Forty-seven state attorneys general have now joined a sweeping investigation into Facebook’s business practices aimed at determining whether the company has engaged in anti-competitive behavior, ignored privacy laws, or violated any other laws, according to the New York Attorney General’s office.
In a statement on Tuesday, Letitia James, the Democratic attorney general of New York, said in a statement that investigators would use every tool at their disposal “to determine whether Facebook’s actions stifled competition and put users at risk.” The officials also aim to determine whether Facebook has “reduced the quality of consumers’ choices” and “increased the price of advertising.”
“When competition is blocked, innovation can be stifled and consumers are harmed. Facebook, like every other company, must comply with our antitrust laws, and this investigation is looking into whether it has,” said Wisconsin Attorney General Josh Kaul, adding: “No one is above the law.”
The probe is the latest sign of a growing bipartisan unease with the immense sway a small number of tech companies hold over the digital economy. Google’s market power is likewise being scrutinized by attorneys general in four dozen states. And the U.S. Justice Department, reflecting concerns that “Big Tech” is abusing its control to stifle competition in markets, announced a broad antitrust review of Facebook, Google, Amazon, and Apple this summer.
Earlier in October, Hyperstealth filed a patent for the material, which doesn’t require a power source and is both paper-thin and inexpensive — all traits that could make it appealing for use on the battlefield.
According to a press release, it works by bending the light around a target to make it seemingly disappear. This light can be in the visible spectrum, or it can be ultraviolet, infrared, or shortwave infrared light, making the material what Hyperstealth calls a “broadband invisibility cloak.”
Ready for Battle
Alongside the news of the patent application, Hyperstealth released more than 100-minutes worth of footage describing and demonstrating the material — and if the press release doesn’t make it clear that the military is the company’s target customer, the video footage sure does.
In one segment, Hyperstealth shows how it can hide a scaled-down version of a tank by placing a sheet of the material above it. In another, it renders a small jet invisible by placing it behind the “Quantum Stealth” material.
As part of the Combat Air Forces Contracted Air Support programme, the companies will fly their own fleets of fighter aircraft against USAF types during Red Flag-series exercises, the USAF says in an online award notice posted on 18 October. Such activities are meant to help the service improve its performance fighting against a growing number of high-performance aircraft in China and Russia’s inventories.
The seven companies awarded contracts are: Air USA, Airborne Tactical Advantage, Blue Air Training, Coastal Defense, Draken International, Tactical Air Support and Top Aces. The service says it received a total of eight offers, but has not disclosed which bidder failed to secure a contract.
Draken International Mirage F1Ms bought from Spanish air force
Draken International
The USAF wants its third-party contractors to fly 30,000 adversary air sorties annually in the continental United States, Alaska and Hawaii, according to a request for proposals issued in August 2018. The service also wants aircraft for 10,000 close air support sorties annually in the continental United States to facilitate joint terminal attack controller training.
The USAF wants contractors with a mix of aircraft types for its fourth- and fifth-generation aircraft pilots to train against. All platforms must be able to carry government-supplied electronic countermeasures pods and infrared captive air training missiles, and be compatible with arresting systems on an airfield, among other common requirements.
Multiple companies have bought and overhauled ageing fighters from foreign countries to participate in the Combat Air Forces Contracted Air Support programme. For instance, Draken International bought a fleet of 22 Dassault Mirage F1Ms and F1Bs from the Spanish air force.
The Combat Air Forces Contracted Air Support programme is expected to run from this month until October 2024, according to the USAF.
Separately, the Pentagon is looking for ways to train its fighter pilots to combat stealth aircraft, such as China’s Chengdu J-20 or Russia’s Sukhoi Su-57. In 2017, the US Department of Defense funded the development and testing of a fifth-generation aerial target. Such an unmanned air vehicle would be a high-performance, fighter-sized aircraft that is intended to represent stealthy threats in training exercises.
It was recently discovered that the Samsung Galaxy S10 and S10+ have a major security flaw that makes it easy to bypass their fingerprint locks. On a scale of “one” to “not good,” we are definitely towards the right on this one.
To be fair, fingerprint sensors and other biometric security features aren’t ironclad; hackers can successfully get around these kinds of security measures, albeit with a fair amount of work. However, the Galaxy S10’s fingerprint sensor can be fooled with the simple addition of a screen protector or phone case made of silicone, tempered glass, or plastic. The interference from the protective material is apparently enough to confuse the sensor so anyone’s finger tap can unlock the phone. (Ugh.)
Firefox is the only browser that received top marks in a recent audit carried out by Germany’s cyber-security agency — the German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik — BSI).
The BSI tested Mozilla Firefox 68 (ESR), Google Chrome 76, Microsoft Internet Explorer 11, and Microsoft Edge 44. The tests did not include other browsers like Safari, Brave, Opera, or Vivaldi.
The BSI updated its guide to account for improved security measures added to modern browsers, such as HSTS, SRI, CSP 2.0, telemetry handling, and improved certificate handling mechanisms.
DoNotPay helps you get out of parking tickets and cancel forgotten subscriptions, and now it can call you when it’s your turn in a customer service phone queue. The app today is launching “Skip Waiting On Hold.” Just type in the company you need to talk to, and DoNotPay calls for you using tricks to get a human on the line quickly. Then it calls you back and connects you to the agent so you never have to listen to that annoying hold music.
And in case the company tries to jerk you around or screw you over, the DoNotPay app lets you instantly share to social media a legal recording of the call to shame them.
