63 hour GPS jamming attack over Baltics affects 1600 aircraft over Europe

Posted on by

[…]

Since Russia invaded Ukraine in February 2022, Europe has experienced an uptick in the number of large-scale disruptions of GPS and other global navigation satellite systems (GNSS). The disruption has been felt near the Mediterranean and Black Sea, and near the Baltic Sea and Arctic. Since December 2023, for instance, the Baltic region has experienced fairly consistent GPS jamming. That roughly coincided with Russian media reports that the Russian navy’s Baltic Fleet based in Kaliningrad – a Russian enclave located between Lithuania and Poland – was conducting electronic warfare exercises.

Such interference can include jamming of satellite signals to block service. It can also include “spoofing” of signals – a technique that can be used to make aircraft GPS receivers appear to be in completely different locations, says Zach Clements at the University of Texas at Austin. His analysis has shown that the Christmas-time GPS interference in Europe included multiple incidents of GPS jamming, along with a spoofing attack originating from inside Russia.

[…]

The newest record-breaking run of jamming in the Baltic region started on the evening of 22 March and lasted 63 hours and 40 minutes – until the afternoon of 25 March, according to an open-source intelligence analyst who uses the social media account Runradion. The attack included 24 hours of interference patterns spread across parts of Sweden, Germany and Poland, before a switch to more focused interference primarily covering Poland, which lasted for about 40 hours.

More than 1600 aircraft were affected by this record-breaking period of disruption, according to another analyst using the pseudonym Markus Jonsson. In an earlier incident on 13 March, a Royal Air Force aircraft carrying UK Defence Secretary Grant Shapps experienced GPS signal interference on both legs of a journey between the UK and Poland as the aircraft flew near Kaliningrad.

[…]

Improved awareness among airline crews when entering areas with known jamming or spoofing activities has helped reduce the risk, says a spokesperson from the European Union Aviation Safety Agency. The agency has also been working on strengthening GPS alternatives using ground-based or on-board inertial guidance systems.

Source: Unprecedented GPS jamming attack affects 1600 aircraft over Europe | New Scientist

No Man’s Sky gets unique computer-generated space stations and ship customisation

Posted on by

No Man’s Sky is still getting major updates. Developer Hello Games’ “Orbital” update, due Wednesday, adds procedurally generated space stations (so they’ll be different every time), a ship editor and a Guild system to the nearly eight-year-old space exploration sim.

Up until now, space stations have been one of the few parts of No Man’s Sky that weren’t created and randomized by algorithms as something truly unique. That changes with today’s update, which uses game engine upgrades to “create vast interior spaces and exterior spaces, with improved reflection and metallic surfaces.”

The stations’ broader scale will be evident from the outside, while their interiors will include new shops, gameplay and things to do. Hello Games describes them as being “uniquely customized” based on their virtual inhabitants’ system, race and locale.

Interior of new procedurally generated space stations in the game No Man's Sky. Three characters stand in action poses in the foreground of a space hangar as ships whizz by.
Hello Games

Inside the stations, you’ll find the new ship editor. Hello Games says it previously withheld ship customization to maintain the title’s focus on exploration. (If players could build any ship they wanted at any time, it could ruin some of the fun of scouting out existing ones to buy in-game.) In that spirit, you’ll still need to collect, trade and salvage the parts to build yours how you like it.

[…]

Source: Eight years after launch, No Man’s Sky gets computer-generated space stations that are different each time

Completely awesome!

Twitch bans streams overlaid on boobs and butts – because Americans are petrified of sex

Posted on by

[…]

Twitch is putting a stop to its streamers’ shenanigans, though, and will officially prohibit “content that focuses on clothed intimate body parts such as the buttocks, groin, or breasts for extended periods of time” starting on March 29.

In a writeup on the trend, Kotaku explained that it all started when controversial streamer Morgpie projected her Fortnite gaming session on a closeup of her behind. After that, other streamers followed suit, overlaying their games on body parts both real and fictional, like anime thighs or anime boobs breasting boobily on screen while they’re playing. Now, boobs and butts streaming is out.

[…]

unclothed versions are also prohibited, as per Twitch’s policy that doesn’t allow users to broadcast or upload “content that contains depictions of real or fictional nudity, regardless of the medium used to create it.”

[…]

Source: Twitch bans streams overlaid on boobs and butts

Posted in Sex

Song lyrics really are getting simpler, more repetitive

Posted on by

You’re not just getting older. Song lyrics really are becoming simpler and more repetitive, according to a study published on Thursday.

Lyrics have also become angrier and more self-obsessed over the last 40 years, the study found, reinforcing the opinions of cranky aging music fans everywhere.

A team of European researchers analyzed the words in more than 12,000 English-language songs across the genres of rap, country, pop, R&B and from 1980 to 2020.

[…]

For the study in the journal Scientific Reports, the researchers looked at the emotions expressed in lyrics, how many different and complicated words were used, and how often they were repeated.

[…]

The results also confirmed previous research which had shown a decrease in positive, joyful lyrics over time and a rise in those that express anger, disgust or sadness.

Lyrics have also become much more self-obsessed, with words such as “me” or “mine” becoming much more popular.

‘Easier to memorize’

The number of repeated lines rose most in rap over the decades, Zangerle said—adding that it obviously had the most lines to begin with.

“Rap music has become more angry than the other genres,” she added.

The researchers also investigated which songs the fans of different genres looked up on the lyric website Genius.

Unlike other genres, rock fans most often looked up lyrics from older songs, rather than new ones.

Rock has tumbled down the charts in recent decades, and this could suggest fans are increasingly looking back to the genre’s heyday, rather than its present.

Another way that music has changed is that “the first 10-15 seconds are highly decisive for whether we skip the song or not,” Zangerle said.

Previous research has also suggested that people tend to listen to music more in the background these days, she added.

Put simply, songs with more choruses that repeat basic appear to be more popular.

“Lyrics should stick easier nowadays, simply because they are easier to memorize,” Zangerle said.

“This is also something that I experience when I listen to the radio.”

