Don’t be surprised if you start seeing ads on videos made by smaller YouTube creators. The video-sharing website has updated its Terms of Service, and it includes a new section that gives it the right to monetize videos from channels not big enough to be part of its Partner Program. That doesn’t mean new creators can start earning from their videos right away, though — YouTube said in a forum post explaining the changes to its ToS that non-YPP members won’t be getting a cut from those ads.
To become eligible for the YouTube Partner Program, a creator has to be living in a country where it’s active, has to have 4,000 public watch hours in the last 12 months and has to have over 1,000 subscribers. YouTube only used to run ads on videos from channels that don’t meet those criteria under special circumstances, such as if the channel was previously a YPP member. Going forward, though, the website can monetize any video, so long as it meets its ad-friendly guidelines.
Is one of Tesla’s infotainment systems defective by design? That’s a question the National Highway Traffic Safety Administration hopes to answer. It has started an engineering analysis after hundreds of customer complaints of bricked systems resulted in a preliminary investigation in June.
NHTSA thinks it knows what the problem is: an 8GB eMMC NAND flash memory chip with a finite number of write cycles, fitted to its Media Control Unit. The MCU regularly writes logs to this chip and, within three or four years, reaches the lifetime number of cycles. At this point the touchscreen dies, taking with it functions like the car’s backup camera, the ability to defog the windows, and also the audible alerts and chimes for the driver aids and turn signals.
After the regulator’s Office of Defects Investigation received 537 complaints, it asked Tesla if it knew of any more problems with the Nvidia Tegra 3-based system, which is fitted to approximately 158,000 Models S (2012-2018) and X (2016-2018). Tesla did, handing over 2,399 complaints and field reports, 7,777 warranty claims, and 4,746 non-warranty claims.
The finite—and short—lifespan of these infotainment systems is a relatively well-known problem within the Tesla community. A video on the popular YouTube channel Rich Rebuilds that delved into the problem in May 2019 has racked up more than 669,000 views:
The discussion of the infotainment system failures begins around 9 minutes in.
As that video notes, and as Tesla told NHTSA, the time to failure for an MCU depends on how much its car has been in operation. Daily drive time, daily charge time, and streaming music over the Internet are all factors, Tesla told the regulator.
This isn’t the first time that Tesla’s choice of consumer-grade electronics, as opposed to automotive-grade, has gotten it in trouble. A separate problem affects the 17-inch touchscreen, which can fail due to high temperature—the kind of temperature experienced inside a parked car during summer, as opposed to an air-conditioned office.
The Internet Security Research Group (ISRG) has a plan to allow companies to collect information about how people are using their products while protecting the privacy of those generating the data.
Today, the California-based non-profit, which operates Let’s Encrypt, introduced Prio Services, a way to gather online product metrics without compromising the personal information of product users.
“Applications such as web browsers, mobile applications, and websites generate metrics,” said Josh Aas, founder and executive director of ISRG, and Tim Geoghegan, site reliability engineer, in an announcement. “Normally they would just send all of the metrics back to the application developer, but with Prio, applications split the metrics into two anonymized and encrypted shares and upload each share to different processors that do not share data with each other.”
Prio is described in a 2017 research paper [PDF] as “a privacy-preserving system for the collection of aggregate statistics.” The system was developed by Henry Corrigan-Gibbs, then a Stanford doctoral student and currently an MIT assistant professor, and Dan Boneh, a professor of computer science and electrical engineering at Stanford.
Prio implements a cryptographic approach called secret-shared non-interactive proofs (SNIPs). According to its creators, it handles data only 5.7x slower than systems with no privacy protection. That’s considerably better than the competition: client-generated non-interactive zero-knowledge proofs of correctness (NIZKs) are 267x slower than unprotected data processing and privacy methods based on succinct non-interactive arguments of knowledge (SNARKs) clock in at three orders of magnitude slower.
“With Prio, you can get both: the aggregate statistics needed to improve an application or service and maintain the privacy of the people who are providing that data,” said Boneh in a statement. “This system offers a robust solution to two growing demands in our tech-driven economy.”
In 2018 Mozilla began testing Prio to gather Firefox telemetry data and found the cryptographic scheme compelling enough to make it the basis of its Firefox Origin Telemetry service.
Younger readers might not know, but there was once an annual tradition in which Apple would release a new iPhone, old iPhones would suddenly start performing poorly, and users would speculate about a conspiracy to get them to buy the shiny new thing. It turned out that a conspiracy, of sorts, did exist, and Apple has been trying to make the whole embarrassing saga go away for years. On Wednesday, the finish line came into view after Arizona Attorney General Mark Brnovich announced that an investigation involving 34 states is concluding with a settlement and no admission of guilt from Apple.
In 2017, Apple admitted that updates to iOS were throttling older iPhone models but framed it as a misunderstanding. Apple said that the software tweaks were intended to mitigate unwanted shutdowns in devices with aging batteries. It apologized and offered discounted battery replacements as a consolation prize. Many users felt that Apple’s secretive approach was deceptive and intended to lead them to believe they need a new phone when a fresh battery might keep the old one going for another cycle. The discounted battery offer wasn’t enough for some users, and this spring Apple agreed to settle a class-action suit for up to $500 million, doling out $25 per phone that filed a claim. Apple did not admit any wrongdoing.
Today’s announcement tentatively concludes a separate investigation launched by state attorneys general into the controversy. In a statement, Brnovich’s office said that the proposed settlement includes a $113 million fine to be distributed amongst the states involved as well as a requirement that “Apple also must provide truthful information to consumers about iPhone battery health, performance, and power management. Apple must provide this important information in various forms on its website, in update installation notes, and in the iPhone user interface itself.”
Look up at the night sky and, if you’re away from city lights, you’ll see stars. The space between those bright points of light is, of course, filled with inky blackness.
Some astronomers have wondered about that all that dark space–about how dark it really is.
“Is space truly black?” says Tod Lauer, an astronomer with the National Optical Astronomy Observatory in Arizona. He says if you could look at the night sky without stars, galaxies, and everything else known to give off visible light, “does the universe itself put out a glow?”
It’s a tough question that astronomers have tried to answer for decades. Now, Lauer and other researchers with NASA’s New Horizons space mission say they’ve finally been able to do it, using a spacecraft that’s travelling far beyond the dwarf planet Pluto. The group has posted their work online, and it will soon appear in the Astrophysical Journal.
New Horizons was originally designed to explore Pluto, but after whizzing past the dwarf planet in 2015, the intrepid spacecraft just kept going. It’s now more than four billion miles from home—nearly 50 times farther away from the Sun than the Earth is.
That’s important because it means the spacecraft is far from major sources of light contamination that make it impossible to detect any tiny light signal from the universe itself. Around Earth and the inner solar system, for example, space is filled with dust particles that get lit up by the Sun, creating a diffuse glow over the entire sky. But that dust isn’t a problem out where New Horizons is. Plus, out there, the sunlight is much weaker.
To try to detect the faint glow of the universe, researchers went through images taken by the spacecraft’s simple telescope and camera and looked for ones that were incredibly boring.
