The Linkielist

Linking ideas with the world

The Linkielist

Windows’ Recall Spyware Is Back—Here’s How to Control It

Posted on by

Remember Recall? It’s been close to full trip around the sun since Microsoft announced then suddenly pulled its AI-powered, auto-screenshotting “photographic memory” software for Copilot+ PCs. Whether you want it or not, the feature is coming back, and you should be prepared for it not just if you’re planning to use it, but if you imagine any of your friends, family, or coworkers plan to use it too.

Microsoft’s latest blog about the Windows Insider build KB5055627 includes the note that Recall is rolling out “gradually” to beta users over the coming weeks. Like what Microsoft first showed off in May 2024, Recall automatically screenshots most apps, webpages, or documents you’re on. The system catalogues all these screenshots then uses on-device AI to parse what’s on each screenshot

[…]

Microsoft originally recalled Recall  when security experts found glaring, obvious holes in the software that let any user with access to the PC read the AI’s excerpts. The program had no qualms about screenshotting bank accounts, social security numbers, or any other sensitive information. Microsoft returned Recall to the drawing board, and now users need to enroll in Windows Hello biometric or PIN security to access the screenshots. Users can also pause screenshots or filter out certain apps or specific webpages (though only for Edge, Firefox, Opera, and Chrome browsers). That may not be foolproof, as reports from late last year showed Recall failed to detect when it was looking at bank info. It will be up to users to ensure every sensitive page they visit is on the no-go list.

Microsoft Recall Windows Security 2
© Microsoft

Users will choose whether to enable or disable Recall the first time they startup their device with the new update. To disable it, you need to search “Turn Windows features on or off” in the Windows 11 taskbar, then uncheck Recall.

[…]

This is where some security-focused Windows users are especially concerned. You can tell Recall to gather dust alongside all the other pre-installed Windows apps, but that doesn’t mean your less-tech literate family member will. Security blogger Em pointed out in a Mastodon post (via Ars Technica) if you send that family member any photos or sensitive information, they could be scraping everything you text or email them, including family photos or passwords, and you wouldn’t even know it.

[…]

Source: Windows’ Controversial Recall Is Back—Here’s How to Control It

Electronic Waste Graveyard

Posted on by

Increasingly, we’re pushed to trash tech that should still work, such as Chromebooks, phones, and smart home devices, just because the software has expired or lost support. This database lists more than 100 tech products that have stopped working after manufacturers dropped support. It calculates the total weight of all these dead devices which have joined the 68 million tons of electronic waste disposed of each year.

When software expires, or web cloud services end, consumers and schools are pushed to replace devices that should still work.

[…]

We estimate a minimum of 130 million pounds of electronic waste has been created by expired software and canceled cloud services since 2014.

[…]

Source: Electronic Waste Graveyard

This is not just Chromebooks, Windows 10 machines, Apple laptops and mobile phones, this is doorbells, sous vide cookers, tooth brushes, fitness trackers, VR displays, nightlights, and many many more.

Germany’s ‘Universal Basic Income’ Experiment Proves It Doesn’t Encourage Unmployment

Posted on by

People “are likely to continue working full-time even if they receive no-strings-attached universal basic income payments,” reports CNN, citing results from a recent experiment in Germany (discussed on Slashdot in 2020): Mein Grundeinkommen (My Basic Income), the Berlin-based non-profit that ran the German study, followed 122 people for three years. From June 2021 to May 2024, this group received an unconditional sum of €1,200 ($1,365) per month. The study focused on people aged between 21 and 40 who lived alone and already earned between 1,100 euros (around $1,250) and 2,600 euros ($2,950) a month. They were free to use the extra money from the study on anything they wanted. Over the course of three years, the only condition was that they had to fill out a questionnaire every six months that asked about different areas of their lives, including their financial situation, work patterns, mental well-being and social engagement.

One concern voiced by critics is that receiving a basic income could make people less inclined to work. But the Grundeinkommen study suggests that may not be the case at all. It found that receiving a basic income was not a reason for people to quit their jobs. On average, study participants worked 40 hours a week and stayed in employment — identical to the study’s control group, which received no payment. “We find no evidence that people love doing nothing,” Susann Fiedler, a professor at the Vienna University of Economics and Business who was involved with the study, said on the study’s website.

Unlike the control group, those receiving a basic income were more likely to change jobs or enroll in further education. They reported greater satisfaction in their working life — and were “significantly” more satisfied with their income…

And can more money buy happiness? According to the study, the recipients of a basic income reported feeling that their lives were “more valuable and meaningful” and felt a clear improvement in their mental health.

Source: Germany’s ‘Universal Basic Income’ Experiment Proves It Doesn’t Encourage Unmployment

Quasicrystals found to increase the strength of 3D-printed metal

Posted on by

[…] The alloy formed under the extreme conditions of metal 3D printing, a new way to make metal parts. Understanding this aluminum on the atomic scale will enable a whole new category of 3D-printed parts such as airplane components, heat exchangers and car chassis. It will also open the door to research on new aluminum alloys that use quasicrystals for strength.

What Are Quasicrystals?

Quasicrystals are like ordinary crystals but with a few key differences.

A traditional crystal is any solid made of atoms or molecules in repeating patterns. Table salt is a common crystal, for example. Salt’s atoms connect to make cubes, and those microscopic cubes connect to form bigger cubes that are large enough to see with the naked eye.

There are only 230 possible ways for atoms to form repeating crystal patterns. Quasicrystals don’t fit into any of them. Their unique shape lets them form a pattern that fills the space, but never repeats.

[…]

How Does Metal 3D Printing Work?

There are a few different ways to 3D-print metals, but the most common is called “powder bed fusion.” It works like this: Metal powder is spread evenly in a thin layer. Then a powerful laser moves over the powder, melting it together. After the first layer is finished, a new layer of powder is spread on top and the process repeats. One layer at a time, the laser melts the powder into a solid shape.

3D printing creates shapes that would be impossible with any other method. For example, in 2015 GE designed fuel nozzles for airplane engines that could only be made with metal 3D printing.

[…]

One of the limitations of metal 3D printing is that it only works with a handful of metals. “High-strength aluminum alloys are almost impossible to print,” says NIST physicist Fan Zhang, a co-author on the paper. “They tend to develop cracks, which make them unusable.”

Why Is It Hard to Print Aluminum?

Normal aluminum melts at temperatures of around 700 degrees C. The lasers in a 3D printer must raise the temperature much, much higher: past the metal’s boiling point, 2,470 degrees C. This changes a lot of the properties of the metal, particularly since aluminum heats up and cools down faster than other metals.