More information: Eva Zangerle, Song lyrics have become simpler and more repetitive over the last five decades, Scientific Reports (2024). DOI: 10.1038/s41598-024-55742-x. www.nature.com/articles/s41598-024-55742-x

Source: Song lyrics are getting simpler, more repetitive: Study

Posted in Art

In-app browsers still a privacy, security, and choice issue

Posted on by

[…] Open Web Advocacy (OWA), a group that supports open web standards and fair competition, said in a post on Tuesday that representatives “recently met with both the [EU’s] Digital Markets Act team and the UK’s Market Investigation Reference into Cloud Gaming and Browsers team to discuss how tech giants are subverting users’ choice of default browser via in-app browsers and the harm this causes.”

OWA argues that in-app browsers, without notice or consent, “ignore your choice of default browser and instead automatically and silently replace your default browser with their own in-app browser.”

The group’s goal isn’t to ban the technology, which has legitimate uses. Rather it’s to prevent in-app browsers from being used to thwart competition and flout user choice.

In-app browsers are like standalone web browsers without the interface – they rely on the native app for the interface. They can be embedded in native platform apps to load and render web content within the app, instead of outside the app in the designated default browser.

[…]

The problem with in-app browsers is that they play by a different set of rules from standalone browsers. As noted by OWA in its 62-page submission [PDF] to regulators:

  • They override the user’s choice of default browser
  • They raise tangible security and privacy harms
  • They stop the user from using their ad-blockers and tracker blockers
  • Their default browsers privacy and security settings are not shared
  • They are typically missing web features
  • They typically have many unique bugs and issues
  • The user’s session state is not shared so they are booted out of websites they have logged into in their default browser
  • They provide little benefit to users
  • They create significant work and often break third-party websites
  • They don’t compete as browsers
  • They confuse users and today function as dark patterns

Since around 2016, software engineers involved in web application development started voicing concerns about in-app browsers at some of the companies using them. But it wasn’t until around 2019 when Google engineer Thomas Steiner published a blog post about Facebook’s use of in-app browsers in its iOS and Android apps that the privacy and choice impact of in-app browsers began to register with a wider audience.

Steiner observed: “WebViews can also be used for effectively conducting intended man-in-the-middle attacks, since the IAB [in-app browser] developer can arbitrarily inject JavaScript code and also intercept network traffic.” He added: “Most of the time, this feature is used for good.”

[…]

In August 2022, developer Felix Krause published a blog post titled “Instagram and Facebook can track anything you do on any website in their in-app browser.” A week later, he expanded his analysis of in-app browsers to note how TikTok’s iOS app injects JavaScript to subscribe to “every keystroke (text inputs) happening on third party websites rendered inside the TikTok app”

[…]

Even assuming one accepts Meta’s and TikTok’s claims that they’ve not misused the extraordinary access granted by in-app browsers – a difficult ask in light of allegations raised in ongoing Meta litigation – the issue remains that companies implementing in-app browsers may be overriding the choices of users regarding their browser and whatever extensions they have installed.

However, Meta does provide a way to opt out of having its in-app browser open links clicked in its Facebook and Instagram apps.

[…]

As for the Competition and Markets Authority (CMA), the UK watchdog appears to be willing to consider allowing developer choice to supersede user choice, or at least that was the case two years ago. In its 2022 response to the CMA’s Interim Report, Google observed [PDF] that the competition agency itself had conceded that in an Android native app, the choice of browser belongs to the app developer rather than to Google.

“The Interim Report raises concerns about in-app browsers overriding users’ chosen default browsers,” Google said in its response. “However, as the CMA rightly notes, the decision on whether a native app launches an in-app browser, and if so, which browser, lies with the respective app developer, not Google. Having control over whether or not an in-app browser is launched allows app developers to customize their user interfaces, which can in turn improve the experience for users. There is therefore, to some extent, a trade-off between offering developers choice and offering end users choice.”

Source: In-app browsers still a privacy, security, and choice issue • The Register

However, in-app browsers are a horrible security breach and the choice should belong to the user – not Google, not an app developer.

Soofa Digital Kiosks Snatch Your Phone’s Data When You Walk By, sell it on

Posted on by

Digital kiosks from Soofa seem harmless, giving you bits of information alongside some ads. However, these kiosks popping up throughout the United States take your phone’s information and location data whenever you walk near them, and sell them to local governments and advertisers, first reported by NBC Boston Monday.

“At Soofa, we developed the first pedestrian impressions sensor that measures accurate foot traffic in real-time,” says a page on the company’s website. “Soofa advertisers can check their analytics dashboard anytime to see how their campaigns are tracking towards impressions goals.”

While data tracking is commonplace online, it’s becoming more pervasive in the real world. Whenever you walk past a Soofa kiosk, it collects your phone’s unique identifier (MAC address), manufacturer, and signal strength. This allows it to track anyone who walks within a certain, unspecified range. It then creates a dashboard to share with advertisers and local governments to display analytics about how many people are walking and engaging with its billboards.

This can offer local cities new ways to understand how people use public spaces, and how many people are reading notices posted on these digital kiosks. However, it also gives local governments detailed information on how people move throughout society and raises a question of how this data is being used.

[…]

A Soofa spokesperson said it does not share data with any 3rd parties in an email to Gizmodo, and it only offers the dashboard to an organization that bought the kiosk. The company also claims to anonymize your MAC address by the time it gets to advertisers and local governments.

However, Soofa also tells advertisers how to effectively use your location data on its website. It notes that advertisers can track when you’ve been near a physical billboard or kiosk in the real world based on location data. Then, using cookies, the advertisers can send you more digital ads later on. While Soofa didn’t invent this technique, it certainly seems to be promoting it.

[…]

Source: These Digital Kiosks Snatch Your Phone’s Data When You Walk By

Mass claim CUIC against virus scanner (but really tracking sypware) Avast

Posted on by

Privacy First has teamed up with Austrian NOYB (the organisation of privacy activist Max Schrems) to form the new mass claim organisation CUIC founded. CUIC stands for Consumers United in Court, also pronounceable as ‘CU in Court’ (see you in court).