“The images were all of what you just simply call blank sky. There’s a sprinkling of faint stars, there’s a sprinkling of faint galaxies, but it looks random,” says Lauer. “What you want is a place that doesn’t have many bright stars in the images or bright stars even outside the field that can scatter light back into the camera.”
Then they processed these images to remove all known sources of visible light. Once they’d subtracted out the light from stars, plus scattered light from the Milky Way and any stray light that might be a result of camera quirks, they were left with light coming in from beyond our own galaxy.
They then went a step further still, subtracting out light that they could attribute to all the galaxies thought to be out there. And it turns out, once that was done, there was still plenty of unexplained light.
In fact, the amount of light coming from mysterious sources was about equal to all the light coming in from the known galaxies, says Marc Postman, an astronomer with the Space Telescope Science Institute in Baltimore, Maryland. So maybe there are unrecognized galaxies out there, he says, “or some other source of light that we don’t yet know what it is.”
The new findings are sure to get astronomers talking.
“They’re saying that there’s as much light outside of galaxies as there is inside of galaxies, which is a pretty tough pill to swallow, frankly,” notes Michael Zemcov, an astrophysicist at Rochester Institute of Technology, who was not part of the research team.
A few years ago, Zemcov and some colleagues analyzed New Horizons data in a similar way. Using fewer images, they made a less precise measurement, but it was still compatible with the current results.
He says for 400 years, astronomers have been studying visible light and the sky in a serious way and yet somehow apparently “missed half the light in the universe.”
Cerebras Systems and the federal Department of Energy’s National Energy Technology Laboratory today announced that the company’s CS-1 system is more than 10,000 times faster than a graphics processing unit (GPU).
On a practical level, this means AI neural networks that previously took months to train can now train in minutes on the Cerebras system.
Cerebras makes the world’s largest computer chip, the WSE. Chipmakers normally slice a wafer from a 12-inch-diameter ingot of silicon to process in a chip factory. Once processed, the wafer is sliced into hundreds of separate chips that can be used in electronic hardware.
But Cerebras, started by SeaMicro founder Andrew Feldman, takes that wafer and makes a single, massive chip out of it. Each piece of the chip, dubbed a core, is interconnected in a sophisticated way to other cores. The interconnections are designed to keep all the cores functioning at high speeds so the transistors can work together as one.
Cerebras’s CS-1 system uses the WSE wafer-size chip, which has 1.2 trillion transistors, the basic on-off electronic switches that are the building blocks of silicon chips. Intel’s first 4004 processor in 1971 had 2,300 transistors, and the Nvidia A100 80GB chip, announced yesterday, has 54 billion transistors.
Feldman said in an interview with VentureBeat that the CS-1 was also 200 times faster than the Joule Supercomputer, which is No. 82 on a list of the top 500 supercomputers in the world.
“It shows record-shattering performance,” Feldman said. “It also shows that wafer scale technology has applications beyond AI.”
Above: The Cerebras WSE has 1.2 trillion transistors compared to Nvidia’s largest GPU, the A100 at 54.2 billion transistors.
These are fruits of the radical approach Los Altos, California-based Cerebras has taken, creating a silicon wafer with 400,000 AI cores on it instead of slicing that wafer into individual chips. The unusual design makes it a lot easier to accomplish tasks because the processor and memory are closer to each other and have lots of bandwidth to connect them, Feldman said. The question of how widely applicable the approach is to different computing tasks remains.
A paper based on the results of Cerebras’ work with the federal lab said the CS-1 can deliver performance that is unattainable with any number of central processing units (CPUs) and GPUs, which are both commonly used in supercomputers. (Nvidia’s GPUs are used in 70% of the top supercomputers now). Feldman added that this is true “no matter how large that supercomputer is.”
Soon, Google will present you with a clear choice to disable smart features, like Google assistant reminders to pay your bills and predictive text in Gmail. Whether you like the Gmail mindreader function that autofills “all the best” and “reaching out,” or have long dreaded the arrival of the machine staring back from the void,: it’s your world, Google’s just living in it. According to Google.
We’ve always been able to disable these functions if we bothered hunting through account settings. But “in the coming weeks” Google will show a new blanket setting to “turn off smart features” which will disable features like Smart Compose, Smart Reply, in apps like Gmail; the second half of the same prompt will disable whether additional Google products—like Maps or Assistant, for example—are allowed to be personalized based on data from Gmail, Meet, and Chat.
Google writes in its blog post about the new-ish settings that humans are not looking at your emails to enable smart features, and Google ads are “not based on your personal data in Gmail,” something CEO Sundar Pichai has likewise said time and again. Google claims to have stopped that practice in 2017, although the following year the Wall Street Journal reported that third-party app developers had freely perused inboxes with little oversight. (When asked whether this is still a problem, the spokesperson pointed us to Google’s 2018 effort to tighten security.)
A Google spokesperson emphasized that the company only uses email contents for security purposes like filtering spam and phishing attempts.
These personalization changes aren’t so much about tightening security as they are another informed consent defense which Google can use to repel the current regulatory siege being waged against it by lawmakers. It has expanded incognito mode for maps and auto-deleting data in location history or web and app activity and on YouTube (though after a period of a few months).
Inquiries in the U.S. and EU have found that Google’s privacy settings have historically presented the appearance of privacy, rather than privacy itself. After a 2018 AP article exposed the extent of Google’s location data harvesting, an investigation found that turning location off in Android was no guarantee that Google wouldn’t collect location data (though Google has denied this.) Plaintiffs in a $5 billion class-action lawsuit filed this summer alleged that “incognito mode” in Chrome didn’t prevent Google from capturing and sharing their browsing history. And last year, French regulators fined Google nearly $57 million for violating the General Data Protection Regulation (GDPR) by allegedly burying privacy controls beneath five or six layers of settings. (When asked, the spokesperson said Google has no additional comment on these cases.)
So this is nice, and also Google’s announcement reads as a letter to regulators. “This new setting is designed to reduce the work of understanding and managing [a choice over how data is processed], in view of what we’ve learned from user experience research and regulators’ emphasis on comprehensible, actionable user choices over data.”
The group, led by campaigner Max Schrems, filed complaints with data protection watchdogs in Germany and Spain alleging that the tracking tool illegally enabled the $2 trillion U.S. tech giant to store users’ data without their consent.
Apple directly rebutted the claims filed by Noyb, the digital rights group founded by Schrems, saying they were “factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint”.
Schrems is a prominent figure in Europe’s digital rights movement that has resisted intrusive data-gathering by Silicon Valley’s tech platforms. He has fought two cases against Facebook, winning landmark judgments that forced the social network to change how it handles user data.
Noyb’s complaints were brought against Apple’s use of a tracking code, known as the Identifier for Advertisers (IDFA), that is automatically generated on every iPhone when it is set up.
The code, stored on the device, makes it possible to track a user’s online behaviour and consumption preferences – vital in allowing companies to send targeted adverts.
“Apple places codes that are comparable to a cookie in its phones without any consent by the user. This is a clear breach of European Union privacy laws,” Noyb lawyer Stefano Rossetti said.
