Microsoft says miscreants accessed some of its customers’ webmail inboxes and account data after a support rep’s administrative account was hijacked.
The Redmond software giant has sent Hotmail, MSN, and Outlook cloud users notifications that the unnamed customer support rep’s account was compromised by hackers who would have subsequently gained “limited access” to certain parts of some customer email accounts, including the ability to read messages in particular cases.
In the alert, Microsoft warns its punters that, between January 1 and March 28 of this year, the attacker, or attackers, would have had the ability to extract certain information from their inboxes, including the subject names of messages, folder names, contact lists, and user email address. The intrusion was limited to consumer (read: free) Microsoft email accounts.
While the aforementioned leaked notification claims the hackers would not have been able to read the content of messages, Microsoft would later admit – after media reports over the weekend – that the intruders could have accessed the contents of messages belonging to a subset of those impacted by the admin account hijacking.
Finally stopped using Internet Explorer? Good! But, now it’s time to completely delete it from your computer, too.
Security researcher John Page has discovered a new security flaw that allows hackers to steal Windows users’ data thanks to Internet Explorer. The craziest part: Windows users don’t ever even have to open the now-obsolete web browser for malicious actors to use the exploit. It just needs to exist on their computer.
“Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally,” writes Page. “This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.”
Basically, what this means is that hackers are taking advantage of a vulnerability using .MHT files, which is the file format used by Internet Explorer for its web archives. Current web browsers do not use the .MHT format, so when a PC user attempts to access this file Windows opens IE by default.
To initiate the exploit, a user simply needs to open an attachment received by email, messenger, or other file transfer service.
Android TV is an operating system designed specifically for SmartTV
purposes and is developed by Google. Android TV is basically a smart
entertainment platform that comes built into a number of TVs (primarily
from Sony, Panasonic, Sharp, etc..) but also in a number of streaming
video players like Android TV Boxes and the most popular one, the Nvidia
Shield.
To that end, Android TV is considerably similar to iOS or
Android. It’s basically an operating system for a TV. It’s capable of
supporting various apps, games, and TV shows that you normally navigate
with a remote on your TV.
Why did the frog cross the road? Well, a new artificial intelligent (AI) agent that can play the classic arcade game Frogger not only can tell you why it crossed the road, but it can justify its every move in everyday language.
Developed by Georgia Tech, in collaboration with Cornell and the University of Kentucky, the work enables an AI agent to provide a rationale for a mistake or errant behavior, and to explain it in a way that is easy for non-experts to understand.
This, the researchers say, may help robots and other types of AI agents seem more relatable and trustworthy to humans. They also say their findings are an important step toward a more transparent, human-centered AI design that understands people’s preferences and prioritizes people’s needs.
“If the power of AI is to be democratized, it needs to be accessible to anyone regardless of their technical abilities,” said Upol Ehsan, Ph.D. student in the School of Interactive Computing at Georgia Tech and lead researcher.
“As AI pervades all aspects of our lives, there is a distinct need for human-centered AI design that makes black-boxed AI systems explainable to everyday users. Our work takes a formative step toward understanding the role of language-based explanations and how humans perceive them.”
The study was supported by the Office of Naval Research (ONR).
Researchers developed a participant study to determine if their AI agent could offer rationales that mimicked human responses. Spectators watched the AI agent play the videogame Frogger and then ranked three on-screen rationales in order of how well each described the AI’s game move.
Of the three anonymized justifications for each move – a human-generated response, the AI-agent response, and a randomly generated response – the participants preferred the human-generated rationales first, but the AI-generated responses were a close second.
Frogger offered the researchers the chance to train an AI in a “sequential decision-making environment,” which is a significant research challenge because decisions that the agent has already made influence future decisions. Therefore, explaining the chain of reasoning to experts is difficult, and even more so when communicating with non-experts, according to researchers.
[…]
By a 3-to-1 margin, participants favored answers that were classified in the “complete picture” category. Responses showed that people appreciated the AI thinking about future steps rather than just what was in the moment, which might make them more prone to making another mistake. People also wanted to know more so that they might directly help the AI fix the errant behavior.
[…]
The research was presented in March at the Association for Computing Machinery’s Intelligent User Interfaces 2019 Conference. The paper is titled Automated Rationale Generation: A Technique for Explainable AI and its Effects on Human Perceptions. Ehsan will present a position paper highlighting the design and evaluation challenges of human-centered Explainable AI systems at the upcoming Emerging Perspectives in Human-Centered Machine Learning workshop at the ACM CHI 2019 conference, May 4-9, in Glasgow, Scotland.
The Information Commissioner’s Office has fined commercial pregnancy and parenting club Bounty some £400,000 for illegally sharing personal details of more than 14 million people.
The organisation, which dishes out advice to expectant and inexperienced parents, has faced criticism over the tactics it uses to sign up new members and was the subject of a campaign to boot its reps from maternity wards.
[…]
the business had also worked as a data brokering service until April last year, distributing data to third parties to then pester unsuspecting folk with electronic direct marketing. By sharing this information and not being transparent about its uses while it was extracting the stuff, Bounty broke the Data Protection Act 1998.
Bounty shared roughly 34.4 million records from June 2017 to April 2018 with credit reference and marketing agencies. Acxiom, Equifax, Indicia and Sky were the four biggest of the 39 companies that Bounty told the ICO it sold stuff to.
This data included details of new mother and mothers-to-be but also of very young children’s birth dates and their gender.
China’s largest stock photo flinger has been forced to backtrack after it tried to put its own price tags on images of the first black hole and the Chinese flag.