[…]

Millions spied on by virus scanner

CUIC today filed subpoenas against software company Avast that made virus scanners that illegally collected the browsing behaviour of millions of people on computer, tablet or phone, including in the Netherlands. This data was then resold to other companies through an Avast subsidiary for millions of euros. This included data about users’ health, locations visited, political affiliation, religious beliefs, sexual orientation or economic situation. This information was linked to each specific user through unique user IDs. In a press release articulates CUIC president Wilmar Hendriks today as follows: “People thought they were safe with a virus scanner, but its very creator tracked everything they did on their computers. Avast sold this information to third parties for big money. They even advertised the goldmine of data they had captured. Companies like Avast should not be allowed to get away with this. That is why we are bringing this lawsuit. Those who won’t hear should feel.”

Fines

Back in March 2023, the Czech privacy regulator (UOOU) concluded that Avast violated the AVG and fined the company approximately €13.7 million. The US federal consumer authority, the Federal Trade Commission (FTC), also recently ordered Avast to pay USD16.5 million in compensation to users and ordered it to stop selling or making collected data available to third parties, delete that collected data and implement a comprehensive privacy programme.

The lawsuit for which CUIC today sued Avast should lead to compensation for users in the Netherlands

[…]

Source: Mass claim CUIC against virus scanner Avast launched – Privacy First

Software vendors dump open source, go for the cash grab – Redis is the latest

Posted on by

Essentially, all software is built using open source. By Synopsys’ count, 96% of all codebases contain open-source software.

Lately, though, there’s been a very disturbing trend. A company will make its program using open source, make millions from it, and then — and only then — switch licenses, leaving their contributors, customers, and partners in the lurch as they try to grab billions. I’m sick of it.

The latest IT melodrama baddie is Redis. Its program, which goes by the same name, is an extremely popular in-memory database. (Unless you’re a developer, chances are you’ve never heard of it.) One recent valuation shows Redis to be worth about $2 billion — even without an AI play! That, anyone can understand.

What did it do? To quote Redis: “Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD).”

For those of you who aren’t open-source licensing experts, this means developers can no longer use Redis’ code. Sure, they can look at it, but they can’t export, borrow from, or touch it.

Redis pulled this same kind of trick in 2018 with some of its subsidiary code. Now it’s done so with the company’s crown jewels.

Redis is far from the only company to make such a move. Last year,  HashiCorp dumped its main program Terraform’s Mozilla Public License (MPL) for the Business Source License (BSL) 1.1. Here, the name of the new license game is to prevent anyone from competing with Terraform.

Would it surprise you to learn that not long after this, HashiCorp started shopping itself around for a buyer? It didn’t surprise me.

Before this latest round of license changes, MongoDB and Elastic made similar shifts. Again, you might never have heard of these companies or their programs, but each is worth, at a minimum, hundreds of millions of dollars. And, while you might not know it, if your company uses cloud services behind the scenes, chances are you’re using one or more of their programs

[…]

Software companies are ticked off. At least two Linux distros, Fedora and openSUSE, are considering getting rid of the Redis program. If they do, you can expect their big commercial brothers, Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) to follow suit.

Who’s really furious about this, though, are developers. It’s their work, after all, that’s disappearing into semi-proprietary vaults, never to be touched by them again.

So, as they’ve done before and they’ll do again, at least two sets of programmers are forking it. First off the mark was Drew DeVault, founder and CEO of SourceHut, with Redict. He was quickly followed by Madelyn Olson, principal engineer at Amazon ElastiCache, itself an open-source fork of Elastic. However, as Olson observed, this as-yet-unnamed Redis fork is not an AWS project. AWS is working on its own response.

Source: Software vendors dump open source, go for the cash grab | Computerworld

Why is this a problem? Using open source also means you get free contributions whilst creating the code – that could be programming done for free, but also quality assurance done for free. So basically you take other people’s work and steal it to sell as your own.

Part of the problem is caused by the Free Open Source Software (FOSS) die-hard fundamentalists, a bunch of tenured university based software developers on a payroll, who absolutely refuse to allow other FOSS developers – who may not have a payroll – to make any money whatsoever on a FOSS license. This is a problem I have been addressing for years and which has gained quite a lot of traction since then.

 

Amazon fined almost $8M in Poland over dark patterns

Posted on by

Poland’s competition and consumer protection watchdog has fined Amazon’s European subsidiary around $8 million (31.9 million Zlotys) for “dark patterns” that messed around internet shoppers.

The preliminary ruling applies to Amazon EU SARL, which oversees Amazon’s Polish e-commerce site, Amazon.pl, out of Luxembourg. Poland’s Office of Competition and Consumer Protection said the decision, subject to appeal, reflected misleading practices related to product availability, delivery dates, and drop-off time guarantees.

According to the ruling, Amazon’s Polish operation repeatedly canceled customer orders for e-book readers and other gear. The online souk believed it was within its rights to do so because it considers its sales contract and delivery obligations are active only after an item has shipped, rather than when the customer purchases it.

But these abrupt cancellations left punters who thought they’d successfully paid for stuff and were awaiting delivery disappointed, sparking complaints to the watchdog, which has seemingly upheld the claims.

Not only that, the regulator was unimpressed that the language on Amazon’s website warning this could happen is difficult to read – “it is written in gray font on a white background, at the very bottom of the page.”

[…]

Source: Amazon fined almost $8M in Poland over ‘dark patterns’ • The Register

OpenAI reveals tool to re-create human voices

Posted on by

OpenAI said on Friday it’s allowed a small number of businesses to test a new tool that can re-create a person’s voice from just a 15-second recording.

Why it matters: The company said it is taking “a cautious and informed approach” to releasing the program, called Voice Engine, more broadly given the high risk of abuse presented by synthetic voice generators.

How it works: Based on the 15-second recording, the program can create a “emotive and realistic” natural-sounding voice that closely resembles the original speaker.

  • This synthetic voice can then be used to read text inputs, even if the text isn’t in the original speaker’s native language.

Case in point: In one example offered by the company, an English speaker’s voice was translated into Spanish, Mandarin, German, French and Japanese while preserving the speaker’s native accent.

  • OpenAI said Voice Engine has so far been used to provide reading assistance to nonreaders, to translate content, and to help people who are nonverbal.

