose of aggregating it with other data sources

[…]

Companies like Adsquare and Cuebiq told The Markup that they don’t publicly disclose what apps they get location data from to keep a competitive advantage but maintained that their process of obtaining location data was transparent and with clear consent from app users.

[…]

Yiannis Tsiounis, the CEO of the location analytics firm Advan Research, said his company buys from location data aggregators, who collect the data from thousands of apps—but would not say which ones.

[…]

Into the Location Data Marketplace 

Once a person’s location data has been collected from an app and it has entered the location data marketplace, it can be sold over and over again, from the data providers to an aggregator that resells data from multiple sources. It could end up in the hands of a “location intelligence” firm that uses the raw data to analyze foot traffic for retail shopping areas and the demographics associated with its visitors. Or with a hedge fund that wants insights on how many people are going to a certain store.

“There are the data aggregators that collect the data from multiple applications and sell in bulk. And then there are analytics companies which buy data either from aggregators or from applications and perform the analytics,” said Tsiounis of Advan Research. “And everybody sells to everybody else.”

Some data marketplaces are part of well-known companies, like Amazon’s AWS Data Exchange, or Oracle’s Data Marketplace, which sell all types of data, not just location data.

[…]

companies, like Narrative, say they are simply connecting data buyers and sellers by providing a platform. Narrative’s website, for instance, lists location data providers like SafeGraph and Complementics among its 17 providers with more than two billion mobile advertising IDs to buy from

[…]

To give a sense of how massive the industry is, Amass Insights has 320 location data providers listed on its directory, Jordan Hauer, the company’s CEO, said. While the company doesn’t directly collect or sell any of the data, hedge funds will pay it to guide them through the myriad of location data companies, he said.

[…]

Oh, the Places Your Data Will Go

There are a whole slew of potential buyers for location data: investors looking for intel on market trends or what their competitors are up to, political campaigns, stores keeping tabs on customers, and law enforcement agencies, among others.

Data from location intelligence firm Thasos Group has been used to measure the number of workers pulling extra shifts at Tesla plants. Political campaigns on both sides of the aisle have also used location data from people who were at rallies for targeted advertising.

Fast food restaurants and other businesses have been known to buy location data for advertising purposes down to a person’s steps. For example, in 2018, Burger King ran a promotion in which, if a customer’s phone was within 600 feet of a McDonalds, the Burger King app would let the user buy a Whopper for one cent.

The Wall Street Journal and Motherboard have also written extensively about how federal agencies including the Internal Revenue Service, Customs and Border Protection, and the U.S. military bought location data from companies tracking phones.

[…]

Outlogic (formerly known as X-Mode) offers a license for a location dataset titled “Cyber Security Location data” on Datarade for $240,000 per year. The listing says “Outlogic’s accurate and granular location data is collected directly from a mobile device’s GPS.”

At the moment, there are few if any rules limiting who can buy your data.

Sherman, of the Duke Tech Policy Lab, published a report in August finding that data brokers were advertising location information on people based on their political beliefs, as well as data on U.S. government employees and military personnel.

“There is virtually nothing in U.S. law preventing an American company from selling data on two million service members, let’s say, to some Russian company that’s just a front for the Russian government,” Sherman said.

Existing privacy laws in the U.S., like California’s Consumer Privacy Act, do not limit who can purchase data, though California residents can request that their data not be “sold”—which can be a tricky definition. Instead, the law focuses on allowing people to opt out of sharing their location in the first place.

[…]

“We know in practice that consumers don’t take action,” he said. “It’s incredibly taxing to opt out of hundreds of data brokers you’ve never even heard of.”

[…]

 

Source: There’s a Multibillion-Dollar Market for Your Phone’s Location Data – The Markup

Chinese AI gets ethical guidelines for the first time

Posted on by

[…]

Humans should have full decision-making power, the guidelines state, and have the right to choose whether to accept AI services, exit an interaction with an AI system or discontinue its operation at any time. The document was published by China’s Ministry of Science and Technology (MOST) last Sunday.

The goal is to “make sure that artificial intelligence is always under the control of humans,” the guidelines state.

“This is the first specification we see from the [Chinese] government on AI ethics,” said Rebecca Arcesati, an analyst at the German think tank Mercator Institute for China Studies (Merics). “We had only seen high-level principles before.”

The guidelines, titled “New Generation Artificial Intelligence Ethics Specifications”, were drafted by an AI governance committee, which was established under the MOST in February 2019. In June that year, the committee published a set of guiding principles for AI governance that was much shorter and broader than the newly released specifications.

[…]

The document outlines six basic principles for AI systems, including ensuring that they are “controllable and trustworthy”. The other principles are improving human well-being, promoting fairness and justice, protecting privacy and safety, and raising ethical literacy.

The emphasis on protecting and empowering users reflects Beijing’s efforts to exercise greater control over the country’s tech sector. One of the latest moves in the year-long crackdown has been targeting content recommendation algorithms, which often rely on AI systems built on collecting and analysing massive amounts of user data.

[…]

The new AI guidelines are “a clear message to tech giants that have built entire business models on recommendation algorithms”, Arcesati said.

However, the changes are being done in the name of user choice, giving users more control over their interactions with AI systems online, an issue other countries are also grappling with. Data security, personal privacy and the right to opt out of AI-driven decision-making are all mentioned in the new document.

Preventing risks requires spotting and addressing technical and security vulnerabilities in AI systems, making sure that relevant entities are held accountable, the document says, and that the management and control of AI product quality are improved.

The guidelines also forbid AI products and services from engaging in illegal activities and severely endangering national security, public security or manufacturing security. Neither should they be able to harm the public interest, the document states.

[…]

Source: Chinese AI gets ethical guidelines for the first time, aligning with Beijing’s goal of reining in Big Tech | South China Morning Post

Facebook, Instagram, and WhatsApp hit by 6 hr + global outage, stock tanks

Posted on by

Facebook offered “sincere apologies” Monday afternoon as a sweeping outage of its site and various other properties, including Instagram, WhatsApp and Messenger, stretched for more than six hours and helped to wipe more than $50 billion off Facebook’s market cap — the stock’s worst day of trading in almost a year.

The issues started around 11:45 a.m. ET, according to DownDetector, and hit users globally, taking out critical communications platforms that billions of people and businesses rely on everyday. Service began to return at around 6 p.m.

While Facebook has yet to identify the root of the issue, cybersecurity experts said it does not appear to be a cyberattack and instead seems to be linked to internal issues with Facebook’s systems.

[…]

As Facebook scrambled to solve the issue, investors ditched the stock, sending almost 5 percent lower to $326.23 per share. It was the stock’s biggest one-day plummet since Nov. 9, 2020.

Facebook founder Mark Zuckerberg’s personal wealth took a more than $6 billion hit on Monday, sending him below Microsoft founder Bill Gates to No. 5 on Bloomberg’s Billionaires Index. Zuckerberg is now worth about $121.6 billion, down from almost $140 billion just a couple weeks ago, according to Bloomberg.

The outage also disrupted internal Facebook systems, including security, a company calendar and scheduling tools, The Times reported, adding that some Facebook employees weren’t even able to enter buildings due to the outage.

[…]

In a curious twist, by early afternoon, the domain name “Facebook.com” was listed for sale by Domain Tools. The organization behind the domain registration was still listed as Facebook, Inc. and it’s unclear why the site’s address would be listed for sale.

[…]

Other popular sites — including Gmail and Microsoft-owned LinkedIn –also began to experience some issues throughout the day, according to DownDetector.

[…]

Oculus, the Facebook-owned virtual reality gaming platform, was having issues, too.

“We’re aware that some people are having trouble accessing our apps and products. We’re working to get things back to normal as quickly as possible, and we apologize for any inconvenience,” Oculus tweeted.

As social media fanatics flocked to Twitter, the Facebook rival joked, “hello literally everyone,” in a tweet that racked up nearly half a million retweets.

But Twitter itself saw some outages Monday afternoon, according to DownDetector, with several thousand people reporting issues on the site.

[…]

The outage comes a day after a Facebook whistleblower who leaked a trove of damning internal documents to the Wall Street Journal came forward and identified herself as Frances Haugen, a former product manager at Facebook.

[…]

Source: Facebook, Instagram, and WhatsApp hit by global outage, stock tanks

Company That Routes Billions of Text Messages Quietly Says It Was Hacked – for years (you know, the messages we now use for 2FA)

Posted on by

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.

The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown “individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”

A former Syniverse employee who worked on the EDT systems told Motherboard that those systems have information on all types of call records.

