AccuWeather caught sending user location data — even when location sharing is off

Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn’t have permission to access the device’s precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user’s device.

We independently verified the findings, and were able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router’s MAC address and public data.

Source: AccuWeather caught sending user location data — even when location sharing is off

Around the same time Sonos is ignoring privacy as well, it looks like everyone is basically just taking the piss with your privacy.

Towards quantum communications in free-space seawater

Here we experimentally demonstrate that polarization quantum states including general qubits of single photon and entangled states can survive well after travelling through seawater. We perform experiments with seawater collected over a range of 36 kilometers in the Yellow Sea. For single photons at 405 nm in a blue-green window, we obtain an average process fidelity above 98%

The Optical Society

Pirate Bay Founders Ordered to Pay Music Labels $477,000

Two founders of The Pirate Bay have been ordered by a court in Finland to pay record labels more than $477,000 in compensation. Fredrik Neij and Gottfrid Svartholm were found liable for ongoing copyright breaches on the site. Neither appeared to mount a defense so both were found guilty in their absence.

In November 2011, the International Federation of the Phonographic Industry (IFPI), with support from Finnish anti-piracy group Copyright Information and Anti-Piracy Center (CIAPC), filed a lawsuit in the Helsinki District Court against The Pirate Bay.

IFPI, which represents the world’s major labels, demanded that the site’s operators stop facilitating the unauthorized distribution of music and pay compensation to IFPI and CIAPC-affiliated rightsholders for the damages caused through their website.

Progress in the case has been somewhat glacial but this morning, almost six years after the complaint was first filed, a decision was handed down.

Source: Pirate Bay Founders Ordered to Pay Music Labels $477,000 – TorrentFreak

The law is insane – why has Google not been sued to this extent? So the labels get a load of money: how will they divide this amongst their artists? I think the answer is NOT.

Mini-antennas 100,000 x more efficient, could be used for brain interface machinery, anything tiny.

Antennas receive information by resonating with EM waves, which they convert into electrical voltage. For such resonance to occur, a traditional antenna’s length must roughly match the wavelength of the EM wave it receives, meaning that the antenna must be relatively big. However, like a guitar string, an antenna can also resonate with acoustic waves. The new antennas take advantage of this fact. They will pick up EM waves of a given frequency if its size matches the wavelength of the much shorter acoustic waves of the same frequency. That means that that for any given signal frequency, the antennas can be much smaller.

The trick is, of course, to quickly turn the incoming EM waves into acoustic waves. To do that, the two-part antenna employs a thin sheet of a so-called piezomagnetic material, which expands and contracts when exposed to a magnetic field. If it’s the right size and shape, the sheet efficiently converts the incoming EM wave to acoustic vibrations. That piezomagnetic material is then attached to a piezoelectric material, which converts the vibrations to an oscillating electrical voltage. When the antenna sends out a signal, information travels in the reverse direction, from electrical voltage to vibrations to EM waves. The biggest challenge, Sun says, was finding the right piezomagnetic material—he settled on a combination of iron, gallium, and boron—and then producing it at high quality.

The team created two kinds of acoustic antennas. One has a circular membrane, which works for frequencies in the gigahertz range, including those for WiFi. The other has a rectangular membrane, suitable for megahertz frequencies used for TV and radio. Each is less than a millimeter across, and both can be manufactured together on a single chip. When researchers tested one of the antennas in a specially insulated room, they found that compared to a conventional ring antenna of the same size, it sent and received 2.5 gigahertz signals about 100,000 times more efficiently, they report today in Nature Communications.

Source: Mini-antennas could power brain-computer interfaces, medical devices | Science | AAAS

Sonos strongarms customers into giving up privacy, or hardware stops working. Here’s how to to Stop Your Sonos From Collecting (As Much) Personal Data

Bad news, Sonos customers: to lay the groundwork for its upcoming voice assistant support, the company is asking users to agree to an updated privacy policy, one that includes both mandatory data collection rules and a mention about future device functionality. Should you disagree with said policy update, your device’s basic functions could stop working, according to Consumerist.