In 2017, a team at HRL Laboratories, based in California, and UC Santa Barbara discovered a high-strength aluminum alloy that could be 3D printed. They found that adding zirconium to the aluminum powder prevented the 3D-printed parts from cracking, resulting in a strong alloy.

[…]

The NIST team wanted to know what made this metal so strong. Part of the answer, it turned out, was quasicrystals.

How Do Quasicrystals Make Aluminum Stronger?

In metals, perfect crystals are weak. The regular patterns of perfect crystals make it easier for the atoms to slip past each other. When that happens, the metal bends, stretches or breaks. Quasicrystals break up the regular pattern of the aluminum crystals, causing defects that make the metal stronger.

[…]

“Now that we have this finding, I think it will open up a new approach to alloy design,” says Zhang. “We’ve shown that quasicrystals can make aluminum stronger. Now people might try to create them intentionally in future alloys.”

Story Source:

Materials provided by National Institute of Standards and Technology (NIST). Note: Content may be edited for style and length.

Source: Rare crystal shape found to increase the strength of 3D-printed metal | ScienceDaily

Zeiss Smart glass windows would beam in-flight info over scenic views

Posted on by

[…] According to an announcement earlier this month, Zeiss wants to upgrade commercial jets with touch-free holographic Multifunctional Smart Glass systems.

The new technology is on display from April 8-10 during the Aircraft Interiors Expo  2025 in Hamburg, Germany. The company wants to move beyond the showroom floor and into more planes within the coming years.

Concept art showing private plane cabin with transparent smart glass divider showing flight route
The smart glass may also help lighten a plane’s overall weight. Credit: Zeiss

To create transparent glass like an airplane window, Zeiss relies on a combination of micro-optical structures and holographic optical components, depending on the need. This may take the form of windows that display flight information, geographical orientation, and moving maps for commercial plane passengers. Smart glass panes–instead of opaque cabin section dividers–could also become interactive digital surfaces through the use of touchless holographic “buttons” that respond to motion using ultraviolet- and infrared-based sensors.

However, one of the system’s biggest features isn’t seen—it’s felt. According to Zeiss, swapping out existing heavy physical dividers and bulky display tools with multifunctional smart glass can cut down on a plane’s overall weight. The lighter the plane, the less fuel it generally uses, leading to cheaper overall operating costs and less pollution.

Zeiss isn’t restricting its holographic smart glass to airplane cabins, either. The company is already testing augmented reality HUD cockpit displays that reduce the need for pilots to look away from their surroundings. To accomplish this, the smart glass relies on infrared and microwave camera sensors to capture environmental data and transmit them directly onto a pilot’s field of vision.

“The multiple detection systems help pilots, crew and (semi-)automated assistance systems monitor various tasks inside and outside the aircraft,” the company explains on its website.

The technology could serve as an invaluable tool during low-visibility situations such as evening flights, fog, and inclement weather. Future uses could also include turning an entire cockpit window into a single, augmented reality HUD display. Doing so may also minimize collision risks, as well as unnecessary holding patterns and flight diversions.

Source: Smart glass windows would beam in-flight info over scenic views | Popular Science

UK Effort to Keep Apple Encryption Fight Secret Is Blocked

Posted on by

A court has blocked a British government attempt to keep secret a legal case over its demand to access Apple Inc. user data in a victory for privacy advocates.

The UK Investigatory Powers Tribunal, a special court that handles cases related to government surveillance, said the authorities’ efforts were a “fundamental interference with the principle of open justice” in a ruling issued on Monday.

The development comes after it emerged in January that the British government had served Apple with a demand to circumvent encryption that the company uses to secure user data stored in its cloud services.

Apple challenged the request, while taking the unprecedented step of removing its advanced data protection feature for its British users. The government had sought to keep details about the demand — and Apple’s challenge of it — from being publicly disclosed.

[…]

Source: UK Effort to Keep Apple Encryption Fight Secret Is Blocked

UK finally gets around to banning fake reviews and ‘sneaky’ fees for online products

Posted on by

The United Kingdom has banned “outrageous fake reviews and sneaky hidden fees” to make life easier for online shoppers. New measures under the Digital Markets, Competition, and Consumer Act 2024 came into force on Sunday that require online platforms to transparently include all mandatory fees within a product’s advertised price, including booking or admin charges.

The law targets so-called “dripped pricing,” in which additional fees — like platform service charges — are dripped in during a customer’s checkout process to dupe them into paying a higher price than expected. The ban “aims to bring to an end the shock that online shoppers get when they reach the end of their shopping experience only to find a raft of extra fees lumped on top,” according to Justin Madders, the UK’s Minister for Employment Rights, Competition and Markets.

The legislation will apply to things like food delivery services and ticket booking platforms, requiring that obligatory delivery and administration fees be baked into the overall price or clearly displayed at the start of the checkout process. Optional fees, however, such as those applied to choosing airline seats or upgrading luggage allowances, will be unaffected.

The new rules also ban businesses from using or commissioning fake reviews in an attempt to artificially inflate online ratings. Website providers are responsible for moderating their online reviews. According to CMA guidance, “anyone who publishes or provides access to consumer reviews or consumer review information” will be under obligation to take “reasonable and proportionate steps” to remove and prevent fake reviews, or face an infringement investigation. The UK’s Competition and Markets Authority (CMA) can impose fines for non-compliance of up to 10 percent of a company’s annual global turnover.

Source: UK bans fake reviews and ‘sneaky’ fees for online products | The Verge

In the EU these practices have been banned for years

EU action to protect consumers from ‘junk fees’

Answer given by Mr Reynders on behalf of the European Commission (2023)

China launches HDMI and DisplayPort alternative — GPMI boasts up to 192 Gbps bandwidth, 480W power delivery

Posted on by

The Shenzhen 8K UHD Video Industry Cooperation Alliance, a group made up of more than 50 Chinese companies, just released a new wired media communication standard called the General Purpose Media Interface or GPMI. This standard was developed to support 8K and reduce the number of cables required to stream data and power from one device to another. According to HKEPC, the GPMI cable comes in two flavors — a Type-B that seems to have a proprietary connector and a Type-C that is compatible with the USB-C standard.

Because 8K has four times the number of pixels of 4K and 16 times more pixels than 1080p resolution, it means that GPMI is built to carry a lot more data than other current standards. There are other variables that can impact required bandwidth, of course, such as color depth and refresh rate. The GPMI Type-C connector is set to have a maximum bandwidth of 96 Gbps and deliver 240 watts of power. This is more than double the 40 Gbps data limit of USB4 and Thunderbolt 4, allowing you to transmit more data on the cable. However, it has the same power limit as that of the latest USB Type-C connector using the Extended Power Range (EPR) standard.