[…]

Source: OpenAI reveals tool to re-create human voices

Age Verification Laws Drag Us Back to the Dark Ages of the Internet

Posted on by

The fundamental flaw with the age verification bills and laws passing rapidly across the country is the delusional, unfounded belief that putting hurdles between people and pornography is going to actually prevent them from viewing porn. What will happen, and is already happening, is that people–including minors–will go to unmoderated, actively harmful alternatives that don’t require handing over a government-issued ID to see people have sex. Meanwhile, performers and companies that are trying to do the right thing will suffer.

[…]

Source: Age Verification Laws Drag Us Back to the Dark Ages of the Internet

The legislators passing these bills are doing so under the guise of protecting children, but what’s actually happening is a widespread rewiring of the scaffolding of the internet. They ignore long-established legal precedent that has said for years that age verification is unconstitutional, eventually and inevitably reducing everything we see online without impossible privacy hurdles and compromises to that which is not “harmful to minors.” The people who live in these states, including the minors the law is allegedly trying to protect, are worse off because of it. So is the rest of the internet.
Yet new legislation is advancing in Kentucky and Nebraska, while the state of Kansas just passed a law which even requires age-verification for viewing “acts of homosexuality,” according to a report: Websites can be fined up to $10,000 for each instance a minor accesses their content, and parents are allowed to sue for damages of at least $50,000. This means that the state can “require age verification to access LGBTQ content,” according to attorney Alejandra Caraballo, who said on Threads that “Kansas residents may soon need their state IDs” to access material that simply “depicts LGBTQ people.”
One newspaper opinion piece argues there’s an easier solution: don’t buy your children a smartphone: Or we could purchase any of the various software packages that block social media and obscene content from their devices. Or we could allow them to use social media, but limit their screen time. Or we could educate them about the issues that social media causes and simply trust them to make good choices. All of these options would have been denied to us if we lived in a state that passed a strict age verification law. Not only do age verification laws reduce parental freedom, but they also create myriad privacy risks. Requiring platforms to collect government IDs and face scans opens the door to potential exploitation by hackers and enemy governments. The very information intended to protect children could end up in the wrong hands, compromising the privacy and security of millions of users…

Ultimately, age verification laws are a misguided attempt to address the complex issue of underage social media use. Instead of placing undue burdens on users and limiting parental liberty, lawmakers should look for alternative strategies that respect privacy rights while promoting online safety.
This week a trade association for the adult entertainment industry announced plans to petition America’s Supreme Court to intervene.

Source: Slashdot

This is one of the many problems caused by an America that is suddenly so very afraid of sex, death and politics.

Lamborghini Is the Latest to Fall Victim to the Flat Logo Trend. Kills one of the most recognisable logos in the world

Posted on by

Would it surprise you to know that there are still some automotive brands out there that haven’t drained the texture and depth out of their famous logos yet? Lamborghini was actually one of those storied marques that hadn’t responded to the so-called digital revolution up until now and, I think at this point, you would’ve just chalked it up to Sant’Agata not really caring about stuff like that, because they’re freaking Lamborghini. But it’s Thursday, March 28, 2024, and the originator of Italian wedges on wheels has a “new” logo that’s a lot like their old one, only flat and with a typeface best described as looking like it was lifted from Google’s free collection.

This is Lambo’s latest logo, and I’ll tell you where my mind went straight away: the Brooklyn Nets! It looks like the shield for the basketball team Jay-Z used to have a stake in, especially in that black-and-white getup. The brand says that additionally, for the first time in its history, its raging bull will be separated from those borders in some uses, particularly on “digital touchpoints.” No example of that’s been provided yet, but you can imagine what that’ll look like.

Lamborghini News photo
Lamborghini News photo
Lamborghini News photo

Lamborghini’s new logo as well as marketing mockups showing off its usage, along with some of the brand’s new typography. Interestingly, the script name often seen in badging is nowhere to be found. Lamborghini

Lamborghini’s announcement of the change also mentions a new custom typeface “that echoes the unmistakable lines and angularity of the cars.” I don’t know what that means, especially because the mockups the company’s shared with us have a variety of typefaces, and there’s no obvious way to know which, precisely, the press release is referring to. The one on the logo does look a lot like Google’s Roboto to me at first glance—which happens to be used on Lambo’s media portal—but it isn’t. In any case, it feels like a step back in terms of individuality, but that’s why these adjustments happen, after all. Even Lamborghini is concerned about falling behind the times.

Can you tell I’m just not feeling it? The whole “flat design” thing has been kicking around since like 2013, and some automakers, ever on the cutting edge of visual art, are only catching up to it now. The monochromatic look is often justified for its readability particularly on screens, but was anyone really having a hard time identifying Lambo’s shield and bull before? The way pretty much every brand has gone about this is to take their existing insignias and uncheck the blending options box on Photoshop, and listen, it just never results in anything interesting.

If you’ve gotta go flat, you should move to something that looks interesting and complete, flat. That’s what Honda’s done with the new treatment for its 0 Series EVs seen below, and I think it’s genius. The slashed zero looks like something I’d see in some kind of subtly unsettling futuristic Japanese story-driven action game, and the fact it also works as a skewed “H” is just so dang clever. Paul Rand’s Ford logo is another example of flatness with purpose, as it still looks progressive almost 60 years on.

Honda's clever logo for its upcoming 0 Series EVs.

Honda’s clever logo for its upcoming 0 Series EVs. Honda

What Lamborghini’s done here is far from the worst automotive logo redesign I’ve seen yet; that distinction would have to go to Peugeot or Citroën, which not only went for something unremarkable but obviously tried way too hard to come across as futuristic and aggressive. The only thing worse than being boring is lame. Lamborghini was never going to reach as far, because it doesn’t have to. But like Ferrari, it should know by now that the hardest power move you can make as an iconic brand is to never change, especially when everyone else does.

Source: Lamborghini Is the Latest to Fall Victim to the Flat Logo Trend

So it looks like the company, which has a pretty awesome design aesthetic , has found someone’s son’s marketing company, and spent a huge amount of money on a counter productive and very poorly executed brand campaign. So it’s not only insulting that they damaged the logo, but they did so inconsistently and badly. And the most important questions: why? what do they hope to achieve by changing? have not been asked.