Skip Waiting On Hold comes as part of the $3 per month DoNotPay suite of services designed to save people time and money by battling bureaucracy on their behalf. It can handle DMV paperwork for you, write legal letters to scare businesses out of overcharging you and it provides a credit card that automatically cancels subscriptions when your free trial ends.
“I think the world would be a lot fairer place if people had someone fighting for them” says DoNotPay’s 22-year-old founder Joshua Browder. Indeed; $3 per month gets the iOS app‘s 10,000 customers unlimited access to all the features with no extra fees or commissions on money saved. “If DoNotPay takes a commission then we have an incentive to perpetuate the problems we are fighting against.”
[…]
he full list of DoNotPay services includes:
Customer service disputes where it contacts companies about refunds for Comcast bills, delayed flights, etc.
The free trial credit card that auto-cancels subscriptions before you’re actually charged
Traffic and parking appeals where it generates a letter for you based on answers to questions, like if signs were too hard to read or there was a mistake on the ticket
Hidden money discovery that finds refunds in your bank fees, identifies forgotten subscriptions, gets you free stuff on your birthday and more
Government paperworkassistance that can help you get DMV appointments and fill out forms
Today, when you use Wizards Unite or Pokémon Go or any of Niantic’s other apps, your every move is getting documented and stored—up to 13 times a minute, according to the results of a Kotaku investigation. Even players who know that the apps record their location data are usually astonished once they look at just how much they’ve told Niantic about their lives through their footsteps.
For years, users of these technologists’ products—from Google Street View to Pokémon Go—have been questioning how far they’re going with users’ information and whether those users are adequately educated on what they’re giving up and with whom it’s shared. In the process, those technologists have made mistakes, both major and minor, with regards to user privacy. As Niantic summits the world of augmented reality, it’s engineering that future of that big-money field, too. Should what Niantic does with its treasure trove of valuable data remain shrouded in the darkness particular to up-and-coming Silicon Valley darlings, that opacity might become so normalized that users lose any expectation of knowing how they’re being profited from.
Niantic publicly describes itself as a gaming company with an outsized passion for getting gamers outside. Its games, from Ingress to Pokémon Go to Wizards Unite, encourage players to navigate and interact with the real world around them, whether it be tree-lined suburbs, big cities, local landmarks, the Eiffel Tower, strip malls, or statues in the town square. Niantic’s ever-evolving gaming platform closely resembles Google Maps, in part because Niantic spawned from just that.
[…]
At 2019’s GDC, Hanke showed a video titled “Hyper-Reality,” by the media artist Keiichi Matsuda. It’s a dystopian look at a future in which the entire world is slathered with virtual overlays, an assault on the senses that everyone must view through an AR headset if they want to participate in modern society. In the video, the protagonist’s entire field of vision is a spread of neon notifications, apps, and advertisements, all viewed from a seat at the back of a city bus. Their hands swipe across a game they’re playing in augmented reality, while in the background an ad for Starbucks Coffee indicates they won a coupon for a free cup. Push notifications in their periphery indicate three new messages and directions for where to exit the bus. Walking through the aisle, where digital “get off now!” signs indicate it’s their stop, and onto the street, the physical world is annotated with virtual information. The more tasks they accomplish, the more points they receive. The whole world is now one big game. It showed a definitively dystopian vision of a world in which the barriers between IRL and URL have been fully collapsed.
Hanke said that the video made him feel “stressed and nervous.” Calling it a work of “critical design,” he noted that it was meant to question this dystopian future for AR, “a world where you’re tracked everywhere you go, where giant companies know everything about you, your identity is constantly at stake, and the world itself is noisy, and busy and plastered with distractions.”
But when a path appeared in front of the video’s protagonist showing them where to walk, Hanke’s response was: “That looks helpful.”
“Some people would say AR is a bad thing because we’ve seen this vision of how bad it can be,” Hanke said. “The point I want to make to you all is, it doesn’t have to be that way.” He showed an image of the Ferry Building, the 120-year-old piece of classical revival architecture in San Francisco where the company is currently headquartered. Just like in the video, it was overlaid with augmented reality windows showing the building’s history, a public transit schedule, and tabs for nearby restaurants. Hanke described a world where people can better navigate public transit and understand their surroundings because of digital mapping initiatives like Niantic. He talked about the possibility of hologram tour guides in San Francisco, and how they’d rely on a digital map to navigate their surroundings, and about designing shared experiences of Pokémon games in a Pokémon-augmented world.
[…]
Since its 2016 release, Pokémon Go has netted over $2.3 billion. In it, players collect items from PokeStops—also real-life locations and landmarks—so they can catch and collect Pokémon, which spawn around them. Almost immediately, Pokémon Go sparked its own privacy controversy, also blamed on a bug, which involved users giving Niantic a huge number of permissions: contacts, location, storage, camera and, for iPhone users, full Google account access, which was not integral to gameplay. Minnesota senator Al Franken penned a strongly-worded letter to Niantic about it, expressing concern “about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent.” Niantic said that the “account creation process on iOS erroneously requests full access permission,” adding that Pokémon Go only got user ID and email address info.
[…]
Players give Wizards Unite permission to track their movement using a combination of GPS, Wi-Fi, and mobile cell tower triangulation. To understand the extent of this location data, Kotaku asked for data from European players who had all filed personal information requests to Niantic under the GDPR, the European digital privacy legislation designed to give EU citizens more control over their personal data. Niantic sent these players all the data it had on them, which the players then shared with Kotaku.