Rossetti referred to the EU’s e-Privacy Directive, which requires a user’s consent before installation and using such information.
Apple said in response that it “does not access or use the IDFA on a user’s device for any purpose”.
It said its aim was to protect the privacy of its users and that the latest release of its iOS 14 operating system gave users greater control over whether apps could link with third parties for the purposes of targeted advertising.
The complaint against Apple is that the IDFA is set at all without consent from the user. And it’s not the point that Apple accesses it or not, the point is that unspecified 3rd parties (advertisers, hackers, government, etc) can.
The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a “level” app that can be used to help, for example, install shelves in a bedroom.
Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.
The news highlights the opaque location data industry and the fact that the U.S. military, which has infamously used other location data to target drone strikes, is purchasing access to sensitive data. Many of the users of apps involved in the data supply chain are Muslim, which is notable considering that the United States has waged a decades-long war on predominantly Muslim terror groups in the Middle East, and has killed hundreds of thousands of civilians during its military operations in Pakistan, Afghanistan, and Iraq. Motherboard does not know of any specific operations in which this type of app-based location data has been used by the U.S. military.
[…]
In March, tech publication Protocol first reported that U.S. law enforcement agencies such as Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) were using Locate X. Motherboard then obtained an internal Secret Service document confirming the agency’s use of the technology. Some government agencies, including CBPand the Internal Revenue Service (IRS), have also purchased access to location data from another vendor called Venntel.
“In my opinion, it is practically certain that foreign entities will try to leverage (and are almost certainly actively exploiting) similar sources of private platform user data. I think it would be naïve to assume otherwise,” Mark Tallman, assistant professor at the Department of Emergency Management and Homeland Security at the Massachusetts Maritime Academy, told Motherboard in an email.
THE SUPPLY CHAIN
Some companies obtain app location data through bidstream data, which is information gathered from the real-time bidding that occurs when advertisers pay to insert their adverts into peoples’ browsing sessions. Firms also often acquire the data from software development kits (SDKs).
[…]
In a recent interview with CNN, X-Mode CEO Joshua Anton said the company tracks 25 million devices inside the United States every month, and 40 million elsewhere, including in the European Union, Latin America, and the Asia-Pacific region. X-Mode previously told Motherboard that its SDK is embedded in around 400 apps.
In October the Australian Competition & Consumer Commission published a report about data transfers by smartphone apps. A section of that report included the endpoint—the URL some apps use—to send location data back to X-Mode. Developers of the Guardian app, which is designed to protect users from the transfer of location data, also published the endpoint. Motherboard then used that endpoint to discover which specific apps were sending location data to the broker.
Motherboard used network analysis software to observe both the Android and iOS versions of the Muslim Pro app sending granular location data to the X-Mode endpoint multiple times. Will Strafach, an iOS researcher and founder of Guardian, said he also saw the iOS version of Muslim Pro sending location data to X-Mode.
The data transfer also included the name of the wifi network the phone was currently collected to, a timestamp, and information about the phone such as its model, according to Motherboard’s tests.
Bumble, the dating app behemoth that’s allegedly headed to a major IPO as soon as next year, apparently took over half a year to deal with major security flaws that left sensitive information its millions of users vulnerable.
That’s according to new research posted over the weekend by cybersecurity firm Independent Security Evaluators (ISE) detailing how a bad actor—even one that was banned from Bumble—could exploit a vulnerability in the app’s underlying code to pull the rough location data for any Bumbler within their city, as well as additional profile data like photos and religious views. Despite being informed about this vulnerability in mid-March, the company didn’t patch the issues until November 12—roughly six and a half months later.
Pre-patch, anyone with a Bumble account could query the app’s API in order to figure out roughly how many miles away any other user in their city happened to be. As the blog’s author, Sanjana Sarda, explained, if a certain creepy someone really wanted to figure out the location of a given Bumble user, it wouldn’t be too hard to set up a handful of accounts, figure out the user’s basic distance from each one, and use that collection of data to triangulate a Bumbler’s precise location.
Bumble isn’t the first company to accidentally leave this sort of data freely available. Last year, cybersecurity sleuths were able to create to glean precise locations of people using LGBT-centric dating apps like Grindr and Romeo and collate them into a user location map. And those location-data leaks are on top of the deliberate data sharing these sorts of dating apps typically already engage in with a bevy third-party partners. You would think that an app purporting to be a feminist haven like Bumble might extend its idea of user safety to its data practices.
While some of the issues described by Sarda have been resolved, the belated patch apparently didn’t tackle one of the other major API-based issues described in the blog, which allowed ISE to get unlimited swipes (or “votes” in Bumble parlance), along with access to other premium features like the ability to unswipe or to see who might have swiped right on them. Typically, accessing these features cost a given Bumbler roughly $10 dollars per week.
Last month, GitHub removed a popular tool that is used to download videos from websites like YouTube after it received a DMCA takedown notice from the Recording Industry Association of America. For a moment, it seemed that GitHub might throw developers under the bus in the same fashion that Twitch has recently treated its streamers. But on Monday, GitHub went on the offense by reinstating the offending tool and saying it would take a more aggressive line on protecting developers’ projects.
Youtube-dl is a command-line program that could, hypothetically, be used to make unauthorized copies of copyrighted material. This potential for abuse prompted the RIAA to send GitHub a scary takedown notice because that’s what the RIAA does all day. The software development platform complied with the notice and unleashed a user outcry over the loss of one of the most popular repositories on the site. Many developers started re-uploading the code to GitHub in protest. After taking some time to review the case, GitHub now says that youtube-dl is all good.
In a statement, GitHub’s Director of Platform Policy Abby Vollmer wrote that there are two reasons that it was able to reverse the decision. The first reason is that the RIAA cited one repo that used the youtube-dl source code and contained references to a few copyrighted songs on YouTube. This was only part of a unit test that the code performs. It listens to a few seconds of the song to verify that everything is working properly but it doesn’t download or distribute any material. Regardless, GitHub worked with the developer to patch out the references and stay on the safe side.
As for the primary youtube-dl source code, lawyers at the Electronic Frontier Foundation decided to represent the developers and presented an argument that satisfied GitHub’s concerns that the code circumvents technical measures to protect copyrighted material in violation of Section 1201 of the Digital Millennium Copyright Act. The EFF explained that youtube-dl doesn’t decrypt anything or breakthrough any anti-copying measures. From a technical standpoint, it isn’t much different than a web browser receiving information as intended, and there are plenty of fair use applications for making a copy of materials.
Among the “many legitimate purposes” for using youtube-dl, GitHub listed: “changing playback speeds for accessibility, preserving evidence in the fight for human rights, aiding journalists in fact-checking, and downloading Creative Commons-licensed or public domain videos.” The EFF cited some of the same practical uses and had a few unique additions to its list of benefits, saying that it could be used by “educators to save videos for classroom use, by YouTubers to save backup copies of their own uploaded videos, and by users worldwide to watch videos on hardware that can’t run a standard web browser, or to watch videos in their full resolution over slow or unreliable Internet connections.”