Standard Bandwidth Power Delivery
DisplayPort 2.1 UHBR20 80 Gbps No Power
GPMI Type-B 192 Gbps 480W
GPMI Type-C 96 Gbps 240W
HDMI 2.1 FRL 48 Gbps No Power
HDMI 2.1 TMDS 18 Gbps No Power
Thunderbolt 4 40 Gbps 100W
USB4 40 Gbps 240W

GPMI Type-B beats all other cables, though, with its maximum bandwidth of 192 Gbps and power delivery of up to 480 watts. While still not a level where you can use it to power your RTX 5090 gaming PC through your 8K monitor, it’s still more than enough for many gaming laptops with a high-end discrete graphics. This will simplify the desk setup of people who prefer a portable gaming computer, since you can use one cable for both power and data. Aside from that, the standard also supports a universal control standard like HDMI-CEC, meaning you can use one remote control for all appliances that connect via GPMI and use this feature.

The only widely used video transmission standards that also deliver power right now are USB Type-C (Alt DP/Alt HDMI) and Thunderbolt connections. However, this is mostly limited to monitors, with many TVs still using HDMI. If GPMI becomes widely available, we’ll soon be able to use just one cable to build our TV and streaming setup, making things much simpler.

Source: China launches HDMI and DisplayPort alternative — GPMI boasts up to 192 Gbps bandwidth, 480W power delivery | Tom’s Hardware

Meta gets caught gaming AI benchmarks with Llama 4

Posted on by

tl;dr – Meta did a VW by using a special version of their AI which was optimised to score higher on the most important metric for AI performance.

Over the weekend, Meta dropped two new Llama 4 models: a smaller model named Scout, and Maverick, a mid-size model that the company claims can beat GPT-4o and Gemini 2.0 Flash “across a broad range of widely reported benchmarks.”

Maverick quickly secured the number-two spot on LMArena, the AI benchmark site where humans compare outputs from different systems and vote on the best one. In Meta’s press release, the company highlighted Maverick’s ELO score of 1417, which placed it above OpenAI’s 4o and just under Gemini 2.5 Pro. (A higher ELO score means the model wins more often in the arena when going head-to-head with competitors.)

[…]

In fine print, Meta acknowledges that the version of Maverick tested on LMArena isn’t the same as what’s available to the public. According to Meta’s own materials, it deployed an “experimental chat version” of Maverick to LMArena that was specifically “optimized for conversationality,” TechCrunch first reported.

[…]

A spokesperson for Meta, Ashley Gabriel, said in an emailed statement that “we experiment with all types of custom variants.”

“‘Llama-4-Maverick-03-26-Experimental’ is a chat optimized version we experimented with that also performs well on LMArena,” Gabriel said. “We have now released our open source version and will see how developers customize Llama 4 for their own use cases. We’re excited to see what they will build and look forward to their ongoing feedback.”

[…]

”It’s the most widely respected general benchmark because all of the other ones suck,” independent AI researcher Simon Willison tells The Verge. “When Llama 4 came out, the fact that it came second in the arena, just after Gemini 2.5 Pro — that really impressed me, and I’m kicking myself for not reading the small print.”

[…]

Source: Meta gets caught gaming AI benchmarks with Llama 4 | The Verge

Don’t open that file in WhatsApp for Windows just yet – there is no check if it’s not just a renamed .exe

Posted on by

A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment – and, to be fair, it doesn’t take much craft to pull that off.

The spoofing flaw, tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior to 2.2450.6, and stems from a bug in how the app handles file attachments.

Specifically, WhatsApp displays attachments based on their MIME type – the metadata meant to indicate what kind of file it is – but when a user opens the file, the app hands it off based on its filename extension instead. That means something disguised as a harmless image with the right MIME type but ending in .exe could be executed as a program – if the user clicks it.

“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” WhatsApp’s parent company Meta explained in its security advisory.

[…]

Make sure you’re running a version of WhatsApp for Windows higher than 2.2450.6 to be safe.

[…]

Source: Don’t open that file in WhatsApp for Windows just yet • The Register

Boeing 787 radio software patch didn’t work, says Qatar, it still turns itself off and changes frequencies by itself.

Posted on by

Boeing issued a software safety patch for the VHF radio systems used on its 787 aircraft, and the update turned out to be ineffective, Qatar Airways has complained.

In February, the US Department of Transportation issued an advisory [PDF] about a problem with the aircraft’s electronics that was causing VHF radio traffic to unexpectedly switch between active and standby mode. In practice, this means pilots constantly have to check their radio settings to make sure all messages from air traffic control are received, and multiple cases of this unwanted switching have been reported.

“The FAA has received reports indicating that VHF radio frequencies transfer between the active and standby windows of the TCP [tuning control panel] without flightcrew input,” the dept said.

“The flightcrew may not be aware of uncommanded frequency changes and could fail to receive air traffic control communications. This condition, if not addressed, could result in missed communications such as amended clearances and critical instructions for changes to flight path and consequent loss of safe separation between aircraft, collision, or runway incursion.”

Boeing issued a free software fix to stop the mode changes and, according to Uncle Sam, the update will take 90 minutes to install with an estimated labor cost of $127.50 per aircraft, with 157 US airplanes reportedly vulnerable. The problem affects 787-8, 787-9, and 787-10 aircraft.

The unsafe condition still exists on airplanes

America’s aviation watchdog the FAA has asked for feedback from airlines by April 14 on the situation, and Qatar Airways isn’t waiting that long. It has already warned the patch isn’t working as it should: The radios still change mode without warning.

“Qatar Airways flight crew are still reporting similar issues from post-mod airplanes. [Qatar Airways] already reported the events to Boeing/Collins aerospace for further investigation and root cause determination,” the airline said.

“As of now, Qatar believes that the issue is not completely addressed, and the unsafe condition still exists on airplanes.”

Neither Qatar, Boeing, or the FAA representative were available for comment on the issue. Collins is a software provider for Boeing.

Source: Boeing 787 radio software patch didn’t work, says Qatar • The Register

Speech now streaming from brains in real-time, code open sourced

Posted on by

Described in a paper published in Nature Neuroscience this week, the neuroprosthesis is intended to allow patients with severe paralysis and anarthria – loss of speech – to communicate by turning brain signals into synthesized words.

“Our streaming approach brings the same rapid speech decoding capacity of devices like Alexa and Siri to neuroprostheses,” said Gopala Anumanchipalli – assistant professor of electrical engineering and computer sciences at University of California, Berkeley and co-principal investigator of the study, done in conjunction with UC San Francisco – in a statement.