Posted in Art

Project Ghostbusters: Facebook Accused of Using Your Phone to Wiretap Snapchat, Youtube, Amazon through Onavo VPN

Posted on by

Court filings unsealed last week allege Meta created an internal effort to spy on Snapchat in a secret initiative called “Project Ghostbusters.” Meta did so through Onavo, a Virtual Private Network (VPN) service the company offered between 2016 and 2019 that, ultimately, wasn’t private at all.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” said Mark Zuckerberg in an email to three Facebook executives in 2016, unsealed in Meta’s antitrust case on Saturday. “It seems important to figure out a new way to get reliable analytics about them… You should figure out how to do this.”

Thus, Project Ghostbusters was born. It’s Meta’s in-house wiretapping tool to spy on data analytics from Snapchat starting in 2016, later used on YouTube and Amazon. This involved creating “kits” that can be installed on iOS and Android devices, to intercept traffic for certain apps, according to the filings. This was described as a “man-in-the-middle” approach to get data on Facebook’s rivals, but users of Onavo were the “men in the middle.”

[…]

A team of senior executives and roughly 41 lawyers worked on Project Ghostbusters, according to court filings. The group was heavily concerned with whether to continue the program in the face of press scrutiny. Facebook ultimately shut down Onavo in 2019 after Apple booted the VPN from its app store.

Prosecutors also allege that Facebook violated the United States Wiretap Act, which prohibits the intentional procurement of another person’s electronic communications.

[…]

Prosecutors allege Project Ghostbusters harmed competition in the ad industry, adding weight to their central argument that Meta is a monopoly in social media.

Source: Project Ghostbusters: Facebook Accused of Using Your Phone to Wiretap Snapchat

Who would have thought that a Facebook VPN was worthless? Oh, I have been reporting on this since 2018

DDOS attack takes down NL provinces and government organizations’ websites

Posted on by

Various websites of provinces and government organizations were down on Monday due to a DDOS attack. At the moment, the website of the Province of North Holland is still unavailable or unavailable again.

The websites of the provinces of Groningen, Overijssel and North Brabant were also down for some time.

The sites of the Senate and the ports of Amsterdam and Den Helder were also bombarded.

According to FalconFeeds, a cyber threat intelligence platform, the DDoS attack was claimed by pro-Russian hacker group NoName05716. The attack is said to be in retaliation for the Dutch decision to give F-16 fighter jets to Ukraine.

More than a year ago, the province of North Holland was also the victim of a DDoS attack for some time.

Thanks to a temporary solution, the Groningen site is working again and subsidies and permits can also be applied for.

Research is still underway into the cause and possible consequences of this DDoS attack.

Source: DDOS aanval legt websites provincies en overheidsorganisaties plat – Emerce

Rapid biodegradation of microplastics generated from bio-based thermoplastic polyurethane in compost

Posted on by

Accumulation of microplastics in the natural environment is ultimately due to the chemical nature of widely used petroleum-based plastic polymers, which typically are inaccessible to biological processing. One way to mitigate this crisis is adoption of plastics that biodegrade if released into natural environments. In this work, we generated microplastic particles from a bio-based, biodegradable thermoplastic polyurethane (TPU-FC1) and demonstrated their rapid biodegradation via direct visualization and respirometry. Furthermore, we isolated multiple bacterial strains capable of using TPU-FC1 as a sole carbon source and characterized their depolymerization products. To visualize biodegradation of TPU materials as real-world products, we generated TPU-coated cotton fabric and an injection molded phone case and documented biodegradation by direct visualization and scanning electron microscopy (SEM), both of which indicated clear structural degradation of these materials and significant biofilm formation.

Source: Rapid biodegradation of microplastics generated from bio-based thermoplastic polyurethane | Scientific Reports

Conclusion

In this work, particle count and respirometry experiments demonstrated that microplastic particles from a bio-based thermoplastic polyurethane can rapidly biodegrade and therefore are transiently present in the environment. In contrast, microplastic particles from a widely used commercial thermoplastic, ethyl vinyl acetate, persists in the environment and showed no significant signs of biodegradation over the course of this experiment. Bacteria capable of utilizing TPU-FC1 as a carbon source were isolated and depolymerization of the material was confirmed by the early accumulation of monomers derived from the original polymer, which are metabolized by microbes in short order. Finally, we demonstrated that prototype products made from these materials biodegrade under home compost conditions. The generation of microplastics is an unavoidable consequence of plastic usage and mitigating the persistence of these particles by adoption of biodegradable material alternatives is a viable option for a future green circular economy.

GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code

Posted on by

GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers.

Known as Code Scanning Autofix and powered by GitHub Copilot and CodeQL, it helps deal with over 90% of alert types in JavaScript, Typescript, Java, and Python.

After being toggled on, it provides potential fixes that GitHub claims will likely address more than two-thirds of found vulnerabilities while coding with little or no editing.

“When a vulnerability is discovered in a supported language, fix suggestions will include a natural language explanation of the suggested fix, together with a preview of the code suggestion that the developer can accept, edit, or dismiss,” GitHub’s Pierre Tempel and Eric Tooley said.

The code suggestions and explanations it provides can include changes to the current file, multiple files, and the current project’s dependencies.

Implementing this approach can significantly reduce the frequency of vulnerabilities that security teams must handle daily.

This, in turn, enables them to concentrate on ensuring the organization’s security rather than being forced to allocate unnecessary resources to keep up with new security flaws introduced during the development process.

However, it’s also important to note that developers should always verify if the security issues are resolved, as GitHub’s AI-powered feature may suggest fixes that only partially address the security vulnerability or fail to preserve the intended code functionality.

“Code scanning autofix helps organizations slow the growth of this “application security debt” by making it easier for developers to fix vulnerabilities as they code,” added Tempel and Tooley.

“Just as GitHub Copilot relieves developers of tedious and repetitive tasks, code scanning autofix will help development teams reclaim time formerly spent on remediation.”

