The US Department of Homeland Security (DHS) expects to have face, fingerprint, and iris scans of at least 259 million people in its biometrics database by 2022, according to a recent presentation from the agency’s Office of Procurement Operations reviewed by Quartz.
That’s about 40 million more than the agency’s 2017 projections, which estimated 220 million unique identities by 2022, according to previous figures cited by the Electronic Frontier Foundation (EFF), a San Francisco-based privacy rights nonprofit.
A slide deck, shared with attendees at an Oct. 30 DHS industry day, includes a breakdown of what its systems currently contain, as well as an estimate of what the next few years will bring. The agency is transitioning from a legacy system called IDENT to a cloud-based system (hosted by Amazon Web Services) known as Homeland Advanced Recognition Technology, or HART. The biometrics collection maintained by DHS is the world’s second-largest, behind only India’s countrywide biometric ID network in size. The traveler data kept by DHS is shared with other US agencies, state and local law enforcement, as well as foreign governments.
The first two stages of the HART system are being developed by US defense contractor Northrop Grumman, which won the $95 million contract in February 2018. DHS wasn’t immediately available to comment on its plans for its database.
[…]
Last month’s DHS presentation describes IDENT as an “operational biometric system for rapid identification and verification of subjects using fingerprints, iris, and face modalities.” The new HART database, it says, “builds upon the foundational functionality within IDENT,” to include voice data, DNA profiles, “scars, marks, and tattoos,” and the as-yet undefined “other biometric modalities as required.” EFF researchers caution some of the data will be “highly subjective,” such as information gleaned during “officer encounters” and analysis of people’s “relationship patterns.”
EFF worries that such tracking “will chill and deter people from exercising their First Amendment protected rights to speak, assemble, and associate,” since such specific data points could be used to identify “political affiliations, religious activities, and familial and friendly relationships.”
[…]
EFF researchers said in a 2018 blog post that facial-recognition software, like what the DHS is using, is “frequently…inaccurate and unreliable.” DHS’s own tests found the systems “falsely rejected as many as 1 in 25 travelers,” according to EFF, which calls out potential foreign partners in countries such as the UK, where false-positives can reportedly reach as high as 98%. Women and people of color are misidentified at rates significantly higher than whites and men, and darker skin tones increase one’s chances of being improperly flagged.
“DHS is also partnering with airlines and other third parties to collect face images from travelers entering and leaving the US,” the EFF said. “When combined with data from other government agencies, these troubling collection practices will allow DHS to build a database large enough to identify and track all people in public places, without their knowledge—not just in places the agency oversees, like airports, but anywhere there are cameras.”
New research from a duo of environmental engineers at Drexel University is suggesting the decades-old claim that house plants improve indoor air quality is entirely wrong. Evaluating 30 years of studies, the research concludes it would take hundreds of plants in a small space to even come close to the air purifying effects of simply opening a couple of windows.
Back in 1989 an incredibly influential NASA study discovered a number of common indoor plants could effectively remove volatile organic compounds (VOCs) from the air. The experiment, ostensibly conducted to investigate whether plants could assist in purifying the air on space stations, gave birth to the idea of plants in home and office environments helping clear the air.
Since then, a number of experimental studies have seemed to verify NASA’a findings that plants do remove VOCs from indoor environments. Professor of architectural and environmental engineering at Drexel University Michael Waring, and one of his PhD students, Bryan Cummings, were skeptical of this common consensus. The problem they saw was that the vast majority of these experiments were not conducted in real-world environments.
“Typical for these studies a potted plant was placed in a sealed chamber (often with a volume of a cubic meter or smaller), into which a single VOC was injected, and its decay was tracked over the course of many hours or days,” the duo writes in their study.
To better understand exactly how well potted plants can remove VOCs from indoor environments, the researchers reviewed the data from a dozen published experiments. They evaluated the efficacy of a plant’s ability to remove VOCs from the air using a metric called CADR, or clean air delivery rate.
