Slashdot

An anonymous reader quotes a report from Bloomberg: With great fanfare last week, 44 attorneys general hit Google with two antitrust complaints, following a landmark lawsuit the Justice Department and 11 states lodged against the Alphabet Inc. unit in October. What's less known is that Oracle Corp. spent years working behind the scenes to convince regulators and law enforcement agencies in Washington, more than 30 states, the European Union, Australia and at least three other countries to rein in Google's huge search-and-advertising business. Those efforts are paying off. Officials in more than a dozen of the states that sued Google received what has been called Oracle's "black box" presentation showing how Google tracks users' personal information, said Ken Glueck, Oracle's top Washington lobbyist and the architect of the company's antitrust campaign against Google. Glueck outlined for Bloomberg the presentation, which often entails putting an Android phone inside a black briefcase to show how Google collects users' location details -- even when the phones aren't in use -- and confirmed the contours of the pressure campaign. "I couldn't be happier," said Glueck about the barrage of lawsuits. "As far as I can tell, there are more states suing Google than there are states." Oracle has fallen behind the tech giants in the marketplace, yet is notching one legal and regulatory win after another against them, Google especially. In response, Google spokesman Jose Castaneda denounced Oracle's "cloak-and-dagger lobbying campaign," saying "while Oracle describes itself as the biggest data broker on the planet, we're focused on keeping consumers' information safe and secure."

Read more of this story at Slashdot.

Signal, in a blog post: Yesterday, the BBC ran a story with the factually untrue headline, "Cellebrite claimed to have cracked chat app's encryption." This is false. Not only can Cellebrite not break Signal encryption, but Cellebrite never even claimed to be able to. Since we weren't actually given the opportunity to comment in that story, we're posting this to help to clarify things for anyone who may have seen the headline. Last week, Cellebrite posted a pretty embarrassing (for them) technical article to their blog documenting the "advanced techniques" they use to parse Signal on an Android device they physically have with the screen unlocked. This is a situation where someone is holding an unlocked phone in their hands and could simply open the app to look at the messages in it. Their post was about doing the same thing programmatically (which is equally simple), but they wrote an entire article about the "challenges" they overcame, and concluded that "...it required extensive research on many different fronts to create new capabilities from scratch." [...] What really happened: If you have your device, Cellebrite is not your concern. It is important to understand that any story about Cellebrite Physical Analyzer starts with someone other than you physically holding your device, with the screen unlocked, in their hands. Cellebrite does not even try to intercept messages, voice/video, or live communication, much less "break the encryption" of that communication. They don't do live surveillance of any kind. Cellebrite is not magic. Imagine that someone is physically holding your device, with the screen unlocked, in their hands. If they wanted to create a record of what's on your device right then, they could simply open each app on your device and take screenshots of what's there. This is what Cellebrite Physical Analyser does. It automates the process of creating that record. However, because it's automated, it has to know how each app is structured, so it's actually less reliable than if someone were to simply open the apps and manually take the screenshots. It is not magic, it is mediocre enterprise software. Cellebrite did not "accidentally reveal" their secrets. This article, and others, were written based on a poor interpretation of a Cellebrite blog post about adding Signal support to Cellebrite Physical Analyzer. Cellebrite posted something with a lot of detail, then quickly took it down and replaced it with something that has no detail. This is not because they "revealed" anything about some super advanced technique they have developed (remember, this is a situation where someone could just open the app and look at the messages). They took it down for the exact opposite reason: it made them look bad.

Read more of this story at Slashdot.