Source: How to Stop Your Sonos From Collecting (As Much) Personal Data

In a blog post, Sonos claimed the update was necessary to “improve your listening experience” and identify issues by analyzing collected error information. Its earlier privacy policy (you can check it out here) allowed users to choose whether or not they wanted to register their device with Sonos for data collection. The new one says that opting out of “Functional Data collection” is not an option.
Data Collection is Mandatory

Data collected previously included information about equalizer usage, playback errors, and time spent listening to local or streaming music. Its new privacy policy, however, collects what the company is calling “Functional Data,” information Sonos claims is “absolutely necessary for your Sonos System to perform its basic functions in a secure way.” Functional Data includes personal information like location data, IP addresses, and more:

Registration data:

This data includes your email address, location, language preference, Product serial number, IP address, and Sonos account login information (as described above).

System data:

This data includes things like product type, controller device type, operating system of controller, software version information, content source (audio line in), signal input (for example, whether your TV outputs a specific audio signal such as Dolby to your Sonos system), information about wifi antennas, audio settings (such as equalization or stereo pair), Product orientation, room names you have assigned to your Sonos Product, whether your product has been tuned using Sonos Trueplay technology, and error information.

Sonos is also trying to collect performance and activity information shown below, otherwise known as Additional Usage Data:

Performance Information:

This includes things like temperature of your Product, Wi-Fi information such as signal strength, what music services you have connected to your Sonos system (including, for some services, your login username – but not password – for such service), information about how often you use the Sonos app versus another control mechanism, flow of interactions within the Sonos app, how often you use the physical controls on the unit, and location data when the Sonos app is in use, and duration of Sonos Product use.

Activity Information:

This includes duration of music service use, Product or room grouping information; command information such as play, pause, change volume, or skip tracks; information about track, playlist, or station container data; and Sonos playlist or Sonos favorites information; each correlated to individual Sonos Products.

How to (Partially) Protect Yourself

For now, as long as you don’t enable voice assistant support, you can opt out of sharing the aforementioned Additional Usage Data with Sonos by adjusting some settings in your apps.

Sonos for iOS or Android:

From the Sonos music menu, tap Settings.
Tap Advanced Settings.
Tap Usage Data then Turn off Usage Data Sharing.

Sonos for Mac:

From the menu bar at the top of your screen click Sonos then Preferences.
On the left side of the window, click Advanced.
Click Improve Sonos.
Check the box that reads Turn usage data sharing off.

Sonos for PC:

From the menu bar at the top of the Sonos app click Manage then Settings.
On the left side of the window, click Advanced.
Click Improve Sonos.
Check the box that reads Turn usage data sharing off.

If you’re concerned about the data Sonos may have already collected, you can edit or delete it by accessing your Sonos account online or going through the Sonos app, though deleting personal data could render your Sonos device useless. You can also shoot Sonos an email and ask them to delete your personal data, if you’re into that.

And the US high courts still say that accepting these kind of terms of service is legal. Sonos hardware is expensive and forcing people to change the terms of their use after the financial investment makes it even worse than the disgrace that this kind of behavior is already.

Buying a new Monitor / TV

When buying a new monitor there are 5 sites you should have open at all times:
1. The site selling monitors (eg plattetv.nl)
2. The comparison site Display specifications which allows you to search for models, add them to comparison lists and then view detailed specifications next to each other
3. A google search for the reviews of the model
4. AV Forums to search for good or bad experiences with the model.
5. Your price comparison site (eg Tweakers Pricewatch

Also useful are sites that tell you what each model means, how the model number is built up. For Samsung you can use This site

The important specifications are:
What type of panel is it? (IPS / VA / PQL / etc)

Panel bit depth: is it 8 bits, 10 bits native or 10 bits (8 bits + FRC)

Colour bit depth: 30 bits?

Resolution: native UHD 3840×2160 pixels

Pixel density: higher is better

Display area: bigger is better

Static contrast: more is better

Response times (minimum / average) and input lag (for gaming): less is better

3D: if you think that’s important

frequency: most are 60Hz, some are 120Hz (higher is better)

Interpolation value: most are around 1200, higher is better

Power consumption: less is better

Other features: connectivity (what kind of USB ports (3.0?) etc fit in), sizes, colour, stand size at the back, network (does it do 802.11n 5G and 802.11ac?), features (does it have a good 4k upscaler, how black is black, what kind of colour enhancements does it have), etc.

Good luck!

Amazons Macie detects data leaks in S3 buckets using AI

Think of Macie as a data loss prevention agent, a DLPbot, that uses machine learning to understand a user’s pattern of access to data in S3 buckets. The buckets have permission levels and the data in a bucket can be ranked for sensitivity or risk, using items such as credit card numbers, and other sensitive personal information.