“The CADR is the standard metric used for scientific study of the impacts of air purifiers on indoor environments,” says Waring, “but many of the researchers conducting these studies were not looking at them from an environmental engineering perspective and did not understand how building air exchange rates interplay with the plants to affect indoor air quality.”
Once the researchers had calculated the rate at which plants dissipated VOCs in each study they quickly discovered that the effect of plants on air quality in real-world scenarios was essentially irrelevant. Air handling systems in big buildings were found to be significantly more effective in dissipating VOCs in indoor environments. In fact, to clear VOCs from just one square meter (10.7 sq ft) of floor space would take up to 1,000 plants, or just the standard outdoor-to-indoor air exchange systems that already exist in most large buildings.
In modern cities, we’re constantly surveilled through CCTV cameras in both public and private spaces, and by companies trying to sell us shit based on everything we do. We are always being watched.
But what if a simple T-shirt could make you invisible to commercial AIs trying to spot humans?
A team of researchers from Northeastern University, IBM, and MIT developed a T-shirt design that hides the wearer from image recognition systems by confusing the algorithms trying to spot people into thinking they’re invisible.
[…]
A T-shirt is a low-barrier way to move around the world unnoticed by AI watchers. Previously, researchers have tried to create adversarial fashion using patches attached to stiff cardboard, so that the design doesn’t distort on soft fabric while the wearer moves. If the design is warped or part of it isn’t visible, it becomes ineffective.
No one’s going to start carrying cardboard patches around, and most of us probably won’t put Juggalo paint on our faces (at least not until everyone’s doing it), so the researchers came up with an approach to account for the ways that moving cloth distorts an image when generating an adversarial design to print on a shirt. As a result, the new shirt allows the wearer to move naturally while (mostly) hiding the person.
It would be easy to dismiss this sort of thing as too far-fetched to become reality. But as more cities around the country push back against facial recognition in their communities, it’s not hard to imagine some kind of hypebeast Supreme x MIT collab featuring adversarial tees to fool people-detectors in the future. Security professional Kate Rose’s shirts that fool Automatic License Plate Readers, for example, are for sale and walking amongst us already.
The mind-bending calculations required to predict how three heavenly bodies orbit each other have baffled physicists since the time of Sir Isaac Newton. Now artificial intelligence (A.I.) has shown that it can solve the problem in a fraction of the time required by previous approaches.
Newton was the first to formulate the problem in the 17th century, but finding a simple way to solve it has proved incredibly difficult. The gravitational interactions between three celestial objects like planets, stars and moons result in a chaotic system — one that is complex and highly sensitive to the starting positions of each body.
[…]
The algorithm they built provided accurate solutions up to 100 million times faster than the most advanced software program, known as Brutus.
[…]
Neural networks must be trained by being fed data before they can make predictions. So the researchers had to generate 9,900 simplified three-body scenarios using Brutus, the current leader when it comes to solving three-body problems.
They then tested how well the neural net could predict the evolution of 5,000 unseen scenarios, and found its results closely matched those of Brutus. However, the A.I.-based program solved the problems in an average of just a fraction of a second, compared with nearly 2 minutes.
The reason programs like Brutus are so slow is that they solve the problem by brute force, said Foley, carrying out calculations for each tiny step of the celestial bodies’ trajectories. The neural net, on the other hand, simply looks at the movements those calculations produce and deduces a pattern that can help predict how future scenarios will play out.
That presents a problem for scaling the system up, though, Foley said. The current algorithm is a proof-of-concept and learned from simplified scenarios, but training on more complex ones or even increasing the number of bodies involved to four of five first requires you to generate the data on Brutus, which can be extremely time-consuming and expensive.
Startup insurance provider Lemonade is trying to make the best of a sour situation after T-Mobile parent Deutsche Telekom claimed it owns the exclusive rights to the color magenta.