Pfizer and partner BioNTech agreed to supply an additional 100 million doses of their Covid-19 vaccine to the U.S., as the country seeks to widen its immunization program and revive its economy. From a report: The agreement brings the total number of doses to be delivered to the U.S. to 200 million, the companies said Wednesday in a statement. The drugmaker expects to deliver all the doses to U.S. vaccine and drug accelerator Operation Warp Speed by July 31. Countries around the world are seeking supplies of vaccine they hope will allow the reopening of schools and businesses and the resumption of travel. The U.K. has also begun administering doses of the Pfizer-BioNTech shot, and European drug authorities cleared it for use on Monday. The U.S. has been working to expand supplies of the front-runner vaccine, in light of the drugmakers' commitments to other countries. Earlier this month, the U.S. exercised an option to buy 100 million additional vaccine doses from Moderna, doubling the number it has on order from that company to 200 million. Like Pfizer and BioNTech's vaccine, Moderna's is a two-shot regimen based on new technology known as messenger RNA, but it doesn't have to be stored at the same ultracold temperatures as the Pfizer-BioNTech shot.

Read more of this story at Slashdot.

Matthew Green, a cryptographer and professor at Johns Hopkins University, shares in a series of tweets: My students Max and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were "breaking phone encryption." This was prompted by a claim from someone knowledgeable, who claimed that forensics companies no longer had the ability to break the Apple Secure Enclave Processor, which would make it very hard to crack the password of a locked, recent iPhone. We wrote an enormous report -- a draft of which you can read here (PDF) about what we found, which we'll release after the holidays. The TL;DR is kind of depressing: Authorities don't need to break phone encryption in most cases, because modern phone encryption sort of sucks. I'll focus on Apple here but Android is very similar. The top-level is that, to break encryption on an Apple phone you need to get the encryption keys. Since these are derived from the user's passcode, you either need to guess that -- or you need the user to have entered it. Guessing the password is hard on recent iPhones because there's (at most) a 10-guess limit enforced by the Secure Enclave Processor (SEP). There's good evidence that at one point in 2018 a company called GrayKey had a SEP exploit that did this for the X. See photo. There is really no solid evidence that this exploit still works on recent-model iPhones, after 2018. If anything, the evidence is against it. So if they can't crack the passcode, how is law enforcement still breaking into iPhones (because they definitely are)? The boring answer very likely is that police aren't guessing suspects' passcodes. They're relying on the fact that the owner probably typed it in. Not after the phone is seized, in most cases. Beforehand. The full thread on Twitter here.

Read more of this story at Slashdot.

DeepMind's latest AI program can attain "superhuman performance" in tasks without needing to be given the rules. From a report: Like the research hub's earlier artificial intelligence agents, MuZero achieved mastery in dozens of old Atari video games, chess, and the Asian board games of Go and Shogi. But unlike its predecessors, it had to work out their rules for itself. It is already being put to practical use to find a new way to encode videos, which could slash YouTube's costs. [...] MuZero could soon be put to practical use too. Dr Silver said DeepMind was already using it to try to invent a new kind of video compression. "If you look at data traffic on the internet, the majority of it is video, so if you can compress video more effectively you can make massive savings," he explained. "And initial experiments with MuZero show you can actually make quite significant gains, which we're quite excited about." He declined to be drawn on when or how Google might put this to use beyond saying more details would be released in the new year. However, as Google owns the world's biggest video-sharing platform -- YouTube -- it has the potential to be a big money-saver. DeepMind is not the first to try and create an agent that both models the dynamics of the environment it is placed in and carries out tree searches -- deciding how to proceed by looking several steps ahead to determine the best outcome. However, previous attempts have struggled to deal with the complexity of "visually rich" challenges, such as those posed by old video games like Ms Pac-Man.

Read more of this story at Slashdot.

Google chief Sundar Pichai has warned that "regulation can get it wrong" as his firm is increasingly targeted by antitrust moves. From a report: Last week, the European Commission set out new regulation to curb the power of big tech. The Digital Services Act hopes to increase transparency and competition for tech firms. The legislation will force firms, such as Google, to publish the algorithms used for rankings, as well as to police their own content. Big firms could be fined between six per cent and 10 per cent of global annual turnover if they fail to comply. In the interview with the FT, Pichai gave a guarded welcome to the regulation. He said: "I think it's an important regulation to think through and get right." However, he warns that "Governments need to think through these important principles. Sometimes we can design very open ecosystems, they can have security implications." He added that the failure of GDPR to break down the monopoly of big tech "shows that for a lot of these things, the answers are nuanced, and regulation can get it wrong."