[…]

“Syniverse is a common exchange hub for carriers around the world passing billing info back and forth to each other,” the source, who asked to remain anonymous as they were not authorized to talk to the press, told Motherboard. “So it inevitably carries sensitive info like call records, data usage records, text messages, etc. […] The thing is—I don’t know exactly what was being exchanged in that environment. One would have to imagine though it easily could be customer records and [personal identifying information] given that Syniverse exchanges call records and other billing details between carriers.”

The company wrote that it discovered the breach in May 2021, but that the hack began in May of 2016.

[…]

“The world’s largest companies and nearly all mobile carriers rely on Syniverse’s global network to seamlessly bridge mobile ecosystems and securely transmit data, enabling billions of transactions, conversations and connections [daily],” Syniverse wrote in a recent press release.

“Syniverse has access to the communication of hundreds of millions, if not billions, of people around the world. A five-year breach of one of Syniverse’s main systems is a global privacy disaster,” Karsten Nohl, a security researcher who has studied global cellphone networks for a decade, told Motherboard in an email. “Syniverse systems have direct access to phone call records and text messaging, and indirect access to a large range of Internet accounts protected with SMS 2-factor authentication. Hacking Syniverse will ease access to Google, Microsoft, Facebook, Twitter, Amazon and all kinds of other accounts, all at once.”

[…]

Syniverse disclosed the breach in an August SEC filing as the company gearing to go public at a valuation of $2.85 billion via a merger with M3-Brigade Acquisition II Corp., a special purpose acquisition company (SPAC).

[…]

Source: Company That Routes Billions of Text Messages Quietly Says It Was Hacked

Clearview AI Says It Can Do the ‘Computer Enhance’ Thing – wait, this evil has not yet been purged?

Posted on by

Sketchy face recognition company Clearview AI has inflated its stockpile of scraped images to over 10 billion, according to its co-founder and CEO Hoan Ton-That. What’s more, he says the company has new tricks up its sleeve, like using AI to draw in the details of blurry or partial images of faces.

Clearview AI has reportedly landed contracts with over 3,000 police and government customers including 11 federal agencies, which it says use the technology to identify suspects when it might otherwise be impossible. In April, a BuzzFeed report citing a confidential source identified over 1,800 public agencies that had tested or currently uses its products, including everything from police and district attorney’s offices to Immigration and Customs Enforcement and the U.S. Air Force. It also reportedly has worked with dozens of private companies including Walmart, Best Buy, Albertsons, Rite Aid, Macy’s, Kohl’s, AT&T, Verizon, T-Mobile, and the NBA.

Clearview has landed such deals despite facing considerable legal trouble over its unauthorized acquisition of those billions of photos, including state and federal lawsuits claiming violations of biometrics privacy laws, a consumer protection suit brought by the state of Vermont, the company’s forced exit from Canada, and complaints to privacy regulators in at least five other countries. There have also been reports detailing Ton-That’s historic ties to far-right extremists (which he denies) and pushback against the use of face recognition by police in general, which has led to bans on such use in over a dozen U.S. cities.

In an interview with Wired on Monday, Ton-That claimed that Clearview has now scraped over 10 billion images from the open web for use in its face recognition database. According to the CEO, the company is also rolling out a number of machine learning features, including one that uses AI to reconstruct faces that are obscured by masks.

Specifically, Ton-That told Wired that Clearview is working on “deblur” and “mask removal” tools. The first feature should be familiar to anyone who’s ever used an AI-powered image upscaling tool, taking a lower-quality image and using machine learning to add extra details. The mask removal feature uses statistical patterns found in other images to guess what a person might look like under a mask. In both cases, Clearview would essentially be offering informed guesswork. I mean, what could go wrong?

As Wired noted, quite a lot. There’s a very real difference between using AI to upscale Mario’s face in Super Mario 64 and using it to just sort of suggest what a suspect’s face might look like to cops. For example, existing face recognition tools have been repeatedly assessed as riddled with racial, gender, and other biases, and police have reported extremely high failure rates in its use in criminal investigations. That’s before adding in the element of the software not even knowing what a face really looks like—it’s hard not to imagine such a feature being used as a pretext by cops to fast-track investigative leads.

[…]

“… My intention with this technology is always to have it under human control. When AI gets it wrong it is checked by a person.” After all, it’s not like police have a long and storied history of using junk science to justify misconduct or prop up arrests based on flimsy evidence and casework, which often goes unquestioned by courts.

Ton-That is, of course, not that naive to think that police won’t use these kinds of capabilities for purposes like profiling or padding out evidence. Again, Clearview’s backstory is full of unsettling ties to right-wing extremists—like the reactionary troll and accused Holocaust denier Chuck C. Johnson—and Ton-That’s track record is full of incidents where it looks an awful lot like he’s exaggerating capabilities or deliberately stoking controversy as a marketing tool. Clearview itself is fully aware of the possibilities for questionable use by police, which is why the company’s marketing once advertised that cops could “run wild” with their tools and the company later claimed to be building accountability and anti-abuse features after getting its hooks into our justice system.

Source: Clearview AI Says It Can Do the ‘Computer Enhance’ Thing

9 Horrifying Facts From the Facebook Whistleblower Interview

Posted on by

Last week, the Wall Street Journal published internal research from Facebook showing that the social media company knows precisely how toxic its own product is for the people who use it. But tonight, we learned how the Journal obtained those documents: A whistleblower named Frances Haugen, who spoke with CBS News’ 60 Minutes about the ways Facebook is poisoning society.

The 37-year-old whistleblower liberated “tens of thousands” of pages of documents from Facebook and even plans to testify to Congress at some point this week. Haugen has filed at least eight complaints with the SEC alleging that Facebook has lied to shareholders about its own product.

Fundamentally, Haugen alleges there’s a key conflict between what’s good for Facebook and what’s good for society at large. At the end of the day, things that are good for Facebook tend to be bad for the world we live in, according to Haugen. We’ve pulled out some of the most interesting tidbits from Sunday’s interview that highlight this central point.

1) Facebook’s algorithm intentionally shows users things to make them angry

Haugen explained to 60 Minutes how Facebook’s algorithm chooses content that’s likely to make users angry because that causes the most engagement. And user engagement is what Facebook turns into ad dollars.

[…]

2) Facebook is worse than most other social media companies

[…]

Haugen previously worked at Pinterest and Google, and insists that Facebook really is worse than the rest of Big Tech in substantial ways.

3) Facebook dissolved its Civic Integrity unit after the 2020 election and before the Jan. 6 Capitol insurrection

Haugen worked at the so-called Civic Integrity unit of Facebook, in charge of combating political misinformation on the platform. But the social media company seemed to think they were in the clear after the U.S. presidential election in November 2020 and that Civic Integrity could be shut down.

[…]

4) Political parties in Europe ran negative ads because it was the only way to reach people on Facebook

[…]

Summarizing the position of political parties in Europe, Haugen explained, “You are forcing us to take positions that we don’t like, that we know are bad for society. We know if we don’t take those positions, we won’t win in the marketplace of social media.”

5) Facebook only identifies a tiny fraction of hate and misinformation on the platform

Facebook’s internal research shows that it identifies roughly; 3-5% of hate on the platform and less than 1% of violence and incitement, according to one of the studies leaked by Haugen.

[…]

6) Instagram is making kids miserable

Facebook owns Intagram, and as 60 Minutes points out, the documents leaked by Haugen show that 13.5% of teen girls say Instagram makes thoughts of sucide worse, and 17% say it makes their eating disorders worse.

[…]

7) Employees at Facebook aren’t necessarily evil, they just have perverse incentives

Haugen says that the people who work at Facebook aren’t bad people, which seems like the kind of thing someone who previously worked at Facebook might say.

[…]

8) Haugen even has empathy for Zuck

[…]

9) Haugen believes she’s covered by whistleblower laws, but we’ll see

[…]

while Dodd-Frank hypothetically protects employees talking with the SEC, it doesn’t necessarily protect people talking with journalists and taking thousands of pages of documents. But we’re going to find out pretty quickly just how much protection whistleblowers actually get in the U.S. Historically, let’s just say the answer has been “not much.”

 

Source: 9 Horrifying Facts From the Facebook Whistleblower Interview

Millions Experience Browser Problems After Long-Anticipated Expiration of IdentTrust DST Root CA X3 SSL Certificate

Posted on by

“The expiration of a key digital encryption service on Thursday sent major tech companies nationwide scrambling to deal with internet outages that affected millions of online users,” reports the Washington Examiner.

