TMO Link

Link

Programmers Create Every Possible Melody to Stop Lawsuits

Andrew Orr ·

Two programmers have created every possible melody in MIDI to help creators stifled by lawsuits.

Two programmer-musicians wrote every possible MIDI melody in existence to a hard drive, copyrighted the whole thing, and then released it all to the public in an attempt to stop musicians from getting sued.

Often in copyright cases for song melodies, if the artist being sued for infringement could have possibly had access to the music they’re accused of copying—even if it was something they listened to once—they can be accused of “subconsciously” infringing on the original content.

Sounds like a clever attempt to hack the system. I’m not sure if that will actually hold up in court but it’s creative.

Link

How to Create a Honeypot URL With URL Canary

Andrew Orr ·

A service I recently discovered is URL Canary. It creates a honeypot URL that you can then put in a location such as your cloud storage. It alerts you if that URL has been accessed.

URL Canary will catch automated robots and crawlers, as well as manual human attackers. The only time it won’t catch an attacker is if they don’t see the canary, or they don’t find it sufficiently-compelling and opt not to visit it. Since you have control of the URL and the domain name, you can make your canaries as compelling as possible for your specific use case.

There’s a similar service I know of called CanaryTokens.

Link

MI5 Chief Wants ‘Exceptional Access’ to Encrypted Messages

Andrew Orr ·

Sir Andrew Parker is the head of MI5, the UK’s domestic security service. He wants tech firms to provide “exceptional access” to encrypted messages.

In an ITV interview to be broadcast on Thursday, Sir Andrew Parker says he has found it “increasingly mystifying” that intelligence agencies like his are not able to easily read secret messages of terror suspects they are monitoring.

Bah, this is smoke and mirrors. As the head of a security agency he knows that restricting backdoors to the good guys is impossible.

Link

What Impact Does Watching Netflix Have Climate Change?

Andrew Orr ·

Despite what mainstream media wants you to think, the outcome is mostly still unclear when it comes to Netflix binging.

On one hand, the paper reports, strides in data center efficiency have mostly kept pace with growing demand for data, meaning that in the last decade the total amount of energy consumed by the centers has not changed much—around 1% of global energy use. That’s about the same as 18 million US homes.

On the other hand, it’s clear that we’re approaching a limit to squeezing out more efficiency—especially given the rise of data-ravenous artificial intelligence.

What I find annoying about the debates around climate change is how a lot of mainstream media are trying to blame people. Like blaming their Netflix binging instead of reporting the facts like 100 corporations are responsible for 71% of emissions. Sure, Netflix wouldn’t exist without its users, but I think it’s important to focus on how much more damage a corporation does than an individual.

Link

Facebook Sues OpenAudience for Improperly Harvesting Data

Andrew Orr ·

Facebook filed a federal lawsuit in California against OneAudience, saying it improperly harvested its user data.

The social media company claims that OneAudience harvested users’ data by getting app developers to install a malicious software development kit, or SDK, in their apps. SDKs are packages of basic tools that make it easier and faster for developers to build their apps.

Oddly, Facebook isn’t suing itself.

Link

Photo App Neural Cam Moves to Subscription

Andrew Orr ·

Neural Cam promises to give you Night Mode photos even if you don’t have the latest iPhones. It costs US$4.99 up front and recently moved to a subscription of US$4.99/month or US$35.99/year.

I’ve never used the app but people are saying the app is taking away features that people had paid for and locking it behind a subscription, a clear violation of App Store Review Guidelines, section 3.1.2(a).

Update: NeuralCam reached out to me to clarify: The Pro Pack is optional and only adds features for Pro users who subscribe. There’s also an additional 12-month introductory price at US$2.99/month. Finally, no features will be taken away from existing users.

Link

iBaby Monitors Can be Exploited by Hackers

Andrew Orr ·

Parents using an iBaby Monitor M6S should be aware it has multiple security problems that open it up to hackers.

That means any ne’er-do-well can purchase an iBaby monitor and use it to access files from every iBaby monitor. Unbelievable? Believe it. For legal reasons, the Bitdefender researchers did not access data belonging to other real-world users. Instead, they set up a second test device and verified access.

Link

Reddit CEO Brands TikTok 'Fundamentally Parasitic'

Charlotte Henry ·

It turns out the Reddit CEO is not a big fan of TikTok. Steve Huffman called the video-sharing app “fundamentally parasitic” and “spyware” at a recent event, TechCrunch reported.

The comments from Reddit CEO and co-founder Steve Huffman were some of the more controversial offered up during a panel discussion with former public policy exec Elliot Schrage and former Facebook VP of Product Sam Lessin. During a brief conversation about the feature innovations of TikTok, Huffman pushed back hard on the notion that Silicon Valley startups had something to learn from the app. “Maybe I’m going to regret this, but I can’t even get to that level of thinking with them,” Huffman said. “Because I look at that app as so fundamentally parasitic, that it’s always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone.” “I actively tell people, ‘Don’t install that spyware on your phone,’” he later added.

