The Linkielist

Linking ideas with the world

The Linkielist

Solar Panels Are Starting to Die, Leaving Behind Toxic Trash

Posted on by

By 2050, the International Renewable Energy Agency projects that up to 78 million metric tons of solar panels will have reached the end of their life, and that the world will be generating about 6 million metric tons of new solar e-waste annually. While the latter number is a small fraction of the total e-waste humanity produces each year, standard electronics recycling methods don’t cut it for solar panels. Recovering the most valuable materials from one, including silver and silicon, requires bespoke recycling solutions. And if we fail to develop those solutions along with policies that support their widespread adoption, we already know what will happen.

“If we don’t mandate recycling, many of the modules will go to landfill,” said Arizona State University solar researcher Meng Tao, who recently authored a review paper on recycling silicon solar panels, which comprise 95 percent of the solar market.

Solar panels are composed of photovoltaic (PV) cells that convert sunlight to electricity. When these panels enter landfills, valuable resources go to waste. And because solar panels contain toxic materials like lead that can leach out as they break down, landfilling also creates new environmental hazards.

[…]

Under EU law, producers are required to ensure their solar panels are recycled properly. In Japan, India, and Australia, recycling requirements are in the works. In the United States, it’s the Wild West: With the exception of a state law in Washington, the US has no solar recycling mandates whatsoever. Voluntary, industry-led recycling efforts are limited in scope. “Right now, we’re pretty confident the number is around 10 percent of solar panels recycled,” said Sam Vanderhoof, the CEO of Recycle PV Solar, one of the only US companies dedicated to PV recycling. The rest, he says, go to landfills or are exported overseas for reuse in developing countries with weak environmental protections.

[…]

Recyclers often take off the panel’s frame and its junction box to recover the aluminum and copper, then shred the rest of the module, including the glass, polymers, and silicon cells, which get coated in a silver electrode and soldered using tin and lead. (Because the vast majority of that mixture by weight is glass, the resultant product is considered an impure, crushed glass.) Tao and his colleagues estimate that a recycler taking apart a standard 60-cell silicon panel can get about $3 for the recovered aluminum, copper, and glass. Vanderhoof, meanwhile, says that the cost of recycling that panel in the US is between $12 and $25—after transportation costs, which “oftentimes equal the cost to recycle.” At the same time, in states that allow it, it typically costs less than a dollar to dump a solar panel in a solid-waste landfill.

“We believe the big blind spot in the US for recycling is that the cost far exceeds the revenue,” Meng said. “It’s on the order of a 10-to-1 ratio.”

If a solar panel’s more valuable components—namely, the silicon and silver—could be separated and purified efficiently, that could improve that cost-to-revenue ratio. A small number of dedicated solar PV recyclers are trying to do this. Veolia, which runs the world’s only commercial-scale silicon PV recycling plant in France, shreds and grinds up panels and then uses an optical technique to recover low-purity silicon. According to Vanderhoof, Recycle PV Solar initially used a “heat process and a ball mill process” that could recapture more than 90 percent of the materials present in a panel, including low-purity silver and silicon. But the company recently received some new equipment from its European partners that can do “95 plus percent recapture,” he said, while separating the recaptured materials much better.

[…]

In addition to developing better recycling methods, the solar industry should be thinking about how to repurpose panels whenever possible, since used solar panels are likely to fetch a higher price than the metals and minerals inside them (and since reuse generally requires less energy than recycling). As is the case with recycling, the EU is out in front on this: Through its Circular Business Models for the Solar Power Industry program, the European Commission is funding a range of demonstration projects showing how solar panels from rooftops and solar farms can be repurposed, including for powering ebike charging stations in Berlin and housing complexes in Belgium.

[…]

Source: Solar Panels Are Starting to Die, Leaving Behind Toxic Trash

Edit: A new article, The Environmental Impact of Solar Panels, explores this further

Epic Games start Free Fortnite cup time with awesome prizes incl a rotten apple skin

Posted on by

As PC Gamer’s Fortnite guy, I’ve written many a guide to Epic’s various tournaments, cash cups, and special events, but few have ever been as weird as this one. On Thursday evening, Epic announced the #FreeFortnite Cup, a new tournament seemingly designed to continue Epic’s campaign against Apple and Google. Barring a legal miracle, it’s effectively your last chance to cross-play with friends on iOS and Android devices for a long while.

“All of your friends. Awesome prizes. And one bad apple,” Epic writes.

The prizes available? Well, that’s where things get a little… silly.

Participants who score ten or more points during the tournament (details below) will earn the ‘Tart Tycoon’ skin. You’ll recognize it as the apple man from Epic’s parody of Apple’s famous 1984 ad that made the rounds last week. Here he is in all his subtle glory.

(Image credit: Epic Games)

It’s pretty much a guarantee that anyone who plays a couple matches during the tournament window will earn the skin, as you get points just for surviving every minute.

Epic could have stopped there and called it a day, but no. For some reason, they’re offering the top 20,000 players a #FreeFortnite hat. A dad hat. A dad hat with the Fortnite llama colored like Apple’s old rainbow logo.

(Image credit: Epic Games)

God have mercy on us all.

Epic is also giving 1,200 players (of undetermined criteria) some free gaming gear, like Alienware gaming laptops, Samsung Galaxy Tabs, and some good old-fashioned consoles. Not sure if that’s going to stem the tide of millions of mobile players from calling up customer support, but it’s a start?

Either way, Epic is clearly rolling full steam ahead with its campaign against Apple and Google. Whether or not they can win against the tech giants in a court of law remains to be seen, but Epic is certainly investing in the court of public opinion.

Source: Epic Games Free Fortnite cup time: How to get the Fortnite apple skin | PC Gamer

Apple cut off updates to completely free WordPress app until it adds in app purchases because it wants 30 percent

Posted on by

WordPress, the iOS app, lets you build and manage a website right from your iPhone or iPad, for free.

Separately, WordPress.com also happens to sell domain names and fancier website packages.

Now, WordPress founding developer Matt Mullenweg is accusing Apple of cutting off the ability to update that app — until or unless he adds in-app purchases so the most valuable company in the world can extract its 30 percent cut of the money.