The expiring certificate was issued by Let’s Encrypt — though ZDNet notes there’s been lots of warnings about its pending expiration: Digital Shadows senior cyber threat analyst Sean Nikkel told ZDNet that Let’s Encrypt put everyone on notice back in May about the expiration of the Root CA Thursday and offered alternatives and workarounds to ensure that devices would not be affected during the changeover. They have also kept a running forum thread open on this issue with fairly quick responses, Nikkel added.
Thursday night the Washington Examiner describes what happened when the big day arrived: Tech giants — such as Amazon, Google, Microsoft, and Cisco, as well as many smaller tech companies — were still battling with an endless array of issues by the end of the night… At least 2 million people have seen an error message on their phones, computers, or smart gadgets in the past 24 hours detailing some internet connectivity problems due to the certificate issue, according to Scott Helme, an internet security researcher and well-known cybersecurity expert. “So many people have been affected, even if it’s only the inconvenience of not being able to visit certain websites or some of their apps not working,” Helme said.

“This issue has been going on for many hours, and some companies are only just getting around to fixing it, even big companies with a lot of resources. It’s clearly not going smoothly,” he added.

There was an expectation before the certificate expired, Helme said, that the problem would be limited to gadgets and devices bought before 2017 that use the Let’s Encrypt digital certificate and haven’t updated their software. However, many users faced issues on Thursday despite having the most cutting-edge devices and software on hand. Dozens of major tech products and services have been significantly affected by the certificate expiration, such as cloud computing services for Amazon, Google, and Microsoft; IT and cloud security services for Cisco; sellers unable to log in on Shopify; games on RocketLeague; and workflows on Monday.com.
Security researcher Scott Helme also told ZDNet he’d also confirmed issues at many other companies, including Guardian Firewall, Auth0, QuickBooks, and Heroku — but there might be many more beyond that: “For the affected companies, it’s not like everything is down, but they’re certainly having service issues and have incidents open with staff working to resolve. In many ways, I’ve been talking about this for over a year since it last happened, but it’s a difficult problem to identify. it’s like looking for something that could cause a fire: it’s really obvious when you can see the smoke…!”

Digital certificates expert Tim Callan added that the popularity of DevOps-friendly architectures like containerization, virtualization and cloud has greatly increased the number of certificates the enterprise needs while radically decreasing their average lifespan. “That means many more expiration events, much more administration time required, and greatly increased risk of a failed renewal,” he said.

Source: Millions Experience Browser Problems After Long-Anticipated Expiration of ‘Let’s Encrypt’ Certificate – Slashdot

Just How Much Time Do We Spend On Our Phones?

Posted on by

Just How Much Time Do We Spend On Our Phones?

Phones have become so essential that it’s become tough to imagine our lives without them. What’s funny about this is that most people alive today can remember a time when we didn’t have cell phones, let alone smartphones. Even so, it’s difficult to recall exactly how we lived back then.

However, while we all know that our phones have become a big part of our lives, many of us aren’t aware of just how much time we spend looking at these devices. If you had to make a guess, you’d probably say “a lot.” However, that answer isn’t good enough for us. We want to know what’s really going on.

Below you will find a lot of data about how much time we spend on our phones, how this impacts us, both positive and negative, and some tips on developing healthy screen habits and ensuring our phones are having a positive impact on our lives.

How Much Time Do We Spend on Our Phones?

Let’s dive right in with some cold, hard numbers.

In total, we spend around five hours per day looking at our phones.

Yes, this seems like a lot, but if we stop to think about all the time we spend texting, scrolling through social media, watching YouTube videos, streaming Netflix, getting directions, and more, it’s easy to see how this can quickly add up to five hours. Of course, this is an average, so many people spend less, but others spend more.

No matter what, this is a pretty large number, and if we extrapolate it out, here’s how much time we really spend looking at our smartphones:

To put these numbers in context, this means that we spend a little bit less than one-third of our time on this planet looking at our phones, an astronomical number when you stop to think about it. Sure, presenting the numbers like this seems pretty dramatic. Still, if we live to be 75-years-old, we will have spent 15 of those years on our phones.

Is this a good or bad thing? Well, that depends on how you use your phone. Scrolling through social media for hours and hours probably isn’t the best idea, but watching educational YouTube videos doesn’t seem to be quite as bad. Again, it all depends on your perspective. Later on, we’ll discuss some of the potential impacts of too much screen time. For now, sit with the fact that you spend more time looking at your phone than you do going to school as a kid…

Other Phone Usage Statistics

Learning that we spend so much of our lives on our phones begs the question: what are we doing with all this time? Here are some stats that help shed some light on what we’re doing while we’re spending a third of our waking hours on our phones:

More Than Half of All Web Traffic Comes from Phones and Mobile Devices

This stat tells us that one of the biggest things we’re doing when we’re on our phones is searching the web. This could include shopping, social media, reading the news, etc. For some, it might come as a surprise that mobile phones make up such a large portion of overall internet traffic, but if we stop to think how far things have come, it makes sense.

For example, when smartphones first came out, their web browsers were terrible. That is no longer the case, in part because website developers are now forced to make sure a website is mobile-friendly. Also, mobile networks have improved considerably. The prevalence of apps has also helped usher in this mobile revolution.

Here are some other stats that we should all know:

 [1], [2], [3], [4], [5], [6]

Nomophobia: Our Phone Addiction

Given how much we use our phones, it’s normal to wonder: are we addicted?

If this is indeed your question, it turns out you’re not the only one to ask it. Several studies have looked into this very issue, and here’s what they found:

 [1], [2], [3], [4]

The Risks of Too Much Screen Time

Based on the numbers we’ve presented so far, it’s fair to wonder if all this screen time is good for us. At the moment, we don’t know the impact of screen time, though we have some indications.

Below are a few of the complications that can arise if you spend too much time looking at your phone:

Weight Gain/Obesity

No, there is nothing about your phone itself that will make you gain weight. Instead, it’s what we’re doing when we use our phones, mainly sitting down.

Of course, a phone is small enough where you could be doing something physical while looking at it, such as watching a show while running on a treadmill. Still, the vast majority of the time we spend looking at our phones, we spend sitting down contributing to our already sedentary lifestyles.

Obesity is the major public health issue in the United States, and while poor diet and lifestyle habits are to blame, the amount of time we spend sitting and consuming media also plays a role. Therefore, if you’re going to spend this much time on your phone, make sure you’re also making time to move your body and ward off the problems that can come from sitting so much.

Poor Sleep

Because of all our phones can do, it’s common to use them in some capacity before bed. As we saw earlier, the vast majority of people use their phones an hour before they go to bed and an hour after they awake.

Looking at your phone first thing in the morning isn’t going to impact your sleep, though it can take a toll on our mental health if it means we’re not making time for ourselves. Instead, excessive phone time before bed is much more harmful.

This is because our phone screens emit blue light. Our brains can’t distinguish this light from that which shines during the day, so looking at your phone, or any screen for that matter, can mess up your body’s internal clock and disrupt the natural processes that induce sleep.

Many phones now come with blue light filter settings to help deal with this, and while they are effective, they don’t completely solve the problem. Even without the light, looking at your phone before you go to bed means you’re mentally engaged with something at a time when you should be winding down and relaxing for bed. The best thing to do is try and limit the amount of time you look at your phone in the hour leading up to your bedtime.

Eye/Neck Strain and Headaches

Looking at screens for a long time can produce eye strain and headaches, primarily because of the light and because focusing on such a tiny screen for a long time can put undue stress on our eyes.

In addition to this, spending too much time on a phone can also lead to neck pain. When we use our phones, our necks are usually bent down, a posture that puts considerable stress on our spinal cord.

You may not realize this is happening at first, but if you are spending lots and lots of time on your phone, eventually, you will start to experience these pains. When this happens, put the phone down and take a break. Moving forward, pay attention to how you’ve positioned your body when you’re using your phone.

Stress

While our phones are meant to be useful and fun, for some, they can also be quite stressful. This is particularly the case if you use your personal phone for work. You’ll likely get messages at all hours of the day, and this can easily make it feel like you’re always working or that you should be. This is no fun for anyone.

Most of us also use our phones to check the news and social media, two realms that have become, shall we say, a bit negative. Constantly consuming this media is not a good idea, especially if you’re trying to relax. Try to set some limits and some ground rules so that you’re not exposing yourself to too much negativity.

We place a lot of expectations around phone use. For example, it’s become the norm to respond to text messages as soon as we receive and see them. However, this isn’t always ideal. If we don’t set proper boundaries, then our phones can easily overwhelm us. It might begin to feel like people are always trying to reach you and that you must always be available.