Read more of this story at Slashdot.

Last Tuesday, Facebook launched what it portrayed as a full-throated defense of small businesses. But while the $750 billion company's public relations effort has presented a united front with small businesses, some Facebook employees complained about what they called a self-serving campaign that bordered on hypocrisy, according to internal comments and audio of a presentation to workers that were obtained by BuzzFeed News. From a report: A change in Apple's iOS 14 mobile operating system -- which requires iPhone owners to opt in to allow companies to track them across other apps and websites -- hurts Facebook, some employees argued on the company's private message boards, and their employer was just using small businesses as a shield. "It feels like we are trying to justify doing a bad thing by hiding behind people with a sympathetic message," one engineer wrote in response to an internal post about the campaign from Dan Levy, Facebook's vice president for ads. "Aren't we worried that our stance protecting [small- and medium-sized businesses] will backfire as people see it as 'FB protecting their own business' instead?" read one top-voted question. "People want 'privacy,'" read another. "FB objecting here will be viewed with cynicism. Did we know this would be bad PR, and decide to publish anyway?" "How do we pick a message that looks less self serving?" one employee asked.

Read more of this story at Slashdot.

Instant messaging app Telegram is "approaching" 500 million users and plans to generate revenue starting next year to keep the business afloat, its founder Pavel Durov said on Wednesday. From a report: Durov said he has personally bankrolled the seven-year-old business so far, but as the startup scales he is looking for ways to monetize the instant messaging service. "A project of our size needs at least a few hundred million dollars per year to keep going," he said. The service, which topped 400 million active users in April this year, will introduce its own ad platform for public one-to-many channels -- "one that is user-friendly, respects privacy and allows us to cover the costs of server and traffic," he wrote on his Telegram channel.

Read more of this story at Slashdot.

The Federal Communications Commission's ongoing sale of wireless licenses has fetched more than $66.4 billion after three weeks of bidding, a record sum that could alter cellphone carriers' prospects for the next decade. From a report: The auction proceeds have already topped the $44.9 billion raised in 2015 by an earlier sale of midrange cellular licenses, which U.S. cellphone carriers used at the time to enhance their 4G service. Those companies are now investing billions of dollars in the next wave of fifth-generation coverage. The 5G standard promises to speed the flow of data to phones and other wireless devices like personal computers, cars and industrial machinery. The recent bids have blown past Wall Street's highest forecasts, suggesting that several companies are fighting over the most valuable wireless rights. The 5G auction kicked off Dec. 8 and will pause for the holidays until Jan. 4, when total bids could move even higher. Each bid is swathed in secrecy until the auction process ends. Analysts expect big names like AT&T and Verizon Communications to walk away with a large share of the licenses to match assets that rival T-Mobile captured with its February takeover of Sprint.

Read more of this story at Slashdot.

Zoom Video Communications has had an astonishing rise in 2020, emerging as the go-to service for work meetings and family get-togethers during the pandemic. Now the company is considering whether it could replicate its success in video in an even more competitive market: corporate email [Editor's note: the link is paywalled; alternative source]. The Information: The company has begun developing a web email service and might offer a very early version of the product to some customers next year, according to two people with direct knowledge of the matter. The company also is looking into building a calendar application, one of the people said. The efforts haven't been reported previously. According to people familiar with his thinking, Zoom CEO Eric Yuan envisions broadening the company's videoconferencing service into a full-fledged platform that would include email, messaging and other productivity tools. Yuan's goal is to figure out what the "next generation" of email will look like rather than mimic existing products, one of the people said. The projects are still in the early stages, and it is possible Zoom will decide not to move forward.

Read more of this story at Slashdot.