The company plans to add support for additional languages in the coming months, with C# and Go support coming next.

More details about the GitHub Copilot-powered code scanning autofix tool are available on GitHub’s documentation website.

Last month, the company also enabled push protection by default for all public repositories to stop the accidental exposure of secrets like access tokens and API keys when pushing new code.

This was a significant issue in 2023, as GitHub users accidentally exposed 12.8 million authentication and sensitive secrets via more than 3 million public repositories throughout the year.

As BleepingComputer reported, exposed secrets and credentials have been exploited for multiple high-impact breaches [123] in recent years.

Source: GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code

General Motors Quits Sharing Driving Behavior With Data Brokers – Now sells it directly to insurance companies?

Posted on by

General Motors said Friday that it had stopped sharing details about how people drove its cars with two data brokers that created risk profiles for the insurance industry.

The decision followed a New York Times report this month that G.M. had, for years, been sharing data about drivers’ mileage, braking, acceleration and speed with the insurance industry. The drivers were enrolled — some unknowingly, they said — in OnStar Smart Driver, a feature in G.M.’s internet-connected cars that collected data about how the car had been driven and promised feedback and digital badges for good driving.

Some drivers said their insurance rates had increased as a result of the captured data, which G.M. shared with two brokers, LexisNexis Risk Solutions and Verisk. The firms then sold the data to insurance companies.

Since Wednesday, “OnStar Smart Driver customer data is no longer being shared with LexisNexis or Verisk,” a G.M. spokeswoman, Malorie Lucich, said in an emailed statement. “Customer trust is a priority for us, and we are actively evaluating our privacy processes and policies.”

Romeo Chicco, a Florida man whose insurance rates nearly doubled after his Cadillac collected his driving data, filed a complaint seeking class-action status against G.M., OnStar and LexisNexis this month.

An internal document, reviewed by The Times, showed that as of 2022, more than eight million vehicles were included in Smart Driver. An employee familiar with the program said the company’s annual revenue from Smart Driver was in the low millions of dollars.

Source: General Motors Quits Sharing Driving Behavior With Data Brokers – The New York Times

No mention of who it is now selling the data to.

Apple accused of monopolizing smartphone markets by US and 15 states. Loses $115 billion market cap

Posted on by

The U.S. Department of Justice and 15 states on Thursday sued Apple (AAPL.O)

, opens new tab as the government cracks down on Big Tech, alleging the iPhone maker monopolized the smartphone market, hurt smaller rivals and drove up prices.
Apple joins competitors sued by regulators, including Alphabet’s (GOOGL.O)

, opens new tab Google, Meta Platforms (META.O), opens new tab and Amazon.com (AMZN.O)

, opens new tab across the administrations of both former President Donald Trump and President Joe Biden.
“Consumers should not have to pay higher prices because companies violate the antitrust laws,” Attorney General Merrick Garland said in a statement. “If left unchallenged, Apple will only continue to strengthen its smartphone monopoly.”
The Justice Department said that Apple charges as much as $1,599 for an iPhone and makes larger profit than any others in the industry. Officials also said Apple charges various business partners – from software developers to credit card companies and even its rivals such as Google – behind the scenes in ways that ultimately raise prices for consumers and drive up Apple’s profit.
Dating back to its time as a marginal player in the personal computer market, Apple’s business model has long been based on charging users a premium for technology products where the company dictates nearly all of the details of how the device works and can be used. The Justice Department seeks to unwind that business model by forcing Apple, which has a market value of $2.7 trillion, to offer users more choices around how apps can tap in to the hardware that Apple designs.
[…]
The Justice Department, which was also joined by the District of Columbia in the lawsuit, is seeking changes at Apple. An official suggested some form of breakup or reduction of the size of Apple was a possibility when they noted “structural relief is also a form of equitable relief.”
The 88-page lawsuit, filed in U.S. federal court in Newark, New Jersey, said it was focused on “freeing smartphone markets from Apple’s anticompetitive and exclusionary conduct and restoring competition to lower smartphone prices for consumers, reducing fees for developers, and preserving innovation for the future.”
In the lawsuit, the U.S. accused Apple of making it harder for consumers to block competitors and cited five examples where Apple used mechanisms to suppress technologies that would have increased competition among smartphones: so-called super apps, cloud stream game apps, messaging apps, smartwatches and digital wallets.
For example, the U.S. alleges Apple made it more difficult for competing messaging apps and smartwatches to work smoothly on its phones. It also alleges that Apple’s app store policies around streaming services for games have hurt competition.
[…]
On Thursday Reuters reported that Apple, Meta Platforms and Alphabet’s Google will be investigated for potential violations of the European Union’s Digital Markets Act that could lead to hefty fines by the end of the year, according to people with direct knowledge of the matter.
In Europe, Apple’s App Store business model has been dismantled by a new law called the Digital Markets Act that went into effect earlier this month. Apple plans to let developers offer their own app stores – and, importantly, pay no commissions – but rivals such as Spotify (SPOT.N)

, opens new tab and Epic argue Apple is still making it too hard to offer alternative app stores.

Source: Apple accused of monopolizing smartphone markets in US antitrust lawsuit | Reuters

Also: Apple Loses $113 Billion in Value After Regulators Close In | Bloomberg

Burglars using Wifi jammers and deauth attacks to disable wireless smart home security

Posted on by

Edina police believe that the suspects aren’t choosing houses at random –they’re researching carefully prior to burglarizing them. The suspects are stealing jewelry, safes, and high-end merchandise.

“It’s believed the burglars are not violent and tend to choose unoccupied houses,” the police’s report reads.

At the city safety meeting on January 31st, residents warned about the burglars using WiFi jammers to impact security systems, especially surveillance cameras.

Many home security devices connect directly to the WiFi network or a smart home hub using radio frequencies such as 2.4 GHz. Their signal strength is limited and is susceptible to interference.

Jammers can overpower signals from security devices by sending a “loud” noise in the same range of frequencies. For receivers, it’s then impossible to distinguish between the genuine signals and the disruptive noise generated by the jammers.

The use of jammers in the United States is banned by the Federal Communications Commission

Source: Burglars using jammers to disable wireless smart home security | Cybernews

De-authing involves sending packets which disconnect devices from the network and is much easier than jamming.