To combat this, try to manage expectations. You do not need to respond to messages right away, and if people demand that from you and you don’t want to meet that demand, you have a right to say something. It might take some time to train yourself that not every message or alert you receive is a command to respond, but if you manage to do this, then it’s likely your life will get a bit better.

Communication Breakdown

Lastly, and this is definitely a debatable point, but so much time on our phones has impacted how we communicate. Not only has it dramatically reduced our exposure to all-important non-verbal communication, but it has also started to interfere with our interpersonal interactions. How many times have you been at a social gathering where everyone has their phone out on the table or is actively looking at them while everyone is socializing.

Again, this isn’t necessarily a bad thing, but it is concerning. In-person communication is the best form, and it requires effort and energy. Consider making an effort to keep the phone stashed away while in the presence of others, or at the very least, limit how much you check it during social gatherings.

Some might argue that phones have made us better at communicating since we can do it more often and across long distances, but with the good comes the bad. At the end of the day, the best thing we can do is strive for balance.

How to Use Your Phone Responsibly

We’ve already mentioned some things you can do to make sure you’re using your phone responsibly, but here are a few other things you can do to help you develop a positive relationship with your device.

Take Breaks

Get in the habit of taking breaks from your phone. This has lots of benefits, but one of the most significant is that it gives us the chance to focus. If you’re working on something and are constantly checking your phone, each distraction breaks your attention and slows you down. One time might not be a big deal, but if you do this frequently, it will eat into your productivity and start causing problems in your life.

Make use of the “do not disturb” mode. This blocks all notifications so that you can’t get distracted. Another option is to just simply put your phone in airplane mode from time to time. This might be weird at first, but once you get used to it, you’ll see that it’s a straightforward way to stop yourself from reaching for your phone.

Use Timers

Another option is to use a timer app. These programs allow you to set time limits for specific apps, so you don’t use them as much. Many people put this in place for social media since it’s so easy to get sucked into the vortex and lose lots of time.

Flora is a good app for this, and every time you set a timer, the company plants a tree, which is nice! Another solid option is Space. This app has you take a small quiz when you first download it so that it can find out about your screen habits and develop a plan that’s going to be the most effective at helping you limit screen time.

There are many other apps you could use, so if you’re serious about reducing phone time, spend some time trying a few out to see which one works best for you.

Set Up a Cutoff Time

One simple trick is setting a time in the evening when you stop looking at your phone. If you struggle to do this, there’s a simple solution: turn the phone off!

Voluntarily turning your phone off in this day and age is not exactly a normal thing to do, but you’d be surprised how positive the impact can be. There’s something about having to turn it on to look at it that gets us to stop and think twice before checking the device.

At first, you may experience a bit of anxiety, but after a few times, you’ll likely find that the peace is welcome.

Don’t Sleep With Your Phone

Lastly, a surprising number of people sleep with their phones either in their beds or right next to them. If you want to cut back on how much you use it, then consider breaking this habit. Having it so close to you makes it all too tempting to use it right until the moment you decide to go to bed, which we all know can have some negative consequences. It also encourages you to reach for it the moment you wake up, which can induce stress.

Find a Good Balance

In the end, the phones themselves are neutral. It’s how we choose to use them that can be problematic. This article’s point was to shed some light on just how connected to our phones we’ve become and offer some guidance on how you can achieve a better balance. If you’re someone who uses their phone all the time, making a change might be challenging, but stick with it. You’ll likely experience some benefits. Ultimately, it’s all up to you, and if you’re happy with your phone usage, then we’re happy too!

Source: https://www.cellphonedeal.com/blog/just-how-much-time-do-we-spend-on-our-phones

Edit: https://www.cablecompare.com/blog/children-and-screen-time also has a good reading on this for children

Hackers Rob Thousands Coinbase Customers through SMS MFA Flaw – discloses today, happened around the IPO

Posted on by

Coinbase, a major U.S.-based bitcoin and cryptocurrency exchange, disclosed today that a hacker was able to bypass the company’s SMS multi-factor authentication mechanism and steal funds from 6,000 users, Bleeping Computer reported.

The breach of Coinbase customers’ accounts happened between March and May 20, 2021, in a hacking campaign that combined phishing scams and a vulnerability exploit on the company’s security measures.

The U.S.-based exchange, which has approximately 68 million users from more than 100 countries, reportedly said that in order to conduct the attack, the hackers needed to know the user’s email address, password, and phone number, as well as have access to their email accounts. It is not clear how the hackers gained access to that information.

“In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account,” Coinbase told customers in electronic notifications.

Beyond stealing funds, the hackers also exposed customers’ personal information, “including their full name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances,” per the report.

[…]

Source: Hackers Rob Thousands Coinbase Customers SMS MFA Flaw – Bitcoin Magazine: Bitcoin News, Articles, Charts, and Guides

The IPO happened in April. There is no way Coinbase didn’t know about this then! Maybe this is related to the heavy selling from company executives?

Knowbots – the first way to search, relevant again?

Posted on by

Back before the search engines, the internet was relatively small but still growing enough that it needed searching. Computers were slower so the speed with which we expect results from Google was impossible. In order to search the internet, Gopher users had Archie, Veroncia and Jughead as well as lists of known Gopher servers – which linked to more lists of known Gopher servers. If you are interested in this system, it’s still online and a good start to look is http://gopher.floodgap.com/gopher/. Another way to search, however, was through Knowbots. These consist of several components

  • A server (the “Knowbot Operating System”, or KOS) that runs on a host to enable it to run Knowbot programs. (In our terminology, this makes it a “Knowbot service station”.)
  • A distributed, replicated namespace server (the “worldroot server”) which provides the shared namespace used by Knowbot programs for navigation and environmental inquiries.
  • Tools to manage, create, submit, monitor and debug Knowbot programs.
  • Tools to monitor and control collections of Knowbot service stations.
  • A library of Python modules for use by Knowbot programs as well as by the support tools.

Usually to access a knowbot you telnet to a certain port and issue commands (and wait) or you email them and wait for a response.

The first knowbots up were Knowbot Information Services (KIS) to search for people.

The Knowbot Information Service (KIS) is another “white pages” service that performs a broad name search, checking MCI Mail, the X.500 White Pages Pilot Project, various Whois servers at various organizations (Whois is yet another directory service), and the UNIX finger command. It can be used either as a client program resident on your local machine, through e-mail, or by Telneting to a public server.

KIS uses subprograms called Knowbots to search for information. Each Knowbot looks for specific information from a site and reports back to the main program with the results.

Two hosts running KIS servers are info.cnri.reston.va.us and regulus.cs.bucknell.edu. You can access either one by electronic mail (send mail to netaddress@nri.reston.va.us, for instance) or using Telnet. (If you Telnet to a KIS server, you need to request port 185: instead of typing telnet regulus.cs.buckness.edu, you’d actually type telnet regulus.cs.buckness.edu 185.)

Because searching can take several minutes, I prefer to use the e-mail method; once KIS knows the results of the search, it mails them back to you.

In the body of your mail message to netaddress, put names of your associates, one per line. You may use first and last names or a login if you know them. Sending johnson will search the default list of directory servers for user johnson. Because KIS checks a predefined set of services, you do not need to supply an organization name to check for.

KIS also includes commands for narrowing your search and searching for an organization. For more help, include the word man in your e-mail to KIS or your interactive session.

Source: https://www.savetz.com/yic/YIC04FI_23.html

The University of Illinois had the following knowbot:

INTERNET ADDRESSES:
	nri.reston.va.us 185
	132.151.1.1 185
	sol.bucknell.edu 185
	134.82.1.8 185

DESCRIPTION:
	Knowbot is an useful information service for locating
someone with an Internet address. Knowbot does not
have its own "white pages" recording internet users like a
telephone book. However, Knowbot can access to other
information services that have their own "white pages"
and search for you. Commands to operate knowbot service
are easy but not very user friendly to first time users.

SERVICES:

Knowbot serves as a gateway for internet users in remote hosts by
sending searching commands to find someone in internet, receiving the
searching results and presenting results in a uniform format for the
user. However, very often the Knowbot search is fruitless, because
of the incomplete information of internet users.