Here’s the thing: the WordPress app on iOS doesn’t sell anything. I just checked, and so did Stratechery’s Ben Thompson. The app simply lets you make a website for free. There isn’t even an option to buy a unique dot-com or even dot-blog domain name from the iPhone and iPad app — it simply assigns you a free WordPress domain name and 3GB of space.

Apple admitted to The Verge that it’s involved, reminding us that in-app purchases are required whenever apps “allow users to access content, subscriptions, or features they have acquired in your app on other platforms or your web site.” But again, the WordPress app doesn’t sell anything itself, and it sounds like you can’t do anything special with anything you’ve purchased from WordPress.com (beyond uploading additional files or selecting website themes) from the app, either.

While Mullenweg says there technically was a roundabout way for an iOS to find out that WordPress has paid tiers (they could find it buried in support pages, or by navigating to WordPress’s site from a preview of their own webpage), he says that Apple rejected his offer to block iOS users from seeing the offending pages.

Mullenweg tells The Verge he’s not going to fight it anymore, though — he will add brand-new in-app purchases for WordPress.com’s paid tiers, which include domain names, within 30 days. Apple has agreed to allow Automattic to update the app while it waits. (The last update was issued yesterday.)

In other words, Apple won: the richest company in the world just successfully forced an app developer to monetize an app so it could make more money. It’s just the latest example of Apple’s fervent attempts to guard its cash cow resulting in a decision that doesn’t make much sense and doesn’t live up to Apple’s ethos (real or imagined) of putting the customer experience ahead of all else.

Source: WordPress claims Apple cut off updates to its completely free app because it wants 30 percent – The Verge

Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers

Posted on by

Uber’s chief security officer, Joe Sullivan broke the law by hushing up the theft of millions of people’s details from the app maker’s databases by hackers, prosecutors say.

Sullivan, 52, formerly of eBay, Facebook, and PayPal, was today charged with obstruction of justice and misprision – concealing knowledge of a crime from law enforcement – by the US District Attorney for Northern California, an office he briefly worked for back in the day. These come with potentially five and three-year prison sentences, respectively, and a fine of up to $250,000 apiece.

According to the government, the charges [PDF] stem from Sullivan’s efforts to cover up the 2016 security breach at Uber in which miscreants siphoned from internal databases the personal information of 57 million passengers and 600,000 drivers, including their driving license details.

The hack was significant enough that Sullivan was “visibly shaken” by the break-in, particularly after Uber had been dealing with the fallout from a 2014 cyber-intrusion, according to FBI special agent Mario Scussel.

“A witness also reported that Sullivan stated in a private conversation that he could not believe they had let another breach happen and that the team had to make sure word of the breach did not get out,” Scussel claimed in court filings this week.

We’re told that, rather than informing the Feds and publicly disclosing the security lapse, Sullivan instead sought to hush up the hack by buying the silence of the intruders with $100,000 in Bitcoins, making them sign confidentiality agreements to keep the details under wraps, and playing the whole thing off as a reward for finding a bug in Uber’s systems rather than characterizing it more accurately as a data leak.

Source: Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers • The Register

News outlets join Epic in challenging Apple’s app store terms

Posted on by

Major news organizations are joining Epic Games in the push for Apple to rethink its app store terms following Fortnite’s high-profile ban this month.

Digital Content Next, a trade organization representing the New York Times, the Washington Post, the Wall Street Journal, and dozens of other media outlets and publishers (including yours truly, G/O Media), sent a letter to Apple CEO Tim Cook on Thursday asking if it was possible to renegotiate a better deal with the tech giant regarding its notoriously high commission rates for app developers. AKA what’s infamously known as “the Apple tax.”

As it stands, news outlets fork over 30% of all revenue from first-time subscriptions made through iOS apps, with Apple’s cut falling to 15% after the first year should the reader continue their subscription, per the Wall Street Journal. A 30% tax on an app’s revenue is standard across the board on both Google and Apple’s app stores, though the latter gets significantly more heat for this because of its walled garden (whereas Android’s open ecosystem allows for multiple stores if app developers would rather not pay the toll).

“The terms of Apple’s unique marketplace greatly impact the ability to continue to invest in high-quality, trusted news and entertainment particularly in competition with other larger firms,” said the letter, which is signed by Digital Content Next’s CEO, Jason Kint.

In the letter, Kint argues that Apple has previously made an exception to its usual 30% rate for one preeminent customer in particular: Amazon. Emails between top Apple exec Eddy Cue and Amazon CEO Jeff Bezos that were revealed in an antitrust hearing last month showed that Amazon agreed to pay Apple just 15% of its revenue from Amazon Prime Video subscriptions during its first year on the app store. Given this, Kint contends that Digital Content Next’s news outlets and publishers should qualify for the same kind of modified terms Amazon was offered. At the very least, Apple needs to outline what conditions Amazon met to receive such a discount and afford other app developers the same opportunity.

“The monopolistic behavior of big tech puts a wide range of industries—not the least of which is the news industry—at a distinct disadvantage,” the group’s SVP of government affairs, Chris Pedigo, wrote in a blog post Thursday. “It is laudable that EU and American regulatory bodies are digging in and uncovering these anti-competitive behaviors. Talking trust is not enough. We need to level the playing field and transparency is a critical first step.”

[…]

Source: News outlets join Epic in challenging Apple’s app store terms

Putting the d’oh! in Adobe: ‘Years of photos’ permanently wiped from iPhones, iPads by bad Lightroom app update

Posted on by

Adobe is offering its condolences to customers after an update to its Lightroom photo manager permanently deleted troves of snaps on people’s iPhones, iPads, and iPod Touches.

First reported by PetaPixel, the data annihilation was triggered after punters this week fetched version 5.4 of the iOS software. Netizens complained that, following the release and installation of that build, their stored photos and paid-for presets vanished. Adobe acknowledged the issue though it didn’t have much to offer punters besides saying sorry.

“Yesterday when I use the Lightroom Mobile, it was okay,” reported customer Mohamad Alif Eqnur.

“I still have my presets and pictures saved in the apps but today, 18th August 2020, after I updated the apps on Apps Store, all of my pictures and presets gone.”

The photo-nuking bug has apparently been fixed, and updating to the latest version of the iOS app will keep you from losing your stuff, if it hasn’t been lost already. Assets saved to the Lightroom cloud are still intact as are those on non-iOS devices.