New York-based Lemonade is a 3-year-old company that lives completely online and mostly focuses on homeowners and renter’s insurance. The company uses a similar color to magenta — it says it’s “pink” — in its marketing materials and its website. But Lemonade was told by German courts that it must cease using its color after launching its services in that country, which is also home to T-Mobile owner Deutsche Telekom. Although the ruling only applies in Germany, Lemonade says it fears the decision will set a precedent and expand to other jurisdictions such as the U.S. or Europe.
“If some brainiac at Deutsche Telekom had invented the color, their possessiveness would make sense,” Daniel Schreiber, CEO and co-founder of Lemonade, said in a statement. “Absent that, the company’s actions just smack of corporate bully tactics, where legions of lawyers attempt to hog natural resources – in this case a primary color—that rightfully belong to everyone.”
A spokesman for Deutsche Telekom confirmed that it “asked the insurance company Lemonade to stop using the color magenta in the German market,” while adding that the “T” in “Deutsche Telekom” is registered to the brand. “Deutsche Telekom respects everyone’s trademark rights but expects others to do the same,” the spokesman said in an emailed statement to Ad Age.
Although Lemonade has complied with the ruling by removing its pink color from marketing materials in Germany, it’s also trying to turn the legal matter into an opportunity. The company today began throwing some shade in social media under the hashtag “#FreeThePink,” though a quick check on Twitter shows it’s gained little traction thus far: Schreiber, the company’s CEO, holds the top tweet under “#FreeThePink” with 13 retweets and 42 likes.
Lemonade also filed a motion today with the European Union Intellectual Property Office, or EUIPO, to invalidate Deutsche Telekom’s magenta trademark.
Facebook on Tuesday disclosed that as many as 100 software developers may have improperly accessed user data, including the names and profile pictures of people in specific groups on the social network.
The company recently discovered that some apps retained access to this type of user data despite making changes to its service in April 2018 to prevent this, Facebook said in a blog post. The company said it has removed this access and reached out to 100 developer partners who may have accessed the information. Facebook said that at least 11 developer partners accessed this type of data in the last 60 days.
“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” the company said in the blog post.
The company did not say how many users were affected.
Facebook has been restricting software developer access to its user data following reports in March 2018 that political consulting firm Cambridge Analytica had improperly accessed the data of 87 million Facebook users, potentially to influence the outcome of the 2016 U.S. presidential election.
A Boeing whistleblower has claimed that passengers on its 787 Dreamliner could be left without oxygen if the cabin were to suffer a sudden decompression.
John Barnett says tests suggest up to a quarter of the oxygen systems could be faulty and might not work when needed.
He also claimed faulty parts were deliberately fitted to planes on the production line at one Boeing factory.
Boeing denies his accusations and says all its aircraft are built to the highest levels of safety and quality.
The firm has come under intense scrutiny in the wake of two catastrophic accidents involving another one of its planes, the 737 Max – the Ethiopian Airlines crash in March and Lion Air disaster in Indonesia last year.
Mr Barnett, a former quality control engineer, worked for Boeing for 32 years, until his retirement on health grounds in March 2017.
[…]
In 2016, he tells the BBC, he uncovered problems with emergency oxygen systems. These are supposed to keep passengers and crew alive if the cabin pressurisation fails for any reason at altitude. Breathing masks are meant to drop down from the ceiling, which then supply oxygen from a gas cylinder.
Without such systems, the occupants of a plane would rapidly be incapacitated. At 35,000ft, (10,600m) they would be unconscious in less than a minute. At 40,000ft, it could happen within 20 seconds. Brain damage and even death could follow.
Although sudden decompression events are rare, they do happen. In April 2018, for example, a window blew out of a Southwest Airlines aircraft, after being hit by debris from a damaged engine. One passenger sitting beside the window suffered serious injuries and later died as a result – but others were able to draw on the emergency oxygen supplies and survived unharmed.
[…]
Mr Barnett says that when he was decommissioning systems which had suffered minor cosmetic damage, he found that some of the oxygen bottles were not discharging when they were meant to. He subsequently arranged for a controlled test to be carried out by Boeing’s own research and development unit.