It could take a while before the handshake comes back, if it ever does. Business conferences, however, are set to restart in the U.S. the moment health code allows. And despite uncertainty around when exactly that will be, convention organizers are holding out hope -- and event space -- for a possible return in the coming weeks. From a report: One of those optimists is Peter Diamandis. He convened some of his employees at their office in Culver City, California, last Wednesday for a low-key, in-person holiday gathering. There, Diamandis said his flagship annual conference, Abundance 360, was still on for late January in Malibu, California, according to a person familiar with the situation who asked not to be identified. It will feature seminars on technology and entrepreneurialism, as well as a video address from Salesforce.com's Marc Benioff. Diamandis said last week that the company was taking precautions to hold the event safely. Anyone attending in person would have to take a nose-swab test 72 hours before arrival and each day during the conference itself. He was closely tracking infection rates and regulatory guidance, he said. "Many of our members definitely want to get together in person (if possible)," he wrote in an email to Bloomberg. One day later, though, Diamandis changed his mind. The company canceled the in-person program for most people scheduled to attend Abundance 360, according to a message to staff reviewed by Bloomberg. The summit will be limited to about 16 people who paid $30,000 for special events and coaching, internal documents show. (Although that, too, could be cancelled depending on the health situation, Diamandis wrote in an email to Bloomberg.) Everyone else will get access to online programs. Of the many important things lost this year, conferences are pretty far down the list. But for the organizations that put on the events, the coronavirus pandemic has severely altered their operations. Cancellations in the U.S. this year will cost as much as $22 billion, according to estimates from the Center for Exhibition Industry Research, a trade group. Most conferences are sticking to online-only through early next year, including CES, the largest technology industry conference typically held in January, or are postponing until the second half of the year, said Heather Keenan, president of Key Events, a meeting and events-planning firm. Some are exploring hybrid events with the choice of online or in person starting in May, she said.

Read more of this story at Slashdot.

Microplastic particles have been revealed in the placentas of unborn babies for the first time, which the researchers said was "a matter of great concern." From a report: The health impact of microplastics in the body is as yet unknown. But the scientists said they could carry chemicals that could cause long-term damage or upset the foetus's developing immune system. The particles are likely to have been consumed or breathed in by the mothers. The particles were found in the placentas from four healthy women who had normal pregnancies and births. Microplastics were detected on both the foetal and maternal sides of the placenta and in the membrane within which the foetus develops. A dozen plastic particles were found. Only about 4% of each placenta was analysed, however, suggesting the total number of microplastics was much higher. All the particles analysed were plastics that had been dyed blue, red, orange or pink and may have originally come from packaging, paints or cosmetics and personal care products. The microplastics were mostly 10 microns in size (0.01mm), meaning they are small enough to be carried in the bloodstream. The particles may have entered the babies' bodies, but the researchers were unable to assess this.

Read more of this story at Slashdot.

Alphabet's Google this year moved to tighten control over its scientists' papers by launching a "sensitive topics" review, and in at least three cases requested authors refrain from casting its technology in a negative light, Reuters reported Wednesday, citing internal communications and interviews with researchers involved in the work. From a report: Google's new review procedure asks that researchers consult with legal, policy and public relations teams before pursuing topics such as face and sentiment analysis and categorizations of race, gender or political affiliation, according to internal webpages explaining the policy. "Advances in technology and the growing complexity of our external environment are increasingly leading to situations where seemingly inoffensive projects raise ethical, reputational, regulatory or legal issues," one of the pages for research staff stated. Reuters could not determine the date of the post, though three current employees said the policy began in June. The "sensitive topics" process adds a round of scrutiny to Google's standard review of papers for pitfalls such as disclosing of trade secrets, eight current and former employees said. For some projects, Google officials have intervened in later stages. A senior Google manager reviewing a study on content recommendation technology shortly before publication this summer told authors to "take great care to strike a positive tone," according to internal correspondence read to Reuters.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Verge: Verizon's new nationwide 5G network is reportedly slower than its LTE network, to the point that users are apparently better off just disabling 5G entirely unless they're near a mmWave network. The results come from testing done by PC Magazine's Sascha Sagan, who points to Dynamic Spectrum Sharing, or DSS, as the culprit. The tech lets carriers run LTE and 5G networks side by side, which is useful if, like Verizon, you don't yet have enough dedicated 5G spectrum. While the carrier has largely focused on its mmWave network until recently, it also has begun rolling out a mid-band nationwide 5G network, which promises to avoid mmWave's range issues by using DSS. The only catch is that, with Verizon, it seems like this tech leads to worse performance in most cases for phones running in 5G mode. The solution, at least for now, is to just turn 5G off if you're a Verizon customer. If that has your concerned about speeds compared to your T-Mobile customer friends, don't worry too much: in it's nationwide speed test earlier this year, PC Magazine found that T-Mobile's 5G can often still be slower than Verizon's LTE, even though it uses dedicated 5G bands. That same nationwide test also revealed that AT&T's 5G can be slower than its LTE as well -- which makes sense, given that it also uses the DSS technology for it's 5G network. The results from PC Magazine were only done in New York City, so if you have a 5G phone on Verizon, it may be worth checking to see if you're actually getting faster speeds with 5G on. If you're not, it may be worth turning it off entirely for now. This is also likely just a temporary issue -- as Verizon continues to add dedicated 5G spectrum, their speeds are going to improve.