“Using a similar type of algorithm, we found that we could decode neural data and, for the first time, enable near-synchronous voice streaming. The result is more naturalistic, fluent speech synthesis.”

The project improves on work published in 2023 by reducing the latency to decode thought and turn it into speech, which at the time took about eight seconds to produce a sentence.

As demonstrated in this video, below, the new process works roughly 8x faster, operating in near real-time.

It begins by reading the patient’s electrical brain signals after the intent to speak has been formed but before the thought has produced a vocal muscle response.

“We are essentially intercepting signals where the thought is translated into articulation and in the middle of that motor control,” said co-lead author Cheol Jun Cho, UC Berkeley PhD student in electrical engineering and computer sciences, in a statement.

“So what we’re decoding is after a thought has happened, after we’ve decided what to say, after we’ve decided what words to use and how to move our vocal-tract muscles.”

The neuroprosthesis works by passing 80ms chunks of electrocorticogram (ECoG) data through a neural encoder and then using a deep learning recurrent neural network transducer model to convert brain signals to sounds. The researchers used a recording of the patient’s pre-injury voice to make the model’s output sound more like natural speech.

While this particular neuroprosthesis requires a direct electrical connection to the brain, the researchers believe their approach is generalizable to other interfaces, including surgically implanted microelectrode arrays (MEAs) and non-invasive surface electromyography (SEMG).

The work builds on research funded by Facebook that the social media biz abandoned four years ago to pursue more market-friendly SEMG wrist sensors. Edward Chang, chair of neurosurgery at the UCSF, who oversaw the Facebook-funded project is the senior co-principal investigator of this latest study.

Code for the Streaming Brain2Speech Decoder has been posted to GitHub, in case anyone is looking to reproduce the researchers’ results.

Source: Speech now streaming from brains in real-time • The Register

Unique Study Is Latest to Show Shingles Vaccine Can Help Prevent Dementia

Posted on by

[…] Scientists at Stanford University led the research, published in Nature. They compared people born before and after they were eligible to take the shingles vaccine in a certain part of the UK, finding that vaccinated people were 20% less likely to be diagnosed with dementia over a seven year period. More research is needed to understand and confirm this link, but the findings suggest shingles vaccination can become a cost-effective preventative measure against dementia.

[…]

the researchers took advantage of a natural experiment that occurred in Wales, UK, over a decade ago. In September 2013, a shingles vaccination program officially began in Wales, with a well-defined age eligibility. People born on or after September 2, 1933 (80 years and under) were eligible for at least one year for the shingles vaccine, whereas people born before then were not.

The clear cutoff date (and the UK’s well-maintained electronic health records) meant that the researchers could easily track dementia rates across the two groups born before or after September 1933. And because the people in these groups were so close together in age, they also shared many other factors in common that could potentially affect dementia risk, such as how often they saw doctors regularly. This divide, in other words, allowed the researchers to study older people in Wales during this time in a manner similar to a randomized trial.

The researchers analyzed the health records of 280,000 residents born between 1925 and 1942. As expected, many vaccine-eligible people immediately took advantage of the new program: 47% of people born after the first week of the eligibility date were vaccinated, while practically no one born before the cutoff date received the vaccine, the researchers noted.

All in all, the researchers calculated that shingles vaccination in Wales was associated with a 20% decline in people’s relative risk of developing dementia over a seven-year period (in absolute terms, people’s risk of dementia dropped by 3.5%). They also analyzed data from England, where a similar cutoff period was enacted, and found the same pattern of reduced dementia risk (and deaths related to dementia) among those vaccinated against shingles.

[…]

“For the first time, we now have evidence that likely shows a cause-and-effect relationship between shingles vaccination and dementia prevention,” Geldsetzer said. “We find these protective effects to be large in size—substantially larger than those of existing pharmacological tools for dementia.”

There are still unanswered aspects about this link. Researchers aren’t sure exactly why the vaccine seems to lower dementia risk, for instance. Some but not all studies have suggested that herpes zoster and other germs that linger in our bodies can overtly cause or worsen people’s dementia, so the vaccine might be having a direct preventative effect there. But it’s also possible the vaccine is triggering changes in the immune system that more broadly keep the brain sharper, and that other vaccines could do the same as well.

Importantly, this latest study only looked at the earlier Zostavax vaccine, which has largely been replaced by the more effective Shingrix vaccine. This might mean that the results seen here are an underestimate of the benefits people can expect today. Just last July, for instance, a study from researchers in the UK found evidence that the Shingrix vaccine reduced people’s risk of dementia noticeably more than Zostavax. This finding, if further supported, would also support the idea that the herpes zoster virus is contributing to dementia.

[…]

Source: Unique Study Is Latest to Show Shingles Vaccine Can Help Prevent Dementia

Using the Earth’s atmosphere as a global sensor shows promise

Posted on by

AtmoSense, which began in late 2020, set out to understand the fundamentals of energy propagation from the Earth’s surface to the ionosphere to determine whether the atmosphere can be used as a sensor. A fundamental science effort, AtmoSense aimed to measure acoustic and electromagnetic waves propagating through the atmosphere to see if they could provide clues about the nature, location, and size of a disturbance event that occurred on Earth. Precisely locating illicit underground explosions by a rogue nation or identifying other national security-relevant events could be done in the future just by using signals detected and modeled from the atmosphere. The open-source tools developed under AtmoSense may be the first step toward “reading” — from extended distances — information contained in atmospheric waves propagating from an event happening anywhere in the world.

Benefits for a range of computationally complex problems

“High-resolution surface-to-space simulation of acoustic waves was considered impossible before the program began, but we accomplished it,” said Michael “Orbit” Nayak, DARPA AtmoSense program manager. “We used to call the ionosphere the ‘ignorosphere,’ but AtmoSense made some key interdisciplinary breakthroughs to address what used to be a massively intractable problem. We can now model across six orders of magnitude, in 3D, what happens to the energy emanating from a small, meters-scale disturbance as it expands up into the atmosphere to propagate over thousands of kilometers, and potentially around the world.”

[…]

An unplanned discovery: SpaceX Falcon 9 re-entries detected

Following one of the New Mexico test-range detonations in 2024, a performer team noticed something unusual in their analysis of sensor data.

“As the team was looking at the data, they saw a huge drop in what’s called total electron content that puzzled them,” Nayak said. “Imagine that you have water going through a hose. That’s a flow of electrons, and if you put your fist in front of the hose, you’ll notice a significant drop in water volume coming out of the hose.”