This test, which used oxygen systems that were “straight out of stock” and undamaged, was designed to mimic the way in which they would be deployed aboard an aircraft, using exactly the same electric current as a trigger. He says 300 systems were tested – and 75 of them did not deploy properly, a failure rate of 25%
Mr Barnett says his attempts to have the matter looked at further were stonewalled by Boeing managers. In 2017, he complained to the US regulator, the FAA, that no action had been taken to address the problem. The FAA, however, said it could not substantiate that claim, because Boeing had indicated it was working on the issue at the time.
Last month was the hottest ever October on record globally, according to data released Friday by the Copernicus Climate Change Service, an organization that tracks global temperatures. The month, which was reportedly 1.24 degrees Fahrenheit warmer than the average October from 1981-2010, narrowly beat October 2015 for the top spot.
According to Copernicus, most of Europe, large parts of the Arctic and the eastern U.S. and Canada were most affected. The Middle East, much of Africa, southern Brazil, Australia, eastern Antarctica and Russia also experienced above-average temperatures.
Parts of tropical Africa and Antarctica and the western U.S. and Canada felt much colder than usual, however.
A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.
The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States.
The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses, which can be used to identify users. The logs also included users’ private chat messages with other users, as well as promotional emails they were receiving from the various sites. The logs even included failed login attempts, storing usernames and passwords in plaintext. We did not test the credentials as doing so would be unlawful.
None of the data was encrypted.
The exposed data also revealed which videos users were watching and renting, exposing kinks and private sexual preferences.
In all, the logs were detailed enough to see which users were logging in, from where, and often their email addresses or other identifiable information — which in some cases we could match to real-world identities.
Not only were users affected, the “camgirls” — who broadcast sexual content to viewers — also had some of their account information exposed.
Dutch Filmworks demanded the subscriber data linked to 377 IP adresses they determined illegally downloaded a movie. The judge said no, due to a complete lack of transparency by DFW on how their decision tree works and the amount of money they want to fine the suspects.
It only Tuesday, but more than 11,000 scientists around the world have come together to declare a climate emergency. Their paper, published Tuesday in the journal Bioscience, lays out the science behind this emergency and solutions for how we can deal with it.
Scientists aren’t the first people to make this declaration. A tribal nation in the Canadian Yukon, the U.K., and parts of Australia have all come to the same grim conclusion. In the U.S., members of Congress have pushed the federal government to do the same, but y’know, we got Donald Trump. Ain’t shit happening with this fool in office. Anyway, this proclamation from scientists is significant because they’re not doing it out of a political agenda or as an emotional outcry. They’re declaring a climate emergency because the science supports it.
The signatories, who come from 153 countries, note that societies have taken little action to prevent climate disaster. It’s been business as usual, despite scientific consensus that burning fossil fuels and driving cars is gravely harming the environment—you know, the environment we all have to live in for the foreseeable future. Greenhouse gas emissions continue to enter the atmosphere, and if we don’t stop quickly, we’re doomed.
Click “Activity controls” from the left-hand sidebar.
Scroll down to the data type you wish to manage, then select “Manage Activity.”
On this next page, click on “Choose how long to keep” under the calendar icon.
Select the auto-deletion time you wish (three or 18 months), or you can choose to delete your data manually.
Click “Next” to save your changes.
Repeat these steps for each of the types of data you want to be auto-deleted. For your Location History in particular, you’ll need to click on “Today” in the upper-left corner first, and then click on the gear icon in the lower-right corner of your screen. Then, select “Automatically delete Location History,” and pick a time.
The vast majority of technology, media and telecom (TMT) companies want to monetise customer data, but are concerned about regulations such as Europe’s GDPR, according to research from law firm Simmons & Simmons.
The outfit surveyed 350 global business leaders in the TMT sector to understand their approach to data commercialisation. It found that 78 per cent of companies have some form of data commercialisation in place but only 20 per cent have an overarching plan for its use.