Researchers jailbreak AI chatbots with ASCII art

Posted on by

Researchers based in Washington and Chicago have developed ArtPrompt, a new way to circumvent the safety measures built into large language models (LLMs). According to the research paper ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs, chatbots such as GPT-3.5, GPT-4, Gemini, Claude, and Llama2 can be induced to respond to queries they are designed to reject using ASCII art prompts generated by their ArtPrompt tool. It is a simple and effective attack, and the paper provides examples of the ArtPrompt-induced chatbots advising on how to build bombs and make counterfeit money.

[…]

To best understand ArtPrompt and how it works, it is probably simplest to check out the two examples provided by the research team behind the tool. In Figure 1 above, you can see that ArtPrompt easily sidesteps the protections of contemporary LLMs. The tool replaces the ‘safety word’ with an ASCII art representation of the word to form a new prompt. The LLM recognizes the ArtPrompt prompt output but sees no issue in responding, as the prompt doesn’t trigger any ethical or safety safeguards.

(Image credit: arXiv:2402.11753)

Another example provided in the research paper shows us how to successfully query an LLM about counterfeiting cash. Tricking a chatbot this way seems so basic, but the ArtPrompt developers assert how their tool fools today’s LLMs “effectively and efficiently.” Moreover, they claim it “outperforms all [other] attacks on average” and remains a practical, viable attack for multimodal language models for now.

[…]

Source: Researchers jailbreak AI chatbots with ASCII art — ArtPrompt bypasses safety measures to unlock malicious queries | Tom’s Hardware

HackAPrompt – a taxonomy of GPT prompt hacking techniques

Posted on by

[…] We present a comprehensive Taxonomical Ontology of Prompt Hacking techniques, which categorizes various methods used to manipulate Large Language Models (LLMs) through prompt hacking. This taxonomical ontology ranges from simple instructions and cognitive hacking to more complex techniques like context overflow, obfuscation, and code injection, offering a detailed insight into the diverse strategies used in prompt hacking attacks.

Taxonomical Ontology of Prompt HackingFigure 5: A Taxonomical Ontology of Prompt Hacking techniques. Blank lines are hypernyms (i.e., typos are an instance of obfuscation), while grey arrows are meronyms (i.e., Special Case attacks usually contain a Simple Instruction). Purple nodes are not attacks themselves but can be a part of attacks. Red nodes are specific examples.

Introducing the HackAPrompt Dataset

This dataset, comprising over 600,000 prompts, is split into two distinct collections: the Playground Dataset and the Submissions Dataset. The Playground Dataset provides a broad overview of the prompt hacking process through completely anonymous prompts tested on the interface, while the Submissions Dataset offers a more detailed insight with refined prompts submitted to the leaderboard, exhibiting a higher success rate of high-quality injections.

[…]

The table below contains success rates and total distribution of prompts for the two datasets.

Total Prompts Successful Prompts Success Rate
Submissions 41,596 34,641 83.2%
Playground 560,161 43,295 7.7%

Table 2: With a much higher success rate, the Submissions Dataset dataset contains a denser quantity of high quality injections. In contract, Playground Dataset is much larger and demonstrates competitor exploration of the task.

Source: HackAPrompt

Italy’s Piracy Shield Blocks Innocent Web Sites, Makes It Hard For Them To Appeal so ISPs are ignoring the law because it’s stupid

Posted on by

Italy’s newly-installed Piracy Shield system, put in place by the country’s national telecoms regulator, Autorità per le Garanzie nelle Comunicazioni (Authority for Communications Guarantees, AGCOM), is already failing in significant ways. One issue became evident in February, when the VPN provider AirVPN announced that it would no longer accept users resident in Italy because of the “burdensome” requirements of the new system. Shortly afterwards, TorrentFreak published a story about the system crashing under the weight of requests to block just a few hundred IP addresses. Since there are now around two billion copyright claims being made every year against YouTube material, it’s unlikely that Piracy Shield will be able to cope once takedown requests start ramping up, as they surely will.

That’s a future problem, but something that has already been encountered concerns one of the world’s largest and most important content delivery networks (CDN), Cloudflare. CDNs have a key function in the Internet’s ecology. They host and deliver digital material to users around the globe, using their large-scale infrastructure to provide this quickly and efficiently on behalf of Web site owners. Blocking CDN addresses is reckless: it risks affecting thousands or even millions of sites, and compromises some of the basic plumbing of the Internet. And yet according to a post on TorrentFreak, that is precisely what Piracy Shield has now done:

Around 16:13 on Saturday [24 February], an IP address within Cloudflare’s AS13335, which currently accounts for 42,243,794 domains according to IPInfo, was targeted for blocking [by Piracy Shield]. Ownership of IP address 188.114.97.7 can be linked to Cloudflare in a few seconds, and doubled checked in a few seconds more.

The service that rightsholders wanted to block was not the IP address’s sole user. There’s a significant chance of that being the case whenever Cloudflare IPs enter the equation; blocking this IP always risked taking out the target plus all other sites using it.

The TorrentFreak article lists a few of the evidently innocent sites that were indeed blocked by Piracy Shield, and notes:

Around five hours after the blockade was put in place, reports suggest that the order compelling ISPs to block Cloudflare simply vanished from the Piracy Shield system. Details are thin, but there is strong opinion that the deletion may represent a violation of the rules, if not the law.

That lack of transparency about what appears to be a major overblocking is part of a larger problem, which affects those who are wrongfully cut off. As TorrentFreak writes, AGCOM’s “rigorous complaint procedure” for Piracy Shield “effectively doesn’t exist”:

information about blocks that should be published to facilitate correction of blunders, is not being published, also in violation of the regulations.

That matters, because appeals against Piracy Shield’s blocks can only be made within five working days of their publication. As a result, the lack of information about erroneous blocks makes it almost impossible for those affected to appeal in time:

That raises the prospect of a blocked innocent third party having to a) proactively discover that their connectivity has been limited b) isolate the problem to Italy c) discover the existence of AGCOM d) learn Italian and e) find the blocking order relating to them.