Visual China Group reportedly tried to hawk out the first-ever image of a supermassive black hole and its shadow, which was the painstaking work of boffins running the Event Horizon Telescope.
The website is reported to have tried to suck users into payment, describing the picture, on which it affixed its logo, as an “editorial image” and directed users to dial a customer rep to discuss commercial use.
The pic pushers were also said to have drawn criticism for asking for payment for images such as China’s flag and logos of companies including Baidu.
After the Tianjin city branch of China’s internet overseer stepped in, Visual China apologised and said that it would “learn from these lessons” and “seriously rectify” the problem.
A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned.
The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exploited flaws on at least three of the organization’s chapter websites — which we’re not naming — and downloaded the contents of each web server.
The hackers then put the data up for download on their own website, which we’re also not naming nor linking to given the sensitivity of the data.
The spreadsheets contained about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses. The FBINAA could not be reached for comment outside of business hours. If we hear back, we’ll update.
TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday.
“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.
The hacker claimed to have “over a million data” [sic] on employees across several U.S. federal agencies and public service organizations.
It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dark web, but the hackers said they would offer the data for free to show that they had something “interesting.”
[…]
The hacker — one of more than ten, they said — used public exploits, indicating that many of the websites they hit weren’t up-to-date and had outdated plugins.
[…]
Their end goal: “Experience and money,” the hacker said.
Electronic health records store valuable information about hospital patients, but they’re often sparse and unstructured, making them difficult for potentially labor- and time-saving AI systems to parse. Fortunately, researchers at New York University and Princeton have developed a framework that evaluates clinical notes (i.e., descriptions of symptoms, reasons for diagnoses, and radiology results) and autonomously assigns a risk score indicating whether patients will be readmitted within 30 days. They claim that the code and model parameters, which are publicly available on Github, handily outperform baselines.
“Accurately predicting readmission has clinical significance both in terms of efficiency and reducing the burden on intensive care unit doctors,” the paper’s authors wrote. “One estimate puts the financial burden of readmission at $17.9 billion dollars and the fraction of avoidable admissions at 76 percent.”
Sonos stands accused of seeking to obtain “excessive” amounts of personal data without valid consent in a complaint filed with the UK’s data watchdog.
The complaint, lodged by tech lawyer George Gardiner in a personal capacity, challenges the Sonos privacy policy’s compliance with the General Data Protection Regulation and the UK’s implementation of that law.
It argues that Sonos had not obtained valid consent from users who were asked to agree to a new privacy policy and had failed to meet privacy-by-design requirements.
The company changed its terms in summer 2017 to allow it to collect more data from its users – ostensibly because it was launching voice services. Sonos said that anyone who didn’t accept the fresh Ts&Cs would no longer be able to download future software updates.
Sonos denied at the time that this was effectively bricking the system, but whichever way you cut it, the move would deprecate the kit of users that didn’t accept the terms. The app controlling the system would also eventually become non-functional.
Gardiner pointed out, however, that security risks and an interest in properly maintaining an expensive system meant there was little practical alternative other than to update the software.
This resulted in a mandatory acceptance of the terms of the privacy policy, rendering any semblance of consent void.
“I have no option but to consent to its privacy policy otherwise I will have over £3,000 worth of useless devices,” he said in a complaint sent to the ICO and shared with The Register.
Users setting up accounts are told: “By clicking on ‘Submit’ you agree to Sonos’ Terms and Conditions and Privacy Policy.” This all-or-nothing approach is contrary to data protection law, he argued.
Sonos collects personal data in the form of name, email address, IP addresses and “information provided by cookies or similar technology”.
The system also collects data on room names assigned by users, the controller device, the operating system of the device a person uses and content source.
Sonos said that collecting and processing this data – a slurp that users cannot opt out of – is necessary for the “ongoing functionality and performance of the product and its ability to interact with various services”.
But Gardiner questioned whether it was really necessary for Sonos to collect this much data, noting that his system worked without it prior to August 2017. He added that he does not own a product that requires voice recognition.
I am in the exact same position – suddenly I had to accept an invasive change of privacy policy and earlier in March I also had to log in with a Sonos account in order to get the kit working (it wouldn’t update without logging in and the app only showed the login and update page). This is not what I signed up for when I bought the (expensive!) products.
Two out of three hotel websites inadvertently leak guests’ booking details and personal data to third-party sites, including advertisers and analytics companies, according to research released by Symantec Corp on Wednesday.
The study, which looked at more than 1,500 hotel websites in 54 countries that ranged from two-star to five-star properties, comes several months after Marriott International disclosed one of the worst data breaches in history.
Symantec said Marriott was not included in the study.
Compromised personal information includes full names, email addresses, credit card details and passport numbers of guests that could be used by cybercriminals who are increasingly interested in the movements of influential business professionals and government employees, Symantec said.
“While it’s no secret that advertisers are tracking users’ browsing habits, in this case, the information shared could allow these third-party services to log into a reservation, view personal details and even cancel the booking altogether,” said Candid Wueest, the primary researcher on the study.
The research showed compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information. The reference code attached to the link could be shared with more than 30 different service providers, including social networks, search engines and advertising and analytics services.