Link

NSA Spy Program Cost Taxpayers $100 Million and Was Overall Useless

Andrew Orr ·

Form 2015 to 2019 the National Security Agency (NSA) collected Americans’ domestic phone calls and texts. The program cost US$100 million but only one investigation was able to make use of that data.

Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday.

“Based on one report, F.B.I. vetted an individual, but, after vetting, determined that no further action was warranted,” the report said. “The second report provided unique information about a telephone number, previously known to U.S. authorities, which led to the opening of a foreign intelligence investigation.”

Link

Someone Stole Clearview AI’s List of Clients

Andrew Orr ·

Clearview AI gained notoriety for partnering with law enforcement on facial recognition, using its database of billions of scraped images from the web. But someone just stole its list of clients.

…Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. The notification said the company’s servers were not breached and that there was “no compromise of Clearview’s systems or network.”

Meanwhile, law enforcement on end-to-end encryption: “Who needs that kind of encryption, other than maybe the military? We don’t even — in law enforcement — use encryption like that.”

Link

Could iPhone 12’s Fast 802.11ay Wi-Fi Be For AR Glasses?

Andrew Orr ·

The iPhone 12 is rumored to get support for 802.11ay, a high speed and low latency Wi-Fi standard. Jason Cross posits that it could be used for Apple’s AR glasses.

The alternative is to make the headset a relatively dumb set of displays and cameras, with all the processing happening on some sort of base station—like your new iPhone 12. An ultra-high speed, super low-latency connection like that provided by 802.11ay is a necessity to make that work.

A popular thought is that Apple Glasses will be an iPhone accessory like Apple Watch is (or, started out) with most or all of the processing happening on the iPhone.

Link

Ex-Apple Board Member Bob Iger Quits as Disney CEO

Charlotte Henry ·

Former Apple board member Bob Iger has announced that he is stepping down as CEO of Disney with immediate effect and becoming Executive Chairman, CNN reported. Tuesday’s move followed the successful launch of Disney+.

Iger has assumed the role of executive chairman and will direct the company’s creative endeavors, the company said. Iger will stay on at Disney through the end of this contract on December 31, 2021. “With the successful launch of Disney’s direct-to-consumer businesses and the integration of Twenty-First Century Fox well underway, I believe this is the optimal time to transition to a new CEO,” Iger said in statement.

 

Link

When You Download Facebook Data, it Doesn’t Show Everything

Andrew Orr ·

Facebook isn’t being completely truthful about the data available in its “Download Your Information” feature. Some information is left out.

Privacy International recently tested the feature to download all ‘Ads and Business’ related information (You can accessed it by Clicking on Settings > Your Facebook Information > Download Your Information). This is meant to tell users which advertisers have been targeting them with ads and under which circumstances. We found that information provided is less than accurate. To put it simply, this tool is not what Facebook claims. The list of advertisers is incomplete and changes over time.

As Privacy International points out, this is in violation of GDPR because Facebook doesn’t let you see all of the advertisers that have your data.

Link

AT&T’s Mandatory Arbitration Clause Deemed Illegal

Andrew Orr ·

A panel of judges in the U.S. Court of Appeals for the Ninth Circuit ruled that AT&T’s mandatory arbitration clause is unenforceable.

AT&T appealed that ruling to the US Court of Appeals for the Ninth Circuit, but a three-judge panel at that court rejected AT&T’s appeal in a ruling issued Tuesday. Judges said they must follow the California Supreme Court decision—known as the McGill rule—”which held that an agreement, like AT&T’s, that waives public injunctive relief in any forum is contrary to California public policy and unenforceable.”

The ruling can be found here [PDF].

Link

FTC Sends Refund Checks to Victims of Tech Support Scams

Andrew Orr ·

The Federal Trade Commission will send refunds to tech support scams totaling US$1.7 million. The scam operated under Click4Support, claiming to be from companies like Apple and Microsoft.

The FTC will begin providing 57,960 refunds averaging about $30 each to victims of the scheme. Most recipients will get their refunds via PayPal, but those who receive checks should deposit or cash their checks within 60 days, as indicated on the check.

Link

Apple’s “Secret” Monopoly

Andrew Orr ·

Will Oremus wrote an essay on Medium in which he argues that Apple is a monopoly, specifically when it comes to the App Store. I think a few good arguments could be made in support of this accusation. But my opinion lies with this quote:

Apple’s platform is significantly less open than Google’s: Unlike its rival, Apple doesn’t allow any app stores on the iPhone other than its own, and it doesn’t allow users to “sideload” apps downloaded from the web or elsewhere. The company says its goal is to ensure users can trust every app they download; allowing unapproved apps could expose users to privacy violations or malware.

The App Store isn’t perfect, but I believe it contains far fewer malware than Google’s Play Store. Apple’s restrictions also make it better for privacy, and thus better for people. I think price is a better argument than the walled garden. Or, I at least have more sympathy for indie developers rather than billion-dollar competitors to Apple.