In preparing to analyze their field test data, the team noticed a similar sizable dip in the electron content compared to the background electron readings at a specific location in the atmosphere. As they did more forensics, they correlated the disturbance to a SpaceX Falcon 9 re-entry that happened the same day of the detonation test. Their sensor data had unexpectedly captured the SpaceX reentry into the atmosphere, resulting in the specific drop in electron content.

“Then they decided to pull other SpaceX reentry data, across dozens of launches, to see if they could spot a similar electron drop,” Nayak said. “The phenomenon is highly repeatable. We discovered an unplanned new technique for identifying objects entering the earth’s atmosphere.” The Embry-Riddle University team, led by Jonathan Snively and Matt Zettergren, in collaboration with Pavel Inchin of Computational Physics, Inc., have submitted their novel results for peer-reviewed publication.

[…]

Source: Using the Earth’s atmosphere as a global sensor shows promise | DARPA

EU: These are scary times – let’s backdoor encryption and make everyone unsafe!

Posted on by

The EU has shared its plans to ostensibly keep the continent’s denizens secure – and among the pages of bureaucratese are a few worrying sections that indicate the political union wants to backdoor encryption by 2026, or even sooner.

While the superstate has made noises about backdooring encryption before, the ProtectEU plan [PDF], launched on Monday, says the European Commission wants to develop a roadmap to allow “lawful and effective access to data for law enforcement in 2025” and a technology roadmap to do so by the following year.

“We are working on a roadmap now, and we will look at what is technically also possible,” said Henna Virkkunen, executive vice-president of the EC for tech sovereignty, security and democracy. “The problem is now that our law enforcement, they have been losing ground on criminals because our police investigators, they don’t have access to data,” she added.

“Of course, we want to protect the privacy and cyber security at the same time; and that’s why we have said here that now we have to prepare a technical roadmap to watch for that, but it’s something that we can’t tolerate, that we can’t take care of the security because we don’t have tools to work in this digital world.”

She claimed that in “85 percent” of police cases, law enforcement couldn’t access the data it needed. The proposal is to amend the existing Cybersecurity Act to allow these changes. You can watch the response below.

According to the document, the EC will set up a Security Research & Innovation Campus at its Joint Research Centre in 2026 to, somehow, work out the technical details. Since it’s impossible to backdoor encryption in a way that can’t be potentially exploited by others, it seems a very odd move to make if security’s your goal.

China, Russia, and the US certainly would spend a huge amount of time and money to find the backdoor. Even American law enforcement has given up on the cause of backdooring, although the UK still seems to be wedded to the idea.

In the meantime, for critical infrastructure (and presumably government communications), the EC wants to deploy quantum cryptography across the state. They want to get this in place by 2030 at the latest.

[…]

Source: EU: These are scary times – let’s backdoor encryption! • The Register

Proton may roll away from the Swiss

The EC’s not alone in proposing changes to privacy – new laws outlined in Switzerland could force privacy-focused groups such as Proton out of the country.

Under today’s laws, police can obtain data from services like Proton if they can get a court order for some crimes. But under the proposed laws a court order would not be required and that means Proton would leave the country, said cofounder Andy Yen.

“Swiss surveillance would be significantly stricter than in the US and the EU, and Switzerland would lose its competitiveness as a business location,” Proton’s cofounder told Swiss title Der Bund. “We feel compelled to leave Switzerland if the partial revision of the surveillance law planned by the Federal Council comes into force.”

The EU keeps banging away at this. They tried in 2018, 2020, 2021, 2023, 2024. And fortunately they keep getting stopped by people with enough brains to realise that you cannot have a safe backdoor. For security to be secure it needs to be unbreakable.

https://www.linkielist.com/?s=eu+encryption

 

T-Mobile SyncUP Bug Reveals Names, Images, and Locations of Random Children

Posted on by

T-Mobile sells a little-known GPS service called SyncUP, which allows users who are parents to monitor the locations of their children. This week, an apparent glitch in the service’s system obscured the locations of users’ own children while sending them detailed information and the locations of other, random children.

404 Media first reported on the extremely creepy bug, which appears to have impacted a large number of users. The outlet notes an outpouring of consternation and concern from web users on social platforms like Reddit and X, many of which claimed to have been impacted. 404 also interviewed one specific user, “Jenna,” who explained her ordeal with the bug:

Jenna, a parent who uses SyncUP to keep track of her three-year-old and six-year-old children, logged in Tuesday and instead of seeing if her kids had left school yet, was shown the exact, real-time locations of eight random children around the country, but not the locations of her own kids. 404 Media agreed to use a pseudonym for Jenna to protect the privacy of her kids.

“I’m not comfortable giving my six-year-old a phone, but he takes a school bus and I just want to be able to see where he is in real time,” Jenna said. “I had put a 500 meter boundary around his school, so I get an alert when he’s leaving.”

Jenna sent 404 Media a series of screenshots that show her logged into the app, as well as the locations of children located in other states. In the screenshots, the address-level location of the children are available, as is their name and the last time the location was updated.

Even more alarmingly, the woman interviewed by 404 claims that the company didn’t show much concern for the bug. “Jenna” says she called the company and was referred to an employee who told her that a ticket had been filed in the system on the issue’s behalf. A follow-up email from the concerned mother produced no response, she said.

[…]

When reached for comment by Gizmodo, a T-Mobile spokesperson told us: “Yesterday we fully resolved a temporary system issue with our SyncUP products that resulted from a planned technology update. We are in the process of understanding potential impacts to a small number of customers and will reach out to any as needed. We apologize for any inconvenience.”

The privacy implications of such a glitch are obvious and not really worth extrapolating on. That said, it’s also a good reminder that the more digital access you give a company, the more potential there is for that access to fall into the wrong hands.

Source: T-Mobile Bug Reveals Names, Images, and Locations of Random Children

Wealthy Americans have death rates on par with poor Europeans

Posted on by

It’s well-established that, on the whole, Americans die younger than people in most other high-income countries. For instance, an analysis from 2022 found that the average life expectancy of someone born in Switzerland or Spain in 2019 was 84 years. Meanwhile, the average US life expectancy was 78.8, lower than nearly all other high-income countries, including Canada’s, which was 82.3 years. And this was before the pandemic, which only made things worse for the US.

[…]

It is true that money buys you a longer life in the US. In fact, the link between wealth and mortality may be stronger in the US than in any other high-income country. But, if you think American wealth will put life expectancy in league with Switzerland, you’re dead wrong, according to a study in the latest issue of the New England Journal of Medicine.

A stark finding

The study, led by researchers at Brown University, found that the wealthiest Americans lived shorter lives than the wealthiest Europeans. In fact, wealthy Northern and Western Europeans had death rates 35 percent lower than the wealthiest Americans, whose lifespans were more like the poorest in Northern and Western Europe—which includes countries such as France, the Netherlands, and Switzerland.