Alex Brown, global head of TMT Sector at Simmons & Simmons, observed that the firm’s clients are increasingly seeking advice on the legal ways they can monetise data. He said that can either be for internal use, how to use insights into customer behaviour to improve services, or ways to sell anonymised data to third parties.
One example of data monetisation within the sector is Telefónica’s Smart Steps business, which uses “fully anonymised and aggregated mobile network data to measure and compare the number of people visiting an area at any time”.
That information is then sold on to businesses to provide insight into their customer base.
Brown said: “All mobile network operators know your location because the phone is talking to the network, so through that they know a lot about people’s movement. That aggregated data could be used by town planners, transport networks, retailers work out best place to site new store.”
However, he added: “There is a bit of a data paralysis at the moment. GDPR and what we’ve seen recently in terms of enforcement – albeit related to breaches – and the Google fine in France… has definitely dampened some innovation.”
Earlier this year France’s data protection watchdog fined Google €50m for breaching European Union online privacy rules, the biggest penalty levied against a US tech giant. It said Google lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personalised ads.
But Brown pointed out that as long as privacy policies are properly laid out and the data is fully anonymised, companies wanting to make money off data should not fall foul of GDPR.
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
The implications of injecting unauthorized voice commands vary in severity based on the type of commands that can be executed through voice. As an example, in our paper we show how an attacker can use light-injected voice commands to unlock the victim’s smart-lock protected home doors, or even locate, unlock and start various vehicles.
Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming.
NFC beaming works via an internal Android OS service known as Android Beam. This service allows an Android device to send data such as images, files, videos, or even apps, to another nearby device using NFC (Near-Field Communication) radio waves, as an alternative to WiFi or Bluetooth.
Typically, apps (APK files) sent via NFC beaming are stored on disk and a notification is shown on screen. The notification asks the device owner if he wants to allow the NFC service to install an app from an unknown source.
But, in January this year, a security researcher named Y. Shafranovich discovered that apps sent via NFC beaming on Android 8 (Oreo) or later versions would not show this prompt. Instead, the notification would allow the user to install the app with one tap, without any security warning.
While the lack of one prompt sounds unimportant, this is a major issue in Android’s security model. Android devices aren’t allowed to install apps from “unknown sources” — as anything installed from outside the official Play Store is considered untrusted and unverified.
US mega-retailer Best Buy will switch off the “smart” portion of its Insignia-branded smart home gadgets this coming Wednesday, rendering them just plain old dumb gear.
Folks who’ve bought these soon-to-be-internet-less Internet-of-Things gizmos can apply for some money back in the form of a gift card, though a full refund is off the cards, literally.
“As the Insignia Connect platform will be discontinued on November 6, 2019, this process will determine your eligibility for compensation for your eligible Insignia Connect products,” Best Buy stated on its webpage about the shutdown. An FAQ with more details is here.
“The compensation will not be a full refund of your product, and will be determined by product type.”
The affected Insigna Connect line includes smart power plugs, in-wall light switches, security cameras, and a God-damn freezer. Yes, a freezer. Being Wi-Fi-connected, these devices can be remote-controlled via an iOS or Android smartphone app, allowing you to turn lights off and on, monitor power usage, schedule stuff to turn on, view camera footage, and so on, wherever you are. They can also be directed via Amazon’s voice-powered assistant Alexa or Google Assistant.
However, when the Insigna line’s backend systems are shut down for good, and the phone apps withdrawn, on Wednesday, this gear will degrade to normal non-smart stuff. Crucially, though, the camera will be completely useless – and the footage inaccessible from the apps by the time you read this – and while the NS-SP1XM8 smart plug with metering will work with Apple’s Home app, via HomeKit, the other plugs will just be normal plugs.
a recent experiment by Microsoft Japan suggests with a 4-day workweek we may be more productive if we work less.
In particular, it shows that a shorter workweek can actually impact productivity positively.