You might not even know what options you can tweak (or turn off) in your operating system, which is where the cleverly named O&O ShutUp10application comes in to play. It’s a simple application that makes it incredibly easy to tweak various aspects of Windows 10 that are normally buried or otherwise inaccessible to regular people. More importantly, the app comes with some helpful warnings so you don’t accidentally disable something you shouldn’t (like automatic updates)
To get started, all you have to do is download the app and run it. That’s it. There’s no installation to speak of, which already makes me thrilled. When the app loads, it’ll look like this:
You’ll see a bunch of different options you can turn on and off—some might already be enabled—as well as a handy “recommend” column that gives you a little more advice as to whether you should really mess with that setting or not. What I love about O&O ShutUp10, though, is that you can get even more information about what each setting means by simply hovering your mouse over each line and clicking, like so:
Screenshot: David Murphy
While you probably shouldn’t just go through and enable everything that’s recommended en masse, I would use that little green checkmark as a guide while you explore the app. Enable any related setting and you’re probably fine. Once you start getting into the yellow “limited” category, however, it gets a bit dicier. You might not want to, for example, disable all apps from accessing your microphone or camera—or maybe you do. Just remember you toggled that setting the next time you’re about to hop on a video conference.
Charges announced by the Justice Department on Thursday against WikiLeaks founder Julian Assange provide fresh insight into why federal prosecutors sought to question whistleblower Chelsea Manning last month before a federal grand jury in the Eastern District of Virginia.
Manning, convicted in 2013 of leaking classified U.S. government documents to WikiLeaks, was jailed in early March as a recalcitrant witness after refusing to answer the grand jury’s questions. After her arrest, she was held in solitary confinement in a Virginia jail for nearly a month before being moved into its general population—all in an attempt to coerce her into answering questions about conversations she allegedly had with Assange at the time of her illegal disclosures, according to court filings.
Though Manning confessed to leaking more than 725,000 classified documents to WikiLeaks following her deployment to Iraq in 2009—including battlefield reports and five Guantanamo Bay detainee profiles—she was charged with leaking portions of only a couple hundred documents, including dozens of diplomatic cables that have since been declassified.
British authorities on Thursday removed Assange from the Ecuadorian embassy in London, his home for nearly seven years, following Ecuador’s decision to rescind his asylum. The U.S. government has requested that he be extradited to the United States to face a federal charge of conspiracy to commit computer crimes.
We’ve been trying to explain for the past few months just how absolutely insane the new EU Terrorist Content Regulation will be for the internet. Among many other bad provisions, the big one is that it would require content removal within one hour as long as any “competent authority” within the EU sends a notice of content being designated as “terrorist” content. The law is set for a vote in the EU Parliament just next week.
And as if they were attempting to show just how absolutely insane the law would be for the internet, multiple European agencies (we can debate if they’re “competent”) decided to send over 500 totally bogus takedown demands to the Internet Archive last week, claiming it was hosting terrorist propaganda content.
In the past week, the Internet Archive has received a series of email notices from Europol’s European Union Internet Referral Unit (EU IRU) falsely identifying hundreds of URLs on archive.org as “terrorist propaganda”. At least one of these mistaken URLs was also identified as terrorist content in a separate take down notice from the French government’s L’Office Central de Lutte contre la Criminalité liée aux Technologies de l’Information et de la Communication (OCLCTIC).
And, as the Archive explains, there’s simply no way that (1) the site could have complied with the Terrorist Content Regulation had it been law last week when they received the notices, and (2) that they should have blocked all that obviously non-terrorist content.
The Internet Archive has a few staff members that process takedown notices from law enforcement who operate in the Pacific time zone. Most of the falsely identified URLs mentioned here (including the report from the French government) were sent to us in the middle of the night – between midnight and 3am Pacific – and all of the reports were sent outside of the business hours of the Internet Archive.
The one-hour requirement essentially means that we would need to take reported URLs down automatically and do our best to review them after the fact.
It would be bad enough if the mistaken URLs in these examples were for a set of relatively obscure items on our site, but the EU IRU’s lists include some of the most visited pages on archive.org and materials that obviously have high scholarly and research value.
Those are the requests from Europol, who unfortunately likely qualify as a “competent” authority under the law. The Archive also points out the request from both Europol and the French computer crimes unit targeting a page providing commentary on the Quran as being terrorist content. The French agency told the Archive it needed to take down that content within 24 hours or the Archive may get blocked in France.
because WPA2 is more than 14 years old, the Wi-Fi Alliance recently announced the new and more secure WPA3 protocol. One of the main advantages of WPA3 is that, thanks to its underlying Dragonfly handshake, it’s near impossible to crack the password of a network. Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the network. This allows the adversary to steal sensitive information such as credit cards, password, emails, and so on, when the victim uses no extra layer of protection such as HTTPS. Fortunately, we expect that our work and coordination with the Wi-Fi Alliance will allow vendors to mitigate our attacks before WPA3 becomes widespread.
The Dragonfly handshake, which forms the core of WPA3, is also used on certain Wi-Fi networks that require a username and password for access control. That is, Dragonfly is also used in the EAP-pwd protocol. Unfortunately, our attacks against WPA3 also work against EAP-pwd, meaning an adversary can even recover a user’s password when EAP-pwd is used. We also discovered serious bugs in most products that implement EAP-pwd. These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password. Although we believe that EAP-pwd is used fairly infrequently, this still poses serious risks for many users, and illustrates the risks of incorrectly implementing Dragonfly.
The technical details behind our attacks against WPA3 can be found in our detailed research paper titled Dragonblood: A Security Analysis of WPA3’s SAE Handshake. The details of our EAP-pwd attacks are explained on this website.
[…]
The discovered flaws can be abused to recover the password of the Wi-Fi network, launch resource consumption attacks, and force devices into using weaker security groups. All attacks are against home networks (i.e. WPA3-Personal), where one password is shared among all users. Summarized, we found the following vulnerabilities in WPA3:
CERT ID #VU871675: Downgrade attack against WPA3-Transtition mode leading to dictionary attacks.
CERT ID #VU871675: Security group downgrade attack against WPA3’s Dragonfly handshake.