The files we received contained detailed information about the lives of these players: the number of calories they likely burned during a given session, the distance they traveled, the promotions they engaged with. Crucially, each request also contained a large file of timestamped location data, as latitudes and longitudes.
In total, Kotaku analyzed more than 25,000 location records voluntarily shared with us by 10 players of Niantic games. On average, we found that Niantic kept about three location records per minute of gameplay of Wizards Unite, nearly twice as many as it did with Pokémon Go. For one player, Niantic had at least one location record taken during nearly every hour of the day, suggesting that the game was collecting data and sharing it with Niantic even when the player was not playing.
When Kotaku first asked Niantic why Wizards Unite was collecting location data even while the game was not actively being played, its first response was that we must be mistaken, since the game, it said, did not collect data while backgrounded. After we provided Niantic with more information about that player, it got back to us a few days later to let us know that its engineering team “did identify a bug in the Android version of the client code that led it to continue to ping our servers intermittently when the app was still open but had been backgrounded.” The bug, Niantic said, has now been fixed.
Because the location data collected by Wizards Unite and sent to Niantic is so granular, sometimes up to 13 location records a minute, it is possible to discern individual patterns of user behavior as well as intimate details about a player’s life.
[…]
Niantic is far from the only company collecting this sort of data. Last year, the New York Times published an expose on how over 75 companies receive pinpoint-accurate, anonymous location data from phone apps on over 200 million devices. Sometimes, these companies tracked users’ locations over 14,000 times a day. The result was always the same: Even though users had signed away their location data to these companies by agreeing to their user agreements, a lot of the time, they generally had no idea that companies were taking such exhaustive notes on what kind of person they are, where they’d been, where they were likely to go next, and whether they’d buy something there.
That Niantic is yet another company that can infer this type of mundane personal information may not be, in itself, surprising. Credit card companies, email providers, cellular services, and a variety of data brokers all have access to your personal information in increasingly opaque ways. Remember when Target figured out that a high school girl was pregnant before her family did?
It’s important to note that the personal data that players requested from Niantic and voluntarily shared with Kotaku is, according to Niantic, not something that a third party could buy from them, or otherwise be allowed to see. “Niantic does not share individual player data with third party sponsored location partners,” a representative said, adding that it uses “additional mechanisms to process the data so that it cannot be connected to an individual.”
Niantic’s Kawai told Kotaku that the anonymized data that Niantic shares with third parties is only in the form of “aggregated stats,” such as “how many people have had access or went to those in-game locations and how many actions people take in those in-game locations, how many PokeStop spins to get items happened on that day and… what unique number of people went to that location.”
“We don’t go any further than that,” he said.
The idea that data can successfully be anonymized has long been a contentious one. In July, researchers at Imperial College London were able to accurately reidentify 99.98 percent of Americans in an “anonymized” dataset. And in 2018, a New York Times investigation found that, when provided raw anonymized location data, companies could identify individuals with or without their consent. In fact, according to experts, it can take just four timestamped location records to specifically identify an individual from a collection of latitudes and longitudes that they have visited.
[…]
Niantic makes a staggering amount of money off in-game microtransactions, a reported $1.8 billion in Pokémon Go’s first two years. It also makes money from sponsorships. By late 2017, there were over 35,000 sponsored PokeStops, which players visited over 500 million times. Hanke described foot traffic as the “holy grail of retail businesses” in a 2017 talk to the Mobile World Congress. 13,000 of the sponsored stops were Starbucks locations.
[…]
“We have always been transparent about this product and feel it is a much better experience for our players than the kind of video and text ads frequently deployed in other mobile games,” Hanke told Kotaku. He then shared a link to an Ad Age article announcing Pokémon Go’s sponsored locations and detailing its “cost per visit” business model.
Big-money tech companies rarely make money in just one or two ways, and often inconspicuously employ money-making strategies that may be less palatable to privacy-minded consumers. Mobile app companies are notorious for this. One 2017 Oxford study, for example, analyzed 1 million smartphone apps and determined that the median Google Play Store app can share users’ behavioral data with 10 third parties, while one in five can share it with over 20. “Freemium” mobile apps can earn big revenue from sharing data with advertisers—and it’s all completely opaque to users, as a Buzzfeed News report explained in 2018.
A graph illustrating the number of location records captured for one Harry Potter: Wizards Unite user per minute, over the span of a few hours.
Image: Kotaku
Advertising market research company Emarketer projected that advertisers will spend $29 billion on location-targeted advertising, also referred to as “geoconquesting,” this year. Marketers target and tailor ads for app users in a specific location in real-time, segment a potential audience for an ad by location, learn about consumers based on where they were before they bought something, and connect online ads to offline purchases using location data—another manifestation of “ubiquitous computing.” One of the biggest location-targeted ad companies, GroundTruth, taps data from 120 million unique monthly users to drive people to businesses like Taco Bell, where it recently took credit for 170,000 visits after a location-targeted ad campaign.
[…]
Niantic said it is not in the business of selling user location data. But it will send its users to you. Wizards Unite recently partnered with Simon Malls, which owns over 200 shopping centers, to add “multiple sponsored Inns and Fortresses” at each location, “giving players more XP and more spell energy than at any other non-sponsored location in the U.S.”
