Startup insurance provider Lemonade is trying to make the best of a sour situation after T-Mobile parent Deutsche Telekom claimed it owns the exclusive rights to the color magenta.
New York-based Lemonade is a 3-year-old company that lives completely online and mostly focuses on homeowners and renter’s insurance. The company uses a similar color to magenta — it says it’s “pink” — in its marketing materials and its website. But Lemonade was told by German courts that it must cease using its color after launching its services in that country, which is also home to T-Mobile owner Deutsche Telekom. Although the ruling only applies in Germany, Lemonade says it fears the decision will set a precedent and expand to other jurisdictions such as the U.S. or Europe.
“If some brainiac at Deutsche Telekom had invented the color, their possessiveness would make sense,” Daniel Schreiber, CEO and co-founder of Lemonade, said in a statement. “Absent that, the company’s actions just smack of corporate bully tactics, where legions of lawyers attempt to hog natural resources – in this case a primary color—that rightfully belong to everyone.”
A spokesman for Deutsche Telekom confirmed that it “asked the insurance company Lemonade to stop using the color magenta in the German market,” while adding that the “T” in “Deutsche Telekom” is registered to the brand. “Deutsche Telekom respects everyone’s trademark rights but expects others to do the same,” the spokesman said in an emailed statement to Ad Age.
Although Lemonade has complied with the ruling by removing its pink color from marketing materials in Germany, it’s also trying to turn the legal matter into an opportunity. The company today began throwing some shade in social media under the hashtag “#FreeThePink,” though a quick check on Twitter shows it’s gained little traction thus far: Schreiber, the company’s CEO, holds the top tweet under “#FreeThePink” with 13 retweets and 42 likes.
Lemonade also filed a motion today with the European Union Intellectual Property Office, or EUIPO, to invalidate Deutsche Telekom’s magenta trademark.
Facebook on Tuesday disclosed that as many as 100 software developers may have improperly accessed user data, including the names and profile pictures of people in specific groups on the social network.
The company recently discovered that some apps retained access to this type of user data despite making changes to its service in April 2018 to prevent this, Facebook said in a blog post. The company said it has removed this access and reached out to 100 developer partners who may have accessed the information. Facebook said that at least 11 developer partners accessed this type of data in the last 60 days.
“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” the company said in the blog post.
The company did not say how many users were affected.
Facebook has been restricting software developer access to its user data following reports in March 2018 that political consulting firm Cambridge Analytica had improperly accessed the data of 87 million Facebook users, potentially to influence the outcome of the 2016 U.S. presidential election.
A Boeing whistleblower has claimed that passengers on its 787 Dreamliner could be left without oxygen if the cabin were to suffer a sudden decompression.
John Barnett says tests suggest up to a quarter of the oxygen systems could be faulty and might not work when needed.
He also claimed faulty parts were deliberately fitted to planes on the production line at one Boeing factory.
Boeing denies his accusations and says all its aircraft are built to the highest levels of safety and quality.
The firm has come under intense scrutiny in the wake of two catastrophic accidents involving another one of its planes, the 737 Max – the Ethiopian Airlines crash in March and Lion Air disaster in Indonesia last year.
Mr Barnett, a former quality control engineer, worked for Boeing for 32 years, until his retirement on health grounds in March 2017.
[…]
In 2016, he tells the BBC, he uncovered problems with emergency oxygen systems. These are supposed to keep passengers and crew alive if the cabin pressurisation fails for any reason at altitude. Breathing masks are meant to drop down from the ceiling, which then supply oxygen from a gas cylinder.
Without such systems, the occupants of a plane would rapidly be incapacitated. At 35,000ft, (10,600m) they would be unconscious in less than a minute. At 40,000ft, it could happen within 20 seconds. Brain damage and even death could follow.
Although sudden decompression events are rare, they do happen. In April 2018, for example, a window blew out of a Southwest Airlines aircraft, after being hit by debris from a damaged engine. One passenger sitting beside the window suffered serious injuries and later died as a result – but others were able to draw on the emergency oxygen supplies and survived unharmed.