Read more of this story at Slashdot.

Companies may go public on the New York Stock Exchange without forking out fat fees to Wall Street banks which typically underwrite such capital raisings, the U.S. securities regulator said on Tuesday. Reuters reports: The Securities and Exchange Commission approval of the NYSE's "direct" listing plan threatens to overhaul the U.S. initial public offering market, by allowing aspiring public companies to sell shares directly to investors. Investment banks have for decades organized IPOs, marketed them to institutions, and supported the stock via their trading desks. The change, following months of industry haggling, will help reduce what critics call excessive underwriter fees, a major barrier to companies looking to go public. Investor groups, however, warned it could diminish their protections as the banks perform due diligence on the companies.

Read more of this story at Slashdot.

Carnegie's Robert Hazen and Shaunna Morrison teamed up with CU Boulder philosophy of science professor Carol Cleland to propose that scientists adopt a new "evolutionary system" of mineral classification -- one that includes historical data and reflects changes in the diversity and distribution of minerals through more than 4 billion years of Earth's history. Their work is published by the Proceedings of the National Academy of Sciences. Phys.Org reports: The IMA classification system for minerals dates to the 19th century when geologist James Dwight Dana outlined a way to categorize minerals on the basis of unique combinations of idealized compositions of major elements and geometrically idealized crystal structure. "For example, the IMA defines quartz as pure silicon dioxide, but the existence of this idealized version is completely fictional," said Morrison. "Every specimen of quartz contains imperfections -- traces of its formation process that makes it unique." This approach to the categorization system means minerals with distinctly different historical origins are lumped together [...] while other minerals that share a common causal history are split apart. "The IMA system is typical," said lead author Cleland, explaining that most classification systems in the natural sciences, such as the periodic table of the elements, are time independent, categorizing material things "solely on the basis of manifest similarities and differences, regardless of how they were produced or what modifications they have undergone." For many researchers, a time-independent system is completely appropriate. But this approach doesn't work well for planetary and other historically oriented geosciences, where the emphasis is on understanding the formation and development of planetary bodies. Differences in a diamond or quartz crystal's formative history are critical, Cleland said, because the conditions under which a sample was formed and the modifications it has undergone "are far more informative than the mere fact that a crystal qualifies as diamond or quartz." She, Hazen, and Morrison argue that what planetary scientists need is a new system of categorizing minerals that includes historical "natural kinds." Because a universal theory of "mineral evolution" does not exist, creating such a classification system for the geosciences is challenging. Hazen, Morrison, and Cleland's proposed solution is what they call a "bootstrap" approach based on historically revelatory, information-rich chemical, physical, and biological attributes of solid materials. This strategy allows scientists to build a historical system of mineral kinds while remaining agnostic about its underlying theoretical principles.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: Australia has declared its national broadband network (NBN) is "built and fully operational," ending a saga that stretches back to the mid-2000s. Minister for communications, cyber safety and the arts Paul Fletcher declared the build complete in a Wednesday statement that admitted 35,000 premises remain unable to connect to the network, but seeing as that number was over 100,000 in August 2020 and over 11.86 million premises have been wired, he's happy to say the job's been done. The statement also pointed out that legislation governing the NBN build requires a declaration the job is done before December 31st. "New premises are being built all the time," the minister said. "This means that there will always be a number of premises around Australia that are not yet 'ready to connect.' The fact that there is a certain number of premises which are not ready to connect is not of itself evidence that the network cannot be treated as 'built and fully operational.'" Thus ends a saga that began in the mid-2000s when Australia figured out that ubiquitous broadband access was a good idea. Dominant telco Telstra proposed to build the network and operate as both a wholesaler to rivals and a retailer, but as that arrangement had stifled competition for years the government of the day wasn't keen on the idea. At the 2007 election the left-of-center Australian Labor Party swept to power in part due to its plans to build a fast national broadband network. That promise evolved into a commitment to build a fibre-to-the-premises (FTTP) network...