It’s nice to see GitHub evaluating the argument and moving forward without waiting for a legal process to play out, but the company went further in announcing a new eight-step process for evaluating claims related to Section 1201 that will err on the side of developers. GitHub is also establishing a million-dollar legal fund to provide assistance to open source developers fighting off unwarranted takedown notices. Mea culpa, mea culpa!
Finally, the company said that it would work to improve the law around DMCA notices and it will be “advocating specifically on the anti-circumvention provisions of the DMCA to promote developers’ freedom to build socially beneficial tools like youtube-dl.”
Along with today’s announcement, GitHub CEO Nat Friedman tweeted, “Section 1201 of the DMCA is broken and needs to be fixed. Developers should have the freedom to tinker.”
Worn-out NAND memory chips can cause a whole host of problems with some Tesla cars, ranging from the failure of the rearview camera to an absence of turn signal chimes and other audio alerts, a watchdog warned this month.
Some 159,000 Tesla Model S and Model X vehicles built between 2012 and 2018 are at risk, we’re told. These all use an infotainment system powered by Nvidia’s Tegra 3 system-on-chips that include 8GB of eMMC NAND storage, which is typically found in phones and cheap laptops. The trouble is that these flash chips are wearing out, having hit their program-erase cycle limits, and are unable to reliably store data, causing glitches in operation. The storage controllers can no longer find good working NAND blocks to use, and thus fail.
According to a probe [PDF] by investigators for Uncle Sam’s National Highway Traffic Safety Administration (NHTSA), at least 30 per cent of the infotainment systems made in “certain build months” are failing due to the eMMC flash being worn out, typically after “three to four years in service.”
According to the safety administration, this storage breakdown can “result in loss of rearview/backup camera, loss of HVAC (defogging) setting controls (if the HVAC status was OFF status prior to failure.) There is also an impact on the advanced driver assistance support (ADAS), Autopilot system, and turn signal functionality due to the possible loss of audible chimes, driver sensing, and alerts associated with these vehicle functions.”
This is based on 16,000 complaints and infotainment hardware replacement requests submitted by Tesla owners to the automaker. T
Reports in the Danish media allege that the United States spied on the country’s government and its defense industry, as well as other European defense contractors, in an attempt to gain information on its fighter acquisition program. The revelations, published online by DR, Denmark’s Danish public-service broadcaster, concern the run-up to the fighter competition that was eventually won by the U.S.-made Lockheed Martin F-35 stealth fighter.
The report cites anonymous sources suggesting that the U.S. National Security Agency (NSA) targeted Denmark’s Ministry of Finance, the Ministry of Foreign Affairs, and the defense firm Terma, which also contributes to the F-35 Joint Strike Fighter program.
Allegedly, the NSA sought to conduct espionage using an existing intelligence-sharing agreement between the two countries. Under this agreement, it is said the NSA is able to tap fiber-optic communication cables passing through Denmark and stored by the Danish Defense Intelligence Service, or Forsvarets Efterretningstjeneste (FE). Huge amounts of data sourced from the Danish communication cables are stored in an FE data center, built with U.S. assistance, at Sandagergård on the Danish island of Amager, to which the NSA also has access.
This kind of sharing of confidential data is not that unusual within the intelligence community, in which the NSA is known to trade high-level information with similar agencies within the Five Eyes alliance (Australia, Canada, New Zealand, the United Kingdom, and the United States), as well as other close allies, such as Germany and Japan, for example.
It would be hoped, however, that these relationships would not be used by the NSA to secretly gather information on the countries with which it has agreements, which is exactly what is alleged to have taken place in Denmark.
A source told DR that between 2015 and 2016 the NSA wanted to gather information on the Danish defense company Terma in a “targeted search” ahead of Denmark’s decision on a new fighter jet to replace its current fleet of F-16s. This is the competition that the F-35 won in June 2016.
Flyvevåbnets Fototjeneste
A Danish F-16 painted in the same colors as the upcoming Danish F-35, over the capital, Copenhagen, in October 2020.
According to DR, the NSA used its Xkeyscore system, which trawls through and analyzes global internet data, to seek information on Terma. An unnamed source said that search criteria had included individual email addresses and phone numbers of company employees.
Officially described as part of the NSA’s “lawful foreign signals intelligence collection system,” Xkeyscore is understood to be able to obtain email correspondence, browser history, chat conversations, and call logs.
In this case, the sources also contend that the NSA used its access to Danish communication cables and FE databases to search for communications related to two other companies, Eurofighter GmbH and Saab, who were respectively offering the Typhoon and Gripen multi-role fighters for the Danish F-16 replacement program. While the Gripen was withdrawn from the Danish competition in 2014, the Typhoon remained in the running until the end, alongside the F-35 and the Boeing F/A-18E/F Super Hornet.
[…]
The whistleblower reports are said to have warned the FE leadership about possible illegalities in an intelligence collaboration between Denmark and the United States to drain Danish internet cables of information that the intelligence services could use in their work. Furthermore, the reports allegedly warned that the NSA was also targeting a number of Denmark’s “closest neighbors,” including France, Germany, the Netherlands, Norway, and Sweden and that some of the espionage conducted by the NSA was judged to be “against Danish interests and goals.”
[…]
Regardless of how the FE and the government react to the latest allegations, if they are substantiated, then the terms of the current U.S.-Danish intelligence-sharing agreement may be judged to be in need of at least a major review. If there is any substance to these allegations, then it’s possible other countries that have made controversial choices to select the F-35 may come under new scrutiny, as well.
On Nov. 16, 2020, Virginia-based cybersecurity firm Shift5, Inc. announced that it had received a $2.6 million contract from the Army’s Rapid Capabilities and Critical Technologies Office (RCCTO) to “provide unified cybersecurity prototype kits designed to help protect the operational technology of the Army’s Stryker combat vehicle platform.” The company says it first pitched its plan for these kits at RCCTO’s first-ever Innovation Day event in September 2019.
[…]
“Adversaries demonstrated the ability to degrade select capabilities of the ICV-D when operating in a contested cyber environment,” according to an annual report from the Pentagon’s Office of the Director of Operational Test and Evaluation, or DOT&E, covering activities during the 2018 Fiscal Year. “In most cases, the exploited vulnerabilities pre-date the integration of the lethality upgrades.”
The “lethality upgrades” referred to here center on the integration of a turret armed with a 30mm automatic cannon onto the Infantry Carrier Vehicle (ICV) variant of the Stryker, resulting in the Dragoon version. The indication here is that the cyber vulnerabilities were present in systems also found on unmodified ICVs, suggesting that the issues are, or at least were, impacted other Stryker variants, as well.
Airglow is the natural “glowing” of the Earth’s atmosphere. It happens all the time and across the whole globe. There are three types of airglow: dayglow, twilightglow and nightglow. Each is the result of sunlight interacting with the molecules in our atmosphere, but they have their own special way of forming.