If you had copied your photos on your Mac, PC, or Android gear, the pics will still be there. Basically, if you backed up your snaps from your iThing, you’re OK. If you left it all on your iPhone or iPad… sorry, friend.

Source: Putting the d’oh! in Adobe: ‘Years of photos’ permanently wiped from iPhones, iPads by bad Lightroom app update • The Register

A Gmail and Google Drive outage is causing errors around the world – yay cloud!

Posted on by

Can’t send something on Gmail? If so then you’re in good company, ever since about midnight ET, people have been complaining about issues connecting to many of the G suite services, but especially Gmail.

The Google apps status page just updated to confirm they’ve received reports of an issue with Gmail and Google Drive, while a quick look at Twitter or on DownDetector shows thousands of reports over the last hour or so.

I’ve been able to send emails, but trying to attach a file shows a slow upload process that, if it completes, eventually leads to an error message saying that I need to check my network. It’s the same thing many others are experiencing, but at least it’s working a little. Oh, and if things weren’t bad enough for remote workers on this shift, it looks like Slack is having some issues too.

Update (2:14 AM ET): Google’s status page says they are continuing to investigate the issue. It has also updated to indicate reports of problems with Google Meet, Google Voice and Google Docs, while anecdotal reports show people are having issues uploading to YouTube as well.

Google:

8/20/20, 1:29 AM We’re investigating reports of an issue with Gmail. We will provide more information shortly.

8/20/20, 2:07 AM We are continuing to investigate this issue. We will provide an update by 8/20/20, 4:00 AM detailing when we expect to resolve the problem.

Source: A Gmail and Google Drive outage is causing errors around the world | Engadget

235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak

Posted on by

it was such an unsecured database that the Comparitech researchers, led by Bob Diachenko, discovered on August 1, leaving the personal profile data of nearly 235 million Instagram, TikTok and YouTube users up for grabs.

The data was spread across several datasets; the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram. The third-largest was a dataset of some 42 million TikTok users, followed by just under 4 million YouTube user profiles.

MORE FROM FORBESGot An Email From A Hacker With Your Password? Do These 3 ThingsBy Davey Winder

Comparitech says that, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, the following information:

  • Profile name
  • Full real name
  • Profile photo
  • Account description

Statistics about follower engagement, including:

  • Number of followers
  • Engagement rate
  • Follower growth rate
  • Audience gender
  • Audience age
  • Audience location
  • Likes
  • Last post timestamp
  • Age
  • Gender

“The information would probably be most valuable to spammers and cybercriminals running phishing campaigns,” Paul Bischoff, Comparitech editor, says. “Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation,” Bischoff adds. Indeed, Bischoff told me that it would be easy for a bot to use the database to post targeted spam comments on any Instagram profile matching criteria such as gender, age or number of followers.

Tracing the source of the leaked data

So, where did all this data originate? The researchers suggest that the evidence, including dataset names, pointed to a company called Deep Social. However, Deep Social was banned by both Facebook and Instagram in 2018 after scraping user profile data. The company was wound down sometime after this.

A Facebook company spokesperson told me that “scraping people’s information from Instagram is a clear violation of our policies. We revoked Deep Social’s access to our platform in June 2018 and sent a legal notice prohibiting any further data collection.”

Once the researchers found the database and the clues to its origin, “we sent an alert to Deep Social, assuming the data belonged to them,” Bischoff says. The administrators of Deep Social then forwarded the disclosure to a Hong Kong-registered social media influencer data-marketing company called Social Data. “Social Data shut down the database about three hours after our initial email,” Bischoff says.

[…]

Source: 235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak

Scientists slow and steer light with resonant nanoantennas

Posted on by

in a paper published on Aug. 17, in Nature Nanotechnology, Stanford scientists demonstrate a new approach to slow light significantly, much like an echo chamber holds onto sound, and to direct it at will. Researchers in the lab of Jennifer Dionne, associate professor of materials science and engineering at Stanford, structured ultrathin silicon chips into nanoscale bars to resonantly trap light and then release or redirect it later. These “high-quality-factor” or “high-Q” resonators could lead to novel ways of manipulating and using light, including new applications for quantum computing, virtual reality and augmented reality; light-based WiFi; and even the detection of viruses like SARS-CoV-2.

“We’re essentially trying to trap light in a tiny box that still allows the light to come and go from many different directions,” said postdoctoral fellow Mark Lawrence, who is also lead author of the paper. “It’s easy to trap light in a box with many sides, but not so easy if the sides are transparent—as is the case with many Silicon-based applications.”

Source: Scientists slow and steer light with resonant nanoantennas

The Unforeseen Consequences of Artificial Intelligence (AI) on Society: A Systematic Review of Regulatory Gaps Generated by AI in the U.S. | RAND

Posted on by

AI’s growing catalog of applications and methods has the potential to profoundly affect public policy by generating instances where regulations are not adequate to confront the issues faced by society, also known as regulatory gaps.

The objective of this dissertation is to improve our understanding of how AI influences U.S. public policy. It systematically explores, for the first time, the role of AI in the generation of regulatory gaps. Specifically, it addresses two research questions:

  1. What U.S. regulatory gaps exist due to AI methods and applications?
  2. When looking across all of the gaps identified in the first research question, what trends and insights emerge that can help stakeholders plan for the future?

These questions are answered through a systematic review of four academic databases of literature in the hard and social sciences. Its implementation was guided by a protocol that initially identified 5,240 candidate articles. A screening process reduced this sample to 241 articles (published between 1976 and February of 2018) relevant to answering the research questions.

This dissertation contributes to the literature by adapting the work of Bennett-Moses and Calo to effectively characterize regulatory gaps caused by AI in the U.S. In addition, it finds that most gaps: do not require new regulation or the creation of governance frameworks for their resolution, are found at the federal and state levels of government, and AI applications are recognized more often than methods as their cause.

Source: The Unforeseen Consequences of Artificial Intelligence (AI) on Society: A Systematic Review of Regulatory Gaps Generated by AI in the U.S. | RAND

A Facebook Account Will Be Mandatory for Oculus Devices

Posted on by

It’s official. Starting this October, a Facebook account will be mandatory for all future Oculus headsets. While there’ll be a grace period for anyone with a separate Oculus account, Facebook will end support for those on January 1, 2023.