“The findings are a stark reminder that even the wealthiest Americans are not shielded from the systemic issues in the US contributing to lower life expectancy, such as economic inequality or risk factors like stress, diet or environmental hazards,” lead study author Irene Papanicolas, a professor of health services, policy and practice at Brown, said in a news release.

The study looked at health and wealth data of more than 73,000 adults across the US and Europe who were 50 to 85 years old in 2010. There were more than 19,000 from the US, nearly 27,000 from Northern and Western Europe, nearly 19,000 from Eastern Europe, and nearly 9,000 from Southern Europe. For each region, participants were divided into wealth quartiles, with the first being the poorest and the fourth being the richest. The researchers then followed participants until 2022, tracking deaths.

The US had the largest gap in survival between the poorest and wealthiest quartiles compared to European countries. America’s poorest quartile also had the lowest survival rate of all groups, including the poorest quartiles in all three European regions.

While less access to health care and weaker social structures can explain the gap between the wealthy and poor in the US, it doesn’t explain the differences between the wealthy in the US and the wealthy in Europe, the researchers note. There may be other systemic factors at play that make Americans uniquely short-lived, such as diet, environment, behaviors, and cultural and social differences.

“If we want to improve health in the US, we need to better understand the underlying factors that contribute to these differences—particularly amongst similar socioeconomic groups—and why they translate to different health outcomes across nations,” Papanicolas said.

Source: Wealthy Americans have death rates on par with poor Europeans – Ars Technica

NSA warns about “fast flux” – cycling IP addresses quickly lets attackers keep attacking

Posted on by

[…] fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure. It also provides redundancy. By the time defenders block one address or domain, new ones have already been assigned.

[…]

A key means for achieving this is the use of Wildcard DNS records. These records define zones within the Domain Name System, which map domains to IP addresses. The wildcards cause DNS lookups for subdomains that do not exist, specifically by tying MX (mail exchange) records used to designate mail servers. The result is the assignment of an attacker IP to a subdomain such as malicious.example.com, even though it doesn’t exist.

Fast flux comes in two variations. Single flux creates DNS A records or AAAA records to map a single domain to many IPv4 or IPv6 addresses, respectively. Here’s a diagram illustrating the structure.

 

 

Double flux provides an additional layer of obfuscation and resiliency by, in addition to changing IP addresses, cycling through the DNS name servers used in domain lookups. Defenders have observed double flux using both Name Server (NS) and Canonical Name (CNAME) DNS records. Here’s an illustration of the technique.

 

 

“Both techniques leverage a large number of compromised hosts, usually as a botnet from across the Internet that acts as proxies or relay points, making it difficult for network defenders to identify the malicious traffic and block or perform legal enforcement takedowns of the malicious infrastructure,”

[…]

Source: NSA warns “fast flux” threatens national security. What is fast flux anyway? – Ars Technica

Yes.. And there’s a solution for this one too. Use DNS Pinning on your local DNS resolvers.

Web browsers themselves had to look at this a number of decades ago due to DNS Rebinding Attacks [wikipedia.org]. And the answer I’m pretty sure was to Pin DNS records whose TTL was less than 10 minutes or so to make sure DNS records will be cached for a minimum length of time, even if the TTL has been configured less.

You can handle this on your organization’s DNS servers as well:

For example; if your DNS resolver is Unbound, then set the cache-min-ttl to 24 hours.

cache-min-ttl: seconds
Time to live minimum for RRsets and messages in the cache. If the minimum kicks in, the data is cached for longer than the domain owner intended, and thus less queries are made to look up the data. Zero makes sure the data in the cache is as the domain owner intended, higher values, especially more than an hour or so, can lead to trouble as the data in the cache does not match up with the actual data any more.

Then the “fast flux” attackers can’t be so effective against your infrastructure. Because the DNS records are pinned upon the first lookup.
At least they won’t be able to use DNS for their fast flux network in this case – if your DNS resolvers’ policy prevents fast flux.

Source: Re:It’s been ages (Score:5, Informative)

Scientists pioneer method to tackle PFAS ‘forever chemicals’

Posted on by

Rice University researchers have developed an innovative solution to a pressing environmental challenge: removing and destroying per- and polyfluoroalkyl substances (PFAS), commonly called “forever chemicals.” A study led byJames Tour, the T.T. and W.F. Chao Professor of Chemistry and professor of materials science and nanoengineering, and graduate student Phelecia Scotland unveils a method that not only eliminates PFAS from water systems but also transforms waste into high-value graphene, offering a cost-effective and sustainable approach to environmental remediation. This research was published March 31 in Nature Water.

[…]

“Our method doesn’t just destroy these hazardous chemicals; it turns waste into something of value,” Tour said. “By upcycling the spent carbon into graphene, we’ve created a process that’s not only environmentally beneficial but also economically viable, helping to offset the costs of remediation.”

The research team’s process employs flash joule heating (FJH) to tackle these challenges. By combining granular activated carbon (GAC) saturated with PFAS and mineralizing agents like sodium or calcium salts, the researchers applied a high voltage to generate temperatures exceeding 3,000 degrees Celsius in under one second. The intense heat breaks down the strong carbon-fluorine bonds in PFAS, converting them into inert, nontoxic fluoride salts. Simultaneously, the GAC is upcycled into graphene, a valuable material used in industries ranging from electronics to construction.

The research results yielded more than 96% defluorination efficiency and 99.98% removal of perfluorooctanoic acid (PFOA), one of the most common PFAS pollutants. Analytical tests confirmed that the reaction produced undetectable amounts of harmful volatile organic fluorides, a common byproduct of other PFAS treatments. The method also eliminates the secondary waste associated with traditional disposal methods such as incineration or adding spent carbon to landfills.

[…]

The implications of this research extend beyond PFOA and perfluorooctane sulfonic acid, the two most studied PFAS; it even works on the most recalcitrant PFAS type, Teflon R. The high temperatures achieved during FJH suggest that this method could degrade a wide range of PFAS compounds, paving the way for broader water treatment and waste management applications. The FJH process can also be tailored to produce other valuable carbon-based materials, including carbon nanotubes and nanodiamonds, further enhancing its versatility and economic appeal.

“With its promise of zero net cost, scalability and environmental benefits, our method represents a step forward in the fight against forever chemicals,” Scotland said

[…]

Source: Scientists pioneer method to tackle ‘forever chemicals’ | ScienceDaily

Indiana security prof and wife vanish after FBI raid

Posted on by

A tenured computer security professor at Indiana University and his university-employed wife have not been seen publicly since federal agents raided their homes late last week.