The software monitors users’ behaviour and profiles it. If there are changes in the pattern of that behaviour and they are directed towards high-risk data then Macie can alert admin staff to a potential breach risk.

For example, if a hacker successfully impersonates a valid user and then goes searching for data in unexpected places and/or from an unknown IP address then Macie can flag this unusual pattern of activity. The product could also identify a valid employee going rogue, say, generating a store of captured data ready to steal it.

Source: If there’s a hole in your S3 bucket, data thieves will be sprayed by Macie

Bitcoin-accepting sites leave cookie trail that crumbles anonymity

Of the 130 sites the researchers checked:

In total, 107 sites leaked some kind of transaction information;
31 allowed third-party scripts to access users’ Bitcoin addresses;
104 shared the non-BTC denominated price of a transaction; and
30 shared the transaction price in Bitcoin.

It doesn’t help that even for someone running tracking protection, a substantial amount of personal information was passed around by the sites examined in the study.
Information type With tracking protection Without protection
E-mail 32 25
First name 27 20
Last name 25 19
User ID 15 12
Address 13 9
Full name 11 4
Phone 10 4
Company 5 4

A total of 49 merchants shared users’ identifying information, and 38 shared that even if the user tries to stop them with tracking protection.

Users have very little protection against all this, the paper says: the danger is created by pervasive tracking, and it’s down to merchants to give users better privacy.

Source: Bitcoin-accepting sites leave cookie trail that crumbles anonymity

Data Viz Project | Collection of data visualizations to get inspired and finding the right type.

Collection of data chart and graph visualizations to get inspired and finding the right type.

Source: Data Viz Project | Collection of data visualizations to get inspired and finding the right type.

different data chart and graph types

different data chart and graph types

Peanut allergy cured for 4 years in majority of children in immunotherapy trial

A small clinical trial conducted at the Murdoch Children’s Research Institute has led to two-thirds of children treated with an experimental immunotherapy treatment being cured of their allergy. Importantly, this desensitisation to peanuts persisted for up to four years after treatment.
[…]
Forty-eight children were enrolled in the PPOIT trial and were randomly given either a combination of the probiotic Lactobacillus rhamnosus with peanut protein in increasing amounts, or a placebo, once daily for 18 months.

At the end of the original trial in 2013, 82% of children who received the immunotherapy treatment were deemed tolerant to peanuts compared with just 4% in the placebo group.

Four years later, the majority of the children who gained initial tolerance were still eating peanuts as part of their normal diet and 70% passed a further challenge test to confirm long-term tolerance.

Source: Peanut allergy cured in majority of children in immunotherapy trial

USA: those massive terms &c you never read are legally binding: and can stop you from using the legal system to sue! (Victory for Uber!)

You may never read those lengthy terms and conditions attached to every digital download or app but, in America at least, they are legally binding. Sorry.

That’s the conclusion of a panel of appeal judges earlier this week when shining beacon of corporate responsibility Uber insisted its users had agreed not to sue the company somewhere in its long list of lengthy legal locutions.

On Thursday, the US Second Court of Appeals decided [PDF] that when customers installed Uber’s ride-hailing app and agreed to the terms and conditions – even though virtually none of them actually read the details – they were obliged to go through arbitration if they had a dispute with the company.

The case was very closely watched by technology companies for obvious reasons – if the court ruled differently it could have opened them up to a wave of potential liability and public scrutiny.

As it stands, the arbitration requirement will hold: a situation that enables many companies to keep embarrassing cock-ups and business practices under wraps since unhappy consumers are obliged to go through the process privately and details are not made public.

Source: Sorry, but those huge walls of terms and conditions you never read are legally binding

Absolute legal lunacy!

Boeing draws a plane in the sky with flight path

In a test flight, Boeing took the thing where you draw using your GPS path to a whole different level. They drew the outline of a plane that spanned the latitude of the conterminous United States.

Source: Boeing draws a plane in the sky with flight path | FlowingData

Kino: Kinetic, Robot jewels that crawl up and down you

https://www.media.mit.edu/projects/kino-kinetic-wearable/overview/

UK Home Secretary calls people who use encryption not ‘real’ and Daesh sympathisers

In an article in the Daily Telegraph timed to coincide with Rudd’s appearance at a closed event in San Francisco, Rudd argued: “Real people often prefer ease of use and a multitude of features to perfect, unbreakable security.”