The decision was announced today on both Oculus’s Twitter and in a press release. The gist of it is anyone who is new to an Oculus device after October must log in with a Facebook account. At that time, existing Oculus users will have the option of merging their Facebook and Oculus accounts. Anyone who doesn’t merge will have two years before their Oculus accounts are kaput. The devices will technically still work, but “full functionality will require a Facebook account.”

Notably, all future, unreleased Oculus devices will also require a Facebook account, regardless of whether you already have an Oculus account. This is perhaps a reference to the rumored successor to the Oculus Quest, which leaks suggest may launch as early as September 15.

What about things you already purchased on your Oculus account? Well, Facebook says it will “take steps” to allow folks to keep the things they’ve already bought but it “expect[s] some games and apps may no longer work,” hinting that developers may decide to include features that require a Facebook account or just stop supporting the app or game in question.

As you might imagine, the replies to Oculus’s announcement on Twitter are less than kind. In a few instances, users cried foul, pointing to a promise from founder Palmer Luckey when Facebook acquired Oculus that people wouldn’t need to log into Facebook when they wanted to use the Oculus Rift. While the move is painted as a means of streamlining the VR experience by “giving people a single way to log in,” it’s also a blatant attempt at forcing people onto Facebook’s platform so it can get your sweet, sweet data.

This has been coming for some time. Last year, the Oculus platform got a boatload of social features that no one asked for. It required a Facebook login to work and introduced an element of data harvesting for targeted ads.

[…]

Source: A Facebook Account Will Be Mandatory for Future Oculus Devices

AI Company Leaks Over 2.5M Medical Records

Posted on by

A security researcher has detailed how an artificial intelligence company in possession of nearly 2.6 million medical records allowed them to be publicly visible on the internet. It’s a clear reminder that our personal health data is not safe.

As Secure Thoughts reports, on July 7 security researcher Jeremiah Fowler discovered two folders of medical records available for anyone to access on the internet. The data was labeled as “staging data” and hosted by artificial intelligence company Cense AI, which specializes in “SaaS-based intelligent process automation management solutions.” Fowler believes the data was made public because Cense AI was temporarily hosting it online before loading it into the company’s management system or an AI bot.

The medical records are quite detailed and include names, insurance records, medical diagnosis notes, and payment records. It looks as though the data was sourced from insurance companies and relates to car accident claims and referrals for neck and spine injuries. The majority of the personal information is thought to be for individuals located in New York, with a total of 2,594,261 records exposed.

[…]

Source: Report: AI Company Leaks Over 2.5M Medical Records | PCMag

Researchers Can Duplicate Keys from the Sounds They Make in Locks

Posted on by

Researchers have demonstrated that they can make a working 3D-printed copy of a key just by listening to how the key sounds when inserted into a lock. And you don’t need a fancy mic — a smartphone or smart doorbell will do nicely if you can get it close enough to the lock.

Key Audio Lockpicking

The next time you unlock your front door, it might be worth trying to insert your key as quietly as possible; researchers have discovered that the sound of your key being inserted into the lock gives attackers all they need to make a working copy of your front door key.

It sounds unlikely, but security researchers say they have proven that the series of audible, metallic clicks made as a key penetrates a lock can now be deciphered by signal processing software to reveal the precise shape of the sequence of ridges on the key’s shaft. Knowing this (the actual cut of your key), a working copy of it can then be three-dimensionally (3D) printed.

How Soundarya Ramesh and her team accomplished this is a fascinating read.

Once they have a key-insertion audio file, SpiKey’s inference software gets to work filtering the signal to reveal the strong, metallic clicks as key ridges hit the lock’s pins [and you can hear those filtered clicks online here]. These clicks are vital to the inference analysis: the time between them allows the SpiKey software to compute the key’s inter-ridge distances and what locksmiths call the “bitting depth” of those ridges: basically, how deeply they cut into the key shaft, or where they plateau out. If a key is inserted at a nonconstant speed, the analysis can be ruined, but the software can compensate for small speed variations.

The result of all this is that SpiKey software outputs the three most likely key designs that will fit the lock used in the audio file, reducing the potential search space from 330,000 keys to just three. “Given that the profile of the key is publicly available for commonly used [pin-tumbler lock] keys, we can 3D-print the keys for the inferred bitting codes, one of which will unlock the door,” says Ramesh.

Source: Researchers Can Duplicate Keys from the Sounds They Make in Locks

Securus sued for ‘recording attorney-client jail calls, handing them to cops’ – months after settling similar lawsuit and charging more than 100x normal price for the calls. Hey, monopolies!

Posted on by

Jail phone telco Securus provided recordings of protected attorney-client conversations to cops and prosecutors, it is claimed, just three months after it settled a near-identical lawsuit.

The corporate giant controls all telecommunications between the outside world and prisoners in American jails that contract with it. It charges far above market rate, often more than 100 times, while doing so.

It has now been sued by three defense lawyers in Maine, who accuse the corporation of recording hundreds of conversations between them and their clients – something that is illegal in the US state. It then supplied those recordings to jail administrators and officers of the law, the attorneys allege.

Though police officers can request copies of convicts’ calls to investigate crimes, the cops aren’t supposed to get attorney-client-privileged conversations. In fact, these chats shouldn’t be recorded in the first place. Yet, it is claimed, Securus not only made and retained copies of these sensitive calls, it handed them to investigators and prosecutors.

“Securus failed to screen out attorney-client privileged calls, and then illegally intercepted these calls and distributed them to jail administrators who are often law enforcers,” the lawsuit [PDF] alleged. “In some cases the recordings have been shared with district attorneys.”

The lawsuit claims that over 800 calls covering 150 inmates and 30 law firms have been illegally recorded in the past 12 months, and it provides a (redacted) spreadsheet of all relevant calls.

[…]

Amazingly, this is not the first time Securus has been accused of this same sort of behavior. Just three months ago, in May this year, the company settled a similar class-action lawsuit this time covering jails in California.

That time, two former prisoners and a criminal defense attorney sued Securus after it recorded more than 14,000 legally protected conversations between inmates and their legal eagles. Those recordings only came to light after someone hacked the corp’s network and found some 70 million stored conversations, which were subsequently leaked to journalists.