On Friday, the FBI with help from the cops searched two properties in Bloomington and Carmel, Indiana, belonging to Xiaofeng Wang, a professor at the Indiana Luddy School of Informatics, Computing, and Engineering – who’s been with the American university for more than 20 years – and Nianli Ma, a lead library systems analyst and programmer also at the university.

The university has removed the professor’s profile from its website, while the Indiana Daily Student reports Wang was axed the same day the Feds swooped. It’s said the college learned the professor had taken a job at a university in Singapore, leading to the boffin’s termination by his US employer. Ma’s university profile has also vanished.

“I can confirm the FBI Indianapolis office conducted court authorized activity at homes in Carmel and Bloomington, Indiana last Friday,” the FBI told The Register. “We have no further comment at this time.”

“The Bloomington Police Department was requested to simply assist with scene security while the FBI conducted court authorized law enforcement activity at the residence,” the police added to The Register, also declining to comment further.

Reading between the lines, Prof Wang and his spouse may not necessarily be in custody, and that the Feds may have raided their homes while one or both of the couple were away and possibly already abroad. According to the student news outlet, the professor hasn’t been seen for roughly the past two weeks.

Prof Wang earned his PhD in electrical and computer engineering from Carnegie Mellon University in 2004 and joined Indiana Uni that same year. Since then, he’s become a well respected member of the IT security community, publishing extensively on Apple security, e-commerce fraud, and adversarial machine learning.

Over the course of his academic career – starting in the 1990s with computer science degrees from universities in Nanjing and Shanghai, China – Prof Wang has led research projects with funding exceeding $20 million. He was named a fellow of the IEEE in 2018, the American Association for the Advancement of Science in 2022, and the Association for Computing Machinery in 2023. He reportedly pocketed more than $380,000 in salaries in 2024, while his wife was paid $85,000.

According to neighbors in Carmel, agents arrived around 0830 on March 28, announcing: “FBI, come out!” Agents were seen removing boxes of evidence and photographing the scene.

“Indiana University was recently made aware of a federal investigation of an Indiana University faculty member,” the institution told us.

“At the direction of the FBI, Indiana University will not make any public comments regarding this investigation. In accordance with Indiana University practices, Indiana University will also not make any public comments regarding the status of this individual.”

While US Immigration and Customs Enforcement, aka ICE, has recently made headlines for detaining academic visa holders, among others, there’s no indication the agency was involved in the Indiana raids. That suggests the investigation likely goes beyond immigration matters.

Context

It wouldn’t be the first time foreign academics have come under federal scrutiny. During Trump’s first term, the Department of Justice launched the so-called “China Initiative,” aimed at uncovering economic espionage and IP theft by researchers linked to China.

The effort was widely seen as a failure, with over 50 percent of investigations dropped, some professors wrongly accused, and a few were ultimately found guilty of nothing more than hoarding pirated porn.

The initiative was also widely criticized as counterproductive, prompting an exodus of Chinese researchers from the US and pushing some American-based scientists to relocate to the Chinese mainland. History has seen this movie before: During the 1950s Red Scare, America booted prominent rocket scientist Qian Xuesen over suspected communist ties. He went on to become the architect of China’s missile and space programs — a move that helped Beijing get its intercontinental ballistic missiles, aka ICBMs.

Wang and Ma are still incommunicado, and presumed innocent. Fellow academics in the security industry have pointed out this kind of action is highly unusual. Matt Blaze, Tor Project board member and the McDevitt Chair of Computer Science and Law at Georgetown University, pointed out that to disappear from the university’s records, archived here, is “especially concerning.”

“It’s hard to imagine what reason there could be for the university to scrub its website as if he never worked there,” Blaze said on Mastodon.

“While there’s a process for removing tenured faculty, it takes more than an afternoon to do it.”

Source: Indiana security prof and wife vanish after FBI raid • The Register

Windows 11 is closing a loophole that let you skip making a Microsoft account

Posted on by

Microsoft is no longer playing around when it comes to requiring every Windows 11 device be set up with an internet-connected account. In its latest Windows 11 Insider Preview, the company says it will take out a well-known bypass script that let end users skip the requirement of connecting to the internet and logging in with a Microsoft account to get through the initialization process of a new PC.

As reported by Windows Central, Microsoft already requires users to connect to the internet, but there’s a way to bypass it: the bypassnro command. For those setting up computers for businesses or secondary users, or simply, on principle refuse to link their computer to a Microsoft account, the command is super simple to activate during the Windows setup process.

Microsoft cites security as one reason it’s making this change:

We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11. This change ensures that all users exit setup with internet connectivity and a Microsoft Account.

Since the bypassnro command is disabled in the latest beta build, it will likely be pushed to production versions within weeks. All hope is not yet lost, as of right now the script can be reactivated with a registry edit by opening a command prompt during the initial setup (Press Shift + F10) and running the command:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f shutdown /r /t 0”

However, there’s no guarantee Microsoft will allow this additional workaround for long. There are other workarounds as well, such as using the unattended.xml automation that lets you skip the initial setup “out-of-box experience.” It’s not straightforward, though, but it makes more sense for IT departments setting up multiple computers.

As of late, Microsoft has been making it harder for people to upgrade to Windows 11 while also nudging them to move on from Windows 10, which will lose support in October. The company is cracking down on the ability to install Windows 11 on older PCs that don’t support TPM 2.0, and hounding you with full-screen ads to buy a new PC. Microsoft even removed the ability to install Windows 11 with old product keys.

Source: Windows 11 is closing a loophole that let you skip making a Microsoft account | The Verge

I don’t want a cloud based user account to run an OS on my own PC.

Scientists May Have Discovered How To Extract Power From the Earth’s Rotation

Posted on by

No more burning fossil fuels, playing with fissile material, damming rivers, erecting wind mills, or making solar panels. All of our energy needs could potentially be supplied by the angular kinetic energy of the Earth — and because of the mass of the planet, doing so would slow its rotation down by a mere 7ms per century. [Which is similar to speed changes caused by natural phenomena such as the Moon’s pull and changing dynamics inside the planet’s core.”]

Normally this would be considered impossible as the Earth’s large and uniform field does not induce a current in conductors, but researchers believe that a hollow cylinder of manganese, zinc and iron can alter the interaction with our planetary magnetic field and allow the extraction of energy from it. So far, the results are positive but still below the level where they cannot be explained by multiple possible causes of experimental error. Further research is required to confirm the effect.
“The effect was identified only in a carefully crafted device and generated just 17 microvolts,” reports Scientific American, “a fraction of the voltage released when a single neuron fires — making it hard to verify that some other effect isn’t causing the observations.”