[…]
If the goal is to unite the physical with the digital, insights gleaned from how long users loiter outside a Coach store and how long they might look at a Coach Instagram ad could be massively useful to these waning mall brands. Uniting these worlds for a field trip around Tokyo is one thing; uniting them to consolidate digital and physical ad profiles is another.
“This is a hot topic in mall operation—tracking the motion of people within a mall, what stores they’re going to, how long they’re going,” said Ron Merriman, a theme park business strategist based in Shanghai (who, he noted after we contacted him for this story, happened to go to business school with Hanke). Merriman says that tracking users in malls, aquariums, and theme parks to optimize merchandising, user experiences, and ad targeting is becoming the norm where he lives in Asia. Retailers polled by Emarketer in late 2018 planned on investing more in proximity and location-based marketing than other emerging, hot-topic technologies like AI.
“BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.
[…]
The leaked data shows that in 2015, BriansClub added just 1.7 million card records for sale. But business would pick up in each of the years that followed: In 2016, BriansClub uploaded 2.89 million stolen cards; 2017 saw some 4.9 million cards added; 2018 brought in 9.2 million more.
Between January and August 2019 (when this database snapshot was apparently taken), BriansClub added roughly 7.6 million cards.
Most of what’s on offer at BriansClub are “dumps,” strings of ones and zeros that — when encoded onto anything with a magnetic stripe the size of a credit card — can be used by thieves to purchase electronics, gift cards and other high-priced items at big box stores.
For the first time ever, meat was created in space — but no animals were harmed in the making of this 3D bioprinted “space beef.”
Aleph Farms, an Israeli food company, announced today (Oct. 7) that its experiment aboard the International Space Station resulted in the first-ever lab-grown meat in space. The company focuses on growing cultivated beef steaks, or growing an entire piece of real, edible meat out of just a couple of cells, in this case, bovine cell spheroids, in a lab.
On the space station, the experiment involved growing a piece of meat by mimicking a cow’s natural muscle-tissue regeneration process. Aleph Farms collaborated with the Russian company 3D Bioprinting Solutions and two U.S.-based food companies to test this method in space.
Cosmonaut Oleg Skripochka conducting the “cultivated beef steak” experiment aboard the International Space Station on Sept. 26, 2019.
(Image credit: Rocosmos)
On Sept. 26, the team established a proof of concept when the astronauts performing the test were able to produce a small piece of cow muscle tissue on the space station. The experiment took place inside of a 3D bioprinter developed by 3D Bioprinting Solutions. Bioprinting is a process in which biomaterials, like animal cells, are mixed with growth factors and the material “bioink,” and “printed” into a layered structure. In this case, the resulting structure is a piece of muscle tissue.
The “3D bioprinter is equipped with a magnetic force which aggregated the cells into one small-scaled tissue, which is what meat is constructed by,” Yoav Reisler, an external relations manager at Aleph Farms, told Space.com in an email.
But, while 3D bioprinting has been used and tested on Earth for things like producing cartilage tissue, it works a little differently in space. “Maturing of bioprinted organs and tissues in zero gravity proceeds much faster than in Earth gravity conditions. The tissue is being printed from all sides simultaneously, like making a snowball, while most other bioprinters create it layer by layer. On Earth, the cells always fall downward. In zero gravity, they hang in space and interfere only with each other. Layer by layer printing in gravity requires a support structure. Printing in zero gravity allows tissue to be created only with cell material, without any intermediate support,” Reisler added.
An image of small-scale muscle tissue made using bovine cell spheroids.
(Image credit: 3D Printing Solutions)
The reasoning behind Aleph Farm’s efforts to produce “slaughter-free meat in space,” as the company describes it, is because of climate change, according to a press release sent by the company to Space.com. Animal farming, as it is noted in the 2019 Intergovernmental Panel on Climate Change special report, with its requirement for huge amounts of water and energy, contributes in a significant way to climate change.
“Our planet is on fire and we have no other one today. Our primary goal is to make sure it remains the same blue planet we know also with our next generations,” Reisler said.
“In space, we don’t have 10,000 or 15,000 Liter (3962.58 Gallon) of water available to produce one Kg (2.205 Pound) of beef,” Didier Toubia, Co-Founder and CEO of Aleph Farms, said in the release. “This joint experiment marks a significant first step toward achieving our vision to ensure food security for generations to come, while preserving our natural resources.”
The company aims to build upon the success of this proof of concept experiment and, within a few years or so, make cultivated beef steaks available on Earth through “bio-farms” where they will grow this meat, Reisler added.
Elizabeth Warren has taken an attention-getting approach to attacking Facebook’s recent announcement that it won’t fact-check politicians’ posts. She’s running an ad on the social network that deliberately contains a falsehood.
“Breaking news: Mark Zuckerberg and Facebook just endorsed Donald Trump for re-election,” reads the ad, which Warren also tweeted out Saturday. The ad immediately corrects itself but says it’s making a point. “What Zuckerberg *has* done is given Trump free rein to lie on his platform,” it says, “and then pay Facebook gobs of money to push out their lies to American voters.”
Neither Facebook nor the White House immediately responded to a request for comment.
Late last month, Facebook said it exempts politicians from its third-party fact-checking process and that that’s been the policy for more than a year. The company treats speech from politicians “as newsworthy content that should, as a general rule, be seen and heard,” Facebook’s vice president of global affairs and communications, Nick Clegg, said at the time.