[…]
Mr Barnett says that when he was decommissioning systems which had suffered minor cosmetic damage, he found that some of the oxygen bottles were not discharging when they were meant to. He subsequently arranged for a controlled test to be carried out by Boeing’s own research and development unit.
This test, which used oxygen systems that were “straight out of stock” and undamaged, was designed to mimic the way in which they would be deployed aboard an aircraft, using exactly the same electric current as a trigger. He says 300 systems were tested – and 75 of them did not deploy properly, a failure rate of 25%
Mr Barnett says his attempts to have the matter looked at further were stonewalled by Boeing managers. In 2017, he complained to the US regulator, the FAA, that no action had been taken to address the problem. The FAA, however, said it could not substantiate that claim, because Boeing had indicated it was working on the issue at the time.
Last month was the hottest ever October on record globally, according to data released Friday by the Copernicus Climate Change Service, an organization that tracks global temperatures. The month, which was reportedly 1.24 degrees Fahrenheit warmer than the average October from 1981-2010, narrowly beat October 2015 for the top spot.
According to Copernicus, most of Europe, large parts of the Arctic and the eastern U.S. and Canada were most affected. The Middle East, much of Africa, southern Brazil, Australia, eastern Antarctica and Russia also experienced above-average temperatures.
Parts of tropical Africa and Antarctica and the western U.S. and Canada felt much colder than usual, however.
A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.
The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States.
The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses, which can be used to identify users. The logs also included users’ private chat messages with other users, as well as promotional emails they were receiving from the various sites. The logs even included failed login attempts, storing usernames and passwords in plaintext. We did not test the credentials as doing so would be unlawful.
None of the data was encrypted.
The exposed data also revealed which videos users were watching and renting, exposing kinks and private sexual preferences.
In all, the logs were detailed enough to see which users were logging in, from where, and often their email addresses or other identifiable information — which in some cases we could match to real-world identities.
Not only were users affected, the “camgirls” — who broadcast sexual content to viewers — also had some of their account information exposed.
Dutch Filmworks demanded the subscriber data linked to 377 IP adresses they determined illegally downloaded a movie. The judge said no, due to a complete lack of transparency by DFW on how their decision tree works and the amount of money they want to fine the suspects.
It only Tuesday, but more than 11,000 scientists around the world have come together to declare a climate emergency. Their paper, published Tuesday in the journal Bioscience, lays out the science behind this emergency and solutions for how we can deal with it.
Scientists aren’t the first people to make this declaration. A tribal nation in the Canadian Yukon, the U.K., and parts of Australia have all come to the same grim conclusion. In the U.S., members of Congress have pushed the federal government to do the same, but y’know, we got Donald Trump. Ain’t shit happening with this fool in office. Anyway, this proclamation from scientists is significant because they’re not doing it out of a political agenda or as an emotional outcry. They’re declaring a climate emergency because the science supports it.
The signatories, who come from 153 countries, note that societies have taken little action to prevent climate disaster. It’s been business as usual, despite scientific consensus that burning fossil fuels and driving cars is gravely harming the environment—you know, the environment we all have to live in for the foreseeable future. Greenhouse gas emissions continue to enter the atmosphere, and if we don’t stop quickly, we’re doomed.
Click “Activity controls” from the left-hand sidebar.
Scroll down to the data type you wish to manage, then select “Manage Activity.”
On this next page, click on “Choose how long to keep” under the calendar icon.
Select the auto-deletion time you wish (three or 18 months), or you can choose to delete your data manually.
Click “Next” to save your changes.
Repeat these steps for each of the types of data you want to be auto-deleted. For your Location History in particular, you’ll need to click on “Today” in the upper-left corner first, and then click on the gear icon in the lower-right corner of your screen. Then, select “Automatically delete Location History,” and pick a time.