CVE-2019-9494: Timing-based side-channel attack against WPA3’s Dragonfly handshake.
CVE-2019-9494: Cache-based side-channel attack against WPA3’s Dragonfly handshake.
CERT ID #VU871675: Resource consumption attack (i.e. denial of service) against WPA3’s Dragonfly handshake.
[…]
We have made scripts to test for certain vulnerabilities:
Dragonslayer: implements attacks against EAP-pwd (to be released shortly).
Dragondrain: this tool can be used to test to which extend an Access Point is vulnerable to denial-of-service attacks against WPA3’s SAE handshake.
Dragontime: this is an experimental tool to perform timing attacks against the SAE handshake if MODP group 22, 23, or 24 is used. Note that most WPA3 implementations by default do not enable these groups.
Dragonforce: this is an experimental tool which takes the information recover from our timing or cache-based attacks, and performs a password partitioning attack. This is similar to a dictionary attack.
Seven people, described as having worked in Amazon’s voice review program, told Bloomberg that they sometimes listen to as many as 1,000 recordings per shift, and that the recordings are associated with the customer’s first name, their device’s serial number, and an account number. Among other clips, these employees and contractors said they’ve reviewed recordings of what seemed to be a woman singing in the shower, a child screaming, and a sexual assault. Sometimes, when recordings were difficult to understand — or when they were amusing — team members shared them in an internal chat room, according to Bloomberg.
In an emailed statement to BuzzFeed News, an Amazon spokesperson wrote that “an extremely small sample of Alexa voice recordings” is annotated, and reviewing the audio “helps us train our speech recognition and natural language understanding systems, so Alexa can better understand your requests, and ensure the service works well for everyone.”
[…]
Amazon’s privacy policy says that Alexa’s software provides a variety of data to the company (including your use of Alexa, your Alexa Interactions, and other Alexa-enabled products), but doesn’t explicitly state how employees themselves interact with the data.
Apple and Google, which make two other popular voice-enabled assistants, also employ humans who review audio commands spoken to their devices; both companies say that they anonymize the recordings and don’t associate them with customers’ accounts. Apple’s Siri sends a limited subset of encrypted, anonymous recordings to graders, who label the quality of Siri’s responses. The process is outlined on page 69 of the company’s security white paper. Google also saves and reviews anonymized audio snippets captured by Google Home or Assistant, and distorts the audio.
On an FAQ page, Amazon states that Alexa is not recording all your conversations. Amazon’s Echo smart speakers and the dozens of other Alexa-enabled devices are designed to capture and process audio, but only when a “wake word” — such as “Alexa,” “Amazon,” “Computer,” or “Echo” — is uttered. However, Alexa devices do occasionally capture audio inadvertently and send that audio to Amazon servers or respond to it with triggered actions. In May 2018, an Echo unintentionally sent audio recordings of a woman’s private conversation to one of her husband’s employees.
While the ethics around data collection and consumer privacy have been questioned for years, it wasn’t until Facebook’s Cambridge Analytics scandal that people began to realize how frequently their personal data is shared, transferred, and monetized without their permission.
Cambridge Analytica was by no means an isolated case. Last summer, an AP investigation found that Google’s location tracking remains on even if you turn it off in Google Maps, Search, and other apps. Research from Vanderbilt professor Douglas Schmidt found that Google engages in “passive” data collection, often without the user’s knowledge. His research also showed that Google utilizes data collected from other sources to de-anonymize existing user data.
That’s why we at Digital Content Next, the trade association of online publishers I lead, wrote this Washington Post op-ed, “It isn’t just about Facebook, it’s about Google, too” when Facebook first faced Capitol Hill. It’s also why the descriptor surveillance advertising is increasingly being used to describe Google and Facebook’s advertising businesses, which use personal data to tailor and micro-target ads.
[…]
The results of the study are consistent with our Facebook study: People don’t want surveillance advertising. A majority of consumers indicated they don’t expect to be tracked across Google’s services, let alone be tracked across the web in order to make ads more targeted.
Do you expect Google to collect data about a person’s activities on Google platforms (e.g. Android and Chrome) and apps (e.g. Search, YouTube, Maps, Waze)?
Yes: 48%
No: 52%
Do you expect Google to track a person’s browsing across the web in order to make ads more targeted?
Yes: 43%
No: 57%
Nearly two out of three consumers don’t expect Google to track them across non-Google apps, offline activities from data brokers, or via their location history.
Do you expect Google to collect data about a person’s locations when a person is not using a Google platform or app?
Yes: 34%
No: 66%
Do you expect Google to track a person’s usage of non-Google apps in order to make ads more targeted?
Yes: 36%
No: 64%
Do you expect Google to buy personal information from data companies and merge it with a person’s online usage in order to make ads more targeted?
Yes: 33%
No: 67%
There was only one question where a small majority of respondents felt that Google was acting according to their expectations. That was about Google merging data from search queries with other data it collects on its own services. They also don’t expect Google to connect the data back to the user’s personal account, but only by a small majority. Google began doing both of these in 2016 after previously promising it wouldn’t.
Do you expect Google to collect and merge data about a person’s search activities with activities on its other applications?
Yes: 57%
No: 43%
Do you expect Google to connect a variety of user data from Google apps, non-Google apps, and across the web with that user’s personal Google account?
Yes: 48%
No: 52%
Google’s personal data collection practices affect the more than 2 billion people who use devices running their Android operating software and hundreds of millions more iPhone users who rely on Google for browsing, maps, or search. Most of them expect Google to collect some data about them in exchange for use of services. However, as our research shows, a significant majority of consumers do not expect Google to track their activities across their lives, their locations, on other sites, and on other platforms. And as the AP discovered, Google continues to do some of this even after consumers explicitly turn off tracking.