“We don’t believe … that it’s an appropriate role for us to referee political debates and prevent a politician’s speech from reaching its audience and being subject to public debate and scrutiny,” Clegg added.
Earlier this week, Facebook told Joe Biden’s presidential campaign that it wouldn’t remove an ad by Trump’s reelection campaign despite assertions that the ad contains misinformation about Biden. The 30-second video said Biden had threatened to withhold $1 billion from Ukraine unless officials there fired the prosecutor investigating a company that employed Biden’s son.
At the time, Tim Murtaugh, a spokesman for Trump’s campaign, said the ads were accurate. But Factcheck.org noted that while Biden did threaten to withhold US money from Ukraine, there’s no evidence he did this to help his son, which is what the Facebook ad implied. Factcheck.org also said there’s no evidence Biden’s son was ever under investigation and that Biden and the US weren’t alone in pressuring Ukraine to fire the prosecutor, who was widely seen as corrupt.
Responding to Facebook’s refusal to pull the ad, Biden spokesman T.J. Ducklo said at the time that “the spread of objectively false information to influence public opinion poisons the public discourse and chips away at our democracy. It is unacceptable for any social media company to knowingly allow deliberately misleading material to corrupt its platform.”
Warren has called for the breakup of Facebook and other big tech companies, saying in part that they wield too much influence. Other lawmakers have called for Facebook and rival platforms to be regulated as a way of addressing concerns about the spread of fake news, among other things.
A user got his revenge on the ransomware gang who encrypted his files by hacking their server and releasing the decryption keys for all other victims.
This happened earlier today and involved the Muhstik gang. Muhstik is a recent strain of ransomware that has been active since late September, according to reports [1, 2, 3].
This ransomware targets network-attached storage (NAS) devices made by Taiwanese hardware vendor QNAP. The gang behind the Muhstik ransomware is brute-forcing QNAP NAS devices that use weak passwords for the built-in phpMyAdmin service, according to a security advisory published by the company last week.
After gaining access to the phpMyAdmin installation, Muhstik operators encrypt users’ files and save a copy of the decryption keys on their command and control (C&C) server. QNAP files encrypted by Muhstik can be recognized by each file’s new “.muhstik” file extension.
Annoyed software dev hacks back
One of the gang’s victims was Tobias Frömel, a German software developer. Frömel was one of the victims who paid the ransom demand so he could regain access to his files.
However, after paying the ransom, Frömel also analyzed the ransomware, gained insight into how Muhstik operated, and then retrieved the crooks’ database from their server.
Besides releasing the decryption keys, the German developer also published a decrypter that all Muhstik victims can use to unlock their files. The decrypter is available on MEGA [VirusTotal scan], and usage instructions are avaiable on the Bleeping Computer forum.
In the meantime, Frömel has been busy notifying Muhstik victims on Twitter about the decrypter’s availability, advising users against paying the ransom.
Apple admits that it sends some user IP addresses to Tencent in the “About Safari & Privacy” section of its Safari settings which can be accessed on an iOS device by opening the Settings app and then selecting “Safari > About Privacy & Security.” Under the title “Fraudulent Website Warning,” Apple says:
“Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address.”
The “Fraudulent Website Warning” setting is toggled on by default which means that unless iPhone or iPad users dive two levels deep into their settings and toggle it off, their IP addresses may be logged by Tencent or Google when they use the Safari browser. However, doing this makes browsing sessions less secure and leaves users vulnerable to accessing fraudulent websites.
[…]
Even if people install a third-party browser on their iOS device, viewing web pages inside apps still opens them in an integrated form of Safari called Safari View Controller instead of the third-party browser. Tapping links inside apps also opens them in Safari rather than a third-party browser. These behaviors that force people back into Safari make it difficult for people to avoid the Safari browser completely when using an iPhone or iPad.
Now, Bengio says deep learning needs to be fixed. He believes it won’t realize its full potential, and won’t deliver a true AI revolution, until it can go beyond pattern recognition and learn more about cause and effect. In other words, he says, deep learning needs to start asking why things happen.
[…]
Machine learning systems including deep learning are highly specific, trained for a particular task, like recognizing cats in images, or spoken commands in audio. Since bursting onto the scene around 2012, deep learning has demonstrated a particularly impressive ability to recognize patterns in data; it’s been put to many practical uses, from spotting signs of cancer in medical scans to uncovering fraud in financial data.
But deep learning is fundamentally blind to cause and effect. Unlike a real doctor, a deep learning algorithm cannot explain why a particular image may suggest disease. This means deep learning must be used cautiously in critical situations.
[…]
At his research lab, Bengio is working on a version of deep learning capable of recognizing simple cause-and-effect relationships. He and colleagues recently posted a research paper outlining the approach. They used a dataset that maps causal relationships between real-world phenomena, such as smoking and lung cancer, in terms of probabilities. They also generated synthetic datasets of causal relationships.
[…]
Others believe the focus on deep learning may be part of the problem. Gary Marcus, a professor emeritus at NYU and the author of a recent book that highlights the limits of deep learning, Rebooting AI: Building Artificial Intelligence We Can Trust, says Bengio’s interest in causal reasoning signals a welcome shift in thinking.
“Too much of deep learning has focused on correlation without causation, and that often leaves deep learning systems at a loss when they are tested on conditions that aren’t quite the same as the ones they were trained on,” he says.
Marcus adds that the lesson from human experience is obvious. “When children ask ‘why?’ they are asking about causality,” he says. “When machines start asking why, they will be a lot smarter.”