The vast majority of technology, media and telecom (TMT) companies want to monetise customer data, but are concerned about regulations such as Europe’s GDPR, according to research from law firm Simmons & Simmons.
The outfit surveyed 350 global business leaders in the TMT sector to understand their approach to data commercialisation. It found that 78 per cent of companies have some form of data commercialisation in place but only 20 per cent have an overarching plan for its use.
Alex Brown, global head of TMT Sector at Simmons & Simmons, observed that the firm’s clients are increasingly seeking advice on the legal ways they can monetise data. He said that can either be for internal use, how to use insights into customer behaviour to improve services, or ways to sell anonymised data to third parties.
One example of data monetisation within the sector is Telefónica’s Smart Steps business, which uses “fully anonymised and aggregated mobile network data to measure and compare the number of people visiting an area at any time”.
That information is then sold on to businesses to provide insight into their customer base.
Brown said: “All mobile network operators know your location because the phone is talking to the network, so through that they know a lot about people’s movement. That aggregated data could be used by town planners, transport networks, retailers work out best place to site new store.”
However, he added: “There is a bit of a data paralysis at the moment. GDPR and what we’ve seen recently in terms of enforcement – albeit related to breaches – and the Google fine in France… has definitely dampened some innovation.”
Earlier this year France’s data protection watchdog fined Google €50m for breaching European Union online privacy rules, the biggest penalty levied against a US tech giant. It said Google lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personalised ads.
But Brown pointed out that as long as privacy policies are properly laid out and the data is fully anonymised, companies wanting to make money off data should not fall foul of GDPR.
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
The implications of injecting unauthorized voice commands vary in severity based on the type of commands that can be executed through voice. As an example, in our paper we show how an attacker can use light-injected voice commands to unlock the victim’s smart-lock protected home doors, or even locate, unlock and start various vehicles.
Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming.
NFC beaming works via an internal Android OS service known as Android Beam. This service allows an Android device to send data such as images, files, videos, or even apps, to another nearby device using NFC (Near-Field Communication) radio waves, as an alternative to WiFi or Bluetooth.
Typically, apps (APK files) sent via NFC beaming are stored on disk and a notification is shown on screen. The notification asks the device owner if he wants to allow the NFC service to install an app from an unknown source.
But, in January this year, a security researcher named Y. Shafranovich discovered that apps sent via NFC beaming on Android 8 (Oreo) or later versions would not show this prompt. Instead, the notification would allow the user to install the app with one tap, without any security warning.
While the lack of one prompt sounds unimportant, this is a major issue in Android’s security model. Android devices aren’t allowed to install apps from “unknown sources” — as anything installed from outside the official Play Store is considered untrusted and unverified.
US mega-retailer Best Buy will switch off the “smart” portion of its Insignia-branded smart home gadgets this coming Wednesday, rendering them just plain old dumb gear.
Folks who’ve bought these soon-to-be-internet-less Internet-of-Things gizmos can apply for some money back in the form of a gift card, though a full refund is off the cards, literally.
“As the Insignia Connect platform will be discontinued on November 6, 2019, this process will determine your eligibility for compensation for your eligible Insignia Connect products,” Best Buy stated on its webpage about the shutdown. An FAQ with more details is here.
“The compensation will not be a full refund of your product, and will be determined by product type.”
The affected Insigna Connect line includes smart power plugs, in-wall light switches, security cameras, and a God-damn freezer. Yes, a freezer. Being Wi-Fi-connected, these devices can be remote-controlled via an iOS or Android smartphone app, allowing you to turn lights off and on, monitor power usage, schedule stuff to turn on, view camera footage, and so on, wherever you are. They can also be directed via Amazon’s voice-powered assistant Alexa or Google Assistant.