In February, the company announced its intention to move forward with the development of the Curie cable, a new undersea line stretching from California to Chile. It will be the first private intercontinental cable ever built by a major non-telecom company.
And if you step back and just look at intracontinental cables, Google has fully financed a number of those already; it was one of the first companies to build a fully private submarine line.
Google isn’t alone. Historically, cables have been owned by groups of private companies — mostly telecom providers — but 2016 saw the start of a massive submarine cable boom, and this time, the buyers are content providers. Corporations like Facebook, Microsoft, and Amazon all seem to share Google’s aspirations for bottom-of-the-ocean dominance.
I’ve been watching this trend develop, being in the broadband space myself, and the recent movements are certainly concerning. Big tech’s ownership of the internet backbone will have far-reaching, yet familiar, implications. It’s the same old consumer tradeoff; more convenience for less control — and less privacy.
We’re reaching the next stage of internet maturity; one where only large, incumbent players can truly win in media.
[…]
If you want to measure the internet in miles, fiber-optic submarine cables are the place to start. These unassuming cables crisscross the ocean floor worldwide, carrying 95-99 percent of international data over bundles of fiber-optic cable strands the diameter of a garden hose. All told, there are more than 700,000 miles of submarine cables in use today.
[…]
Google will own 10,433 miles of submarine cables internationally when the Curie cable is completed later this year.
The total shoots up to 63,605 miles when you include cables it owns in consortium with Facebook, Microsoft, and Amazon
The pledge by one of the world’s biggest automakers to share its closely guarded patents, the second time it has opened up a technology, is aimed at driving industry uptake of hybrids and fending off the challenge of all-battery electric vehicles(EVs).
Toyota said it would grant licenses on nearly 24,000 patents on technologies used in its Prius, the world’s first mass-produced “green” car, and offer to supply competitors with components including motors, power converters and batteries used in its lower-emissions vehicles.
“We want to look beyond producing finished vehicles,” Toyota Executive Vice President Shigeki Terashi told reporters.
“We want to contribute to an increase in take up (of electric cars) by offering not just our technology but our existing parts and systems to other vehicle makers.”
The Nikkei Asian Review first reported Toyota’s plans to give royalty-free access to hybrid-vehicle patents.
Terashi said that the access excluded patents on its lithium-ion battery technology.
[…]
Toyota is also betting on hydrogen fuel cell vehicles (FCVs) as the ultimate zero-emissions vehicle, and as a result, has lagged many of its rivals in marketing all-battery EVs.
In 2015, it said it would allow access to its FCV-related patents through 2020.
On the afternoon of December 3rd, 2018, a SpaceX Falcon 9 rocket took off from the southern coast of California, lofting the largest haul of individual satellites the vehicle had ever transported. At the time, it seemed like the mission was a slam dunk, with all 64 satellites deploying into space as designed.
But nearly four months later, more than a dozen satellites from the launch have yet to be identified in space. We know that they’re up there, and where they are, but it’s unclear which satellites belong to which satellite operator on the ground.
They are, truly, unidentified flying objects.
The launch, called the SSO-A SmallSat Express, sent those small satellites into orbit for various countries, commercial companies, schools, and research organizations. Currently, all of the satellites are being tracked by the US Air Force’s Space Surveillance Network — an array of telescopes and radars throughout the globe responsible for keeping tabs on as many objects in orbit as possible. Yet 19 of those satellites are still unidentified in the Air Force’s orbital catalog. Many of the satellite operators do not know which of these 19 probes are theirs exactly, and the Air Force can’t figure it out either.
[…]
Not knowing the exact location of a spacecraft is a major problem for operators. If they can’t communicate with their satellite, the company’s orbiting hardware becomes, essentially, space junk. It brings up liability and transparency concerns, too. If an unidentified satellite runs into something else in space, it’s hard to know who is to blame, making space less safe — and less understood — for everyone. That’s why analysts and space trackers say both technical and regulatory changes need to be made to our current tracking system so that we know who owns every satellite that’s speeding around the Earth. “The whole way we do things is just no longer up to the task,” Jonathan McDowell, an astrophysicist at Harvard and spaceflight tracker, tells The Verge.
How to identify a satellite
Up until recently, figuring out a satellite’s identity has been relatively straightforward. The Air Force has satellites high above the Earth that detect the heat of rocket engines igniting on the ground, indicating when a vehicle has taken off. It’s a system that was originally put in place to locate the launch of a potential missile, but it’s also worked well for spotting rockets launching to orbit. And for most of spaceflight history, usually just one large satellite or spacecraft has gone up on a launch — simplifying the identification process.
“For more traditional launches, where there are fewer objects, it’s fairly simple to do,” Diana McKissock, the lead for space situational awareness sharing and spaceflight safety at the Air Force’s 18th Space Control Squadron, tells The Verge. As a result, the Air Force has maintained a robust catalog of more than 20,000 space objects in orbit, many of which have been identified.
But as rocket ride-shares have grown in popularity, the Air Force’s surveillance capabilities have sometimes struggled to identify every satellite that is deployed during a launch. One problem is that most of the spacecraft on board all look the same. Nearly 50 satellites on the SSO-A launch were modified CubeSats — a type of standardized satellite that’s roughly the size of a cereal box. That means they are all about the same size and have the same general boxy shape. Plus, these tiny satellites are often deployed relatively close together on ride-share launches, one right after the other. The result is a big swarm of nearly identical spacecraft that are difficult to tell apart from the ground below.