This is a hugely important – and old – question in this field. Without the ‘why’, humans must ‘just trust’ answers given by AI that seem intuitively strange. When you’re talking about health care or human related activities such as liability ‘just accept what I’m telling you’ isn’t good enough.
Citing sources familiar with the program, Bloomberg reported Thursday that “dozens” of workers for the e-commerce giant who are based in Romania and India are tasked with reviewing footage collected by Cloud Cams—Amazon’s app-controlled, Alexa-compatible indoor security devices—to help improve AI functionality and better determine potential threats. Bloomberg reported that at one point, these human workers were responsible for reviewing and annotating roughly 150 security snippets of up to 30 seconds in length each day that they worked.
Two sources who spoke with Bloomberg told the outlet that some clips depicted private imagery, such as what Bloomberg described as “rare instances of people having sex.” An Amazon spokesperson told Gizmodo that reviewed clips are submitted either through employee trials or customer feedback submissions for improving the service.
[…]
So to be clear, customers are sharing clips for troubleshooting purposes, but they aren’t necessarily aware of what happens with that clip after doing so.
More troubling, however, is an accusation from one source who spoke with Bloomberg that some of these human workers tasked with annotating the clips may be sharing them with members outside of their restricted teams, despite the fact that reviews happen in a restricted area that prohibits phones. When asked about this, a spokesperson told Gizmodo by email that Amazon’s rules “strictly prohibit employee access to or use of video clips submitted for troubleshooting, and have a zero tolerance policy for about of our systems.”
[…]
To be clear, it’s not just Amazon who’s been accused of allowing human workers to listen in on whatever is going on in your home. Motherboard has reported that both Xbox recordings and Skype calls are reviewed by human contractors. Apple, too, was accused of capturing sensitive recordings that contractors had access to. The fact is these systems just aren’t ready for primetime and need human intervention to function and improve—a fact that tech companies have successfully downplayed in favor of appearing to be magical wizards of innovation.
System76, the Denver-based Linux PC manufacturer and developer of Pop OS, has some stellar news for those of us who prefer our laptops a little more open. Later this month the company will begin shipping two of their laptop models with its Coreboot-powered open source firmware.
The Darter Pro laptop
System76
Beginning today, System76 will start taking pre-orders for both the Galago Pro and Darter Pro laptops. The systems will ship out later in October, and include the company’s Coreboot-based open source firmware which was previously teased at the 2019 Open Source Firmware Conference.
(Coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.)
What’s so great about ripping out the proprietary firmware included in machines like this and replacing it with an open alternative? To begin with, it’s leaner. System76 claims that users can boot from power off to the desktop 29% faster with its Coreboot-based firmware.
The U.S. is slowly being gripped by a flooding crisis as seas rise and waterways overflow with ever more alarming frequency. An idea at the forefront for how to help Americans cope is so-called managed retreat, a process of moving away from affected areas and letting former neighborhoods return to nature. It’s an idea increasingly en vogue as it becomes clearer that barriers won’t be enough to keep floodwaters at bay.
But new research shows a startling finding: Americans are already retreating. More than 40,000 households have been bought out by the federal government over the past three decades. The research published in Science Advances on Wednesday also reveals that there are disparities between which communities opt-in for buyout programs and, even more granularly, which households take the offers and relocate away. The cutting-edge research answers questions that have been out there for a while and raises a whole host of new ones that will only become more pressing in the coming decades as Earth continues to warm.
“People are using buyouts and doing managed retreat,” AR Siders, a climate governance researcher at Harvard and study author, said during a press call. “No matter how difficult managed retreat sounds, we know that there are a thousand communities in the United States, all over the country, who have made it work. I want to hear their stories, I want to know how they did it.”
“The anti-climate effort has been largely underwritten by conservative billionaires,” says the Guardian, “often working through secretive funding networks. They have displaced corporations as the prime supporters of 91 think tanks, advocacy groups and industry associations which have worked to block action on climate change.”
The annual Misery Index ranks the most and least miserable countries, based on four economic factors—unemployment, inflation, lending rates, and GDP growth.
Twitter says it was just an accident that caused the microblogging giant to let advertisers use private information to better target their marketing materials at users.
The social networking giant on Tuesday admitted to an “error” that let advertisers have access to the private information customers had given Twitter in order to place additional security protections on their accounts.
“We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system,” Twitter said.
“When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize.”
Twitter assures users that no “personal” information was shared, though we’re not sure what Twitter would consider “personal information” if your phone number and email address do not meet the bar.
The FBI routinely misused a database, gathered by the NSA with the specific purpose of searching for foreign intelligence threats, by searching it for everything from vetting to spying on relatives.
In doing so, it not only violated the law and the US constitution but knowingly lied to the faces of congressmen who were asking the intelligence services about this exact issue at government hearings, hearings that were intended to find if there needed to be additional safeguards added to the program.
That is the upshot of newly declassified rulings of the secret FISC court that decides issues of spying and surveillance within the United States.
On Tuesday, in a year-old ruling [PDF] that remains heavily redacted, everything that both privacy advocates and a number of congressmen – particularly Senator Ron Wyden (D-OR) – feared was true of the program turned out to be so, but worse.
Even though the program in question – Section 702 – is specifically designed only to be used for US government agencies to be allowed to search for evidence of foreign intelligence threats, the FBI gave itself carte blanche to search the same database for US citizens by stringing together a series of ridiculous legal justifications about data being captured “incidentally” and subsequent queries of that data not requiring a warrant because it had already been gathered.