However, when the Insigna line’s backend systems are shut down for good, and the phone apps withdrawn, on Wednesday, this gear will degrade to normal non-smart stuff. Crucially, though, the camera will be completely useless – and the footage inaccessible from the apps by the time you read this – and while the NS-SP1XM8 smart plug with metering will work with Apple’s Home app, via HomeKit, the other plugs will just be normal plugs.
a recent experiment by Microsoft Japan suggests with a 4-day workweek we may be more productive if we work less.
In particular, it shows that a shorter workweek can actually impact productivity positively.
In August this year, Microsoft Japan ran an experiment where for one month they had a 3 day weekend, taken Friday off. This was paid leave and did not impact the worker’s usual vacation allocation.
Some results were predictable.
Workers were happier and took 25.4 percent fewer days off during the month.
There were also savings from spending less time at work. 23.1 percent less electricity was used and 58.7 percent fewer pages were printed.
More importantly from a bottom-line standpoint, however, productivity went up 39.9%, as fewer and shorter meetings were held, often virtually rather than in person.
In the end, the project had 92.1 percent employee approval, suggesting workers were happy with getting more done in less time.
The trial involved 2,300 employees, and Microsoft is looking to repeat it next summer.
The new standard will work as an extension to TLS, a cryptographic protocol that underpins the more widely-known HTTPS protocol, used for loading websites inside browsers via an encrypted connection.
The TLS Delegate Credentials extension was specifically developed for large website setups, such as Facebook, or for website using content delivery networks (CDNs), such as Cloudflare.
How TLS Delegate Credentials works
For example, a big website like Facebook has thousands of servers spread all over the world. In order to support HTTPS traffic on all, Facebook has to place a copy of its TLS certificate private key on each one.
This is a dangerous setup. If an attacker hacks one server and steals the TLS private key, the attacker can impersonate Facebook servers and intercept user traffic until the stolen certificate expires.
The same thing is also valid with CDN services like Cloudflare. Anyone hosting an HTTPS website on Cloudflare’s infrastructure must upload their TLS private key to Cloudflare’s service, which then distributes it to thousands of servers across the world.
The TLS Delegate Credentials extension allows site owners to create short-lived TLS private keys (called delegated credentials) that they can deploy to these multi-server setups, instead of the real TLS private key.
The delegated credentials can live up to seven days and can be rotated automatically once they expire.
The most important security improvement that comes with this new TLS extension is that if — in the worst-case scenarios — an attacker does manage to hack a server, the stolen private key (actually a delegated credential) won’t work for more than a few days, rather than weeks, months, or even a year, as it does now.
You can read more in-depth technical explanations about the new TLS Delegated Credentials extensions on the Facebook, Mozilla, and Cloudflare blogs.
The IETF draft specification is available here. TLS Delegated Credentials will be compatible with the TLS protocol v1.3 and later.
Using some relatively inexpensive and readily available technology you can find at any well-stocked electronics store, Alaina Gassler, a 14-year-old inventor from West Grove, Pennsylvania, came up with a clever way to eliminate the blind spot created by the thick pillars on the side of a car’s windshield.
[…]
Her solution involves installing an outward-facing webcam on the outside of a vehicle’s windshield pillar, and then projecting a live feed from that camera onto the inside of that pillar. Custom 3D-printed parts allowed her to perfectly align the projected image so that it seamlessly blends with what a driver sees through the passenger window and the windshield, essentially making the pillar invisible.
Her invention was part of a project called “Improving Automobile Safety by Removing Blind Spots,” which Gassler presented at this year’s Society for Science and the Public’s Broadcom MASTERS (Math, Applied Science, Technology, and Engineering for Rising Stars) science and engineering competition.
As many as 2,000 users of NordVPN, the virtual private network service that recently disclosed a server hack that leaked crypto keys, have fallen victim to credential-stuffing attacks that allow unauthorized access to their accounts.
In recent weeks, credentials for NordVPN users have circulated on Pastebin and other online forums. They contain the email addresses, plain-text passwords, and expiration dates associated with NordVPN user accounts.