Operators often rely on tracking data from the Air Force to find their satellites, so if the military cannot tell a significant fraction of these CubeSats apart, the operators don’t know where to point their ground communication equipment to get in contact with their spacecraft.
It’s a bit of a Catch-22, though. The Air Force also relies on satellite operators to help identify their spacecraft. Before a launch, the Air Force collects information from satellite operators about the design of the spacecraft and where it’s going to go. The operators are also responsible for making sure that they have the proper equipment (in space and on the ground) to communicate with the satellite. “It’s really a cooperative, ongoing process that involves the satellite operators as much as it involves us here at the 18th, processing the data,” says McKissock.
The SSO-A launch isn’t the only example of mistaken satellite identity. Five satellites are still unidentified from an Electron launch that took place in December last year, which sent up 13 objects, according to McDowell. And in 2017, a Russian Soyuz rocket deployed a total of 72 satellites, but eight are still unknown, says McDowell. The SSO-A launch is perhaps the most egregious example of this ride-share problem, as nearly a third of the satellites are still missing in the Air Force’s catalog.
The Air Force says the launch posed a unique challenge. One difficulty had to do with the way the satellites were deployed, according to McKissock, who says it was hard to predict before the launch where each satellite was going to be. The SSO-A launch was organized by a company called Spaceflight Industries, which acts as a broker for operators — finding room for their satellites on upcoming rocket launches. Spaceflight bought this entire Falcon 9 rocket for the SSO-A launch, and created the device that deployed all of these satellites into orbit. One satellite tracker, T.S. Kelso, who operates a tracking site called CelesTrak, agreed with the Air Force, saying that Spaceflight’s deployment platform made it hard to predict each satellite’s exact position. “[Spaceflight] had no way to provide the type of data needed,” Kelso writes in an email to The Verge.
[…]
The Air Force’s 18th Space Control Squadron has other priorities to consider, too. While identifying spacecraft is something the team always hopes to accomplish on every flight, the main function of the 18th is to track as many objects as possible and then provide information on the possibility of spacecraft running into each other in orbit. The identification of satellites is secondary to that safety concern. “I wouldn’t say it’s not a priority, but we certainly have other mission requirements to consider,” says McKissock.
A technology that removes carbon dioxide from the air has received significant backing from major fossil fuel companies.British Columbia-based Carbon Engineering has shown that it can extract CO2 in a cost-effective way.It has now been boosted by $68m in new investment from Chevron, Occidental and coal giant BHP.
[…]
The quest for technology for carbon dioxide removal (CDR) from the air received significant scientific endorsement last year with the publication of the IPCC report on keeping the rise in global temperatures to 1.5C this century.
In their “summary for policymakers”, the scientists stated that: “All pathways that limit global warming to 1.5C with limited or no overshoot project the use of CDR …over the 21st century.”
Around the world, a number of companies are racing to develop the technology that can draw down carbon. Swiss company Climeworks is already capturing CO2 and using it to boost vegetable production.
Carbon Engineering says that its direct air capture (DAC) process is now able to capture the gas for under $100 a tonne.
With its new funding, the company plans to build its first commercial facilities. These industrial-scale DAC plants could capture up to one million tonnes of CO2 from the air each year.
So how does this system work?
CO2 is a powerful warming gas but there’s not a lot of it in the atmosphere – for every million molecules of air, there are 410 of CO2.
While the CO2 is helping to drive temperatures up around the world, the comparatively low concentrations make it difficult to design efficient machines to remove the gas.
Carbon Engineering’s process is all about sucking in air and exposing it to a chemical solution that concentrates the CO2. Further refinements mean the gas can be purified into a form that can be stored or utilised as a liquid fuel.
[…]
The captured CO2 is mixed with hydrogen that’s made from water and green electricity. It’s then passed over a catalyst at 900C to form carbon monoxide. Adding in more hydrogen to the carbon monoxide turns it into what’s called synthesis gas.
Finally a Fischer-Tropsch process turns this gas into a synthetic crude oil. Carbon Engineering says the liquid can be used in a variety of engines without modification.
“The fuel that we make has no sulphur in it, it has these nice linear chains which means it burns cleaner than traditional fuel,” said Dr McCahill.
“It’s nice and clear and ready to be used in a truck, car or jet.”
[…]
CO2 can also be used to flush out the last remaining deposits of oil in wells that are past their prime. The oil industry in the US has been using the gas in this way for decades.
It’s estimated that using CO2 can deliver an extra 30% of crude from oilfields with the added benefit that the gas is then sequestered permanently in the ground.
“Carbon Engineering’s direct air capture technology has the unique capability to capture and provide large volumes of atmospheric CO2,” said Occidental Petroleum’s Senior Vice President, Richard Jackson, in a statement.
“This capability complements Occidental’s enhanced oil recovery business and provides further synergies by enabling large-scale CO2 utilisation and sequestration.”
One of the other investors in Carbon Engineering is BHP, best known for its coal mining interests.
“The reality is that fossil fuels will be around for several decades whether in industrial processes or in transportation,” said Dr Fiona Wild, BHP’s head of sustainability and climate change.
“What we need to do is invest in those low-emission technologies that can significantly reduce the emissions from these processes, and that’s why we are focusing on carbon capture and storage.”
Google is trying out a new “Pilot Program” that puts a row of advertisements on the Android TV home screen. XDA Developers was the first to report on the new phenomenon, saying, “We’re currently seeing reports that it has shown up in Sony smart TVs, the Mi Box 3 from Xiaomi, NVIDIA Shield TV, and others.”