In August this year, Microsoft Japan ran an experiment where for one month they had a 3 day weekend, taken Friday off. This was paid leave and did not impact the worker’s usual vacation allocation.
Some results were predictable.
Workers were happier and took 25.4 percent fewer days off during the month.
There were also savings from spending less time at work. 23.1 percent less electricity was used and 58.7 percent fewer pages were printed.
More importantly from a bottom-line standpoint, however, productivity went up 39.9%, as fewer and shorter meetings were held, often virtually rather than in person.
In the end, the project had 92.1 percent employee approval, suggesting workers were happy with getting more done in less time.
The trial involved 2,300 employees, and Microsoft is looking to repeat it next summer.
The new standard will work as an extension to TLS, a cryptographic protocol that underpins the more widely-known HTTPS protocol, used for loading websites inside browsers via an encrypted connection.
The TLS Delegate Credentials extension was specifically developed for large website setups, such as Facebook, or for website using content delivery networks (CDNs), such as Cloudflare.
How TLS Delegate Credentials works
For example, a big website like Facebook has thousands of servers spread all over the world. In order to support HTTPS traffic on all, Facebook has to place a copy of its TLS certificate private key on each one.
This is a dangerous setup. If an attacker hacks one server and steals the TLS private key, the attacker can impersonate Facebook servers and intercept user traffic until the stolen certificate expires.
The same thing is also valid with CDN services like Cloudflare. Anyone hosting an HTTPS website on Cloudflare’s infrastructure must upload their TLS private key to Cloudflare’s service, which then distributes it to thousands of servers across the world.
The TLS Delegate Credentials extension allows site owners to create short-lived TLS private keys (called delegated credentials) that they can deploy to these multi-server setups, instead of the real TLS private key.
The delegated credentials can live up to seven days and can be rotated automatically once they expire.
The most important security improvement that comes with this new TLS extension is that if — in the worst-case scenarios — an attacker does manage to hack a server, the stolen private key (actually a delegated credential) won’t work for more than a few days, rather than weeks, months, or even a year, as it does now.
You can read more in-depth technical explanations about the new TLS Delegated Credentials extensions on the Facebook, Mozilla, and Cloudflare blogs.
The IETF draft specification is available here. TLS Delegated Credentials will be compatible with the TLS protocol v1.3 and later.
Using some relatively inexpensive and readily available technology you can find at any well-stocked electronics store, Alaina Gassler, a 14-year-old inventor from West Grove, Pennsylvania, came up with a clever way to eliminate the blind spot created by the thick pillars on the side of a car’s windshield.
[…]
Her solution involves installing an outward-facing webcam on the outside of a vehicle’s windshield pillar, and then projecting a live feed from that camera onto the inside of that pillar. Custom 3D-printed parts allowed her to perfectly align the projected image so that it seamlessly blends with what a driver sees through the passenger window and the windshield, essentially making the pillar invisible.
Her invention was part of a project called “Improving Automobile Safety by Removing Blind Spots,” which Gassler presented at this year’s Society for Science and the Public’s Broadcom MASTERS (Math, Applied Science, Technology, and Engineering for Rising Stars) science and engineering competition.
As many as 2,000 users of NordVPN, the virtual private network service that recently disclosed a server hack that leaked crypto keys, have fallen victim to credential-stuffing attacks that allow unauthorized access to their accounts.
In recent weeks, credentials for NordVPN users have circulated on Pastebin and other online forums. They contain the email addresses, plain-text passwords, and expiration dates associated with NordVPN user accounts.
I received a list of 753 credentials on Thursday and polled a small sample of users. The passwords listed for all but one were still in use. The one user who had changed their password did so after receiving an unrequested password reset email. It would appear someone who gained unauthorized access was trying to take over the account. Several other people said their accounts had been accessed by unauthorized people.
Over the past week, breach notification service Have I Been Pwned has reported at least 10 lists of NordVPN credentials similar to the one I obtained.