I received a list of 753 credentials on Thursday and polled a small sample of users. The passwords listed for all but one were still in use. The one user who had changed their password did so after receiving an unrequested password reset email. It would appear someone who gained unauthorized access was trying to take over the account. Several other people said their accounts had been accessed by unauthorized people.
Over the past week, breach notification service Have I Been Pwned has reported at least 10 lists of NordVPN credentials similar to the one I obtained.
While it’s likely that some accounts are listed in multiple lists, the number of user accounts easily tops 2,000. What’s more, a large number of the email addresses in the list I received weren’t indexed at all by Have I Been Pwned, indicating that some compromised credentials are still leaking into public view. Most of the Web pages that host these credentials have been taken down, but at the time this post was going live, at least one remained available on Pastebin, despite the fact Ars brought it to NordVPN’s attention more than 17 hours earlier.
Without exception, all of the plain-text passwords are weak. In some cases, they’re the string of characters to the left of the @ sign in the email address. In other cases, they’re words found in most dictionaries. Others appear to be surnames, sometimes with two or three numbers tacked onto the end. These common traits mean that the most likely way these passwords became public is through credential stuffing. That’s the term for attacks that take credentials divulged in one leak to break into other accounts that use the same username and password. Attackers typically use automated scripts to carry out these attacks.
Crouchley’s idea, which just won second place in the annual 3M Young Scientist Challenge, is to build pneumatic tubes next to existing train tracks.
Magnetic shuttles would travel through these vacuum tubes, connected via magnetic arm to trains traveling on the existing tracks.
This system would utilize current train tracks, thereby cutting infrastructure costs and, Crouchley says, eradicating the potential safety risk posed by propelling passengers in a vacuum.
There’d be no need for trains to use diesel or electric motors, making the trains lighter and more fuel-efficient.
This is important to Crouchley, who aims to devise active solutions to the climate crisis.
“I pinpointed transportation as something I wanted to work on because if we can make trains more efficient, then we can eliminate the amount of cars, trucks and buses on the road,” Crouchley tells CNN Travel.
Real world inspiration
[…]
“Hyperloop is very high risk,” says Crouchley.
“My design can be less expensive and more efficient than current train technology that’s out there already. It’s also safer than Hyperloop.
My design can rely on 100% renewable energy, so it eliminates the need for a diesel engine or an electric motor, which makes the train lighter, so it can move faster.”
A confidential Sidewalk Labs document from 2016 lays out the founding vision of the Google-affiliated development company, which included having the power to levy its own property taxes, track and predict people’s movements and control some public services.
The document, which The Globe and Mail has seen, also describes how people living in a Sidewalk community would interact with and have access to the space around them – an experience based, in part, on how much data they’re willing to share, and which could ultimately be used to reward people for “good behaviour.”
Known internally as the “yellow book,” the document was designed as a pitch book for the company, and predates Sidewalk’s relationship and formal agreements with Toronto by more than a year. Peppered with references to Disney theme parks and noted futurist Buckminster Fuller, it says Sidewalk intended to “overcome cynicism about the future.”
But the 437-page book documents how much private control of city services and city life Google parent company Alphabet Inc.’s leadership envisioned when it created the company,
[…]
“The ideas contained in this 2016 internal paper represent the result of a wide-ranging brainstorming process very early in the company’s history,” Sidewalk spokesperson Keerthana Rang said. “Many, if not most, of the ideas it contains were never under consideration for Toronto or discussed with Waterfront Toronto and governments. The ideas that we are actually proposing – which we believe will achieve a new model of inclusive urban growth that makes housing more affordable for families, creates new jobs for residents, and sets a new standard for a healthier planet – can all be found at sidewalktoronto.ca.”
[…]
To carry out its vision and planned services, the book states Sidewalk wanted to control its area much like Disney World does in Florida, where in the 1960s it “persuaded the legislature of the need for extraordinary exceptions.” This could include granting Sidewalk taxation powers. “Sidewalk will require tax and financing authority to finance and provide services, including the ability to impose, capture and reinvest property taxes,” the book said. The company would also create and control its own public services, including charter schools, special transit systems and a private road infrastructure.