Dayglow forms when sunlight strikes the daytime atmosphere. Some of the sunlight is absorbed by the molecules in the atmosphere, which gives them excess energy. They become excited. The molecules then release this energy as light, either at the same or slightly lower frequency (colour) as the light they absorbed. This light is much dimmer than daylight, so we can’t see it by eye.
Twilight glow is essentially the same as dayglow, but only the upper atmosphere is sunlit. The rest of the atmosphere and the observer on the ground are in darkness. So, unlike day glow, twilightglow is actually visible to us on the ground with the naked eye.
Chemiluminescence
The chemistry behind nightglow is different. There is no sunlight shining on the nighttime atmosphere. Instead, a process called “chemiluminescence” is responsible for the glowing atmosphere.
Sunlight deposits energy into the atmosphere during the day, some of which is transferred to oxygen molecules (e.g. O₂). This extra energy causes the oxygen molecules to rip apart into individual oxygen atoms. This happens particularly around 100km in altitude. However, atomic oxygen isn’t able to get rid of this excess energy easily and so acts as a “store” of energy for several hours.
Eventually the atomic oxygen does manage to “recombine”, once again forming molecular oxygen. The molecular oxygen then releases energy, again in the form of light. Several different colours are produced, including a “bright” green emission.
Airglow spotted in panoramic shot of the Very Large Telescope. Beletsky, CC BY-SA
In reality, the green nightglow isn’t particularly bright, it’s just the brightest of all nightglow emissions. Light pollution and cloudy skies will prevent sightings. If you’re lucky though, you might just be able to see it by eye or capture it on long-exposure photos.
Not to be confused with aurora
The green night glow emission is very similar to the famous green we see in the northern lights. This is unsurprising since it is produced by the same oxygen molecules as the green aurora. But the two phenomena are not related.
Aurora form when charged particles, such as electrons, bombard the Earth’s atmosphere. These charged particles, which started off at the sun and were accelerated in the Earth’s magnetosphere, collide with the atmospheric gases. They transfer energy, forcing the gases to emit light.
The aurora and airglow captured from the International Space Station.NASA
But it isn’t just the process behind them that is different. The aurora form in a ring around the magnetic poles (known as the auroral oval); whereas nightglow is emitted across the whole night sky. The aurora are very structured (due to the Earth’s magnetic field); whereas airglow is generally quite uniform. The extent of the aurora is affected by the strength of the solar wind; whereas airglow happens all the time.
Why then did we get a lot sightings from the UK recently, rather than all the time? The brightness of airglow correlates with the level of ultraviolet (UV) light being emitted from the sun – which varies over time. The time of year also seems to have an impact on the strength of airglow.
Airglow captured by Michael Darby from Cornwall, UK. The Milky Way shines through in the centre of the image. Author provided
To maximise your chances of spotting airglow, you’ll want to take a long-exposure photograph of a clear, dark, night sky. Airglow can be spotted in any direction that is free of light pollution, at about 10⁰-20⁰ above the horizon.
Emerald green, fainter than the zodiacal light and visible on dark nights everywhere on Earth, airglow pervades the night sky from equator to pole. Airglow turns up in our time exposure photographs of the night sky as ghostly ripples of aurora-like light about 10-15 degrees above the horizon. Its similarity to the aurora is no coincidence. Both form at around the same altitude of 60-65 miles (100 km) and involve excitation of atoms and molecules, in particular oxygen. But different mechanisms tease them to glow.
Earth at night from the International Space Station showing bright splashes of city lights and the airglow layer created by light-emitting oxygen atoms some 60 miles high in the atmosphere. This green cocoon of light is familiar to anyone who’s looked at photos of Earth’s night-side from orbit. Credit: NASA
Auroras get their spark from high-speed electrons and protons in the solar wind that bombard oxygen and nitrogen atoms and molecules. As excited electrons within those atoms return to their rest states, they emit photons of green and red light that create shimmering, colorful curtains of northern lights.
Green light from excited oxygen atoms dominates the light of airglow. The atoms are 56-62 miles high in the thermosphere. The weaker red light is from oxygen atoms further up. Sodium atoms, hydroxyl radicals (OH) and molecular oxygen add their own complement to the light. Credit: Les Cowley
Airglow’s subtle radiance arises from excitation of a different kind. Ultraviolet light from the daytime sun ionizes or knocks electrons off of oxygen and nitrogen atoms and molecules; at night the electrons recombine with their host atoms, releasing energy as light of different colors including green, red, yellow and blue. The brightest emission, the one responsible for creating the green streaks and bands visible from the ground and orbit, stems from excited oxygen atoms beaming light at 557.7 nanometers, smack in the middle of the yellow-green parcel of spectrum where our eyes are most sensitive.
Airglow across the eastern sky below the summertime Milky Way. Notice that unlike the vertical rays and gently curving arcs of the aurora, airglow is banded, streaky and in places almost fibrous. It’s brightest and best visible 10-15 degrees high along a line of sight through the thicker atmosphere. If you look lower, its feeble light is absorbed by denser air and dust. Looking higher, the light spreads out over a greater area and appears dimmer. Credit: Bob KingA large, faint patch of airglow below the Dippers photographed May 24. To the eye, airglow appears as colorless streaks and patches. Unlike the aurora, it’s typically too faint to excite our color vision. Time exposures show its colors well. This swatch is especially faint because it’s much higher above the horizon. Credit: Bob King
That’s not saying airglow is easy to see! For years I suspected streaks of what I thought were high clouds from my dark sky observing site even when maps and forecasts indicated pristine skies. Photography finally taught me to trust my eyes. I started noticing green streaks near the horizon in long-exposure astrophotos. At first I brushed it off as camera noise. Then I noticed how the ghostly stuff would slowly shape-shift over minutes and hours and from night to night. Gravity waves created by jet stream shear, wind flowing over mountain ranges and even thunderstorms in the lower atmosphere propagate up to the thermosphere to fashion airglow’s ever-changing contours.
An obvious airglow smear across Virgo last month. Mars is the bright object below and right of center. Light pollution from Duluth, Minn. creeps in at lower left. Credit: Bob King
Last month, on a particularly dark night, I made a dedicated sweep of the sky after my eyes had fully adapted to the darkness. A large swath of airglow spread south of the Big and Little Dipper. To the east, Pegasus and Andromeda harbored hazy spots of varying intensity, while brilliant Mars beamed through a long smear in Virgo.
To prove what I saw was real, I made the photos you see in this article and found they exactly matched my visual sightings. Except for color. Airglow is typically too faint to fire up the cone cells in our retinas responsible for color vision. The vague streaks and patches were best seen by moving your head around to pick out the contrast between them and the darker, airglow-free sky. No matter what part of the sky I looked, airglow poked its tenuous head. Indeed, if you were to travel anywhere on Earth, airglow would be your constant companion on dark nights, unlike the aurora which keeps to the polar regions. Warning – once you start seeing it, you
Excited oxygen at higher altitude creates a layer of faint red airglow. Sodium excitation forms the yellow layer at 57 miles up. Airglow is brightest during daylight hours but invisible against the sunlight sky. Credit: NASA with annotations by Alex Rivest
Airglow comes in different colors – let’s take a closer look at what causes them:
* Red – I’ve never seen it, but long-exposure photos often reveal red/pink mingled with the more common green. Excited oxygen atoms much higher up at 90-185 miles (150-300 km) radiating light at a different energy state are responsible. Excited -OH (hydroxyl) radicals give off deep red light in a process called chemoluminescencewhen they react with oxygen and nitrogen. Another chemoluminescent reaction takes place when oxygen and nitrogen molecules are busted apart by ultraviolet light high in the atmosphere and recombine to form nitric oxide (NO).