The advertising is a “Sponsored Channel” part of the “Android TV Core Services” app that ships with all Android TV devices. A “Channel” in Android TV parlance means an entire row of thumbnails in the UI will be dedicated to “sponsored” content. Google provided XDA Developers with a statement saying that yes, this is on purpose, but for now it’s a “pilot program.”
Android TV is committed to optimizing and personalizing the entertainment experience at home. As we explore new opportunities to engage the user community, we’re running a pilot program to surface sponsored content on the Android TV home screen.
Sony has tersely worded a support page detailing the “Sponsored channel,” too. There’s no mention here of it being a pilot program. Sony’s page, titled “A sponsored channel has suddenly appeared on my TV Home menu,” says, “This change is included in the latest Android TV Launcher app (Home app) update. The purpose is to help you discover new apps and contents for your TV.”
Sony goes on to say, “This channel is managed by Google” and “the Sponsored channel cannot be customized.” Sony basically could replace the entire page with a “Deal with it” sunglasses gif, and it would send the same message.
Buying a product knowing it has ads in it is one thing, but users on Reddit and elsewhere are understandably angry about ads suddenly being patched into their devices—especially in cases when these devices are multi-thousand-dollar 4K Sony televisions. There is an option to disable the ads if you dig into the settings but users are reporting the ads aren’t staying disabled. For now, uninstalling updates for the “Android TV Core Services” app is the best way to remove the ads.
Remember, for now this is a “pilot program.” So please share your valuable feedback with Google in the comments.
Juozas Kaziukenas’ article “Amazon-Owned Brands Far From Successful” is based on a report he set up called “Amazon Private Label Brands“. This report is oddly disjointed, crossing statistics in and out, changing his metrics at random and finally coming out with a conclusion which is totally at variance with the content of the article. It’s impossible to see where the sales statistics come from and thus can’t be verified. Reviews – and unrelated metric – is used as a proxy for sales success where he doesn’t mention actual sales figures. Yet major news outlets, such as Bloomberg (Most Amazon Brands Are Duds, Not Disrupters, Study Finds), Business Insider (Most Amazon private labels aren’t flying off the shelves yet, but the company is taking huge steps to change that) and many more have apparently taken the conclusion of the article at face value, seemingly without reading the article itself and are publishing this piece as some sort of evidence that Amazon’s monopoly position is not a problem.
In his analysis, he starts out saying that the top 10 most
successful private label brands contribute 81% to total sales at a value of
$7.5 billion in 2018. He then arbitrarily removes 7 of these brands and states
the total sales by private label brands at under $1 billion. For any retailer,
this is a huge turnover. Oddly enough, the next figure presented is that total
retail sales generated online by Amazon is $122.9 billion. A quick off the cuff
guestimate puts the top 10 Amazon private label brands at around 7% of total
online retail. Considering Amazon has 23,142 own products, you would assume the
total Amazon slice of the pie would be quite a bit larger than 7%.
Interestingly, Marketplacepulse has a statistics page where Amazon international marketplace sales are shown to be a staggering $15.55 billion in Q3 2018 alone and North American sales pegged at $34,35 billion in the same quarter. Focussing on the top 10 brands seems again to be wilfully missing a huge amount of online retail revenue on marketplaces owned by Amazon.
Search is then stated to be the primary driver of purchases
and some time is spent looking at click through rates. How he got these figures
is up in the air, but could it be that they were provided by Amazon? Is it
possible that Amazon is, in fact, funding this analysis? While mr Kaziukenas at
some point does mention the related products feature and he does briefly
demonstrate its importance in product visibility, search results for specific
terms are the metric he goes for here.
The study then quickly and embarrassingly shows that in the
lower end of the price spectrum, price is a driving factor. This will return in
the study when it is shown that products like batteries are indeed stealing
customers from other manufacturers.
Product reviews are used as a rating factor for product
success in the study. Reviews are an unrelated metric and the article notes that
where batteries and cables are concerned, Amazon owns the market share even
with a below average rating. Unfortunately, turnover, or any financial metric,
is no longer used to measure product success once the study has passed the
opening paragraphs.
A lot of time is spent on a few randomly selected products,
which are neither cheaper nor better than the competition. He manages to quite
unsurprisingly demonstrate that more expensive, lower quality Amazon products
don’t do quite as well as cheaper, better quality non-Amazon alternative products.
A 6-foot-long HDMI cable is used as an example to prove that cheaper Amazon
products do better than the competition: “AmazonBasics 6 feet HDMI cable sells
for $6.99 and is the number one best-seller HDMI cable on Amazon” (again, how
he knows what the number one best-seller is, is a mystery to me).
Continuing on, the study shows that Amazon does copy products
and the contradictory statements start flying fast and hard. First the quote is given: “In July, a similar
stand appeared at about half the price. The brand: AmazonBasics. Since then,
sales of the Rain Design original have slipped.” followed by the statement:
“Today Rain Design’s laptop stand sells for $39.99 and seems to be outselling
Amazon’s $19.99 copy.” I assume that the “seems to be outselling” part of this
statement is based entirely on the review status and not on any actual sales
data. Next the study claims that this product copying is “rare” and goes on to
state “There is no basis to assume that copying products is part of the Amazon
strategy.” This doesn’t ring very true next to the two examples on display –
and surely many more examples can easily be found. Mr Kaziukenas states: “The
story of Rain Design’s laptop stand is scary but doesn’t happen often.” Again I
would like to see where the metrics being used here come from and the
definition of “often”. It’s stated as though he has actual data on this, but
chooses not to share this. I somehow doubt that Amazon would be happy to
provide him with this data.