Sidewalk’s early data-driven vision also extended to public safety and criminal justice.
The book mentions both the data-collection opportunities for police forces (Sidewalk notes it would ask for local policing powers similar to those granted to universities) and the possibility of “an alternative approach to jail,” using data from so-called “root-cause assessment tools.” This would guide officials in determining a response when someone is arrested, such as sending someone to a substance abuse centre. The overall criminal justice system and policing of serious crimes and emergencies would be “likely to remain within the purview of the host government’s police department,” however.
Data collection plays a central role throughout the book. Early on, the company notes that a Sidewalk neighbourhood would collect real-time position data “for all entities” – including people. The company would also collect a “historical record of where things have been” and “about where they are going.” Furthermore, unique data identifiers would be generated for “every person, business or object registered in the district,” helping devices communicate with each other.
There would be a quid pro quo to sharing more data with Sidewalk, however. The document describes a tiered level of services, where people willing to share data can access certain perks and privileges not available to others. Sidewalk visitors and residents would be “encouraged to add data about themselves and connect their accounts, either to take advantage of premium services like unlimited wireless connectivity or to make interactions in the district easier,” it says.
Shoshana Zuboff, the Harvard University professor emerita whose book The Age of Surveillance Capitalism investigates the way Alphabet and other big-tech companies are reshaping the world, called the document’s revelations “damning.” The community Alphabet sought to build when it launched Sidewalk Labs, she said, was like a “for-profit China” that would “use digital infrastructure to modify and direct social and political behaviour.”
While Sidewalk has since moved away from many of the details in its book, Prof. Zuboff contends that Alphabet tends to “say what needs be said to achieve commercial objectives, while specifically camouflaging their actual corporate strategy.”
[…]
hose choosing to remain anonymous would not be able to access all of the area’s services: Automated taxi services would not be available to anonymous users, and some merchants might be unable to accept cash, the book warns.
The document also describes reputation tools that would lead to a “new currency for community co-operation,” effectively establishing a social credit system. Sidewalk could use these tools to “hold people or businesses accountable” while rewarding good behaviour, such as by rewarding a business’s good customer service with an easier or cheaper renewal process on its licence.
This “accountability system based on personal identity” could also be used to make financial decisions.
“A borrower’s stellar record of past consumer behaviour could make a lender, for instance, more likely to back a risky transaction, perhaps with the interest rates influenced by digital reputation ratings,” it says.
The company wrote that it would own many of the sensors it deployed in the community, foreshadowing a battle over data control that has loomed over the Toronto project.
Though this somewhat-new “xHelper” malware has affected a low number of Android users so far (around 45,000, estimates Symantec), the fact that nobody has any clear advice on how to remove it is a worrisome fact. While the odds are good that you won’t get hit with this malware, given its low installation rate so far—even though it’s been active since March—you should still know what it does and how to (hopefully) avoid it.
As Malwarebytes describes, xHelper starts by concealing itself as a regular app by spoofing legitimate apps’ package names. Once it’s on your device, you’re either stuck with a “semi-stealth” version, which drops an xHelper icon blatantly in your notifications—but no app or shortcut icons—or a “full-stealth” version, which you’ll only notice if you visit Settings > Apps & notifications > App Info (or whatever the navigation is on your specific Android device) and scroll down to see the installed “xHelper” app.
What does xHelper do?
Thankfully, xHelper isn’t destructive malware in the sense that it’s not recording your passwords, credit card data, or anything else you’re doing on your device and sending it off to some unknown attacker. Instead, it simply spams you with pop-up advertisements on your device and annoying notifications that all try to get you to install more apps from Google Play—presumably how the xHelper’s authors are making cash from the malware.
The dark side, as reported by ZDNet, is that xHelper can allegedly download and install apps on your behalf. It doesn’t appear to be doing so at the moment, but if this were to happen—coupled with the app’s mysterious ability to persist past uninstallations and factory resets—would be a huge backdoor for anyone affected by the malware.