She continued: “Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family? Companies are constantly making trade-offs between security and ‘usability,’ and it is here where our experts believe opportunities may lie.”

The reference to “real people” struck a nerve with a host of security experts, sysadmins, privacy advocates and tech-savvy consumers who took to Twitter to point out that they were real people, and not ISIS sympathizers – as Rudd implied in her piece. Rudd essentially declared that people who use strong encryption are not normal, not real people, which is a rather dangerous sentiment.

Source: ‘Real’ people want govts to spy on them, argues UK Home Secretary

What the actual fuck?

US Congress dreams of IoT and gets it right! Except it won’t protect consumers, only gov.

The Internet of Things Cybersecurity Improvement Act would require that IoT devices purchased by the American government must not have any known security vulnerabilities, must have the ability to be patched, and may not have hardcoded passwords built in. It mandates that every government department inventory all IoT devices on their networks.
[…]
The bill also directs Homeland Security to come up with a vulnerability disclosure program so that departments can get patched and updated. Another requirement says the Office of Management and Budget must come up with reasonable standards as to what IoT security should actually entail.
[…]
A key element of the proposed legislation is that it would make it legal for security researchers to tear these devices apart and search for security bugs. Currently a broad interpretation of the Digital Millennium Copyright Act means that a company could prosecute a researcher who looks into the firmware for breaking the terms and conditions of its use.

Source: No vulns. No hardwired passwords. Patchable. Congress dreams of IoT: Impossible Online Tech

US Secret Service agent Bridges broadcast Bitstamp Bitcoins to BTC-E besides Silk Road heist

Shaun Bridges, who is already serving a six-year sentence for nicking Bitcoins from the underground souk, pleaded guilty on Tuesday to stealing a further 1,600 Bitcoin (worth $359,005 at the time and approximately $6.6m today) during a separate investigation.

According to court documents [PDF] Bridges, 35, was probing European Bitcoin trading firm Bitstamp, which led to the US government seizing 1,606,6488 BTC in November 2014. These were transferred into a digital wallet that only Bridges had the access code for.

In March 2015, while under investigation for the Silk Road thefts, Bridges resigned from the Secret Service and in June pleaded guilty to money laundering and obstruction charges. A month later, while still free and awaiting sentencing, he took the Bitcoins seized from Bitstamp and moved them into an account run by the BTC-E exchange.

Source: Disgraced US Secret Service agent coughs to second Bitcoin heist

OpenAI bot bursts into the ring, humiliates top Dota 2 pro gamer in ‘scary’ one-on-one bout

In a shock move on Friday evening, the software agent squared up to top Dota 2 pro gamer Dendi, a Ukrainian 27-year-old, at the Dota 2 world championships dubbed The International.

The OpenAI agent beat Dendi in less than 10 minutes in the first round, and trounced him again in a second round, securing victory in a best-of-three match. “This guy is scary,” a shocked Dendi told the huge crowd watching the battle at the event. Musk was jubilant.
[…]
According to OpenAI, its machine-learning bot was also able to pwn two other top human players earlier this week: SumaiL and Arteezy. Although it’s an impressive breakthrough, it’s important to note this popular strategy game is usually played not one-v-one but as a five-versus-five team game – a rather difficult environment for bots to handle.

Source: OpenAI bot bursts into the ring, humiliates top Dota 2 pro gamer in ‘scary’ one-on-one bout

rechargable safe battery

Through Ionic Materials’ invention of a novel solid polymer electrolyte material that conducts ions at room temperature, we are on the verge of revolutionizing battery technology. A truly solid state battery is now possible. Significant improvements in battery safety, performance and cost are achievable with ionic conductivities that exceed those of traditional liquid systems over a wide range of temperatures.

Source: the solution | Ionic Materials

MIT Real time automatic image retouching on your phone

System can apply a range of styles in real-time, so that the viewfinder displays the enhanced image.
[…]
at Siggraph, the premier digital graphics conference, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory and Google are presenting a new system that can automatically retouch images in the style of a professional photographer. It’s so energy-efficient, however, that it can run on a cellphone, and it’s so fast that it can display retouched images in real-time, so that the photographer can see the final version of the image while still framing the shot.

The same system can also speed up existing image-processing algorithms. In tests involving a new Google algorithm for producing high-dynamic-range images, which capture subtleties of color lost in standard digital images, the new system produced results that were visually indistinguishable from those of the algorithm in about one-tenth the time — again, fast enough for real-time display.