Listed below are remote host accessible to Knowbot. They all have
their own users information pools.
	nic
	mcimail
	ripe
	x500
	finger
	nwhois
	mitwp
	quipu-country
	quipu-org
	ibm-whois
	site-contacts

LOGIN SEQUENCE:
	At system prompt, type 	telnet nri.reston.va.us 185
	systemprompt> 		telnet nri.reston.va.us 185

EXIT SEQUENCE:
	To exit Knowbot, type RquitS at the Knowbot prompt.
	 >quit
	
ACCESS COMMANDS:
	To enact command, type the command at Knowbot
	prompt,
	 >[command]
	 e.g. >help

	Access commands of Knowbot include:
	 >help
		to print a summary of Knowbot commands on
		screen

	 >man
		to print an on-line manual of Knowbot on screen

	 >quit
		to exit Knowbot information system

	 >[name]
		to start searching a name of person with internet
		address
		e.g. >Krol

	 >services
		to list all Knowbot accessible hosts

	 >service [hostname]
		to narrow the search service on a specific host
		e.g. > service nic

	 >org [organization]
		to narrow the search service on a specific
		organization
		e.g. >org University of Illinois

	 >country [country name]
		to narrow the search service on a specific country
		e.g. >country US

SAMPLE LOGIN:
	1. telnet to Knowbot at system prompt
		systemprompt> telnet nri.reston.va.us 185
		
	2. specify the organization of the person to be searched
		> org university of Illinois

	 and/or you may specify the host service
		> service nic
	
	3. type in the name to start searching
		> krol

	4. You may get the following result:

	Name:		Ed Krol
	Organization: 	University of Illinois
	Address:	 	Computing and Communications Service
			 	Office,195 DCL, 1304 West Springfield
			 	Avenue
	City:	 		Urbana
	State:	 	IL
	Country:	 	US
	Zip:	 	 	61801-4399
	Phone:	 	(217) 333-7886
	E-Mail:	 	Krol@UXC.CSO.UIUC.EDU
	Source:	 	whois@nic.ddn.mil
	Ident:	 	EK10
	Last Updated:	27-Nov-91

	5. exit Knowbot	
	 > quit

FRIENDLY ADVICE:
	Since there are no complete recordings of all Internet
	users, it is better not to expect to locate every internaut
	through Knowbot. However, the more you know about
	the person you want to locate, the easier the searching
	process, because you can narrow the search by specifying
	organization, country, or host of the person to be
	searched, which will save you a lot of time.

DOCUMENT AUTHORS: 	Hsien Hu
	 			Irma Garza

Source: https://www.ou.edu/research/electron/internet/knowbot.htm

These knowbots were developed before and during 1995 – NASA had plans for the Iliad knowbot (which gave me much better results than google, altavista, askjeeves or the other search engines of the time for specific tasks) back then.

https://ntrs.nasa.gov/api/citations/19970006511/downloads/19970006511.pdf

or https://www.linkielist.com/wp-content/uploads/2021/10/NASA-knowbots-iliad-19970006511-1.pdf

Iliad was developed as a resource for blind people but it waas realised that it worked well for teachers too. By sending an email to iliad@prime.jsc.nasa.gov you would receive the following reply:

about:blankPreformatted: Change block type or styleAdd titleKnowbots – the first way to search, relevant again?

Back before the search engines, the internet was relatively small but still growing enough that it needed searching. Computers were slower so the speed with which we expect results from Google was impossible. In order to search the internet, Gopher users had Archie, Veroncia and Jughead as well as lists of known Gopher servers – which linked to more lists of known Gopher servers. If you are interested in this system, it’s still online and a good start to look is http://gopher.floodgap.com/gopher/. Another way to search, however, was through Knowbots. These consist of several components

  • A server (the “Knowbot Operating System”, or KOS) that runs on a host to enable it to run Knowbot programs. (In our terminology, this makes it a “Knowbot service station”.)
  • A distributed, replicated namespace server (the “worldroot server”) which provides the shared namespace used by Knowbot programs for navigation and environmental inquiries.
  • Tools to manage, create, submit, monitor and debug Knowbot programs.
  • Tools to monitor and control collections of Knowbot service stations.
  • A library of Python modules for use by Knowbot programs as well as by the support tools.

Usually to access a knowbot you telnet to a certain port and issue commands (and wait) or you email them and wait for a response.

The first knowbots up were Knowbot Information Services (KIS) to search for people.

The Knowbot Information Service (KIS) is another “white pages” service that performs a broad name search, checking MCI Mail, the X.500 White Pages Pilot Project, various Whois servers at various organizations (Whois is yet another directory service), and the UNIX finger command. It can be used either as a client program resident on your local machine, through e-mail, or by Telneting to a public server.

KIS uses subprograms called Knowbots to search for information. Each Knowbot looks for specific information from a site and reports back to the main program with the results.

Two hosts running KIS servers are info.cnri.reston.va.us and regulus.cs.bucknell.edu. You can access either one by electronic mail (send mail to netaddress@nri.reston.va.us, for instance) or using Telnet. (If you Telnet to a KIS server, you need to request port 185: instead of typing telnet regulus.cs.buckness.edu, you’d actually type telnet regulus.cs.buckness.edu 185.)

Because searching can take several minutes, I prefer to use the e-mail method; once KIS knows the results of the search, it mails them back to you.

In the body of your mail message to netaddress, put names of your associates, one per line. You may use first and last names or a login if you know them. Sending johnson will search the default list of directory servers for user johnson. Because KIS checks a predefined set of services, you do not need to supply an organization name to check for.

KIS also includes commands for narrowing your search and searching for an organization. For more help, include the word man in your e-mail to KIS or your interactive session.Source: https://www.savetz.com/yic/YIC04FI_23.html

The University of Illinois had the following knowbot:

INTERNET ADDRESSES:
	nri.reston.va.us 185
	132.151.1.1 185
	sol.bucknell.edu 185
	134.82.1.8 185

DESCRIPTION:
	Knowbot is an useful information service for locating
someone with an Internet address. Knowbot does not
have its own "white pages" recording internet users like a
telephone book. However, Knowbot can access to other
information services that have their own "white pages"
and search for you. Commands to operate knowbot service
are easy but not very user friendly to first time users.

SERVICES:

Knowbot serves as a gateway for internet users in remote hosts by
sending searching commands to find someone in internet, receiving the
searching results and presenting results in a uniform format for the
user. However, very often the Knowbot search is fruitless, because
of the incomplete information of internet users.

Listed below are remote host accessible to Knowbot. They all have
their own users information pools.
	nic
	mcimail
	ripe
	x500
	finger
	nwhois
	mitwp
	quipu-country
	quipu-org
	ibm-whois
	site-contacts

LOGIN SEQUENCE:
	At system prompt, type 	telnet nri.reston.va.us 185
	systemprompt> 		telnet nri.reston.va.us 185

EXIT SEQUENCE:
	To exit Knowbot, type RquitS at the Knowbot prompt.
	 >quit
	
ACCESS COMMANDS:
	To enact command, type the command at Knowbot
	prompt,
	 >[command]
	 e.g. >help

	Access commands of Knowbot include:
	 >help
		to print a summary of Knowbot commands on
		screen

	 >man
		to print an on-line manual of Knowbot on screen

	 >quit
		to exit Knowbot information system

	 >[name]
		to start searching a name of person with internet
		address
		e.g. >Krol

	 >services
		to list all Knowbot accessible hosts

	 >service [hostname]
		to narrow the search service on a specific host
		e.g. > service nic

	 >org [organization]
		to narrow the search service on a specific
		organization
		e.g. >org University of Illinois

	 >country [country name]
		to narrow the search service on a specific country
		e.g. >country US

SAMPLE LOGIN:
	1. telnet to Knowbot at system prompt
		systemprompt> telnet nri.reston.va.us 185
		
	2. specify the organization of the person to be searched
		> org university of Illinois

	 and/or you may specify the host service
		> service nic
	
	3. type in the name to start searching
		> krol

	4. You may get the following result:

	Name:		Ed Krol
	Organization: 	University of Illinois
	Address:	 	Computing and Communications Service
			 	Office,195 DCL, 1304 West Springfield
			 	Avenue
	City:	 		Urbana
	State:	 	IL
	Country:	 	US
	Zip:	 	 	61801-4399
	Phone:	 	(217) 333-7886
	E-Mail:	 	Krol@UXC.CSO.UIUC.EDU
	Source:	 	whois@nic.ddn.mil
	Ident:	 	EK10
	Last Updated:	27-Nov-91

	5. exit Knowbot	
	 > quit

FRIENDLY ADVICE:
	Since there are no complete recordings of all Internet
	users, it is better not to expect to locate every internaut
	through Knowbot. However, the more you know about
	the person you want to locate, the easier the searching
	process, because you can narrow the search by specifying
	organization, country, or host of the person to be
	searched, which will save you a lot of time.

DOCUMENT AUTHORS: 	Hsien Hu
	 			Irma Garza

Source: https://www.ou.edu/research/electron/internet/knowbot.htm


These knowbots were developed before and during 1995 – NASA had plans for the Iliad knowbot (which gave me much better results than google, altavista, askjeeves or the other search engines of the time for specific tasks) back then.