Wait, I can’t uninstall it?
Yep. This is the insidious part of xHelper. Neither Symantec nor Malwarebytes have any good recommendations for getting this malware off your device once it’s installed, as the mechanisms it uses to persist past a full factory reset of your device are unknown.
A new lithium-ion battery design makes it possible for electric vehicle drivers to charge their cars and hit the road in as little as ten minutes, according to a new study.
The quick charge gives drivers up to 200 miles per ten minute charge while maintaining 2,500 charging cycles, the researchers behind the study say. That is equivalent to over half a million miles throughout the battery’s life, a press release notes. All that happens in the time it takes you to brew a morning coffee.
Researchers say that this design could finally make electric vehicles a viable competitor for traditional vehicles. “Range anxiety” is the fear of being stranded if your electric vehicle runs out of charge which has been a common barrier to adoption for many drivers.
In the study, published on Wednesday in Joule, researchers from Penn State University describe an asymmetric approach to fast-charging batteries that mitigates the effects of natural degradation of the lithium-ion batteries. This is achieved by quickly charging at a high temperature and then storing the charge more slowly at a cooler temperature. The researchers found that this approach allowed the batteries to avoid performance loss usually created from “battery plaque,” called lithium plating or solid-electrolyte-interphase (SEI) growth, which typically grows on batteries over time when exposed to heat.
[…]
In order to charge your car in just ten minutes with these new batteries in the future though, you might have to buy a new car or at least replace the battery.
“[The car] would require a new battery with our internal heating structure built in,” Chao-Yang Wang, coauthor of the study and director of the Electrochemical Engine Center at Penn State, said in an email.
Counter-Strike: Global Offensive players will no longer be able to trade container keys between accounts because the trade was part of a massive worldwide fraud network. Players earned cases in Counter-Strike containing weapons and cosmetic upgrades, but had to purchase the keys to open the boxes. Developer Valve runs an internal marketplace on Steam where it allowed players to trade the boxes and the keys. Valve patched the game on October 28 and explained the problem in its patch notes.
“In the past, most key trades we observed were between legitimate customers,” the statement said. “However, worldwide fraud networks have recently shifted to using CS:GO keys to liquidate their gains. At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced.”
This isn’t the first time Counter-Strike’s microtransactions were at the center of fraud. In September, 2017, the Federal Trade Commission settled with two YouTubers who ran popular websites that allowed fans to gamble their Counter-Strike skins. The influencers advertised the gambling site to fans on YouTube with video titles like HOW TO WIN $13,000 IN 5 MINUTES CS GO Betting without disclosing that they owned it.
Facebook has ended its appeal against the UK Information Commissioner’s Office and will pay the outstanding £500,000 fine for breaches of data protection law relating to the Cambridge Analytica scandal.
Prior to today’s announcement, the social network had been appealing against the fine, alleging bias and requesting access to ICO documents related to the regulator’s decision making. The ICO, in turn, was appealing a decision that it should hand over these documents.
The issue for the watchdog was the misuse of UK citizens’ Facebook profile information, specifically the harvesting and subsequent sale of data scraped from their profiles to Cambridge Analytica, the controversial British consulting firm used by US prez Donald Trump’s election campaign.
The app that collected the data was “thisisyourdigitallife”, created by Cambridge developer Aleksandr Kogan. It hoovered up Facebook users’ profiles, dates of birth, current city, photos in which those users were tagged, pages they had liked, posts on their timeline, friends’ lists, email addresses and the content of Facebook messages. The data was then processed in order to create a personality profile of the user.
“Given the way our platform worked at the time,” Zuck has said, “this meant Kogan was able to access tens of millions of their friends’ data”. Facebook has always claimed it learned of the data misuse from news reports, though this has been disputed.