Now the study continues to say that having data on the
competition is not useful, but specifies this as a vague “ability to utilize
that data for brand building” and then states that because Amazon isn’t the
first choice in the upper price market, or established brand space, it’s not
utilising this data very well. He then goes on to state that where brand is not
important (the cheap product space, eg. batteries) they are the number one
seller. Let us not forget that this failed brand building of products in the
space beyond the top three products (as arbitrarily chosen by this study in the
beginning) is netting sales of around $6.5 billion!
Now comes a pretty bizarre part where an argument is put
forward that if you use the search by specifying a brand name before the
generic product name, Amazon products are not given an advantage, despite being
shown in the related items. Even though if you put in a generic product name,
Amazon products will come forward and fill the screen, unless you have a
sponsored the search term, as demonstrated by a page full of cheaper Amazon
HDMI cables. This is somehow used as an argument that there is no advantage in
Organic Search Results, an arbitrarily and very narrowly chosen term which has
no relation to the part of the article in which at every turn it is clearly
shown that Amazon uses their advantage to push their products. Totally beside
the wayside is the fact that different people are shown different search
results, depending on a huge multitude of factors. What Mr Kaziukenas sees as
results are not going to be the same as other shoppers on the platform,
although he gives his search results as being that one single truth.
The conclusion of the piece states that Amazon’s private
brand business (ie, those not labelled with the word “Amazon” in it) don’t do
very well. The generic goods business (ie, those where potential customers have
no reason to look specifically for a brand name) is cast aside. Somehow the
final thought is that Amazon therefore doesn’t want to be in the physical
products business. The sheer scale of the sales numbers presented in the
article, however, belie this statement. Amazon is making billions of dollars in
the physical goods segment and is using its position to push out competitors –
to make no mention of the magic arbitration system of goods and fraud on the
market place, the conflict of interest in being both a marketplace and a salesman
in that marketplace: but that’s another story, covered by other articles.
8/4/19 EDIT:
If it feels like your Amazon search results have been overwhelmed with promotions for their private-label brands, like Amazon Basics, Mama Bear or Daily Ritual, that may be changing. As lawmakers pay more attention to the most powerful tech companies, Amazon has begun quietly removing some of the more obvious promotions, including banner ads, for its private-label products, reports CNBC, which spoke to Amazon sellers and consultants.
Amazon’s aggressive marketing of its own private brands, with ads that often appear in search results above listings for competing items from third-party sellers, have raised antitrust concerns.
While
Amazon benefits from higher margins, cost-savings from a more efficient
supply chain and new data, third-party sellers often suffer. For
example, they may have to cut prices to stay competitive, and even lower
prices may not be enough to attract customers away from Amazon’s
promotions for its own items, which show up in many search results.
The US firm Aireon says its new satellite surveillance network is now fully live and being trialled over the North Atlantic.
The system employs a constellation of 66 spacecraft, which monitor the situational messages pumped out by aircraft transponders.
These report a plane’s position, altitude, direction and speed every eight seconds.
The two big navigation management companies that marshal plane movements across the North Atlantic – UK Nats and Nav Canada – intend to use Aireon to transform their operations.
[…]
ncreasing numbers of planes since the early 2000s have been fitted with Automatic Dependent Surveillance Broadcast (ADS-B) transponders. US and European regulators have mandated all aircraft carry this equipment as of next year.
ADS-B pushes out a bundle of information about an aircraft – from its identity to a GPS-determined altitude and ground speed. ADS-B was introduced to enhance surveillance and safety over land, but the messages can also be picked up by satellites.
Aireon has receivers riding piggyback on all 66 spacecraft of the Iridium sat-phone service provider. These sensors make it possible now to track planes even out over the ocean, beyond the visibility of radar – and ocean waters cover 70% of the globe
[…]
in the North Atlantic, traditional in-line safe separation distances will eventually be reduced from 40 nautical miles (80km) down to as little as 14 nautical miles (25km). As a result, more aircraft will be able to use the most efficient tracks.
[…]
“Eight out of 10 flights will now be able to fly without any kind of speed restriction compared with the far less efficient fixed-speed environment we previously had to operate within,” Mr Rolfe said. “These changes, made possible by Aireon, will generate net savings of $300 in fuel and two tonnes of carbon dioxide per flight.”
However, any carbon dividend is likely to be eaten into by the growth in traffic made possible by the introduction space-based ADS-B. Today, there are over 500,000 aircraft movements across the North Atlantic each year. This is projected to increase to 800,000 by 2030.
Of course the US can look in, under CLOUD rules, because Google is an American company. The move of the files has been done without consent from the patients by Medical Research Data Management, a commercial company, because (they say), the hospitals have given permission. Also, hospitals don’t need to ask for patient permission, because patients have given hospitals permission through accepting the electronic patient filing system.
Another concern is the pseudo-anonymisation of the data. For a company like Google, it’s won’t be particularly hard to match the data to real people.
Researchers at the cybersecurity firm UpGuard on Wednesday said they had discovered the existence of two datasets together containing the personal data of hundreds of millions of Facebook users. Both were left publicly accessible.
In a blog post, UpGuard connected one of the leaky databases to a Mexico-based media company called Cultura Colectiva. The data set reportedly contains over 146 GB of data, which amounts to over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more.
A second leak, UpGuard said, was connected to a Facebook-integrated app called “At the pool” and had exposed roughly 22,000 passwords. “The passwords are presumably for the ‘At the Pool’ app rather than for the user’s Facebook account, but would put users at risk who have reused the same password across accounts,” the firm said. The database also contained data on users’ friends, likes, groups, and locations where they had checked in, said UpGuard.
Both datasets were stored in unsecured Amazon S3 buckets and could be accessed by virtually anyone. Neither was password protected. The buckets have since been secured or taken offline.