The system is a machine-learning system, meaning that it learns to perform tasks by analyzing training data; in this case, for each new task it learned, it was trained on thousands of pairs of images, raw and retouched.

Source: Automatic image retouching on your phone

70% of Windows 10 users haven’t turned of privacy invasion

Microsoft claims seven out of ten Windows 10 users are happy with Redmond gulping loads of telemetry from their computers – which isn’t that astounding when you realize it’s a default option.

In other words, 30 per cent of people have found the switch to turn it off, and the rest haven’t, don’t realize it’s there, or are genuinely OK with the data collection.
[…]
Essentially, if you’re on Home or Pro, you can’t tell your OS to not phone home. And, sure, this information – from lists of hardware and apps installed to pen gestures – is useful to Microsoft employees debugging code that’s running in the field. But we’re all adults here, and some folks would like the option to not have any information leaving their systems.

Source: 70% of Windows 10 users are totally happy with our big telemetry slurp, beams Microsoft

Nice spin, to say people “choose” the default option, when it isn’t a choice people actually can make!

This is why I am leaving Windows for what it is and moving to Linux Mint.

Disney sued for allegedly spying on children through 42 gaming apps

A federal class action lawsuit filed last week in California alleges that the Walt Disney Company is violating privacy protection laws by collecting children’s personal information from 42 of its apps and sharing the data with advertisers without parental consent.

The lawsuit targets Disney and three software companies — Upsight, Unity, and Kochava — alleging that the companies created mobile apps aimed at children that contained embedded software to track, collect, and then export their personal information along with information about their online behavior. The plaintiff, a San Francisco woman named Amanda Rushing, says she was unaware that information about her child, “L.L.,” was collected while playing mobile game Disney Princess Palace Pets, and that data was then sold to third parties for ad targeting.

The Verge

DNA Testing Data Is Disturbingly Vulnerable to Hackers

In a new study that will be presented next week at the 26th USENIX Security Symposium in Vancouver, University of Washington researchers analyzed the security practices of common, open-source DNA processing programs and found that they were, in general, lacking. That means all that super-sensitive information those programs are processing is potentially vulnerable to hackers. If you think social security fraud is bad, imagine someone hacking your genetic code.

“You can imagine someone altering the DNA at a crime scene, or making it unreadable. Or an attacker stealing data or modifying it in a certain way to make it seem like someone has a disease someone doesn’t actually have,” Peter Ney, a co-author of the peer-reviewed study and Ph.D. student at the school’s Computer Security and Privacy Research Lab, told Gizmodo

Source: DNA Testing Data Is Disturbingly Vulnerable to Hackers

Emma – Plagiarism detecting AI

Emma is a self-learning technology. She analyses and understands the way people write.

Emma uses machine learning and artificial intelligence to study the innards of each author’s writing style and attributes authorship on their basis.

Emma Identity

Artificially intelligent painters invent new styles of art

The team – which also included researchers at Rutgers University in New Jersey and Facebook’s AI lab in California – modified a type of algorithm known as a generative adversarial network (GAN), in which two neural nets play off against each other to get better and better results. One creates a solution, the other judges it – and the algorithm loops back and forth until the desired result is reached.

In the art AI, one of these roles is played by a generator network, which creates images. The other is played by a discriminator network, which was trained on 81,500 paintings to tell the difference between images we would class as artworks and those we wouldn’t – such as a photo or diagram, say.

The discriminator was also trained to distinguish different styles of art, such as rococo or cubism.
Art with a twist

The clever twist is that the generator is primed to produce an image that the discriminator recognises as art, but which does not fall into any of the existing styles.

“You want to have something really creative and striking – but at the same time not go too far and make something that isn’t aesthetically pleasing,” says team member Ahmed Elgammal at Rutgers University.

Once the AI had produced a series of images, members of the public were asked to judge them alongside paintings by people in an online survey, without knowing which were the AI’s work. Participants answered questions about how complex or novel they felt each image was, and whether it inspired them or elevated their mood. To the researchers’ surprise, images produced by their AI scored slightly higher in many cases than those by humans.

New Scientist

With a single wiretap order, US authorities listened in on 3.3 million phone calls

US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation.

The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015.

The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania.

The wiretap cost the authorities $335,000 to conduct and led to a dozen arrests.

But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted.

 
Skip to toolbar