Both sides will now end the legal fight and Facebook will pay the ICO a fine but make no admission of liability or guilt. The money is not kept by the data protection watchdog but goes to the Treasury consolidated fund and both sides will pay their own costs. The ICO spent an eye-watering £2.5m on the Facebook probe.
VP of product Scott Williamson announced on 10 October that “to make GitLab better faster, we need more data on how users are using GitLab”.
GitLab is a web application that runs on Linux, with options for self-hosting or using the company’s cloud service. It is open source, with both free and licensed editions.
Williamson said that while nothing was changing with the free self-hosted Community Edition, the hosted and licensed products would all now “include additional JavaScript snippets (both open source and proprietary) that will interact with both GitLab and possibly third-party SaaS telemetry services (we will be using Pendo)”. The only opt-out was to be support for the Do Not Track browser mechanism.
GitLab customers and even some staff were not pleased. For example, Yorick Peterse, a GitLab staff developer, said telemetry should be opt-in and that the requisite update to the terms of service would break some API usage (because bots do not know how to accept terms of service), adding: “We have plenty of customers who would not be able to use GitLab if it starts tracking data for on-premises installations.”
There is more background in the issue here, which concerns adding the identity of the user to the Snowplow analytics service used by GitLab.
“This effectively changes our Snowplow integration from being an anonymous aggregated thing to a thing that tracks user interaction,” engineering manager Lukas Eipert said back in July. “Ethically, I have problems with this and legally this could have a big impact privacy wise (GDPR). I hereby declare my highest degree of objection to this change that I can humanly express.”
On the other hand, GitLab CFO Paul Machle said: “This should not be an opt in or an opt out. It is a condition of using our product. There is an acceptance of terms and the use of this data should be included in that.”
On 23 October, an email was sent to GitLab customers announcing the changes.
Yesterday, however, CEO Sid Sijbrandij put the plans on hold, saying: “Based on considerable feedback from our customers, users, and the broader community, we reversed course the next day and removed those changes before they went into effect. Further, GitLab will commit to not implementing telemetry in our products that sends usage data to a third-party product analytics service.” Sijbrandij also promised a review of what went wrong. “We will put together a new proposal for improving the user experience and share it for feedback,” he said.
Despite this embarrassing backtrack, the incident has demonstrated that GitLab does indeed have an open process, with more internal discussion on view than would be the case with most companies. Nevertheless, the fact that GitLab came so close to using personally identifiable tracking without specific opt-in has tarnished its efforts to appear more community-driven than alternatives like Microsoft-owned GitHub. ®
Pagers used within the United Kingdom’s National Health Service are leaking sensitive patient information, and an amateur radio enthusiast has been broadcasting some of that medical data on a webcam livestream, a security researcher has found.
TechCrunch reports that Florida-based security researcher Daley Borda stumbled upon the strange confluence of archaic tech that flowed together to create a security nightmare.
Borda regularly scans the internet looking for concerning privacy and security activity. He recently discovered a grainy livestream showing a radio rig in North London that picked up radio waves and converted the transmissions into text that was displayed on a computer screen, according to TechCrunch. The hobbyist had set up a webcam that captured what was on the display, which showed medical emergencies as they were being reported. The webcam reportedly had no password, so anyone could find it and see the messages that showed directions meant for ambulances responding to emergency calls.
“You can see details of calls coming in—their name, address, and injury,” Borda told TechCrunch, which verified his discovery.
The tech news outlet reviewed several concerning messages that showed the location where people were reporting medical emergencies, including one that showed the address where a 49-year-old man was having chest pains and one that showed the address of a 98-year old man who had fallen.
[…]
A spokesperson for NHS told Gizmodo that the NHS consists of several different organizations, like hospital trusts and ambulances trusts, and “each organization is responsible for the technology it buys and uses (including pagers).” They pointed Gizmodo to a statement that Health and Social Care Secretary Matt Hancock issued in February instructed the NHS to stop using pagers by 2022. In his statement, he said the NHS uses 130,000 pagers.