[…]

Securus has repeatedly come under fire for similar complaints of ethical and technological failings. It was at the center of a huge row over location data after it was revealed it was selling location data on people’s phones to the police through a web portal.

The telecoms giant was also criticized for charging huge rates for video calls, between $5.95 and $7.99 for a 20-minute call, at a jail where the warden banned in-person visits but still required relatives to travel to the jail and sit in a trailer in the prison’s parking lot to talk to their loved ones through a screen.

Securus is privately held so it doesn’t make its financial figures public. A leak in 2014 revealed that it made a $115m profit on $405m in revenue for that year.

Source: Securus sued for ‘recording attorney-client jail calls, handing them to cops’ – months after settling similar lawsuit • The Register

Android 11 is taking away the camera picker, forcing people to only use the built-in camera

Posted on by

Android may have started with the mantra that developers are allowed to do anything as long as they can code it, but things have changed over the years as security and privacy became higher priorities. Every major update over the last decade has shuttered features or added restrictions in the name of protecting users, but some sacrifices may not have been entirely necessary. Another Android 11 trade-off has emerged, this time taking away the ability for users to select third-party camera apps to take pictures or videos on behalf of other apps, forcing users to rely only on the built-in camera app.

At the heart of this change is one of the defining traits of Android: the Intent system. Let’s say you need to take a picture of a novelty coffee mug to sell through an auction app. Since the auction app wasn’t built for photography, the developer chose to leave that up to a proper camera app. This where the Intent system comes into play. Developers simply create a request with a few criteria and Android will prompt users to pick from a list of installed apps to do the job.

Camera picker on Android 10.

However, things are going to change with Android 11 for apps that ask for photos or videos. Three specific intents will cease to work like they used to, including: VIDEO_CAPTURE, IMAGE_CAPTURE, and IMAGE_CAPTURE_SECURE. Android 11 will now automatically provide the pre-installed camera app to perform these actions without ever searching for other apps to fill the role.

Starting in Android 11, only pre-installed system camera apps can respond to the following intent actions:

If more than one pre-installed system camera app is available, the system presents a dialog for the user to select an app. If you want your app to use a specific third-party camera app to capture images or videos on its behalf, you can make these intents explicit by setting a package name or component for the intent.

Google describes the change in a list of new behaviors in Android 11, and further confirmed it in the Issue Tracker. Privacy and security are cited as the reason, but there’s no discussion about what exactly made those intents dangerous. Perhaps some users were tricked into setting a malicious camera app as the default and then using it to capture things that should have remained private.

“… we believe it’s the right trade-off to protect the privacy and security of our users.” — Google Issue Tracker.

Not only does Android 11 take the liberty of automatically launching the pre-installed camera app when requested, it also prevents app developers from conveniently providing their own interface to simulate the same functionality. I ran a test with some simple code to query for the camera apps on a phone, then ran it on devices running Android 10 and 11 with the same set of camera apps installed. Android 10 gave back a full set of apps, but Android 11 reported nothing, not even Google’s own pre-installed Camera app.

Above: Debugger view on Android 10. Below: Same view on Android 11.

As Mark Murphy of CommonsWare points out, Google does prescribe a workaround for developers, although it’s not very useful. The documentation advises explicitly checking for installed camera apps by their package names — meaning developers would have to pick preferred apps up front — and sending users to those apps directly. Of course, there are other ways to get options without identifying all package names, like getting a list of all apps and then manually searching for intent filters, but this seems like an over-complication.

Source: Android 11 is taking away the camera picker, forcing people to only use the built-in camera

Transparent solar panels for windows hit record 8% efficiency

Posted on by

In a step closer to skyscrapers that serve as power sources, a team led by University of Michigan researchers has set a new efficiency record for color-neutral, transparent solar cells.

The team achieved 8.1% efficiency and 43.3% transparency with an organic, or carbon-based, design rather than conventional silicon. While the cells have a slight green tint, they are much more like the gray of sunglasses and automobile windows.

“Windows, which are on the face of every building, are an ideal location for organic solar cells because they offer something silicon can’t, which is a combination of very high efficiency and very high visible transparency,” said Stephen Forrest, the Peter A. Franken Distinguished University Professor of Engineering and Paul G. Goebel Professor of Engineering, who led the research.

Yongxi Li holds up vials containing the polymers used to make the transparent solar cells. Image credit: Robert Coelius, Michigan Engineering Communications & Marketing

Yongxi Li holds up vials containing the polymers used to make the transparent solar cells. Image credit: Robert Coelius, Michigan Engineering Communications & Marketing

Buildings with glass facades typically have a coating on them that reflects and absorbs some of the light, both in the visible and infrared parts of the spectrum, to reduce the brightness and heating inside the building. Rather than throwing that energy away, transparent solar panels could use it to take a bite out of the building’s electricity needs. The transparency of some existing windows is similar to the transparency of the solar cells Forrest’s group reports in the journal Proceedings of the National Academy of Sciences.

[…]

The color-neutral version of the device was made with an indium tin oxide electrode. A silver electrode improved the efficiency to 10.8%, with 45.8% transparency. However, that version’s slightly greenish tint may not be acceptable in some window applications.

Transparent solar cells are measured by their light utilization efficiency, which describes how much energy from the light hitting the window is available either as electricity or as transmitted light on the interior side. Previous transparent solar cells have light utilization efficiencies of roughly 2-3%, but the indium tin oxide cell is rated at 3.5% and the silver version has a light utilization efficiency of 5%.

Both versions can be manufactured at large scale, using materials that are less toxic than other transparent solar cells. The transparent organic solar cells can also be customized for local latitudes, taking advantage of the fact that they are most efficient when the sun’s rays are hitting them at a perpendicular angle. They can be placed in between the panes of double-glazed windows..

Source: Transparent solar panels for windows hit record 8% efficiency | University of Michigan News

Trusting OpenPGP and S/Mime with your email secrets? You might want to rethink that

Posted on by

Boffins testing the security of OpenPGP and S/MIME, two end-to-end encryption schemes for email, recently found multiple vulnerabilities in the way email client software deals with certificates and key exchange mechanisms.

They found that five out of 18 OpenPGP-capable email clients and six out of 18 S/MIME-capable clients are vulnerable to at least one attack.