* Yellow – From sodium atoms around 57 miles (92 km) high. Sodium arrives from the breakup and vaporization of minerals in meteoroids as they burn up in the atmosphere as meteors.
* Blue – Weak emission from excited oxygen molecules approximately 59 miles (95 km) high.
Comet Lovejoy passing behind green oxygen and sodium airglow layers on December 22, 2011 seen from the space station. Credit: NASA/Dan Burbank
Airglow varies time of day and night and season, reaching peak brightness about 10 degrees, where our line of sight passes through more air compared to the zenith where the light reaches minimum brightness. Since airglow is brightest around the time of solar maximum (about now), now is an ideal time to watch for it. Even cosmic rays striking molecules in the upper atmosphere make a contribution.
https://www.youtube.com/embed/zymQQP4B21Q See lots of airglow and aurora from orbit in this video made using images taken from the space station.
If you removed the stars, the band of the Milky Way and the zodiacal light, airglow would still provide enough illumination to see your hand in front of your face at night. Through recombination and chemoluminescence, atoms and molecules creates an astounding array of colored light phenomena. We can’t escape the sun even on the darkest of nights.
In 2018, a new aurora-like discovery struck the world. From 2015 to 2016, citizen scientists reported 30 instances of a purple ribbon in the sky, with a green picket fence structure underneath. Now named STEVE, or Strong Thermal Emission Velocity Enhancement, this phenomenon is still new to scientists, who are working to understand all its details. What they do know is that STEVE is not a normal aurora—some think maybe it’s not an aurora at all—and a new finding about the formation of streaks within the structure brings scientists one step closer to solving the mystery.
“Often in physics, we build our understanding then test the extreme cases or test the cases in a different environment,” Elizabeth MacDonald, a space scientist at NASA’s Goddard Space Flight Center in Greenbelt, Maryland, explains. “STEVE is different than the usual aurora, but it is made of light and it is driven by the auroral system. In finding these tiny little streaks, we may be learning something fundamentally new in how green auroral light can be produced.”
These “tiny little streaks” are extraordinarily small point-like features within the green picket fence of STEVE. In a new paper for AGU Advances, researchers share their latest findings on these points. They suggest the streaks could be moving points of light—elongated in the images due to blur from the cameras. The tip of the streak in one image will line up with the end of the tail in the next image, contributing to this speculation from the scientists. However, there are still a lot of questions to be answered—determining whether the green light is a point or indeed a line, is one extra clue to help scientists figure out what causes green light.
“I’m not entirely sure about anything with respect to this phenomenon just yet,” Joshua Semeter, a professor at Boston University and first author on the paper, said. “You have other sequences where it looks like there is a tube-shaped structure that persists from image to image and doesn’t seem to conform to a moving point source, so we’re not really sure about that yet.”
STEVE as a whole is something that scientists are still working to label. Scientists tend to classify optical features in the sky into two categories: airglow and aurora. When airglow occurs at night, atoms in the atmosphere recombine and release some of their stored energy in the form of light, creating bright swaths of color. By studying the patterns in airglow, scientists can learn more about that area of the atmosphere, the ionosphere. To be classified as an aurora, on the other hand, that release of light must be caused by electron bombardment. These features are formed differently but also look different—airglow can occur across Earth, while auroras form in a broad ring around Earth’s magnetic poles.
“STEVE in general appears to not conform well to either one of those categories,” Semeter said. “The emissions are coming from mechanisms that we don’t fully understand just yet.”
STEVE’s purple emissions are likely a result of ions moving at a supersonic speed. The green emissions seem to be related to eddies, like the ones you might see forming in a river, moving more slowly than the other water around it. The green features are also moving more slowly than the structures in the purple emissions, and scientists speculate they could be caused by turbulence in the space particles—a brew of charged particles and magnetic field, called plasma—at these altitudes.
“We know this kind of turbulence occurs. There are people who base their entire careers on studying turbulence in the ionospheric plasma formed by very rapid flows.” Semeter said. “The evidence generally comes from radar measurements. We don’t ever have an optical signature.” Semeter suggests that when it comes to the appearance of STEVE, the flows in these instances are so extreme, that we can actually see them in the atmosphere. Two different angles of distinctive green streaks below a STEVE event on Aug. 31, 2016, near Carstairs, Alberta, Canada. Recent research about the formation of these streaks is allowing scientists to learn more about this aurora-like phenomenon. Credit: Copyright Neil Zeller, used with permission
“This paper is the tip of the iceberg in this new area of these tiny little pieces of the picket fence. Something we do in physics is try to chip away to increase our understanding,” MacDonald said. “This paper establishes the altitude range and some of the techniques we can use to identify these features, then they can be better resolved in other observations.”
To establish the altitude range and identify these features, the scientists extensively used photos and videos captured by citizen scientists.
“Citizen scientists are the ones who brought the STEVE phenomenon to the scientists’ attention. Their photos are typically longer time lapse than our traditional scientific observations,” MacDonald said. “Citizen scientists don’t get into the patterns that scientists get into. They do things differently. They are free to move the camera around and take whatever exposure they want.” However, to make this new discovery of the points within STEVE, photographers actually took shorter exposure photographs to capture this movement.
To get those photographs, citizen scientists spend hours in the freezing cold, late at night, waiting for an aurora—or hopefully STEVE—to appear. While data can indicate if an aurora will show up, indicators for STEVE haven’t been identified yet. However, the aurora chasers show up and take pictures anyway.
While setting fire to an iron ingot is probably more trouble than it’s worth, fine iron powder mixed with air is highly combustible. When you burn this mixture, you’re oxidizing the iron. Whereas a carbon fuel oxidizes into CO2, an iron fuel oxidizes into Fe2O3, which is just rust. The nice thing about rust is that it’s a solid which can be captured post-combustion. And that’s the only byproduct of the entire business—in goes the iron powder, and out comes energy in the form of heat and rust powder. Iron has an energy density of about 11.3 kWh/L, which is better than gasoline. Although its specific energy is a relatively poor 1.4 kWh/kg, meaning that for a given amount of energy, iron powder will take up a little bit less space than gasoline but it’ll be almost ten times heavier.
It might not be suitable for powering your car, in other words. It probably won’t heat your house either. But it could be ideal for industry, which is where it’s being tested right now.
So what happens to all that rust? This is where things get clever, because the iron isn’t just a fuel that’s consumed— it’s energy storage that can be recharged. And to recharge it, you take all that Fe2O3, strip out the oxygen, and turn it back into Fe, ready to be burned again. It’s not easy to do this, but much of the energy and work that it takes to pry those Os away from the Fes get returned to you when you burn the Fe the next time. The idea is that you can use the same iron over and over again, discharging it and recharging it just like you would a battery.