Despite that situation, the FBI repeatedly assured lawmakers and the courts that it was using its powers in a very limited way. Senator Wyden was not convinced and used his position to ask questions about the program, the answers to which raised ever greater concerns.
For example, while the NSA was able to outline the process by which its staff was allowed to make searches on the database, including who was authorized to dig further, and it was able to give a precise figure for how many searches there had been, the FBI claimed it was literally not able to do so.
Free for all
Any FBI agent was allowed to search the database, it revealed under questioning, any FBI agent was allowed to de-anonymize the data and the FBI claimed it did not have a system to measure the number of search requests its agents carried out.
In a year-long standoff between Senator Wyden and the Director of National Intelligence, the government told Congress it was not able to get a number for the number of US citizens whose details had been brought up in searches – something that likely broke the Fourth Amendment.
Today’s release of the FISC secret opinion reveals that giving the FBI virtually unrestricted access to the database led to exactly the sort of behavior that people were concerned about: vast number of searches, including many that were not remotely justified.
For example, the DNI told Congress that in 2016, the NSA had carried out 30,355 searches on US persons within the database’s metadata and 2,280 searches on the database’s content. The CIA had carried out 2,352 search on content for US persons in the same 12-month period. The FBI said it had no way to measure it the number of searches it ran.
But that, it turns out, was a bold-faced lie. Because we now know that the FBI carried out 6,800 queries of the database in a single day in December 2017 using social security numbers. In other words, the FBI was using the NSA’s database at least 80 times more frequently than the NSA itself.
The FBI’s use of the database – which, again, is specifically defined in law as only being allowed to be used for foreign intelligence matters – was completely routine. And a result, agents started using it all the time for anything connected to their work, and sometimes their personal lives.
In the secret court opinion, now made public (but, again, still heavily redacted), the government was forced to concede that there were “fundamental misunderstandings” within the FBI staff over what criteria they needed to meet before carrying out a search.
Basically sim swapping, man in the middle attacks and poor URL protections
FBI warns about SIM swapping and tools like Muraen and NecroBrowser.
“The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks,” the FBI wrote in a Private Industry Notification (PIN) sent out on September 17.
Past incidents of MFA bypasses
While nowadays there are multiple ways of bypassing MFA protections, the FBI alert specifically warned about SIM swapping, vulnerabilities in online pages handling MFA operations, and the use of transparent proxies like Muraen and NecroBrowser.
To get the point across, the FBI listed recent incidents where hackers had used these techniques to bypass MFA and steal money from companies and regular users alike. We cite from the report:
In 2016 customers of a US banking institution were targeted by a cyber attacker who ported their phone numbers to a phone he owned-an attack called SIM swapping. The attacker called the phone companies’ customer service representatives, finding some who were more willing to provide him information to complete the SIM swap. Once the attacker had control over the customers’ phone numbers, he called the bank to request a wire transfer from the victims’ accounts to another account he owned. The bank, recognizing the phone number as belonging to the customer, did not ask for full security questions but requested a one-time code sent to the phone number from which he was calling. He also requested to change PINs and passwords and was able to attach victims’ credit card numbers to a mobile payment application.
Over the course of 2018 and 2019, the FBI’s Internet Crime Complaint Center and FBI victim complaints observed the above attack-SIM swapping-as a common tactic from cyber criminals seeking to circumvent two-factor authentication. Victims of these attacks have had their phone numbers stolen, their bank accounts drained, and their passwords and PINs changed. Many of these attacks rely on socially engineering customer service representatives for major phone companies, who give information to the attackers.
In 2019 a US banking institution was targeted by a cyber attacker who was able to take advantage of a flaw in the bank’s website to circumvent the two-factor authentication implemented to protect accounts. The cyber attacker logged in with stolen victim credentials and, when reaching the secondary page where the customer would normally need to enter a PIN and answer a security question, the attacker entered a manipulated string into the Web URL setting the computer as one recognized on the account. This allowed him to bypass the PIN and security question pages and initiate wire transfers from the victims’ accounts.
In February 2019 a cyber security expert at the RSA Conference in San Francisco, demonstrated a large variety of schemes and attacks cyber actors could use to circumvent multi-factor authentication. The security expert presented real-time examples of how cyber actors could use man-in-the-middle attacks and session hijacking to intercept the traffic between a user and a website to conduct these attacks and maintain access for as long as possible. He also demonstrated social engineering attacks, including phishing schemes or fraudulent text messages purporting to be a bank or other service to cause a user to log into a fake website and give up their private information.
At the June 2019 Hack-in-the-Box conference in Amsterdam, cyber security experts demonstrated a pair of tools – Muraena and NecroBrowser – which worked in tandem to automate a phishing scheme against users of multi-factor authentication. The Muraena tool intercepts traffic between a user and a target website where they are requested to enter login credentials and a token code as usual. Once authenticated, NecroBrowser stores the data for the victims of this attack and hijacks the session cookie, allowing cyber actors to log into these private accounts, take them over, and change user passwords and recovery e-mail addresses while maintaining access as long as possible.
MFA is still effective
The FBI made it very clear that its alert should be taken only as a precaution, and not an attack on the efficiency of MFA, which the agency still recommends. The FBI still recommends that companies use MFA.