While it’s likely that some accounts are listed in multiple lists, the number of user accounts easily tops 2,000. What’s more, a large number of the email addresses in the list I received weren’t indexed at all by Have I Been Pwned, indicating that some compromised credentials are still leaking into public view. Most of the Web pages that host these credentials have been taken down, but at the time this post was going live, at least one remained available on Pastebin, despite the fact Ars brought it to NordVPN’s attention more than 17 hours earlier.
Without exception, all of the plain-text passwords are weak. In some cases, they’re the string of characters to the left of the @ sign in the email address. In other cases, they’re words found in most dictionaries. Others appear to be surnames, sometimes with two or three numbers tacked onto the end. These common traits mean that the most likely way these passwords became public is through credential stuffing. That’s the term for attacks that take credentials divulged in one leak to break into other accounts that use the same username and password. Attackers typically use automated scripts to carry out these attacks.
Crouchley’s idea, which just won second place in the annual 3M Young Scientist Challenge, is to build pneumatic tubes next to existing train tracks.
Magnetic shuttles would travel through these vacuum tubes, connected via magnetic arm to trains traveling on the existing tracks.
This system would utilize current train tracks, thereby cutting infrastructure costs and, Crouchley says, eradicating the potential safety risk posed by propelling passengers in a vacuum.
There’d be no need for trains to use diesel or electric motors, making the trains lighter and more fuel-efficient.
This is important to Crouchley, who aims to devise active solutions to the climate crisis.
“I pinpointed transportation as something I wanted to work on because if we can make trains more efficient, then we can eliminate the amount of cars, trucks and buses on the road,” Crouchley tells CNN Travel.
Real world inspiration
[…]
“Hyperloop is very high risk,” says Crouchley.
“My design can be less expensive and more efficient than current train technology that’s out there already. It’s also safer than Hyperloop.
My design can rely on 100% renewable energy, so it eliminates the need for a diesel engine or an electric motor, which makes the train lighter, so it can move faster.”
A confidential Sidewalk Labs document from 2016 lays out the founding vision of the Google-affiliated development company, which included having the power to levy its own property taxes, track and predict people’s movements and control some public services.
The document, which The Globe and Mail has seen, also describes how people living in a Sidewalk community would interact with and have access to the space around them – an experience based, in part, on how much data they’re willing to share, and which could ultimately be used to reward people for “good behaviour.”
Known internally as the “yellow book,” the document was designed as a pitch book for the company, and predates Sidewalk’s relationship and formal agreements with Toronto by more than a year. Peppered with references to Disney theme parks and noted futurist Buckminster Fuller, it says Sidewalk intended to “overcome cynicism about the future.”
But the 437-page book documents how much private control of city services and city life Google parent company Alphabet Inc.’s leadership envisioned when it created the company,
[…]
“The ideas contained in this 2016 internal paper represent the result of a wide-ranging brainstorming process very early in the company’s history,” Sidewalk spokesperson Keerthana Rang said. “Many, if not most, of the ideas it contains were never under consideration for Toronto or discussed with Waterfront Toronto and governments. The ideas that we are actually proposing – which we believe will achieve a new model of inclusive urban growth that makes housing more affordable for families, creates new jobs for residents, and sets a new standard for a healthier planet – can all be found at sidewalktoronto.ca.”
[…]
To carry out its vision and planned services, the book states Sidewalk wanted to control its area much like Disney World does in Florida, where in the 1960s it “persuaded the legislature of the need for extraordinary exceptions.” This could include granting Sidewalk taxation powers. “Sidewalk will require tax and financing authority to finance and provide services, including the ability to impose, capture and reinvest property taxes,” the book said. The company would also create and control its own public services, including charter schools, special transit systems and a private road infrastructure.
Sidewalk’s early data-driven vision also extended to public safety and criminal justice.