These flaws are not due to cryptographic weaknesses. Rather they arise from the complexity of email infrastructure, based on dozens of standards documents, as it has evolved over time, and the impact that’s had on the way affected email clients handle certificates and digital signatures.

In a paper [PDF] titled “Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption,” presented earlier this summer at the virtual IEEE Conference on Communications and Network Security, Jens Müller, Marcus Brinkmann, and Joerg Schwenk (Ruhr University Bochum, Germany) and Damian Poddebniak and Sebastian Schinzel (Münster University of Applied Sciences, Germany) reveal how they were able to conduct key replacement, MITM decryption, and key exfiltration attacks on various email clients.

“We show practical attacks against both encryption schemes in the context of email,” the paper explains.

“First, we present a design flaw in the key update mechanism, allowing a third party to deploy a new key to the communication partners. Second, we show how email clients can be tricked into acting as an oracle for decryption or signing by exploiting their functionality to auto-save drafts. Third, we demonstrate how to exfiltrate the private key, based on proprietary mailto parameters implemented by various email clients.”

This is not the sort of thing anyone trying to communicate securely over email wants because it means encrypted messages may be readable by an attacker and credentials could be stolen.

Müller offers a visual demonstration via Twitter on Tuesday:

The research led to CVEs for GNOME Evolution (CVE-2020-11879), KDE KMail (CVE-2020-11880), and IBM/HCL Notes (CVE-2020-4089). There are two more CVEs (CVE-2020-12618, and CVE-2020-12619) that haven’t been made public.

According to Müller, affected vendors were notified of the vulnerabilities in February.

Pegasus Mail is said to be affected though it doesn’t have a designated CVE – it may be that one of the unidentified CVEs applies here.

Thunderbird versions 52 and 60 for Debian/Kali Linux were affected but more recent versions are supposed to be immune since the email client’s developers fixed the applicable flaw last year. It allowed a website to present a link with the "mailto?attach=..." parameter to force Thunderbird to attach local files, like an SSH private key, to an outgoing message.

However, those who have installed the xdg-utils package, a set of utility scripts that provide a way to launch an email application in response to a mailto: link, appear to have reactivated this particular bug, which has yet to be fixed in xdg-utils.

Source: Trusting OpenPGP and S/Mime with your email secrets? You might want to rethink that • The Register

Zoombomber crashes court hearing on Twitter hack with Pornhub video, Judge obviously not qualified for this case

Posted on by

Zoombombers today disrupted a court hearing involving the Florida teen accused of masterminding a takeover of high-profile Twitter accounts, forcing the judge to stop the hearing. “During the hearing, the judge and attorneys were interrupted several times with people shouting racial slurs, playing music, and showing pornographic images,” ABC Action News in Tampa Bay wrote. A Pornhub video forced the judge to temporarily shut down the hearing.

The Zoombombing occurred today when the Thirteenth Judicial Circuit Court of Florida in Tampa held a bail hearing for Graham Clark, who previously pleaded not guilty and is reportedly being held on $725,000 bail. Clark faces 30 felony charges related to the July 15 Twitter attack in which accounts of famous people like Elon Musk, Bill Gates, Jeff Bezos, and Joe Biden were hijacked and used to push cryptocurrency scams. Hackers also accessed direct messages for 36 high-profile account holders.

Today, Judge Christopher Nash ruled against a request to lower Clark’s bail amount. But before that, the judge “shut down the hearing for a short time” when arguments were interrupted by “pornography… foul language and rap music,” Fox 13 reporter Gloria Gomez wrote on Twitter.

“I’m removing people as quickly as I can whenever a disruption happens,” Nash said after one Zoombomber interrupted a lawyer. A not-safe-for-work portion of the hearing was posted by a Twitter user here. The first 47 seconds are safe to watch and include Nash’s comment about removing Zoombombers, but the rest of the video includes the Pornhub clip that caused Nash to shut down the hearing.

There were still problems after the hearing resumed, the Tampa Bay Times wrote:

Hoping a brief pause would filter out the interrupters, Nash reopened the meeting. But users who disguised their names as CNN and BBC News resumed their interruptions.

Nash was ultimately able to rule, declining to lower the bail amount. He did, however, remove a requirement that Clark prove the legitimacy of his assets. Lawyers have said he has $3 million in Bitcoin under his control.

“Predictably, the Zoom hearing for the 17-year-old alleged Twitter hacker in Fla. was bombed multiple times, with the final bombing of a pornhub clip ending the zoom portion of the proceedings,” security reporter Brian Krebs wrote on Twitter. “How the judge in charge of the proceeding didn’t think to enable settings that would prevent people from taking over the screen is beyond me. My guess is he didn’t know he could.”

Nash said that he’ll require a password next time, according to WFLA reporter Ryan Hughes.

Source: Zoombomber crashes court hearing on Twitter hack with Pornhub video | Ars Technica

Epic Games asks court to stop Apple pulling its developer tools next week, as Apple shows exactly how monopolies operate

Posted on by

Epic Games has filed yet another lawsuit against Apple. The Fortnite developer is now suing the Cupertino-based company for allegedly retaliating against it for its other lawsuit last week. Apple has not only removed the game from the App Store but has told Epic that it will “terminate” all its developer accounts and “cut Epic off from iOS and Mac development tools” on August 28th.

According to the filing, Epic claims that Fortnite’s removal from the App Store in conjunction with the termination of the developer accounts will likely result in “irreparable harm” to Epic. The company adds that cutting off access to development tools also affects software like Unreal Engine Epic, which it offers to third-party developers and which Apple itself has never claimed to have violated any policy. Without access to the tools, the company states that it can’t develop future versions of Unreal Engine for iOS or macOS.

“Not content simply to remove Fortnite from the App Store, Apple is attacking Epic’s entire business in unrelated areas,” the lawsuit states. “Left unchecked, Apple’s actions will irreparably damage Epic’s reputation among Fortnite users and be catastrophic for the future of the separate Unreal Engine business.”

The lawsuit mentions that Apple sent Epic a letter that threatened to stop “engineering efforts to improve hardware and software performance of Unreal Engine on Mac and iOS hardware […] and adoption and support of ARKit features and future VR features into Unreal Engine by their XR team.” The latter could be alluding to future Apple AR and VR projects.