Link

What Happens When The Government Blocks Internet Access?

Charlotte Henry ·

We all rely on the internet for our day-to-day lives. Yet, at the height of protests, governments around the world can shut down their citizens’ access to the web. BBC News looked into where, and why, this happened during 2019.

When the internet shuts down, everything is stopped in its tracks. Data shared with the BBC by digital rights group Access Now, shows that last year services were deliberately shut down more than 200 times in 33 separate countries. This includes, on one occasion, in the UK. In April 2019 the British Transport Police shut down the wi-fi on London’s Tube network during a protest by climate change activists Extinction Rebellion. Also revealed in the report about shutdowns in 2019: The internet was switched off during 65 protests in various countries around the world. A further 12 took place during election periods. The majority of all shutdowns occurred in India. The longest internet switch-off happened in Chad, central Africa, and lasted 15 months.

Link

Firefox Enables Encrypted DNS by Default

Andrew Orr ·

Starting today, Firefox will begin rolling out support for encrypted DNS over HTTPS for U.S.-based users.

We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear.

You can choose between Cloudflare and NextDNS. As I mentioned in my roundup of DNS services, I’ve been using NextDNS for the past couple weeks and I love it.

Link

Netflix Top 10 Lists Appear Today to Show Popular Content

Andrew Orr ·

Starting today Netflix is rolling out a Top 10 lists feature that will update every day. It will feature the platform’s most popular content.

“Starting today you’ll notice something new when you go on Netflix: The Top 10 row,” the company said in a tweet. “The lists update daily to show what’s popular in your country and are broken into three categories: Netflix overall, shows & films.”

The most popular Netflix offerings in your country should show up in their own row once you log in to your Netflix account, the company said. “The list is rolling out globally now and should be on your homepage by the end of the day at the latest.”

Link

HackerOne Punished Researchers Who Disclosed PayPal Bugs

Andrew Orr ·

HackerOne is a bug bounty platform that connects companies with security researchers. Recently, when researchers used the platform to disclose six PayPal vulnerabilities, they were punished.

When our analysts discovered six vulnerabilities in PayPal…we were met with non-stop delays, unresponsive staff, and lack of appreciation…When we pushed the HackerOne staff for clarification on these issues, they removed points from our Reputation scores, relegating our profiles to a suspicious, spammy level.

This happened even when the issue was eventually patched, although we received no bounty, credit, or even a thanks…We’ll assume that HackerOne’s response is representative of PayPal’s response.

Link

Intuit Could Buy Credit Karma for $7 Billion

Andrew Orr ·

Financial services giant Inuit, which has products like TurboTax and Mint, is close to a deal to buy Credit Karma for US$7 billion.

There is a potentially significant business opportunity for Intuit if it completes a deal. For example, Intuit could try to match all the tax data its TurboTax customers provide with the credit-scoring data that Credit Karma holds.

That could let Intuit serve up better customer prospects to credit card issuers — and eventually let Intuit charge lenders more for access to its hoard of data.

Link

These Tiny Chips Could Help Stop Counterfeits

Andrew Orr ·

MIT researchers created tiny (0.002 square inches) chips that could help combat supply chain counterfeiting.

It’s millimeter-sized and runs on relatively low levels of power supplied by photovoltaic diodes. It also transmits data at far ranges, using a power-free “backscatter” technique that operates at a frequency hundreds of times higher than RFIDs. Algorithm optimization techniques also enable the chip to run a popular cryptography scheme that guarantees secure communications using extremely low energy.

Sounds interesting. I wonder if these could be used for more than counterfeits.

Featured Image credit: MIT News

Link

SlickWraps Was Hacked, But Hasn’t Done Anything About It

Andrew Orr ·

SlickWraps makes skins for iPhones and Androids. It was recently hacked, but fortunately by a white hat hacker without malicious intentions. The story behind it is fascinating, especially because the company has blocked him and so far has failed to do anything about it.

To say I went to great lengths to treat SlickWraps equitably would be an understatement. Candidly, after the staggering number of primitive security flaws exhibited by their administrators (e.g. the vulnerability to Dirty COW, an exploit which was patched in 2016), I question whether they deserved the leniency I am about to describe.

Update: Other people are hacking the company too. One of them sent emails to SlickWraps customers, telling them to tweet and email the company, which responded to the incident on Twitter.

Link

Google Search Reveals Private WhatsApp Groups

Andrew Orr ·

Google indexes links to WhatsApp group invites that may be private, meaning people can find and join them.

Motherboard used a number of specific Google searches to find invite links to WhatsApp groups. Some of the groups appear to not be overly sensitive or for a particular audience. Many of the links on Google lead to groups for sharing porn.

But others appear to be catered to specific groups. Motherboard entered one WhatsApp group chat that described itself as being for NGOs accredited by the United Nations. After joining, Motherboard was able to see a list of all 48 participants and their phone numbers.