Photo: Bart van OverbeekeThe combustion of the iron powder is visible through the glass in the combustion tube.
To maintain the zero-carbon nature of the iron fuel, the recharging process has to be zero-carbon as well. There are a variety of different ways of using electricity to turn rust back into iron, and the TU/e researchers are exploring three different technologies based on hot hydrogen reduction (which turns iron oxide and hydrogen into iron and water), as they described to us in an email:
Mesh Belt Furnace: In the mesh belt furnace the iron oxide is transported by a conveyor belt through a furnace in which hydrogen is added at 800-1000°C. The iron oxide is reduced to iron, which sticks together because of the heat, resulting in a layer of iron. This can then be ground up to obtain iron powder. Fluidized Bed Reactor: This is a conventional reactor type, but its use in hydrogen reduction of iron oxide is new. In the fluidized bed reactor the reaction is carried out at lower temperatures around 600°C, avoiding sticking, but taking longer. Entrained Flow Reactor: The entrained flow reactor is an attempt to implement flash ironmaking technology. This method performs the reaction at high temperatures, 1100-1400°C, by blowing the iron oxide through a reaction chamber together with the hydrogen flow to avoid sticking. This might be a good solution, but it is a new technology and has yet to be proven.
Both production of the hydrogen and the heat necessary to run the furnace or the reactors require energy, of course, but it’s grid energy that can come from renewable sources.
If renewing the iron fuel requires hydrogen, an obvious question is why not just use hydrogen as a zero-carbon fuel in the first place? The problem with hydrogen is that as an energy storage medium, it’s super annoying to deal with, since storing useful amounts of it generally involves high pressure and extreme cold. In a localized industrial setting (like you’d have in your rust reduction plant) this isn’t as big of a deal, but once you start trying to distribute it, it becomes a real headache. Iron powder, on the other hand, is safe to handle, stores indefinitely, and can be easily moved with existing bulk carriers like rail.
Belgium has detected an outbreak of bird flu, leading authorities to order all poultry farmers and individual bird owners to keep the animals confined, the country’s food safety agency AFSCA said Saturday.
Avian influenza has recently spread to western Europe after outbreaks in Russia and Kazakhstan this summer.
“Three wild birds that stayed in a bird sanctuary in Ostend tested positive for the H5N8 virus,” AFSCA said in a statement on Saturday, adding that the outbreak was confirmed the day before by the Sciensano public health institute.
AFSCA said the new measures would be effective from Sunday and would apply to private poultry houses as well as individuals who keep birds in their homes, in a country where there is a strong tradition of pigeon racing.
“All gatherings of poultry and birds are strictly prohibited,” the statement said, adding that preventive measures were imposed on professional pigeon farms on November 1.
France this month ordered measures for poultry farms such as protective netting to prevent contact with wild birds that spread the disease, after the country’s ministry of agriculture warned that bird flu infections were on the rise in western Europe.
In addition to cases declared in the Netherlands, the ministry pointed to “13 cases in wild birds in Germany” and an outbreak on November 3 in the northwest of England.
On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.
It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn’t realize this, because it’s silent and invisible and it fails instantly and gracefully when you’re offline, but today the server got really slow and it didn’t hit the fail-fast code path, and everyone’s apps failed to open if they were connected to the internet.
Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings:
Date, Time, Computer, ISP, City, State, Application Hash
Apple (or anyone else) can, of course, calculate these hashes for common programs: everything in the App Store, the Creative Cloud, Tor Browser, cracking or reverse engineering tools, whatever.
This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city.
“Who cares?” I hear you asking.
Well, it’s not just Apple. This information doesn’t stay with them:
These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables.
These requests go to a third-party CDN run by another company, Akamai.
This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns. For some people, this can even pose a physical danger to them.
Now, it’s been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch (really, the only thing keeping me using macOS at this point). In the default configuration, it blanket allows all of this computer-to-Apple communication, but you can disable those default rules and go on to approve or deny each of these connections, and your computer will continue to work fine without snitching on you to Apple.
The version of macOS that was released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same way. The new APIs don’t permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.
Alphabet GOOGL.O CEO Sundar Pichai has apologised to Europe’s industry chief Thierry Breton over a leaked internal document proposing tactics to counter the EU’s tough new rules on internet companies and lobby against the EU commissioner.
[…]
The call came after a Google internal document outlined a 60-day strategy to attack the European Union’s push for the new rules by getting U.S. allies to push back against Breton.
[…]
The incident underlines the intense lobbying by tech companies against the proposed EU rules, which could impede their businesses and force changes in how they operate.
Breton also warned Pichai about the excesses of the internet.
“The Internet cannot remain a ‘Wild West’: we need clear and transparent rules, a predictable environment and balanced rights and obligations,” he told Pichai.
Breton will announce new draft rules known as the Digital Services Act and the Digital Markets Act together with European Competition Commissioner Margrethe Vestager on Dec. 2.
The rules will set out a list of do’s and don’ts for gatekeepers – online companies with market power – forcing them to share data with rivals and regulators and not to promote their services and products unfairly.
EU antitrust chief Margrethe Vestager has levied fines totalling 8.25 billion euros ($9.7 billion) against Google in the past three years for abusing its market power to favour its shopping comparison service, its Android mobile operating system and its advertising business.
Breton told Pichai that he would increase the EU’s power to curb unfair behaviour by gatekeeping platforms, so that the Internet does not just benefit a handful of companies but also Europe’s small- and medium-sized enterprises and entrepreneurs.
The Information Commissioner’s Office has fined Ticketmaster £1.25m after the site’s operators failed to spot a Magecart card skimmer infection until after 9 million customers’ details had been slurped by criminals.
The breach began in February 2018 and was not detected until April, when banks realised their customers’ cards were being abused by criminals immediately after they were used for legitimate purchases on Ticketmaster’s website.
Key to the criminals’ success was Ticketmaster’s decision to deploy a Javascript-powered chatbot on its website payment pages, giving criminals an easy way in by compromising the third party’s JS – something the ICO held against Ticketmaster in its decision to award the fine.
Ticketmaster ‘fessed up to world+dog in June that year, and the final damage has now been revealed by the Information Commissioner’s Office (ICO): 9.4m people’s data was “potentially affected” of which 1.5m were in the UK; 66,000 credit cards were compromised and had to be replaced; and Ticketmaster itself doesn’t know how many people were affected between 25 May and 23 June 2018.
Today’s fine only applies to that May-June period, which happens to be after the Data Protection Act 2018 – the UK implementation of the EU’s GDPR – came into force. This allowed the ICO to impose a higher penalty than it could have done under the pre-GDPR legal regime.
[…]
Ticketmaster remains in denial about its culpability for the breach, telling The Register in a statement: “Ticketmaster takes fans’ data privacy and trust very seriously. Since Inbenta Technologies was breached in 2018, we have offered our full cooperation to the ICO. We plan to appeal today’s announcement.”