Epic says that the preliminary injunctive relief is necessary to prevent its business from being crushed before the case even goes to judgement. The proposed preliminary injunction would restrain Apple from removing and de-listing Fortnite (which the company has already done) and would prevent it from taking actions against Epic’s other titles as well as Unreal Engine.

The conflict erupted last week when Epic began offering Fortnite discounts to users who bypassed Android and iOS app stores, thus working around the 30 percent cut. Apple then removed the game from its store for violating its policies, which then prompted Epic to file a lawsuit against it. The same thing occurred with Google — Android pulled the game from its app store and Epic filed suit against Google. Epic has also posted a parody of Apple’s 1984 ad which ends with a #FreeFortnite hashtag.

Source: Epic Games asks court to stop Apple pulling its developer tools next week | Engadget

US Secret Service Bought Access to Bable Street’s Locate X Spy Tool for warrantless surveillance

Posted on by

Babel Street is a shadowy organization that offers a product called Locate X that is reportedly used to gather anonymized location data from a host of popular apps that users have unwittingly installed on their phones. When we say “unwittingly,” we mean that not everyone is aware that random innocuous apps are often bundling and anonymizing their data to be sold off to the highest bidder.

Back in March, Protocol reported that U.S. Customs and Border Protection had a contract to use Locate X and that sources inside the secretive company described the system’s capabilities as allowing a user “to draw a digital fence around an address or area, pinpoint mobile devices that were within that area, and see where else those devices have traveled, going back months.”

Protocol’s sources also said that the Secret Service had used the Locate X system in the course of investing a large credit card skimming operation. On Monday, Motherboard confirmed the investigation when it published an internal Secret Service document it acquired through a Freedom of Information Act (FOIA) request. (You can view the full document here.)

The document covers a relationship between Secret Service and Babel Street from September 28, 2017, to September 27, 2018. In the past, the Secret Service has reportedly used a seperate social media surveillance product from Babel Street, and the newly-released document totals fees paid after the addition of the Locate X license as $1,999,394.

[…]

Based on Fourth Amendment protections, law enforcement typically has to get a warrant or court order to seek to obtain Americans’ location data. In 2018, the Supreme Court ruled that cops still need a warrant to gather cellphone location data from network providers. And while law enforcement can obtain a warrant for specific cases as it seeks to view location data from a specific region of interest at a specific time, the Locate X system saves government agencies the time of going through judicial review with a next-best-thing approach.

The data brokerage industry benefits from the confusion that the public has about what information is collected and shared by various private companies that are perfectly within their legal rights. You can debate whether it’s acceptable for private companies to sell this data to each other for the purpose of making profits. But when this kind of sale is made to the U.S. government, it’s hard to argue that these practices aren’t, at least, violating the spirit of our constitutional rights.

Source: Secret Service Bought Access to Bable Street’s Locate X Spy Tool

Ed Snowden has raked in $1m+ from speeches – and Uncle Sam wants its cut, specifically, absolutely all of it

Posted on by

Edward Snowden has brought in a health $1.25m in speaking fees ever since he jumped on a plane to Hong Kong with a treasure trove of NSA secrets, a new court filing [PDF] has revealed.

The whistleblower, who exposed mass surveillance of American citizens and foreigners by the US government by handing over top-secret documents to journalists before escaping to Moscow, earns an average of $18,745 per engagement. And Uncle Sam wants it – all of it.

The Feds subpoenaed Snowden’s booking agent, American Program Bureau, based in Massachusetts, insisting on a full rundown of engagements it had booked him for. The prosecution has added the list of 67 speeches, complete with fees and clients, to its lawsuit seeking to strip Snowden of any money earned through his actions.

[…]

With the monetary value of Snowden’s speaking tours now laid out of the table, it’s hard not to imagine that Donald Trump doesn’t have a figure in mind.

The US government has already won the right to claim all royalties from Snowden’s book and speeches after a district court awarded it all proceeds. The lawyers are now trying to figure out what those sums are.

Snowden has refused formal requests to provide all relevant information about his earnings, resulting in a magistrate deciding that the government can effectively decide what he had earned. His publisher agreed to hand over royalties from his book, although not the advance it paid him to write it.

Source: Ed Snowden has raked in $1m+ from speeches – and Uncle Sam wants its cut, specifically, absolutely all of it • The Register

Amazingly though having revoked his passport you’d think they also revoked his tax paying requirements with it

Quantum paradox points to shaky foundations of reality

Posted on by

Nearly 60 years ago, the Nobel prize–winning physicist Eugene Wigner captured one of the many oddities of quantum mechanics in a thought experiment. He imagined a friend of his, sealed in a lab, measuring a particle such as an atom while Wigner stood outside. Quantum mechanics famously allows particles to occupy many locations at once—a so-called superposition—but the friend’s observation “collapses” the particle to just one spot. Yet for Wigner, the superposition remains: The collapse occurs only when he makes a measurement sometime later. Worse, Wigner also sees the friend in a superposition. Their experiences directly conflict.

Now, researchers in Australia and Taiwan offer perhaps the sharpest demonstration that Wigner’s paradox is real. In a study published this week in Nature Physics, they transform the thought experiment into a mathematical theorem that confirms the irreconcilable contradiction at the heart of the scenario. The team also tests the theorem with an experiment, using photons as proxies for the humans. Whereas Wigner believed resolving the paradox requires quantum mechanics to break down for large systems such as human observers, some of the new study’s authors believe something just as fundamental is on thin ice: objectivity. It could mean there is no such thing as an absolute fact, one that is as true for me as it is for you.

[…]

in 2018, Richard Healey, a philosopher of physics at the University of Arizona, pointed out a loophole in Brukner’s thought experiment, which Tischer and her colleagues have now closed. In their new scenario they make four assumptions. One is that the results the friends obtain are real: They can be combined with other measurements to form a shared corpus of knowledge. They also assume quantum mechanics is universal, and as valid for observers as for particles; that the choices the observers make are free of peculiar biases induced by a godlike superdeterminism; and that physics is local, free of all but the most limited form of “spooky action” at a distance.