Information Infrastructure Technology Applications (IITA) Program Annual K-12 Workshop April 11 – 13 1995 (PDF)

Iliad was developed as a resource for blind people but it waas realised that it worked well for teachers too. By sending an email to iliad@prime.jsc.nasa.gov you would receive the following reply:

Your question has been received and is being processed by the ILIAD
knowbot.

Responses will be sent to the email address provided in the heading.

You can now specify 

	*outputtype: dwl

(document with links) to receive documents with embedded hot links in the
documents.

For example:

	Subject: iliad query

	*outputtype: dwl
	?q: nasa jsc ltp

An example query response would consist of the documents found and a summary. It was surpisingly well curated. Here is an example summary:

Dear ILIAD User:

This is a summary of the documents sent to you by ILIAD in response to
your email question.  The number order of the summarized documents
corresponds to the number on the individual documents you received.

Your question was:


internet bots automated retrieval=20


Output Type: documents

 1)
"http://navigation.us.realnames.com/resolver.dll?action=resolution&charset
=utf-8&realname=TEKTRAN+%3A+USDA+Technology+Transfer+Automated+Retrieval+S
ystem&providerid=154"
    TEKTRAN : USDA Technology Transfer  Automated  Retrieval
    System   TEKTRAN : USDA Technology Transfer  Automated
    Retrieval System: TEKTRAN : USDA Technology Transfer
    Automated  Retrieval System Click on this
    Internet  Keyword to go directly to the TEKTRAN : USDA
    Technology Transfer  Automated  Retrieval System Web
    site. 1000,http://www.nal.usda.gov/ttic/tektran/tektran.html
    ( Internet Keyword).+\( (\S+).*\)  OCLC
    Internet  Cataloging Project Colloquium Field Report By
    Amanda Xu MIT Libraries When we joined the OCLC Intercat Project, our
    first concern was the feasibility of using MARC formats and AACR2 for
    describing and accessing  Internet  resources of various
    types. 999,http://www.oclc.org/oclc/man/colloq/xu.htm (
    WebCrawler)

 2) "http://www.botspot.com/faqs/article3.htm" BotSpot ® : The Spot
    for all  Bots  & Intelligent Agents   search botspot free
    newsletter  internet.com  internet.commerce PAGE 3 OF
    6 Beyond Browsing... Offline Web Agents by Joel T. Patz is an
excellent
    article comparing the current Offline Web Agents and giving detailed
    explanations and instructions including head-to-head feature
    charts and downloading
    sites. 888,http://www.botspot.com/faqs/article3.htm (
    WebCrawler)

 3) "http://www.insead.fr/CALT/Encyclopedia/ComputerSciences/Agents/"
    Agent Technologies   Agent
    technologies
789,http://www.insead.fr/CALT/Ency...pedia/ComputerSciences/Agents/
    ( WebCrawler)

 4) "http://lonestar.texas.net/disclaimers/aup.html" Acceptable
    Use Policy   Texas.Net Acceptable Use Policy In order for Texas
    Networking to keep your service the best it can be, we have a set of
    guidelines known as our "Acceptable Use Policy." These guidelines
    apply to all customers equally and covers dialup account usage as well
    as mail, news, and other
    services. 480,http://lonestar.texas.net/disclaimers/aup.html
    ( WebCrawler)

 5)
"http://navigation.us.realnames.com/resolver.dll?action=resolution&charset
=utf-8&realname=Automated+Traveller%27s+Internet+Site&providerid=154"
    Automated  Traveller's  Internet  Site
    Automated  Traveller's  Internet  Site: The
    Automated  Traveller-Discounted Airfares
    Worldwide Click on this  Internet  Keyword to go directly to
    the  Automated  Traveller's  Internet  Site Web
    site. 333,http://www.theautomatedtraveller.com/ ( Internet
    Keyword).+\( (\S+).*\)  This site provides you with an
    assortment of search devices along with their brief descriptions.
    Also, you will find recommendations for using specific research tools
    and their combinations that we have found more productive in our own
    research. 284,http://www.brint.com/Sites.htm ( WebCrawler)


The following references were not verified for uniqueness.
You can retrieve any these references by sending ILIAD an email
request in the following format:

        Subject: get url
        url: <the url name>

for example:

        Subject: get url
        url: http://prime.jsc.nasa.gov/iliad/index.html


If you want embedded hot links in the document add "*outputtype: dwl"
before the first url: line

for example:

	Subject: get url

	*outputtype: dwl
	url: http://prime.jsc.nasa.gov/index.html


 1) "http://gsd.mit.edu/~history/search/engine/history.html" A
    History of Search Engines   What's a Robot got to do with the
    Internet ? Other types of robots on the  Internet  push
    the interpretation of the  automated  task definition. The
    chatterbot variety is a perfect
    example. 681,http://gsd.mit.edu/~history/search/engine/history.html
    ( WebCrawler)

 2)
"http://navigation.us.realnames.com/resolver.dll?action=resolution&charset
=utf-8&realname=Automated+Information+Retrieval+Systems+%28AIRS%29&provide
rid=154"
    Automated  Information Retrieval Systems (AIRS)
    Automated  Information Retrieval Systems (AIRS):
    Automated  Information Retrieval Systems (AIRS) Click on
    this  Internet  Keyword to go directly to the  Automated
    Information Retrieval Systems (AIRS) Web
    site. 666,http://www.re-airs.com/ ( Internet Keyword)
    .+\( (\S+).*\)  The  Internet  Communications
    LanguageTM News Events Technology 30-October-1999: Linux World A
    REBOL Incursion It's not a scripting language, not a programming
    language -- and not a new Amiga,
    either. 584,http://www.rebol.com/inthenews.html (
    WebCrawler)

 3)
"http://www.pcai.com/pcai/New_Home_Page/ai_info/intelligent_agents.html"
    PC AI - Intelligent Agents   Requires Netscape 2.0 or later
    compatibility. Intelligent Agents execute tasks on behalf of a
    business process, computer application, or an
    individual.
384,http://www.pcai.com/pcai/New_H...i_info/intelligent_agents.html
    ( WebCrawler)

 4) "http://www.rci.rutgers.edu/~brcoll/search_engines.htm"
    Searching with Style   Motto for the Day: Hypberbole n:
    extravagant exaggeration; see also computer industry. Last Updated:
    November 10, 1996 Very few aspects of the Web are developing as fast
as
    the search engines, except for the sheer volume of
    information. 186,http://www.rci.rutgers.edu/~brcoll/search_engines.htm
    ( WebCrawler)

 5) "http://www.aci.net/kalliste/echelon/ic2000.htm" STOA Report:
    Interception Capabilities 2000   Interception Capabilities
    2000 Report to the Director General for Research of the European
    Parliament (Scientific and Technical Options Assessment programme
    office) on the development of surveillance technology and risk of
    abuse of economic
    information. 89,http://www.aci.net/kalliste/echelon/ic2000.htm
    ( WebCrawler)


Thank you for using ILIAD.  This marks the end of your results.


5 files passed analysis.

Search performed by metacrawler.


End of ILIAD Session ID: SEN38899
---------------------------------------------------------

Illiad could be searched through tenet and msstate and a few other providers:

You can use the well-known e-mail meta-finder
ILIAD (Internet Library Information Access Device) knowbot,
which can be found at <iliad@msstate.edu> or
<iliad@algol.jsc.nasa.gov>. You will receive instructions at the request of
“startiliad” in the subject of the message.

The query sent to the ILIAD server will be sent to several largest
search servers (eg Altavista, Excite, InfoSeek, Lycos,
WebCrawler, …) removes duplicate and overly
irrelevant documents from the results , and
sends the already downloaded pages (without graphics) back within 15 – 20 minutes. You can also try ILIAD on the WWW,
via the form at
<http://www.tenet.edu/library/iliad.html>.