Inbenta Technologies supplied a custom Javascript-powered chatbot to Ticketmaster which was compromised by the Magecart operators.
Crucially, for whatever reason, Ticketmaster deployed the chatbot on its payment pages, giving the criminals a way in.
As we reported in 2018, Inbenta told us of Ticketmaster’s deployment of the Javascript in question: “Had we known that script would have been used in that way, we would have advised against it, as it poses a security threat.”
[…]
“It took Ticketmaster approximately nine weeks from the date of Monzo’s notification of possible fraud involving the Ticketmaster website for Ticketmaster to run a payment through its payment page and monitor the network traffic thereon,” said an incredulous ICO, which noted that it took a random Twitter user explaining why JS on a payments page is a bad thing for the business to wake up and do something about it.
Barclaycard and American Express also noticed suspicious goings-on in April 2018, but Ticketmaster steadfastly denied anything was wrong until May, eventually realising the game was up in June.
This is a list of 130 Smart home gadgets, fitness trackers, toys and more, rated for their privacy & security. It’s a large list and shows you how basically anything by big tech is pretty creepy – anything by Amazon and Facebook is super creepy, Google pretty creepy, Apple only creepy. There are a few surprises, like Moleskine being super creepy. Fitness machinery is pretty bad as are some coffee makers… Nintendo Switches and PS5s (surprisingly) aren’t creepy at all…
Researchers at Google claim to have developed a machine learning model that can separate a sound source from noisy, single-channel audio based on only a short sample of the target source. In a paper, they say their SoundFilter system can be tuned to filter arbitrary sound sources, even those it hasn’t seen during training.
The researchers believe a noise-eliminating system like SoundFilter could be used to create a range of useful technologies. For instance, Google drew on audio from thousands of its own meetings and YouTube videos to train the noise-canceling algorithm in Google Meet. Meanwhile, a team of Carnegie Mellon researchers created a “sound-action-vision” corpus to anticipate where objects will move when subjected to physical force.
SoundFilter treats the task of sound separation as a one-shot learning problem. The model receives as input the audio mixture to be filtered and a single short example of the kind of sound to be filtered out. Once trained, SoundFilter is expected to extract this kind of sound from the mixture if present.
Microsoft researchers have found evidence that Russian and North Korean hackers have systematically attacked covid-19 labs and vaccine makers in an effort to steal data and initiate ransomware attacks.
“Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials, clinical research organization involved in trials, and one has developed a Covid-19 test,” said Tom Burt, a VP in Customer Security at Microsoft. “Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.”
“The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium,” wrote Burt.
The attacks seem to be brute force login attempts and spear-phishing meant to lure victims to give up their security credentials. Microsoft, obviously, reports that its tools were able to catch and prevent most of the attacks. Sadly, the hackers are pretending to be World Health Organization reps in order to trick doctors into installing malware.
Zack Whittaker at TechCrunch noted that the Russian group, Strontium, is better known as APT28 or Fancy Bear, and the other groups are probably part of the North Korean Lazarus Group, the hackers responsible for WannaCry ransomware and the Sony hack in 2016.
iOS 14.3 will prompt some users to install selected third-party applications during setup, in what is likely an attempt to stifle any allegations of anticompetitive behaviour from regulators.
The feature, which is buried deep within the beta version of the upcoming iOS release and was first spotted by 9to5Mac, is believed to be activated depending on the location of the user, and states: “In compliance with regional legal requirements, continue to view available apps to download.”
Although iOS is not the most widely installed mobile operating system (that particular crown belongs to Android), it is unique insofar as the control exerted by Apple on the ecosystem, famously dubbed the Walled Garden. This limits where users can download third-party software – exclusively the App Store – and forces developers to use Apple’s payment processing methods, which take a 30 per cent cut of all transactions. Moreover, until recently, users were unable to select third-party products for their default browser and email apps.
This has prompted antitrust investigations in several jurisdictions, including the US, Japan, and the EU, often prompted by the complaints of competitors, such as Spotify and Rakuten. This is in addition to the legal action taken by Epic Games, which has claimed Apple deliberately tries to disadvantage third-party developers through its app store policies.
Google on Thursday was sued for allegedly stealing Android users’ cellular data allowances though unapproved, undisclosed transmissions to the web giant’s servers.
The lawsuit, Taylor et al v. Google [PDF], was filed in a US federal district court in San Jose on behalf of four plaintiffs based in Illinois, Iowa, and Wisconsin in the hope the case will be certified by a judge as a class action.
The complaint contends that Google is using Android users’ limited cellular data allowances without permission to transmit information about those individuals that’s unrelated to their use of Google services.
Data sent over Wi-Fi is not at issue, nor is data sent over a cellular connection in the absence of Wi-Fi when an Android user has chosen to use a network-connected application. What concerns the plaintiffs is data sent to Google’s servers that isn’t the result of deliberate interaction with a mobile device – we’re talking passive or background data transfers via cell network, here.
[…]
Android users have to accept four agreements to participate in the Google ecosystem: Terms of Service; the Privacy Policy; the Managed Google Play Agreement; and the Google Play Terms of Service. None of these, the court filing contends, disclose that Google spends users’ cellular data allowances for these background transfers.
To support the allegations, the plaintiff’s counsel tested a new Samsung Galaxy S7 phone running Android, with a signed-in Google Account and default setting, and found that when left idle, without a Wi-Fi connection, the phone “sent and received 8.88 MB/day of data, with 94 per cent of those communications occurring between Google and the device.”
The device, stationary, with all apps closed, transferred data to Google about 16 times an hour, or about 389 times in 24 hours. Assuming even half of that data is outgoing, Google would receive about 4.4MB per day or 130MB per month in this manner per device subject to the same test conditions.
Putting worries of what could be in that data to one side, based on an average price of $8 per GB of data in the US, that 130MB works out to about $1 lost to Google data gathering per month – if the device is disconnected from Wi-Fi the entire time and does all its passive transmission over a cellular connection.
An iPhone with Apple’s Safari browser open in the background transmits only about a tenth of that amount to Apple, according to the complaint.
Much of the transmitted data, it’s claimed, are log files that record network availability, open apps, and operating system metrics. Google could have delayed transmitting these files until a Wi-Fi connection was available, but chose instead to spend users’ cell data so it could gather data at all hours.
Vanderbilt University Professor Douglas C. Schmidt performed a similar study in 2018 – except that the Chrome browser was open – and found that Android devices made 900 passive transfers in 24 hours.
Under active use, Android devices transfer about 11.6MB of data to Google servers daily, or 350MB per month, it’s claimed, which is about half the amount transferred by an iPhone.
The complaint charges that Google conducts these undisclosed data transfers for further its advertising business, sending “tokens” that identify users for targeted advertising and preload ads that generate revenue even if they’re never displayed.
“Users often never view these pre-loaded ads, even though their cellular data was already consumed to download the ads from Google,” the legal filing claims. “And because these pre-loads can count as ad impressions, Google is paid for transmitting the ads.”