The book mentions both the data-collection opportunities for police forces (Sidewalk notes it would ask for local policing powers similar to those granted to universities) and the possibility of “an alternative approach to jail,” using data from so-called “root-cause assessment tools.” This would guide officials in determining a response when someone is arrested, such as sending someone to a substance abuse centre. The overall criminal justice system and policing of serious crimes and emergencies would be “likely to remain within the purview of the host government’s police department,” however.
Data collection plays a central role throughout the book. Early on, the company notes that a Sidewalk neighbourhood would collect real-time position data “for all entities” – including people. The company would also collect a “historical record of where things have been” and “about where they are going.” Furthermore, unique data identifiers would be generated for “every person, business or object registered in the district,” helping devices communicate with each other.
There would be a quid pro quo to sharing more data with Sidewalk, however. The document describes a tiered level of services, where people willing to share data can access certain perks and privileges not available to others. Sidewalk visitors and residents would be “encouraged to add data about themselves and connect their accounts, either to take advantage of premium services like unlimited wireless connectivity or to make interactions in the district easier,” it says.
Shoshana Zuboff, the Harvard University professor emerita whose book The Age of Surveillance Capitalism investigates the way Alphabet and other big-tech companies are reshaping the world, called the document’s revelations “damning.” The community Alphabet sought to build when it launched Sidewalk Labs, she said, was like a “for-profit China” that would “use digital infrastructure to modify and direct social and political behaviour.”
While Sidewalk has since moved away from many of the details in its book, Prof. Zuboff contends that Alphabet tends to “say what needs be said to achieve commercial objectives, while specifically camouflaging their actual corporate strategy.”
[…]
hose choosing to remain anonymous would not be able to access all of the area’s services: Automated taxi services would not be available to anonymous users, and some merchants might be unable to accept cash, the book warns.
The document also describes reputation tools that would lead to a “new currency for community co-operation,” effectively establishing a social credit system. Sidewalk could use these tools to “hold people or businesses accountable” while rewarding good behaviour, such as by rewarding a business’s good customer service with an easier or cheaper renewal process on its licence.
This “accountability system based on personal identity” could also be used to make financial decisions.
“A borrower’s stellar record of past consumer behaviour could make a lender, for instance, more likely to back a risky transaction, perhaps with the interest rates influenced by digital reputation ratings,” it says.
The company wrote that it would own many of the sensors it deployed in the community, foreshadowing a battle over data control that has loomed over the Toronto project.
Though this somewhat-new “xHelper” malware has affected a low number of Android users so far (around 45,000, estimates Symantec), the fact that nobody has any clear advice on how to remove it is a worrisome fact. While the odds are good that you won’t get hit with this malware, given its low installation rate so far—even though it’s been active since March—you should still know what it does and how to (hopefully) avoid it.
As Malwarebytes describes, xHelper starts by concealing itself as a regular app by spoofing legitimate apps’ package names. Once it’s on your device, you’re either stuck with a “semi-stealth” version, which drops an xHelper icon blatantly in your notifications—but no app or shortcut icons—or a “full-stealth” version, which you’ll only notice if you visit Settings > Apps & notifications > App Info (or whatever the navigation is on your specific Android device) and scroll down to see the installed “xHelper” app.
What does xHelper do?
Thankfully, xHelper isn’t destructive malware in the sense that it’s not recording your passwords, credit card data, or anything else you’re doing on your device and sending it off to some unknown attacker. Instead, it simply spams you with pop-up advertisements on your device and annoying notifications that all try to get you to install more apps from Google Play—presumably how the xHelper’s authors are making cash from the malware.
The dark side, as reported by ZDNet, is that xHelper can allegedly download and install apps on your behalf. It doesn’t appear to be doing so at the moment, but if this were to happen—coupled with the app’s mysterious ability to persist past uninstallations and factory resets—would be a huge backdoor for anyone affected by the malware.
Wait, I can’t uninstall it?
Yep. This is the insidious part of xHelper. Neither Symantec nor Malwarebytes have any good recommendations for getting this malware off your device once it’s installed, as the mechanisms it uses to persist past a full factory reset of your device are unknown.