Read more of this story at Slashdot.

chicksdaddy shares a report from The Security Ledger: The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company "back door" access to deployed sets, The Security Ledger reports. Speaking at The Heritage Foundation, a conservative think tank, Acting DHS Secretary Chad Wolf said that DHS is "reviewing entities such as the Chinese manufacturer TCL." "This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world," Wolf said, according to a version of prepared remarks published by DHS. His talk was entitled "Homeland Security and the China Challenge." As reported last month, independent researchers John Jackson -- an application security engineer for Shutter Stock -- and a researcher using the handle Sick Codes identified and described two serious software security holes affecting TCL brand television sets and would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned. Both flaws affect TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below, according to the official CVE reports. In an interview with The Security Ledger, the researcher Sick Codes said that a TCL TV set he was monitoring was patched for the CVE-2020-27403 vulnerability without any notice from the company and no visible notification on the device itself. In a statement to The Security Ledger, TCL disputed that account. By TCL's account, the patched vulnerability was linked to a feature called "Magic Connect" and an Android APK by the name of T-Cast, which allows users to "stream user content from a mobile device." T-Cast was never installed on televisions distributed in the USA or Canada, TCL said. For TCL smart TV sets outside of North America that did contain T-Cast, the APK was "updated to resolve this issue," the company said. That application update may explain why the TCL TV set studied by the researchers suddenly stopped exhibiting the vulnerability. In his address on Monday, Acting Secretary Wolf said the warning about TCL will be part of a broader "business advisory" cautioning against using data services and equipment from firms linked to the People's Republic of China (PRC). This advisory will highlight "numerous examples of the PRC government leveraging PRC institutions like businesses, organizations, and citizens to covertly access and obtain the sensitive data of businesses to advance its economic and national security goals," Wolf said. "DHS flags instances where Chinese companies illicitly collect data on American consumers or steal intellectual property. CCP-aligned firms rake in tremendous profits as a result," he said.

Read more of this story at Slashdot.

France's top administrative court has backed privacy campaigners by imposing a ban on police use of drones for covering public protests in Paris. The BBC reports: The Council of State said Paris police prefect Didier Lallement should halt "without delay" drone surveillance of gatherings on public roads. The ruling comes weeks after MPs backed a controversial security bill that includes police use of drones. Its main aim is to regulate how people share film or photos of police. Privacy rights group La Quadrature du Net (LQDN) has argued that the bill's main measures violate freedom of expression and that drones equipped with cameras cannot keep the peace but track individuals instead. The Council of State ruled there was "serious doubt over the legality" of drones without a prior text authorizing and setting out their use. LQDN said the only way the government could legalize drone surveillance now was in providing "impossible proof" that it was absolutely necessary to maintain law and order. The decision is the second setback in months for Parisian authorities' drone plans. In May, the same court ruled that drones could not be used in the capital to track people in breach of France's strict lockdown rules.

Read more of this story at Slashdot.