No wonder, then that:

some ISPs, having seen the mess, have decided to unblock some IP addresses without permission from those who initiated the mess, thus contravening the rules themselves.

In other words, not only is the Piracy Shield system wrongly blocking innocent sites, and making it hard for them to appeal against such blocks, but its inability to follow the law correctly is causing ISPs to ignore its rulings, rendering the system pointless.

This combination of incompetence and ineffectiveness brings to mind an earlier failed attempt to stop people sharing unauthorized copies. It’s still early days, but there are already indications that Italy’s Piracy Shield could well turn out to be a copyright fiasco on the same level as France’s Hadopi system, discussed in detail in Walled Culture the book (digital versions available free).

Source: Italy’s Piracy Shield Blocks Innocent Web Sites And Makes It Hard For Them To Appeal | Techdirt

Our Brains Are in Trouble: Nearly Half the World Living with Neurological Illness

Posted on by

[…]According to the authors of this new paper, published this month in The Lancet Neurology, there hasn’t yet been a full accounting of all the illnesses tied to our brain and nervous system, such as neurodevelopmental disorders. For this study, scientists looked at 37 unique conditions in total, including migraines, seizures, various forms of dementia, and more.

As of 2021, the study authors found, about 3.4 billion people (43% of the world’s population) are living with at least one of these neurological conditions. Compared to other broad groups of illness, such as infectious diseases, these conditions are estimated to be the leading cause of ill health and disability. This burden isn’t felt equally, however, with about 80% of neurological deaths and illnesses experienced in low- to middle-income countries. Some of the top 10 major contributors to the loss of healthy years include stroke, neonatal encephalopathy, migraine, dementia, and diabetic neuropathy (nerve damage caused by advanced diabetes).

[…]

Between 1990 and 2021, the study found, the rate of people living with or dying from neurological conditions has decreased, after adjusting for age—meaning that the chance of developing any one of these problems has shrunk over time. But since the global population has continued to grow, the absolute number of lost healthy years has increased 18% since then. And while the neurological harm caused by some conditions like stroke, rabies, and meningitis has decreased, the harm from others has increased, with cases of diabetic neuropathy having tripled over the past 30 years.

Though there has been some success in reducing or preventing important risk factors tied to neurological illness since 1990, such as greater vaccination coverage for certain diseases like tetanus, the authors say more can and should be done. Actions like reducing air pollution or preventing high blood pressure could substantially reduce the burden of stroke, for instance, while further eliminating lead exposure would prevent many cases of intellectual disability.

[…]

Source: Our Brains Are in Trouble: Nearly Half the World Living with Neurological Illness

Commercial Bank of Ethiopia glitch lets customers withdraw millions

Posted on by

Ethiopia’s biggest commercial bank is scrambling to recoup large sums of money withdrawn by customers after a “systems glitch”.

The customers discovered early on Saturday that they could take out more cash than they had in their accounts at the Commercial Bank of Ethiopia (CBE).

More than $40m (£31m) was withdrawn or transferred to other banks, local media reported.

It took several hours for the institution to freeze transactions.

Much of the money was withdrawn from state-owned CBE by students, bank president Abe Sano told journalists on Monday.

News of the glitch spread across universities largely via messaging apps and phone calls.

Long lines formed at campus ATMs, with a student in western Ethiopia telling BBC Amharic people were withdrawing money until police officers arrived on campus to stop them.

[…]

Ethiopia’s central bank, which serves as the financial sector’s governing body, released a statement on Sunday saying “a glitch” had occurred during “maintenance and inspection activities”.

The statement, however, focused on the interrupted service that occurred after CBE froze all transactions. It did not mention the money withdrawn by customers.

Mr Sano did not say exactly how much money was withdrawn during Saturday’s incident, but said the loss incurred was small when compared to the bank’s total assets.

He stated that CBE was not hit by a cyber-attack and that customers should not be worried as their personal accounts were intact.

At least three universities have released statements advising students to return any money not belonging to them that they may have taken from CBE.

Anyone returning money will not be charged with a criminal offence, Mr Sano said.

But it’s not clear how successful the bank’s attempts to recoup their money has been so far.

The student from Jimma University said on Monday he had not heard of anyone giving the money back, but said he had seen police vehicles on campus.

[…]

Source: Commercial Bank of Ethiopia glitch lets customers withdraw millions

Google DeepMind’s new AI assistant helps elite soccer coaches get even better

Posted on by

They might want to add a new AI assistant developed by Google DeepMind to their arsenal. It can suggest tactics for soccer set-pieces that are even better than those created by professional club coaches.

The system, called TacticAI, works by analyzing a dataset of 7,176 corner kicks taken by players for Liverpool FC, one of the biggest soccer clubs in the world.

Corner kicks are awarded to an attacking team when the ball passes over the goal line after touching a player on the defending team. In a sport as free-flowing and unpredictable as soccer, corners—like free kicks and penalties—are rare instances in the game when teams can try out pre-planned plays.

TacticAI uses predictive and generative AI models to convert each corner kick scenario—such as a receiver successfully scoring a goal, or a rival defender intercepting the ball and returning it to their team—into a graph, and the data from each player into a node on the graph, before modeling the interactions between each node. The work was published in Nature Communications today.

Using this data, the model provides recommendations about where to position players during a corner to give them, for example, the best shot at scoring a goal, or the best combination of players to get up front. It can also try to predict the outcomes of a corner, including whether a shot will take place, or which player is most likely to touch the ball first.

[…]

To assess TacticAI’s suggestions, GoogleDeepMind presented them to five football experts: three data scientists, one video analyst, and one coaching assistant, all of whom work at Liverpool FC. Not only did these experts struggle to distinguish’s TacticAI’s suggestions from real game play scenarios, they also favored the system’s strategies over existing tactics 90% of the time.

[…]

TacticAI’s powers of prediction aren’t just limited to corner kicks either—the same method could be easily applied to other set pieces, general play throughout a match, or even other sports entirely, such as American football, hockey, or basketball,

[…]

Source: Google DeepMind’s new AI assistant helps elite soccer coaches get even better | MIT Technology Review