Each of the newly discovered moons is about five kilometers, or three miles, in diameter. Seventeen of them orbit the planet backwards, or in a retrograde direction, meaning their movement is opposite of the planet’s rotation around its axis. The other three moons orbit in the prograde—the same direction as Saturn rotates.
Two of the prograde moons are closer to the planet and take about two years to travel once around Saturn. The more-distant retrograde moons and one of the prograde moons each take more than three years to complete an orbit.
Rapid progress in research involving miniature human brains grown in a dish has led to a host of ethical concerns, particularly when these human brain cells are transplanted into nonhuman animals. A new paper evaluates the potential risks of creating “humanized” animals, while providing a pathway for scientists to move forward in this important area.
Neuroscientist Isaac Chen from the Perelman School of Medicine at the University of Pennsylvania, along with his colleagues, has written a timely Perspective paper published today in the science journal Cell Stem Cell. The paper was prompted by recent breakthroughs involving the transplantation of human brain organoids into rodents—a practice that’s led to concerns about the “humanization” of lab animals.
In their paper, the authors evaluate the current limits of this biotechnology and the potential risks involved, while also looking ahead to the future. Chen and his colleagues don’t believe anything needs to be done right now to limit these sorts of experiments, but that could change once scientists start to enhance certain types of brain functions in chimeric animals, that is, animals endowed with human attributes, in this case human brain cells.
In the future, the authors said, scientists will need to be wary of inducing robust levels of consciousness in chimeric animals and even stand-alone brain organoids, similar to the sci-fi image of a conscious brain in a vat.
Cross-section of a brain organoid.
Image: Trujillo et al., 2019, Cell Stem Cell
Human brain organoids are proving to be remarkably useful. Made from human stem cells, brain organoids are tiny clumps of neural cells which scientists can use in their research.
To be clear, pea-sized organoids are far too basic to induce traits like consciousness, feelings, or any semblance of awareness, but because they consist of living human brain cells, scientists can use them to study brain development, cognitive disorders, and the way certain diseases affect the brain, among other things. And in fact, during the opening stages of the Zika outbreak, brain organoids were used to study how the virus infiltrates brain cells.
The use of brain organoids in this way is largely uncontroversial, but recent research involving the transplantation of human brain cells into rodent brains is leading to some serious ethical concerns, specifically the claim that scientists are creating part-human animals.
Anders Sandberg, a researcher at the University of Oxford’s Future of Humanity Institute, said scientists are not yet able to generate full-sized brains due to the lack of blood vessels, supporting structure, and other elements required to build a fully functioning brain. But that’s where lab animals can come in handy.
“Making organoids of human brain cells is obviously interesting both for regenerating brain damage and for research,” explained Sandberg, who’s not affiliated with the new paper. “They do gain some structure, even though it is not like a full brain or even part of a brain. One way of getting around the problem of the lack of blood vessels in a petri dish is to implant them in an animal,” he said. “But it’s at this point when people start to get a bit nervous.”
The concern, of course, is that the human neural cells, when transplanted into a nonhuman animal, say a mouse or rat, will somehow endow the creature with human-like traits, such as greater intelligence, more complex emotions, and so on.
The next time you’re hunting for a parking spot, mathematics could help you identify the most efficient strategy, according to a recent paper in the Journal of Statistical Mechanics. It’s basically an optimization problem: weighing different variables and crunching the numbers to find the optimal combination of those factors. In the case of where to put your car, the goal is to strike the optimal balance of parking close to the target—a building entrance, for example—without having to waste too much time circling the lot hunting for the closest space.
Paul Krapivsky of Boston University and Sidney Redner of the Santa Fe Institute decided to build their analysis around an idealized parking lot with a single row (a semi-infinite line), and they focused on three basic parking strategies. A driver who employs a “meek” strategy will take the first available spot, preferring to park as quickly as possible even if there might be open spots closer to the entrance. A driver employing an “optimistic” strategy will go right to the entrance and then backtrack to find the closest possible spot.
Finally, drivers implementing a “prudent” strategy will split the difference. They might not grab the first available spot, figuring there will be at least one more open spot a bit closer to the entrance. If there isn’t, they will backtrack to the space a meek driver would have claimed immediately.
[…]
Based on their model, the scientists concluded that the meek strategy is the least effective of the three, calling it “risibly inefficient” because “many good parking spots are unfilled and most cars are parked far from the target.”
Determining whether the optimistic or prudent strategy was preferable proved trickier, so they introduced a cost variable. They defined it as “the distance from the parking spot to the target plus time wasted looking for a parking spot.” Their model also assumes the speed of the car in the lot is the same as average walking speed.
“On average, the prudent strategy is less costly,” the authors concluded. “Thus, even though the prudent strategy does not allow the driver to take advantage of the presence of many prime parking spots close to the target, the backtracking that must always occur in the optimistic strategy outweighs the benefit.” Plenty of people might indeed decide that walking a bit farther is an acceptable tradeoff to avoid endlessly circling a crowded lot hunting for an elusive closer space. Or maybe they just want to rack up a few extra steps on their FitBit.
The authors acknowledge some caveats to their findings. This is a “minimalist physics-based” model, unlike more complicated models used in transportation studies that incorporate factors like parking costs, time limits, and so forth. And most parking lots are not one-dimensional (a single row). The model used by the authors also assumes that cars enter the lot from the right at a fixed rate, and every car will have time to find a spot before the next car enters—a highly unrealistic scenario where there is no competition between cars for a given space. (Oh, if only…)