Yet their analysis shows the contradictions of Wigner’s paradox persist. The team’s tabletop experiment, in which they created entangled photons, also backs up the paradox. Optical elements steered each photon onto a path that depended on its polarization: the equivalent of the friends’ observations. The photon then entered a second set of elements and detectors that played the role of the Wigners. The team found, again, an irreconcilable mismatch between the friends and the Wigners. What is more, they varied exactly how entangled the particles were and showed that the mismatch occurs for different conditions than in Brukner’s scenario. “That shows that we really have something new here,” Tischler says.

It also indicates that one of the four assumptions has to give. Few physicists believe superdeterminism could be to blame. Some see locality as the weak point, but its failure would be stark: One observer’s actions would affect another’s results even across great distances—a stronger kind of nonlocality than the type quantum theorists often consider. So some are questioning the tenet that observers can pool their measurements empirically. “There are facts for one observer, and facts for another; they need not mesh,” suggests study co-author and Griffith physicist Howard Wiseman. It is a radical relativism, still jarring to many. “From a classical perspective, what everyone sees is considered objective, independent of what anyone else sees,” says Olimpia Lombardi, a philosopher of physics at the University of Buenos Aires.

And then there is Wigner’s conclusion that quantum mechanics itself breaks down. Of the assumptions, it is the most directly testable, by experiments that are probing quantum mechanics on ever larger scales.

Source: Quantum paradox points to shaky foundations of reality | Science | AAAS

New Toyotas will upload data to AWS to help create custom insurance premiums based on driver behaviour, send your data to others too

Posted on by

Toyota already operates a “Mobility Services Platform” that it says helps it to “develop, deploy, and manage the next generation of data-driven mobility services for driver and passenger safety, security, comfort, and convenience”.

That data comes from a device called the “Data Communication Module” (DCM) that Toyota fits into many models in Japan, the USA and China.

Toyota reckons the data could turn into “new contextual services such as car share, rideshare, full-service lease, and new corporate and consumer services such as proactive vehicle maintenance notifications and driving behavior-based insurance.”

Toyota's connected car vision

Toyota’s connected car vision. Click to enlarge

The company has touted that vision since at least the year 2016, but precious little evidence of it turning into products is available.

Which may be why Toyota has signed with AWS for not just cloud tech but also professional services.

The two companies say their joint efforts “will help build a foundation for streamlined and secure data sharing throughout the company and accelerate its move toward CASE (Connected, Autonomous/Automated, Shared and Electric) mobility technologies.”

Neither party has specified just which bits of the AWS cloud Toyota will take for a spin but it seems sensible to suggest the auto-maker is going to need lots of storage and analytics capabilities, making AWS S3 and Kinesis likely candidates for a test drive.

Whatever Toyota uses, prepare for privacy ponderings because while cheaper car insurance sounds lovely, having an insurer source driving data from a manufacturer has plenty of potential pitfalls.

Source: Oh what a feeling: New Toyotas will upload data to AWS to help create custom insurance premiums based on driver behaviour • The Register

No, this isn’t a good thing and I hope there’s an opt out

Reviewer Calls Linux-based PinePhone ‘the Most Interesting Smartphone I’ve Tried in Years’ – only $150!

Posted on by

A review at the Android Police site calls Pine64’s new Linux-based PinePhone “the most interesting smartphone I’ve tried in years,” with 17 different operating systems available (including Fedora, Ubuntu Touch, SailfishOS, openSUSE, and Arch Linux ARM): There’s a replaceable battery, which is compatible with batteries designed for older Samsung Galaxy J7 phones. It’s good to know that even if PinePhone vanished overnight, you could still purchase new batteries for around $10-15…

There’s a microSD card slot above the SIM tray, which supports cards up to 2TB in size. While it can be used as extra storage, just like the SD slots in Android phones and tablets, it can also function as a bootable drive. If you write an operating system image to the SD card and put it in the PinePhone, the phone will boot from the SD card. This means you can move between operating systems on the PinePhone by simply swapping microSD cards, which is amazing for trying out new Linux distributions without wiping data. How great would it be if Android phones could do that?

Finally, the inside of the PinePhone has six hardware killswitches that can be manipulated with a screwdriver. You can use them to turn off the modem, Wi-Fi/Bluetooth, microphone, rear camera, front camera, and headphone jack. No need to put a sticker over the selfie camera if you’re worried about malicious software — just flip the switch and never worry about it again…. For a $150 phone produced in limited batches by a company with no previous experience in the smartphone industry, I’m impressed it’s built as well as it is…

I look forward to seeing what the community around the PinePhone can accomplish.
A Pine64 blog post this weekend touts “a boat-load of cool and innovative things” being attempted by the PinePhone community, including users working on things like a fingerprint scanner or a thermal camera, plus a community that’s 3D-printing their own custom PinePhone cases. And Pine64 has now identified three candidates for a future keyboard option (each of which can be configured as either a slide-out or clamshell keyboard): I feel like we have finally gotten into a good production rhythm; it was only last month we announced the postmarketOS Community Edition of the PinePhone, and this month I am here to tell you that the factory will deliver the phones to us at the end of this month… I don’t know about you, but I think that this is a rather good production pace. At the time of writing, and based on current sale rates, the postmarketOS production-run will sell out in a matter of days…

Source: Reviewer Calls Linux-based PinePhone ‘the Most Interesting Smartphone I’ve Tried in Years’ – Slashdot

Trump admits he’s blocking cash to postal services to stop mail-in votes

Posted on by

President Donald Trump frankly acknowledged Thursday that he’s starving the U.S. Postal Service of money in order to make it harder to process an expected surge of mail-in ballots, which he worries could cost him the election.In an interview on Fox Business Network, Trump explicitly noted two funding provisions that Democrats are seeking in a relief package that has stalled on Capitol Hill. Without the additional money, he said, the Postal Service won’t have the resources to handle a flood of ballots from voters who are seeking to avoid polling places during the coronavirus pandemic.“If we don’t make a deal, that means they don’t get the money,” Trump told host Maria Bartiromo. “That means they can’t have universal mail-in voting; they just can’t have it.”Trump’s statements, including the false claim that Democrats are seeking universal mail-in voting, come as he is searching for a strategy to gain an advantage in his November matchup against Joe Biden. He’s pairing the tough Postal Service stance in congressional negotiations with an increasingly robust mail-in -voting legal fight in states that could decide the election.

Source: Trump admits he’s blocking postal cash to stop mail-in votes