A list of email services can be found here but is copied as these pages are going down pretty quickly

Get webpages via eMail

Several years ago when the Internet connections where slow and the “www” just invented, many people just got a to email restricted access to the Internet. That’s the origin of the “Agora” and “www4email” software. Some of these email robots are still available and we can use them to bypass Internet censorship. The best thing would be to subscribe to a free email provider which allows SSL-connections (like https://www.fastmail.fm/, https://www.ziplip.com/, https://www.hushmail.com/, https://www.safe-mail.net/, https://www.mail2world.com/, https://www.webmails.com/ e.t.c) and use that account with the email addresses below. I put the field where you have to input the URL in brackets. It still works great for text. But sure there are big problems with images or even DHTML, JavaScript, Java, Flash e.t.c. Also other services besides www are possible, for a very good tutorial on this see ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email. There is also a web based service under http://www.web2mail.com/. I again used www.web.freerk.com/c/ as an example because the URL is all time accessible and the ‘.com’ in the original Google address is often considered as a .com DOS-file by some computers and censorship systems. The www4mail software (http://www.www4mail.org/) is newer than the Agora software.
A eMail with just “help” in the subject line will get you a tutorial on howto use the service properly.

page@grabpage.org
[SUBJECT] url: http://www.web.freerk.com/c/
info: http://www.grabpage.org/

frames@pagegetter.com
[BODY] http://www.web.freerk.com/c/
info: http://www.pagegetter.com/
web@pagegetter.com
[BODY] http://www.web.freerk.com/c/
info: http://www.pagegetter.com/

webgate@vancouver-webpages.com
[BODY] get http://www.web.freerk.com/c/
info: http://vancouver-webpages.com/webgate/

webgate@vancouver-webpages.com
[BODY] mail http://www.web.freerk.com/c/
info: http://vancouver-webpages.com/webgate/

www4mail@wm.ictp.trieste.it
[BODY] http://www.web.freerk.com/c/
info: http://www.ictp.trieste.it/~www4mail/

www4mail@access.bellanet.org
[BODY] http://www.web.freerk.com/c/
info: http://www.bellanet.org/email.html

www4mail@kabissa.org
[BODY] http://www.web.freerk.com/c/
info: http://www.kabissa.org/members/www4mail/

www4mail@ftp.uni-stuttgart.de
[BODY] http://www.web.freerk.com/c/

www4mail@collaborium.org
[BODY] http://www.web.freerk.com/c/
info: http://www.collaborium.org/~www4mail/

binky@junoaccmail.org
[BODY] url http://www.web.freerk.com/c/
info: http://boas.anthro.mnsu.edu/

iliad@prime.jsc.nasa.gov
[SUBJECT] GET URL
[BODY] url:http://www.web.freerk.com/c/
info: http://prime.jsc.nasa.gov/iliad/

Google Search via eMail:
google@capeclear.com
[Subject] search keywords
info: http://www.capeclear.com/google/

More info: http://www.cix.co.uk/~net-services/mrcool/stats.htm
ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email

Information by Fravia on building them can be found https://www.theoryforce.com/fravia/searchlores/bots.htm – there seems to be a copy up to phase five at http://www.woodmann.com/fravia/botstart.htm

A complete knowbot software suite can be downloaded from https://www.cnri.reston.va.us/home/koe/index.html. This was written by the CNRI [1].

Knowbot programming: System support for mobile agents is another useful overview

A short history (in Czech) can be found here: Vše, co jste chtěli vědět o Internetu… nebojte se zeptat!

Today with the volume of information on the web being so huge, there may be a market for a resurgence of this kind of software. Google realises that it’s fast become impossible to find what you are looking for accurately and has responded by having specific search engines (eg scholar, books, images, shopping, etc) for specific tasks. However for specific fields this is still way too large. A way to handle this would be to have semi-curated search sources added to a knowbot within a very specific field (eg energy, psychology, hardware) allowing you to search easily within expertise. If you can then heuristically detect which field is being searched you can direct the searcher to that specific knowbot.

Google (G00G) Urges EU Judges to Slash ‘Staggering’ $5 Billion Fine

Posted on by

Google called on European Union judges to cut or cancel a “staggering” 4.3 billion euro ($5 billion) antitrust fine because the search giant never intended to harm rivals.

The company “could not have known its conduct was an abuse” when it struck contracts with Android mobile phone makers that required them to take its search and web-browser apps, Google lawyer Genevra Forwood told the EU’s General Court in Luxembourg.

[…]

The European Commission’s lawyer, Anthony Dawes, scoffed at Google’s plea, saying the fine was a mere 4.5% of the company’s revenue in 2017, well below a 10% cap.

[…]

Source: Google (G00G) Urges EU Judges to Slash ‘Staggering’ $5 Billion Fine – Bloomberg

Because Google had never ever heard of Microsoft and the antitrust lawsuits around Internet Explorer? Come on!

Lawsuit prepped against Google for using Brit patients’ data

Posted on by

A UK law firm is bringing legal action on behalf of patients it says had their confidential medical records obtained by Google and DeepMind Technologies in breach of data protection laws.

Mishcon de Reya said today it planned a representative action on behalf of Mr Andrew Prismall and the approximately 1.6 million individuals whose data was used as part of a testing programme for medical software developed by the companies.

It told The Register the claim had already been issued in the High Court.

DeepMind, acquired by Google in 2014, worked with the search software giant and Royal Free London NHS Foundation Trust under an arrangement formed in 2015.

The law firm said that the tech companies obtained approximately 1.6 million individuals’ confidential medical records without their knowledge or consent.

The Register has contacted Google, DeepMind and the Royal Free Hospital for their comments.

“Given the very positive experience of the NHS that I have always had during my various treatments, I was greatly concerned to find that a tech giant had ended up with my confidential medical records,” lead claimant Prismall said in a statement.

“As a patient having any sort of medical treatment, the last thing you would expect is your private medical records to be in the hands of one of the world’s biggest technology companies.

[…]

In April 2016, it was revealed that the web giant had signed a deal with the Royal Free Hospital in London to build an application called Streams, which can analyse patients’ details and identify those who have acute kidney damage. The app uses a fixed algorithm, developed with the help of doctors, so not technically AI.

The software – developed by DeepMind, Google’s AI subsidiary – was first tested with simulated data. But it was tested again using 1.6 million sets of real NHS medical files provided by the London hospital. However, not every patient was aware that their data was being given to Google to test the Streams software. Streams had been deployed inwards, and thus now handles real people’s details, but during development, it also used live medical records as well as simulated inputs.

Dame Caldicott told the hospital’s medical director, Professor Stephen Powis, that he overstepped the mark, and that there was no consent given by people to have their information used in this way pre-deployment.

[…]

In a data-sharing agreement uncovered by the New Scientist, Google and its DeepMind artificial intelligence wing were granted access to current and historic patient data at three London hospitals run by the Royal Free NHS Trust.

Source: Lawsuit prepped against Google for using Brit patients’ data • The Register

New GriftHorse malware has infected more than 10 million Android phones

Posted on by

Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis.

Discovered by mobile security firm Zimperium, the new GriftHorse malware has been distributed via benign-looking apps uploaded on the official Google Play Store and on third-party Android app stores.

Malware subscribes users to premium SMS services

If users install any of these malicious apps, GriftHorse starts peppering users with popups and notifications that offer various prizes and special offers.

Users who tap on these notifications are redirected to an online page where they are asked to confirm their phone number in order to access the offer. But, in reality, users are subscribing themselves to premium SMS services that charge over €30 ($35) per month, money that are later redirected into the GriftHorse operators’ pockets.

[…]

the two Zimperium researchers said that besides numbers, the GriftHorse coders also invested in their malware’s code quality, using a wide spectrum of websites, malicious apps, and developer personas to infect users and avoid detection for as much as possible.

“The level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months,” Yaswant and Gupta explained.

“In addition to a large number of applications, the distribution of the applications was extremely well-planned, spreading their apps across multiple, varied categories, widening the range of potential victims,”

GriftHorse-app-category
Image: Zimperium

GriftHorse is making millions in monthly profits

Based on what they’ve seen until now, the researchers estimated that the GriftHorse gang is currently making between €1.2 million and €3.5 million per month from their scheme ($1.5 million to $4 million per month).

[…]

Source: New GriftHorse malware has infected more than 10 million Android phones – The Record by Recorded Future

Unpatched flaw creates ‘weaponised’ Apple AirTags

Posted on by

[…]

Should your AirTag-equipped thing not be where you thought it was, you can enable Lost Mode. When in Lost Mode, an AirTag scanned via NFC provides a unique URL which lets the finder get in contact with the loser – and it’s this page where security researcher Bobby Rauch discovered a concerning vulnerability.

“An attacker can carry out Stored XSS on this https://found.apple.com page by injecting a malicious payload into the AirTag ‘Lost Mode’ phone number field,” Rauch wrote in an analysis of the issue. “A victim will believe they are being asked to sign into iCloud so they can get in contact with the owner of the AirTag, when in fact, the attacker has redirected them to a credential hijacking page.

“Other XSS exploits can be carried out as well like session token hijacking, clickjacking, and more. An attacker can create weaponised AirTags and leave them around, victimising innocent people who are simply trying to help a person find their lost AirTag.”