But if another group can verify the results, the experiment’s lead says the next logical step is trying to scale up the device to generate a useful amount of energy.

Source: Scientists May Have Discovered How To Extract Power From the Earth’s Rotation

Over a million private photos from MAD Mobile dating apps exposed online

Posted on by

Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.

Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove.

These services are used by an estimated 800,000 to 900,000 people.

M.A.D Mobile was first warned about the security flaw on 20 January but didn’t take action until the BBC emailed on Friday.

They have since fixed it but not said how it happened or why they failed to protect the sensitive images.

woman in red bondage outfit
This is one of the photos that anyone could have accessed. We have cropped the face and blurred it to enhance privacy

Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services.

He was shocked that he could access the unencrypted and unprotected photos without any password.

[…]

In an email M.A.D Mobile said it was grateful to the researcher for uncovering the vulnerability in the apps to prevent a data breach from occurring.

But there’s no guarantee that Mr Nazarovas was the only hacker to have found the image stash.

“We appreciate their work and have already taken the necessary steps to address the issue,” a M.A.D Mobile spokesperson said. “An additional update for the apps will be released on the App Store in the coming days.”

The company did not respond to further questions about where the company is based and why it took months to address the issue after multiple warnings from researchers.

Usually security researchers wait until a vulnerability is fixed before publishing an online report, in case it puts users at further risk of attack.

But Mr Nazarovas and his team decided to raise the alarm on Thursday while the issue was still live as they were concerned the company was not doing anything to fix it.

[…]

In 2015 malicious hackers stole a large amount of customer data about users of Ashley Madison, a dating website for married people who wish to cheat on their spouse.

Source: Over a million private photos from dating apps exposed online

Meniscus injuries may soon be treated by customizable hydrogel

Posted on by

Meniscus tears are common knee injuries that have long frustrated patients and doctors due to limited repair options.A new 3D-printed hydrogel made from cow meniscus could transform how these injuries heal, according to results of a pre-clinical study published in Bioactive Materials. from researchers in the Perelman School of Medicine at the University of Pennsylvania.

The meniscus is a complex structure that serves as a critical shock absorber in the knee. and one-size-fits-all treatments aren’t always effective. Through creating a treatment adaptable to the different needs of patients, the researchers believe they may have unlocked a better fix no matter where the injury occurs in a meniscus.

“We developed a hydrogel that can be adjusted based on the patient’s age and the stiffness requirements of the injured tissue, which is important because the meniscus has different biochemical and biomechanical properties that vary depending upon the location in the tissue,” said the study’s senior author, Su Chin Heo, PhD, an assistant professor of Orthopaedic Surgery in the McKay Orthopaedic Research Lab at Penn. “Current treatments, including graft-base methods, do not fully recreate these complex differences, leading to poor healing.”

[…]

“In our animal studies, we’ve seen the hydrogel integrate well with the surrounding tissue, potentially offering patients a more complete recovery,” said the study’s first author Se-Hwan Lee, PhD, a post-doctoral fellow in the McKay Lab. “It’s a more precise, biologically matched solution. We believe this could outperform current treatments.”

The team is now transitioning from small mammal studies to large animal models.

“Our first clinical goal will be to treat smaller, localized meniscus tears,” Heo said. “Once we have success there, I believe we could expand to more complex injuries in the meniscus.”

[…]

Source: Meniscus injuries may soon be treated by customizable hydrogel | ScienceDaily

Your TV is watching you watch and selling that data

Posted on by

[…]Your TV wants your data

The TV business traditionally included three distinct entities. There’s the hardware, namely the TV itself; the entertainment, like movies and shows; and the ads, usually just commercials that interrupt your movies and shows. In the streaming era, tech companies want to control all three, a setup also known as vertical integration. If, say, Roku makes the TV, supplies the content, and sells the ads, then it stands to control the experience, set the rates, and make the most money. That’s business!

Roku has done this very well. Although it was founded in 2002, Roku broke into the market in 2008 after Netflix invested $6 million in the company to make a set-top box that enabled any TV to stream Netflix content. It was literally called the Netflix Player by Roku. Over the course of the next 15 years, Roku would grow its hardware business to include streaming sticks, which are basically just smaller set-top-boxes; wireless soundbars, speakers, and subwoofers; and after licensing its operating system to third-party TV makers, its own affordable, Roku-branded smart TVs

[…]

The shift toward ad-supported everything has been happening across the TV landscape. People buy new TVs less frequently these days, so TV makers want to make money off the TVs they’ve already sold. Samsung has Samsung Ads, LG has LG Ad Solutions, Vizio has Vizio Ads, and so on and so forth. Tech companies, notably Amazon and Google, have gotten into the mix too, not only making software and hardware for TVs but also leveraging the massive amount of data they have on their users to sell ads on their TV platforms. These companies also sell data to advertisers and data brokers, all in the interest of knowing as much about you as possible in the interest of targeting you more effectively. It could even be used to train AI.

[…]

Is it possible to escape the ads?

Breaking free from this ad prison is tough. Most TVs on the market today come with a technology called automatic content recognition (ACR) built in. This is basically Shazam for TV — Shazam itself helped popularize the tech — and gives smart TV platforms the ability to monitor what you’re watching by either taking screenshots or capturing audio snippets while you’re watching. (This happens at the signal level, not from actual microphone recordings from the TV.)

Advertisers and TV companies use ACR tech to collect data about your habits that are otherwise hard to track, like if you watch live TV with an antenna. They use that data to build out a profile of you in order to better target ads. ACR also works with devices, like gaming consoles, that you plug into your TV through HDMI cables.

Yash Vekaria, a PhD candidate at UC Davis, called the HDMI spying “the most egregious thing we found” in his research for a paper published last year on how ACR technology works. And I have to admit that I had not heard of ACR until I came across Vekaria’s research.

[…]

Unfortunately, you don’t have much of a choice when it comes to ACR on your TV. You probably enabled the technology when you first set up your TV and accepted its privacy policy. If you refuse to do this, a lot of the functions on your TV won’t work. You can also accept the policy and then disable ACR on your TV’s settings, but that could disable certain features too. In 2017, Vizio settled a class-action lawsuit for tracking users by default. If you want to turn off this tracking technology, here’s a good guide from Consumer Reports that explains how for most types of smart TVs.

[…]

it does bug me, just on principle, that I have to let a tech company wiretap my TV in order to enjoy all of the device’s features.

[…]

Source: Roku’s Moana 2 controversy is part of a bigger ad problem | Vox