Apple has not commented publicly on the vulnerability nor does it seem to be taking the issue particularly seriously. Speaking to Brian Krebs, Rauch claimed that Apple sat on the flaw for three months – and that while it confirmed it planned to resolve the vulnerability in a future update, the company has not yet done so. Apple also refused to confirm whether Rauch’s discovery would qualify for its bug bounty programme and a potential cash payout – a final insult which led to his public release of the flaw.

It’s not the first time Apple has stood accused of failing to respond to security researchers. Earlier this month a pseudonymous researcher known as “IllusionOfChaos” dropped three zero-day vulnerabilities affecting Apple’s iOS 15 – six months after originally reporting them to the company. A fourth flaw had been fixed in an earlier iOS release, the researcher noted, “but Apple decided to cover it up and not list it on the security content page.”

The company has also been experiencing a few problems with the patches it does release. An update released to fix a vulnerability in the company’s Finder file manager, capable of bypassing the Quarantine and Gatekeeper security functions built into macOS, only worked for lowercase URLs – although emergency patches released two weeks ago appear to have had better luck.

[…]

Source: Unpatched flaw creates ‘weaponised’ Apple AirTags • The Register

CRISPR Gene-Editing Experiment using direct injection Partly Restores Vision In Legally Blind Patients

Posted on by

Carlene Knight’s vision was so bad that she couldn’t even maneuver around the call center where she works using her cane. But that’s changed as a result of volunteering for a landmark medical experiment. Her vision has improved enough for her to make out doorways, navigate hallways, spot objects and even see colors. Knight is one of seven patients with a rare eye disease who volunteered to let doctors modify their DNA by injecting the revolutionary gene-editing tool CRISPR directly into cells that are still in their bodies. Knight and [another volunteer in the experiment, Michael Kalberer] gave NPR exclusive interviews about their experience. This is the first time researchers worked with CRISPR this way. Earlier experiments had removed cells from patients’ bodies, edited them in the lab and then infused the modified cells back into the patients. […]

CRISPR is already showing promise for treating devastating blood disorders such as sickle cell disease and beta thalassemia. And doctors are trying to use it to treat cancer. But those experiments involve taking cells out of the body, editing them in the lab, and then infusing them back into patients. That’s impossible for diseases like [Leber congenital amaurosis, or LCA], because cells from the retina can’t be removed and then put back into the eye. So doctors genetically modified a harmless virus to ferry the CRISPR gene editor and infused billions of the modified viruses into the retinas of Knight’s left eye and Kalberer’s right eye, as well as one eye of five other patients. The procedure was done on only one eye just in case something went wrong. The doctors hope to treat the patients’ other eye after the research is complete. Once the CRISPR was inside the cells of the retinas, the hope was that it would cut out the genetic mutation causing the disease, restoring vision by reactivating the dormant cells.

The procedure didn’t work for all of the patients, who have been followed for between three and nine months. The reasons it didn’t work might have been because their dose was too low or perhaps because their vision was too damaged. But Kalberer, who got the lowest dose, and one volunteer who got a higher dose, began reporting improvement starting at about four to six weeks after the procedure. Knight and one other patient who received a higher dose improved enough to show improvement on a battery of tests that included navigating a maze. For two others, it’s too soon to tell. None of the patients have regained normal vision — far from it. But the improvements are already making a difference to patients, the researchers say. And no significant side effects have occurred. Many more patients will have to be treated and followed for much longer to make sure the treatment is safe and know just how much this might be helping.

Source: CRISPR Gene-Editing Experiment Partly Restores Vision In Legally Blind Patients – Slashdot

China to have insight into and regulate web giants’ algorithms using governance model

Posted on by

China’s authorities have called for internet companies to create a governance system for their algorithms.

A set of guiding opinions on algorithms, issued overnight by nine government agencies, explains that algorithms play a big role in disseminating information online and enabling growth of the digital economy. But the guiding opinions also point out that algorithms employed online can also impact society, and financial markets.

[…]

To achieve its aims, Beijing expects that algo-wielding organisations will create algorithm governance teams to assess their code and detect any security or ethical flaws. Self-regulation is expected, as is continuous revision and self-improvement.

Chinese authorities will watch those efforts and will be unsparing when they find either harmful algorithms, or less-than-comprehensive compliance efforts. Citizen reports of erroneous algos will inform some regulatory actions.

Organisations have been given three years to get this done, with further guidance to come from Beijing.

[…]

Requiring oversight of algorithms suggests that Beijing is worried on two fronts. First, it’s concerned about how automation is already playing out on China’s internet. Second, it has observed that western web giants have used algorithms to increase user engagement in ways that amplify misinformation and that have clearly caused considerable real-world harm.

The new regulations are further evidence that Beijing wants to exercise control over what Chinese citizens can see online. That desire has already seen China crack down on depictions of effeminate men, warn fan clubs not to turn mean, ban racy online content aimed at kids, and crack down on computer games – including those that aren’t historically accurate – and even advise on what songs make for acceptable karaoke.

Source: China to regulate -may censor – web giants’ algorithms • The Register

Leaked Documents Show How Amazon’s Astro Robot Tracks Everything You Do – incompetently

Posted on by

Amazon’s new robot called Astro is designed to track the behavior of everyone in your home to help it perform its surveillance and helper duties, according to leaked internal development documents and video recordings of Astro software development meetings obtained by Motherboard. The system’s person recognition system is heavily flawed, according to two sources who worked on the project.

The documents, which largely use Astro’s internal codename “Vesta” for the device, give extensive insight into the robot’s design, Amazon’s philosophy, how the device tracks customer behavior as well as flow charts of how it determines who a “stranger” is and whether it should take any sort of “investigation activity” against them.

[…]

The meeting document spells out the process in a much blunter way than Amazon’s cutesy marketing suggests.

“Vesta slowly and intelligently patrols the home when unfamiliar person are around, moving from scan point to scan point (the best location and pose in any given space to look around) looking and listening for unusual activity,” one of the files reads. “Vesta moves to a predetermined scan point and pose to scan any given room, looking past and over obstacles in its way. Vesta completes one complete patrol when it completes scanning all the scan point on the floorplan.”

[…]

“Sentry is required to investigate any unrecognized person detected by it or Audio Event in certain set of conditions are met,” one file reads. “Sentry should first try to identify the person if they are not still unrecognized for as long as 30s [seconds]. When the person is identified as unknown or 30s passed, Sentry should start following the person until Sentry Mode is turned off.”

Screen Shot 2021-09-28 at 2.33.19 PM.png

A flow chart presented during the meeting explains exactly what happens when Astro detects a “presence” and how it is designed for “investigating strangers.” If a user has disabled “stranger investigation,” the robot will ignore a stranger. If it’s set to “Sentry mode” or a patrol mode, it will either approach the stranger or follow them, and begin a series of “investigation activities,” which Amazon describes as “a series of actions Sentry takes to investigate audio or presence while recording.” Generally, if Astro begins an investigation, it will follow the stranger, record audio and video of them, and then automatically upload a recording the user can view later.

[…]

Developers who worked on Astro say the versions of the robot they worked on did not work well.

“Astro is terrible and will almost certainly throw itself down a flight of stairs if presented the opportunity. The person detection is unreliable at best, making the in-home security proposition laughable,” a source who worked on the project said. “The device feels fragile for something with an absurd cost. The mast has broken on several devices, locking itself in the extended or retracted position, and there’s no way to ship it to Amazon when that happens.”

[…]

Another source who worked on the project mentioned privacy and navigation as chief concerns. “As for my personal opinions on the device, it’s a disaster that’s not ready for release,” they said. “They break themselves and will almost certainly fall down stairs in real world users’ homes. In addition it’s also (in my opinion) a privacy nightmare that is an indictment of our society and how we trade privacy for convenience with devices like Vesta.”

The source also corroborated that Astro’s facial recognition abilities perform poorly, which is concerning for a device designed mainly to follow people around and determine if they’re a stranger or not.

[…]

“The goal is to make Vesta an ‘intelligent robot,’ and allow some simple but magical interactions with people,” the social robotics document states. To do this, Astro needs to fully map a user’s home, creating a heat map of “choke points” and highly trafficked areas where the robot is likely to get stuck or “places where it will easily get hit by humans” such as hallways, doorways, and the kitchen.

Screen Shot 2021-09-28 at 2.58.52 PM.png

A map of a user’s home, with “choke points” in red

Astro is supposed to learn over time, meaning that it must track what humans are doing, where they are going, and where they are likely to congregate.

[…]

 

Source: Leaked Documents Show How Amazon’s Astro Robot Tracks Everything You Do